- Update to 10.1.21
- Fix patches that no longer cleanly apply
- Rename patches to new naming scheme
MFH: 2017Q1
Security: 4d2f9d09-ddb7-11e6-a9a5-b499baebfeaf
Replace RAND_SSLeay->bytes with arc4random_buf when using LibreSSL, as
it supports RAND_SSLeay only for ABI compatibility [0].
Note that the code in question in mariadb mentions that RAND_bytes
isn't guaranteed to not block and therefore uses these functions directly.
As LibreSSL implements RAND_bytes in terms of arc4random_buf, which
shouldn't block, the patch could also use RAND_bytes instead of
using arc4random_buf directly, but the current version of the patch
has been tested in production and might be less confusing overall.
Bumped revision, as this fixes a runtime problem.
[0]
https://github.com/libressl/libressl/blob/master/src/crypto/rand/rand_lib.c#L36
PR: 213577
Approved by: ssl blanket
