From 01e78c377b5d348d99b31e22129f2053d0b7596d Mon Sep 17 00:00:00 2001 From: Sebastian Pipping Date: Thu, 25 May 2017 20:07:01 +0200 Subject: [PATCH 01/11] Start using RtlGenRandom for entropy extraction on WinXP and later --- expat/lib/xmlparse.c | 45 +++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 44 insertions(+), 1 deletion(-) diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c index f72efda4..177b0b5f 100644 --- a/expat/lib/xmlparse.c +++ b/expat/lib/xmlparse.c @@ -697,6 +697,39 @@ static const XML_Char implicitContext[] = { ASCII_s, ASCII_p, ASCII_a, ASCII_c, ASCII_e, '\0' }; + +#ifdef _WIN32 + +typedef BOOLEAN (APIENTRY *RTLGENRANDOM_FUNC)(PVOID, ULONG); + +/* Obtain entropy on Windows XP / Windows Server 2003 and later. + * Hint on RtlGenRandom and the following article from libsodioum. + * + * Michael Howard: Cryptographically Secure Random number on Windows without using CryptoAPI + * https://blogs.msdn.microsoft.com/michael_howard/2005/01/14/cryptographically-secure-random-number-on-windows-without-using-cryptoapi/ + */ +static int +writeRandomBytes_RtlGenRandom(void * target, size_t count) { + int success = 0; /* full count bytes written? */ + const HMODULE advapi32 = LoadLibrary("ADVAPI32.DLL"); + + if (advapi32) { + const RTLGENRANDOM_FUNC RtlGenRandom + = (RTLGENRANDOM_FUNC)GetProcAddress(advapi32, "SystemFunction036"); + if (RtlGenRandom) { + if (RtlGenRandom((PVOID)target, (ULONG)count) == TRUE) { + success = 1; + } + } + FreeLibrary(advapi32); + } + + return success; +} + +#endif /* _WIN32 */ + + static unsigned long gather_time_entropy(void) { @@ -734,9 +767,19 @@ generate_hash_secret_salt(XML_Parser parser) arc4random_buf(&entropy, sizeof(entropy)); return entropy; #else + unsigned long entropy; + + /* Try high quality providers first .. */ +#ifdef _WIN32 + if (writeRandomBytes_RtlGenRandom((void *)&entropy, sizeof(entropy))) { + return entropy; + } +#endif + /* .. and self-made low quality for backup: */ + /* Process ID is 0 bits entropy if attacker has local access * XML_Parser address is few bits of entropy if attacker has local access */ - const unsigned long entropy = + entropy = gather_time_entropy() ^ getpid() ^ (unsigned long)PARSER_CAST(parser); /* Factors are 2^31-1 and 2^61-1 (Mersenne primes M31 and M61) */ From c9cc7dd3d7117bb4a07a09e7ffff4f8d2d612fb1 Mon Sep 17 00:00:00 2001 From: Sebastian Pipping Date: Thu, 25 May 2017 17:46:42 +0200 Subject: [PATCH 02/11] Start using getrandom for entropy extraction with glibc 2.25+ --- expat/configure.ac | 17 +++++++++++++++++ expat/lib/xmlparse.c | 34 ++++++++++++++++++++++++++++++++++ 2 files changed, 51 insertions(+) diff --git a/expat/configure.ac b/expat/configure.ac index 75b6500f..5ae840fe 100644 --- a/expat/configure.ac +++ b/expat/configure.ac @@ -99,6 +99,23 @@ AC_C_CONST AC_TYPE_SIZE_T AC_CHECK_FUNCS(memmove bcopy) + +AC_MSG_CHECKING([for getrandom (Linux 3.17+, glibc 2.25+)]) +AC_COMPILE_IFELSE([AC_LANG_SOURCE([ + #include /* for NULL */ + #include + int main() { + return getrandom(NULL, 0U, 0U); + } +])], [ + AC_DEFINE([HAVE_GETRANDOM], [1], + [Define to 1 if you have the `getrandom' function.]) + AC_MSG_RESULT([yes]) +], [ + AC_MSG_RESULT([no]) +]) + + dnl Only needed for xmlwf: AC_CHECK_HEADERS(fcntl.h unistd.h) AC_TYPE_OFF_T diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c index 177b0b5f..af3c7890 