Control: tag -1 moreinfo Hi,
Andreas Metzler <ametz...@bebt.de> (2017-06-24): > Hello, > > would like to fix the following issue in gnutls28/jessie (It was fixed > in 3.5.3 and therefore does not apply to stretch/buster/sid). > > Quoting #865297: > ------------ > If the application closes open files during startup (e.g., a daemon), > it may close the file that gnutls has open for /dev/urandom. The > recommended way to handle this situation is to call > gnutls_global_init() again. This will check if the fd for /dev/urandom > is still valid and re-open it if not. > > Unfortunately, the way that the /dev/urandom fd is checked is not > reliable. It only checks the mode, which might be the same if the > application reused the fd for another character device with the same > permissions (e.g., /dev/null). > ------------ The patch looks good to me, but I'd like to get a clarification: is the fix in 3.5.3 based on the same patch, or was a different route taken? I'd like to avoid letting something go through (o-)p-u that hasn't seen much testing elsewhere. KiBi.
signature.asc
Description: Digital signature
