The package rpms/json-c.git has added or updated architecture specific content in its
spec file (ExclusiveArch/ExcludeArch or %ifarch/%ifnarch) in commit(s):
https://src.fedoraproject.org/cgit/rpms/json-c.git/commit/?id=996d20af79e....
Change:
+%ifarch %{valgrind_arches}
Thanks.
Full change:
============
commit 996d20af79e581475e0df9fd705ba8215f294ca2
Author: Bjrn Esser <besser82(a)fedoraproject.org>
Date: Mon May 25 12:20:53 2020 +0200
Run the testssuite with valgrind on %%valgrind_arches
diff --git a/json-c.spec b/json-c.spec
index b6a7b17..a9d8284 100644
--- a/json-c.spec
+++ b/json-c.spec
@@ -29,6 +29,9 @@ BuildRequires: automake
BuildRequires: gcc
BuildRequires: libtool
BuildRequires: make
+%ifarch %{valgrind_arches}
+BuildRequires: valgrind
+%endif
%description
JSON-C implements a reference counting object model that allows you
@@ -96,7 +99,10 @@ hardlink -cvf %{buildroot}%{_pkgdocdir}
%check
-%make_build check
+USE_VALGRIND=0 %make_build check
+%ifarch %{valgrind_arches}
+USE_VALGRIND=1 %make_build check
+%endif
%ldconfig_scriptlets
@@ -128,6 +134,7 @@ hardlink -cvf %{buildroot}%{_pkgdocdir}
* Mon May 25 2020 Bjrn Esser <besser82(a)fedoraproject.org> - 0.13.1-13
- Add a patch to detect broken RDRAND in some CPUs
- Re-enable the use of RDRAND
+- Run the testssuite with valgrind on %%valgrind_arches
* Wed May 13 2020 Bjrn Esser <besser82(a)fedoraproject.org> - 0.13.1-12
- Fix CVE-2020-12762
commit 0c198a7261ec116893215233da48702b51295885
Author: Bjrn Esser <besser82(a)fedoraproject.org>
Date: Mon May 25 12:07:39 2020 +0200
Re-enable the use of RDRAND
diff --git a/json-c.spec b/json-c.spec
index 2721f60..b6a7b17 100644
--- a/json-c.spec
+++ b/json-c.spec
@@ -76,8 +76,8 @@ autoreconf -fiv
%configure \
--disable-silent-rules \
--disable-static \
- --disable-rdrand \
--enable-Bsymbolic \
+ --enable-rdrand \
--enable-shared \
--enable-threading
%make_build
@@ -127,6 +127,7 @@ hardlink -cvf %{buildroot}%{_pkgdocdir}
%changelog
* Mon May 25 2020 Bjrn Esser <besser82(a)fedoraproject.org> - 0.13.1-13
- Add a patch to detect broken RDRAND in some CPUs
+- Re-enable the use of RDRAND
* Wed May 13 2020 Bjrn Esser <besser82(a)fedoraproject.org> - 0.13.1-12
- Fix CVE-2020-12762
commit 350680dd48a6b42a7fc030b4801f13ed2ff563d0
Author: Bjrn Esser <besser82(a)fedoraproject.org>
Date: Mon May 25 12:04:46 2020 +0200
Add a patch to detect broken RDRAND in some CPUs
diff --git a/json-c-0.13.1-detect_broken_RDRAND_during_initialization.patch
b/json-c-0.13.1-detect_broken_RDRAND_during_initialization.patch
new file mode 100644
index 0000000..a5baa32
--- /dev/null
+++ b/json-c-0.13.1-detect_broken_RDRAND_during_initialization.patch
@@ -0,0 +1,165 @@
+From 7e1919446f7fcd8c789f4b979e9a093413311815 Mon Sep 17 00:00:00 2001
+From: Tudor Brindus <me(a)tbrindus.ca>
+Date: Fri, 1 May 2020 21:09:22 -0400
+Subject: [PATCH] Detect broken RDRAND during initialization.
+
+Some CPUs advertise RDRAND in CPUID, but return
+0xFFFFFFFF unconditionally. To avoid locking up
+later, test RDRAND during initialization, and if
+it returns 0xFFFFFFFF, mark it as nonexistent.
+
+Also fix a possible segmentation fault in CPUID check.
