Package: rdate
Version: 1:1.2-1
Severity: important
Tags: patch
User: [email protected]
Usertags: kfreebsd

Hi!

Could you please switch to using arc4random from libbsd? It'd be more
generic, would fix the FTBFS on GNU/kFreeBSD architectures, wouldn't
break on Linux, and would also make it usable as a udeb for GNU/kFreeBSD
(we have a GSOC student working on porting d-i), while removing an
embedded code copy, which is always welcome! (Ask security folks :))

[Intensive testing has been performed by Aurélien Jarno, thanks!]

You might not want to remove both files as I did in my patch, but that's
something I'm quite used to do for my own packages, so as to make sure
the embedded code copy is never used.

Thanks for considering.

Mraw,
KiBi.
diff -u rdate-1.2/debian/control rdate-1.2/debian/control
--- rdate-1.2/debian/control
+++ rdate-1.2/debian/control
@@ -2,7 +2,7 @@
 Section: net
 Priority: optional
 Maintainer: Anibal Monsalve Salazar <[email protected]>
-Build-Depends: debhelper (>= 7), autotools-dev, quilt
+Build-Depends: debhelper (>= 7), autotools-dev, quilt, libbsd-dev
 Standards-Version: 3.8.1
 Homepage: http://sourceforge.net/projects/openrdate/
 
diff -u rdate-1.2/debian/changelog rdate-1.2/debian/changelog
--- rdate-1.2/debian/changelog
+++ rdate-1.2/debian/changelog
@@ -1,3 +1,12 @@
+rdate (1:1.2-1.1) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Use arc4random from libbsd:
+     - Add patch to drop the embedded code copy: 08-use-libbsd.patch
+     - Add libbsd-dev to Build-Depends.
+  
+ -- Cyril Brulebois <[email protected]>  Sat, 25 Jul 2009 22:34:25 +0200
+
 rdate (1:1.2-1) unstable; urgency=low
 
