Author: archaic Date: 2005-10-08 08:43:57 -0600 (Sat, 08 Oct 2005) New Revision: 1172
Added: trunk/uClibc/uClibc-0.9.27-arc4random-2.patch trunk/uClibc/uClibc-0.9.27-config-3.patch trunk/uClibc/uClibc-0.9.27-dyn_ldconfig-1.patch trunk/uClibc/uClibc-0.9.27-inet6_resolv-1.patch Removed: trunk/hlfs/uClibc-0.9.27-arc4random-2.patch trunk/hlfs/uClibc-0.9.27-config-3.patch trunk/hlfs/uClibc-0.9.27-dyn_ldconfig-1.patch trunk/hlfs/uClibc-0.9.27-inet6_resolv-1.patch Log: Moved old uClibc patches. Deleted: trunk/hlfs/uClibc-0.9.27-arc4random-2.patch =================================================================== --- trunk/hlfs/uClibc-0.9.27-arc4random-2.patch 2005-10-08 14:42:36 UTC (rev 1171) +++ trunk/hlfs/uClibc-0.9.27-arc4random-2.patch 2005-10-08 14:43:57 UTC (rev 1172) @@ -1,745 +0,0 @@ -Submitted By: Robert Connolly <robert at linuxfromscratch dot org> (ashes) -Date: 2005-02-15 -Initial Package Version: 0.9.27 -Upstream Status: Submitted - Approval is pending -Origin: http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/crypt/arc4random.c -Description: This patch adds the arc4random() and arc4randomII() functions -to uClibc, and hooks so mktemp(3) and SSP can use arc4randomII(). - -Also see: -http://www.linuxfromscratch.org/hlfs/ -http://www.linuxfromscratch.org/hints/downloads/files/entropy.txt - -diff -Naur uClibc-0.9.27.orig/extra/Configs/Config.in uClibc-0.9.27/extra/Configs/Config.in ---- uClibc-0.9.27.orig/extra/Configs/Config.in 2005-01-12 07:59:21.000000000 +0000 -+++ uClibc-0.9.27/extra/Configs/Config.in 2005-02-16 02:42:34.083951656 +0000 -@@ -1098,6 +1098,49 @@ - libraries have to be built with -fPIC or -fpic, and all assembler - functions must be written as position independent code (PIC). - -+config UCLIBC_HAS_ARC4RANDOM -+ bool "Add the arc4random() function to the library" -+ depends on UCLIBC_SECURITY -+ default n -+ help -+ Answer Y to add the OpenBSD-like arc4random() function. arc4random() -+ generates a pseudo-random number using the ARC4 key stream cipher. -+ The arc4random() function is seeded automatically from /dev/urandom -+ and can be in about (2**1700) states. gettimeofday(2) is always -+ included when initializing the state, making it impossible to -+ generate the same random sequence twice. arc4randomII() is identical -+ to arc4random() except that erandom is used as the seed source. -+ arc4random() is safe for an entropy source for cryptography, while -+ arc4randomII() is suited for mktemp, and other functions with a short -+ lifespan. This library is very small (approx. 2KB) and very fast. -+ If you answer Y here, mktemp(3), and propolice stack protection, can -+ use arc4randomII() for their entropy source. -+ OpenSSL and OpenNTPD also support this function. -+ Erandom requires a modified kernel. More informataion is on: -+ http://frandom.sourceforge.net/ -+ and -+ http://www.linuxfromscratch.org/hlfs/ -+ Most people will answer N. -+ -+config MKTEMP_USE_ARC4RANDOM -+ bool "Use arc4randomII() in mktemp(3)" -+ depends on UCLIBC_HAS_ARC4RANDOM -+ default n -+ help -+ Answer Y to use arc4randomII() as mktemp's (tempname.c) entropy source. -+ This will save kernel entropy while making tempfiles unpredictable. -+ Most people will answer N. -+ -+config ARC4RANDOM_USE_SYSCTL -+ bool "Make arc4random() use sysctl if /dev is not accessible" -+ depends on UCLIBC_HAS_ARC4RANDOM -+ default n -+ help -+ Answer Y to use sysctl only if /dev/*random fails (chroot). -+ This requires a modified kernel. -+ For more info see: http://www.linuxfromscratch.org/hlfs/ -+ Most people will answer N. -+ - config UCLIBC_HAS_SSP - bool "Support for propolice stack protection" - depends on UCLIBC_SECURITY -@@ -1110,6 +1153,16 @@ - gcc version, where __guard and __stack_smash_handler are removed from libgcc. - Most people will answer N. - -+config SSP_USE_ARC4RANDOM -+ bool "Make propolice use arc4randomII()" -+ depends on UCLIBC_HAS_ARC4RANDOM -+ default n -+ help -+ Answer Y to