New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Incomplete build on AIX #68234
Comments
Actually, I have been building and using my builds of Python, when needed for ./configure requirements for a long time. In short, it is quite nice that make "completes" even when there are missing and/or failed modules. I have just resolved the problem with ctypes not building (see https://bugs.python.org/issue6006) and that got me started to research others. Failed to build these modules: While there are several - I am looking first at ssl. My first attempt comes up with some failed defines - probably because the latest openssl provided by IBM is openssl-1.0.0 and openssl-1.0.1 is needed. Rather than wait for that to happen I decided to experiment with LibreSSL. If you are not familiar with LibreSSL - I shall be quick - openbsd (who also maintains openssh) has been cutting out insecure and/or superfluous code. One of the more insecure (because it can be a predictable source of enthropy) is RAND_egd() - so it is unavoidable that this occurs: ld: 0711-317 ERROR: Undefined symbol: .RAND_egd After patching _ssl.c to this:
--- _ssl.c.orig 2014-06-30 02:05:42 +0000
+++ _ssl.c 2015-04-24 02:47:00 +0000
@@ -1604,6 +1604,7 @@
static PyObject *
PySSL_RAND_egd(PyObject *self, PyObject *arg)
{
+#ifndef LIBRESSL_VERSION_NUMBER
int bytes;
if (!PyString_Check(arg))
@@ -1618,6 +1619,12 @@
return NULL;
}
return PyInt_FromLong(bytes);
+#else
+ PyErr_SetString(PySSLErrorObject,
+ "external EGD connection not allowed when using LibreSSL:"
+ "no data to seed the PRNG via PySSL_RAND_egd");
+ return NULL;
+#endif
}
PyDoc_STRVAR(PySSL_RAND_egd_doc, The end result is: In short, you can get ahead of the curve by depreciating/removing PySSL_RAND_egd() because any code that uses it may be receiving predictable input and thereafter everything may be predictable. If you do not believe openbsd (or me) - just read the code. It calls anything configured (handy when /dev/urandom was hard to find anno 1999) but these days a backdoor waiting to be opened. p.s. As I get time I shall continue with the other modules that do not build - just let me know if you prefer that I continue posting in this "issue", or make new one(s) for each module as I find a solution. |
On 24.04.2015 04:54, aixtools wrote:
Please post this in a new issue, since it's really a separate one. Thanks,Marc-Andre Lemburg |
Fresh openssl versions are now available for AIX: 1.0.1p and 1.0.2d . |
Looks like RAND_egd was made optional in https://bugs.python.org/issue21356 Can this issue be closed? |
2.7 is no longer maintained. Please create new issues for build problems on current versions (>= 3.9). |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: