diff options
author | Olivier Certner <olce.palemoon@certner.fr> | 2021-01-06 11:43:12 +0100 |
---|---|---|
committer | Olivier Certner <olce.palemoon@certner.fr> | 2021-01-07 17:02:06 +0100 |
commit | da217348d9e7fe1e22df725c3b48a149e7dd9f54 (patch) | |
tree | a17aa66730be207244e5f5ae919ece7bd976da52 /mailnews | |
parent | 87aa6b2300e8a1b4730ca4fb8c2c979f255a395f (diff) | |
download | UXP-da217348d9e7fe1e22df725c3b48a149e7dd9f54.tar UXP-da217348d9e7fe1e22df725c3b48a149e7dd9f54.tar.gz UXP-da217348d9e7fe1e22df725c3b48a149e7dd9f54.tar.lz UXP-da217348d9e7fe1e22df725c3b48a149e7dd9f54.tar.xz UXP-da217348d9e7fe1e22df725c3b48a149e7dd9f54.zip |
Issue #1699 - Part 2: libevent: Remove 'evutil_secure_rng_add_bytes'
In fact, this is a security threat.
This function calls 'arc4random_addrandom', which was removed from the
reference implementation 7 years go [1], on the ground that this was in fact an
internal interface which is almost impossible to use correctly. This update has
since then been propagated to other implementations (e.g., FreeBSD, IllumOS,
Android).
Do this for all platforms, since 'evutil_secure_rng_add_bytes' is not even used
in the current tree, and for the reason stated above, should never be.
Related bugs at Mozilla and libevent: Links [2] and [3] below.
[1] http://marc.info/?l=openbsd-cvs&m=138238762705209&w=2
[2] https://bugzilla.mozilla.org/show_bug.cgi?id=931354
[3] https://sourceforge.net/p/levent/bugs/320/
Diffstat (limited to 'mailnews')
0 files changed, 0 insertions, 0 deletions