100644 --- a/expat/lib/xmlparse.c +++ b/expat/lib/xmlparse.c @@ -698,6 +698,36 @@ static const XML_Char implicitContext[] = { }; +#if defined(HAVE_GETRANDOM) +# include +# include + +/* Obtain entropy on Linux 3.17+ with glibc 2.25+ */ +static int +writeRandomBytes_getrandom(void * target, size_t count) { + int success = 0; /* full count bytes written? */ + size_t bytesWrittenTotal = 0; + const unsigned int getrandomFlags = 0; + + do { + void * const currentTarget = (void*)((char*)target + bytesWrittenTotal); + const size_t bytesToWrite = count - bytesWrittenTotal; + + const int bytesWrittenMore + = getrandom(currentTarget, bytesToWrite, getrandomFlags); + if (bytesWrittenMore > 0) { + bytesWrittenTotal += bytesWrittenMore; + if (bytesWrittenTotal >= count) + success = 1; + } + } while (! success && (errno == EINTR || errno == EAGAIN)); + + return success; +} + +#endif /* defined(HAVE_GETRANDOM) */ + + #ifdef _WIN32 typedef BOOLEAN (APIENTRY *RTLGENRANDOM_FUNC)(PVOID, ULONG); @@ -774,6 +804,10 @@ generate_hash_secret_salt(XML_Parser parser) if (writeRandomBytes_RtlGenRandom((void *)&entropy, sizeof(entropy))) { return entropy; } +#elif defined(HAVE_GETRANDOM) + if (writeRandomBytes_getrandom((void *)&entropy, sizeof(entropy))) { + return entropy; + } #endif /* .. and self-made low quality for backup: */ From 7a939386875c26e936f0e07630ce80cff52ea64b Mon Sep 17 00:00:00 2001 From: Sebastian Pipping Date: Thu, 25 May 2017 18:21:57 +0200 Subject: [PATCH 03/11] Start using arc4random_buf with BSD and libbsd --- expat/Makefile.in | 2 +- expat/configure.ac | 20 ++++++++++++++++++++ expat/lib/xmlparse.c | 6 +++++- 3 files changed, 26 insertions(+), 2 deletions(-) diff --git a/expat/Makefile.in b/expat/Makefile.in index bbf461ae..f4cf3284 100644 --- a/expat/Makefile.in +++ b/expat/Makefile.in @@ -124,7 +124,7 @@ LTFLAGS = --verbose COMPILE = $(CC) $(INCLUDES) $(CFLAGS) $(DEFS) $(CPPFLAGS) CXXCOMPILE = $(CXX) $(INCLUDES) $(CXXFLAGS) $(DEFS) $(CPPFLAGS) LTCOMPILE = $(LIBTOOL) $(LTFLAGS) --mode=compile $(COMPILE) -LINK_LIB = $(LIBTOOL) $(LTFLAGS) --mode=link $(COMPILE) -no-undefined $(VSNFLAG) -rpath $(libdir) $(LDFLAGS) -o $@ +LINK_LIB = $(LIBTOOL) $(LTFLAGS) --mode=link $(COMPILE) -no-undefined $(VSNFLAG) -rpath $(libdir) $(LDFLAGS) @LIBS@ -o $@ LINK_EXE = $(LIBTOOL) $(LTFLAGS) --mode=link $(COMPILE) $(LDFLAGS) -o $@ LINK_CXX_EXE = $(LIBTOOL) $(LTFLAGS) --mode=link $(CXXCOMPILE) $(LDFLAGS) -o $@ diff --git a/expat/configure.ac b/expat/configure.ac index 5ae840fe..199bf474 100644 --- a/expat/configure.ac +++ b/expat/configure.ac @@ -100,6 +100,26 @@ AC_TYPE_SIZE_T AC_CHECK_FUNCS(memmove bcopy) +AC_CHECK_LIB([bsd], [arc4random_buf]) +AC_MSG_CHECKING([for arc4random_buf (BSD or libbsd)]) +AC_LINK_IFELSE([AC_LANG_SOURCE([ + #include /* for arc4random_buf on BSD, for NULL */ + #if defined(HAVE_LIBBSD) + # include + #endif + int main() { + arc4random_buf(NULL, 0U); + return 0; + } +])], [ + AC_DEFINE([HAVE_ARC4RANDOM_BUF], [1], + [Define to 1 if you have the `arc4random_buf' function.]) + AC_MSG_RESULT([yes]) +], [ + AC_MSG_RESULT([no]) +]) + + AC_MSG_CHECKING([for getrandom (Linux 3.17+, glibc 2.25+)]) AC_COMPILE_IFELSE([AC_LANG_SOURCE([ #include /* for NULL */ diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c index af3c7890..aa7b7c31 100644 --- a/expat/lib/xmlparse.c +++ b/expat/lib/xmlparse.c @@ -779,6 +779,10 @@ gather_time_entropy(void) #endif } +#if defined(HAVE_ARC4RANDOM_BUF) && defined(HAVE_LIBBSD) +# include +#endif + static unsigned long generate_hash_secret_salt(XML_Parser parser) { @@ -790,7 +794,7 @@ generate_hash_secret_salt(XML_Parser parser) # define PARSER_CAST(p) (p) #endif -#ifdef __CloudABI__ +#if defined(HAVE_ARC4RANDOM_BUF) || defined(__CloudABI__) unsigned long entropy; (void)parser; (void)gather_time_entropy; From 04ad658bd3079dd15cb60fc67087900f0ff4b083 Mon Sep 17 00:00:00 2001 From: Sebastian Pipping Date: Thu, 25 May 2017 18:27:15 +0200 Subject: [PATCH 04/11] Pull parser instance address out of entropy equation to not leak that information --- expat/lib/xmlparse.c | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c index aa7b7c31..a7c7abb3 100644 --- a/expat/lib/xmlparse.c +++ b/expat/lib/xmlparse.c @@ -786,14 +786,6 @@ gather_time_entropy(void) static unsigned long generate_hash_secret_salt(XML_Parser parser) { -#if defined(__UINTPTR_TYPE__) -# define PARSER_CAST(p) (__UINTPTR_TYPE__)(p) -#elif defined(_WIN64) && defined(_MSC_VER) -# define PARSER_CAST(p) (unsigned __int64)(p) -#else -# define PARSER_CAST(p) (p) -#endif - #if defined(HAVE_ARC4RANDOM_BUF) || defined(__CloudABI__) unsigned long entropy; (void)parser; @@ -815,10 +807,8 @@ generate_hash_secret_salt(XML_Parser parser) #endif /* .. and self-made low quality for backup: */ - /* Process ID is 0 bits entropy if attacker has local access - * XML_Parser address is few bits of entropy if attacker has local access */ - entropy = - gather_time_entropy() ^ getpid() ^ (unsigned long)PARSER_CAST(parser); + /* Process ID is 0 bits entropy if attacker has local access */ + entropy = gather_time_entropy() ^ getpid(); /* Factors are 2^31-1 and 2^61-1 (Mersenne primes M31 and M61) */ if (sizeof(unsigned long) == 4) { From ba1fc202c135b3e2e8f413a7b2d4b35398f6fb95 Mon Sep 17 00:00:00 2001 From: Sebastian Pipping Date: Thu, 25 May 2017 19:28:15 +0200 Subject: [PATCH 05/11] Changes: Mention use of high quality entropy sources --- expat/Changes | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/expat/Changes b/expat/Changes index 623327ef..11cc24bf 100644 --- a/expat/Changes +++ b/expat/Changes @@ -2,6 +2,11 @@ Release ?????????? Security fixes: CVE-2016-9063 -- Detect integer overflow #25 More integer overflow detection (function poolGrow) + Use high quality entropy for hash initialization: + * arc4random_buf on BSD, systems with libbsd, CloudABI + * RtlGenRandom on Windows XP / Server 2003 and later + * getrandom on glic 2.25+ Linux 3.17+ + In a way, that's still part of CVE-2016-5300. Bug fixes: #539 Fix regression from fix to CVE-2016-0718 cutting off From 13e4b3d05efffd91b15e6e2ccec21b25eec1c2d7 Mon Sep 17 00:00:00 2001 From: Sebastian Pipping Date: Thu, 25 May 2017 20:58:34 +0200 Subject: [PATCH 06/11] Autoconf: Add --(with|without)-libbsd for bypassing auto-detection --- expat/Changes | 2 ++ expat/configure.ac | 11 ++++++++++- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/expat/Changes b/expat/Changes index 11cc24bf..b4122ed3 100644 --- a/expat/Changes +++ b/expat/Changes @@ -7,6 +7,8 @@ Release ?????????? * RtlGenRandom on Windows XP / Server 2003 and later * getrandom on glic 2.25+ Linux 3.17+ In a way, that's still part of CVE-2016-5300. + For packaging, feel free to configure using + --(with|without)-libbsd to bypass