Bug#865763: jessie-pu: package gnutls28/3.3.8-6+deb8u7
On 2017-06-27 Cyril Brulebois <kibi@debian.org> wrote:
> Andreas Metzler <ametzler@bebt.de> (2017-06-24):
>> would like to fix the following issue in gnutls28/jessie (It was fixed
>> in 3.5.3 and therefore does not apply to stretch/buster/sid).
>> Quoting #865297:
>> ------------
>> If the application closes open files during startup (e.g., a daemon),
>> it may close the file that gnutls has open for /dev/urandom. The
>> recommended way to handle this situation is to call
>> gnutls_global_init() again. This will check if the fd for /dev/urandom
>> is still valid and re-open it if not.
>>
>> Unfortunately, the way that the /dev/urandom fd is checked is not
>> reliable. It only checks the mode, which might be the same if the
>> application reused the fd for another character device with the same
>> permissions (e.g., /dev/null).
>> ------------
> The patch looks good to me, but I'd like to get a clarification: is the
> fix in 3.5.3 based on the same patch, or was a different route taken?
Yes, the same route was taken. The patch on the gnutls_3_3_x branch
5006914fda50f25807451a03616cdf2e7be0268f was picked and unfuzzed from
408cfd7a3afba0c5a2310c5cbcee581f57d9248c on gnutls_3_5_x
> I'd like to avoid letting something go through (o-)p-u that hasn't seen
> much testing elsewhere.
Understandable. ;-)
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
Reply to: