Skip to content
Snippets Groups Projects
Commit 2b3c02d6 authored by Deucе's avatar Deucе :ok_hand_tone4: Committed by Rob Swindell
Browse files

Update cryptlib to 3.4.7

parent b33a40e7
No related branches found
No related tags found
1 merge request!388Update cryptlib to 3.4.7
Expand all Show whitespace changes
Inline Side-by-side
Showing
with 859 additions and 235 deletions
3rdp/build/cl-fix-ssh-channel-close.patch
+ 55
48
View file @ 2b3c02d6
......@@ -9,6 +9,15 @@
}
else
{
@@ -527,6 +538,8 @@
no more channels left to close */
status = deleteChannel( sessionInfoPtr, channelNo, channelType,
closeLastChannel );
+ if( getChannelStatusByChannelNo( sessionInfoPtr, channelNo ) == CHANNEL_NONE )
+ return CRYPT_OK;
if( cryptStatusError( status ) )
{
if( status != OK_SPECIAL )
--- cryptlib.h.orig 2023-12-29 15:55:17.717475000 -0500
+++ cryptlib.h 2023-12-29 15:56:34.124863000 -0500
@@ -1228,6 +1228,7 @@
......@@ -28,54 +37,8 @@
/* Point at which private-use values start. Attribute values sometimes
need to be extended with additional pseudo-values in object-specific
--- ./kernel/attr_acl.c 2023-12-29 15:57:31.965603000 -0500
+++ ./kernel/attr_acl.c.orig 2023-12-29 15:57:21.751654000 -0500
@@ -3840,6 +3840,12 @@
MKPERM_SSH_EXT( RWx_RWx ),
ROUTE( OBJECT_TYPE_SESSION ),
subACL_SessinfoSSHChannelHeight ),
+ MKACL_N(
+ CRYPT_SESSINFO_SSH_CHANNEL_OPEN,
+ ST_NONE, ST_NONE, ST_SESS_SSH | ST_SESS_SSH_SVR,
+ MKPERM_SSL( Rxx_Rxx ),
+ ROUTE( OBJECT_TYPE_SESSION ),
+ RANGE( FALSE, TRUE ) ),
MKACL_END(), MKACL_END()
};
@@ -4707,7 +4713,7 @@
static_assert( CRYPT_CERTINFO_FIRST_EXTENSION == 2200, "Attribute value" );
static_assert( CRYPT_CERTINFO_FIRST_CMS == 2500, "Attribute value" );
static_assert( CRYPT_SESSINFO_FIRST_SPECIFIC == 6016, "Attribute value" );
- static_assert( CRYPT_SESSINFO_LAST_SPECIFIC == 6035, "Attribute value" );
+ static_assert( CRYPT_SESSINFO_LAST_SPECIFIC == 6036, "Attribute value" );
static_assert( CRYPT_CERTFORMAT_LAST == 12, "Attribute value" );
/* Perform a consistency check on the attribute ACLs. The ACLs are
--- session/ssh.c.orig 2023-12-29 16:07:09.485094000 -0500
+++ session/ssh.c 2023-12-29 16:07:52.102633000 -0500
@@ -993,7 +993,8 @@
type == CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE || \
type == CRYPT_SESSINFO_SSH_CHANNEL_WIDTH || \
type == CRYPT_SESSINFO_SSH_CHANNEL_HEIGHT || \
- type == CRYPT_SESSINFO_SSH_CHANNEL_TERMINAL);
+ type == CRYPT_SESSINFO_SSH_CHANNEL_TERMINAL || \
+ type == CRYPT_SESSINFO_SSH_CHANNEL_OPEN);
if( type == CRYPT_SESSINFO_SSH_OPTIONS )
{
@@ -1010,7 +1011,8 @@
if( type == CRYPT_SESSINFO_SSH_CHANNEL || \
type == CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE || \
type == CRYPT_SESSINFO_SSH_CHANNEL_WIDTH || \
- type == CRYPT_SESSINFO_SSH_CHANNEL_HEIGHT)
+ type == CRYPT_SESSINFO_SSH_CHANNEL_HEIGHT || \