use arc4randomII() as propolice's __guard entropy -+ source. This will save kernel entropy while making __guard's value -+ unpredictable. -+ Most people will answer N. -+ - choice - prompt "Propolice protection blocking signal" - depends on UCLIBC_HAS_SSP -diff -Naur uClibc-0.9.27.orig/include/stdlib.h uClibc-0.9.27/include/stdlib.h ---- uClibc-0.9.27.orig/include/stdlib.h 2005-01-12 07:59:21.000000000 +0000 -+++ uClibc-0.9.27/include/stdlib.h 2005-02-16 02:43:14.328833504 +0000 -@@ -449,7 +449,18 @@ - - extern int lcong48_r (unsigned short int __param[7], - struct drand48_data *__buffer) __THROW; --# endif /* Use misc. */ -+ -+#if defined(__UCLIBC_HAS_ARC4RANDOM__) -+#define HAVE_ARC4RANDOM -+u_int32_t arc4random(void); -+void arc4random_stir(void); -+void arc4random_addrandom(unsigned char *, int); -+u_int32_t arc4randomII(void); -+void arc4random_stirII(void); -+void arc4random_addrandomII(unsigned char *, int); -+#endif -+ -+# endif /* Use misc. */ - #endif /* Use SVID or X/Open. */ - - #endif /* don't just need malloc and calloc */ -diff -Naur uClibc-0.9.27.orig/libc/misc/internals/tempname.c uClibc-0.9.27/libc/misc/internals/tempname.c ---- uClibc-0.9.27.orig/libc/misc/internals/tempname.c 2005-01-12 07:59:21.000000000 +0000 -+++ uClibc-0.9.27/libc/misc/internals/tempname.c 2005-02-16 02:42:34.106948160 +0000 -@@ -117,6 +117,7 @@ - static const char letters[] = - "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; - -+#if !defined(__MKTEMP_USE_ARC4RANDOM__) - static unsigned int fillrand(unsigned char *buf, unsigned int len) - { - int fd; -@@ -131,6 +132,7 @@ - } - return result; - } -+#endif - - /* Generate a temporary file name based on TMPL. TMPL must match the - rules for mk[s]temp (i.e. end in "XXXXXX"). The name constructed -@@ -164,9 +166,15 @@ - XXXXXX = &tmpl[len - 6]; - - /* Get some random data. */ -+#if defined(__MKTEMP_USE_ARC4RANDOM__) -+ for (i = 0 ; i < sizeof(randomness) ; i++) { -+ randomness[i] = (arc4randomII() % 62); -+ } -+#else - if (fillrand(randomness, sizeof(randomness)) != sizeof(randomness)) { - goto all_done; - } -+#endif - for (i = 0 ; i < sizeof(randomness) ; i++) { - k = ((randomness[i]) % 62); - XXXXXX[i] = letters[k]; -diff -Naur uClibc-0.9.27.orig/libc/stdlib/Makefile uClibc-0.9.27/libc/stdlib/Makefile ---- uClibc-0.9.27.orig/libc/stdlib/Makefile 2005-01-12 07:59:21.000000000 +0000 -+++ uClibc-0.9.27/libc/stdlib/Makefile 2005-02-16 02:42:34.108947856 +0000 -@@ -90,6 +90,10 @@ - ifeq ($(UCLIBC_HAS_FLOATS),y) - CSRC += drand48.c drand48_r.c erand48.c erand48_r.c - endif -+ifeq ($(UCLIBC_HAS_ARC4RANDOM),y) -+ CSRC += arc4random.c arc4randomII.c -+endif -+ - COBJS=$(patsubst %.c,%.o, $(CSRC)) - - OBJS=$(MOBJ) $(MOBJx) $(MOBJ1) $(MOBJ1x) $(MOBJ2) $(COBJS) -diff -Naur uClibc-0.9.27.orig/libc/stdlib/arc4random.c uClibc-0.9.27/libc/stdlib/arc4random.c ---- uClibc-0.9.27.orig/libc/stdlib/arc4random.c 1970-01-01 00:00:00.000000000 +0000 -+++ uClibc-0.9.27/libc/stdlib/arc4random.c 2005-02-16 02:42:34.111947400 +0000 -@@ -0,0 +1,207 @@ -+/* -+ * Arc4 random number generator for OpenBSD. -+ * Copyright 1996 David Mazieres <[EMAIL PROTECTED]>. -+ * -+ * Modification and redistribution in source and binary forms is -+ * permitted provided that due credit is given to the author and the -+ * OpenBSD project by leaving this copyright notice intact. -+ */ -+ -+/* -+ * This code is derived from section 17.1 of Applied Cryptography, -+ * second edition, which describes a stream cipher allegedly -+ * compatible with RSA Labs "RC4" cipher (the actual description of -+ * which is a trade secret). The same algorithm is used as a stream -+ * cipher called "arcfour" in Tatu Ylonen's ssh package. -+ * -+ * Here the stream cipher has been modified always to include the time -+ * when initializing the state. That makes it impossible to -+ * regenerate the same random sequence twice, so this can't be used -+ * for encryption, but will generate good random numbers. -+ * -+ * RC4 is a registered trademark of RSA Laboratories. -+ */ -+ -+/* -+ * Modified by Robert Connolly from OpenBSD lib/libc/crypt/arc4random.c v1.11. -+ * This is arc4random(3) using urandom. -+ */ -+ -+#include <fcntl.h> -+#include <stdlib.h> -+#include <unistd.h> -+#include <sys/types.h> -+#include <sys/param.h> -+#include <sys/time.h> -+#if defined(__ARC4RANDOM_USE_SYSCTL__) -+#include <sys/sysctl.h> -+#endif -+ -+#ifdef __GNUC__ -+#define inline __inline -+#else /* !