From patchwork Fri Jan 10 12:14:39 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Carlos Santos X-Patchwork-Id: 1221036 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.136; helo=silver.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=DJ9nMhUB; dkim-atps=neutral Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 47vMPJ3K1Xz9sPn for ; Fri, 10 Jan 2020 23:15:00 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id AC1E9204F9; Fri, 10 Jan 2020 12:14:57 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PcxkE-Y+RTr0; Fri, 10 Jan 2020 12:14:55 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by silver.osuosl.org (Postfix) with ESMTP id 6D8F5204D9; Fri, 10 Jan 2020 12:14:55 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by ash.osuosl.org (Postfix) with ESMTP id 0C2931BF2EF for ; Fri, 10 Jan 2020 12:14:54 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 0228D875E0 for ; Fri, 10 Jan 2020 12:14:54 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OZkoBPVIYHBn for ; Fri, 10 Jan 2020 12:14:50 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-qv1-f65.google.com (mail-qv1-f65.google.com [209.85.219.65]) by whitealder.osuosl.org (Postfix) with ESMTPS id 24E34873C9 for ; Fri, 10 Jan 2020 12:14:50 +0000 (UTC) Received: by mail-qv1-f65.google.com with SMTP id dp13so612648qvb.7 for ; Fri, 10 Jan 2020 04:14:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=+RCi5BKnbmlegbp2KqFUx1qhi2/eHbGqY39Ddlyn+rM=; b=DJ9nMhUBfymbzv/VNJ7QQhHGPugtNcUy7slc0vvIHPw4wtIaxZLYRGTHWbjbCnRQu7 QB47Mmx7jsVoI2jOzLyRuhzsnhBx1Lmdwr61AYzCUBbx11gVIG0QbI/O9JSpAcNwxoaQ 2iEUXAydz2LnherHEBsrMm5eGZXMj5n8/wPKAi862d9k7/wtzyxU1L7zb6EIaPkJyz0A ZIK/pS2cXp609xUhjEr7aO5FpuVgem+OExOLsNjzfirteVjEVsTcSsSEQfDTnDlN5tBf xjR2nbOm9CCGXSxwq118DF1iUMZMuxSJb1g6P/iTCWO8TfsXPZ+xsOpsMLQBKxcd7q57 hFIA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=+RCi5BKnbmlegbp2KqFUx1qhi2/eHbGqY39Ddlyn+rM=; b=f2h987d0Yt4L4qMcCQ5/r31MIE6qsdWD+ipcKNkqI0xYPH+h8LeXlYxrsxGkq9vKKM nPKQ/F9BR9VNPDveDzCS3T0ti7Awbi2TlS6NO6VWY2LISYqS7TYuqxnAZ5dpIEeMBpnD mCF4If/0/xoQisFwcvziQDsZY2OOkHDQnbgDHnem6strfMk3dyQ/LMjPsZt4vArqWqlg BaUgxR47M7v8UCQmN5jpqyjPq7L84up6AFtwR6uRoir166KcX2JdAox/xpFrcfdkqEXa RVf4Ud9nufjkQvei6OU9+cA6c0VOz1r6vXIjSliBxj1ZI0uArXSUYwb4FQ8NyRdMDKQX jVVQ== X-Gm-Message-State: APjAAAWWLuufWM+Eun0rGeWlCfo/oe7Gu8cF4aBhpcXtvgV85WTsjCfG eoq0RwzrR62fHGhu6RNlZUd+s2Eq X-Google-Smtp-Source: APXvYqwjzraP/2HfpWyvT7QdEBge17jND1r0WtuOKAuLREODW0NVInehWjOaxZjqQd1HaCCqHSXscg== X-Received: by 2002:a05:6214:14b3:: with SMTP id bo19mr2357654qvb.93.1578658488727; Fri, 10 Jan 2020 04:14:48 -0800 (PST) Received: from casantos.remote.csb ([179.162.26.40]) by smtp.gmail.com with ESMTPSA id f97sm895982qtb.18.2020.01.10.04.14.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 10 Jan 2020 04:14:47 -0800 (PST) From: unixmania@gmail.com To: buildroot@buildroot.org Date: Fri, 10 Jan 2020 09:14:39 -0300 Message-Id: <20200110121439.16180-1-unixmania@gmail.com> X-Mailer: git-send-email 2.18.2 MIME-Version: 1.0 Subject: [Buildroot] [PATCH] package/libpam-tacplus: fix build for nios2 X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Carlos Santos Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" From: Carlos Santos Pull an upstream patch that prevents compilation errors due to an unused return value. Add patch not yet applied upstream to prevent another failure because of the formatters used to print size_t and ssize_t values. Upstream status: https://github.com/kravietz/pam_tacplus/pull/136 Fixes: http://autobuild.buildroot.net/results/cf15b09bd7501c017a4e8cf9fb80857197d4a433/ Signed-off-by: Carlos Santos --- ...s-and-change-order-of-PRNG-functions.patch | 126 ++++++++++++++++++ ...