net-misc/openssh: patch for getentropy fallback
This commit is contained in:
parent
93bbd4d923
commit
6931d83523
69
net-misc/openssh/files/openssh-9.1_p1-getentropy.patch
Normal file
69
net-misc/openssh/files/openssh-9.1_p1-getentropy.patch
Normal file
|
@ -0,0 +1,69 @@
|
||||||
|
diff --git a/openbsd-compat/arc4random.c b/openbsd-compat/arc4random.c
|
||||||
|
index 02f15f9c..ffd33734 100644
|
||||||
|
--- a/openbsd-compat/arc4random.c
|
||||||
|
+++ b/openbsd-compat/arc4random.c
|
||||||
|
@@ -44,13 +44,15 @@
|
||||||
|
#ifndef HAVE_ARC4RANDOM
|
||||||
|
|
||||||
|
/*
|
||||||
|
- * If we're not using a native getentropy, use the one from bsd-getentropy.c
|
||||||
|
- * under a different name, so that if in future these binaries are run on
|
||||||
|
- * a system that has a native getentropy OpenSSL cannot call the wrong one.
|
||||||
|
+ * Always use the getentropy implementation from bsd-getentropy.c, which
|
||||||
|
+ * will call a native getentropy if available then fall back as required.
|
||||||
|
+ * We use a different name so that OpenSSL cannot call the wrong getentropy.
|
||||||
|
*/
|
||||||
|
-#ifndef HAVE_GETENTROPY
|
||||||
|
-# define getentropy(x, y) (_ssh_compat_getentropy((x), (y)))
|
||||||
|
+int _ssh_compat_getentropy(void *, size_t);
|
||||||
|
+#ifdef getentropy
|
||||||
|
+# undef getentropy
|
||||||
|
#endif
|
||||||
|
+#define getentropy(x, y) (_ssh_compat_getentropy((x), (y)))
|
||||||
|
|
||||||
|
#include "log.h"
|
||||||
|
|
||||||
|
diff --git a/openbsd-compat/bsd-getentropy.c b/openbsd-compat/bsd-getentropy.c
|
||||||
|
index bd4b6695..554dfad7 100644
|
||||||
|
--- a/openbsd-compat/bsd-getentropy.c
|
||||||
|
+++ b/openbsd-compat/bsd-getentropy.c
|
||||||
|
@@ -18,8 +18,6 @@
|
||||||
|
|
||||||
|
#include "includes.h"
|
||||||
|
|
||||||
|
-#ifndef HAVE_GETENTROPY
|
||||||
|
-
|
||||||
|
#ifndef SSH_RANDOM_DEV
|
||||||
|
# define SSH_RANDOM_DEV "/dev/urandom"
|
||||||
|
#endif /* SSH_RANDOM_DEV */
|
||||||
|
@@ -52,6 +50,10 @@ _ssh_compat_getentropy(void *s, size_t len)
|
||||||
|
ssize_t r;
|
||||||
|
size_t o = 0;
|
||||||
|
|
||||||
|
+#ifdef HAVE_GETENTROPY
|
||||||
|
+ if (r = getentropy(s, len) == 0)
|
||||||
|
+ return 0;
|
||||||
|
+#endif /* HAVE_GETENTROPY */
|
||||||
|
#ifdef HAVE_GETRANDOM
|
||||||
|
if ((r = getrandom(s, len, 0)) > 0 && (size_t)r == len)
|
||||||
|
return 0;
|
||||||
|
@@ -79,4 +81,3 @@ _ssh_compat_getentropy(void *s, size_t len)
|
||||||
|
#endif /* WITH_OPENSSL */
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
-#endif /* WITH_GETENTROPY */
|
||||||
|
diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h
|
||||||
|
index 4af207cd..8f815090 100644
|
||||||
|
--- a/openbsd-compat/openbsd-compat.h
|
||||||
|
+++ b/openbsd-compat/openbsd-compat.h
|
||||||
|
@@ -69,10 +69,6 @@ void closefrom(int);
|
||||||
|
int ftruncate(int filedes, off_t length);
|
||||||
|
#endif
|
||||||
|
|
||||||
|
-#if defined(HAVE_DECL_GETENTROPY) && HAVE_DECL_GETENTROPY == 0
|
||||||
|
-int _ssh_compat_getentropy(void *, size_t);
|
||||||
|
-#endif
|
||||||
|
-
|
||||||
|
#ifndef HAVE_GETLINE
|
||||||
|
#include <stdio.h>
|
||||||
|
ssize_t getline(char **, size_t *, FILE *);
|
|
@ -51,7 +51,7 @@ LICENSE="BSD GPL-2"
|
||||||
SLOT="0"
|
SLOT="0"
|
||||||
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
|
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
|
||||||
# Probably want to drop ssl defaulting to on in a future version.
|
# Probably want to drop ssl defaulting to on in a future version.
|
||||||
IUSE="abi_mips_n32 audit debug hpn kerberos ldns libedit livecd pam +pie +sandbox sctp security-key selinux +ssl static test X X509 xmss"
|
IUSE="abi_mips_n32 audit debug hpn kerberos ldns libedit livecd pam +pie sctp security-key selinux +ssl static test X X509 xmss"
|
||||||
|
|
||||||
RESTRICT="!test? ( test )"
|
RESTRICT="!test? ( test )"
|
||||||
|
|
||||||
|
@ -124,6 +124,7 @@ PATCHES=(
|
||||||
"${FILESDIR}/${PN}-8.9_p1-allow-ppoll_time64.patch" #834019
|
"${FILESDIR}/${PN}-8.9_p1-allow-ppoll_time64.patch" #834019
|
||||||
"${FILESDIR}/${PN}-8.9_p1-gss-use-HOST_NAME_MAX.patch" #834044
|
"${FILESDIR}/${PN}-8.9_p1-gss-use-HOST_NAME_MAX.patch" #834044
|
||||||
"${FILESDIR}/${PN}-9.1_p1-build-tests.patch"
|
"${FILESDIR}/${PN}-9.1_p1-build-tests.patch"
|
||||||
|
"${FILESDIR}/${P}-getentropy.patch"
|
||||||
)
|
)
|
||||||
|
|
||||||
pkg_pretend() {
|
pkg_pretend() {
|
||||||
|
@ -342,7 +343,6 @@ src_configure() {
|
||||||
$(use_with ssl openssl)
|
$(use_with ssl openssl)
|
||||||
$(use_with ssl ssl-engine)
|
$(use_with ssl ssl-engine)
|
||||||
$(use_with !elibc_Cygwin hardening) #659210
|
$(use_with !elibc_Cygwin hardening) #659210
|
||||||
$(use_with sandbox sandbox)
|
|
||||||
)
|
)
|
||||||
|
|
||||||
if use elibc_musl; then
|
if use elibc_musl; then
|
||||||
|
|
Loading…
Reference in a new issue