Your message dated Sun, 02 Oct 2005 06:02:06 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#320307: fixed in apg 2.2.3-4
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 28 Jul 2005 10:07:46 +0000
>From [EMAIL PROTECTED] Thu Jul 28 03:07:45 2005
Return-path: <[EMAIL PROTECTED]>
Received: from sipsolutions.net [66.160.135.76] (Debian-exim)
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1Dy5In-0002Cw-00; Thu, 28 Jul 2005 03:07:45 -0700
Received: from p5487bb6c.dip.t-dialin.net
([84.135.187.108] helo=johannes.lan ident=foobar)
by sipsolutions.net with esmtpsa (TLS-1.0:RSA_ARCFOUR_MD5:16)
(Exim 4.52)
id 1Dy5Ij-0002y5-6J
for [EMAIL PROTECTED]; Thu, 28 Jul 2005 10:07:42 +0000
Subject: apg: excessively reads from /dev/random (4k read!)
From: Johannes Berg <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
X-DNSbl-Warning: 84.135.187.108 is listed in dnsbl.sorbs.net (Dynamic IP
Addresses See: http://www.sorbs.net/lookup.shtml?84.135.187.108)
X-DSPAM-Result: Whitelisted
X-DSPAM-Confidence: 0.5144
X-DSPAM-Probability: 0.0000
X-DSPAM-Signature: 42e8adfd113941840712052
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="=-aaVkl0vvlDhXYU1ifKgm"
Date: Thu, 28 Jul 2005 12:07:31 +0200
Message-Id: <[EMAIL PROTECTED]>
Mime-Version: 1.0
X-Mailer: Evolution 2.2.2
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no
version=2.60-bugs.debian.org_2005_01_02
--=-aaVkl0vvlDhXYU1ifKgm
Content-Type: multipart/mixed; boundary="=-LMr7EjK1VOAWU9+SRMfs"
--=-LMr7EjK1VOAWU9+SRMfs
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
Package: apg
Version: 2.2.3-3
Severity: important
Tags: patch
A couple of invocations of apg with certain parameters
(apg -M SNCL -m 10 -x 10 -a 1 for example) totally drain
/dev/random (from an strace log):
open("/dev/random", O_RDONLY) =3D 3
[...]
read(3, "[\354x\341\375\25\306\337O\322v\243{$m\371WQ\266\210\34"..., 4096)=
=3D 128
close(3) =3D 0
As you can see, apg requests 4096 bytes from /dev/random
which is totally excessive since it only uses 8 of them.
Now, the code actually requests 8, so the problem is
likely in the C library. Attached is a patch to use regular
functions open/read/close instead of the C library
ones and really read only 8 bytes.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: powerpc (ppc)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.13-rc3
Locale: LANG=3Den_US.UTF-8, LC_CTYPE=3Den_US.UTF-8 (charmap=3DUTF-8)
Versions of packages apg depends on:
ii libc6 2.3.5-1 GNU C Library: Shared librarie=
s an
apg recommends no packages.
-- no debconf information
--=-LMr7EjK1VOAWU9+SRMfs
Content-Type: text/x-c; charset="us-ascii"
MIME-Version: 1.0
Content-Disposition: attachment; filename="fix-excessive-random-usage.patch"
Content-Transfer-Encoding: base64
LS0tIGFwZy0yLjIuMy5vcmlnL3JuZC5jDQorKysgYXBnLTIuMi4zL3JuZC5jDQpAQCAtMzYsNiAr
MzYsNyBAQA0KICNpbmNsdWRlIDx1bmlzdGQuaD4NCiAjaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQog
I2luY2x1ZGUgPHN5cy90aW1lLmg+DQorI2luY2x1ZGUgPGZjbnRsLmg+DQogI2luY2x1ZGUgInJu
ZC5oIg0KIA0KICNpZm5kZWYgQVBHX1VTRV9TSEEgDQpAQCAtMTc2LDI1ICsxNzcsMzEgQEANCiB2
b2lkDQogeDkxN19zZXRzZWVkIChVSU5UMzIgc2VlZCwgaW50IHF1aWV0KQ0KIHsNCi0gRklMRSAq
IGRyOw0KKyBpbnQgZmQ7DQogIFVJTlQzMiBkcnNbMl07DQogIFVJTlQzMiBwaWQgPSAwOw0KIA0K
ICBwaWQgPSAoVUlOVDMyKWdldHBpZCgpOw0KKyANCisgLyogTk9URTogdGhpcyBmdW5jdGlvbiBp
bnRlbnRpb25hbGx5IGRvZXMgbm90IHVzZQ0KKyAgKiAgICAgICB0aGUgcmVndWxhciA8c3RkaW8+
IEFQSSBiZWNhdXNlIGZyZWFkIG1heQ0KKyAgKiAgICAgICByZWFkIG11Y2ggbW9yZSBkYXRhIHRo
YW4gcmVxdWVzdGVkICh1cCB0bw0KKyAgKiAgICAgICA0SyksIHdoaWNoIGlzIGV4dHJlbWVseSBi
YWQgd2l0aCAvZGV2L3JhbmRvbQ0KKyAgKi8NCiANCi0gaWYgKCAoZHIgPSBmb3BlbihBUEdfREVW
UkFORE9NLCAiciIpKSAhPSBOVUxMKQ0KKyBpZiAoIChmZCA9IG9wZW4oQVBHX0RFVlJBTkRPTSwg
T19SRE9OTFkpKSAhPSAtMSkNCiAgIHsNCi0gICAodm9pZClmcmVhZCggKHZvaWQgKikmZHJzWzBd
LCA4LCAxLCBkcik7DQorICAgcmVhZChmZCwgKHZvaWQgKikmZHJzWzBdLCA4KTsNCiAgICBfX3Ju
ZF9zZWVkWzBdID0gc2VlZCBeIGRyc1swXTsNCiAgICBfX3JuZF9zZWVkWzFdID0gc2VlZCBeIGRy
c1sxXTsNCi0gICAodm9pZCkgZmNsb3NlKGRyKTsNCisgICBjbG9zZShmZCk7DQogICB9DQotIGVs
c2UgaWYgKCAoZHIgPSBmb3BlbihBUEdfREVWVVJBTkRPTSwgInIiKSkgIT0gTlVMTCkNCisgZWxz
ZSBpZiAoIChmZCA9IG9wZW4oQVBHX0RFVlVSQU5ET00sIE9fUkRPTkxZKSkgIT0gLTEpDQogICB7
DQotICAgKHZvaWQpZnJlYWQoICh2b2lkICopJmRyc1swXSwgOCwgMSwgZHIpOw0KKyAgIHJlYWQo
ZmQsICZkcnNbMF0sIDgpOw0KICAgIF9fcm5kX3NlZWRbMF0gPSBzZWVkIF4gZHJzWzBdOw0KICAg
IF9fcm5kX3NlZWRbMV0gPSBzZWVkIF4gZHJzWzFdOw0KLSAgICh2b2lkKSBmY2xvc2UoZHIpOw0K
KyAgIGNsb3NlKGZkKTsNCiAgIH0NCiAgZWxzZQ0KICAgew0K
--=-LMr7EjK1VOAWU9+SRMfs--
--=-aaVkl0vvlDhXYU1ifKgm
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Comment: Johannes Berg (SIP Solutions)
iQIVAwUAQuiuYaVg1VMiehFYAQJ4ShAAll3eR7ZPoiGHr+ru6u+QIwVoXPrnNBN4
W4B6VZ0KOKA8rAPw6Gc3QZ35MW396i8cdGoGOdg+azDGmqRpQTDQhsJBZyicRTOp
VTlafWR2NMndTr5gd0mfs8vt+/LQ7tkgIMkN2LBh72rt3gDW+ikcAvTNG2kFJDM5
9Gjj6ZW7HVq6p3ZWTUFMMvVryJZKr0eOoDsaZ7+EbO8dNEK1St3J5Zp0wDtNdSt/
6wrhpAJWJOzJSdThgkzDQpG/+/x4zB3DaTAyV30j0LkEC8N6yPeRRYv2Myb9qDhZ
jOc78x9cgGWj+FbRwNSu4HMDaH1MfQaHgsG7ZyF+aHe3XDSHsTmA2SaxRhd2woK9
DgWNTN5hkDJIfE1GaAsxqI07Wp2qoGL92WujFHJG73SXaZvvPS0ISi/bgGLAmnFB