   * New upstream release 
diff -u rdate-1.2/debian/patches/series rdate-1.2/debian/patches/series
--- rdate-1.2/debian/patches/series
+++ rdate-1.2/debian/patches/series
@@ -3,0 +4 @@
+08-use-libbsd.patch
only in patch2:
unchanged:
--- rdate-1.2.orig/debian/patches/08-use-libbsd.patch
+++ rdate-1.2/debian/patches/08-use-libbsd.patch
@@ -0,0 +1,442 @@
+--- a/src/arc4random.c
++++ /dev/null
+@@ -1,317 +0,0 @@
+-/*	$OpenBSD: arc4random.c,v 1.20 2008/10/03 18:46:04 otto Exp $	*/
+-
+-/*
+- * Copyright (c) 1996, David Mazieres <[email protected]>
+- * Copyright (c) 2008, Damien Miller <[email protected]>
+- *
+- * Permission to use, copy, modify, and distribute this software for any
+- * purpose with or without fee is hereby granted, provided that the above
+- * copyright notice and this permission notice appear in all copies.
+- *
+- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+- */
+-
+-/*
+- * Arc4 random number generator for OpenBSD.
+- *
+- * This code is derived from section 17.1 of Applied Cryptography,
+- * second edition, which describes a stream cipher allegedly
+- * compatible with RSA Labs "RC4" cipher (the actual description of
+- * which is a trade secret).  The same algorithm is used as a stream
+- * cipher called "arcfour" in Tatu Ylonen's ssh package.
+- *
+- * Here the stream cipher has been modified always to include the time
+- * when initializing the state.  That makes it impossible to
+- * regenerate the same random sequence twice, so this can't be used
+- * for encryption, but will generate good random numbers.
+- *
+- * RC4 is a registered trademark of RSA Laboratories.
+- */
+-#ifdef HAVE_CONFIG_H
+-#include "config.h"
+-#endif
+-
+-#include <fcntl.h>
+-#include <limits.h>
+-#include <stdlib.h>
+-#include <unistd.h>
+-#include <sys/types.h>
+-#include <sys/param.h>
+-#include <sys/time.h>
+-#include <sys/sysctl.h>
+-
+-#if defined __NO_SYSCTL__
+-#include <err.h>
+-#include <errno.h>
+-#include <stdio.h>
+-#include <sys/stat.h>   /* for use with open() */
+-#define RND_DEV "/dev/urandom"
+-#define errmsg(msg) errx(1, "%s - %s", RND_DEV, msg);
+-#endif                  /* __NO_SYSCTL__ */
+-
+-#if defined __LINUX__
+-#include <pthread.h>	/* pthread_mutex_t pthread_mutex_lock(3) pthread_mutex_unlock(3) */
+-static pthread_mutex_t mux;
+-#define _ARC4_LOCK()  pthread_mutex_lock(&mux)
+-#define _ARC4_UNLOCK() pthread_mutex_unlock(&mux)
+-#else               /* !__LINUX__ */
+-#include "thread_private.h"
+-#endif              /* __LINUX__ */
+-
+-#ifdef __GNUC__
+-#define inline __inline
+-#define KERN_ARND KERN_RANDOM
+-#else				/* !__GNUC__ */
+-#define inline
+-#endif				/* !__GNUC__ */
+-
+-struct arc4_stream {
+-	u_int8_t i;
+-	u_int8_t j;
+-	u_int8_t s[256];
+-};
+-
+-static int rs_initialized;
+-static struct arc4_stream rs;
+-static pid_t arc4_stir_pid;
+-static int arc4_count;
+-
+-static inline u_int8_t arc4_getbyte(void);
+-
+-static inline void
+-arc4_init(void)
+-{
+-	int     n;
+-
+-	for (n = 0; n < 256; n++)
+-		rs.s[n] = n;
+-	rs.i = 0;
+-	rs.j = 0;
+-}
+-
+-static inline void
+-arc4_addrandom(u_char *dat, int datlen)
+-{
+-	int     n;
+-	u_int8_t si;
+-
+-	rs.i--;
+-	for (n = 0; n < 256; n++) {
+-		rs.i = (rs.i + 1);
+-		si = rs.s[rs.i];
+-		rs.j = (rs.j + si + dat[n % datlen]);
+-		rs.s[rs.i] = rs.s[rs.j];
+-		rs.s[rs.j] = si;
+-	}
+-	rs.j = rs.i;
+-}
+-
+-static void
+-arc4_stir(void)
+-{
+-#ifndef __NO_SYSCTL__
+-	int     i, mib[2];
+-#else   /* !__NO_SYSCTL__ */
+-    int     i;
+-#endif  /* !__NO_SYSCTL__ */
+-	size_t	len;
+-	u_char rnd[128];
+-
+-	if (!rs_initialized) {
+-		arc4_init();
+-		rs_initialized = 1;
+-	}
+-
+-#ifndef __NO_SYSCTL__
+-	mib[0] = CTL_KERN;
+-	mib[1] = KERN_ARND;
+-#endif /* __NO_SYSCTL__ */
+-
+-	len = sizeof(rnd);
+-
+-#ifndef __NO_SYSCTL__
+-	sysctl(mib, 2, rnd, &len, NULL, 0);
+-#else   /* __NO_SYSCTL__ */