+ type == CRYPT_SESSINFO_SSH_CHANNEL_OPEN)
{
status = getChannelAttribute( sessionInfoPtr, type, data );
}
--- ./session/ssh2_chn.c.orig 2023-12-29 19:50:00.990529000 -0500
+++ ./session/ssh2_chn.c 2023-12-29 19:51:32.502476000 -0500
--- ./session/ssh2_channel.c.orig 2023-12-29 19:50:00.990529000 -0500
+++ ./session/ssh2_channel.c 2023-12-29 19:51:32.502476000 -0500
@@ -24,6 +24,7 @@
#define CHANNEL_FLAG_NONE 0x00 /* No channel flag */
#define CHANNEL_FLAG_ACTIVE 0x01 /* Channel is active */
......@@ -208,3 +171,47 @@
return( isChannelActive( sessionInfoPtr, \
channelInfoPtr->channelID ) ? \
CRYPT_OK : OK_SPECIAL );
--- session/ssh.c.orig 2023-12-31 08:49:41.952161000 -0500
+++ session/ssh.c 2023-12-31 08:50:06.475509000 -0500
@@ -543,6 +543,7 @@
type == CRYPT_SESSINFO_SSH_CHANNEL_WIDTH || \
type == CRYPT_SESSINFO_SSH_CHANNEL_HEIGHT || \
type == CRYPT_SESSINFO_SSH_CHANNEL_TERMINAL || \
+ type == CRYPT_SESSINFO_SSH_CHANNEL_OPEN || \
type == CRYPT_SESSINFO_SSH_PREAUTH );
#else
REQUIRES( type == CRYPT_SESSINFO_SSH_PREAUTH );
@@ -567,7 +568,8 @@
if( type == CRYPT_SESSINFO_SSH_CHANNEL || \
type == CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE || \
type == CRYPT_SESSINFO_SSH_CHANNEL_WIDTH || \
- type == CRYPT_SESSINFO_SSH_CHANNEL_HEIGHT)
+ type == CRYPT_SESSINFO_SSH_CHANNEL_HEIGHT || \
+ type == CRYPT_SESSINFO_SSH_CHANNEL_OPEN)
{
status = getChannelAttribute( sessionInfoPtr, type, data );
}
--- kernel/attr_acl.c.orig 2023-12-31 08:49:41.973327000 -0500
+++ kernel/attr_acl.c 2023-12-31 08:51:13.972549000 -0500
@@ -3943,6 +3943,12 @@
MKPERM_SSH_EXT( RWx_RWx ),
ROUTE( OBJECT_TYPE_SESSION ),
subACL_SessinfoSSHChannelHeight ),
+ MKACL_N(
+ CRYPT_SESSINFO_SSH_CHANNEL_OPEN,
+ ST_NONE, ST_NONE, ST_SESS_SSH | ST_SESS_SSH_SVR,
+ MKPERM_TLS( Rxx_Rxx ),
+ ROUTE( OBJECT_TYPE_SESSION ),
+ RANGE( FALSE, TRUE ) ),
MKACL_END(), MKACL_END()
};
@@ -4931,7 +4937,7 @@
static_assert( CRYPT_CERTINFO_FIRST_EXTENSION == 2200, "Attribute value" );
static_assert( CRYPT_CERTINFO_FIRST_CMS == 2500, "Attribute value" );
static_assert( CRYPT_SESSINFO_FIRST_SPECIFIC == 6017, "Attribute value" );
- static_assert( CRYPT_SESSINFO_LAST_SPECIFIC == 6039, "Attribute value" );
+ static_assert( CRYPT_SESSINFO_LAST_SPECIFIC == 6040, "Attribute value" );
static_assert( CRYPT_CERTFORMAT_LAST == 13, "Attribute value" );
/* Perform a consistency check on the attribute ACLs. The ACLs are
3rdp/build/cl-fix-test-select.patch 0 → 100644
+ 10
0
View file @ 2b3c02d6
--- test/test.h.orig 2023-12-31 07:11:19.119452000 -0500
+++ test/test.h 2023-12-31 07:11:41.022395000 -0500
@@ -378,6 +378,7 @@
#define THREAD_SLEEP( ms ) Sleep( ms )
typedef unsigned ( __stdcall *THREAD_FUNC )( void *arg );
#elif defined( UNIX_THREADS )
+ #include <sys/select.h>
#define THREAD_HANDLE pthread_t
#define THREAD_EXIT() pthread_exit( ( void * ) 0 )
