On Sat, Apr 22, 2017 at 05:44:18PM -0700, Alan Coopersmith wrote: > On 04/ 4/17 10:12 AM, Benjamin Tissoires wrote: > > This allows to fix CVE-2017-2626 on Linux platforms without pulling in > > libbsd. > > The libc getentropy() is available since glibc 2.25 but also on OpenBSD. > > For Linux, we need at least a v3.17 kernel. If the recommended > > arc4random_buf() function is not available, emulate it by first trying > > to use getentropy() on a supported glibc and kernel. If the call fails, > > fall back to the current (partly vulnerable) code. > > > > Signed-off-by: Benjamin Tissoires <[email protected]> > > > > --- > > > > changes in v2: > > - use the getentropy() from glibc, not the plain syscall > > - make it clear that arc4random_buf() should be preferred and that we > > are only adding band-aids on top of the missing function > > Reviewed-by: Alan Coopersmith <[email protected]>
Thanks 1746abb..ff5e59f master -> master Cheers, Peter _______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: https://lists.x.org/mailman/listinfo/xorg-devel