auto-detection. Bug fixes: #539 Fix regression from fix to CVE-2016-0718 cutting off diff --git a/expat/configure.ac b/expat/configure.ac index 199bf474..482a93c7 100644 --- a/expat/configure.ac +++ b/expat/configure.ac @@ -100,7 +100,16 @@ AC_TYPE_SIZE_T AC_CHECK_FUNCS(memmove bcopy) -AC_CHECK_LIB([bsd], [arc4random_buf]) +AC_ARG_WITH([libbsd], [ +AS_HELP_STRING([--with-libbsd], [enforce use of libbsd]) +AS_HELP_STRING([--without-libbsd], [prohibit use of libbsd])]) +AS_IF([test "x${with_libbsd}" != xno], [ + AC_CHECK_LIB([bsd], [arc4random_buf], [], [ + AS_IF([test "x${with_libbsd}" = xyes], [ + AC_MSG_ERROR([Enforced use of libbsd cannot be satisfied.]) + ]) + ]) +]) AC_MSG_CHECKING([for arc4random_buf (BSD or libbsd)]) AC_LINK_IFELSE([AC_LANG_SOURCE([ #include /* for arc4random_buf on BSD, for NULL */ From ad8521ca84ef0be70749e8978406843908a25658 Mon Sep 17 00:00:00 2001 From: Sebastian Pipping Date: Thu, 25 May 2017 21:53:16 +0200 Subject: [PATCH 07/11] Pull out shared variable and is-unused marker --- expat/lib/xmlparse.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c index a7c7abb3..6808ea11 100644 --- a/expat/lib/xmlparse.c +++ b/expat/lib/xmlparse.c @@ -786,15 +786,13 @@ gather_time_entropy(void) static unsigned long generate_hash_secret_salt(XML_Parser parser) { -#if defined(HAVE_ARC4RANDOM_BUF) || defined(__CloudABI__) unsigned long entropy; (void)parser; +#if defined(HAVE_ARC4RANDOM_BUF) || defined(__CloudABI__) (void)gather_time_entropy; arc4random_buf(&entropy, sizeof(entropy)); return entropy; #else - unsigned long entropy; - /* Try high quality providers first .. */ #ifdef _WIN32 if (writeRandomBytes_RtlGenRandom((void *)&entropy, sizeof(entropy))) { From 9e02465f095724b25c066d81e61947336ccb8f34 Mon Sep 17 00:00:00 2001 From: Sebastian Pipping Date: Wed, 31 May 2017 12:40:28 +0200 Subject: [PATCH 08/11] Make EXPAT_ENTROPY_DEBUG=1 print entropy source and bytes --- expat/Changes | 1 + expat/lib/xmlparse.c | 25 ++++++++++++++++++++----- 2 files changed, 21 insertions(+), 5 deletions(-) diff --git a/expat/Changes b/expat/Changes index b4122ed3..d1d7b8bc 100644 --- a/expat/Changes +++ b/expat/Changes @@ -9,6 +9,7 @@ Release ?????????? In a way, that's still part of CVE-2016-5300. For packaging, feel free to configure using --(with|without)-libbsd to bypass auto-detection. + For run-time debug output, EXPAT_ENTROPY_DEBUG=1 can be used. Bug fixes: #539 Fix regression from fix to CVE-2016-0718 cutting off diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c index 6808ea11..5c73f742 100644 --- a/expat/lib/xmlparse.c +++ b/expat/lib/xmlparse.c @@ -6,6 +6,8 @@ #include /* memset(), memcpy() */ #include #include /* UINT_MAX */ +#include /* fprintf */ +#include /* getenv */ #ifdef _WIN32 #define getpid GetCurrentProcessId @@ -783,6 +785,18 @@ gather_time_entropy(void) # include #endif +static unsigned long +ENTROPY_DEBUG(const char * label, unsigned long entropy) { + const char * const EXPAT_ENTROPY_DEBUG = getenv("EXPAT_ENTROPY_DEBUG"); + if (EXPAT_ENTROPY_DEBUG && ! strcmp(EXPAT_ENTROPY_DEBUG, "1")) { + fprintf(stderr, "Entropy: %s --> 0x%0*lx (%lu bytes)\n", + label, + (int)sizeof(unsigned long) * 2, entropy, + sizeof(unsigned long)); + } + return entropy; +} + static unsigned long generate_hash_secret_salt(XML_Parser parser) { @@ -791,16 +805,16 @@ generate_hash_secret_salt(XML_Parser parser) #if