#define THREAD_SELF() pthread_self()
3rdp/build/cl-gcc-non-const-time-val.patch deleted 100644 → 0
+ 0
11
View file @ b33a40e7
--- misc/consts.h.orig 2019-06-20 12:44:22.683319000 -0400
+++ misc/consts.h 2019-06-20 12:44:53.191660000 -0400
@@ -346,7 +346,7 @@
#define MAX_TIME_VALUE ( YEARS_TO_SECONDS( 2036 - 1970 ) )
#if ( defined( __clang__ ) && ( __clang_major__ > 5 ) ) || \
- ( defined( __GNUC__ ) && ( __GNUC__ > 6 ) ) || \
+ ( defined( __GNUC__ ) && ( __GNUC__ > 11 ) ) || \
( defined( _MSC_VER ) && VC_GE_2017( _MSC_VER ) )
#define CURRENT_TIME_VALUE ( ( DATE_YEAR + DATE_MONTH + DATE_DAY - 30 ) * 86400 )
#else
3rdp/build/cl-getseed64.patch deleted 100644 → 0
+ 0
11
View file @ b33a40e7
--- tools/getseed.sh.orig 2017-07-11 01:19:34.000000000 -0400
+++ tools/getseed.sh 2018-01-03 02:08:08.240258000 -0500
@@ -16,7 +16,7 @@
if [ -e /dev/urandom ] ; then
printf -- "-DFIXED_SEED=0x" ;
if [ $IS64BIT -gt 0 ] ; then
- printf "%X\n" `od -An -N8 -tu8 < /dev/urandom` ;
+ printf "%X%X\n" `od -An -N4 -tu4 < /dev/urandom` `od -An -N4 -tu4 < /dev/urandom`;
else
printf "%X\n" `od -An -N4 -tu4 < /dev/urandom` ;
fi ;
3rdp/build/cl-learn-numbers.patch deleted 100644 → 0
+ 0
20
View file @ b33a40e7
--- ./tools/ccopts.sh.orig 2020-05-02 04:05:14.767613000 -0400
+++ ./tools/ccopts.sh 2020-05-02 04:15:51.301386000 -0400
@@ -357,7 +357,7 @@
# tools/getlibs.sh also for clang 4.7 or newer.
if [ $ISCLANG -gt 0 ] && [ $ISSPECIAL -eq 0 ] ; then
- CLANG_VER="$($CC -dumpversion | tr -d '.' | cut -c 1-2)" ;
+ CLANG_VER="$($CC -dumpversion | sed -E 's/^([0-9]+)$/\1.0/' | sed -E 's/^([0-9]+)\.([0-9]).*$/\1\2/')" ;
if [ $CLANG_VER -gt 42 ] ; then
CCARGS="$CCARGS -fsanitize=safe-stack" ;
fi ;
@@ -509,7 +509,7 @@
# apparent version less than 10 we add a trailing zero to the string to make
# the checks that follow work.
-GCC_VER="$($CC -dumpversion | tr -d '.' | cut -c 1-2)"
+GCC_VER="$($CC -dumpversion | sed -E 's/^([0-9]+)$/\1.0/' | sed -E 's/^([0-9]+)\.([0-9]).*$/\1\2/')"
if [ "$GCC_VER" -lt 10 ] ; then
GCC_VER="${GCC_VER}0" ;
fi
3rdp/build/cl-linux-yield.patch deleted 100644 → 0
+ 0
11
View file @ b33a40e7
--- old/thread.h 2021-10-19 12:34:08.766649958 -0700
+++ kernel/thread.h 2021-10-19 12:34:43.794072316 -0700
@@ -3005,7 +3005,7 @@
#endif /* Slowaris 5.7 / 7.x or newer */
#elif defined( _AIX ) || defined( __Android__ ) || defined( __CYGWIN__ ) || \
( defined( __hpux ) && ( OSVERSION >= 11 ) ) || \
- defined( __NetBSD__ ) || defined( __QNX__ ) || defined( __UCLIBC__ )
+ defined( __NetBSD__ ) || defined( __QNX__ ) || defined( __UCLIBC__ ) || defined(__linux__)
#define THREAD_YIELD() sched_yield()
#elif defined( __XMK__ )
/* The XMK underlying scheduling object is the process context, for which
3rdp/build/cl-make-channels-work.patch 0 → 100644
+ 578
0
View file @ 2b3c02d6
This diff is collapsed.
