Ubuntu
cyrus-sasl2 package

Should use /dev/urandom instead of /dev/random

Bug #225333 reported by Andrew Pollock
6
Affects Status Importance Assigned to Milestone
cyrus-sasl2 (Ubuntu)
Fix Released
Undecided
Unassigned
Dapper
Fix Released
Undecided
Unassigned

Bug Description

libsasl2 in Dapper is configured to use /dev/random. As systems can run out of entropy, this can cause applications that use libsasl2 to block. Subsequent versions of libsasl2 (since 2.1.22-0~pre04) have been configured to use /dev/urandom instead.

TEST CASE:

Dapper:
apollock@apollock:~$ strings /usr/lib/libsasl2.so | grep random
/dev/random

Hardy:
apollock@procrastination:~$ strings /usr/lib/libsasl2.so | grep random
/dev/urandom

See original description
Revision history for this message
Andrew Pollock (apollock) wrote :

Here's a patch

Revision history for this message
Martin Pitt (pitti) wrote :

This looks fine for an SRU. Please provide a TEST CASE: in the description. Is this already fixed in a later version? If it affects Hardy, we should fix it there, too.

Assigining to me for sponsoring for dapper.

Changed in cyrus-sasl2:
assignee: nobody → pitti
status: New → In Progress
Revision history for this message
Andrew Pollock (apollock) wrote :

The problem was fixed in 2.1.22-0~pre04 in Debian, and all versions after Dapper are okay.

Andrew Pollock (apollock-google-merged)
description: updated
Revision history for this message
Martin Pitt (pitti) wrote :

Thanks, closing main task then.

Changed in cyrus-sasl2:
status: New → Fix Released
Revision history for this message
Martin Pitt (pitti) wrote :

Sponsored (with some minor changelog tweaks) and accepted into dapper-proposed. Please test the actual .debs from -proposed and let us know whether they work for you.

If possible, provide a TEST CASE: which our verification team can use to verify the updated packages.

Changed in cyrus-sasl2:
status: In Progress → Fix Committed
Martin Pitt (pitti)
Changed in cyrus-sasl2:
assignee: pitti → nobody
Revision history for this message
Steve Beattie (sbeattie) wrote :

I can confirm that the original dapper libsasl2 library, 2.1.19.dfsg1-0.1ubuntu2, used /dev/random, and that the proposed update to libsasl2, 2.1.19.dfsg1-0.1ubuntu3, uses /dev/urandom instead. I confirmed this in two ways: first, by grepping the output of strings on each library as describedin the TESTCASE section, and second, by running the sasltestuite program provided by the related sasl2-bin package (after setting up the sasldb in the way the testsuite wants) under strace and verifying that the updated library does indeed open /dev/urandom.

Unfortunately, the sasltestsuite program in dapper segfaults early on its run in both the original and -proposed versions at the same location (and thus, is not a regression due to the -proposed update), limiting it's usefulness for catching regressions. However, I downloaded the source to the package, recompiled the testsuite program against the system version of libsasl after commenting out the failing testcase, and ran it against both versions (with -a for all tests, otherwise it picks 25 of the corruption ones at random). Both testruns succeeded; the only difference in the output of the testruns was in the corruption tests, where different cases detected corruption but completed successfully. Based on this, I don't believe there to be any regressions from the libsasl2 update in dapper-proposed.

(In fact, running the teststuite against the original library took much longer than against the updated library precisely because /dev/random would block when the kernel's entropy pool was used up.)

Revision history for this message
Martin Pitt (pitti) wrote :

Copied to dapper-updates, thank you!

Changed in cyrus-sasl2:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.