[python-ssh/el6] Add patch to use urandom instead of Crypto/Random on EL6
Orion Poplawski
orion at fedoraproject.org
Thu May 9 15:58:40 UTC 2013
commit 99410ded4f70dfba20c2628eedc6c2f3e23a26d5
Author: Orion Poplawski <orion at nwra.com>
Date: Thu May 9 09:58:40 2013 -0600
Add patch to use urandom instead of Crypto/Random on EL6
python-ssh-urandom.patch | 53 ++++++++++++++++++++++++++++++++++++++++++++++
python-ssh.spec | 10 ++++++++
2 files changed, 63 insertions(+), 0 deletions(-)
---
diff --git a/python-ssh-urandom.patch b/python-ssh-urandom.patch
new file mode 100644
index 0000000..096dc4b
--- /dev/null
+++ b/python-ssh-urandom.patch
@@ -0,0 +1,53 @@
+diff -up ssh-1.7.14/ssh/common.py.urandom ssh-1.7.14/ssh/common.py
+--- ssh-1.7.14/ssh/common.py.urandom 2012-04-19 16:17:28.000000000 -0600
++++ ssh-1.7.14/ssh/common.py 2013-05-08 16:38:40.278267493 -0600
+@@ -95,10 +95,16 @@ CONNECTION_FAILED_CODE = {
+ DISCONNECT_SERVICE_NOT_AVAILABLE, DISCONNECT_AUTH_CANCELLED_BY_USER, \
+ DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE = 7, 13, 14
+
+-from Crypto import Random
++import os
++# Replace Crypto/Random with dummy that read /dev/urandom
++class Random(object):
++ def __init__(self):
++ pass
+
+-# keep a crypto-strong PRNG nearby
+-rng = Random.new()
++ def read(self, nbytes):
++ return os.urandom(nbytes)
++
++rng = Random()
+
+ import sys
+ if sys.version_info < (2, 3):
+diff -up ssh-1.7.14/ssh/transport.py.urandom ssh-1.7.14/ssh/transport.py
+--- ssh-1.7.14/ssh/transport.py.urandom 2012-05-06 16:10:09.000000000 -0600
++++ ssh-1.7.14/ssh/transport.py 2013-05-08 16:35:05.833371480 -0600
+@@ -46,7 +46,6 @@ from ssh.server import ServerInterface
+ from ssh.sftp_client import SFTPClient
+ from ssh.ssh_exception import SSHException, BadAuthenticationType, ChannelException
+
+-from Crypto import Random
+ from Crypto.Cipher import Blowfish, AES, DES3, ARC4
+ from Crypto.Hash import SHA, MD5
+ try:
+@@ -454,7 +453,6 @@ class Transport (threading.Thread):
+ # synchronous, wait for a result
+ self.completion_event = event = threading.Event()
+ self.start()
+- Random.atfork()
+ while True:
+ event.wait(0.1)
+ if not self.active:
+@@ -1529,10 +1527,6 @@ class Transport (threading.Thread):
+ # indefinitely, creating a GC cycle and not letting Transport ever be
+ # GC'd. it's a bug in Thread.)
+
+- # Required to prevent RNG errors when running inside many subprocess
+- # containers.
+- Random.atfork()
+-
+ # active=True occurs before the thread is launched, to avoid a race
+ _active_threads.append(self)
+ if self.server_mode:
diff --git a/python-ssh.spec b/python-ssh.spec
index f78886d..c386c5c 100644
--- a/python-ssh.spec
+++ b/python-ssh.spec
@@ -13,6 +13,10 @@ Group: Development/Languages
License: LGPLv2+
URL: https://github.com/bitprophet/ssh
Source0: http://pypi.python.org/packages/source/s/ssh/ssh-%{version}.tar.gz
+%if 0%{?rhel} <= 6
+# Use urandom instead of Crypto/Random (not available on EL6)
+Patch0: python-ssh-urandom.patch
+%endif
BuildArch: noarch
BuildRequires: python2-devel
@@ -47,6 +51,9 @@ and server mode are both supported too.
%prep
%setup -q -n %{realname}-%{version}
+%if 0%{?rhel} <= 6
+%patch0 -p 1 -b .urandom
+%endif
rm -rf ssh.egg-info
@@ -100,6 +107,9 @@ popd
%endif # with_python3
%changelog
+* Wed May 8 2013 Orion Poplawski <orion at cora.nwra.com> - 1.7.14-1
+- Add patch to use urandom instead of Crypto/Random on EL6
+
* Thu May 17 2012 Silas Sewell <silas at sewell.org> - 1.7.14-1
- Update to 0.7.14
More information about the scm-commits
mailing list