Dnia 2012-06-15, piÄ… o godzinie 22:44 +0400, Eugene Agafonov pisze:
> Patch is out https://github.com/Jabberd2/jabberd2/pull/5
Ahhh... Pesky expat...
Merged.
Thank you. :-)
--
Tomasz Sterna
Instant Messaging Consultant : Open Source Developer
http://tomasz.sterna.tv/ http://www.xiaoka.com/po
Patch is out
https://github.com/Jabberd2/jabberd2/pull/5
On Fri, Jun 15, 2012 at 5:21 PM, Eugene Agafonov wrote:
> D'oh! I got it :-)
> Stay tuned for patch.
>
>
> On 06/15/2012 05:14 PM, Eugene Agafonov wrote:
>
>> That's strange.. It works perfect on Debian Testing with libexpat1_2.1.0-1
>> A
D'oh! I got it :-)
Stay tuned for patch.
On 06/15/2012 05:14 PM, Eugene Agafonov wrote:
That's strange.. It works perfect on Debian Testing with
libexpat1_2.1.0-1
Any details? Debug logs?
Hi!
Find comments embedded.
On 06/15/2012 05:08 PM, Christof Meerwald wrote:
On Fri, Jun 15, 2012 at 04:25:31PM +0400, Eugene Agafonov wrote:
Does jabberd2 work after is re-compiled with 12.04?
No.
That's strange.. It works perfect on Debian Testing with libexpat1_2.1.0-1
Any details? Debug
On Fri, Jun 15, 2012 at 04:25:31PM +0400, Eugene Agafonov wrote:
> Does jabberd2 work after is re-compiled with 12.04?
No.
> Anyway, I suspect you blame the following expat's function:
>
> static unsigned long
> generate_hash_secret_salt(void)
> {
> unsigned int seed = time(NULL) % UINT_MAX;
>
Hi!
Does jabberd2 work after is re-compiled with 12.04?
Anyway, I suspect you blame the following expat's function:
static unsigned long
generate_hash_secret_salt(void)
{
unsigned int seed = time(NULL) % UINT_MAX;
srand(seed);
return rand();
}
It is called once (per parser instance) with
Hi,
just upgraded my server from Ubuntu 10.04 to 12.04 and noticed that
jabberd2 stopped working.
I finally tracked it down to the expat library which now contains a
"fix" for CVE-2012-0876. This fix tries to add some randomisation to
expat's own hash tables, but by doing so fiddles with srand an
