Your message dated Sun, 20 May 2018 15:36:16 +0000 with message-id <e1fkqnc-0000ii...@fasolo.debian.org> and subject line Bug#898088: fixed in libbsd 0.8.7-1.1 has caused the Debian Bug report #898088, regarding arc4random_buf() may block for a long time to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 898088: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898088 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libbsd Version: 0.8.7-1 Severity: serious Tags: upstream The manual page for arc4random_buf() says "High quality 32-bit pseudo-random numbers are generated very quickly." This promise is false, and it can never be true in general! On recent Linux kernel versions arc4random_buf() uses the getrandom() system call where available. getrandom() is documented to block (or return an error, depending on the flags parameter) when the kernel's RNG does not have enough entropy available. It was recently found that the RNG was unblocking getrandom() too early (CVE-2018-1108). But the fix for this means that getrandom() and arc4random_buf() may block until a minute or even longer after boot. Since gnome-session-binary calls arc4random_buf() via IceGenerateMagicCookie(), fixing the kernel causes a "blank screen" regression for some systems. I don't know quite how we're going to solve this, but at the very least the manual page for arc4random_buf() must clarify whether it is intended to provide high quality, or non-blocking, behaviour. Ben. -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.16.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---Source: libbsd Source-Version: 0.8.7-1.1 We believe that the bug you reported is fixed in the latest version of libbsd, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 898...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Ben Hutchings <b...@decadent.org.uk> (supplier of updated libbsd package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 20 May 2018 16:45:30 +0200 Source: libbsd Binary: libbsd-dev libbsd0 libbsd0-udeb Architecture: source Version: 0.8.7-1.1 Distribution: unstable Urgency: medium Maintainer: Guillem Jover <guil...@debian.org> Changed-By: Ben Hutchings <b...@decadent.org.uk> Description: libbsd-dev - utility functions from BSD systems - development files libbsd0 - utility functions from BSD systems - shared library libbsd0-udeb - utility functions from BSD systems - shared library (udeb) Closes: 898088 Changes: libbsd (0.8.7-1.1) unstable; urgency=medium . * Non-maintainer upload. * Switch Linux getrandom() usage to non-blocking mode, continuing to use fallback mechanims if unsuccessful. Closes: #898088 Checksums-Sha1: 854599bdb39905baeb322f67efa44a60fcd94c4a 2189 libbsd_0.8.7-1.1.dsc ec5d079076dc5cc8e08dbfeb20eaf2c14fd7a71a 16680 libbsd_0.8.7-1.1.debian.tar.xz 3b7256a4c2419719f579b9b932f69840587dd6e0 5974 libbsd_0.8.7-1.1_source.buildinfo Checksums-Sha256: c4a58123e78aa96c7e77a5c9c1595414b93eae6309a645e63ff770495765ea9a 2189 libbsd_0.8.7-1.1.dsc 0e53dbe646bbf1ee0c5e52e23ed63b40f6d0866f42a27f76f56e334205991b01 16680 libbsd_0.8.7-1.1.debian.tar.xz f7490896e7cec279c1155712b46e572257c07c0108978c234eb87338ca126ecb 5974 libbsd_0.8.7-1.1_source.buildinfo Files: 432dfbfd1c43370b88c0cf90c1b287ab 2189 libs optional libbsd_0.8.7-1.1.dsc d6fdf06929d83807e90b2db60650ec47 16680 libs optional libbsd_0.8.7-1.1.debian.tar.xz 48adcc7ccebf60e4d686eeecae9c4a3d 5974 libs optional libbsd_0.8.7-1.1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAlsBks0ACgkQ57/I7JWG EQlQwQ/9GS8P4xRTFQSzNuCNt/NmqvUf3sFdjQYgh6jO1ihBVjnK6MskvNC46LB5 aZGfOrEo1i3HoH4Wacr9YLnBrWyLLSJuuN+g15845u+RcHIx8MshXz1lJtt8Ql75 ApB7CYHB7V6BN0o/8ornSquKUBlUUOawCoWq6m/S/lRxbnJZSysHINF6Nt3R5Dx6 WQ3lpc0GmOtLwqWhSvOxttWyUETEB5EOT0Elp5ApbLizKF1d5DZ8Ve9ov9NXz7a2 HUJW7T1IpjhsMWW6MSlazLZ/4X6R9EmzUTLrcu97poPU7I9ZZwJAVkiTA49gJeV0 Am4VtxcStoayCqauJ0Py3c9zzCfU5et/oCzWa7kI5QcbG7xt8astAgS5P5F2Achv jxE2YdT9jzSmF8XVLvPEzY9RoEt4IHkNpoTl1lhhFtshWObrQhhVI1ragn6FTNNz f9/RRG6SbRt51tnkBUaeBfGXGbKSTMaa6sMyNdOea86V30qK+qZOlKgQakK8n9rp eT3WTipB1L9Pi060OsjThnMQ/oeiI1xCjAx27FbMbXKG324B5h7hss00wKeRPg43 moMgnA0GURreYytRef2s5EJw3VFz+BHw2TSFy3SGvypJvx6/yKkxtyqeL7VUo6hV XRANwqQ/ntC3y05SD+3ggCpfnt1TbWSAdHLSbXoUuyq7sz3E+gw= =y9PV -----END PGP SIGNATURE-----
--- End Message ---
