summaryrefslogtreecommitdiff
path: root/sys-apps/systemd
diff options
context:
space:
mode:
authorV3n3RiX <venerix@koprulu.sector>2022-07-19 20:39:44 +0100
committerV3n3RiX <venerix@koprulu.sector>2022-07-19 20:39:44 +0100
commit54eca75a4e3e380e1d386f4d235baeb7d4ff332e (patch)
tree5f59a3e7b9069e5ab5ae4c5b46184560dc318692 /sys-apps/systemd
parentfc7e841956ae3cc385629bf33433de23a6d04db6 (diff)
gentoo auto-resync : 19:07:2022 - 20:39:44
Diffstat (limited to 'sys-apps/systemd')
-rw-r--r--sys-apps/systemd/Manifest1
-rw-r--r--sys-apps/systemd/files/250.4-random-seed-hash.patch74
2 files changed, 0 insertions, 75 deletions
diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest
index c674c0624824..67b5a761de0b 100644
--- a/sys-apps/systemd/Manifest
+++ b/sys-apps/systemd/Manifest
@@ -1,5 +1,4 @@
AUX 00-hostnamed-network-user.conf 227 BLAKE2B 0cc780a2ea9f31f08be01184704e4fa8b4b95e4c82b7e2dd4127f82c594a5cd7c8f865a83ae5f1284e58a7fd120ee9a9f4f586b7e479d21f1e8adf26e8e61238 SHA512 97e8decd802de8581fb546e3a714376fbd065108f3edfed54a1036d93df02f9947c358aec9aa4841a766c9120fa20c69eb7867bb4d2bd7339d8bd89c43235b2b
-AUX 250.4-random-seed-hash.patch 3300 BLAKE2B 3a952e18ebc8075853943e57730b2f9cf0ac31e2161fce992d11df483a57fc777b74b212c243260ddb6255b2bfe6ac64ba4abfedd236d2cae5e18150e2e3d859 SHA512 4ade52e055d6ccd252221354125e3155c9398452a470b45dc15967fd354d94f4ef94437626c6063762c1c83243d65ec57b0b8d326b769514dbd76f2644925b39
AUX 251-format-string.patch 1038 BLAKE2B 2b7400516fd93bdaa887e6203b44e656ccc27ddd963264c2ae1a360c5899cbd42417e66f72fb8c02366a64371257d782d9c34e5288b17e357edebdb55da939c8 SHA512 d300bdcad16485a92c80df575c403fabbdcd4e8c71251e56147b0d85c2a2e8d271eb055b5f188a184cb652c22ce428176355f322e679b88bb8db90610e63c1a4
AUX 251-revert-fortify-source-3-fix.patch 2059 BLAKE2B 5b34062821f2097fc622ffc66d83029267173b2b4131b29d9339644577b7e80c513c83f62d07ba3e030c2a861efe7d399bd871cc35803b39940f7ec0e7bacfec SHA512 14c5ac8d0343a4cb50de6c56124e515b159cf5f9bf358404ba41ec7a9c439206673e0d44888164ff3872236c7b8c74f5ea9544ea7a981a3b5930585dabcd4782
AUX gentoo-generator-path-r2.patch 994 BLAKE2B 2bfb42623221291030fa9f7310e9bf747351a26f6ffd842628298787b74d4ec562bacaa9fc5365f7e854f695dab5f74bc06883fefc1f210dce4fd415926817ac SHA512 98054222ea232e120625573b6a532c312eccc02fe657152610b7d056b964bb2165fffae9d17fd986cf547af885d44c26b117fe68df5b24e2607d37f3729d0ada
diff --git a/sys-apps/systemd/files/250.4-random-seed-hash.patch b/sys-apps/systemd/files/250.4-random-seed-hash.patch
deleted file mode 100644
index efaa8cdfcaac..000000000000
--- a/sys-apps/systemd/files/250.4-random-seed-hash.patch
+++ /dev/null
@@ -1,74 +0,0 @@
-https://github.com/systemd/systemd-stable/commit/ed46ff2bd6ca21d83cae4a94c3ed752ad1b64cce
-
-From: "Jason A. Donenfeld" <Jason@zx2c4.com>
-Date: Mon, 3 Jan 2022 18:11:32 +0100
-Subject: [PATCH] random-seed: hash together old seed and new seed before
- writing out file
-
-If we're consuming an on-disk seed, we usually write out a new one after
-consuming it. In that case, we might be at early boot and the randomness
-could be rather poor, and the kernel doesn't guarantee that it'll use
-the new randomness right away for us. In order to prevent the new
-entropy from getting any worse, hash together the old seed and the new
-seed, and replace the final bytes of the new seed with the hash output.
-This way, entropy strictly increases and never regresses.
-
-(cherry picked from commit da2862ef06f22fc8d31dafced6d2d6dc14f2ee0b)
---- a/src/random-seed/random-seed.c
-+++ b/src/random-seed/random-seed.c
-@@ -26,6 +26,7 @@
- #include "random-util.h"
- #include "string-util.h"
- #include "sync-util.h"
-+#include "sha256.h"
- #include "util.h"
- #include "xattr-util.h"
-
-@@ -106,9 +107,11 @@ static int run(int argc, char *argv[]) {
- _cleanup_close_ int seed_fd = -1, random_fd = -1;
- bool read_seed_file, write_seed_file, synchronous;
- _cleanup_free_ void* buf = NULL;
-+ struct sha256_ctx hash_state;
-+ uint8_t hash[32];
- size_t buf_size;
- struct stat st;
-- ssize_t k;
-+ ssize_t k, l;
- int r;
-
- log_setup();
-@@ -242,6 +245,16 @@ static int run(int argc, char *argv[]) {
- if (r < 0)
- log_error_errno(r, "Failed to write seed to /dev/urandom: %m");
- }
-+ /* If we're going to later write out a seed file, initialize a hash state with
-+ * the contents of the seed file we just read, so that the new one can't regress
-+ * in entropy. */
-+ if (write_seed_file) {
-+ sha256_init_ctx(&hash_state);
-+ if (k < 0)
-+ k = 0;
-+ sha256_process_bytes(&k, sizeof(k), &hash_state);
-+ sha256_process_bytes(buf, k, &hash_state);
-+ }
- }
-
- if (write_seed_file) {
-@@ -277,6 +290,17 @@ static int run(int argc, char *argv[]) {
- "Got EOF while reading from /dev/urandom.");
- }
-
-+ /* If we previously read in a seed file, then hash the new seed into the old one,
-+ * and replace the last 32 bytes of the seed with the hash output, so that the
-+ * new seed file can't regress in entropy. */
-+ if (read_seed_file) {
-+ sha256_process_bytes(&k, sizeof(k), &hash_state);
-+ sha256_process_bytes(buf, k, &hash_state);
-+ sha256_finish_ctx(&hash_state, hash);
-+ l = MIN(k, 32);
-+ memcpy((uint8_t *)buf + k - l, hash, l);
-+ }
-+
- r = loop_write(seed_fd, buf, (size_t) k, false);
- if (r < 0)
- return log_error_errno(r, "Failed to write new random seed file: %m");