3rdp/build/cl-more-RSA-ECC-fixes.patch deleted 100644 → 0
+ 0
13
View file @ b33a40e7
--- session/ssl_ext.c.orig 2020-01-23 15:25:30.640683000 -0500
+++ session/ssl_ext.c 2020-01-23 15:25:40.141297000 -0500
@@ -607,8 +607,8 @@
#endif /* CONFIG_SUITEB */
/* Make sure that the curve matches the server's signing key */
- if( curveSize != keySize )
- continue;
+ //if( curveSize != keySize )
+ // continue;
/* We've got a matching curve, remember it. In theory we could exit
at this point but we continue anyway to clear the remainder of
3rdp/build/cl-no-RSA-suites.patch deleted 100644 → 0
+ 0
11
View file @ b33a40e7
--- misc/config.h.orig 2020-01-23 12:03:27.741075000 -0500
+++ misc/config.h 2020-01-23 12:03:27.806947000 -0500
@@ -684,7 +684,7 @@
64-bit systems, which by definition are going to be fairly recent */
#ifndef SYSTEM_64BIT
- #define USE_RSA_SUITES
+// #define USE_RSA_SUITES
#endif /* SYSTEM_64BIT */
/* This now leads to a second problem, as of 2018 many public web servers
3rdp/build/cl-no-odbc.patch
+ 45
12
View file @ 2b3c02d6
--- tools/ccopts.sh.orig 2019-06-20 12:51:38.118150000 -0400
+++ tools/ccopts.sh 2019-06-20 12:52:34.479052000 -0400
@@ -210,7 +210,8 @@
for includepath in $ODBCPATHS ; do
if [ -f $includepath ] ; then
echo "ODBC interface detected, enabling ODBC support." >&2 ;
- CCARGS="$CCARGS -DHAS_ODBC -I"$(dirname $includepath)"" ;
+ #CCARGS="$CCARGS -DHAS_ODBC -I"$(dirname $includepath)"" ;
+ echo "Hah ha ha, no. fuck off." >&2 ;
break ;
fi
done
--- tools/ccopts.sh.orig 2023-12-31 07:18:39.570162000 -0500
+++ tools/ccopts.sh 2023-12-31 07:19:32.075029000 -0500
@@ -369,25 +369,25 @@
esac
if [ -z "$DISABLE_AUTODETECT" ] && [ $HASDYNLOAD -gt 0 ] ; then
# ODBC support
- for includepath in $ODBCPATHS ; do
- if [ -f $includepath ] ; then
- echo "ODBC interface detected, enabling ODBC support." >&2 ;
- CCARGS="$CCARGS -DHAS_ODBC" ;
- if [ "$(dirname $includepath)" != "/usr/include" ] ; then
- CCARGS="$CCARGS -I$(dirname $includepath)" ;
- fi ;
- break ;
- fi ;
- done
+ #for includepath in $ODBCPATHS ; do
+ # if [ -f $includepath ] ; then
+ # echo "ODBC interface detected, enabling ODBC support." >&2 ;
+ # CCARGS="$CCARGS -DHAS_ODBC" ;
+ # if [ "$(dirname $includepath)" != "/usr/include" ] ; then
+ # CCARGS="$CCARGS -I$(dirname $includepath)" ;
+ # fi ;
+ # break ;
+ # fi ;
+ #done
# LDAP support
- if [ -f /usr/include/ldap.h ] ; then
- echo "LDAP interface detected, enabling LDAP support" >&2 ;
- CCARGS="$CCARGS -DHAS_LDAP" ;
- if [ $ISDEVELOPMENT -gt 0 ] ; then
- CCARGS="$CCARGS -DUSE_LDAP" ;
- fi ;
- fi
+ #if [ -f /usr/include/ldap.h ] ; then
+ # echo "LDAP interface detected, enabling LDAP support" >&2 ;
+ # CCARGS="$CCARGS -DHAS_LDAP" ;
+ # if [ $ISDEVELOPMENT -gt 0 ] ; then
+ # CCARGS="$CCARGS -DUSE_LDAP" ;
+ # fi ;
