Re: squeeze update of prosody?
On 2016-01-30 02:57:12, Sergei Golovan wrote:
> Hi Guido,
>
> On Fri, Jan 29, 2016 at 11:10 AM, Guido Günther <agx@sigxcpu.org> wrote:
>>
>> I would be great to have a "maintainer blessed" patch for that
>> issue. Just send it to the list and we take care of the rest.
>
> Here are the .dsc and the .diff.gz for the fixed prosody package.
Hi!
Thanks for the patches!
It looks, however, that there's a bit missing in the patch... Upstream
seems to have made *two* patches to solve the issue. It looks like you
backported this:
https://github.com/bjc/prosody/commit/8708def4f55e61acdd5b2c762d420ab40da0d015
but there's also:
https://github.com/bjc/prosody/commit/c9ce85a5d7575f9c55ce85b45db812f3e8392b07
It looks like there's some initialisation of the dialback_secret
variable missing... Upstream master currently has:
local dialback_secret = sha256_hash(module:get_option_string("dialback_secret", uuid_gen()), true);
... which i think is missing from the resulting patch.
I am also unclear as to the source of the second patch, regarding the
RNG seeding. It sure looks like we do not seed it anymore:
+-function seed(x)
+- urandom:write(x);
+- urandom:flush();
++function seed()
+ end
That looks wrong, no? Is that a patch upstream? I see that 0.9.1 uses
the lua "random" module instead of the above:
https://github.com/bjc/prosody/blob/master/util/uuid.lua
Yet your patch says the source is "upstream"... could you clarify where
it comes from or the rationale for this fix?
Thanks!
a.
--
I know where I am going, and I know the truth,
and I do not have to be what you want me to be.
I am free to be what I want.
- Muhammad Ali
Reply to: