This patch resolves a compatibility issue when compiled against glibc 2.25 and run runder kernels < 3.17: https://bugzilla.redhat.com/show_bug.cgi?id=1410175 Upstream bug URLs: https://bugs.python.org/issue29157 https://bugs.python.org/issue29188 Patch adapted from upstream source repository: https://github.com/python/cpython/commit/01bdbad3e951014c58581635b94b22868537901c From 01bdbad3e951014c58581635b94b22868537901c Mon Sep 17 00:00:00 2001 From: Victor Stinner Date: Mon, 9 Jan 2017 11:10:41 +0100 Subject: [PATCH] Don't use getentropy() on Linux Issue #29188: Support glibc 2.24 on Linux: don't use getentropy() function but read from /dev/urandom to get random bytes, for example in os.urandom(). On Linux, getentropy() is implemented which getrandom() is blocking mode, whereas os.urandom() should not block. --- Misc/NEWS | 5 +++++ Python/random.c | 11 +++++++++-- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/Python/random.c b/Python/random.c index 57c41ffcd6..000cb36938 100644 --- a/Python/random.c +++ b/Python/random.c @@ -97,8 +97,15 @@ win32_urandom(unsigned char *buffer, Py_ssize_t size, int raise) } /* Issue #25003: Don't use getentropy() on Solaris (available since - * Solaris 11.3), it is blocking whereas os.urandom() should not block. */ -#elif defined(HAVE_GETENTROPY) && !defined(sun) + Solaris 11.3), it is blocking whereas os.urandom() should not block. + + Issue #29188: Don't use getentropy() on Linux since the glibc 2.24 + implements it with the getrandom() syscall which can fail with ENOSYS, + and this error is not supported in py_getentropy() and getrandom() is called + with flags=0 which blocks until system urandom is initialized, which is not + the desired behaviour to seed the Python hash secret nor for os.urandom(): + see the PEP 524 which was only implemented in Python 3.6. */ +#elif defined(HAVE_GETENTROPY) && !defined(sun) && !defined(linux) #define PY_GETENTROPY 1 /* Fill buffer with size pseudo-random bytes generated by getentropy(). -- 2.12.0