Hi, this patches series, already sent (and partially reviewed by) to xorg-security address the X server side of Advisory X41-2017-001 http://marc.info/?l=oss-security&m=148787083023082&w=2
I've only implemented random number generation for Linux using arc4random_buf() from libbsd since getting a proper, error-prone wrapper around the new getrandom() is too complex for me. I'm leaving this open until people get a consensus on how to implement this on non-OpenBSD systems. Concerning the libXdmcp and libICE issues, I've double checked on my Linux system that "official" X.Org builds (with build.sh) do depend on libbsd and use arc4random_buf() here to generate the cookies. I don't know why the versions shipped by some distros seem to still use the fallback code. -- Matthieu Herrb
signature.asc
Description: PGP signature
_______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: https://lists.x.org/mailman/listinfo/xorg-devel
