From fc5063445047789d0e84839f2f0c4ca9a5305737 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Arkadiusz=20Mi=C5=9Bkiewicz?= Date: Wed, 11 Jan 2017 17:20:29 +0100 Subject: [PATCH] - don't use getentropy on glibc 2.25 (because there are no fallbacks) --- python-no-getentropy.patch | 35 +++++++++++++++++++++++++++++++++++ python.spec | 3 +++ 2 files changed, 38 insertions(+) create mode 100644 python-no-getentropy.patch diff --git a/python-no-getentropy.patch b/python-no-getentropy.patch new file mode 100644 index 0000000..35977a5 --- /dev/null +++ b/python-no-getentropy.patch @@ -0,0 +1,35 @@ + +# HG changeset patch +# User Victor Stinner +# Date 1483956641 -3600 +# Node ID 13a39142c0473ecb64fcd4b12a915025df6e4310 +# Parent cb4f73be9486d47f1dc4285998d1532d8857c59e +Don't use getentropy() on Linux + +Issue #29188: Support glibc 2.24 on Linux: don't use getentropy() function but +read from /dev/urandom to get random bytes, for example in os.urandom(). On +Linux, getentropy() is implemented which getrandom() is blocking mode, whereas +os.urandom() should not block. + +diff --git a/Python/random.c b/Python/random.c +--- a/Python/random.c ++++ b/Python/random.c +@@ -97,8 +97,15 @@ win32_urandom(unsigned char *buffer, Py_ + } + + /* Issue #25003: Don't use getentropy() on Solaris (available since +- * Solaris 11.3), it is blocking whereas os.urandom() should not block. */ +-#elif defined(HAVE_GETENTROPY) && !defined(sun) ++ Solaris 11.3), it is blocking whereas os.urandom() should not block. ++ ++ Issue #29188: Don't use getentropy() on Linux since the glibc 2.24 ++ implements it with the getrandom() syscall which can fail with ENOSYS, ++ and this error is not supported in py_getentropy() and getrandom() is called ++ with flags=0 which blocks until system urandom is initialized, which is not ++ the desired behaviour to seed the Python hash secret nor for os.urandom(): ++ see the PEP 524 which was only implemented in Python 3.6. */ ++#elif defined(HAVE_GETENTROPY) && !defined(sun) && !defined(linux) + #define PY_GETENTROPY 1 + + /* Fill buffer with size pseudo-random bytes generated by getentropy(). + diff --git a/python.spec b/python.spec index 10b34c1..40f562c 100644 --- a/python.spec +++ b/python.spec @@ -63,6 +63,8 @@ Patch8: %{name}-bdist_rpm.patch # https://bugs.python.org/issue10496 Patch9: https://bugs.python.org/file21896/nonexistent_user.patch # Patch9-md5: db706fbe6de467c6e4c97c675eddf29a +# https://hg.python.org/cpython/rev/13a39142c047 +Patch10: %{name}-no-getentropy.patch URL: https://www.python.org/ BuildRequires: autoconf >= 2.65 BuildRequires: automake @@ -587,6 +589,7 @@ napisanego w Pythonie. %patch7 -p1 %patch8 -p1 %patch9 -p1 +%patch10 -p1 tar xjf %{SOURCE1} -- 2.44.0