+ #fi
# PKCS #11 support
for includepath in $PKCS11PATHS ; do
3rdp/build/cl-no-pie.patch 0 → 100644
+ 15
0
View file @ 2b3c02d6
--- tools/ccopts.sh.orig 2023-12-31 11:49:24.760461000 -0500
+++ tools/ccopts.sh 2023-12-31 11:49:32.686744000 -0500
@@ -1253,9 +1253,9 @@
# Enable ASLR. We only do this for static libs, for shared libs it's
# already been handled via -fpic.
-if [ "$COMPILER_VER" -ge 42 ] && [ $SHARED -le 0 ] ; then
- CCARGS="$CCARGS -fpie -Wl,-pie" ;
-fi
+#if [ "$COMPILER_VER" -ge 42 ] && [ $SHARED -le 0 ] ; then
+# CCARGS="$CCARGS -fpie -Wl,-pie" ;
+#fi
# Newer versions of gcc support marking the stack as nonexecutable (e.g.
# using the x86-64 NX bit), so if it's available we enable it. This is
3rdp/build/cl-no-safe-stack.patch
+ 43
27
View file @ 2b3c02d6
--- tools/getlibs.sh.orig 2021-01-24 07:40:21.569115000 -0500
+++ tools/getlibs.sh 2021-01-24 07:40:42.823333000 -0500
@@ -59,9 +59,9 @@
--- tools/ccopts.sh.orig 2023-12-31 07:57:24.600204000 -0500
+++ tools/ccopts.sh 2023-12-31 07:59:35.674830000 -0500
@@ -601,25 +601,25 @@
return $RESULT ;
}
if hasSubstring "$BUILDOPTS" "sanitize=safe-stack" ; then
CLANG_VER="$(clang -dumpversion | tr -d '.' | cut -c 1-2)" ;
- if [ $CLANG_VER -gt 47 ] ; then
- LDARGS="$LDARGS -fsanitize=safe-stack" ;
- fi ;
+ #if [ $CLANG_VER -gt 47 ] ; then
+ # LDARGS="$LDARGS -fsanitize=safe-stack" ;
+ #fi ;
fi
# Add any libraries needed by optional components. In the case of zlib use
--- tools/ccopts.sh.orig 2020-11-26 02:40:05.222021000 -0500
+++ tools/ccopts.sh 2021-01-24 07:41:02.126230000 -0500
@@ -358,9 +358,9 @@
# tools/getlibs.sh also for clang 4.7 or newer.
if [ $ISCLANG -gt 0 ] && [ $ISSPECIAL -eq 0 ] ; then
CLANG_VER="$($CC -dumpversion | sed -E 's/^([0-9]+)$/\1.0/' | sed -E 's/^([0-9]+)\.([0-9]).*$/\1\2/')" ;
- if [ $CLANG_VER -gt 42 ] ; then
-if [ $ISCLANG -gt 0 ] && [ $ISSPECIAL -eq 0 ] ; then
- if [ $COMPILER_VER -ge 47 ] ; then
- if [ "$OSNAME" = "Darwin" ] || [ "$OSNAME" = "OpenBSD" ] ; then
- # The versions of clang shipped with OS X or OpenBSD don't
- # support -fsanitize=safe-stack even as late as clang 12, so
- # there's not much that we can do.
- CCARGS="$CCARGS" ;
- elif ! hasSafeStackLibs ; then
- echo " " >&2 ;
- echo " (This system supports clang stack sanitization via -fsanitize=safe-stack" >&2 ;
- echo " in $0, however the necessary libclang_rt isn't installed." >&2 ;
- echo " If you can install the required library then consider enabling" >&2 ;
- echo " -fsanitize=safe-stack in $0)." >&2 ;
- echo " " >&2 ;
- else
- CCARGS="$CCARGS -fsanitize=safe-stack" ;
- fi ;
+ #if [ $CLANG_VER -gt 42 ] ; then
- fi ;
-fi
+#if [ $ISCLANG -gt 0 ] && [ $ISSPECIAL -eq 0 ] ; then
+# if [ $COMPILER_VER -ge 47 ] ; then
+# if [ "$OSNAME" = "Darwin" ] || [ "$OSNAME" = "OpenBSD" ] ; then
+# # The versions of clang shipped with OS X or OpenBSD don't
+# # support -fsanitize=safe-stack even as late as clang 12, so
+# # there's not much that we can do.
+# CCARGS="$CCARGS" ;
+# elif ! hasSafeStackLibs ; then
+# echo " " >&2 ;
+# echo " (This system supports clang stack sanitization via -fsanitize=safe-stack" >&2 ;
+# echo " in $0, however the necessary libclang_rt isn't installed." >&2 ;
+# echo " If you can install the required library then consider enabling" >&2 ;
+# echo " -fsanitize=safe-stack in $0)." >&2 ;
+# echo " " >&2 ;
+# else
+# CCARGS="$CCARGS -fsanitize=safe-stack" ;
+# fi ;
fi
+# fi ;
