Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package haveged for openSUSE:Factory checked in at 2026-05-21 18:24:56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/haveged (Old) and /work/SRC/openSUSE:Factory/.haveged.new.2084 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "haveged" Thu May 21 18:24:56 2026 rev:69 rq:1354037 version:1.9.21 Changes: -------- --- /work/SRC/openSUSE:Factory/haveged/haveged.changes 2026-05-05 15:14:45.113648997 +0200 +++ /work/SRC/openSUSE:Factory/.haveged.new.2084/haveged.changes 2026-05-21 18:25:01.000837611 +0200 @@ -1,0 +2,12 @@ +Tue May 19 13:05:16 UTC 2026 - Dirk Müller <[email protected]> + +- update to 1.9.21 (bsc#1264086, CVE-2026-41054): + * Fix privilege escalation via command socket (CVE-2026-41054) + * Check peer credentials before reading command + (CVE-2026-41054) + * Handle failing opening of semaphore [Werner Fink] + * Fix /dev/shm permissions to use sticky bit [Dirk Müller] + * Use chmod after mkdir to ensure correct /dev/shm permissions + * Update libtool: add lib64 search paths, remove dead code + +------------------------------------------------------------------- Old: ---- haveged-1.9.20.tar.gz New: ---- haveged-1.9.21.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ haveged.spec ++++++ --- /var/tmp/diff_new_pack.T4XY1a/_old 2026-05-21 18:25:01.740868005 +0200 +++ /var/tmp/diff_new_pack.T4XY1a/_new 2026-05-21 18:25:01.744868168 +0200 @@ -18,7 +18,7 @@ %{!?_udevrulesdir: %global _udevrulesdir %(pkg-config --variable=udevdir udev)/rules.d } Name: haveged -Version: 1.9.20 +Version: 1.9.21 Release: 0 Summary: Daemon for feeding entropy into the random pool License: GPL-3.0-only ++++++ haveged-1.9.20.tar.gz -> haveged-1.9.21.tar.gz ++++++ ++++ 11452 lines of diff (skipped) ++++ retrying with extended exclude list diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/haveged-1.9.20/ChangeLog new/haveged-1.9.21/ChangeLog --- old/haveged-1.9.20/ChangeLog 2026-04-29 22:46:55.000000000 +0200 +++ new/haveged-1.9.21/ChangeLog 2026-05-13 23:28:14.000000000 +0200 @@ -1,5 +1,14 @@ +v1.9.21 (May 14, 2026) [Jirka Hladky] +* Fix privilege escalation via command socket (CVE-2026-41054) +* Check peer credentials before reading command (CVE-2026-41054) +* Handle failing opening of semaphore [Werner Fink] +* Fix /dev/shm permissions to use sticky bit [Dirk Müller] +* Use chmod after mkdir to ensure correct /dev/shm permissions +* Update libtool: add lib64 search paths, remove dead code + v1.9.20 (Apr 29, 2026) [Jirka Hladky] * Only warn when creating of named semaphore fails +* Creating /dev/shm if its not existing, otherwise haveged fails to start * Fixed several typos v1.9.19 (Oct 02, 2024) [Jirka Hladky] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/haveged-1.9.20/config/compile new/haveged-1.9.21/config/compile --- old/haveged-1.9.20/config/compile 2026-04-29 22:46:55.000000000 +0200 +++ new/haveged-1.9.21/config/compile 2026-05-13 23:28:14.000000000 +0200 @@ -1,9 +1,9 @@ #! /bin/sh # Wrapper for compilers which do not understand '-c -o'. -scriptversion=2018-03-07.03; # UTC +scriptversion=2024-06-19.01; # UTC -# Copyright (C) 1999-2021 Free Software Foundation, Inc. +# Copyright (C) 1999-2024 Free Software Foundation, Inc. # Written by Tom Tromey <[email protected]>. # # This program is free software; you can redistribute it and/or modify @@ -143,7 +143,7 @@ # configure might choose to run compile as 'compile cc -o foo foo.c'. eat=1 case $2 in - *.o | *.