diff options
| author | johans <johans@FreeBSD.org> | 2015-04-19 22:33:53 +0800 |
|---|---|---|
| committer | johans <johans@FreeBSD.org> | 2015-04-19 22:33:53 +0800 |
| commit | 8e4ee5bd946747ad968d4e2c96d3a6fa0149fdff (patch) | |
| tree | 174dce863e82f7fef63edd27dfd5b2e290bb634d /security | |
| parent | 49da5f40c4d288a2d0b163eeee76e1e529fd8747 (diff) | |
| download | freebsd-ports-gnome-8e4ee5bd946747ad968d4e2c96d3a6fa0149fdff.tar.gz freebsd-ports-gnome-8e4ee5bd946747ad968d4e2c96d3a6fa0149fdff.tar.zst freebsd-ports-gnome-8e4ee5bd946747ad968d4e2c96d3a6fa0149fdff.zip | |
security/tlswrap unconditionally relies on RAND_egd which makes building fail with LibreSSL which has removed EGD. FreeBSD does not require EGD at all, /dev/random has been available since FreeBSD 4.2
This patch checks for the existence of RAND_egd in libcrypto and disables the code using egd when it is not available.
The default build remains unchanged
PR: 198767
Submitted by: Bernard Spil <spil.oss@gmail.com>
Diffstat (limited to 'security')
| -rw-r--r-- | security/tlswrap/files/patch-conf.h.in | 12 | ||||
| -rw-r--r-- | security/tlswrap/files/patch-configure | 81 | ||||
| -rw-r--r-- | security/tlswrap/files/patch-configure.in | 9 | ||||
| -rw-r--r-- | security/tlswrap/files/patch-tls.c | 15 |
4 files changed, 117 insertions, 0 deletions
diff --git a/security/tlswrap/files/patch-conf.h.in b/security/tlswrap/files/patch-conf.h.in new file mode 100644 index 000000000000..0ea13a676be5 --- /dev/null +++ b/security/tlswrap/files/patch-conf.h.in @@ -0,0 +1,12 @@ +--- conf.h.in.orig 2015-04-19 16:22:45.000000000 +0200 ++++ conf.h.in 2015-04-19 16:22:41.000000000 +0200 +@@ -45,6 +45,9 @@ + /* Define to 1 if you have the `RAND_status' function. */ + #undef HAVE_RAND_STATUS + ++/* Define to 1 if you have the `RAND_egd' function. */ ++#undef HAVE_RAND_EGD ++ + /* Define to 1 if you have the `setproctitle' function. */ + #undef HAVE_SETPROCTITLE + diff --git a/security/tlswrap/files/patch-configure b/security/tlswrap/files/patch-configure new file mode 100644 index 000000000000..805dcf49a772 --- /dev/null +++ b/security/tlswrap/files/patch-configure @@ -0,0 +1,81 @@ +--- configure.orig 2006-11-25 19:52:04.000000000 +0100 ++++ configure 2015-04-19 15:53:43.000000000 +0200 +@@ -4519,6 +4519,78 @@ _ACEOF + fi + done + ++echo "$as_me:$LINENO: checking for RAND_egd in -lcrypto" >&5 ++echo $ECHO_N "checking for RAND_egd in -lcrypto... $ECHO_C" >&6 ++if test "${ac_cv_lib_crypto_RAND_egd+set}" = set; then ++ echo $ECHO_N "(cached) $ECHO_C" >&6 ++else ++ ac_check_lib_save_LIBS=$LIBS ++LIBS="-lcrypto $LIBS" ++cat >conftest.$ac_ext <<_ACEOF ++/* confdefs.h. */ ++_ACEOF ++cat confdefs.h >>conftest.$ac_ext ++cat >>conftest.$ac_ext <<_ACEOF ++/* end confdefs.h. */ ++ ++/* Override any gcc2 internal prototype to avoid an error. */ ++#ifdef __cplusplus ++extern "C" ++#endif ++/* We use char because int might match the return type of a gcc2 ++ builtin and then its argument prototype would still apply. */ ++char RAND_egd (); ++int ++main () ++{ ++RAND_egd (); ++ ; ++ return 0; ++} ++_ACEOF ++rm -f conftest.