openldap.git branch master updated. 63c82c0ed7b29dc839e076d5b3efb373f04a2627
by openldap-commit2devel@OpenLDAP.org
A ref change was pushed to the OpenLDAP (openldap.git) repository.
It will be available in the public mirror shortly.
The branch, master has been updated
via 63c82c0ed7b29dc839e076d5b3efb373f04a2627 (commit)
from dc3e4501048cf85ba3ce9127140b78900a2c298b (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 63c82c0ed7b29dc839e076d5b3efb373f04a2627
Author: Ryan Tandy <ryan(a)nardis.ca>
Date: Tue Aug 27 17:58:44 2019 -0700
ITS#9069 Do not call gnutls_global_set_mutex()
Since GnuTLS moved to implicit initialization on library load, calling
this function deinitializes GnuTLS and then re-initializes it.
When GnuTLS uses /dev/urandom as an entropy source (getrandom() not
available, or older versions of GnuTLS), and the application closed all
file descriptors at startup, this could result in GnuTLS opening
/dev/urandom over one of the application's file descriptors when
re-initialized.
Additionally, the custom mutex functions are never reset, so if libldap
is unloaded (for example via dlclose()) after calling this, its code may
be unmapped and the application could crash when GnuTLS calls the mutex
functions.
On typical systems, GnuTLS system mutexes are probably the same as what
libldap uses anyway.
-----------------------------------------------------------------------
Summary of changes:
libraries/libldap/tls_g.c | 43 +------------------------------------------
1 file changed, 1 insertion(+), 42 deletions(-)
---
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git