pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/security/tlswrapper Apply upstream commit 0cb7bb4 to f...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/c5d81c2c29af
branches:  trunk
changeset: 384306:c5d81c2c29af
user:      schmonz <schmonz%pkgsrc.org@localhost>
date:      Tue Aug 30 17:55:31 2022 +0000

description:
Apply upstream commit 0cb7bb4 to fall back to /dev/urandom on systems
where getentropy() is not present. Bump PKGREVISION.

diffstat:

 security/tlswrapper/Makefile                                 |   7 +-
 security/tlswrapper/distinfo                                 |  10 +-
 security/tlswrapper/patches/patch-Makefile                   |  28 +++-
 security/tlswrapper/patches/patch-makefilegen.sh             |  78 ++++++++++++
 security/tlswrapper/patches/patch-randombytes.c              |  44 ++++++
 security/tlswrapper/patches/patch-randombytes.c-01getentropy |  38 +++++
 security/tlswrapper/patches/patch-randombytes.c-02devurandom |  51 +++++++
 security/tlswrapper/patches/patch-randombytes.h-01getentropy |  14 ++
 security/tlswrapper/patches/patch-randombytes.h-02devurandom |  15 ++
 9 files changed, 279 insertions(+), 6 deletions(-)

diffs (truncated from 349 to 300 lines):

diff -r c4c52be08e9b -r c5d81c2c29af security/tlswrapper/Makefile
--- a/security/tlswrapper/Makefile      Tue Aug 30 17:47:50 2022 +0000
+++ b/security/tlswrapper/Makefile      Tue Aug 30 17:55:31 2022 +0000
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.4 2022/08/25 18:05:37 schmonz Exp $
+# $NetBSD: Makefile,v 1.5 2022/08/30 17:55:31 schmonz Exp $
 
 DISTNAME=              ${GITHUB_PROJECT}
 PKGNAME=               ${GITHUB_PROJECT}-${GITHUB_TAG}
+PKGREVISION=           1
 CATEGORIES=            security net
 MASTER_SITES=          ${MASTER_SITE_GITHUB:=janmojzis/}
 GITHUB_PROJECT=                tlswrapper
@@ -22,6 +23,10 @@
 
 INSTALLATION_DIRS=     bin man/man1 share/examples/${PKGBASE}
 
+post-extract:
+       cd ${WRKSRC};                                                   \
+       ${MV} -f randombytes.h randombytes.h-01getentropy
+
 do-install:
        cd ${WRKSRC};                                                   \
        ${INSTALL_DATA} examples.md \
diff -r c4c52be08e9b -r c5d81c2c29af security/tlswrapper/distinfo
--- a/security/tlswrapper/distinfo      Tue Aug 30 17:47:50 2022 +0000
+++ b/security/tlswrapper/distinfo      Tue Aug 30 17:55:31 2022 +0000
@@ -1,6 +1,12 @@
-$NetBSD: distinfo,v 1.4 2022/08/25 18:05:37 schmonz Exp $
+$NetBSD: distinfo,v 1.5 2022/08/30 17:55:31 schmonz Exp $
 
 BLAKE2s (tlswrapper-20220814.tar.gz) = 5ce956397f0639bd400643b74d809f2e074c60511f02dd376dbabafbb66f561f
 SHA512 (tlswrapper-20220814.tar.gz) = f9c0e1b368a634390b6e2fe1092084ebecbe5c4f3892a4ef1dfaf40fce7058b60bfd513ac94693c1eb82cd859b52c84935520770cbf48b195d408bd0e8c4b58e
 Size (tlswrapper-20220814.tar.gz) = 248914 bytes
-SHA1 (patch-Makefile) = 72fb81a5224e3c363d7a61dec17ea61d7d99879b
+SHA1 (patch-Makefile) = 8c531e8b0a42b43b3555e5b95caeec53d3326ef5
+SHA1 (patch-makefilegen.sh) = dfa45f414f0f22e58a39d7bf4a0c32b104876f23
+SHA1 (patch-randombytes.c) = b6d945c69bf67a2040028b3d654582dda4ac7965
+SHA1 (patch-randombytes.c-01getentropy) = b3518de0561393ef6b0f3c820a7142c233689d65
+SHA1 (patch-randombytes.c-02devurandom) = ec8fcff0d126ff794958e29716cf2b2312ac604d
+SHA1 (patch-randombytes.h-01getentropy) = ad16c4556bf3b32f82314b6dd93eb6bf3e65a67a
+SHA1 (patch-randombytes.h-02devurandom) = 96fd1ab08f0e999e718962466009784e1137cfc1
diff -r c4c52be08e9b -r c5d81c2c29af security/tlswrapper/patches/patch-Makefile
--- a/security/tlswrapper/patches/patch-Makefile        Tue Aug 30 17:47:50 2022 +0000
+++ b/security/tlswrapper/patches/patch-Makefile        Tue Aug 30 17:55:31 2022 +0000
@@ -1,10 +1,26 @@
-$NetBSD: patch-Makefile,v 1.1 2022/01/04 22:10:37 schmonz Exp $
+$NetBSD: patch-Makefile,v 1.2 2022/08/30 17:55:31 schmonz Exp $
 
 Do not consider building a local copy of BearSSL.
+Apply upstream commit 0cb7bb4 to fall back to /dev/urandom on systems
+where getentropy() is not present.
 
