svn commit: r460256 - in head/net-im/gajim: . files
Dag-Erling Smørgrav
des at FreeBSD.org
Mon Jan 29 11:18:03 UTC 2018
Author: des
Date: Mon Jan 29 11:18:02 2018
New Revision: 460256
URL: https://svnweb.freebsd.org/changeset/ports/460256
Log:
Add upstream patch for compatibility with newer security/py-openssl.
Approved by: maintainer (rm@)
MFH: 2018Q1
Added:
head/net-im/gajim/files/patch-3dd35f5e762dcef2cf05e325705d0e7a2db21917 (contents, props changed)
Modified:
head/net-im/gajim/Makefile
Modified: head/net-im/gajim/Makefile
==============================================================================
--- head/net-im/gajim/Makefile Mon Jan 29 11:11:31 2018 (r460255)
+++ head/net-im/gajim/Makefile Mon Jan 29 11:18:02 2018 (r460256)
@@ -3,6 +3,7 @@
PORTNAME= gajim
PORTVERSION= 0.16.8
+PORTREVISION= 1
CATEGORIES= net-im
MASTER_SITES= http://gajim.org/downloads/0.16/
Added: head/net-im/gajim/files/patch-3dd35f5e762dcef2cf05e325705d0e7a2db21917
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/net-im/gajim/files/patch-3dd35f5e762dcef2cf05e325705d0e7a2db21917 Mon Jan 29 11:18:02 2018 (r460256)
@@ -0,0 +1,87 @@
+--- src/common/crypto.py.orig
++++ src/common/crypto.py
+@@ -76,50 +76,8 @@
+ else:
+ return base28_chr[n]
+
+-def add_entropy_sources_OpenSSL():
+- # Other possibly variable data. This are very low quality sources of
+- # entropy, but some of them are installation dependent and can be hard
+- # to guess for the attacker.
+- # Data available on all platforms Unix, Windows
+- sources = [sys.argv, sys.builtin_module_names,
+- sys.copyright, sys.getfilesystemencoding(), sys.hexversion,
+- sys.modules, sys.path, sys.version, sys.api_version,
+- os.environ, os.getcwd(), os.getpid()]
+-
+- for s in sources:
+- OpenSSL.rand.add(str(s), 1)
+-
+- # The /proc filesystem on POSIX systems contains many random variables:
+- # memory statistics, interrupt counts, network packet counts
+- if os.name == 'posix':
+- dirs = ['/proc', '/proc/net', '/proc/self']
+- for d in dirs:
+- if os.access(d, os.R_OK):
+- for filename in os.listdir(d):
+- OpenSSL.rand.add(filename, 0)
+- try:
+- with open(d + os.sep + filename, "r") as fp:
+- # Limit the ammount of read bytes, in case a memory
+- # file was opened
+- OpenSSL.rand.add(str(fp.read(5000)), 1)
+- except IOError:
+- # Ignore all read and access errors
+- pass
+-
+-PYOPENSSL_PRNG_PRESENT = False
+-try:
+- import OpenSSL.rand
+- PYOPENSSL_PRNG_PRESENT = True
+-except ImportError:
+- # PyOpenSSL PRNG not available
+- pass
+-
+ def random_bytes(bytes_):
+- if PYOPENSSL_PRNG_PRESENT:
+- OpenSSL.rand.add(os.urandom(bytes_), bytes_)
+- return OpenSSL.rand.bytes(bytes_)
+- else:
+- return os.urandom(bytes_)
++ return os.urandom(bytes_)
+
+ def generate_nonce():
+ return random_bytes(8)
+--- src/gajim.py.orig
++++ src/gajim.py
+@@ -296,20 +296,6 @@
+ pid_filename = gajimpaths['PID_FILE']
+ config_filename = gajimpaths['CONFIG_FILE']
+
+-# Seed the OpenSSL pseudo random number generator from file and initialize
+-RNG_SEED = gajimpaths['RNG_SEED']
+-PYOPENSSL_PRNG_PRESENT = False
+-try:
+- import OpenSSL.rand
+- from common import crypto
+- PYOPENSSL_PRNG_PRESENT = True
+- # Seed from file
+- OpenSSL.rand.load_file(str(RNG_SEED))
+- crypto.add_entropy_sources_OpenSSL()
+- OpenSSL.rand.write_file(str(RNG_SEED))
+-except ImportError:
+- log.info("PyOpenSSL PRNG not available")
+-
+ import traceback
+ import errno
+ import dialogs
+@@ -456,9 +442,6 @@
+ del pid_dir
+
+ def on_exit():
+- # Save the entropy from OpenSSL PRNG
+- if PYOPENSSL_PRNG_PRESENT:
+- OpenSSL.rand.write_file(str(RNG_SEED))
+ # delete pid file on normal exit
+ if os.path.exists(pid_filename):
+ os.remove(pid_filename)
More information about the svn-ports-all
mailing list