[PATCH 0/3] patches for Advisory X41-2017-001
Matthieu Herrb
matthieu at herrb.eu
Tue Feb 28 18:18:06 UTC 2017
Hi,
this patches series, already sent (and partially reviewed by) to
xorg-security address the X server side of Advisory X41-2017-001
http://marc.info/?l=oss-security&m=148787083023082&w=2
I've only implemented random number generation for Linux using
arc4random_buf() from libbsd since getting a proper, error-prone
wrapper around the new getrandom() is too complex for me. I'm leaving
this open until people get a consensus on how to implement this on
non-OpenBSD systems.
Concerning the libXdmcp and libICE issues, I've double checked on my
Linux system that "official" X.Org builds (with build.sh) do depend
on libbsd and use arc4random_buf() here to generate the cookies. I
don't know why the versions shipped by some distros seem to still use
the fallback code.
--
Matthieu Herrb
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 793 bytes
Desc: not available
URL: <https://lists.x.org/archives/xorg-devel/attachments/20170228/6c611ad0/attachment.sig>
More information about the xorg-devel
mailing list