---- Makefile.orig      2021-12-28 05:36:39.000000000 +0000
+--- Makefile.orig      2022-08-14 12:18:16.000000000 +0000
 +++ Makefile
-@@ -227,9 +227,6 @@ tlswrapper-test: tlswrapper-test.o $(OBJ
+@@ -10,6 +10,13 @@ BINARIES+=tlswrapper-test
+ 
+ all: bearssl $(BINARIES) tlswrapper-tcp tlswrapper-smtp
+ 
++randombytes.h:
++      (grep -v "randombytes.h" "randombytes.c-01getentropy"; echo "int main() {}";) > try.c
++      [ ! -f randombytes.h ] && $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o try try.c && cat randombytes.h-01getentropy > randombytes.h || :
++      (grep -v "randombytes.h" "randombytes.c-02devurandom"; echo "int main() {}";) > try.c
++      [ ! -f randombytes.h ] && $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o try try.c && cat randombytes.h-02devurandom > randombytes.h || :
++      rm try.c try
++
+ alloc.o: alloc.c log.h alloc.h
+       $(CC) $(CFLAGS) $(CPPFLAGS) -c alloc.c
+ 
+@@ -267,9 +274,6 @@ tlswrapper-test: tlswrapper-test.o $(OBJ
  
  
  bearssl:
@@ -14,3 +30,9 @@
        mkdir -p bearssl/inc
  
  tlswrapper-tcp: tlswrapper
+@@ -296,4 +300,5 @@ test: bearssl $(BINARIES) tlswrapper-tcp
+ 
+ clean:
+       rm -f *.o *.out $(BINARIES) tlswrapper-tcp tlswrapper-smtp
++      rm -f randombytes.h
+ 
diff -r c4c52be08e9b -r c5d81c2c29af security/tlswrapper/patches/patch-makefilegen.sh
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/tlswrapper/patches/patch-makefilegen.sh  Tue Aug 30 17:55:31 2022 +0000
@@ -0,0 +1,78 @@
+$NetBSD: patch-makefilegen.sh,v 1.1 2022/08/30 17:55:31 schmonz Exp $
+
+Apply upstream commit 0cb7bb4 to fall back to /dev/urandom on systems
+where getentropy() is not present.
+
+--- makefilegen.sh.orig        2022-08-14 12:18:16.000000000 +0000
++++ makefilegen.sh
+@@ -9,6 +9,7 @@
+     echo "DESTDIR?="
+     echo 
+ 
++    # binaries
+     i=0
+     for file in `ls *.c`; do
+       if grep '^int main(' "${file}" >/dev/null; then
+@@ -23,18 +24,40 @@
+     done
+     echo
+ 
++    # portable
++    headers=`ls *.c-* | sed 's/\.c-.*/.h/' | sort -u`
++
+     echo "all: bearssl \$(BINARIES) tlswrapper-tcp tlswrapper-smtp"
+     echo 
+ 
++    for hfile in "${headers}"; do
++      echo "${hfile}:"
++      ls "${hfile}-"* \
++      | sort \
++      | while read hhfile
++      do
++        ccfile=`echo ${hhfile} | sed 's/\.h-/.c-/'`
++        echo "        (grep -v \"${hfile}\" \"${ccfile}\"; echo \"int main() {}\";) > try.c"
++        echo "        [ ! -f ${hfile} ] && \$(CC) \$(CFLAGS) \$(CPPFLAGS) \$(LDFLAGS) -o try try.c && cat ${hhfile} > ${hfile} || :"
++      done
++      echo "  rm try.c try"
++      touch "${hfile}"
++    done
++    echo
++
++
+     for file in `ls *.c`; do
+       (
+-        #gcc -I/usr/include/bearssl -MM "${file}"
+         gcc -MM "${file}"
+         echo "        \$(CC) \$(CFLAGS) \$(CPPFLAGS) -c ${file}"
+         echo
+       )
+     done
+ 
++    for hfile in "${headers}"; do
++      rm -f "${hfile}"
++    done
++
+     i=0
+     for file in `ls *.c`; do
+       if ! grep '^int main(' "${file}" >/dev/null; then
+@@ -61,8 +84,8 @@
+ 
+     echo "bearssl:"
+     echo "    echo 'int main(){}' > try.c"
+-    echo "    \$(CC) \$(CFLAGS) \$(CPPFLAGS) -o try.o \$(LDFLAGS) try.c || (sh bearssl.sh; cd bearssl; make; rm build/*.so; )"
+-    echo "    rm -f try.o try.c"
++    echo "    \$(CC) \$(CFLAGS) \$(CPPFLAGS) \$(LDFLAGS) -o try try.c || (sh bearssl.sh; cd bearssl; make; rm build/*.so; )"
++    echo "    rm -f try.c try"
+     echo "    mkdir -p bearssl/inc"
+     echo
+ 
+@@ -94,6 +117,9 @@
+ 
+     echo "clean:"
+     echo "    rm -f *.o *.out \$(BINARIES) tlswrapper-tcp tlswrapper-smtp"
++    for hfile in "${headers}"; do
++      echo "  rm -f ${hfile}"
++    done
+     echo 
