bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems

[Richard Copley]

On 18 January 2016 at 01:42, Paul Eggert <eggert@cs.ucla.edu> wrote:
> Andreas Schwab discovered a problem with my patch in that GnuTLS wasn't
> initialized, and reverted the GnuTLS part of it. As I understand it, newer
> versions of GnuTLS initialize themselves when they are loaded and so do not
> run into the issue; I tested with GnuTLS 3.3.15, which I suppose is new
> enough. I attempted to fix this problem in the followup commit
> 130d512045aa376333b664d58c501b3884187592.
>
> Andreas's commit also changed some unrelated style issues, which I reverted;
> that is merely a longrunning stylistic disagreement, and right now is not a
> good time to be changing style in code unrelated to fixes.

I can't build from the current sources; the error is:

  CCLD     temacs.exe
sysdep.o: In function `init_random':
C:/emacs/repo/emacs/src/sysdep.c:2108: undefined reference to `gnutls_rnd'
C:/emacs/repo/emacs/src/sysdep.c:2108:(.text+0xf38): relocation
truncated to fit: R_X86_64_PC32 against undefined symbol `gnutls_rnd'
collect2.exe: error: ld returned 1 exit status

Configuration details (from last good build):

In GNU Emacs 25.0.50.1 (x86_64-w64-mingw32)
 of 2016-01-14 built on 60678UHB
Repository revision: dadb841a06aa1ffd6d17c04ef83140dbd1ad7307
Windowing system distributor 'Microsoft Corp.', version 6.1.7601
Configured using:
 'configure --prefix /c/emacs/emacs-20160114-182403
 --without-imagemagick --disable-dependency-tracking
 --enable-locallisppath=%emacs_dir%/../site-lisp 'CFLAGS=-Og -g -ggdb''

Configured features:
XPM JPEG TIFF GIF PNG RSVG SOUND DBUS NOTIFY ACL GNUTLS LIBXML2 ZLIB
TOOLKIT_SCROLL_BARS