On 2016-01-30 02:57:12, Sergei Golovan wrote: > Hi Guido, > > On Fri, Jan 29, 2016 at 11:10 AM, Guido Günther <a...@sigxcpu.org> wrote: >> >> I would be great to have a "maintainer blessed" patch for that >> issue. Just send it to the list and we take care of the rest. > > Here are the .dsc and the .diff.gz for the fixed prosody package.
Hi! Thanks for the patches! It looks, however, that there's a bit missing in the patch... Upstream seems to have made *two* patches to solve the issue. It looks like you backported this: https://github.com/bjc/prosody/commit/8708def4f55e61acdd5b2c762d420ab40da0d015 but there's also: https://github.com/bjc/prosody/commit/c9ce85a5d7575f9c55ce85b45db812f3e8392b07 It looks like there's some initialisation of the dialback_secret variable missing... Upstream master currently has: local dialback_secret = sha256_hash(module:get_option_string("dialback_secret", uuid_gen()), true); ... which i think is missing from the resulting patch. I am also unclear as to the source of the second patch, regarding the RNG seeding. It sure looks like we do not seed it anymore: +-function seed(x) +- urandom:write(x); +- urandom:flush(); ++function seed() + end That looks wrong, no? Is that a patch upstream? I see that 0.9.1 uses the lua "random" module instead of the above: https://github.com/bjc/prosody/blob/master/util/uuid.lua Yet your patch says the source is "upstream"... could you clarify where it comes from or the rationale for this fix? Thanks! a. -- I know where I am going, and I know the truth, and I do not have to be what you want me to be. I am free to be what I want. - Muhammad Ali