defined(HAVE_ARC4RANDOM_BUF) || defined(__CloudABI__) (void)gather_time_entropy; arc4random_buf(&entropy, sizeof(entropy)); - return entropy; + return ENTROPY_DEBUG("arc4random_buf", entropy); #else /* Try high quality providers first .. */ #ifdef _WIN32 if (writeRandomBytes_RtlGenRandom((void *)&entropy, sizeof(entropy))) { - return entropy; + return ENTROPY_DEBUG("RtlGenRandom", entropy); } #elif defined(HAVE_GETRANDOM) if (writeRandomBytes_getrandom((void *)&entropy, sizeof(entropy))) { - return entropy; + return ENTROPY_DEBUG("getrandom", entropy); } #endif /* .. and self-made low quality for backup: */ @@ -810,9 +824,10 @@ generate_hash_secret_salt(XML_Parser parser) /* Factors are 2^31-1 and 2^61-1 (Mersenne primes M31 and M61) */ if (sizeof(unsigned long) == 4) { - return entropy * 2147483647; + return ENTROPY_DEBUG("fallback(4)", entropy * 2147483647); } else { - return entropy * (unsigned long)2305843009213693951; + return ENTROPY_DEBUG("fallback(8)", + entropy * (unsigned long)2305843009213693951); } #endif } From f356fb56fb9e6094727c8e56c3ef60b5fa09d2a2 Mon Sep 17 00:00:00 2001 From: Sebastian Pipping Date: Wed, 31 May 2017 23:23:37 +0200 Subject: [PATCH 09/11] Detect and support syscall(SYS_getrandom, [..]) as well --- expat/Changes | 2 +- expat/configure.ac | 17 +++++++++++++++++ expat/lib/xmlparse.c | 25 ++++++++++++++++++------- 3 files changed, 36 insertions(+), 8 deletions(-) diff --git a/expat/Changes b/expat/Changes index d1d7b8bc..8abd3ef2 100644 --- a/expat/Changes +++ b/expat/Changes @@ -5,7 +5,7 @@ Release ?????????? Use high quality entropy for hash initialization: * arc4random_buf on BSD, systems with libbsd, CloudABI * RtlGenRandom on Windows XP / Server 2003 and later - * getrandom on glic 2.25+ Linux 3.17+ + * getrandom on Linux 3.17+ In a way, that's still part of CVE-2016-5300. For packaging, feel free to configure using --(with|without)-libbsd to bypass auto-detection. diff --git a/expat/configure.ac b/expat/configure.ac index 482a93c7..344f5146 100644 --- a/expat/configure.ac +++ b/expat/configure.ac @@ -142,6 +142,23 @@ AC_COMPILE_IFELSE([AC_LANG_SOURCE([ AC_MSG_RESULT([yes]) ], [ AC_MSG_RESULT([no]) + + AC_MSG_CHECKING([for syscall SYS_getrandom (Linux 3.17+)]) + AC_LINK_IFELSE([AC_LANG_SOURCE([ + #include /* for NULL */ + #include /* for syscall */ + #include /* for SYS_getrandom */ + int main() { + syscall(SYS_getrandom, NULL, 0, 0); + return 0; + } + ])], [ + AC_DEFINE([HAVE_SYSCALL_GETRANDOM], [1], + [Define to 1 if you have `syscall' and `SYS_getrandom'.]) + AC_MSG_RESULT([yes]) + ], [ + AC_MSG_RESULT([no]) + ]) ]) diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c index 5c73f742..081c7863 100644 --- a/expat/lib/xmlparse.c +++ b/expat/lib/xmlparse.c @@ -700,11 +700,17 @@ static const XML_Char implicitContext[] = { }; -#if defined(HAVE_GETRANDOM) -# include +#if defined(HAVE_GETRANDOM) || defined(HAVE_SYSCALL_GETRANDOM) # include -/* Obtain entropy on Linux 3.17+ with glibc 2.25+ */ +# if defined(HAVE_GETRANDOM) +# include /* getrandom */ +# else +# include /* syscall */ +# include /* SYS_getrandom */ +# endif + +/* Obtain entropy on Linux 3.17+ */ static int writeRandomBytes_getrandom(void * target, size_t count) { int success = 0; /* full count bytes written? */ @@ -715,8 +721,13 @@ writeRandomBytes_getrandom(void * target, size_t count) { void * const currentTarget = (void*)((char*)target + bytesWrittenTotal); const size_t bytesToWrite = count - bytesWrittenTotal; - const int bytesWrittenMore - = getrandom(currentTarget, bytesToWrite, getrandomFlags); + const int bytesWrittenMore = +#if defined(HAVE_GETRANDOM) + getrandom(currentTarget, bytesToWrite, getrandomFlags); +#else + syscall(SYS_getrandom, currentTarget, bytesToWrite, getrandomFlags); +#endif + if (bytesWrittenMore > 0) { bytesWrittenTotal += bytesWrittenMore; if (bytesWrittenTotal >= count) @@ -727,7 +738,7 @@ writeRandomBytes_getrandom(void * target, size_t count) { return success; } -#endif /* defined(HAVE_GETRANDOM) */ +#endif /* defined(HAVE_GETRANDOM) || defined(HAVE_SYSCALL_GETRANDOM) */ #ifdef _WIN32 @@ -812,7 +823,7 @@ generate_hash_secret_salt(XML_Parser parser) if (writeRandomBytes_RtlGenRandom((void *)&entropy, sizeof(entropy))) { return ENTROPY_DEBUG("RtlGenRandom", entropy); } -#elif defined(HAVE_GETRANDOM) +#elif defined(HAVE_GETRANDOM) || defined(HAVE_SYSCALL_GETRANDOM) if (writeRandomBytes_getrandom((void *)&entropy, sizeof(entropy))) { return ENTROPY_DEBUG("getrandom", entropy); } From 120bbbc8cf96b7d29b5e6d317cf06bd4a3e60d5a Mon Sep 17 00:00:00 2001 From: Sebastian Pipping Date: Thu, 1 Jun 2017 20:40:36 +0200 Subject: [PATCH 10/11] configure.ac: Disable auto-detection of libbsd --- expat/Changes | 5 ++--- expat/configure.ac | 4 ++-- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/expat/Changes b/expat/Changes index 8abd3ef2..a5c9d39f 100644 --- a/expat/Changes +++ b/expat/Changes @@ -3,12 +3,11 @@ Release ?????????? CVE-2016-9063 -- Detect integer overflow #25 More integer overflow detection (function poolGrow) Use high quality entropy for hash initialization: - * arc4random_buf on BSD, systems with libbsd, CloudABI + * arc4random_buf on BSD, systems with libbsd + (when configured with --with-libbsd), CloudABI * RtlGenRandom on Windows XP / Server 2003 and later * getrandom on Linux 3.17+ In a way, that's still part of CVE-2016-5300. - For packaging, feel free to configure using - --(with|without)-libbsd to bypass auto-detection. For run-time debug output, EXPAT_ENTROPY_DEBUG=1 can be used. Bug fixes: diff --git a/expat/configure.ac b/expat/configure.ac index 344f5146..b93a741d 100644 --- a/expat/configure.ac +++ b/expat/configure.ac @@ -101,8 +101,8 @@ AC_CHECK_FUNCS(memmove bcopy) AC_ARG_WITH([libbsd], [ -AS_HELP_STRING([--with-libbsd], [enforce use of libbsd]) -AS_HELP_STRING([--without-libbsd], [prohibit use of libbsd])]) +AS_HELP_STRING([--with-libbsd], [utilize libbsd (for arc4random_buf)]) +], [], [with_libbsd=no]) AS_IF([test "x${with_libbsd}" != xno], [ AC_CHECK_LIB([bsd], [arc4random_buf], [], [ AS_IF([test "x${with_libbsd}" = xyes], [ From ee43797ac94c3fe6ef0900bda62d5dfbabbd5cab Mon Sep 17 00:00:00 2001 From: Sebastian Pipping Date: Wed, 7 Jun 2017 20:13:54 +0200 Subject: [PATCH 11/11] =?UTF-8?q?Avoid=20implicit=20declaration=20of=20fun?= =?UTF-8?q?ction=20=E2=80=98syscall=E2=80=99=20with=20-std=3Dc89?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- expat/lib/xmlparse.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c index 081c7863..3eea5bc4 100644 --- a/expat/lib/xmlparse.c +++ b/expat/lib/xmlparse.c @@ -2,6 +2,8 @@ See the file COPYING for copying permission. */ +#define _GNU_SOURCE /* syscall prototype */ + #include #include /* memset(), memcpy() */ #include