From ihsan at opencsw.org Sun Mar 27 19:17:11 2022 From: ihsan at opencsw.org (=?utf-8?B?xLBoc2FuIERvxJ9hbg==?=) Date: Sun, 27 Mar 2022 19:17:11 +0200 Subject: libexpat and XML_POOR_ENTROPY In-Reply-To: References: <83B055CB-FEAC-4E51-9DF5-9B88BB98599A@opencsw.org> Message-ID: <94F6A0DB-E9C9-488D-AF2C-AD2D4A54ED60@opencsw.org> Hi, > Am 25.02.2022 um 23:48 schrieb Dagobert Michelsen : > >>> I was looking at the libexpat recipe again. This kind of jumps out >>> from https://sourceforge.net/p/gar/code/HEAD/tree/csw/mgar/pkg/libexpat1/trunk/Makefile#l42: >>> >>> # No high-entropy random in old Solaris versions >>> EXTRA_CPPFLAGS += -DXML_POOR_ENTROPY >>> >>> Solaris has /dev/urandom. It meets requirements. As far as I know, >>> even the earlier versions of the device were sufficient for >>> cryptographic needs. It may be time to revisit that define. >>> >>> Yeah, I'd drop it and see that it passes the test suite. Not sure how far back you'd need to go os and hardware worse to still need it, but arms pretty ancient to me. >> >> I guess it would make sense to remove this option from the build recipe, right? > > Looks like I added it. From my comments above I think there was not code in libexpat > to detect the proper entropy source at that time. Feel free to ditch it if the testsuite > passes. I?ve upgraded expat to 2.4.7 and I have also removed the -DXML_POOR_ENTROPY option. New package was pushed to the catalog today. https://www.opencsw.org/packages/CSWlibexpat1/ Regars Ihsan -------------- next part -------------- An HTML attachment was scrubbed... URL: