libressl: enable FAIL_INSTEAD_OF_TRYING_FALLBACK in getentropy_linux.c.
This commit is contained in:
parent
d26ac8be91
commit
1f0e971e32
|
@ -0,0 +1,21 @@
|
||||||
|
<chris2> so, current flow for getentropy is
|
||||||
|
<chris2> 1) use SYS_getrandom if it exists (true on glibc and musl)
|
||||||
|
<chris2> 2) use /dev/urandom
|
||||||
|
<chris2> 3) use sysctl (glibc only)
|
||||||
|
<chris2> 4) use terrible fallback
|
||||||
|
<chris2> and with a one-line patch it can instead kill itself after 3
|
||||||
|
<chris2> so that should only affect processes running without /dev/urandom on old kernels
|
||||||
|
<chris2> probably no harm else
|
||||||
|
<xtraeme> +1
|
||||||
|
|
||||||
|
--- crypto/compat/getentropy_linux.c.orig
|
||||||
|
+++ crypto/compat/getentropy_linux.c
|
||||||
|
@@ -162,7 +162,7 @@
|
||||||
|
* sysctl ABI, or consider providing a new failsafe API which
|
||||||
|
* works in a chroot or when file descriptors are exhausted.
|
||||||
|
*/
|
||||||
|
-#undef FAIL_INSTEAD_OF_TRYING_FALLBACK
|
||||||
|
+#define FAIL_INSTEAD_OF_TRYING_FALLBACK
|
||||||
|
#ifdef FAIL_INSTEAD_OF_TRYING_FALLBACK
|
||||||
|
raise(SIGKILL);
|
||||||
|
#endif
|
|
@ -1,7 +1,7 @@
|
||||||
# Template file for 'libressl'
|
# Template file for 'libressl'
|
||||||
pkgname=libressl
|
pkgname=libressl
|
||||||
version=2.2.4
|
version=2.2.4
|
||||||
revision=3
|
revision=4
|
||||||
bootstrap=yes
|
bootstrap=yes
|
||||||
build_style=gnu-configure
|
build_style=gnu-configure
|
||||||
short_desc="Version of the TLS/crypto stack forked from OpenSSL"
|
short_desc="Version of the TLS/crypto stack forked from OpenSSL"
|
||||||
|
|
Loading…
Reference in New Issue
Block a user