control: forcemerge -1 700421 On Tue, Feb 12, 2013 at 03:32:54PM +0100, Borislav Petkov wrote: > Package: wdm > Version: 1.28-13 > Severity: normal > Tags: upstream patch > > Hi, > > this is my first reporting a bug against a debian package so I very well > might've missed something in the process. > > Here's the deal: wdm still uses /dev/mem in genauth.c to generate a tmp > key and it shouldn't. The kernel currently allows userspace to read < > 640K of /dev/mem for compatibility reasons with X. The modern way of > getting two random longs is /dev/urandom and I've a patch below which > converts wdm to do that. > > Patch is ontop of the master branch of > git://git.debian.org/collab-maint/wdm.git and fixes the issue.
Hi, Borislav, Thanks for your contribution. Nice to see a way to get rid of the "program wdm tried to access /dev/mem ..." messages. wdm is currently orphaned and no maintainer is explicitly caring of it, neither in Debian nor upstream. Since I made some of the final QA non-maintainer uploads I will care of including your patch at some time. Note that this will not happen soon since Debian wheezy is currently in "frozen" state in preparation for release. Regards, -- Agustin -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130212181752.ga19...@agmartin.aq.upm.es