+#fi
# The Sun compiler has its own set of problems, the biggest of which is
# determining where it is and what it is (see comments elsewhere), but
3rdp/build/cl-no-testobjs.patch 0 → 100644
+ 11
0
View file @ 2b3c02d6
--- makefile.orig 2023-12-31 12:09:41.982826000 -0500
+++ makefile 2023-12-31 12:10:05.682180000 -0500
@@ -1784,7 +1784,7 @@
# than the system tools and libraries for the build, so we special-case this
# step based on the $(OSNAME) setting supplied to the build script.
-$(ALIBNAME): $(OBJS) $(EXTRAOBJS) $(TESTOBJS)
+$(ALIBNAME): $(OBJS) $(EXTRAOBJS)
@./tools/buildlib.sh $(ALIBNAME) $(OSNAME) $(AR) \
$(OBJS) $(EXTRAOBJS)
3rdp/build/cl-no-tpm.patch
+ 51
25
View file @ 2b3c02d6
--- tools/ccopts.sh.orig 2020-04-01 20:03:19.115301000 -0400
+++ tools/ccopts.sh 2020-04-01 20:04:10.160695000 -0400
@@ -242,15 +242,15 @@
done
# TPM support
- if [ "$(uname -s)" = "Linux" ] ; then
--- tools/ccopts.sh.orig 2023-12-31 07:50:46.349349000 -0500
+++ tools/ccopts.sh 2023-12-31 07:51:14.307725000 -0500
@@ -411,30 +411,30 @@
# TPM support. The use of the doubled-up dirname is required because
# the TPM header is in a subdirectory tss2/tss2_fapi.h so we have to
# remove first the tss2_fapi.h and then the tss2 from the path.
- for includepath in $TPMPATHS ; do
- if [ -f $includepath ] ; then
- echo "TPM interface detected, enabling TPM support." >&2 ;
- CCARGS="$CCARGS -DHAS_TPM -I"$(dirname $includepath)"" ;
- CCARGS="$CCARGS -DHAS_TPM" ;
- if [ "$(dirname $includepath)" != "/usr/include/tss2" ] ; then
- CCARGS="$CCARGS -I$(dirname $(dirname $includepath))" ;
- fi ;
- break ;
- fi
- fi ;
- done
- fi
+ #if [ "$(uname -s)" = "Linux" ] ; then
+ #for includepath in $TPMPATHS ; do
+ # if [ -f $includepath ] ; then
+ # echo "TPM interface detected, enabling TPM support." >&2 ;
+ # CCARGS="$CCARGS -DHAS_TPM -I"$(dirname $includepath)"" ;
+ # CCARGS="$CCARGS -DHAS_TPM" ;
+ # if [ "$(dirname $includepath)" != "/usr/include/tss2" ] ; then
+ # CCARGS="$CCARGS -I$(dirname $(dirname $includepath))" ;
+ # fi ;
+ # break ;
+ # fi ;
+ #done
# TPM RNG support. The use of the doubled-up dirname is required because
# the TPM header is in a subdirectory tss/tspi.h so we have to remove
# first the tspi.h and then the tss from the path.
- for includepath in $TPMRNGPATHS ; do
- if [ -f $includepath ] ; then
- echo "TPM RNG interface detected, enabling TPM RNG support." >&2 ;
- CCARGS="$CCARGS -DHAS_TPM_RNG" ;
- if [ "$(dirname $includepath)" != "/usr/include/tss" ] ; then
- CCARGS="$CCARGS -I$(dirname $(dirname $includepath))" ;
- fi ;
- break ;
- fi ;
- done
+ #for includepath in $TPMRNGPATHS ; do
+ # if [ -f $includepath ] ; then
+ # echo "TPM RNG interface detected, enabling TPM RNG support." >&2 ;
+ # CCARGS="$CCARGS -DHAS_TPM_RNG" ;
+ # if [ "$(dirname $includepath)" != "/usr/include/tss" ] ; then
+ # CCARGS="$CCARGS -I$(dirname $(dirname $includepath))" ;
+ # fi ;
+ # break ;
+ # fi
+ # fi ;
+ #done
+ #fi
# /dev/crypto support
#for includepath in $DEVCRYPTOPATHS ; do
# /dev/crypto support. The use of the doubled-up dirname is required
# because the /dev/crypto header is in a subdirectory crypto/cryptodev.h
3rdp/build/cl-noasm-defines.patch
+ 5
5
View file @ 2b3c02d6
--- crypt.h.orig 2019-07-15 16:20:43.204006000 -0400
+++ crypt.h 2019-07-15 16:21:06.812752000 -0400
--- crypt.h.orig 2023-02-26 02:45:18.000000000 -0500
+++ crypt.h 2023-12-31 07:21:16.146850000 -0500
@@ -9,6 +9,10 @@
#define _CRYPT_DEFINED
......@@ -8,6 +8,6 @@
+#define OPENSSL_NO_INLINE_ASM
+#define NO_ASM
+
/* Various compilers handle includes in subdirectories differently. Most
will work with paths from a root directory. Non-OS X Macintoshes don't
