python: Don't use getentropy on Linux

Backport a patch from 2.7 branch to fix a regression with glibc 2.24 causing "OSError: [Errno 38] Function not implemented" when calling urandom() with older kernels. (From OE-Core rev: 3f2be1c857a44030478ce25b4a722667b73de446) Signed-off-by: Andreas Oberritter <obi@opendreambox.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Andreas Oberritter <obi@opendreambox.org> 2017-02-08 00:48:54 +0100
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2017-02-15 20:06:41 -0800
commit: 4dfa203a65598b4aeea8b308b598d2edce6eef30 (patch)
tree: 88613fe5c801976f1c91ab88e3d0050b20d83781 /meta/recipes-devtools/python
parent: 5ca7184552b35a80a0d78f06e2264502144c1faf (diff)
download: poky-4dfa203a65598b4aeea8b308b598d2edce6eef30.tar.gz
2 files changed, 42 insertions, 0 deletions
diff --git a/meta/recipes-devtools/python/python/Don-t-use-getentropy-on-Linux.patch b/meta/recipes-devtools/python/python/Don-t-use-getentropy-on-Linux.patch
new file mode 100644
index 0000000000..38e53778dc
--- /dev/null
+++ b/meta/recipes-devtools/python/python/Don-t-use-getentropy-on-Linux.patch
@@ -0,0 +1,41 @@
+Upstream-Status: Backport
+Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
+From 905d1b30ac7cb0e31c57cec0533825c8f170b942 Mon Sep 17 00:00:00 2001
+From: Victor Stinner <victor.stinner@gmail.com>
+Date: Mon, 9 Jan 2017 11:10:41 +0100
+Subject: [PATCH] Don't use getentropy() on Linux
+Issue #29188: Support glibc 2.24 on Linux: don't use getentropy() function but
+read from /dev/urandom to get random bytes, for example in os.urandom().  On
+Linux, getentropy() is implemented which getrandom() is blocking mode, whereas
+os.urandom() should not block.
+(cherry picked from commit 2687486756721e39164fa9f597e468c35d495227)
+---
+ Python/random.c | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+diff --git a/Python/random.c b/Python/random.c
+index b4bc1f3..f3f5d14 100644
+--- a/Python/random.c
+++ b/Python/random.c
+@@ -94,8 +94,15 @@ win32_urandom(unsigned char *buffer, Py_ssize_t size, int raise)
+ }
+ 
+ /* Issue #25003: Don't use getentropy() on Solaris (available since
+- * Solaris 11.3), it is blocking whereas os.urandom() should not block. */
+-#elif defined(HAVE_GETENTROPY) && !defined(sun)
+   Solaris 11.3), it is blocking whereas os.urandom() should not block.
+
+   Issue #29188: Don't use getentropy() on Linux since the glibc 2.24
+   implements it with the getrandom() syscall which can fail with ENOSYS,
+   and this error is not supported in py_getentropy() and getrandom() is called
+   with flags=0 which blocks until system urandom is initialized, which is not
+   the desired behaviour to seed the Python hash secret nor for os.urandom():
+   see the PEP 524 which was only implemented in Python 3.6. */
+#elif defined(HAVE_GETENTROPY) && !defined(sun) && !defined(linux)
+ #define PY_GETENTROPY 1
+ 
+ /* Fill buffer with size pseudo-random bytes generated by getentropy().
diff --git a/meta/recipes-devtools/python/python_2.7.12.bb b/meta/recipes-devtools/python/python_2.7.12.bb
index 9fe35db2de..2c6a3194a2 100644
--- a/meta/recipes-devtools/python/python_2.7.12.bb
+++ b/meta/recipes-devtools/python/python_2.7.12.bb
@@ -27,6 +27,7 @@ SRC_URI += "\
  file://use_sysroot_ncurses_instead_of_host.patch \
  file://add-CROSSPYTHONPATH-for-PYTHON_FOR_BUILD.patch \
  file://python-fix-CVE-2016-1000110.patch \
+  file://Don-t-use-getentropy-on-Linux.patch \
 "
 S = "${WORKDIR}/Python-${PV}"
author	Andreas Oberritter <obi@opendreambox.org>	2017-02-08 00:48:54 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2017-02-15 20:06:41 -0800
commit	4dfa203a65598b4aeea8b308b598d2edce6eef30 (patch)
tree	88613fe5c801976f1c91ab88e3d0050b20d83781 /meta/recipes-devtools/python
parent	5ca7184552b35a80a0d78f06e2264502144c1faf (diff)
download	poky-4dfa203a65598b4aeea8b308b598d2edce6eef30.tar.gz

