summaryrefslogtreecommitdiffstats
path: root/mailnews
diff options
context:
space:
mode:
authorOlivier Certner <olce.palemoon@certner.fr>2021-01-06 11:43:12 +0100
committerOlivier Certner <olce.palemoon@certner.fr>2021-01-07 17:02:06 +0100
commitda217348d9e7fe1e22df725c3b48a149e7dd9f54 (patch)
treea17aa66730be207244e5f5ae919ece7bd976da52 /mailnews
parent87aa6b2300e8a1b4730ca4fb8c2c979f255a395f (diff)
downloadUXP-da217348d9e7fe1e22df725c3b48a149e7dd9f54.tar
UXP-da217348d9e7fe1e22df725c3b48a149e7dd9f54.tar.gz
UXP-da217348d9e7fe1e22df725c3b48a149e7dd9f54.tar.lz
UXP-da217348d9e7fe1e22df725c3b48a149e7dd9f54.tar.xz
UXP-da217348d9e7fe1e22df725c3b48a149e7dd9f54.zip
Issue #1699 - Part 2: libevent: Remove 'evutil_secure_rng_add_bytes'
In fact, this is a security threat. This function calls 'arc4random_addrandom', which was removed from the reference implementation 7 years go [1], on the ground that this was in fact an internal interface which is almost impossible to use correctly. This update has since then been propagated to other implementations (e.g., FreeBSD, IllumOS, Android). Do this for all platforms, since 'evutil_secure_rng_add_bytes' is not even used in the current tree, and for the reason stated above, should never be. Related bugs at Mozilla and libevent: Links [2] and [3] below. [1] http://marc.info/?l=openbsd-cvs&m=138238762705209&w=2 [2] https://bugzilla.mozilla.org/show_bug.cgi?id=931354 [3] https://sourceforge.net/p/levent/bugs/320/
Diffstat (limited to 'mailnews')
0 files changed, 0 insertions, 0 deletions