From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Andy Moreton <andrewjmoreton@gmail.com>
Newsgroups: gmane.emacs.bugs
Subject: bug#22202: 24.5;
	SECURITY ISSUE -- Emacs Server vulnerable to random number generator
	attack on Windows systems
Date: Mon, 18 Jan 2016 12:04:34 +0000
Message-ID: <vz1powzf60d.fsf@gmail.com>
References: <569BF8F7.3090904@cs.ucla.edu> <569C4314.3090101@cs.ucla.edu>
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: ger.gmane.org 1453118746 27592 80.91.229.3 (18 Jan 2016 12:05:46 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Mon, 18 Jan 2016 12:05:46 +0000 (UTC)
To: 22202@debbugs.gnu.org
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Mon Jan 18 13:05:29 2016
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1aL8Yo-0005pw-5A
	for geb-bug-gnu-emacs@m.gmane.org; Mon, 18 Jan 2016 13:05:26 +0100
Original-Received: from localhost ([::1]:59325 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1aL8Yn-0001fw-Fb
	for geb-bug-gnu-emacs@m.gmane.org; Mon, 18 Jan 2016 07:05:25 -0500
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:55672)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1aL8YW-0001Pw-Dz
	for bug-gnu-emacs@gnu.org; Mon, 18 Jan 2016 07:05:09 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1aL8YQ-0003dV-NW
	for bug-gnu-emacs@gnu.org; Mon, 18 Jan 2016 07:05:08 -0500
Original-Received: from debbugs.gnu.org ([208.118.235.43]:35894)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1aL8YQ-0003dO-KG
	for bug-gnu-emacs@gnu.org; Mon, 18 Jan 2016 07:05:02 -0500
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1aL8YQ-0002nq-As
	for bug-gnu-emacs@gnu.org; Mon, 18 Jan 2016 07:05:02 -0500
X-Loop: help-debbugs@gnu.org
In-Reply-To: <87h9jg5ay2.fsf@gmail.com>
Resent-From: Andy Moreton <andrewjmoreton@gmail.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Mon, 18 Jan 2016 12:05:02 +0000
Resent-Message-ID: <handler.22202.B.145311869910762@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 22202
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: security
X-Debbugs-Original-To: bug-gnu-emacs@gnu.org
Original-Received: via spool by submit@debbugs.gnu.org id=B.145311869910762
	(code B ref -1); Mon, 18 Jan 2016 12:05:02 +0000
Original-Received: (at submit) by debbugs.gnu.org; 18 Jan 2016 12:04:59 +0000
Original-Received: from localhost ([127.0.0.1]:52347 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1aL8YM-0002nW-Pr
	for submit@debbugs.gnu.org; Mon, 18 Jan 2016 07:04:58 -0500
Original-Received: from eggs.gnu.org ([208.118.235.92]:36399)
	by debbugs.gnu.org with esmtp (Exim 4.84)
	(envelope-from <geb-bug-gnu-emacs@m.gmane.org>) id 1aL8YL-0002nJ-2o
	for submit@debbugs.gnu.org; Mon, 18 Jan 2016 07:04:57 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <geb-bug-gnu-emacs@m.gmane.org>) id 1aL8YF-0003Yr-6C
	for submit@debbugs.gnu.org; Mon, 18 Jan 2016 07:04:51 -0500
Original-Received: from lists.gnu.org ([2001:4830:134:3::11]:46880)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <geb-bug-gnu-emacs@m.gmane.org>) id 1aL8YF-0003Yn-3R
	for submit@debbugs.gnu.org; Mon, 18 Jan 2016 07:04:51 -0500
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:55603)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <geb-bug-gnu-emacs@m.gmane.org>) id 1aL8YE-00014u-4N
	for bug-gnu-emacs@gnu.org; Mon, 18 Jan 2016 07:04:51 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <geb-bug-gnu-emacs@m.gmane.org>) id 1aL8Y9-0003YJ-4b
	for bug-gnu-emacs@gnu.org; Mon, 18 Jan 2016 07:04:50 -0500
Original-Received: from plane.gmane.org ([80.91.229.3]:48907)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <geb-bug-gnu-emacs@m.gmane.org>) id 1aL8Y8-0003Y1-Uo
	for bug-gnu-emacs@gnu.org; Mon, 18 Jan 2016 07:04:45 -0500
Original-Received: from list by plane.gmane.org with local (Exim 4.69)
	(envelope-from <geb-bug-gnu-emacs@m.gmane.org>) id 1aL8Y5-0005ZT-9u
	for bug-gnu-emacs@gnu.org; Mon, 18 Jan 2016 13:04:41 +0100
Original-Received: from uk.solarflare.com ([193.34.186.16])
	by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <bug-gnu-emacs@gnu.org>; Mon, 18 Jan 2016 13:04:41 +0100
Original-Received: from andrewjmoreton by uk.solarflare.com with local (Gmexim 0.1
	(Debian)) id 1AlnuQ-0007hv-00
	for <bug-gnu-emacs@gnu.org>; Mon, 18 Jan 2016 13:04:41 +0100
X-Injected-Via-Gmane: http://gmane.org/
Original-Lines: 23
Original-X-Complaints-To: usenet@ger.gmane.org
X-Gmane-NNTP-Posting-Host: uk.solarflare.com
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1.50 (windows-nt)
Cancel-Lock: sha1:2FtB901ExVKbRcIp37eUe2L6DcQ=
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 208.118.235.43
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
	the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.bugs:111698
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/111698>

On Sun 17 Jan 2016, Paul Eggert wrote:

> Andreas Schwab discovered a problem with my patch in that GnuTLS wasn't
> initialized, and reverted the GnuTLS part of it. As I understand it, newer
> versions of GnuTLS initialize themselves when they are loaded and so do not
> run into the issue; I tested with GnuTLS 3.3.15, which I suppose is new
> enough. I attempted to fix this problem in the followup commit
> 130d512045aa376333b664d58c501b3884187592.

Your patch will break builds configured using --without-gnutls, as the
gnutls headers may not be installed, and should not be included.

In addition, these changes require static or dynamic linking of gnutls,
which breaks the Windows builds (which use runtime imports for the gnutls DLLs).

> Andreas's commit also changed some unrelated style issues, which I reverted;
> that is merely a longrunning stylistic disagreement, and right now is not a
> good time to be changing style in code unrelated to fixes.

This is rudeness from both of you: please solve this disagreement by
talking to each other instead of adding pointless churn to the source tree.

    AndyM