$ac_objext conftest$ac_exeext ++if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 ++ (eval $ac_link) 2>conftest.er1 ++ ac_status=$? ++ grep -v '^ *+' conftest.er1 >conftest.err ++ rm -f conftest.er1 ++ cat conftest.err >&5 ++ echo "$as_me:$LINENO: \$? = $ac_status" >&5 ++ (exit $ac_status); } && ++ { ac_try='test -z "$ac_c_werror_flag" ++ || test ! -s conftest.err' ++ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 ++ (eval $ac_try) 2>&5 ++ ac_status=$? ++ echo "$as_me:$LINENO: \$? = $ac_status" >&5 ++ (exit $ac_status); }; } && ++ { ac_try='test -s conftest$ac_exeext' ++ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 ++ (eval $ac_try) 2>&5 ++ ac_status=$? ++ echo "$as_me:$LINENO: \$? = $ac_status" >&5 ++ (exit $ac_status); }; }; then ++ ac_cv_lib_crypto_RAND_egd=yes ++else ++ echo "$as_me: failed program was:" >&5 ++sed 's/^/| /' conftest.$ac_ext >&5 ++ ++ac_cv_lib_crypto_RAND_egd=no ++fi ++rm -f conftest.err conftest.$ac_objext \ ++ conftest$ac_exeext conftest.$ac_ext ++LIBS=$ac_check_lib_save_LIBS ++fi ++echo "$as_me:$LINENO: result: $ac_cv_lib_crypto_RAND_egd" >&5 ++echo "${ECHO_T}$ac_cv_lib_crypto_RAND_egd" >&6 ++if test $ac_cv_lib_crypto_RAND_egd = yes; then ++ ++cat >>confdefs.h <<\_ACEOF ++#define HAVE_RAND_EGD 1 ++_ACEOF ++ ++fi ++ + + ac_config_files="$ac_config_files Makefile" + cat >confcache <<\_ACEOF diff --git a/security/tlswrap/files/patch-configure.in b/security/tlswrap/files/patch-configure.in new file mode 100644 index 000000000000..a8082ef2211f --- /dev/null +++ b/security/tlswrap/files/patch-configure.in @@ -0,0 +1,9 @@ +--- configure.in.orig 2015-04-19 16:17:12.000000000 +0200 ++++ configure.in 2015-04-19 16:17:24.000000000 +0200 +@@ -113,5 +113,6 @@ esac + dnl Checks for library functions. + AC_FUNC_MEMCMP + AC_CHECK_FUNCS(getopt pidfile inet_aton RAND_status errx strlcpy daemon getnameinfo setproctitle) ++AC_CHECK_LIB(crypto, RAND_egd, AC_DEFINE(HAVE_RAND_EGD, 1, [Define if the libcrypto has RAND_egd])) + AC_SUBST(INCLUDES) + AC_OUTPUT(Makefile) diff --git a/security/tlswrap/files/patch-tls.c b/security/tlswrap/files/patch-tls.c new file mode 100644 index 000000000000..88ad908c33cc --- /dev/null +++ b/security/tlswrap/files/patch-tls.c @@ -0,0 +1,15 @@ +--- tls.c.orig 2006-11-25 19:52:08.000000000 +0100 ++++ tls.c 2015-04-19 15:53:43.000000000 +0200 +@@ -73,10 +73,12 @@ void tls_init(char *egd_sock) { + printf("egd_sock is %s\n", egd_sock); + #ifdef HAVE_RAND_STATUS + if (RAND_status() != 1) { ++#ifdef HAVE_RAND_EGD + if ( RAND_egd(egd_sock) == -1 ) { + fprintf(stderr, "egd_sock is %s\n", egd_sock); + sys_err("RAND_egd failed\n"); + } ++#endif + if (RAND_status() != 1) + sys_err("ssl_init: System without /dev/urandom, PRNG seeding must be done manually.\r\n"); + } |