recognise '/'s as path delimiters, but work around it by scanning all
/* The overall cryptlib header file, which pulls in all other universally-
used header files. The include order is:
3rdp/build/cl-pass-after-pubkey.patch 0 → 100644
+ 18
0
View file @ 2b3c02d6
--- session/ssh2_authcli.c.orig 2024-01-19 12:15:13.314932000 -0500
+++ session/ssh2_authcli.c 2024-01-19 12:15:26.674148000 -0500
@@ -597,6 +597,7 @@
and return some sort of useful information to the caller */
if( providedAuthType == SSH_AUTHTYPE_PUBKEY )
{
+#if 0
if( needsPW )
{
setObjectErrorInfo( sessionInfoPtr, CRYPT_SESSINFO_PASSWORD,
@@ -606,6 +607,7 @@
"Server requested password authentication but only a "
"public/private key was available" ) );
}
+#endif
return CRYPT_ENVELOPE_RESOURCE;
}
if( requiredAuthType == SSH_AUTHTYPE_PUBKEY )
3rdp/build/cl-poll-not-select.patch
+ 16
15
View file @ 2b3c02d6
--- io/tcp_rw.c.orig 2019-02-05 18:16:32.000000000 -0500
+++ io/tcp_rw.c 2021-12-07 15:16:54.161874000 -0500
--- io/tcp_rw.c.orig 2023-02-26 03:33:50.000000000 -0500
+++ io/tcp_rw.c 2023-12-31 08:12:00.663053000 -0500
@@ -20,6 +20,10 @@
#ifdef USE_TCP
......@@ -19,7 +19,7 @@
struct timeval tv;
fd_set readfds, writefds, exceptfds;
fd_set *readFDPtr = ( type == IOWAIT_READ || \
@@ -81,6 +86,10 @@
@@ -81,6 +86,11 @@
type == IOWAIT_ACCEPT ) ? &readfds : NULL;
fd_set *writeFDPtr = ( type == IOWAIT_WRITE || \
type == IOWAIT_CONNECT ) ? &writefds : NULL;
......@@ -27,11 +27,12 @@
+ struct pollfd fds;
+ int ptimeout;
+#endif
int selectIterations, status, LOOP_ITERATOR;
+
LOOP_INDEX selectIterations;
int status;
assert( isWritePtr( netStream, sizeof( NET_STREAM_INFO ) ) );
@@ -90,26 +99,6 @@
REQUIRES( previousDataRead == TRUE || previousDataRead == FALSE );
@@ -91,26 +101,6 @@
REQUIRES( isBooleanValue( previousDataRead ) );
REQUIRES( isEnumRange( type, IOWAIT ) );
- /* Check for overflows in FD_SET(). This is an ugly implementation
......@@ -57,7 +58,7 @@
/* Set up the information needed to handle timeouts and wait on the
socket. If there's no timeout then we wait 5ms on the theory that it
isn't noticeable to the caller but ensures that we at least get a
@@ -152,6 +141,20 @@
@@ -153,6 +143,20 @@
status = setMonoTimer( &timerInfo, timeout );
if( cryptStatusError( status ) )
return( status );
......@@ -78,15 +79,15 @@
LOOP_MED( ( selectIterations = 0, status = SOCKET_ERROR ), \
isSocketError( status ) && \
( selectIterations <= 0 || \
@@ -159,6 +162,7 @@
selectIterations < 20,
selectIterations++ )
@@ -162,6 +166,7 @@
{
ENSURES( LOOP_INVARIANT_MED( selectIterations, 0, 19 ) );
+#ifdef __WINDOWS__
if( readFDPtr != NULL )
{
FD_ZERO( readFDPtr );
@@ -186,6 +190,10 @@
@@ -189,6 +194,10 @@
clearErrorState();
status = select( ( int ) netStream->netSocket + 1, readFDPtr,
writeFDPtr, &exceptfds, &tv );
......@@ -97,7 +98,7 @@
/* If there's a problem and it's not something transient like an
interrupted system call, exit. For a transient problem, we just
@@ -269,7 +277,11 @@
@@ -272,7 +281,11 @@
false and an indicator to receive SIGURG's not set, the OOB data byte
just languishes in a side-buffer), however we shouldn't be receiving
OOB data so we treat that as an error too */
......@@ -109,7 +110,7 @@
{
int socketErrorCode;
@@ -323,6 +335,7 @@
@@ -326,6 +339,7 @@
/* The socket is read for reading or writing */
ENSURES( status > 0 );
......@@ -117,7 +118,7 @@
ENSURES( ( type == IOWAIT_READ && \
FD_ISSET( netStream->netSocket, &readfds ) ) || \
( type == IOWAIT_WRITE && \
@@ -331,6 +344,13 @@
@@ -334,6 +348,13 @@
( FD_ISSET( netStream->netSocket, &readfds ) || \
FD_ISSET( netStream->netSocket, &writefds ) ) ) || \
( type == IOWAIT_ACCEPT ) );
......
