diff options
| author | schmonz <schmonz@pkgsrc.org> | 2022-08-30 17:55:31 +0000 |
|---|---|---|
| committer | schmonz <schmonz@pkgsrc.org> | 2022-08-30 17:55:31 +0000 |
| commit | 8c8040a6728e0d60242728bdb4ec4c60ca6a3b67 (patch) | |
| tree | 9af73e1dc70f23d5f878fcadf90c3dacee9ad1a0 /security | |
| parent | 04ea436836f2aa4927d0c580e3f521f0f6a9707b (diff) | |
| download | pkgsrc-8c8040a6728e0d60242728bdb4ec4c60ca6a3b67.tar.gz | |
Apply upstream commit 0cb7bb4 to fall back to /dev/urandom on systems
where getentropy() is not present. Bump PKGREVISION.
Diffstat (limited to 'security')
| -rw-r--r-- | security/tlswrapper/Makefile | 7 | ||||
| -rw-r--r-- | security/tlswrapper/distinfo | 10 | ||||
| -rw-r--r-- | security/tlswrapper/patches/patch-Makefile | 28 | ||||
| -rw-r--r-- | security/tlswrapper/patches/patch-makefilegen.sh | 78 | ||||
| -rw-r--r-- | security/tlswrapper/patches/patch-randombytes.c | 44 | ||||
| -rw-r--r-- | security/tlswrapper/patches/patch-randombytes.c-01getentropy | 38 | ||||
| -rw-r--r-- | security/tlswrapper/patches/patch-randombytes.c-02devurandom | 51 | ||||
| -rw-r--r-- | security/tlswrapper/patches/patch-randombytes.h-01getentropy | 14 | ||||
| -rw-r--r-- | security/tlswrapper/patches/patch-randombytes.h-02devurandom | 15 |
9 files changed, 279 insertions, 6 deletions
diff --git a/security/tlswrapper/Makefile b/security/tlswrapper/Makefile index d720085b416..b5d05212b46 100644 --- a/security/tlswrapper/Makefile +++ b/security/tlswrapper/Makefile @@ -1,7 +1,8 @@ -# $NetBSD: Makefile,v 1.4 2022/08/25 18:05:37 schmonz Exp $ +# $NetBSD: Makefile,v 1.5 2022/08/30 17:55:31 schmonz Exp $ DISTNAME= ${GITHUB_PROJECT} PKGNAME= ${GITHUB_PROJECT}-${GITHUB_TAG} +PKGREVISION= 1 CATEGORIES= security net MASTER_SITES= ${MASTER_SITE_GITHUB:=janmojzis/} GITHUB_PROJECT= tlswrapper @@ -22,6 +23,10 @@ LDFLAGS.SunOS+= -lsocket INSTALLATION_DIRS= bin man/man1 share/examples/${PKGBASE} +post-extract: + cd ${WRKSRC}; \ + ${MV} -f randombytes.h randombytes.h-01getentropy + do-install: cd ${WRKSRC}; \ ${INSTALL_DATA} examples.md \ diff --git a/security/tlswrapper/distinfo b/security/tlswrapper/distinfo index 22dfb97ed41..f3609ee26b7 100644 --- a/security/tlswrapper/distinfo +++ b/security/tlswrapper/distinfo @@ -1,6 +1,12 @@ -$NetBSD: distinfo,v 1.4 2022/08/25 18:05:37 schmonz Exp $ +$NetBSD: distinfo,v 1.5 2022/08/30 17:55:31 schmonz Exp $ BLAKE2s (tlswrapper-20220814.tar.gz) = 5ce956397f0639bd400643b74d809f2e074c60511f02dd376dbabafbb66f561f SHA512 (tlswrapper-20220814.tar.gz) = f9c0e1b368a634390b6e2fe1092084ebecbe5c4f3892a4ef1dfaf40fce7058b60bfd513ac94693c1eb82cd859b52c84935520770cbf48b195d408bd0e8c4b58e Size (tlswrapper-20220814.tar.gz) = 248914 bytes -SHA1 (patch-Makefile) = 72fb81a5224e3c363d7a61dec17ea61d7d99879b +SHA1 (patch-Makefile) = 8c531e8b0a42b43b3555e5b95caeec53d3326ef5 +SHA1 (patch-makefilegen.sh) = dfa45f414f0f22e58a39d7bf4a0c32b104876f23 +SHA1 (patch-randombytes.c) = b6d945c69bf67a2040028b3d654582dda4ac7965 +SHA1 (patch-randombytes.c-01getentropy) = b3518de0561393ef6b0f3c820a7142c233689d65 +SHA1 (patch-randombytes.c-02devurandom) = ec8fcff0d126ff794958e29716cf2b2312ac604d +SHA1 (patch-randombytes.h-01getentropy) = ad16c4556bf3b32f82314b6dd93eb6bf3e65a67a +SHA1 (patch-randombytes.h-02devurandom) = 96fd1ab08f0e999e718962466009784e1137cfc1 diff --git a/security/tlswrapper/patches/patch-Makefile b/security/tlswrapper/patches/patch-Makefile index ffb095f928a..2559fc40434 100644 --- a/security/tlswrapper/patches/patch-Makefile +++ b/security/tlswrapper/patches/patch-Makefile @@ -1,10 +1,26 @@ -$NetBSD: patch-Makefile,v 1.1 2022/01/04 22:10:37 schmonz Exp $ +$NetBSD: patch-Makefile,v 1.2 2022/08/30 17:55:31 schmonz Exp $ Do not consider building a local copy of BearSSL. +Apply upstream commit 0cb7bb4 to fall back to /dev/urandom on systems +where getentropy() is not present. ---- Makefile.orig 2021-12-28 05:36:39.000000000 +0000 +--- Makefile.orig 2022-08-14 12:18:16.000000000 +0000 +++ Makefile -@@ -227,9 +227,6 @@ tlswrapper-test: tlswrapper-test.o $(OBJ +@@ -10,6 +10,13 @@ BINARIES+=tlswrapper-test + + all: bearssl $(BINARIES) tlswrapper-tcp tlswrapper-smtp + ++randombytes.h: ++ (grep -v "randombytes.h" "randombytes.c-01getentropy"; echo "int main() {}";) > try.c ++ [ ! -f randombytes.h ] && $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o try try.c && cat randombytes.h-01getentropy > randombytes.h || : ++ (grep -v "randombytes.h" "randombytes.c-02devurandom"; echo "int main() {}";) > try.c ++ [ ! -f randombytes.h ] && $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o try try.c && cat randombytes.h-02devurandom > randombytes.h || : ++ rm try.c try ++ + alloc.o: alloc.c log.h alloc.h + $(CC) $(CFLAGS) $(CPPFLAGS) -c alloc.c + +@@ -267,9 +274,6 @@ tlswrapper-test: tlswrapper-test.o $(OBJ bearssl: @@ -14,3 +30,9 @@ Do not consider building a local copy of BearSSL. mkdir -p bearssl/inc tlswrapper-tcp: tlswrapper +@@ -296,4 +300,5 @@ test: bearssl $(BINARIES) tlswrapper-tcp + + clean: + rm -f *.o *.out $(BINARIES) tlswrapper-tcp tlswrapper-smtp ++ rm -f randombytes.h + diff --git a/security/tlswrapper/patches/patch-makefilegen.sh b/security/tlswrapper/patches/patch-makefilegen.sh new file mode 100644 index 00000000000..0397ef098d7 --- /dev/null +++ b/security/tlswrapper/patches/patch-makefilegen.sh @@ -0,0 +1,78 @@ +$NetBSD: patch-makefilegen.sh,v 1.1 2022/08/30 17:55:31 schmonz Exp $ + +Apply upstream commit 0cb7bb4 to fall back to /dev/urandom on systems +where getentropy() is not present. + +--- makefilegen.sh.orig 2022-08-14 12:18:16.000000000 +0000 ++++ makefilegen.sh +@@ -9,6 +9,7 @@ + echo "DESTDIR?=" + echo + ++ # binaries + i=0 + for file in `ls *.c`; do + if grep '^int main(' "${file}" >/dev/null; then +@@ -23,18 +24,40 @@ + done + echo + ++ # portable ++ headers=`ls *.c-* | sed 's/\.c-.