[Glibc-bsd-commits] r5404 - in branches/wheezy/kfreebsd-8/debian: . patches
stevenc-guest at alioth.debian.org
stevenc-guest at alioth.debian.org
Fri Jan 31 03:16:42 UTC 2014
Author: stevenc-guest
Date: 2014-01-31 03:16:42 +0000 (Fri, 31 Jan 2014)
New Revision: 5404
Added:
branches/wheezy/kfreebsd-8/debian/patches/disable_via_rng.diff
Modified:
branches/wheezy/kfreebsd-8/debian/changelog
branches/wheezy/kfreebsd-8/debian/patches/series
Log:
Disable VIA hardware RNG by default. Use hw.nehemiah_rng_enable
sysctl to re-enable (but read about the security implications
first). (Closes: #735448)
Modified: branches/wheezy/kfreebsd-8/debian/changelog
===================================================================
--- branches/wheezy/kfreebsd-8/debian/changelog 2014-01-31 03:00:17 UTC (rev 5403)
+++ branches/wheezy/kfreebsd-8/debian/changelog 2014-01-31 03:16:42 UTC (rev 5404)
@@ -11,6 +11,9 @@
(Closes: #737181)
* Apply upstream SA-13_13.nullfs patch (CVE-2013-5710).
(Closes: #737182)
+ * Disable VIA hardware RNG by default. Use hw.nehemiah_rng_enable
+ sysctl to re-enable (but read about the security implications
+ first). (Closes: #735448)
-- Steven Chamberlain <steven at pyro.eu.org> Fri, 31 Jan 2014 02:58:14 +0000
Added: branches/wheezy/kfreebsd-8/debian/patches/disable_via_rng.diff
===================================================================
--- branches/wheezy/kfreebsd-8/debian/patches/disable_via_rng.diff (rev 0)
+++ branches/wheezy/kfreebsd-8/debian/patches/disable_via_rng.diff 2014-01-31 03:16:42 UTC (rev 5404)
@@ -0,0 +1,34 @@
+Description:
+ Disable VIA hardware RNG by default due to unsafe usage. Implement a
+ loader tunable allowing to turn it back on.
+ .
+ Minimal patch based on upstream SVN r240950 and r260644
+Origin: backport, commit:240950, commit:260644
+Forwarded: not-needed
+Bug-Debian: http://bugs.debian.org/735448
+
+--- kfreebsd-8-8.3.orig/sys/dev/random/probe.c
++++ kfreebsd-8-8.3/sys/dev/random/probe.c
+@@ -30,6 +30,8 @@
+
+ #include <sys/types.h>
+ #include <sys/param.h>
++#include <sys/systm.h>
++#include <sys/kernel.h>
+ #include <sys/malloc.h>
+ #include <sys/random.h>
+ #include <sys/selinfo.h>
+@@ -57,7 +59,12 @@
+ /* Then go looking for hardware */
+ #if defined(__i386__) && !defined(PC98)
+ if (via_feature_rng & VIA_HAS_RNG) {
+- *systat = random_nehemiah;
++ int enable;
++
++ enable = 0;
++ TUNABLE_INT_FETCH("hw.nehemiah_rng_enable", &enable);
++ if (enable)
++ *systat = random_nehemiah;
+ }
+ #endif
+ }
Modified: branches/wheezy/kfreebsd-8/debian/patches/series
===================================================================
--- branches/wheezy/kfreebsd-8/debian/patches/series 2014-01-31 03:00:17 UTC (rev 5403)
+++ branches/wheezy/kfreebsd-8/debian/patches/series 2014-01-31 03:16:42 UTC (rev 5404)
@@ -17,6 +17,7 @@
SA-13_10.sctp.diff
SA-13_12.ifioctl.diff
SA-13_13.nullfs.diff
+disable_via_rng.diff
# Other patches that might or might not be mergeable
001_misc.diff
More information about the Glibc-bsd-commits
mailing list