Public bug reported: https://github.com/sass/libsass/issues/3151
When using an application that uses libsass, the application crashes (segfaults) with `random_device: rdrand failed`. ## Reproduction 1. Start an application that uses libsass, e.g. simply run `hugo` or `npm install node-sass` or any library that depends on it. ## Actual results ``` terminate called after throwing an instance of 'std::runtime_error' what(): random_device: rdrand failed Cancelled (Segfault) ``` ## Expected result Hugo, node-sass etc. work ## Version This happens on Ubuntu 20.04 LTS with libsass / libsass1 version 3.6.3. The problem is fixed in libsass 3.6.5, see https://github.com/sass/libsass/issues/3151 and https://github.com/sass/libsass/releases/tag/3.6.5 ## Cause 1. Some AMD CPUs seem to return a non-random number, but still claim success. See e.g. [reports on Twitter](https://twitter.com/FiloSottile/status/1125840275346198529). 2. `std:random_device` throws an exception. 3. libsass is unable to cope, throws the exception up into the caller. 4. The calling application cannot possibly handle this error and fails. ## Fix Update libsass from version 3.6.3 to 3.6.5. ** Affects: libsass (Ubuntu) Importance: Undecided Status: New ** Description changed: https://github.com/sass/libsass/issues/3151 When using an application that uses libsass, the application crashes (segfaults) with `random_device: rdrand failed`. ## Reproduction 1. Start an application that uses libsass, e.g. simply run `hugo` or - `npm install node-sass` or any library that depends on it. + `npm install node-sass` or any library that depends on it. ## Actual results ``` terminate called after throwing an instance of 'std::runtime_error' - what(): random_device: rdrand failed + what(): random_device: rdrand failed Cancelled (Segfault) ``` ## Expected result Hugo, node-sass etc. work ## Version This happens on Ubuntu 20.04 LTS with libsass / libsass1 version 3.6.3. The problem is fixed in libsass 3.6.5, see https://github.com/sass/libsass/issues/3151 and https://github.com/sass/libsass/releases/tag/3.6.5 ## Cause - 1. Some AMD CPUs seems to return a non-random number, but still claim success. See e.g. [reports on Twitter](https://twitter.com/FiloSottile/status/1125840275346198529). + 1. Some AMD CPUs seem to return a non-random number, but still claim success. See e.g. [reports on Twitter](https://twitter.com/FiloSottile/status/1125840275346198529). 2. `std:random_device` throws an exception. 3. libsass is unable to cope, throws the exception up into the caller. 4. The calling application cannot possibly handle this error and fails. - The underlying root cause is that libsass is using cryptographically - secure random numbers. Why? I don't see why CSS would need that. I would - think that pseudo-random is sufficient. - ## Fix Update libsass from version 3.6.3 to 3.6.5. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1955870 Title: random_device: rdrand failed when using libsass 3.6.3 on some AMD Ryzen CPUs To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libsass/+bug/1955870/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