*/.h/' | sort -u` ++ + echo "all: bearssl \$(BINARIES) tlswrapper-tcp tlswrapper-smtp" + echo + ++ for hfile in "${headers}"; do ++ echo "${hfile}:" ++ ls "${hfile}-"* \ ++ | sort \ ++ | while read hhfile ++ do ++ ccfile=`echo ${hhfile} | sed 's/\.h-/.c-/'` ++ echo " (grep -v \"${hfile}\" \"${ccfile}\"; echo \"int main() {}\";) > try.c" ++ echo " [ ! -f ${hfile} ] && \$(CC) \$(CFLAGS) \$(CPPFLAGS) \$(LDFLAGS) -o try try.c && cat ${hhfile} > ${hfile} || :" ++ done ++ echo " rm try.c try" ++ touch "${hfile}" ++ done ++ echo ++ ++ + for file in `ls *.c`; do + ( +- #gcc -I/usr/include/bearssl -MM "${file}" + gcc -MM "${file}" + echo " \$(CC) \$(CFLAGS) \$(CPPFLAGS) -c ${file}" + echo + ) + done + ++ for hfile in "${headers}"; do ++ rm -f "${hfile}" ++ done ++ + i=0 + for file in `ls *.c`; do + if ! grep '^int main(' "${file}" >/dev/null; then +@@ -61,8 +84,8 @@ + + echo "bearssl:" + echo " echo 'int main(){}' > try.c" +- echo " \$(CC) \$(CFLAGS) \$(CPPFLAGS) -o try.o \$(LDFLAGS) try.c || (sh bearssl.sh; cd bearssl; make; rm build/*.so; )" +- echo " rm -f try.o try.c" ++ echo " \$(CC) \$(CFLAGS) \$(CPPFLAGS) \$(LDFLAGS) -o try try.c || (sh bearssl.sh; cd bearssl; make; rm build/*.so; )" ++ echo " rm -f try.c try" + echo " mkdir -p bearssl/inc" + echo + +@@ -94,6 +117,9 @@ + + echo "clean:" + echo " rm -f *.o *.out \$(BINARIES) tlswrapper-tcp tlswrapper-smtp" ++ for hfile in "${headers}"; do ++ echo " rm -f ${hfile}" ++ done + echo + + ) > Makefile diff --git a/security/tlswrapper/patches/patch-randombytes.c b/security/tlswrapper/patches/patch-randombytes.c new file mode 100644 index 00000000000..2d645ffb4f9 --- /dev/null +++ b/security/tlswrapper/patches/patch-randombytes.c @@ -0,0 +1,44 @@ +$NetBSD: patch-randombytes.c,v 1.1 2022/08/30 17:55:31 schmonz Exp $ + +Apply upstream commit 0cb7bb4 to fall back to /dev/urandom on systems +where getentropy() is not present. + +--- randombytes.c.orig 2022-08-14 12:18:16.000000000 +0000 ++++ randombytes.c +@@ -1,30 +1,9 @@ +-/* +-version 20220222 +-*/ +- +-#include <unistd.h> +-#ifdef __APPLE__ +-#include <sys/random.h> +-#endif + #include "randombytes.h" + +-void randombytes(void *xv, long long xlen) { +- +- long long i; +- unsigned char *x = (unsigned char *) xv; +- +- while (xlen > 0) { +- if (xlen < 256) +- i = xlen; +- else +- i = 256; ++#ifdef randombytes_getentropy ++#include "randombytes.c-01getentropy" ++#endif + +- if (getentropy(x, i) == -1) { +- sleep(1); +- continue; +- } +- x += i; +- xlen -= i; +- } +- __asm__ __volatile__("" : : "r"(xv) : "memory"); +-} ++#ifdef randombytes_devurandom ++#include "randombytes.c-02devurandom" ++#endif diff --git a/security/tlswrapper/patches/patch-randombytes.c-01getentropy b/security/tlswrapper/patches/patch-randombytes.c-01getentropy new file mode 100644 index 00000000000..2611c19045b --- /dev/null +++ b/security/tlswrapper/patches/patch-randombytes.c-01getentropy @@ -0,0 +1,38 @@ +$NetBSD: patch-randombytes.c-01getentropy,v 1.1 2022/08/30 17:55:31 schmonz Exp $ + +Apply upstream commit 0cb7bb4 to fall back to /dev/urandom on systems +where getentropy() is not present. + +--- randombytes.c-01getentropy.orig 2022-08-30 17:47:01.000000000 +0000 ++++ randombytes.c-01getentropy +@@ -0,0 +1,30 @@ ++/* ++version 20220222 ++*/ ++ ++#include <unistd.h> ++#ifdef __APPLE__ ++#include <sys/random.h> ++#endif ++#include "randombytes.h" ++ ++void randombytes(void *xv, long long xlen) { ++ ++ long long