3rdp/build/cl-posix-me-gently.patch
+ 4
4
View file @ 2b3c02d6
--- ../tmp2/crypt.h 2019-01-31 14:52:00.000000000 -0500
+++ crypt.h 2019-06-03 16:26:35.672044000 -0400
@@ -79,7 +79,7 @@
--- misc/os_spec.h.orig 2023-12-31 06:48:03.815555000 -0500
+++ misc/os_spec.h 2023-12-31 06:48:27.417919000 -0500
@@ -103,7 +103,7 @@
#ifndef _POSIX_C_SOURCE
#if defined( __xlc__ ) || defined( __IBMC__ )
#define _POSIX_C_SOURCE 200112L /* Posix 2001 */
......
3rdp/build/cl-prefer-ECC-harder.patch
+ 8
8
View file @ 2b3c02d6
--- session/ssl_suites.c.orig 2020-01-23 14:12:41.131472000 -0500
+++ session/ssl_suites.c 2020-01-23 14:12:59.980267000 -0500
@@ -357,12 +357,12 @@
static const CIPHERSUITES_LIST cipherSuitesList[] = {
{ cipherSuitePSK, FAILSAFE_ARRAYSIZE( cipherSuitePSK, CIPHERSUITE_INFO ) },
--- session/tls_suites.c.orig 2023-02-28 02:55:06.000000000 -0500
+++ session/tls_suites.c 2023-12-31 07:30:02.368446000 -0500
@@ -414,12 +414,12 @@
/* ECC suites if these are preferred */
#ifdef PREFER_ECC
- #ifdef USE_GCM
- { cipherSuiteGCM, FAILSAFE_ARRAYSIZE( cipherSuiteGCM, CIPHERSUITE_INFO ) },
......@@ -13,6 +13,6 @@
+ #ifdef USE_GCM
+ { cipherSuiteGCM, FAILSAFE_ARRAYSIZE( cipherSuiteGCM, CIPHERSUITE_INFO ) },
+ #endif /* USE_GCM */
#endif /* PREFER_ECC */
{ cipherSuiteDH, FAILSAFE_ARRAYSIZE( cipherSuiteDH, CIPHERSUITE_INFO ) },
#ifdef USE_RSA_SUITES
#ifdef USE_CHACHA20
{ cipherSuiteBernstein, FAILSAFE_ARRAYSIZE( cipherSuiteBernstein, CIPHERSUITE_INFO ) },
#endif /* USE_CHACH20 */
3rdp/build/cl-pthread_yield.patch deleted 100644 → 0
+ 0
14
View file @ b33a40e7
--- kernel/thread.h.orig 2023-12-13 12:08:02.174014000 -0500
+++ kernel/thread.h 2023-12-13 12:08:24.634971000 -0500
@@ -3013,10 +3013,7 @@
underlying process context should yield the associated thread */
#define THREAD_YIELD() yield()
#else
- #if defined( __linux__ ) && !defined( __USE_GNU )
- void pthread_yield( void );
- #endif /* Present but not prototyped unless GNU extensions are enabled */
- #define THREAD_YIELD() pthread_yield()
+ #define THREAD_YIELD() sched_yield()
#endif /* Not-very-portable Posix portability */
#define THREAD_SLEEP( ms ) { \
struct timeval tv = { 0 }; \
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment