rpms/nss/devel nss-unix_rand.patch,NONE,1.1 nss.spec,1.31,1.32

Mon Dec 3 21:20:04 UTC 2007

Author: kengert

Update of /cvs/extras/rpms/nss/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28102

Modified Files:
	nss.spec 
Added Files:
	nss-unix_rand.patch 
Log Message:
* Mon Dec 03 2007 Kai Engert <kengert at redhat.com> - 3.11.99.2-2
- upstream patches to avoid calling netstat for random data


nss-unix_rand.patch:

--- NEW FILE nss-unix_rand.patch ---
Index: mozilla/security/nss/lib/freebl/unix_rand.c
===================================================================
RCS file: /cvsroot/mozilla/security/nss/lib/freebl/unix_rand.c,v
retrieving revision 1.25
retrieving revision 1.28
diff -u -r1.25 -r1.28
--- mozilla/security/nss/lib/freebl/unix_rand.c	25 Jul 2007 22:54:35 -0000	1.25
+++ mozilla/security/nss/lib/freebl/unix_rand.c	3 Dec 2007 21:07:01 -0000	1.28
@@ -866,7 +866,8 @@
     /* if the child hasn't exited, kill it -- we're done with its output */
     while ((rv = waitpid(pid, &status, WNOHANG)) == -1 && errno == EINTR)
 	;
-    if (rv == 0 && kill(pid, SIGKILL) == 0) {
+    if (rv == 0) {
+	kill(pid, SIGKILL);
 	while ((rv = waitpid(pid, &status, 0)) == -1 && errno == EINTR)
 	    ;
     }
@@ -921,15 +922,6 @@
     };
 #endif
 
-#ifdef DO_PS
-For now it is considered that it is too expensive to run the ps command
-for the small amount of entropy it provides.
-#if defined(__sun) && (!defined(__svr4) && !defined(SVR4)) || defined(bsdi) || defined(LINUX)
-    static char ps_cmd[] = "ps aux";
-#else
-    static char ps_cmd[] = "ps -el";
-#endif
-#endif /* DO_PS */
 #if defined(BSDI)
     static char netstat_ni_cmd[] = "netstat -nis";
 #else
@@ -980,9 +972,12 @@
  * in a pthreads environment.  Therefore, we call safe_popen last and on
  * BSD/OS we do not call safe_popen when we succeeded in getting data
  * from /dev/urandom.
+ *
+ * Bug 174993: LINUX provides /dev/urandom, don't fork netstat
+ * if data has been gathered successfully
  */
 
-#ifdef BSDI
+#if defined(BSDI) || defined(LINUX)
     if (bytes)
         return;
 #endif
@@ -1010,15 +1005,6 @@
     }
 #endif
 
-#ifdef DO_PS
-    fp = safe_popen(ps_cmd);
-    if (fp != NULL) {
-	while ((bytes = fread(buf, 1, sizeof(buf), fp)) > 0)
-	    RNG_RandomUpdate(buf, bytes);
-	safe_pclose(fp);
-    }
-#endif
-
 #ifdef DO_NETSTAT
     fp = safe_popen(netstat_ni_cmd);
     if (fp != NULL) {


Index: nss.spec
===================================================================
RCS file: /cvs/extras/rpms/nss/devel/nss.spec,v
retrieving revision 1.31
retrieving revision 1.32
diff -u -r1.31 -r1.32
--- nss.spec	7 Nov 2007 00:37:19 -0000	1.31
+++ nss.spec	3 Dec 2007 21:19:26 -0000	1.32
@@ -4,7 +4,7 @@
 Summary:          Network Security Services
 Name:             nss
 Version:          3.11.99.2
-Release:          1%{?dist}
+Release:          2%{?dist}
 License:          MPLv1.1 or GPLv2+ or LGPLv2+
 URL:              http://www.mozilla.org/projects/security/pki/nss/
 Group:            System Environment/Libraries
@@ -30,6 +30,7 @@
 
 Patch1:           nss-no-rpath.patch
 Patch2:           nss-nolocalsql.patch
+Patch3:           nss-unix_rand.patch
 Patch6:           nss-enable-pem.patch
 Patch7:           nss-create-obj.patch
 
@@ -86,6 +87,7 @@
 
 %patch1 -p0
 %patch2 -p0
+%patch3 -p0
 %patch6 -p0 -b .libpem
 %patch7 -p0 -b .create-obj
 
@@ -386,6 +388,9 @@
 
 
 %changelog
+* Mon Dec 03 2007 Kai Engert <kengert at redhat.com> - 3.11.99.2-2
+- upstream patches to avoid calling netstat for random data
+
 * Wed Nov 07 2007 Kai Engert <kengert at redhat.com> - 3.11.99.2-1
 - NSS 3.12 alpha 2
 