i; ++ unsigned char *x = (unsigned char *) xv; ++ ++ while (xlen > 0) { ++ if (xlen < 256) ++ i = xlen; ++ else ++ i = 256; ++ ++ if (getentropy(x, i) == -1) { ++ sleep(1); ++ continue; ++ } ++ x += i; ++ xlen -= i; ++ } ++ __asm__ __volatile__("" : : "r"(xv) : "memory"); ++} diff --git a/security/tlswrapper/patches/patch-randombytes.c-02devurandom b/security/tlswrapper/patches/patch-randombytes.c-02devurandom new file mode 100644 index 00000000000..7f9557b3483 --- /dev/null +++ b/security/tlswrapper/patches/patch-randombytes.c-02devurandom @@ -0,0 +1,51 @@ +$NetBSD: patch-randombytes.c-02devurandom,v 1.1 2022/08/30 17:55:31 schmonz Exp $ + +Apply upstream commit 0cb7bb4 to fall back to /dev/urandom on systems +where getentropy() is not present. + +--- randombytes.c-02devurandom.orig 2022-08-30 17:47:01.000000000 +0000 ++++ randombytes.c-02devurandom +@@ -0,0 +1,43 @@ ++#include <sys/types.h> ++#include <sys/stat.h> ++#include <fcntl.h> ++#include <unistd.h> ++#include "randombytes.h" ++ ++static int fd = -1; ++ ++void randombytes(void *xv, long long xlen) { ++ ++ long long i; ++ unsigned char *x = xv; ++ ++ if (fd == -1) { ++ for (;;) { ++#ifdef O_CLOEXEC ++ fd = open("/dev/urandom", O_RDONLY | O_CLOEXEC); ++#else ++ fd = open("/dev/urandom", O_RDONLY); ++ fcntl(fd, F_SETFD, 1); ++#endif ++ if (fd != -1) break; ++ sleep(1); ++ } ++ } ++ ++ while (xlen > 0) { ++ if (xlen < 1048576) ++ i = xlen; ++ else ++ i = 1048576; ++ ++ i = read(fd, x, i); ++ if (i < 1) { ++ sleep(1); ++ continue; ++ } ++ ++ x += i; ++ xlen -= i; ++ } ++ __asm__ __volatile__("" : : "r"(xv) : "memory"); ++} diff --git a/security/tlswrapper/patches/patch-randombytes.h-01getentropy b/security/tlswrapper/patches/patch-randombytes.h-01getentropy new file mode 100644 index 00000000000..c52887a1a54 --- /dev/null +++ b/security/tlswrapper/patches/patch-randombytes.h-01getentropy @@ -0,0 +1,14 @@ +$NetBSD: patch-randombytes.h-01getentropy,v 1.1 2022/08/30 17:55:31 schmonz Exp $ + +Apply upstream commit 0cb7bb4 to fall back to /dev/urandom on systems +where getentropy() is not present. + +--- randombytes.h-01getentropy.orig 2022-08-14 12:18:16.000000000 +0000 ++++ randombytes.h-01getentropy +@@ -2,5 +2,6 @@ + #define _RANDOMBYTES_H____ + + extern void randombytes(void *, long long); ++#define randombytes_getentropy 1 + + #endif diff --git a/security/tlswrapper/patches/patch-randombytes.h-02devurandom b/security/tlswrapper/patches/patch-randombytes.h-02devurandom new file mode 100644 index 00000000000..7fc7348826b --- /dev/null +++ b/security/tlswrapper/patches/patch-randombytes.h-02devurandom @@ -0,0 +1,15 @@ +$NetBSD: patch-randombytes.h-02devurandom,v 1.1 2022/08/30 17:55:31 schmonz Exp $ + +Apply upstream commit 0cb7bb4 to fall back to /dev/urandom on systems +where getentropy() is not present. + +--- randombytes.h-02devurandom.orig 2022-08-30 17:47:01.000000000 +0000 ++++ randombytes.h-02devurandom +@@ -0,0 +1,7 @@ ++#ifndef _RANDOMBYTES_H____ ++#define _RANDOMBYTES_H____ ++ ++extern void randombytes(void *, long long); ++#define randombytes_devurandom 1 ++ ++#endif |