[oO][bB][jJ]) + *.o | *.lo | *.[oO][bB][jJ]) func_file_conv "$2" set x "$@" -Fo"$file" shift @@ -248,14 +248,17 @@ right script to run: please start by reading the file 'INSTALL'. Report bugs to <[email protected]>. +GNU Automake home page: <https://www.gnu.org/software/automake/>. +General help using GNU software: <https://www.gnu.org/gethelp/>. EOF exit $? ;; -v | --v*) - echo "compile $scriptversion" + echo "compile (GNU Automake) $scriptversion" exit $? ;; cl | *[/\\]cl | cl.exe | *[/\\]cl.exe | \ + clang-cl | *[/\\]clang-cl | clang-cl.exe | *[/\\]clang-cl.exe | \ icl | *[/\\]icl | icl.exe | *[/\\]icl.exe ) func_cl_wrapper "$@" # Doesn't return... ;; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/haveged-1.9.20/config/missing new/haveged-1.9.21/config/missing --- old/haveged-1.9.20/config/missing 2026-04-29 22:46:55.000000000 +0200 +++ new/haveged-1.9.21/config/missing 2026-05-13 23:28:14.000000000 +0200 @@ -1,9 +1,11 @@ #! /bin/sh -# Common wrapper for a few potentially missing GNU programs. +# Common wrapper for a few potentially missing GNU and other programs. -scriptversion=2018-03-07.03; # UTC +scriptversion=2024-06-07.14; # UTC -# Copyright (C) 1996-2021 Free Software Foundation, Inc. +# shellcheck disable=SC2006,SC2268 # we must support pre-POSIX shells + +# Copyright (C) 1996-2024 Free Software Foundation, Inc. # Originally written by Fran,cois Pinard <[email protected]>, 1996. # This program is free software; you can redistribute it and/or modify @@ -54,18 +56,20 @@ -v, --version output version information and exit Supported PROGRAM values: - aclocal autoconf autoheader autom4te automake makeinfo - bison yacc flex lex help2man +aclocal autoconf autogen autoheader autom4te automake autoreconf +bison flex help2man lex makeinfo perl yacc Version suffixes to PROGRAM as well as the prefixes 'gnu-', 'gnu', and 'g' are ignored when checking the name. -Send bug reports to <[email protected]>." +Report bugs to <[email protected]>. +GNU Automake home page: <https://www.gnu.org/software/automake/>. +General help using GNU software: <https://www.gnu.org/gethelp/>." exit $? ;; -v|--v|--ve|--ver|--vers|--versi|--versio|--version) - echo "missing $scriptversion (GNU Automake)" + echo "missing (GNU Automake) $scriptversion" exit $? ;; @@ -108,7 +112,7 @@ program_details () { case $1 in - aclocal|automake) + aclocal|automake|autoreconf) echo "The '$1' program is part of the GNU Automake package:" echo "<$gnu_software_URL/automake>" echo "It also requires GNU Autoconf, GNU m4 and Perl in order to run:" @@ -123,6 +127,9 @@ echo "<$gnu_software_URL/m4/>" echo "<$perl_URL>" ;; + *) + : + ;; esac } @@ -137,48 +144,55 @@ printf '%s\n' "'$1' is $msg." configure_deps="'configure.ac' or m4 files included by 'configure.ac'" + autoheader_deps="'acconfig.h'" + automake_deps="'Makefile.am'" + aclocal_deps="'acinclude.m4'" case $normalized_program in + aclocal*) + echo "You should only need it if you modified $aclocal_deps or" + echo "$configure_deps." + ;; autoconf*) - echo "You should only need it if you modified 'configure.ac'," - echo "or m4 files included by it." - program_details 'autoconf' + echo "You should only need it if you modified $configure_deps." + ;; + autogen*) + echo "You should only need it if you modified a '.def' or '.tpl' file." + echo "You may want to install the GNU AutoGen package:" + echo "<$gnu_software_URL/autogen/>" ;; autoheader*) - echo "You should only need it if you modified 'acconfig.h' or" + echo "You should only need it if you modified $autoheader_deps or" echo "$configure_deps." - program_details 'autoheader' ;; automake*) - echo "You should only need it if you modified 'Makefile.am' or" - echo "$configure_deps." - program_details 'automake' - ;; - aclocal*) - echo "You should only need it if you modified 'acinclude.m4' or" + echo "You should only need it if you modified $automake_deps or" echo "$configure_deps." - program_details 'aclocal' ;; - autom4te*) + autom4te*) echo "You might have modified some maintainer files that require" echo "the 'autom4te' program to be rebuilt." - program_details 'autom4te' + ;; + autoreconf*) + echo "You should only need it if you modified $aclocal_deps or" + echo "$automake_deps or $autoheader_deps or $automake_deps or" + echo "$configure_deps." ;; bison*|yacc*) echo "You should only need it if you modified a '.y' file." echo "You may want to install the GNU Bison package:" echo "<$gnu_software_URL/bison/>" ;; - lex*|flex*) - echo "You should only need it if you modified a '.l' file." - echo "You may want to install the Fast Lexical Analyzer package:" - echo "<$flex_URL>" - ;; help2man*) echo "You should only need it if you modified a dependency" \ "of a man page." echo "You may want to install the GNU Help2man package:" echo "<$gnu_software_URL/help2man/>" ;; + lex*|flex*) + echo "You should only need it if you modified a '.l' file." + echo "You may want to install the Fast Lexical Analyzer package:" + echo "<$flex_URL>" + ;; makeinfo*) echo "You should only need it if you modified a '.texi' file, or" echo "any other file indirectly affecting the aspect of the manual." @@ -189,6 +203,12 @@ echo "want to install GNU make:" echo "<$gnu_software_URL/make/>" ;; + perl*) + echo "You should only need it to run GNU Autoconf, GNU Automake, " + echo " assorted other tools, or if you modified a Perl source file." + echo "You may want to install the Perl 5 language interpreter:" + echo "<$perl_URL>" + ;; *) echo "You might have modified some files without having the proper" echo "tools for further handling them. Check the 'README' file, it" @@ -197,6 +217,7 @@ echo "case some other package contains this missing '$1' program." ;; esac + program_details "$normalized_program" } give_advice "$1" | sed -e '1s/^/WARNING: /' \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/haveged-1.9.20/config.h.in new/haveged-1.9.21/config.h.in --- old/haveged-1.9.20/config.h.in 2026-04-29 22:46:55.000000000 +0200 +++ new/haveged-1.9.21/config.h.in 2026-05-13 23:28:14.000000000 +0200 @@ -6,16 +6,16 @@ /* Library version */ #undef HAVEGE_LIB_VERSION -/* Define to 1 if you have the `accept' function. */ +/* Define to 1 if you have the 'accept' function. */ #undef HAVE_ACCEPT -/* Define to 1 if you have the `accept4' function. */ +/* Define to 1 if you have the 'accept4' function. */ #undef HAVE_ACCEPT4 -/* Define to 1 if you have the `bind' function. */ +/* Define to 1 if you have the 'bind' function. */ #undef HAVE_BIND -/* Define to 1 if you have the `connect' function. */ +/* Define to 1 if you have the 'connect' function. */ #undef HAVE_CONNECT /* Define to 1 if you have the <cpuid.h> header file. */ @@ -24,22 +24,22 @@ /* Define to 1 if you have the <dlfcn.h> header file. */ #undef HAVE_DLFCN_H -/* Define to 1 if you have the `execv' function. */ +/* Define to 1 if you have the 'execv' function. */ #undef HAVE_EXECV /* Define to 1 if you have the <fcntl.h> header file. */ #undef HAVE_FCNTL_H -/* Define to 1 if you have the `floor' function. */ +/* Define to 1 if you have the 'floor' function. */ #undef HAVE_FLOOR -/* Define to 1 if you have the `getauxval' function. */ +/* Define to 1 if you have the 'getauxval' function. */ #undef HAVE_GETAUXVAL -/* Define to 1 if you have the `getsockopt' function. */ +/* Define to 1 if you have the 'getsockopt' function. */ #undef HAVE_GETSOCKOPT -/* Define to 1 if you have the `gettimeofday' function. */ +/* Define to 1 if you have the 'gettimeofday' function. */ #undef HAVE_GETTIMEOFDAY /* Define to 1 if you have the <inttypes.h> header file. */ @@ -72,46 +72,46 @@ /* Define to 1 if you have the <linux/random.h> header file. */ #undef HAVE_LINUX_RANDOM_H -/* Define to 1 if you have the `listen' function. */ +/* Define to 1 if you have the 'listen' function. */ #undef HAVE_LISTEN -/* Define to 1 if you have the `memset' function. */ +/* Define to 1 if you have the 'memset' function. */ #undef HAVE_MEMSET /* Define to 1 if you have the <minix/config.h> header file. */ #undef HAVE_MINIX_CONFIG_H -/* Define to 1 if you have the `pow' function. */ +/* Define to 1 if you have the 'pow' function. */ #undef HAVE_POW -/* Define to 1 if you have the `pselect' function. */ +/* Define to 1 if you have the 'pselect' function. */ #undef HAVE_PSELECT -/* Define to 1 if you have the `recv' function. */ +/* Define to 1 if you have the 'recv' function. */ #undef HAVE_RECV /* Define to 1 if you have the <sched.h> header file. */ #undef HAVE_SCHED_H -/* Define to 1 if you have the `sched_yield' function. */ +/* Define to 1 if you have the 'sched_yield' function. */ #undef HAVE_SCHED_YIELD -/* Define to 1 if you have the `select' function. */ +/* Define to 1 if you have the 'select' function. */ #undef HAVE_SELECT /* Define to 1 if you have the <semaphore.h> header file. */ #undef HAVE_SEMAPHORE_H -/* Define to 1 if you have the `send' function. */ +/* Define to 1 if you have the 'send' function. */ #undef HAVE_SEND -/* Define to 1 if you have the `setsockopt' function. */ +/* Define to 1 if you have the 'setsockopt' function. */ #undef HAVE_SETSOCKOPT -/* Define to 1 if you have the `socket' function. */ +/* Define to 1 if you have the 'socket' function. */ #undef HAVE_SOCKET -/* Define to 1 if you have the `sqrt' function. */ +/* Define to 1 if you have the 'sqrt' function. */ #undef HAVE_SQRT /* Define to 1 if you have the <stdarg.h> header file. */ @@ -174,10 +174,10 @@ /* Define to 1 if you have the <time.h> header file. */ #undef HAVE_TIME_H -/* Define to 1 if the system has the type `uint32_t'. */ +/* Define to 1 if the system has the type 'uint32_t'. */ #undef HAVE_UINT32_T -/* Define to 1 if the system has the type `uint8_t'. */ +/* Define to 1 if the system has the type 'uint8_t'. */ #undef HAVE_UINT8_T /* Define to 1 if you have the <unistd.h> header file. */ @@ -189,7 +189,7 @@ /* Define to 1 if you have the <x86intrin.h> header file. */ #undef HAVE_X86INTRIN_H -/* Define to 1 if you have the `__rdtsc' function. */ +/* Define to 1 if you have the '__rdtsc' function. */ #undef