diff options
| author | Sergey S <sergey.solomakha@yahoo.com> | 2022-11-04 14:57:35 +0000 |
|---|---|---|
| committer | psykose <alice@ayaya.dev> | 2022-11-04 15:57:36 +0100 |
| commit | c927eec097096ac34b6cfc8fc48997e7fd0db013 (patch) | |
| tree | 7cec3b5d07c09a3e1a447b1530a54bbe6dae1e63 | |
| parent | d476f3b01add51ca67b0690e587d69119d7f8ca0 (diff) | |
main/openssh: always use compat getentropy
Have it call native getentropy and fall back as required. Should fix
issues of platforms where libc has getentropy but it is not implemented
in the kernel.
see: https://github.com/openssh/openssh-portable/pull/354
| -rw-r--r-- | main/openssh/APKBUILD | 4 | ||||
| -rw-r--r-- | main/openssh/fix-always-use-compat-getentropy.patch | 70 |
2 files changed, 73 insertions, 1 deletions
diff --git a/main/openssh/APKBUILD b/main/openssh/APKBUILD index f5a63e5ffb6..9f4dff0ac36 100644 --- a/main/openssh/APKBUILD +++ b/main/openssh/APKBUILD @@ -5,7 +5,7 @@ pkgname=openssh pkgver=9.1_p1 _myver=${pkgver%_*}${pkgver#*_} -pkgrel=0 +pkgrel=1 pkgdesc="Port of OpenBSD's free SSH release" url="https://www.openssh.com/portable.html" arch="all" @@ -53,6 +53,7 @@ source="https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-$_myver.tar avoid-redefined-warnings-when-building-with-utmps.patch gss-serv.c.patch default-internal-sftp.patch + fix-always-use-compat-getentropy.patch sshd.initd sshd.confd @@ -281,6 +282,7 @@ b0d1fc89bd46ebfc8c7c00fd897732e67a6cda996811c14d99392685bb0b508b52c9dc3188b1a84c e85754b2b6c4c37b432d166e63d6293e58c9c8bb6ebd8d3527c83afa2337f14c06d6a4e008ffcc0afd7dc3409e960b89c1dde41d2543c4be7d4813d477ff3a5e avoid-redefined-warnings-when-building-with-utmps.patch f659641b841981f78b03281b7a01add9fbf35b91c0f21c11335a56d7e389ddf965d83d18d73b724385311cdb597b6d6c46446cbc702cdd4d15e8f43591306cb3 gss-serv.c.patch 1fb55aae445dfd9ededeba1f204a0c3e4a752128ad0a388f473ace074e68b040112f309192243621fd4f16b0d1cce4f083612b1639c3e18166abf92babe52c93 default-internal-sftp.patch +6af82768322c848a769ccba97d3cc247384e783cb9f3985983c78b92af8a805937bc1334c58f58348d5638fcf36699476b51332e0c6482ec49471f117036525f fix-always-use-compat-getentropy.patch 50e407d72bfafc7fb276a1e56b1701f8cd91dfcbad2304bec516d69fc5e8334857ef96510dff76d0c407f29955dc2b18570d6f7b557688ceb641280f8279af83 sshd.initd be7dd5f6d319b2e03528525a66a58310d43444606713786b913a17a0fd9311869181d0fb7927a185d71d392674857dea3c97b6b8284886227d47b36193471a09 sshd.confd " diff --git a/main/openssh/fix-always-use-compat-getentropy.patch b/main/openssh/fix-always-use-compat-getentropy.patch new file mode 100644 index 00000000000..140e62b454e --- /dev/null +++ b/main/openssh/fix-always-use-compat-getentropy.patch @@ -0,0 +1,70 @@ +Patch-Source: https://github.com/openssh/openssh-portable/commit/da6038bd5cd55eb212eb2aec1fc8ae79bbf76156 +diff --git a/openbsd-compat/arc4random.c b/openbsd-compat/arc4random.c +index 02f15f9c..ffd33734 100644 +--- a/openbsd-compat/arc4random.c ++++ b/openbsd-compat/arc4random.c +@@ -44,13 +44,15 @@ + #ifndef HAVE_ARC4RANDOM + + /* +- * If we're not using a native getentropy, use the one from bsd-getentropy.c +- * under a different name, so that if in future these binaries are run on +- * a system that has a native getentropy OpenSSL cannot call the wrong one. ++ * Always use the getentropy implementation from bsd-getentropy.c, which ++ * will call a native getentropy if available then fall back as required. ++ * We use a different name so that OpenSSL cannot call the wrong getentropy. + */ +-#ifndef HAVE_GETENTROPY +-# define getentropy(x, y) (_ssh_compat_getentropy((x), (y))) ++int _ssh_compat_getentropy(void *, size_t); ++#ifdef getentropy ++# undef getentropy + #endif ++#define getentropy(x, y) (_ssh_compat_getentropy((x), (y))) + + #include "log.h" + +diff --git a/openbsd-compat/bsd-getentropy.c b/openbsd-compat/bsd-getentropy.c +index bd4b6695..554dfad7 100644 +--- a/openbsd-compat/bsd-getentropy.c ++++ b/openbsd-compat/bsd-getentropy.c +@@ -18,8 +18,6 @@ + + #include "includes.h" + +-#ifndef HAVE_GETENTROPY +- + #ifndef SSH_RANDOM_DEV + # define SSH_RANDOM_DEV "/dev/urandom" + #endif /* SSH_RANDOM_DEV */ +@@ -52,6 +50,10 @@ _ssh_compat_getentropy(void *s, size_t len) + ssize_t r; + size_t o = 0; + ++#ifdef HAVE_GETENTROPY ++ if (r = getentropy(s, len) == 0) ++ return 0; ++#endif /* HAVE_GETENTROPY */ + #ifdef HAVE_GETRANDOM + if ((r = getrandom(s, len, 0)) > 0 && (size_t)r == len) + return 0; +@@ -79,4 +81,3 @@ _ssh_compat_getentropy(void *s, size_t len) + #endif /* WITH_OPENSSL */ + return 0; + } +-#endif /* WITH_GETENTROPY */ +diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h +index 4af207cd..8f815090 100644 +--- a/openbsd-compat/openbsd-compat.h ++++ b/openbsd-compat/openbsd-compat.h +@@ -69,10 +69,6 @@ void closefrom(int); + int ftruncate(int filedes, off_t length); + #endif + +-#if defined(HAVE_DECL_GETENTROPY) && HAVE_DECL_GETENTROPY == 0 +-int _ssh_compat_getentropy(void *, size_t); +-#endif +- + #ifndef HAVE_GETLINE + #include <stdio.h> + ssize_t getline(char **, size_t *, FILE *); |