-
Simon McVittie authored
By default, Expat uses cryptographic-quality random numbers as a salt for its hash algorithm, and since 2.2.1 it gets them from the getrandom syscall on Linux. That syscall refuses to return any entropy until the kernel's CSPRNG (random pool) has been initialized. Unfortunately, this can take as long as 40 seconds on embedded devices with few entropy sources, which is too long: if the system dbus-daemon blocks for that length of time, important D-Bus clients like systemd and systemd-logind time out and fail to connect to it. We're parsing small configuration files here, and we trust them completely, so we don't need to defend against hash collisions: nobody is going to be crafting them to cause pathological performance. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101858 Tested-by: Christopher Hewitt <hewitt@ieee.org> [smcv: Adjust build-system changes for 1.11.x] Signed-off-by: Simon McVittie <smcv@debian.org> Reviewed-by: Philip Withnall <withnall@endlessm.com>
8d8b5eb8
Loading