+ 
+   ) > Makefile
diff -r c4c52be08e9b -r c5d81c2c29af security/tlswrapper/patches/patch-randombytes.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/tlswrapper/patches/patch-randombytes.c   Tue Aug 30 17:55:31 2022 +0000
@@ -0,0 +1,44 @@
+$NetBSD: patch-randombytes.c,v 1.1 2022/08/30 17:55:31 schmonz Exp $
+
+Apply upstream commit 0cb7bb4 to fall back to /dev/urandom on systems
+where getentropy() is not present.
+
+--- randombytes.c.orig 2022-08-14 12:18:16.000000000 +0000
++++ randombytes.c
+@@ -1,30 +1,9 @@
+-/*
+-version 20220222
+-*/
+-
+-#include <unistd.h>
+-#ifdef __APPLE__
+-#include <sys/random.h>
+-#endif
+ #include "randombytes.h"
+ 
+-void randombytes(void *xv, long long xlen) {
+-
+-    long long i;
+-    unsigned char *x = (unsigned char *) xv;
+-
+-    while (xlen > 0) {
+-        if (xlen < 256)
+-            i = xlen;
+-        else
+-            i = 256;
++#ifdef randombytes_getentropy
++#include "randombytes.c-01getentropy"
++#endif
+ 
+-        if (getentropy(x, i) == -1) {
+-            sleep(1);
+-            continue;
+-        }
+-        x += i;
+-        xlen -= i;
+-    }
+-    __asm__ __volatile__("" : : "r"(xv) : "memory");
+-}
++#ifdef randombytes_devurandom
++#include "randombytes.c-02devurandom"
++#endif
diff -r c4c52be08e9b -r c5d81c2c29af security/tlswrapper/patches/patch-randombytes.c-01getentropy
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/tlswrapper/patches/patch-randombytes.c-01getentropy      Tue Aug 30 17:55:31 2022 +0000
@@ -0,0 +1,38 @@
+$NetBSD: patch-randombytes.c-01getentropy,v 1.1 2022/08/30 17:55:31 schmonz Exp $
+
+Apply upstream commit 0cb7bb4 to fall back to /dev/urandom on systems
+where getentropy() is not present.
+
+--- randombytes.c-01getentropy.orig    2022-08-30 17:47:01.000000000 +0000
++++ randombytes.c-01getentropy
+@@ -0,0 +1,30 @@
++/*
++version 20220222
++*/
++
++#include <unistd.h>
++#ifdef __APPLE__
++#include <sys/random.h>
++#endif
++#include "randombytes.h"
++
++void randombytes(void *xv, long long xlen) {
++
++    long long i;
++    unsigned char *x = (unsigned char *) xv;
++
++    while (xlen > 0) {
++        if (xlen < 256)
++            i = xlen;
++        else
++            i = 256;
++
++        if (getentropy(x, i) == -1) {
++            sleep(1);
++            continue;
++        }
++        x += i;
++        xlen -= i;
++    }
++    __asm__ __volatile__("" : : "r"(xv) : "memory");
++}
diff -r c4c52be08e9b -r c5d81c2c29af security/tlswrapper/patches/patch-randombytes.c-02devurandom
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/tlswrapper/patches/patch-randombytes.c-02devurandom      Tue Aug 30 17:55:31 2022 +0000
@@ -0,0 +1,51 @@
+$NetBSD: patch-randombytes.c-02devurandom,v 1.1 2022/08/30 17:55:31 schmonz Exp $
+
+Apply upstream commit 0cb7bb4 to fall back to /dev/urandom on systems
+where getentropy() is not present.
+
+--- randombytes.c-02devurandom.orig    2022-08-30 17:47:01.000000000 +0000
++++ randombytes.c-02devurandom
+@@ -0,0 +1,43 @@
++#include <sys/types.h>
++#include <sys/stat.h>
++#include <fcntl.h>
++#include <unistd.h>
++#include "randombytes.h"
++
++static int fd = -1;
++
++void randombytes(void *xv, long long xlen) {
++
++    long long i;
++    unsigned char *x = xv;
++
++    if (fd == -1) {
++        for (;;) {
++#ifdef O_CLOEXEC
++            fd = open("/dev/urandom", O_RDONLY | O_CLOEXEC);
++#else
++            fd = open("/dev/urandom", O_RDONLY);
++            fcntl(fd, F_SETFD, 1);
++#endif
++            if (fd != -1) break;
++            sleep(1);
++        }
++    }
++
++    while (xlen > 0) {
++        if (xlen < 1048576)
++            i = xlen;
++        else
++            i = 1048576;



Home | Main Index | Thread Index | Old Index