On 2017-06-27 Cyril Brulebois <k...@debian.org> wrote: > Andreas Metzler <ametz...@bebt.de> (2017-06-24): >> would like to fix the following issue in gnutls28/jessie (It was fixed >> in 3.5.3 and therefore does not apply to stretch/buster/sid). >> Quoting #865297: >> ------------ >> If the application closes open files during startup (e.g., a daemon), >> it may close the file that gnutls has open for /dev/urandom. The >> recommended way to handle this situation is to call >> gnutls_global_init() again. This will check if the fd for /dev/urandom >> is still valid and re-open it if not. >> >> Unfortunately, the way that the /dev/urandom fd is checked is not >> reliable. It only checks the mode, which might be the same if the >> application reused the fd for another character device with the same >> permissions (e.g., /dev/null). >> ------------
> The patch looks good to me, but I'd like to get a clarification: is the > fix in 3.5.3 based on the same patch, or was a different route taken? Yes, the same route was taken. The patch on the gnutls_3_3_x branch 5006914fda50f25807451a03616cdf2e7be0268f was picked and unfuzzed from 408cfd7a3afba0c5a2310c5cbcee581f57d9248c on gnutls_3_5_x > I'd like to avoid letting something go through (o-)p-u that hasn't seen > much testing elsewhere. Understandable. ;-) cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'
