GNU bug report logs - #22202
24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems

Previous Next

Package: emacs;

Reported by: Demetri Obenour <demetriobenour <at> gmail.com>

Date: Fri, 18 Dec 2015 10:09:01 UTC

Severity: normal

Tags: security

Found in version 24.5

Done: Eli Zaretskii <eliz <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Andy Moreton <andrewjmoreton <at> gmail.com>
To: 22202 <at> debbugs.gnu.org
Subject: bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems
Date: Wed, 20 Jan 2016 14:06:42 +0000

On Tue 19 Jan 2016, Glenn Morris wrote:

> Andy Moreton wrote:
>
>>  - broke all builds configured with "--without-gnutls"
>
> AFAICS, you are mistaken.

I may well be, but please explain.
src/sysdep.c (at emacs-25 commit c5ee6de21d4b) contains:

#include "gnutls.h"
#if 0x020c00 <= GNUTLS_VERSION_NUMBER && !defined WINDOWSNT
# include <gnutls/crypto.h>
#else
# define emacs_gnutls_global_init() Qnil
# define gnutls_rnd(level, data, len) (-1)
#endif

How can this build properly on a non-Windows system which does not
contain an installed "gnutls.h" header ?

    AndyM

This bug report was last modified 9 years and 178 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #22202 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems

GNU bug report logs - #22202
24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems