libexpat and XML_POOR_ENTROPY
İhsan Doğan
ihsan at opencsw.org
Sun Mar 27 19:17:11 CEST 2022
Hi,
> Am 25.02.2022 um 23:48 schrieb Dagobert Michelsen <dam at opencsw.org>:
>
>>> I was looking at the libexpat recipe again. This kind of jumps out
>>> from https://sourceforge.net/p/gar/code/HEAD/tree/csw/mgar/pkg/libexpat1/trunk/Makefile#l42:
>>>
>>> # No high-entropy random in old Solaris versions
>>> EXTRA_CPPFLAGS += -DXML_POOR_ENTROPY
>>>
>>> Solaris has /dev/urandom. It meets requirements. As far as I know,
>>> even the earlier versions of the device were sufficient for
>>> cryptographic needs. It may be time to revisit that define.
>>>
>>> Yeah, I'd drop it and see that it passes the test suite. Not sure how far back you'd need to go os and hardware worse to still need it, but arms pretty ancient to me.
>>
>> I guess it would make sense to remove this option from the build recipe, right?
>
> Looks like I added it. From my comments above I think there was not code in libexpat
> to detect the proper entropy source at that time. Feel free to ditch it if the testsuite
> passes.
I’ve upgraded expat to 2.4.7 and I have also removed the -DXML_POOR_ENTROPY option. New package was pushed to the catalog today. https://www.opencsw.org/packages/CSWlibexpat1/ <https://www.opencsw.org/packages/CSWlibexpat1/>
Regars
Ihsan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.opencsw.org/pipermail/users/attachments/20220327/c88a3fa4/attachment.html>
More information about the users
mailing list