diff --git a/meta/recipes-devtools/python/python/Don-t-use-getentropy-on-Linux.patch b/meta/recipes-devtools/python/python/Don-t-use-getentropy-on-Linux.patch new file mode 100644 index 0000000000..38e53778dc --- /dev/null +++ b/meta/recipes-devtools/python/python/Don-t-use-getentropy-on-Linux.patch
@@ -0,0 +1,41 @@
		1	Upstream-Status: Backport
		2
		3	Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
		4
		5	From 905d1b30ac7cb0e31c57cec0533825c8f170b942 Mon Sep 17 00:00:00 2001
		6	From: Victor Stinner <victor.stinner@gmail.com>
		7	Date: Mon, 9 Jan 2017 11:10:41 +0100
		8	Subject: [PATCH] Don't use getentropy() on Linux
		9
		10	Issue #29188: Support glibc 2.24 on Linux: don't use getentropy() function but
		11	read from /dev/urandom to get random bytes, for example in os.urandom(). On
		12	Linux, getentropy() is implemented which getrandom() is blocking mode, whereas
		13	os.urandom() should not block.
		14
		15	(cherry picked from commit 2687486756721e39164fa9f597e468c35d495227)
		16	---
		17	Python/random.c \| 11 +++++++++--
		18	1 file changed, 9 insertions(+), 2 deletions(-)
		19
		20	diff --git a/Python/random.c b/Python/random.c
		21	index b4bc1f3..f3f5d14 100644
		22	--- a/Python/random.c
		23	+++ b/Python/random.c
		24	@@ -94,8 +94,15 @@ win32_urandom(unsigned char *buffer, Py_ssize_t size, int raise)
		25	}
		26
		27	/* Issue #25003: Don't use getentropy() on Solaris (available since
		28	- * Solaris 11.3), it is blocking whereas os.urandom() should not block. */
		29	-#elif defined(HAVE_GETENTROPY) && !defined(sun)
		30	+ Solaris 11.3), it is blocking whereas os.urandom() should not block.
		31	+
		32	+ Issue #29188: Don't use getentropy() on Linux since the glibc 2.24
		33	+ implements it with the getrandom() syscall which can fail with ENOSYS,
		34	+ and this error is not supported in py_getentropy() and getrandom() is called
		35	+ with flags=0 which blocks until system urandom is initialized, which is not
		36	+ the desired behaviour to seed the Python hash secret nor for os.urandom():
		37	+ see the PEP 524 which was only implemented in Python 3.6. */
		38	+#elif defined(HAVE_GETENTROPY) && !defined(sun) && !defined(linux)
		39	#define PY_GETENTROPY 1
		40
		41	/* Fill buffer with size pseudo-random bytes generated by getentropy().


diff --git a/meta/recipes-devtools/python/python_2.7.12.bb b/meta/recipes-devtools/python/python_2.7.12.bb index 9fe35db2de..2c6a3194a2 100644 --- a/meta/recipes-devtools/python/python_2.7.12.bb +++ b/meta/recipes-devtools/python/python_2.7.12.bb
@@ -27,6 +27,7 @@ SRC_URI += "\
27	file://use_sysroot_ncurses_instead_of_host.patch \	27	file://use_sysroot_ncurses_instead_of_host.patch \
28	file://add-CROSSPYTHONPATH-for-PYTHON_FOR_BUILD.patch \	28	file://add-CROSSPYTHONPATH-for-PYTHON_FOR_BUILD.patch \
29	file://python-fix-CVE-2016-1000110.patch \	29	file://python-fix-CVE-2016-1000110.patch \
		30	file://Don-t-use-getentropy-on-Linux.patch \
30	"	31	"
31		32
32	S = "${WORKDIR}/Python-${PV}"	33	S = "${WORKDIR}/Python-${PV}"