Your message dated Mon, 21 May 2018 04:04:59 +0000 with message-id <e1fkc4b-0003fo...@fasolo.debian.org> and subject line Bug#898088: fixed in libbsd 0.9.0-1 has caused the Debian Bug report #898088, regarding arc4random_buf() may block for a long time to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 898088: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898088 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libbsd Version: 0.8.7-1 Severity: serious Tags: upstream The manual page for arc4random_buf() says "High quality 32-bit pseudo-random numbers are generated very quickly." This promise is false, and it can never be true in general! On recent Linux kernel versions arc4random_buf() uses the getrandom() system call where available. getrandom() is documented to block (or return an error, depending on the flags parameter) when the kernel's RNG does not have enough entropy available. It was recently found that the RNG was unblocking getrandom() too early (CVE-2018-1108). But the fix for this means that getrandom() and arc4random_buf() may block until a minute or even longer after boot. Since gnome-session-binary calls arc4random_buf() via IceGenerateMagicCookie(), fixing the kernel causes a "blank screen" regression for some systems. I don't know quite how we're going to solve this, but at the very least the manual page for arc4random_buf() must clarify whether it is intended to provide high quality, or non-blocking, behaviour. Ben. -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.16.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---Source: libbsd Source-Version: 0.9.0-1 We believe that the bug you reported is fixed in the latest version of libbsd, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 898...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Guillem Jover <guil...@debian.org> (supplier of updated libbsd package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 21 May 2018 05:37:20 +0200 Source: libbsd Binary: libbsd-dev libbsd0 libbsd0-udeb Architecture: source Version: 0.9.0-1 Distribution: unstable Urgency: medium Maintainer: Guillem Jover <guil...@debian.org> Changed-By: Guillem Jover <guil...@debian.org> Description: libbsd-dev - utility functions from BSD systems - development files libbsd0 - utility functions from BSD systems - shared library libbsd0-udeb - utility functions from BSD systems - shared library (udeb) Closes: 898088 Changes: libbsd (0.9.0-1) unstable; urgency=medium . * New upstream release. - Portability fixes for Sparc, OpenRISC, musl, uClibc, non-glibc in general and Windows. - Add __arraycount() macro. - Add flopenat() function. - Add strtoi() and strtou() functions. - Add several new vis and unvis functions. - Add pidfile_fileno() function, and struct pidfh is now opaque. - The humanize_number() now understands HN_IEC_PREFIXES. - The fmtcheck() function supports all standard printf(3) conversions. - The getentropy(), and thus arc4random() functions will not block anymore on Linux on boot when there's not enough entropy available. Closes: #898088 - The arc4random() function handles direct clone() calls better. - The fgetwln() function has now been marked as deprecated. * Now using Standards-Version 4.1.4 (no changes needed). Checksums-Sha1: 228cd8d6608d712ddff36a62b09c800963586535 2181 libbsd_0.9.0-1.dsc 7750af015aa928a6be2e2951e03a1c459e72b4af 385792 libbsd_0.9.0.orig.tar.xz ef24a0e90e184df64a6dbe6155ef0d6a457bb281 833 libbsd_0.9.0.orig.tar.xz.asc 7b94eae81a4f0c852f076e56741ab29dc47030ed 16204 libbsd_0.9.0-1.debian.tar.xz 27ff38e3b0f784a681a7315468ff4a8cd3e0f9b4 6137 libbsd_0.9.0-1_amd64.buildinfo Checksums-Sha256: a7d1d8895606c7c78e7547ce5996ce38a12c14175d8dc3a284049d2968800c35 2181 libbsd_0.9.0-1.dsc 8a469afd1bab340992cf99e1e6b7ae4f4c54882d663d8a2c5ea52250617afb01 385792 libbsd_0.9.0.orig.tar.xz 8bdcd723409683c8d820a6f198565827fd4450fe39ce5e97e48f758faa296324 833 libbsd_0.9.0.orig.tar.xz.asc b9caa81458f62da673371e03f8b3e827c7a921a0e6f69e125f60628c0f74aeaa 16204 libbsd_0.9.0-1.debian.tar.xz 6644a2df64c61e636381d0f8efc6a4b80c1dba4d032187fe44ec4aa1e44de772 6137 libbsd_0.9.0-1_amd64.buildinfo Files: 9412508bbc7aa6880a0e4ac2554d3302 2181 libs optional libbsd_0.9.0-1.dsc 1645de409b56bb51d639b207d4d4dc52 385792 libs optional libbsd_0.9.0.orig.tar.xz 387aff28026e019e4a18c6a702185688 833 libs optional libbsd_0.9.0.orig.tar.xz.asc 97b3548e7613bf606eca0f79953a8ae1 16204 libs optional libbsd_0.9.0-1.debian.tar.xz afb58ae0d29e3bf66f87cbdc85d39876 6137 libs optional libbsd_0.9.0-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEETz509DYFDBD1aWV0uXK/PqSuV6MFAlsCQboACgkQuXK/PqSu V6OdUhAAnS5KS1Z6PFZ6W+xU2pZaUtlTsyY04mgtbXU0+EAudMWg5VC7q8ZHRkRs FVyYnWdTWCa4VUKPDgDC4a43nLOEENf716pX4qzx5v8AMkvFaxsvXFTJ8BPAgRzw kAWJdAiWaXa9/sRHSVfkJ6kNiyHqzAlB+6xtDp1y2sGOb7/FozYSaQ4TLjwBLWa5 lLN1+Z5hDG9n9eVfCPoaDZ9pqtNf1YkVXoxjVOa7dLlnHjptUJ4m/HrFtMcIJf66 DVC4Fj1epQz7ZicsyAR3ojXvYHecBaR1/RWhnQTbVPixwvwoK2VFdGIOALkN2T8h bv71Nm3P6LD13jfyv8Kgwvy98DsiNKmWoexkmZCoJUxGbJvRoOLHH3FnSS3QxGFy D99plyxd/pvWY73IiRbYla2rEm8Am3wwEy7AwQKApcdPH3jIphxAGLoIgfaKsqnW r4HwZdfL9VmLcduvSGrpo3ZMta2Rb4qZcfyVqCEr5o9CmEPB8lQix7WB2OyQo0Zs Pfme/RX2m5a3dyR6QqgBPps6HQoaCMPxiAHCuZ94b1ZbK6BagDc3Y48SNia0GsU/ eg3iF6BXCB6M6Nan4+g8ODp4waMeG2scs7ZMkbWNbL9SATbtctiiBve2ul86igXu na7qKDibf2dt6Bq26uBaxM7b9zPnUyI6afivHPZm/q6QcAILxxQ= =uPod -----END PGP SIGNATURE-----
--- End Message ---
