libexpat and XML_POOR_ENTROPY

Dagobert Michelsen dam at opencsw.org
Fri Feb 25 23:48:08 CET 2022


Hi Ihsan,

Am 25.02.2022 um 20:45 schrieb İhsan Doğan via users <users at lists.opencsw.org>:
>> Am 25.02.2022 um 16:51 schrieb Ben Walton via users <users at lists.opencsw.org>:
>> 
>> I was looking at the libexpat recipe again. This kind of jumps out
>> from https://sourceforge.net/p/gar/code/HEAD/tree/csw/mgar/pkg/libexpat1/trunk/Makefile#l42:
>> 
>> # No high-entropy random in old Solaris versions
>> EXTRA_CPPFLAGS += -DXML_POOR_ENTROPY
>> 
>> Solaris has /dev/urandom. It meets requirements. As far as I know,
>> even the earlier versions of the device were sufficient for
>> cryptographic needs. It may be time to revisit that define.
>> 
>> Yeah, I'd drop it and see that it passes the test suite. Not sure how far back you'd need to go os and hardware worse to still need it, but arms pretty ancient to me.
> 
> I guess it would make sense to remove this option from the build recipe, right?

Looks like I added it. From my comments above I think there was not code in libexpat
to detect the proper entropy source at that time. Feel free to ditch it if the testsuite
passes.


Best regards

  — Dago

-- 
"You don't become great by trying to be great, you become great by wanting to do something,
and then doing it so hard that you become great in the process." - xkcd #896



More information about the users mailing list