+-    int rndfd = open(RND_DEV, O_RDONLY);
+-
+-    if (rndfd == -1) {
+-        switch(errno) {
+-        case EACCES: errmsg("Unable to access device.");
+-                     break;
+-        case EPERM: errmsg("Device access permission denied.");
+-                    break;
+-        default: break;
+-        }
+-    }
+-
+-    ssize_t sizerd = read(rndfd, rnd, len);
+-
+-    if (sizerd != len || sizerd == -1) {
+-        switch(errno) {
+-        case EAGAIN: errmsg("No data is available.");
+-                     break;
+-        case EBADF: errmsg("Device file descriptor is invalid.");
+-                    break;
+-        case EINTR: errmsg("Device read was interrupted.");
+-                    break;
+-        default: break;
+-        }
+-    } 
+-
+-    close(rndfd);
+-#endif /* __NO_SYSCTL__ */
+-
+-	arc4_stir_pid = getpid();
+-	arc4_addrandom(rnd, sizeof(rnd));
+-
+-	/*
+-	 * Discard early keystream, as per recommendations in:
+-	 * http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/Rc4_ksa.ps
+-	 */
+-	for (i = 0; i < 256; i++)
+-		(void)arc4_getbyte();
+-	arc4_count = 1600000;
+-}
+-
+-static inline u_int8_t
+-arc4_getbyte(void)
+-{
+-	u_int8_t si, sj;
+-
+-	rs.i = (rs.i + 1);
+-	si = rs.s[rs.i];
+-	rs.j = (rs.j + si);
+-	sj = rs.s[rs.j];
+-	rs.s[rs.i] = sj;
+-	rs.s[rs.j] = si;
+-	return (rs.s[(si + sj) & 0xff]);
+-}
+-
+-static inline u_int32_t
+-arc4_getword(void)
+-{
+-	u_int32_t val;
+-	val = arc4_getbyte() << 24;
+-	val |= arc4_getbyte() << 16;
+-	val |= arc4_getbyte() << 8;
+-	val |= arc4_getbyte();
+-	return val;
+-}
+-
+-void
+-arc4random_stir(void)
+-{
+-	_ARC4_LOCK();
+-	arc4_stir();
+-	_ARC4_UNLOCK();
+-}
+-
+-void
+-arc4random_addrandom(u_char *dat, int datlen)
+-{
+-	_ARC4_LOCK();
+-	if (!rs_initialized)
+-		arc4_stir();
+-	arc4_addrandom(dat, datlen);
+-	_ARC4_UNLOCK();
+-}
+-
+-u_int32_t
+-arc4random(void)
+-{
+-	u_int32_t val;
+-	_ARC4_LOCK();
+-	arc4_count -= 4;
+-	if (arc4_count <= 0 || !rs_initialized || arc4_stir_pid != getpid())
+-		arc4_stir();
+-	val = arc4_getword();
+-	_ARC4_UNLOCK();
+-	return val;
+-}
+-
+-void
+-arc4random_buf(void *_buf, size_t n)
+-{
+-	u_char *buf = (u_char *)_buf;
+-	_ARC4_LOCK();
+-	if (!rs_initialized || arc4_stir_pid != getpid())
+-		arc4_stir();
+-	while (n--) {
+-		if (--arc4_count <= 0)
+-			arc4_stir();
+-		buf[n] = arc4_getbyte();
+-	}
+-	_ARC4_UNLOCK();
+-}
+-
+-/*
+- * Calculate a uniformly distributed random number less than upper_bound
+- * avoiding "modulo bias".
+- *
+- * Uniformity is achieved by generating new random numbers until the one
+- * returned is outside the range [0, 2**32 % upper_bound).  This
+- * guarantees the selected random number will be inside
+- * [2**32 % upper_bound, 2**32) which maps back to [0, upper_bound)
+- * after reduction modulo upper_bound.
+- */
+-u_int32_t
+-arc4random_uniform(u_int32_t upper_bound)
+-{
+-	u_int32_t r, min;
+-
+-	if (upper_bound < 2)
+-		return 0;
+-
+-#if (ULONG_MAX > 0xffffffffUL)
+-	min = 0x100000000UL % upper_bound;
+-#else
+-	/* Calculate (2**32 % upper_bound) avoiding 64-bit math */
+-	if (upper_bound > 0x80000000)
+-		min = 1 + ~upper_bound;		/* 2**32 - upper_bound */
+-	else {
+-		/* (2**32 - (x * 2)) % x == 2**32 % x when x <= 2**31 */
+-		min = ((0xffffffff - (upper_bound * 2)) + 1) % upper_bound;
+-	}
+-#endif
+-
+-	/*
+-	 * This could theoretically loop forever but each retry has
+-	 * p > 0.5 (worst case, usually far better) of selecting a
+-	 * number inside the range we need, so it should rarely need
+-	 * to re-roll.
+-	 */
+-	for (;;) {
+-		r = arc4random();
+-		if (r >= min)
+-			break;
+-	}
+-
+-	return r % upper_bound;
+-}
+-
+-#if 0
+-/*-------- Test code for i386 --------*/
+-#include <stdio.h>
+-#include <machine/pctr.h>
+-int
+-main(int argc, char **argv)
+-{
+-	const int iter = 1000000;
+-	int     i;