__GNUC__ */ -+#define inline -+#endif /* !__GNUC__ */ -+ -+struct arc4_stream { -+ u_int8_t i; -+ u_int8_t j; -+ u_int8_t s[256]; -+}; -+ -+static int rs_initialized; -+static struct arc4_stream rs; -+static pid_t arc4_stir_pid; -+ -+static inline u_int8_t arc4_getbyte(struct arc4_stream *); -+ -+static inline void -+arc4_init(struct arc4_stream *as) -+{ -+ int n; -+ -+ for (n = 0; n < 256; n++) -+ as->s[n] = n; -+ as->i = 0; -+ as->j = 0; -+} -+ -+static inline void -+arc4_addrandom(struct arc4_stream *as, u_char *dat, int datlen) -+{ -+ int n; -+ u_int8_t si; -+ -+ as->i--; -+ for (n = 0; n < 256; n++) { -+ as->i = (as->i + 1); -+ si = as->s[as->i]; -+ as->j = (as->j + si + dat[n % datlen]); -+ as->s[as->i] = as->s[as->j]; -+ as->s[as->j] = si; -+ } -+ as->j = as->i; -+} -+ -+static void -+arc4_stir(struct arc4_stream *as) -+{ -+ int n, fd; -+ struct { -+ struct timeval tv; -+ u_int rnd[(128 - sizeof(struct timeval)) / sizeof(u_int)]; -+ } rdat; -+ -+ gettimeofday(&rdat.tv, NULL); -+ -+ /* /dev/urandom is a multithread interface, sysctl is not. */ -+ /* Try to use /dev/urandom before sysctl. */ -+ fd = open("/dev/urandom", O_RDONLY); -+ if (fd != -1) { -+ read(fd, rdat.rnd, sizeof(rdat.rnd)); -+ close(fd); -+ } -+ -+#if defined(__ARC4RANDOM_USE_SYSCTL__) -+ else { -+ /* /dev/urandom failed? Maybe we're in a chroot. */ -+ int mib[]={CTL_KERN, KERN_RANDOM, RANDOM_URANDOM}; -+ u_int i; -+ size_t len; -+ -+ for (i = 0; i < sizeof(rdat.rnd) / sizeof(u_int); i ++) { -+ len = sizeof(u_int); -+ if (sysctl(mib, 3, &rdat.rnd[i], &len, NULL, 0) == -1) -+ break; -+ } -+ if (i < sizeof(rdat.rnd) / 4) { -+ /* Sysctl urandom failed? Maybe we're running a vanilla kernel. */ -+ mib[2] = RANDOM_UUID; -+ for (i = 0; i < sizeof(rdat.rnd) / sizeof(u_int); i ++) { -+ len = sizeof(u_int); -+ if (sysctl(mib, 3, &rdat.rnd[i], &len, NULL, 0) == -1) -+ break; -+ } -+ } -+ } -+#endif -+ -+ arc4_stir_pid = getpid(); -+ /* -+ * Time to give up. If no entropy could be found then we will just -+ * use gettimeofday. -+ */ -+ arc4_addrandom(as, (void *)&rdat, sizeof(rdat)); -+ -+ /* -+ * Discard early keystream, as per recommendations in: -+ * http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/Rc4_ksa.ps -+ * We discard 256 words. A long word is 4 bytes. -+ */ -+ for (n = 0; n < 256 * 4; n ++) -+ arc4_getbyte(as); -+} -+ -+static inline u_int8_t -+arc4_getbyte(struct arc4_stream *as) -+{ -+ u_int8_t si, sj; -+ -+ as->i = (as->i + 1); -+ si = as->s[as->i]; -+ as->j = (as->j + si); -+ sj = as->s[as->j]; -+ as->s[as->i] = sj; -+ as->s[as->j] = si; -+ return (as->s[(si + sj) & 0xff]); -+} -+ -+static inline u_int32_t -+arc4_getword(struct arc4_stream *as) -+{ -+ u_int32_t val; -+ val = arc4_getbyte(as) << 24; -+ val |= arc4_getbyte(as) << 16; -+ val |= arc4_getbyte(as) << 8; -+ val |= arc4_getbyte(as); -+ return val; -+} -+ -+void -+arc4random_stir(void) -+{ -+ if (!rs_initialized) { -+ arc4_init(&rs); -+ rs_initialized = 1; -+ } -+ arc4_stir(&rs); -+} -+ -+void -+arc4random_addrandom(u_char *dat, int datlen) -+{ -+ if (!rs_initialized) -+ arc4random_stir(); -+ arc4_addrandom(&rs, dat, datlen); -+} -+ -+u_int32_t -+arc4random(void) -+{ -+ if (!rs_initialized || arc4_stir_pid != getpid()) -+ arc4random_stir(); -+ return arc4_getword(&rs); -+} -+ -+#if 0 -+/*-------- Test code --------*/ -+#include <stdlib.h> -+#include <stdio.h> -+ -+int main(void) { -+ int random_number; -+ random_number = arc4random() % 65536; -+ printf("A random number between 0 and 