-zu-as-ssize_t-and-size_t-formatters.patch | 48 +++++++ 2 files changed, 174 insertions(+) create mode 100644 package/libpam-tacplus/0003-Improve-tests-and-change-order-of-PRNG-functions.patch create mode 100644 package/libpam-tacplus/0004-Use-zd-and-zu-as-ssize_t-and-size_t-formatters.patch diff --git a/package/libpam-tacplus/0003-Improve-tests-and-change-order-of-PRNG-functions.patch b/package/libpam-tacplus/0003-Improve-tests-and-change-order-of-PRNG-functions.patch new file mode 100644 index 0000000000..5e4fb42d85 --- /dev/null +++ b/package/libpam-tacplus/0003-Improve-tests-and-change-order-of-PRNG-functions.patch @@ -0,0 +1,126 @@ +From d5ea51ff6a9b74bdc8a9ea7e6758d520f9b9a9fa Mon Sep 17 00:00:00 2001 +From: Pawel Krawczyk +Date: Thu, 13 Dec 2018 11:43:45 +0000 +Subject: [PATCH] Improve tests and change order of PRNG functions + +Try to use getrandom, RAND_pseudo_bytes, RAND_bytes and legacy code +in that order. The rationale is that getrandom comes built-in and +RAND_pseudo_bytes is faster for non-crypto. +--- + libtac/lib/magic.c | 64 +++++++++++++++++++++++++++------------------- + 1 file changed, 37 insertions(+), 27 deletions(-) + +diff --git a/libtac/lib/magic.c b/libtac/lib/magic.c +index 97aa035..7850276 100644 +--- a/libtac/lib/magic.c ++++ b/libtac/lib/magic.c +@@ -25,6 +25,7 @@ + #include + #include + #include ++#include + + #ifdef HAVE_CONFIG_H + #include "config.h" +@@ -50,54 +51,63 @@ + static void f(void) + #endif + +-/* if OpenSSL library is available this legacy code will not be compiled in */ +-#if defined(HAVE_OPENSSL_RAND_H) && defined(HAVE_LIBCRYPTO) ++#if defined(HAVE_GETRANDOM) + +-#include ++# if defined(HAVE_SYS_RANDOM_H) ++# include ++# else ++# error no header containing getrandom(2) declaration ++# endif ++ ++/* getrandom(2) is the most convenient and secure options from our point of view so it's on the first order of preference */ + +-/* +- * magic - Returns the next magic number. +- */ + u_int32_t + magic() + { + u_int32_t num; ++ ssize_t ret; + +-#ifdef HAVE_RAND_BYTES +- RAND_bytes((unsigned char *)&num, sizeof(num)); +-#else +- RAND_pseudo_bytes((unsigned char *)&num, sizeof(num)); +-#endif +- ++ ret = getrandom(&num, sizeof(num), GRND_NONBLOCK); ++ if(ret < 0) { ++ TACSYSLOG(LOG_CRIT,"%s: getrandom failed to provide random bytes: %s", __FUNCTION__, strerror(errno)); ++ exit(1); ++ } ++ if(ret < (ssize_t) sizeof(num)) { ++ TACSYSLOG(LOG_CRIT,"%s: getrandom less bytes than expected: %ld vs %lu", __FUNCTION__, ret, sizeof(num)); ++ exit(1); ++ } + return num; + } + +-#elif defined(HAVE_GETRANDOM) ++#elif defined(HAVE_OPENSSL_RAND_H) && defined(HAVE_LIBCRYPTO) + +-# if defined(HAVE_SYS_RANDOM_H) +-# include +-# else +-# error no header containing getrandom(2) declaration +-# endif ++#include ++ ++/* RAND_bytes is OpenSSL's classic function to obtain cryptographic strength pseudo-random bytes ++ however, since the magic() function is used to generate TACACS+ session id rather than crypto keys ++ we can use RAND_pseudo_bytes() which doesn't deplete the system's entropy pool ++ */ + +-/* +- * magic - Returns the next magic number. +- */ + u_int32_t + magic() + { + u_int32_t num; + +- getrandom(&num, sizeof(num), GRND_NONBLOCK); ++#ifdef HAVE_RAND_BYTES ++ RAND_bytes((unsigned char *)&num, sizeof(num)); ++#elif HAVE_RAND_PSEUDO_BYTES ++ RAND_pseudo_bytes((unsigned char *)&num, sizeof(num)); ++#else ++ #error Neither RAND_bytes nor RAND_pseudo_bytes seems to be available ++#endif + return num; + } + + #else + +-/* +- * magic_init - Initialize the magic number generator. +- * +- * Attempts to compute a random number seed which will not repeat. ++/* Finally, if nothing else works, use the legacy function that will use random(3) seeded from /dev/urandom, ++ * or just use a weak PRNG initialisation using time. But since magic() is used for session identifier and not crypto ++ * keys generation it can be used as a last resort. + */ + INITIALIZER(magic_init) + { +@@ -114,7 +124,7 @@ INITIALIZER(magic_init) + } + } + +- // fallback ++ // Fallback to ancient time-based PRNG seeding; if urandom worked, this doesn't "break" the entropy already collected + gettimeofday(&t, NULL); + seed ^= gethostid() ^ t.tv_sec ^ t.tv_usec ^ getpid(); + +-- +2.18.2 + diff --git a/package/libpam-tacplus/0004-Use-zd-and-zu-as-ssize_t-and-size_t-formatters.patch b/package/libpam-tacplus/0004-Use-zd-and-zu-as-ssize_t-and-size_t-formatters.patch new file mode 100644 index 0000000000..64c036660d --- /dev/null +++ b/package/libpam-tacplus/0004-Use-zd-and-zu-as-ssize_t-and-size_t-formatters.patch @@ -0,0 +1,48 @@ +From 1d44436ea8c65f128fed1cdf5f60c81fd667c1c2 Mon Sep 17 00:00:00 2001 +From: Carlos Santos +Date: Fri, 10 Jan 2020 08:48:26 -0300 +Subject: [PATCH] Use '%zd' and '%zu' as ssize_t and size_t formatters +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Fixes build error with GCC 8.3.0, for nios2: + +In file included from libtac/lib/magic.h:24, + from libtac/lib/magic.c:35: +libtac/lib/magic.c: In function ‘magic’: +libtac/lib/magic.c:77:25: error: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘ssize_t’ {aka ‘int’} [-Werror=format=] + TACSYSLOG(LOG_CRIT,"%s: getrandom less bytes than expected: %ld vs %lu", __FUNCTION__, ret, sizeof(num)); + ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ +./libtac/include/libtac.h:70:50: note: in definition of macro ‘TACSYSLOG’ + #define TACSYSLOG(level, fmt, ...) syslog(level, fmt, ## __VA_ARGS__) + ^~~ +libtac/lib/magic.c:77:25: error: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 5 has type ‘unsigned int’ [-Werror=format=] + TACSYSLOG(LOG_CRIT,"%s: getrandom less bytes than expected: %ld vs %lu", __FUNCTION__, ret, sizeof(num)); + ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~ +./libtac/include/libtac.h:70:50: note: in definition of macro ‘TACSYSLOG’ + #define TACSYSLOG(level, fmt, ...) syslog(level, fmt, ## __VA_ARGS__) + ^~~ +cc1: all warnings being treated as errors + +Signed-off-by: Carlos Santos +--- + libtac/lib/magic.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libtac/lib/magic.c b/libtac/lib/magic.c +index 7850276..9df5e3f 100644 +--- a/libtac/lib/magic.c ++++ b/libtac/lib/magic.c +@@ -73,7 +73,7 @@ magic() + exit(1); + } + if(ret < (ssize_t) sizeof(num)) { +- TACSYSLOG(LOG_CRIT,"%s: getrandom less bytes than expected: %ld vs %lu", __FUNCTION__, ret, sizeof(num)); ++ TACSYSLOG(LOG_CRIT,"%s: getrandom less bytes than expected: %zd vs %zu", __FUNCTION__, ret, sizeof(num)); + exit(1); + } + return num; +-- +2.18.2 +