+-	pctrval v;
+-
+-	v = rdtsc();
+-	for (i = 0; i < iter; i++)
+-		arc4random();
+-	v = rdtsc() - v;
+-	v /= iter;
+-
+-	printf("%qd cycles\n", v);
+-}
+-#endif
+--- a/src/arc4random.h
++++ /dev/null
+@@ -1,39 +0,0 @@
+-/* $Id: arc4random.h,v 1.1 2006/09/29 02:12:55 snyderx Exp $ */
+-
+-/*
+- * Arc4 random number generator for OpenBSD.
+- * Copyright 1996 David Mazieres <[email protected]>.
+- *
+- * Modification and redistribution in source and binary forms is
+- * permitted provided that due credit is given to the author and the
+- * OpenBSD project (for instance by leaving this copyright notice
+- * intact).
+- */
+-
+-/* Slightly modified to work with linux by Thomas Roessler 
+- * <[email protected]>.
+- */
+-
+-/*
+- * This code is derived from section 17.1 of Applied Cryptography,
+- * second edition, which describes a stream cipher allegedly
+- * compatible with RSA Labs "RC4" cipher (the actual description of
+- * which is a trade secret).  The same algorithm is used as a stream
+- * cipher called "arcfour" in Tatu Ylonen's ssh package.
+- *
+- * Here the stream cipher has been modified always to include the time
+- * when initializing the state.  That makes it impossible to
+- * regenerate the same random sequence twice, so this can't be used
+- * for encryption, but will generate good random numbers.
+- *
+- * RC4 is a registered trademark of RSA Laboratories.
+- */
+-
+-#ifndef _ARC4RANDOM_H
+-#define _ARC4RANDOM_H
+-
+-void arc4random_stir (void);
+-void arc4random_addrandom (u_char *dat, int datlen);
+-u_int32_t arc4random(void);
+-
+-#endif
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -1,8 +1,7 @@
+ noinst_LIBRARIES=librdate.a
+ 
+-librdate_a_SOURCES= arc4random.c \
++librdate_a_SOURCES= \
+                ntp.c \
+                ntpleaps.c \
+                rfc868time.c \
+-               ntpleaps.h \
+-               arc4random.h 
++               ntpleaps.h
+--- a/src/ntp.c
++++ b/src/ntp.c
+@@ -50,7 +50,7 @@
+ #include <unistd.h>
+ 
+ #include "ntpleaps.h"
+-#include "arc4random.h"
++#include <bsd/random.h>
+ 
+ /*
+  * NTP definitions.  Note that these assume 8-bit bytes - sigh.  There
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -6,7 +6,7 @@ rdate_SOURCES= \
+         src/rdate.c
+ 
+ rdate_LDADD= \
+-        src/librdate.a
++        src/librdate.a -lbsd
+ 
+ man_MANS= \
+     docs/rdate.8
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -183,7 +183,7 @@ rdate_SOURCES = \
+         src/rdate.c
+ 
+ rdate_LDADD = \
+-        src/librdate.a
++        src/librdate.a -lbsd
+ 
+ man_MANS = \
+     docs/rdate.8
+--- a/src/Makefile.in
++++ b/src/Makefile.in
+@@ -50,7 +50,7 @@ AR = ar
+ ARFLAGS = cru
+ librdate_a_AR = $(AR) $(ARFLAGS)
+ librdate_a_LIBADD =
+-am_librdate_a_OBJECTS = arc4random.$(OBJEXT) ntp.$(OBJEXT) \
++am_librdate_a_OBJECTS = ntp.$(OBJEXT) \
+ 	ntpleaps.$(OBJEXT) rfc868time.$(OBJEXT)
+ librdate_a_OBJECTS = $(am_librdate_a_OBJECTS)
+ DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)
+@@ -155,12 +155,11 @@ sharedstatedir = @sharedstatedir@
+ sysconfdir = @sysconfdir@
+ target_alias = @target_alias@
+ noinst_LIBRARIES = librdate.a
+-librdate_a_SOURCES = arc4random.c \
++librdate_a_SOURCES = \
+                ntp.c \
+                ntpleaps.c \
+                rfc868time.c \
+-               ntpleaps.h \
+-               arc4random.h 
++               ntpleaps.h
+ 
+ all: all-am
+ 
+@@ -209,7 +208,6 @@ mostlyclean-compile:
+ distclean-compile:
+ 	-rm -f *.tab.c
+ 
+...@amdep_true@@am__include@ @am__qu...@./$(DEPDIR)/arc4random...@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__qu...@./$(DEPDIR)/ntp...@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__qu...@./$(DEPDIR)/ntpleaps...@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__qu...@./$(DEPDIR)/rfc868time...@am__quote@

Reply via email to