65536 is %d\n", random_number); -+ return 0; -+} -+#endif -diff -Naur uClibc-0.9.27.orig/libc/stdlib/arc4randomII.c uClibc-0.9.27/libc/stdlib/arc4randomII.c ---- uClibc-0.9.27.orig/libc/stdlib/arc4randomII.c 1970-01-01 00:00:00.000000000 +0000 -+++ uClibc-0.9.27/libc/stdlib/arc4randomII.c 2005-02-16 02:42:34.114946944 +0000 -@@ -0,0 +1,198 @@ -+/* -+ * Arc4 random number generator for OpenBSD. -+ * Copyright 1996 David Mazieres <[EMAIL PROTECTED]>. -+ * -+ * Modification and redistribution in source and binary forms is -+ * permitted provided that due credit is given to the author and the -+ * OpenBSD project by leaving this copyright notice intact. -+ */ -+ -+/* -+ * This code is derived from section 17.1 of Applied Cryptography, -+ * second edition, which describes a stream cipher allegedly -+ * compatible with RSA Labs "RC4" cipher (the actual description of -+ * which is a trade secret). The same algorithm is used as a stream -+ * cipher called "arcfour" in Tatu Ylonen's ssh package. -+ * -+ * Here the stream cipher has been modified always to include the time -+ * when initializing the state. That makes it impossible to -+ * regenerate the same random sequence twice, so this can't be used -+ * for encryption, but will generate good random numbers. -+ * -+ * RC4 is a registered trademark of RSA Laboratories. -+ */ -+ -+/* -+ * Modified by Robert Connolly from OpenBSD lib/libc/crypt/arc4random.c v1.11. -+ * This is arc4randomII(3) using erandom. -+ */ -+ -+#include <fcntl.h> -+#include <stdlib.h> -+#include <unistd.h> -+#include <sys/types.h> -+#include <sys/param.h> -+#include <sys/time.h> -+#if defined(__ARC4RANDOM_USE_SYSCTL__) -+#include <sys/sysctl.h> -+#endif -+ -+#ifdef __GNUC__ -+#define inline __inline -+#else /* !__GNUC__ */ -+#define inline -+#endif /* !__GNUC__ */ -+ -+struct arc4_streamII { -+ u_int8_t i; -+ u_int8_t j; -+ u_int8_t s[256]; -+}; -+ -+static int rs_initializedII; -+static struct arc4_streamII rs; -+static pid_t arc4_stir_pidII; -+ -+static inline u_int8_t arc4_getbyteII(struct arc4_streamII *); -+ -+static inline void -+arc4_initII(struct arc4_streamII *as) -+{ -+ int n; -+ -+ for (n = 0; n < 256; n++) -+ as->s[n] = n; -+ as->i = 0; -+ as->j = 0; -+} -+ -+static inline void -+arc4_addrandomII(struct arc4_streamII *as, u_char *dat, int datlen) -+{ -+ int n; -+ u_int8_t si; -+ -+ as->i--; -+ for (n = 0; n < 256; n++) { -+ as->i = (as->i + 1); -+ si = as->s[as->i]; -+ as->j = (as->j + si + dat[n % datlen]); -+ as->s[as->i] = as->s[as->j]; -+ as->s[as->j] = si; -+ } -+ as->j = as->i; -+} -+ -+static void -+arc4_stirII(struct arc4_streamII *as) -+{ -+ int n, fd; -+ struct { -+ struct timeval tv; -+ u_int rnd[(128 - sizeof(struct timeval)) / sizeof(u_int)]; -+ } rdat; -+ -+ gettimeofday(&rdat.tv, NULL); -+ -+ /* /dev/urandom is a multithread interface, sysctl is not. */ -+ /* Try to use /dev/urandom before sysctl. */ -+ fd = open("/dev/erandom", O_RDONLY); -+ if (fd != -1) { -+ read(fd, rdat.rnd, sizeof(rdat.rnd)); -+ close(fd); -+ } -+ -+#if defined(__ARC4RANDOM_USE_SYSCTL__) -+ else { -+ /* /dev/urandom failed? Maybe we're in a chroot. */ -+ int mib[]={CTL_KERN, KERN_RANDOM, RANDOM_ERANDOM}; -+ u_int i; -+ size_t len; -+ -+ for (i = 0; i < sizeof(rdat.rnd) / sizeof(u_int); i++) { -+ len = sizeof(u_int); -+ if (sysctl(mib, 3, &rdat.rnd[i], &len, NULL, 0) == -1) -+ break; -+ } -+ } -+#endif -+ -+ arc4_stir_pidII = getpid(); -+ /* -+ * Time to give up. If no entropy could be found then we will just -+ * use gettimeofday. -+ */ -+ arc4_addrandomII(as, (void *)&rdat, sizeof(rdat)); -+ -+ /* -+ * Discard early keystream, as per recommendations in: -+ * http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/Rc4_ksa.ps -+ * We discard 256 words. A long word is 4 bytes. -+ */ -+ for (n = 0; n < 256 * 4; n ++) -+ arc4_getbyteII(as); -+} -+ -+static inline u_int8_t -+arc4_getbyteII(struct arc4_streamII *as) -+{ -+ u_int8_t si, sj; -+ -+ as->i = (as->i + 1); -+ si = as->s[as->i]; -+ as->j = (as->j + si); -+ sj = as->s[as->j]; -+ as->s[as->i] = sj; -+ as->s[as->j] = si; -+ return (as->s[(si + sj) & 0xff]); -+} -+ -+static inline u_int32_t -+arc4_getwordII(struct arc4_streamII *as) -+{ -+ u_int32_t val; -+ val = arc4_getbyteII(as) << 24; -+ val |= arc4_getbyteII(as) << 16; -+ val |= arc4_getbyteII(as) << 8; -+ val |= arc4_getbyteII(as); -+ return val; -+} -+ -+void -+arc4random_stirII(void) -+{ -+ if (!rs_initializedII) { -+ arc4_initII(&rs); -+ rs_initializedII = 1; -+ } -+ arc4_stirII(&rs); -+} -+ -+void -+arc4random_addrandomII(u_char *dat, int datlen) -+{ -+ if (!rs_initializedII) -+ arc4random_stirII(); -+ arc4_addrandomII(&rs, dat, datlen); -+} -+ -+u_int32_t -+arc4randomII(void) -+{ -+ if (!rs_initializedII || arc4_stir_pidII != getpid()) -+ arc4random_stirII(); -+ return arc4_getwordII(&rs); -+} -+ -+#if 0 -+/*-------- Test code --------*/ -+#include <stdlib.h> -+#include <stdio.h> -+ -+int main(void) { -+ int random_number; -+ random_number = arc4randomII() % 65536; -+ printf("A random number between 0 and 65536 is %d\n", random_number); -+ return 0; -+} -+#endif -diff -Naur uClibc-0.9.27.orig/libc/stdlib/man/arc4random.3 uClibc-0.9.27/libc/stdlib/man/arc4random.3 ---- uClibc-0.9.27.orig/libc/stdlib/man/arc4random.3 1970-01-01 00:00:00.000000000 +0000 -+++ uClibc-0.9.27/libc/stdlib/man/arc4random.3 2005-02-16 02:42:34.116946640 +0000 -@@ -0,0 +1,74 @@ -+.TH ARC4RANDOM 3 "February 11, 2005" -+.SH NAME -+arc4random - arc4 random number generator -+.SH SYNOPSIS -+.nf -+.B #include <stdlib.h> -+.sp -+.I u_int32_t -+.B arc4random(void); -+.sp -+.I u_int32_t -+.B arc4randomII(void); -+.fi -+.SH DESCRIPTION -+The \fBarc4random()\fP function generates a pseudo-random number using the -+ARC4 cipher key stream generator. ARCFOUR uses 8*8 8 bit S-Boxes, and can -+be in about (2**1700) states. -+ -+The \fBarc4random()\fP function is seeded automatically from /dev/urandom, -+or from sysctl \fBurandom\fP if /dev/urandom is not accessible (chroot), or from -+sysctl random.uuid if sysctl \fBurandom\fP is not accessible. \fBgettimeofday(2)\fP -+is always included when initializing the state of \fBarc4random()\fP, this makes -+it impossible to generate the same random sequence twice. \fBarc4random()\fP -+is intended to be safe to use with encryption software to provide entropy. -+ -+The \fBarc4randomII()\fP function is identical to \fBarc4random()\fP except -+that \fBarc4randomII()\fP is seeded automatically from /dev/erandom, and -+sysctl erandom. \fBarc4randomII()\fP is NOT intended for cryptography, but is -+ideal for \fBmktemp(3)\fP, and other functions with a short lifespan. -+\fBarc4randomII()\fP and erandom do not consume any kernel entropy. -+ -+Sysctl urandom, and erandom require a modified kernel. See: -+http://www.linuxfromscratch.org/hlfs/ -+ -+.SH EXAMPLES -+.TP -+Return a random number between 0 and 100. -+.sp -+arc4random() % 100; -+.TP -+Return any random number. -+.sp -+arc4random(); -+.TP -+.nf -+Sample program; this will display a number between 0 and 65536. -+ -+#include <stdlib.h> -+#include <stdio.h> -+ -+int main(void) { -+ int random_number; -+ random_number = arc4random() % 65536; -+ printf("%d\n", random_number); -+ return 0; -+} -+.fi -+.SH "SEE ALSO" -+.BR random (3), -+.BR gettimeofday (2), -+.BR mktemp (3) -+ -+.SH HISTORY -+An algorithm called RC4 was designed by RSA Data Security, Inc. It was -+considered a trade secret, but not trademarked. Because it was a trade -+secret, it obviously could not be patented. A clone of this was posted -+anonymously to USENET and confirmed to be equivalent by several sources -+who had access to the original cipher. Because of the trade secret situation, -+RSA Data Security, Inc. can do nothing about the release of the -+ARC4 algorithm. Since RC4 used to be a trade secret, the cipher is now -+referred to as ARC4 (Another RC4). -+ -+These functions first appeared in OpenBSD 2.1. -+ -diff -Naur