mirror of
https://github.com/roytam1/UXP.git
synced 2026-05-26 13:58:49 +00:00
Olivier Certner
208a992fe9
In fact, this is a security threat. This function calls 'arc4random_addrandom', which was removed from the reference implementation 7 years go [1], on the ground that this was in fact an internal interface which is almost impossible to use correctly. This update has since then been propagated to other implementations (e.g., FreeBSD, IllumOS, Android). Do this for all platforms, since 'evutil_secure_rng_add_bytes' is not even used in the current tree, and for the reason stated above, should never be. Related bugs at Mozilla and libevent: Links [2] and [3] below. [1] http://marc.info/?l=openbsd-cvs&m=138238762705209&w=2 [2] https://bugzilla.mozilla.org/show_bug.cgi?id=931354 [3] https://sourceforge.net/p/levent/bugs/320/