[libvirt] [PATCH 00/10] Use better PRNG
Eric Blake
eblake at redhat.com
Tue May 29 20:22:39 UTC 2018
On 05/29/2018 03:24 AM, Michal Privoznik wrote:
> This is inspired by bug reported here [1]. Even though Eric suggested
> calling this Linux syscall when building without gnutls [2] I've decided
> to not implement it. Firstly, we build with gnuls everywhere (even
> Windows), secondly I see no appealing reason to special case Linux -
> /dev/urandom is good for both Linux and FreeBSD.
>
> Once these are merged I'm probably going to send patch set that makes
> gnutls mandatory. I'm tired of all those WITH_GNUTLS if-defs (esp. in
> function arguments). But that is orthogonal to what I'm solving here.
>
> Also, I'm not quite sure this is a release material, so I'm fine with
> merging this after the release.
>
> 1: https://www.redhat.com/archives/libvirt-users/2018-May/msg00097.html
> 2: https://www.redhat.com/archives/libvirt-users/2018-May/msg00100.html
I'm not sure if we're getting a CVE assigned for this (if Red Hat
security gets back to me on that question, and says a CVE is warranted,
then maybe it still is a candidate for this release). But if a CVE is
assigned, the fact that this issue has been public since 2014 means that
one more broken release added to years of neglect regarding the issue
won't hurt much.
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org
More information about the libvir-list
mailing list