On Fri, Apr 24, 2026 at 03:53:19PM +0200, Alejandro Colomar via Mutt-dev wrote:
On 2026-04-24T13:15:52+0800, Kevin J. McCarthy wrote:--- a/mutt_random.c +++ b/mutt_random.c @@ -25,25 +25,38 @@#include <fcntl.h> #include <string.h> -#include <sys/time.h> -#include <sys/types.h> -#include <unistd.h> +#ifdef HAVE_SYS_TIME_H + #include <sys/time.h> +#endif
[...]
I think we can assume the header exists in every Unix-like system. And checking gnulib documentation, it seems that the only platform that lacks this header file was MSVC 14. Is mutt being built there? If not, we could maybe remove that check in master everywhere.
I don't believe we target that platform. I'll add a todo to remove the checks in master. Thanks!
Should we prefer arc4random_buf(3) over getrandom(2) if it's available? It's certainly simpler, and thus less prone to subtle bugs.
I thought about that, but I'm not sure if the Linux implementation also ported over to a more secure algorithm than RC4.
I think we'd want to leave the getrandom in any case, so for now I'll put it first.
Anyway:
Reviewed-by: Alejandro Colomar <[email protected]>
Thanks! -- Kevin J. McCarthy GPG Fingerprint: 8975 A9B3 3AA3 7910 385C 5308 ADEF 7684 8031 6BDA
signature.asc
Description: PGP signature
