summaryrefslogtreecommitdiffstats
path: root/Android.mk
diff options
context:
space:
mode:
authorOlivier Certner <olce.palemoon@certner.fr>2021-01-06 11:43:12 +0100
committerOlivier Certner <olce.palemoon@certner.fr>2021-01-07 17:02:06 +0100
commitda217348d9e7fe1e22df725c3b48a149e7dd9f54 (patch)
treea17aa66730be207244e5f5ae919ece7bd976da52 /Android.mk
parent87aa6b2300e8a1b4730ca4fb8c2c979f255a395f (diff)
downloadUXP-da217348d9e7fe1e22df725c3b48a149e7dd9f54.tar
UXP-da217348d9e7fe1e22df725c3b48a149e7dd9f54.tar.gz
UXP-da217348d9e7fe1e22df725c3b48a149e7dd9f54.tar.lz
UXP-da217348d9e7fe1e22df725c3b48a149e7dd9f54.tar.xz
UXP-da217348d9e7fe1e22df725c3b48a149e7dd9f54.zip
Issue #1699 - Part 2: libevent: Remove 'evutil_secure_rng_add_bytes'
In fact, this is a security threat. This function calls 'arc4random_addrandom', which was removed from the reference implementation 7 years go [1], on the ground that this was in fact an internal interface which is almost impossible to use correctly. This update has since then been propagated to other implementations (e.g., FreeBSD, IllumOS, Android). Do this for all platforms, since 'evutil_secure_rng_add_bytes' is not even used in the current tree, and for the reason stated above, should never be. Related bugs at Mozilla and libevent: Links [2] and [3] below. [1] http://marc.info/?l=openbsd-cvs&m=138238762705209&w=2 [2] https://bugzilla.mozilla.org/show_bug.cgi?id=931354 [3] https://sourceforge.net/p/levent/bugs/320/
Diffstat (limited to 'Android.mk')
0 files changed, 0 insertions, 0 deletions