FzVUS8QdO161KWIM6EuFY4nVLTKtk5smdOrJse3vDEWFE3fNl1HNEKY0mzNRkwQc
V+5PKt3JjU4Z7H2c2wbw2BbALePxLRzxItQKjv1j5F75WfXdiDbb6VvlYzwDOxOp
q86ipMN6F47+M03ARSzjkiTJL82HWYWg2B64pEYT1UrHEHd/MVICkfqYV79f7YDo
CGE7ccREuczRhhdQTc4FqgJL8R6kpwOq0qI1OLBPTdjh5TVLln/0w2fau16Fg/js
HINmGRsrYOs=
=aLCr
-----END PGP SIGNATURE-----
--=-aaVkl0vvlDhXYU1ifKgm--
---------------------------------------
Received: (at 320307-close) by bugs.debian.org; 2 Oct 2005 13:08:02 +0000
>From [EMAIL PROTECTED] Sun Oct 02 06:08:01 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian))
id 1EM3Ti-0002vt-00; Sun, 02 Oct 2005 06:02:06 -0700
From: Marc Haber <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#320307: fixed in apg 2.2.3-4
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Sun, 02 Oct 2005 06:02:06 -0700
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-CrossAssassin-Score: 2
Source: apg
Source-Version: 2.2.3-4
We believe that the bug you reported is fixed in the latest version of
apg, which is due to be installed in the Debian FTP archive:
apg_2.2.3-4.diff.gz
to pool/main/a/apg/apg_2.2.3-4.diff.gz
apg_2.2.3-4.dsc
to pool/main/a/apg/apg_2.2.3-4.dsc
apg_2.2.3-4_i386.deb
to pool/main/a/apg/apg_2.2.3-4_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Marc Haber <[EMAIL PROTECTED]> (supplier of updated apg package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 2 Oct 2005 12:45:12 +0000
Source: apg
Binary: apg
Architecture: source i386
Version: 2.2.3-4
Distribution: unstable
Urgency: low
Maintainer: Marc Haber <[EMAIL PROTECTED]>
Changed-By: Marc Haber <[EMAIL PROTECTED]>
Description:
apg - Automated Password Generator - Standalone version
Closes: 319592 320307
Changes:
apg (2.2.3-4) unstable; urgency=low
.
* add APG_TIPS file to package
* remove apgd from SEE ALSO in man pages, we don't ship apgd. Thanks
to Dr. Markus Waldeck. Closes: #319592.
* disable DEB_AUTO_UPDATE_DEBIAN_CONTROL
* Apply patch to read only as much from /dev/random as actually
needed. Thanks to Johannes Berg. Closes: #320307
* Standards-Version: 3.6.2 (no changes needed).
Files:
779faa781df277dc107b290fccfe171d 606 admin optional apg_2.2.3-4.dsc
24b85f6b4c96a14d90d3d4bfe4376ef9 5155 admin optional apg_2.2.3-4.diff.gz
10a9be10bb624ba65ddf52d1943704ae 53254 admin optional apg_2.2.3-4_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iEYEARECAAYFAkM/1vgACgkQgZalRGu6PITElgCgqwqYN4MoEF6XuKf/zn5g+LPr
bgQAn31FcnRV1TluAmkVBvEXbgbOIqWl
=GDJm
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