+
+This commit is a squashed and slightly modified backport
+of the following commits on the master branch:
+
+ * 0e5bbcaa162ac7850eb4fcd8f91391837d0efb50
+ * 4d36b0287d3ab0912ba8a4790340ca099960b2b0
+ * 80863140263be5f2dc630938ed8f0066f8a1ab43
+---
+ random_seed.c | 96 +++++++++++++++++++++++++++++++++++----------------
+ 1 file changed, 67 insertions(+), 29 deletions(-)
+
+diff --git a/random_seed.c b/random_seed.c
+index 3232777..56642da 100644
+--- a/random_seed.c
++++ b/random_seed.c
+@@ -26,20 +26,11 @@
+
+ static void do_cpuid(int regs[], int h)
+ {
+- __asm__ __volatile__(
+-#if defined __x86_64__
+- "pushq %%rbx;\n"
+-#else
+- "pushl %%ebx;\n"
+-#endif
+- "cpuid;\n"
+-#if defined __x86_64__
+- "popq %%rbx;\n"
+-#else
+- "popl %%ebx;\n"
+-#endif
+- : "=a"(regs[0]), [ebx] "=r"(regs[1]),
"=c"(regs[2]), "=d"(regs[3])
++ /* clang-format off */
++ __asm__ __volatile__("cpuid"
++ : "=a"(regs[0]), "=b"(regs[1]),
"=c"(regs[2]), "=d"(regs[3])
+ : "a"(h));
++ /* clang-format on */
+ }
+
+ #elif defined _MSC_VER
+@@ -53,12 +44,51 @@ static void do_cpuid(int regs[], int h)
+
+ #if HAS_X86_CPUID
+
+-static int has_rdrand()
++static int get_rdrand_seed(void);
++
++/* Valid values are -1 (haven't tested), 0 (no), and 1 (yes). */
++static int _has_rdrand = -1;
++
++static int has_rdrand(void)
+ {
+- // CPUID.01H:ECX.RDRAND[bit 30] == 1
+- int regs[4];
+- do_cpuid(regs, 1);
+- return (regs[2] & (1 << 30)) != 0;
++ if (_has_rdrand != -1)
++ {
++ return _has_rdrand;
++ }
++
++ /* CPUID.01H:ECX.RDRAND[bit 30] == 1 */
++ int regs[4];
++ do_cpuid(regs, 1);
++ if (!(regs[2] & (1 << 30)))
++ {
++ _has_rdrand = 0;
++ return 0;
++ }
++
++ /*
++ * Some CPUs advertise RDRAND in CPUID, but return 0xFFFFFFFF
++ * unconditionally. To avoid locking up later, test RDRAND here. If over
++ * 3 trials RDRAND has returned the same value, declare it broken.
++ * Example CPUs are AMD Ryzen 3000 series
++ * and much older AMD APUs, such as the E1-1500
++ *
https://github.com/systemd/systemd/issues/11810
++ *
https://linuxreviews.org/RDRAND_stops_returning_random_values_on_older_AM...
++ */
++ _has_rdrand = 0;
++ int prev = get_rdrand_seed();
++ for (int i = 0; i < 3; i++)
++ {
++ int temp = get_rdrand_seed();
++ if (temp != prev)
++ {
++ _has_rdrand = 1;
++ break;
++ }
++
++ prev = temp;
++ }
++
++ return _has_rdrand;
+ }
+
+ #endif
+@@ -69,17 +99,19 @@ static int has_rdrand()
+
+ #define HAVE_RDRAND 1
+
+-static int get_rdrand_seed()
++static int get_rdrand_seed(void)
+ {
+- DEBUG_SEED("get_rdrand_seed");
+- int _eax;
+- // rdrand eax
+- __asm__ __volatile__("1: .byte 0x0F\n"
+- " .byte 0xC7\n"
+- " .byte 0xF0\n"
+- " jnc 1b;\n"
+- : "=a" (_eax));
+- return _eax;
++ DEBUG_SEED("get_rdrand_seed");
++ int _eax;
++ /* rdrand eax */
++ /* clang-format off */
++ __asm__ __volatile__("1: .byte 0x0F\n"
++ " .byte 0xC7\n"
++ " .byte 0xF0\n"
++ " jnc 1b;\n"
++ : "=a" (_eax));
++ /* clang-format on */
++ return _eax;
+ }
+
+ #endif
+@@ -109,7 +141,7 @@ static int get_rdrand_seed()
+ DEBUG_SEED("get_rdrand_seed");
+ int _eax;
+ retry:
+- // rdrand eax
++ /* rdrand eax */
+ __asm _emit 0x0F __asm _emit 0xC7 __asm _emit 0xF0
+ __asm jnc retry
+ __asm mov _eax, eax
+@@ -178,8 +210,14 @@ static int get_dev_random_seed()
+
+ #define HAVE_CRYPTGENRANDOM 1
+
++/* clang-format off */
+ #include <windows.h>
++
++/* Caution: these blank lines must remain so clang-format doesn't reorder
++ includes to put windows.h after wincrypt.h */
++
+ #include <wincrypt.h>
++/* clang-format on */
+ #ifndef __GNUC__
+ #pragma comment(lib, "advapi32.lib")
+ #endif
+--
+2.26.2
+
diff --git a/json-c.spec b/json-c.spec
index e3bb8a0..2721f60 100644
--- a/json-c.spec
+++ b/json-c.spec
@@ -6,7 +6,7 @@
Name: json-c
Version: 0.13.1
-Release: 12%{?dist}
+Release: 13%{?dist}
Summary: JSON implementation in C
License: MIT
@@ -21,6 +21,9 @@ Patch2:
%{url}/commit/8bd62177e796386fb6382db101c90b57b6138afe.patch#/%{
# Fixes CVE-2020-12762.
Patch3: %{name}-0.13.1-fix_CVE_2020_12762.patch
+# Fix RDRAND.
+Patch4: %{name}-0.13.1-detect_broken_RDRAND_during_initialization.patch
+
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: gcc
@@ -122,6 +125,9 @@ hardlink -cvf %{buildroot}%{_pkgdocdir}
%changelog
+* Mon May 25 2020 Bjrn Esser <besser82(a)fedoraproject.org> - 0.13.1-13
+- Add a patch to detect broken RDRAND in some CPUs
+
* Wed May 13 2020 Bjrn Esser <besser82(a)fedoraproject.org> - 0.13.1-12
- Fix CVE-2020-12762