uClibc-0.9.27.orig/libc/sysdeps/linux/common/ssp.c uClibc-0.9.27/libc/sysdeps/linux/common/ssp.c ---- uClibc-0.9.27.orig/libc/sysdeps/linux/common/ssp.c 2005-01-12 07:59:21.000000000 +0000 -+++ uClibc-0.9.27/libc/sysdeps/linux/common/ssp.c 2005-02-16 02:42:34.119946184 +0000 -@@ -16,12 +16,11 @@ - * - */ - --#ifdef HAVE_CONFIG_H --# include <config.h> --#endif -- - #include <stdio.h> - #include <string.h> -+#if defined(__SSP_USE_ARC4RANDOM__) -+#include <stdlib.h> /* For arc4random() */ -+#endif - #include <fcntl.h> - #include <unistd.h> - #include <signal.h> -@@ -29,9 +28,6 @@ - #include <sys/un.h> - #include <sys/syslog.h> - #include <sys/time.h> --#ifdef HAVE_DEV_ERANDOM --#include <sys/sysctl.h> --#endif - - #ifdef __PROPOLICE_BLOCK_SEGV__ - #define SSP_SIGTYPE SIGSEGV -@@ -45,39 +41,27 @@ - - void __guard_setup(void) - { -- size_t size; -- struct timeval tv; -- --#ifdef HAVE_DEV_ERANDOM -- int mib[3]; --#endif -+ int i=0, fd=0; -+ size_t size; -+ struct timeval tv; - - if (__guard != 0UL) - return; - --#ifndef __SSP_QUICK_CANARY__ --#ifdef HAVE_DEV_ERANDOM -- /* Random is another depth in Linux, hence an array of 3. */ -- mib[0] = CTL_KERN; -- mib[1] = KERN_RANDOM; -- mib[2] = RANDOM_ERANDOM; -- -- size = sizeof(unsigned long); -- if (__sysctl(mib, 3, &__guard, &size, NULL, 0) != (-1)) -- if (__guard != 0UL) -- return; --#endif -- /* -- * Attempt to open kernel pseudo random device if one exists before -- * opening urandom to avoid system entropy depletion. -- */ -- { -- int fd; -+ __guard = 0xFF0A0D00UL; -+ /* Always start with the time. */ -+ gettimeofday(&tv, NULL); -+ __guard ^= tv.tv_usec ^ tv.tv_sec; - --#ifdef HAVE_DEV_ERANDOM -- if ((fd = open("/dev/erandom", O_RDONLY)) == (-1)) --#endif -- fd = open("/dev/urandom", O_RDONLY); -+#if defined(__SSP_USE_ARC4RANDOM__) -+ for (i = 0; i < sizeof(__guard) / 4; i ++) { -+ size = sizeof(unsigned long); -+ if ((__guard = (int)(arc4randomII())) == (-1)) -+ break; -+ } -+#else -+ if (i < sizeof(__guard) / 4) { -+ fd = open("/dev/urandom", O_RDONLY); - if (fd != (-1)) { - size = read(fd, (char *) &__guard, sizeof(__guard)); - close(fd); -@@ -86,14 +70,6 @@ - } - } - #endif -- /* If sysctl was unsuccessful, use the "terminator canary". */ -- __guard = 0xFF0A0D00UL; -- -- /* Everything failed? Or we are using a weakened model of the -- * terminator canary */ -- -- gettimeofday(&tv, NULL); -- __guard ^= tv.tv_usec ^ tv.tv_sec; - } - - void __stack_smash_handler(char func[], int damaged) Deleted: trunk/hlfs/uClibc-0.9.27-config-3.patch =================================================================== --- trunk/hlfs/uClibc-0.9.27-config-3.patch 2005-10-08 14:42:36 UTC (rev 1171) +++ trunk/hlfs/uClibc-0.9.27-config-3.patch 2005-10-08 14:43:57 UTC (rev 1172) @@ -1,193 +0,0 @@ -Submitted By: Robert Connolly <robert at linuxfromscratch dot org> (ashes) -Date: 2005-02-21 -Initial Package Version: 0.9.27 -Upstream Status: Not submitted -Origin: None -Description: This adds a default config file to uClibc so the build can be -more automated. - -diff -Naur uClibc-0.9.27.orig/.config uClibc-0.9.27/.config ---- uClibc-0.9.27.orig/.config 1970-01-01 00:00:00.000000000 +0000 -+++ uClibc-0.9.27/.config 2005-02-21 20:11:13.317085200 +0000 -@@ -0,0 +1,181 @@ -+# -+# Automatically generated make config: don't edit -+# -+# TARGET_alpha is not set -+# TARGET_arm is not set -+# TARGET_bfin is not set -+# TARGET_cris is not set -+# TARGET_e1 is not set -+# TARGET_frv is not set -+# TARGET_h8300 is not set -+TARGET_i386=y -+# TARGET_i960 is not set -+# TARGET_m68k is not set -+# TARGET_microblaze is not set -+# TARGET_mips is not set -+# TARGET_nios is not set -+# TARGET_nios2 is not set -+# TARGET_powerpc is not set -+# TARGET_sh is not set -+# TARGET_sparc is not set -+# TARGET_v850 is not set -+ -+# -+# Target Architecture Features and Options -+# -+HAVE_ELF=y -+ARCH_SUPPORTS_LITTLE_ENDIAN=y -+TARGET_ARCH="i386" -+CONFIG_GENERIC_386=y -+# CONFIG_386 is not set -+# CONFIG_486 is not set -+# CONFIG_586 is not set -+# CONFIG_586MMX is not set -+# CONFIG_686 is not set -+# CONFIG_PENTIUMII is not set -+# CONFIG_PENTIUMIII is not set -+# CONFIG_PENTIUM4 is not set -+# CONFIG_K6 is not set -+# CONFIG_K7 is not set -+# CONFIG_ELAN is not set -+# CONFIG_CRUSOE is not set -+# CONFIG_WINCHIPC6 is not set -+# CONFIG_WINCHIP2 is not set -+# CONFIG_CYRIXIII is not set -+# CONFIG_NEHEMIAH is not set -+ARCH_LITTLE_ENDIAN=y -+# ARCH_BIG_ENDIAN is not set -+# ARCH_HAS_NO_MMU is not set -+ARCH_HAS_MMU=y -+UCLIBC_HAS_FLOATS=y -+HAS_FPU=y -+DO_C99_MATH=y -+WARNINGS="-Wall" -+KERNEL_SOURCE="/usr/src/linux" -+C_SYMBOL_PREFIX="" -+HAVE_DOT_CONFIG=y -+ -+# -+# General Library Settings -+# -+# HAVE_NO_PIC is not set -+DOPIC=y -+# HAVE_NO_SHARED is not set -+HAVE_SHARED=y -+# ARCH_HAS_NO_LDSO is not set -+BUILD_UCLIBC_LDSO=y -+FORCE_SHAREABLE_TEXT_SEGMENTS=y -+LDSO_LDD_SUPPORT=y -+LDSO_CACHE_SUPPORT=y -+# LDSO_PRELOAD_FILE_SUPPORT is not set -+LDSO_BASE_FILENAME="ld.so" -+UCLIBC_CTOR_DTOR=y -+# HAS_NO_THREADS is not set -+UCLIBC_HAS_THREADS=y -+# PTHREADS_DEBUG_SUPPORT is not set -+UCLIBC_HAS_LFS=y -+# MALLOC is not set -+# MALLOC_SIMPLE is not set -+MALLOC_STANDARD=y -+# MALLOC_GLIBC_COMPAT is not set -+UCLIBC_DYNAMIC_ATEXIT=y -+HAS_SHADOW=y -+UNIX98PTY_ONLY=y -+ASSUME_DEVPTS=y -+UCLIBC_HAS_TM_EXTENSIONS=y -+UCLIBC_HAS_TZ_CACHING=y -+UCLIBC_HAS_TZ_FILE=y -+UCLIBC_HAS_TZ_FILE_READ_MANY=y -+UCLIBC_TZ_FILE_PATH="/etc/TZ" -+ -+# -+# Networking Support -+# -+# UCLIBC_HAS_IPV6 is not set -+UCLIBC_HAS_RPC=y -+# UCLIBC_HAS_FULL_RPC is not set -+ -+# -+# String and Stdio Support -+# -+UCLIBC_HAS_STRING_GENERIC_OPT=y -+UCLIBC_HAS_STRING_ARCH_OPT=y -+UCLIBC_HAS_CTYPE_TABLES=y -+UCLIBC_HAS_CTYPE_SIGNED=y -+UCLIBC_HAS_CTYPE_UNSAFE=y -+# UCLIBC_HAS_CTYPE_CHECKED is not set -+# UCLIBC_HAS_CTYPE_ENFORCED is not set -+UCLIBC_HAS_WCHAR=y -+UCLIBC_HAS_LOCALE=y -+UCLIBC_PREGENERATED_LOCALE_DATA=y -+# UCLIBC_DOWNLOAD_PREGENERATED_LOCALE_DATA is not set -+# UCLIBC_HAS_XLOCALE is not set -+# UCLIBC_HAS_HEXADECIMAL_FLOATS is not set -+# UCLIBC_HAS_GLIBC_DIGIT_GROUPING is not set -+UCLIBC_HAS_GLIBC_CUSTOM_PRINTF=y -+UCLIBC_PRINTF_SCANF_POSITIONAL_ARGS=9 -+# UCLIBC_HAS_SCANF_GLIBC_A_FLAG is not set -+# UCLIBC_HAS_STDIO_BUFSIZ_NONE is not set -+# UCLIBC_HAS_STDIO_BUFSIZ_256 is not set -+# UCLIBC_HAS_STDIO_BUFSIZ_512 is not set -+# UCLIBC_HAS_STDIO_BUFSIZ_1024 is not set -+# UCLIBC_HAS_STDIO_BUFSIZ_2048 is not set -+UCLIBC_HAS_STDIO_BUFSIZ_4096=y -+# UCLIBC_HAS_STDIO_BUFSIZ_8192 is not set -+UCLIBC_HAS_STDIO_BUILTIN_BUFFER_NONE=y -+# UCLIBC_HAS_STDIO_BUILTIN_BUFFER_4 is not set -+# UCLIBC_HAS_STDIO_BUILTIN_BUFFER_8 is not set -+UCLIBC_HAS_STDIO_GETC_MACRO=y -+UCLIBC_HAS_STDIO_PUTC_MACRO=y -+UCLIBC_HAS_STDIO_AUTO_RW_TRANSITION=y -+# UCLIBC_HAS_FOPEN_LARGEFILE_MODE is not set -+# UCLIBC_HAS_FOPEN_EXCLUSIVE_MODE is not set -+# UCLIBC_HAS_GLIBC_CUSTOM_STREAMS is not set -+# UCLIBC_HAS_PRINTF_M_SPEC is not set -+UCLIBC_HAS_ERRNO_MESSAGES=y -+# UCLIBC_HAS_SYS_ERRLIST is not set -+UCLIBC_HAS_SIGNUM_MESSAGES=y -+# UCLIBC_HAS_SYS_SIGLIST is not set -+UCLIBC_HAS_GNU_GETOPT=y -+ -+# -+# Big and Tall -+# -+UCLIBC_HAS_REGEX=y -+# UCLIBC_HAS_WORDEXP is not set -+# UCLIBC_HAS_FTW is not set -+UCLIBC_HAS_GLOB=y -+ -+# -+# Library Installation Options -+# -+SHARED_LIB_LOADER_PREFIX="$(DEVEL_PREFIX)/lib" -+RUNTIME_PREFIX="/usr/$(TARGET_ARCH)-linux-uclibc/" -+DEVEL_PREFIX="/usr/$(TARGET_ARCH)-linux-uclibc/usr/" -+ -+# -+# uClibc security related options -+# -+UCLIBC_SECURITY=y -+UCLIBC_BUILD_PIE=y -+UCLIBC_HAS_ARC4RANDOM=y -+MKTEMP_USE_ARC4RANDOM=y -+ARC4RANDOM_USE_SYSCTL=y -+UCLIBC_HAS_SSP=y -+SSP_USE_ARC4RANDOM=y -+PROPOLICE_BLOCK_ABRT=y -+# PROPOLICE_BLOCK_SEGV is not set -+# PROPOLICE_BLOCK_KILL is not set -+UCLIBC_BUILD_SSP=y -+UCLIBC_BUILD_RELRO=y -+UCLIBC_BUILD_NOW=y -+UCLIBC_BUILD_NOEXECSTACK=y -+ -+# -+# uClibc development/debugging options -+# -+# DODEBUG is not set -+# DOASSERTS is not set -+# SUPPORT_LD_DEBUG