Ubuntu
libsass package

  1. Bug #1955870
  2. Activity log

Activity log for bug #1955870

Date Who What changed Old value New value Message
2021-12-28 05:08:06 Ben Bucksch bug added bug
2021-12-28 05:10:00 Ben Bucksch description https://github.com/sass/libsass/issues/3151 When using an application that uses libsass, the application crashes (segfaults) with `random_device: rdrand failed`. ## Reproduction 1. Start an application that uses libsass, e.g. simply run `hugo` or `npm install node-sass` or any library that depends on it. ## Actual results ``` terminate called after throwing an instance of 'std::runtime_error' what(): random_device: rdrand failed Cancelled (Segfault) ``` ## Expected result Hugo, node-sass etc. work ## Version This happens on Ubuntu 20.04 LTS with libsass / libsass1 version 3.6.3. The problem is fixed in libsass 3.6.5, see https://github.com/sass/libsass/issues/3151 and https://github.com/sass/libsass/releases/tag/3.6.5 ## Cause 1. Some AMD CPUs seems to return a non-random number, but still claim success. See e.g. [reports on Twitter](https://twitter.com/FiloSottile/status/1125840275346198529). 2. `std:random_device` throws an exception. 3. libsass is unable to cope, throws the exception up into the caller. 4. The calling application cannot possibly handle this error and fails. The underlying root cause is that libsass is using cryptographically secure random numbers. Why? I don't see why CSS would need that. I would think that pseudo-random is sufficient. ## Fix Update libsass from version 3.6.3 to 3.6.5. https://github.com/sass/libsass/issues/3151 When using an application that uses libsass, the application crashes (segfaults) with `random_device: rdrand failed`. ## Reproduction 1. Start an application that uses libsass, e.g. simply run `hugo` or `npm install node-sass` or any library that depends on it. ## Actual results ``` terminate called after throwing an instance of 'std::runtime_error'   what(): random_device: rdrand failed Cancelled (Segfault) ``` ## Expected result Hugo, node-sass etc. work ## Version This happens on Ubuntu 20.04 LTS with libsass / libsass1 version 3.6.3. The problem is fixed in libsass 3.6.5, see https://github.com/sass/libsass/issues/3151 and https://github.com/sass/libsass/releases/tag/3.6.5 ## Cause 1. Some AMD CPUs seem to return a non-random number, but still claim success. See e.g. [reports on Twitter](https://twitter.com/FiloSottile/status/1125840275346198529). 2. `std:random_device` throws an exception. 3. libsass is unable to cope, throws the exception up into the caller. 4. The calling application cannot possibly handle this error and fails. ## Fix Update libsass from version 3.6.3 to 3.6.5.