Ubuntu
pwgen package

command line argument -B breaking -c criteria

Bug #1691698 reported by Jens G.
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
pwgen (Ubuntu)
Expired
Undecided
Unassigned

Bug Description

Affected / tested: Ubuntu 16.04.2 LTS | 16.04
Package version: pwgen 2.07-1.1ubuntu1

As we pipe passwords (batch-)generated by pwgen into various other tools, it came to our attention that with the newest version 2.07 (e.g. in Xenial builds), pwgen won't honor the -c command line switch for including _at least_ one capitalized letter. As can be seen in the upstream pwgen changelog, the -B behavior was changed because of ambigious characters still popping up in 2.06 (e.g. in Trusty release: O/0 is still included). But with changing said behavior the aforementioned bug seems to have been brought into the fold.

To test, we can just create a bunch of about 20 passwords with pwgen in 'xenial':

# pwgen -cnB 16 16
eewei7pev9axae4H
oofoongoose9geiR
Ja9nucae4deijie7
fohWee4ahsha9ooc
Vees7ohyeishu4da
ang3Eegh3heumogh
aeri9eecuceo7Ui7
aKiiyoh4zieWee9e
ohF9iethuo7Aigha
quai7taicisheixu <<<
ooziocahF9thi4ah
maepheuV9eeRaeHo
we9bohthoohunooL
tohohshuqu9Aix3u
ibaikoopohyieV4i
ohNgie4ieyohxiCh

Same command running on 'trusty' release, we couldn't reproduce the issue even with about 50-100 passwords generated. Also the same issue seems to exist within 2.07 versions in Arch or Fedora, so seems version related. Only older releases like 2.06 seem to honor the -c and -n setting correctly when used together with -B, but then produce a few ambigious characters like 0 and O.

Greets
Jens

Tags: xenial
Hans Joachim Desserud (hjd)
tags: added: xenial
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Hi Jens,
while I agree to the issue you reported - on first view that is an issue that should not be fixed in Ubuntu (or Debian), but reported upstream.

IIRC the Debian maintainer "Theodore Y. Ts'o <email address hidden>" is also the upstream maintainer at [1]. And Debian bug tracking is better than on SF IMHO.

Would you mind filing a bug with Debian please?
If you do so link the bug here - and we can easily pick up the change on next sync/merge.

[1]: https://sourceforge.net/projects/pwgen/

Changed in pwgen (Ubuntu):
status: New → Incomplete
Revision history for this message
Jens G. (jegr) wrote :

Hi Chris,

I already contacted Theodore via mail, as the bug tracking in sourceforge seemed outdated to me. Hopefully he'll get the mail but I haven't yet heard from him until yet.

As for filing with debian I'm not exactly sure about the correct procedure for that but have a look into it.

Greets

Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for pwgen (Ubuntu) because there has been no activity for 60 days.]

Changed in pwgen (Ubuntu):
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.