Bug#898088: libbsd: diff for NMU version 0.8.7-1.1

[Ben Hutchings]

Control: tags 898088 + patch
Control: tags 898088 + pending

I made an NMU applying the OpenBSD patch for this issue.

Ben.

-- 
Ben Hutchings
Horngren's Observation:
              Among economists, the real world is often a special case.

diff -Nru libbsd-0.8.7/debian/changelog libbsd-0.8.7/debian/changelog
--- libbsd-0.8.7/debian/changelog	2018-01-13 17:32:01.000000000 +0100
+++ libbsd-0.8.7/debian/changelog	2018-05-20 16:45:30.000000000 +0200
@@ -1,3 +1,11 @@
+libbsd (0.8.7-1.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Switch Linux getrandom() usage to non-blocking mode, continuing to use
+    fallback mechanims if unsuccessful. Closes: #898088
+
+ -- Ben Hutchings <b...@decadent.org.uk>  Sun, 20 May 2018 16:45:30 +0200
+
 libbsd (0.8.7-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru libbsd-0.8.7/debian/patches/series libbsd-0.8.7/debian/patches/series
--- libbsd-0.8.7/debian/patches/series	1970-01-01 01:00:00.000000000 +0100
+++ libbsd-0.8.7/debian/patches/series	2018-05-20 16:43:25.000000000 +0200
@@ -0,0 +1 @@
+switch-linux-getrandom-usage-to-non-blocking-mode.patch
diff -Nru libbsd-0.8.7/debian/patches/switch-linux-getrandom-usage-to-non-blocking-mode.patch libbsd-0.8.7/debian/patches/switch-linux-getrandom-usage-to-non-blocking-mode.patch
--- libbsd-0.8.7/debian/patches/switch-linux-getrandom-usage-to-non-blocking-mode.patch	1970-01-01 01:00:00.000000000 +0100
+++ libbsd-0.8.7/debian/patches/switch-linux-getrandom-usage-to-non-blocking-mode.patch	2018-05-20 16:45:09.000000000 +0200
@@ -0,0 +1,54 @@
+From: b...@openbsd.org
+Date: Sat, 29 Apr 2017 18:43:31 +0000
+Subject: Switch Linux getrandom() usage to non-blocking mode, continuing to use fallback mechanims if unsuccessful.
+Origin: https://github.com/openbsd/src/commit/edb2eeb7da8494998d0073f8aaeb8478cee5e00b
+Bug-Debian: https://bugs.debian.org/898088
+
+The design of Linux getrandom is broken.  It has an
+uninitialized phase coupled with blocking behaviour, which
+is unacceptable from within a library at boot time without
+possible recovery.
+ok deraadt@ jsing@
+
+[Ben Hutchings: Adjusted filename, and dropped the RCS ID change]
+---
+--- a/src/getentropy_linux.c
++++ b/src/getentropy_linux.c
+@@ -97,13 +97,16 @@ getentropy(void *buf, size_t len)
+ 
+ #ifdef SYS_getrandom
+ 	/*
+-	 * Try descriptor-less getrandom()
++	 * Try descriptor-less getrandom(), in non-blocking mode.
++	 *
++	 * The design of Linux getrandom is broken.  It has an
++	 * uninitialized phase coupled with blocking behaviour, which
++	 * is unacceptable from within a library at boot time without
++	 * possible recovery. See http://bugs.python.org/issue26839#msg267745
+ 	 */
+ 	ret = getentropy_getrandom(buf, len);
+ 	if (ret != -1)
+ 		return (ret);
+-	if (errno != ENOSYS)
+-		return (-1);
+ #endif
+ 
+ 	/*
+@@ -157,7 +160,7 @@ getentropy(void *buf, size_t len)
+ 	 *     - Do the best under the circumstances....
+ 	 *
+ 	 * This code path exists to bring light to the issue that Linux
+-	 * does not provide a failsafe API for entropy collection.
++	 * still does not provide a failsafe API for entropy collection.
+ 	 *
+ 	 * We hope this demonstrates that Linux should either retain their
+ 	 * sysctl ABI, or consider providing a new failsafe API which
+@@ -200,7 +203,7 @@ getentropy_getrandom(void *buf, size_t l
+ 	if (len > 256)
+ 		return (-1);
+ 	do {
+-		ret = syscall(SYS_getrandom, buf, len, 0);
++		ret = syscall(SYS_getrandom, buf, len, GRND_NONBLOCK);
+ 	} while (ret == -1 && errno == EINTR);
+ 
+ 	if (ret != (int)len)

signature.asc
Description: PGP signature