[rpms/haveged] epel10: Update to 1.9.23 — security hardening for semaphore, socket, and file handling

public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed

* [rpms/haveged] epel10: Update to 1.9.23 — security hardening for semaphore, socket, and file handling
@ 2026-06-18  1:30 Jirka Hladky
  0 siblings, 0 replies; only message in thread
From: Jirka Hladky @ 2026-06-18  1:30 UTC (permalink / raw)
  To: git-commits

A new commit has been pushed.

Repo   : rpms/haveged
Branch : epel10
Commit : df8b03edc0db9521068e626a78c8496bc7322f8d
Author : Jirka Hladky <jhladky@redhat.com>
Date   : 2026-06-18T03:15:15+02:00
Stats  : +13/-2 in 3 file(s)
URL    : https://src.fedoraproject.org/rpms/haveged/c/df8b03edc0db9521068e626a78c8496bc7322f8d?branch=epel10

Log:
Update to 1.9.23 — security hardening for semaphore, socket, and file handling

---
diff --git a/.gitignore b/.gitignore
index 3762f33..b8e23e8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -27,3 +27,4 @@
 /haveged-1.9.18.tar.gz
 /haveged-1.9.21.tar.gz
 /haveged-1.9.22.tar.gz
+/haveged-1.9.23.tar.gz

diff --git a/haveged.spec b/haveged.spec
index 623aa04..14e4296 100644
--- a/haveged.spec
+++ b/haveged.spec
@@ -1,7 +1,7 @@
 %define dracutlibdir lib/dracut
 Summary:        A Linux entropy source using the HAVEGE algorithm
 Name:           haveged
-Version:        1.9.22
+Version:        1.9.23
 Release:        1%{?dist}
 # Automatically converted from old format: GPLv3+ - review is highly recommended.
 License:        GPL-3.0-or-later
@@ -105,6 +105,16 @@ cp -p COPYING README ChangeLog AUTHORS contrib/build/havege_sample.c %{buildroot
 
 
 %changelog
+* Thu Jun 18 2026 Jirka Hladky <hladky.jiri@gmail.com> - 1.9.23-1
+- Update to 1.9.23
+- Security: use O_EXCL with sem_open to prevent semaphore pre-planting attacks
+- Security: fix OOB memory access in safein()/safeout() on socket errors
+- Security: reject command socket connections from different user namespaces
+- Security: use O_NOFOLLOW for PID file to prevent symlink attacks
+- Harden: open random device with O_CLOEXEC, restrict semaphore to 0600
+- Fix stale semaphore recovery after SIGKILL
+- Fix compilation when NO_COMMAND_MODE is defined
+
 * Thu May 21 2026 Jirka Hladky <hladky.jiri@gmail.com> - 1.9.22-1
 - Update to 1.9.22
 - Fix systemd sandboxing: add ReadWritePaths=/dev/shm for semaphore creation

diff --git a/sources b/sources
index 8605945..8d59ebd 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (haveged-1.9.22.tar.gz) = 1f5b3a36cffb3bb683ea547c90832829e4a21f1c0c5776a1699ed544aa45c2a4666e6732c727e32793404a2c19f2c91ed58e4a0a887e467497a0b0b21bd6c1b8
+SHA512 (haveged-1.9.23.tar.gz) = 69fe3e024ac213d2cbbbc36e716cc0822929e0a18aabb0802e2cc9818381073fef034b247c3e2b458b6ca3d9bc4c01b86b1954dff2767752ea2b0551958efb61

^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2026-06-18  1:30 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-06-18  1:30 [rpms/haveged] epel10: Update to 1.9.23 — security hardening for semaphore, socket, and file handling Jirka Hladky

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox