summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Updated version to v1.9.11v1.9.11Jirka Hladky2020-06-116-1303/+1273
|
* Merge branch 'master' of https://github.com/jirka-h/havegedJirka Hladky2020-06-112-1/+21
|\
| * Merge pull request #35 from eworm-de/private-tmpv1.9.10jirka-h2020-06-111-1/+2
| |\ | | | | | | fix ordering cycle with private tmp
| | * fix ordering cycle with private tmpChristian Hesse2020-06-091-1/+2
| | |
| * | Merge pull request #34 from Chocobo1/gh_actionjirka-h2020-06-111-0/+19
| |\ \ | | | | | | | | Add GitHub Actions continuous integration script
| | * | Add GitHub Actions continuous integration scriptMike Tzou2020-06-091-0/+19
| | |/
* | / updated fedora.specJirka Hladky2020-06-111-2/+5
|/ /
* | Replace @SBIN_DIR@ in haveged.service file with actual pathJirka Hladky2020-06-111-1/+8
| |
* | Moved haveged.spec to fedora.specJirka Hladky2020-06-112-223/+1
|/
* Fixed time formatJirka Hladky2020-06-091-0/+222
|
* Updated fedora.spec filev1.9.9Jirka Hladky2020-06-091-1/+4
|
* Fixed https://github.com/jirka-h/haveged/issues/29Jirka Hladky2020-05-1117-32/+59
|
* https://github.com/jirka-h/haveged/issues/25Jirka Hladky2020-05-111-1/+1
|
* Merge branch 'master' of https://github.com/jirka-h/havegedJirka Hladky2020-05-111-1/+1
|\
| * Merge pull request #22 from nbraud/sonamejirka-h2020-05-111-1/+1
| |\ | | | | | | configure.ac: Bump soname (1.9.7 contained an ABI-breaking change)
| | * configure.ac: Bump soname (1.9.7 contained an ABI-breaking change)Nicolas Braud-Santoni2019-10-181-1/+1
| | |
* | | Updated fedora spec fileJirka Hladky2020-05-111-32/+94
|/ /
* | Merge pull request #26 from nbraud/haveged.service/securityjirka-h2020-05-111-0/+15
|\ \ | | | | | | haveged.service: Tighten-down security settings
| * | init.d/service.fedora: Add syscall filter for the serviceNicolas Braud-Santoni2020-01-311-0/+3
| | |
| * | init.d/service.fedora: Enforce W^X (memory cannot be writeable and executable)Nicolas Braud-Santoni2020-01-311-0/+1
| | |
| * | init.d/service.fedora: Disable potentially-vulnerable kernel featuresNicolas Braud-Santoni2020-01-311-0/+4
| | |
| * | init.d/service.fedora: Protect the systemNicolas Braud-Santoni2020-01-311-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - ProtectHome: Prevent access to /home, /root, /run/user. - ProtectHostname: Forbid the service from changing the current hostname. - ProtectKernelLogs: Forbid the service from overwriting the klog ring buffer. - ProtectKernelModules: Forbid loading and unloading kernel modules. The last 3 are particularly relevant, as haveged requires CAP_SYS_ADMIN through its use of ioctl(2).
| * | init.d/service.fedora: Set PrivateTmp, giving haveged its own /tmpNicolas Braud-Santoni2020-01-311-0/+1
| | |
| * | init.d/service.fedora: Set SecureBits=noroot-lockedNicolas Braud-Santoni2020-01-311-0/+2
| | | | | | | | | | | | No capabilities(7) are granted through execve(2); this setting cannot be undone.
