[Glibc-bsd-commits] r5371 - in branches/wheezy/kfreebsd-9/debian: . patches

Tue Jan 21 11:27:26 UTC 2014

Author: rmh
Date: 2014-01-21 11:27:26 +0000 (Tue, 21 Jan 2014)
New Revision: 5371

Added:
   branches/wheezy/kfreebsd-9/debian/patches/disable_via_rng.diff
Modified:
   branches/wheezy/kfreebsd-9/debian/changelog
   branches/wheezy/kfreebsd-9/debian/patches/series
Log:
Disable VIA hardware RNG by default. Use hw.nehemiah_rng_enable sysctl to re-enable (but read about the security implications first). (Closes: #735448)

Modified: branches/wheezy/kfreebsd-9/debian/changelog
===================================================================

--- branches/wheezy/kfreebsd-9/debian/changelog	2014-01-21 10:47:25 UTC (rev 5370)
+++ branches/wheezy/kfreebsd-9/debian/changelog	2014-01-21 11:27:26 UTC (rev 5371)
@@ -1,3 +1,11 @@
+kfreebsd-9 (9.0-10+deb70.6) UNRELEASED; urgency=low
+
+  * Disable VIA hardware RNG by default. Use hw.nehemiah_rng_enable
+    sysctl to re-enable (but read about the security implications
+    first). (Closes: #735448)
+
+ -- Robert Millan <rmh at debian.org>  Tue, 21 Jan 2014 12:26:33 +0100
+
 kfreebsd-9 (9.0-10+deb70.5) stable; urgency=low
 
   * Disable 101_nullfs_vsock.diff.  (Closes: #718888)

Added: branches/wheezy/kfreebsd-9/debian/patches/disable_via_rng.diff
===================================================================
--- branches/wheezy/kfreebsd-9/debian/patches/disable_via_rng.diff	                        (rev 0)
+++ branches/wheezy/kfreebsd-9/debian/patches/disable_via_rng.diff	2014-01-21 11:27:26 UTC (rev 5371)
@@ -0,0 +1,19 @@
+
+Loosely based on r260644
+
+--- a/sys/dev/random/probe.c
++++ b/sys/dev/random/probe.c
+@@ -57,7 +57,12 @@
+ 	/* Then go looking for hardware */
+ #if defined(__i386__) && !defined(PC98)
+ 	if (via_feature_rng & VIA_HAS_RNG) {
+-		*systat = random_nehemiah;
++		int enable;
++
++		enable = 0;
++		TUNABLE_INT_FETCH("hw.nehemiah_rng_enable", &enable);
++		if (enable)
++			*systat = random_nehemiah;
+ 	}
+ #endif
+ }

Modified: branches/wheezy/kfreebsd-9/debian/patches/series
===================================================================
--- branches/wheezy/kfreebsd-9/debian/patches/series	2014-01-21 10:47:25 UTC (rev 5370)
+++ branches/wheezy/kfreebsd-9/debian/patches/series	2014-01-21 11:27:26 UTC (rev 5371)
@@ -15,6 +15,7 @@
 SA-13_10.sctp.patch
 SA-13_12.ifioctl.diff
 SA-13_13.nullfs.diff
+disable_via_rng.diff
 
 # Other patches that might or might not be mergeable
 001_misc.diff