HAVE___RDTSC /* Define to the sub-directory where libtool stores uninstalled libraries. */ @@ -228,19 +228,19 @@ /* Define to 1 for capture diagnostic */ #undef RAW_OUT_ENABLE -/* Define as the return type of signal handlers (`int' or `void'). */ +/* Define as the return type of signal handlers ('int' or 'void'). */ #undef RETSIGTYPE -/* Define to the type of arg 1 for `select'. */ +/* Define to the type of arg 1 for 'select'. */ #undef SELECT_TYPE_ARG1 -/* Define to the type of args 2, 3 and 4 for `select'. */ +/* Define to the type of args 2, 3 and 4 for 'select'. */ #undef SELECT_TYPE_ARG234 -/* Define to the type of arg 5 for `select'. */ +/* Define to the type of arg 5 for 'select'. */ #undef SELECT_TYPE_ARG5 -/* Define to 1 if all of the C90 standard headers exist (not just the ones +/* Define to 1 if all of the C89 standard headers exist (not just the ones required in a freestanding environment). This macro is provided for backward compatibility; new code need not use it. */ #undef STDC_HEADERS @@ -252,10 +252,10 @@ /* Define to 1 to tune with host cpuid */ #undef TUNING_CPUID_ENABLE -/* Define to 1 to tune wiht host vfs */ +/* Define to 1 to tune with host vfs */ #undef TUNING_VFS_ENABLE -/* Enable extensions on AIX 3, Interix. */ +/* Enable extensions on AIX, Interix, z/OS. */ #ifndef _ALL_SOURCE # undef _ALL_SOURCE #endif @@ -316,11 +316,15 @@ #ifndef __STDC_WANT_IEC_60559_DFP_EXT__ # undef __STDC_WANT_IEC_60559_DFP_EXT__ #endif +/* Enable extensions specified by C23 Annex F. */ +#ifndef __STDC_WANT_IEC_60559_EXT__ +# undef __STDC_WANT_IEC_60559_EXT__ +#endif /* Enable extensions specified by ISO/IEC TS 18661-4:2015. */ #ifndef __STDC_WANT_IEC_60559_FUNCS_EXT__ # undef __STDC_WANT_IEC_60559_FUNCS_EXT__ #endif -/* Enable extensions specified by ISO/IEC TS 18661-3:2015. */ +/* Enable extensions specified by C23 Annex H and ISO/IEC TS 18661-3:2015. */ #ifndef __STDC_WANT_IEC_60559_TYPES_EXT__ # undef __STDC_WANT_IEC_60559_TYPES_EXT__ #endif @@ -346,5 +350,5 @@ /* Version number of package */ #undef VERSION -/* Define to empty if `const' does not conform to ANSI C. */ +/* Define to empty if 'const' does not conform to ANSI C. */ #undef const diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/haveged-1.9.20/configure.ac new/haveged-1.9.21/configure.ac --- old/haveged-1.9.20/configure.ac 2026-04-29 22:46:55.000000000 +0200 +++ new/haveged-1.9.21/configure.ac 2026-05-13 23:28:14.000000000 +0200 @@ -3,7 +3,7 @@ ## Minimum Autoconf version AC_PREREQ([2.59]) -AC_INIT([haveged],[1.9.20]) +AC_INIT([haveged],[1.9.21]) AC_CONFIG_AUX_DIR(config) AC_USE_SYSTEM_EXTENSIONS AC_CONFIG_HEADER([config.h]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/haveged-1.9.20/src/havege.h new/haveged-1.9.21/src/havege.h --- old/haveged-1.9.20/src/havege.h 2026-04-29 22:46:55.000000000 +0200 +++ new/haveged-1.9.21/src/havege.h 2026-05-13 23:28:14.000000000 +0200 @@ -31,7 +31,7 @@ * header/package version as a numeric major, minor, patch triple. See havege_version() * below for usage. */ -#define HAVEGE_PREP_VERSION "1.9.20" +#define HAVEGE_PREP_VERSION "1.9.21" /** * Basic types */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/haveged-1.9.20/src/havegecmd.c new/haveged-1.9.21/src/havegecmd.c --- old/haveged-1.9.20/src/havegecmd.c 2026-04-29 22:46:55.000000000 +0200 +++ new/haveged-1.9.21/src/havegecmd.c 2026-05-13 23:28:14.000000000 +0200 @@ -97,7 +97,9 @@ strerror(errno)); goto err; } - sem_close(sem); + if (sem) { + sem_close(sem); + } ret = execv((const char *)path, argv); if (ret < 0) { snprintf(&errmsg[0], sizeof(errmsg)-1, @@ -249,7 +251,7 @@ struct pparams *params) /* IN: input params */ { struct ucred cred = {0}; - unsigned char magic[2], *ptr; + unsigned char magic[2] = {0}, *ptr; char *enqry; char *optarg = NULL; socklen_t clen; @@ -259,6 +261,25 @@ print_msg("%s: no connection jet\n", params->daemon); } + clen = sizeof(struct ucred); + ret = getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &cred, &clen); + if (ret < 0) { + print_msg("%s: can not get credentials from UNIX socket part1\n", params->daemon); + goto out; + } + if (clen != sizeof(struct ucred)) { + print_msg("%s: can not get credentials from UNIX socket part2\n", params->daemon); + goto out; + } + if (cred.uid != 0) { + enqry = ASCII_NAK; + + ptr = (unsigned char *)enqry; + len = (int)strlen(enqry)+1; + safeout(fd, ptr, len); + goto out; + } + ptr = &magic[0]; len = sizeof(magic); ret = safein(fd, ptr, len); @@ -274,8 +295,10 @@ * wait for the haveged -c instance to finish writting * before continuing to read from the socket */ - sem_wait(sem); - sem_post(sem); + if (sem != NULL) { + sem_wait(sem); + sem_post(sem); + } ret = receive_uinteger(fd, &alen); if (ret < 0) { print_msg("%s: can not read from UNIX socket\n", params->daemon); @@ -298,25 +321,9 @@ * We no more need the semaphore unlink it * Not sure if it is the best place to unlink here */ - sem_unlink(SEM_NAME); - } - - clen = sizeof(struct ucred); - ret = getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &cred, &clen); - if (ret < 0) { - print_msg("%s: can not get credentials from UNIX socket part1\n", params->daemon); - goto out; - } - if (clen != sizeof(struct ucred)) { - print_msg("%s: can not get credentials from UNIX socket part2\n", params->daemon); - goto out; - } - if (cred.uid != 0) { - enqry = ASCII_NAK; - - ptr = (unsigned char *)enqry; - len = (int)strlen(enqry)+1; - safeout(fd, ptr, len); + if (sem != NULL) { + sem_unlink(SEM_NAME); + } } switch (magic[0]) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/haveged-1.9.20/src/haveged.c new/haveged-1.9.21/src/haveged.c --- old/haveged-1.9.20/src/haveged.c 2026-04-29 22:46:55.000000000 +0200 +++ new/haveged-1.9.21/src/haveged.c 2026-05-13 23:28:14.000000000 +0200 @@ -376,10 +376,11 @@ /* init semaphore */ sem = sem_open(SEM_NAME, 0); - if (sem == NULL) { + if (sem == SEM_FAILED) { print_msg("sem_open() failed \n"); print_msg("Error : %s \n", strerror(errno)); ret = -1; + sem = NULL; goto err; } @@ -473,7 +474,9 @@ } err: close(socket_fd); - sem_close(sem); + if (sem) { + sem_close(sem); + } return ret; } else if (!(params->setup & RUN_AS_APP)){ @@ -490,16 +493,19 @@ } } /* Initialize named semaphore to synchronize command instances */ - if (mkdir("/dev/shm", 0755) != 0) { + if (mkdir("/dev/shm", 01777) != 0) { if (errno != EEXIST) { error_exit("Couldn't create /dev/shm directory: %s", strerror(errno)); } + } else { + chmod("/dev/shm", 01777); } sem = sem_open(SEM_NAME, O_CREAT, 0644, 1); - if (sem == NULL) { + if (sem == SEM_FAILED) { fprintf(stderr, "Warning: Couldn't create named semaphore " SEM_NAME" error: %s", strerror(errno)); fprintf(stderr, " %s: disabling command mode for this instance\n", params->daemon); + sem = NULL; } } #endif