* | | Merge pull request #28 from johnou/patch-1jirka-h2020-05-111-0/+8
|\ \ \ | | | | | | | | don't use SOCK_CLOEXEC or SOCK_NONBLOCK if not available
| * | | don't use SOCK_CLOEXEC or SOCK_NONBLOCK if not availableJohno Crawford2020-03-181-0/+8
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Avoids these errors: havegecmd.c: In function ‘cmd_listen’: havegecmd.c:105: error: ‘SOCK_CLOEXEC’ undeclared (first use in this function) havegecmd.c:105: error: (Each undeclared identifier is reported only once havegecmd.c:105: error: for each function it appears in.) havegecmd.c:105: error: ‘SOCK_NONBLOCK’ undeclared (first use in this function) havegecmd.c: In function ‘cmd_connect’: havegecmd.c:154: error: ‘SOCK_CLOEXEC’ undeclared (first use in this function) havegecmd.c:154: error: ‘SOCK_NONBLOCK’ undeclared (first use in this function)
* | | Merge pull request #30 from trofi/masterjirka-h2020-05-113-1/+24
|\ \ \ | | | | | | | | haveged: fix crash on shutdown in threaded mode
| * | | haveged: fix crash on shutdown in threaded modeSergei Trofimovich2020-05-013-1/+24
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The bug happens when havege is built with --enable-threads. On shutdown the following crash happens: ``` 3109 p = mem2chunk (mem); (gdb) bt #0 __GI___libc_free (mem=0x7f630c066000) at malloc.c:3109 #1 0x00007f630c035f9e in havege_destroy (hptr=0x564b56b6b900) at havege.c:197 #2 0x0000564b561c3dca in error_exit (format=<optimized out>) at haveged.c:708 #3 0x0000564b561c33f1 in run_daemon (argv=0x7ffce7627758, path=0x564b56b6b2a0 ``` valgrind helped me to understand it was a mmap() / free() mismatch: ``` For lists of detected and suppressed errors, rerun with: -s ERROR SUMMARY: 14 errors from 2 contexts (suppressed: 0 from 0) Invalid free() / delete / delete[] / realloc() at 0x48389CB: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x48AED9F: havege_destroy (havege.c:197) by 0x10BCA5: error_exit (haveged.c:708) by 0x10B1B7: run_daemon (haveged.c:573) by 0x10B1B7: main (haveged.c:470) Address 0x4845000 is in a rw- anonymous segment ``` It happens due to a few factors: 1. havege is built in threaded mode, there parent pid is stored in shared memory and is expected to free resources. 2. havege is ran in daemon mode, that means havege changes pid when detaches from terminal with daemon(). Combination of [1.] and [2.] causes main process to avoid munmap() and inctead fallback to free() at: ```c void havege_destroy(H_PTR hptr) { ... if (!havege_exit(hptr)) // <- here incorrect pid-based detection happens return; if (0 != (temp=hptr->io_buf)) { hptr->io_buf = 0; free(temp); // <--- here free() happens } ``` The change adds a helper to update parent pid with `havege_reparent` helper. It might not be a very clean fix, but it should be good enough to illustrate the problem. Bug: https://bugs.gentoo.org/720286 Reported-by: Marcin Mirosław Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
* | | Merge pull request #32 from suominen/posixjirka-h2020-05-112-8/+8
|\ \ \ | |/ / |/| | Use POSIX shell comparison for equality
| * | Use POSIX shell comparison for equalityKimmo Suominen2020-05-102-8/+8
|/ /
* | Merge pull request #24 from Polynomial-C/enable-threads_build_fixjirka-h2019-11-141-1/+1
|\ \ | |/ |/| build: Fix compilation with --enable-threads
| * build: Fix compilation with --enable-threadsLars Wendler2019-11-141-1/+1
|/ | | | | | | | | | | Previously failed with: havegetune.c:190:12: error: ‘BUILD_THREAD’ undeclared (first use in this function); did you mean ‘BUILD_THREADS’? 190 | *bp++ = BUILD_THREAD; | ^~~~~~~~~~~~ | BUILD_THREADS Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
* Updating systemd unit file - haveged is commonly used with containersv1.9.8cv1.9.8Jirka Hladky2019-09-301-1/+0
|
* Removed NoNewPrivileges=on from the service file - it breaks the servicev1.9.8bJirka Hladky2019-09-301-3/+2
|
* Preparing 1.9.8 releasev1.9.8aJirka Hladky2019-09-305-14/+14
|
* Preparing 1.9.7 releaseJirka Hladky2019-09-3012-488/+512
|
* Fix for Unresolved symbol error_exit in libhavege #20 by pld-gitsyncv1.9.7-alphav1.9.7Jirka Hladky2019-09-302-59/+93
|
* Merge pull request #21 from eworm-de/servicejirka-h2019-09-272-32/+39
|\ | | | | Service file updates
| * order after systemd-tmpfiles-setup-dev.serviceChristian Hesse2019-09-201-0/+1
| | | | | | | | | | This is required when starting in early userspace, for example booting without initramfs.
| * use systemd security featuresChristian Hesse2019-09-041-0/+5
| |
| * do not run in containerChristian Hesse2019-09-041-0/+1
| |
| * do not use carriage return in line breakChristian Hesse2019-09-042-32/+32
|/
* Fixed invalid UTF-8 codes in ChangeLogJirka Hladky2019-08-261-2/+2
|
* Updated service.fedorav1.9.6Jirka Hladky2019-08-261-1/+1
|
* Updated service.fedorav1.9.5Jirka Hladky2019-08-261-11/+13
|
* New version 1.9.5v1.9.5-alphaJirka Hladky2019-08-202-1/+4
|
* New version 1.9.5Jirka Hladky2019-08-203-11/+25
|
* Added test for /dev/random symlinkJirka Hladky2019-08-201-0/+7
|
* Update to automake 1.16Jirka Hladky2019-08-208-108/+126
|
* Merge pull request #14 from brada4/masterjirka-h2019-08-191-1/+1
|\ | | | | fix segv at start