is not set -+# SUPPORT_LD_DEBUG_EARLY is not set -+# UCLIBC_MJN3_ONLY is not set Deleted: trunk/hlfs/uClibc-0.9.27-dyn_ldconfig-1.patch =================================================================== --- trunk/hlfs/uClibc-0.9.27-dyn_ldconfig-1.patch 2005-10-08 14:42:36 UTC (rev 1171) +++ trunk/hlfs/uClibc-0.9.27-dyn_ldconfig-1.patch 2005-10-08 14:43:57 UTC (rev 1172) @@ -1,40 +0,0 @@ -Submitted By: Robert Connolly <robert at linuxfromscratch dot org> (ashes) -Date: 2005-02-15 -Initial Package Version: 0.9.27 -Upstream Status: From Upstream -Origin: http://bugs.uclibc.org/view.php?id=15 -Description: This patch builds ldconfig(8) dynamically linked. - -# -# Patch managed by http://www.holgerschurig.de/patcher.html -# - ---- uClibc/utils/Makefile~dyn-ldconfig -+++ uClibc/utils/Makefile -@@ -45,7 +45,7 @@ - $(STRIPTOOL) -x -R .note -R .comment $@ - - ldconfig: ldconfig.c -- $(CC) $(CFLAGS) -Wl,-s -static \ -+ $(CC) $(CFLAGS) -Wl,-s $(if $(filter $(UCLIBC_STATIC_LDCONFIG),y),-static) \ - -DUCLIBC_RUNTIME_PREFIX=\"$(RUNTIME_PREFIX)\" \ - -DUCLIBC_LDSO=$(UCLIBC_LDSO) -I. -I../ldso/include \ - $^ -o $@ ---- uClibc/extra/Configs/Config.in~dyn-ldconfig -+++ uClibc/extra/Configs/Config.in -@@ -311,6 +311,15 @@ - if you are using an older Linux kernel (2.0.x) that lacks large file - support. Enabling this option will increase the size of uClibc. - -+config UCLIBC_STATIC_LDCONFIG -+ bool "Link ldconfig statically" -+ default n -+ help -+ If you wish to link the ldconfig binary statically, enable this option. -+ It being static can be beneficial if you have a library problem and need -+ ldconfig to recover from it. If keeping the size down is more important -+ to you than system recovery, disable this option. -+ - choice - prompt "Malloc Implementation" - default MALLOC if ! ARCH_HAS_MMU Deleted: trunk/hlfs/uClibc-0.9.27-inet6_resolv-1.patch =================================================================== --- trunk/hlfs/uClibc-0.9.27-inet6_resolv-1.patch 2005-10-08 14:42:36 UTC (rev 1171) +++ trunk/hlfs/uClibc-0.9.27-inet6_resolv-1.patch 2005-10-08 14:43:57 UTC (rev 1172) @@ -1,32 +0,0 @@ -Submitted By: Robert Connolly <robert at linuxfromscratch dot org> (ashes) -Date: 2005-04-29 -Initial Package Version: 0.9.27 -Upstream Status: From Upstream -Origin: http://bugs.uclibc.org/view.php?id=206 -Description: This patch fixes two bugs with uClibc-0.9.27 and ipv6. - -diff -urN uClibc-0.9.27.old/libc/inet/resolv.c uClibc-0.9.27/libc/inet/resolv.c ---- uClibc-0.9.27.old/libc/inet/resolv.c 2005-01-12 08:59:21.000000000 +0100 -+++ uClibc-0.9.27/libc/inet/resolv.c 2005-04-04 22:14:38.000000000 +0200 -@@ -2029,7 +2029,7 @@ - int old_errno = errno; /* Save the old errno and reset errno */ - __set_errno(0); /* to check for missing /etc/hosts. */ - -- if ((i=__get_hosts_byname_r(name, AF_INET, result_buf, -+ if ((i=__get_hosts_byname_r(name, AF_INET6, result_buf, - buf, buflen, result, h_errnop))==0) - return i; - switch (*h_errnop) { -diff -urN uClibc-0.9.27.old/libc/inet/resolv.c uClibc-0.9.27/libc/inet/resolv.c ---- uClibc-0.9.27.old/libc/inet/resolv.c 2005-04-04 22:16:54.000000000 +0200 -+++ uClibc-0.9.27/libc/inet/resolv.c 2005-04-04 22:46:59.000000000 +0200 -@@ -1513,7 +1513,7 @@ - } else { - DPRINTF("Error\n"); - ret=TRY_AGAIN; -- break; /* bad ip address */ -+ continue; /* bad ip address, ignore */ - } - - if (action!=GETHOSTENT) { - Copied: trunk/uClibc/uClibc-0.9.27-arc4random-2.patch (from rev 1170, trunk/hlfs/uClibc-0.9.27-arc4random-2.patch) Copied: trunk/uClibc/uClibc-0.9.27-config-3.patch (from rev 1170, trunk/hlfs/uClibc-0.9.27-config-3.patch) Copied: trunk/uClibc/uClibc-0.9.27-dyn_ldconfig-1.patch (from rev 1170, trunk/hlfs/uClibc-0.9.27-dyn_ldconfig-1.patch) Copied: trunk/uClibc/uClibc-0.9.27-inet6_resolv-1.patch (from rev 1170, trunk/hlfs/uClibc-0.9.27-inet6_resolv-1.patch) -- http://linuxfromscratch.org/mailman/listinfo/patches FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
