>Number:         19275
>Category:       pkg
>Synopsis:       cyrus-sasl1 is still using  /dev/random
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Dec 04 11:37:00 PST 2002
>Closed-Date:
>Last-Modified:
>Originator:     Ron Roskens
>Release:        NetBSD 1.6
>Organization:
>Environment:
NetBSD hysteria.elfin.net 1.6 NetBSD 1.6 (GENERIC) #5: Mon Sep  9 13:08:22 CDT 2002     root@hysteria.elfin.net:/usr/src/sys/arch/i386/compile/GENERIC i386
NetBSD-pkgsrc 12/03/2002
>Description:
I'm using cyrus-imapd on my mail server with TLS, and periodically my mail client will "hang" when opening a new folder. I've tracked it down to the imapd process reading from /dev/random with not enough entropy in the pool to keep it from sleeping.

This is coming through from cyrus-sasl. In cyrus-sasl, there are patches to acconfig.h which cause it to define DEV_RANDOM to SASL_DEV_RANDOM, but no patches for config.h. 

During the build, the following output is displayed:
====
cd . && autoheader
WARNING: `autoheader' is missing on your system.  You should only need it if
         you modified `acconfig.h' or `configure.in'.  You might want
         to install the `Autoconf' and `GNU m4' packages.  Grab them
         from any GNU archive site.
====

This is incorrect, as I do have autoconf and automake installed:
# pkg_info -e 'auto*'
autoconf213-2.13
automake14-1.4.6
autoconf-2.54
automake-1.7.1

A hacky way to get around this is to:
# cd pkgsrc/security/cyrus-sasl
# make configure
# vi work/cyrus-sasl-1.5.27/config.h
  -- change DEV_RANDOM=/dev/urandom
# make install
>How-To-Repeat:
# cd pkgsrc/security/cyrus-sasl
# make
# cd work/cyrus-sasl-1.5.27
# find . -xdev -type f | xargs grep -l "/dev/random"
./acconfig.h
./config.h.in
./lib/saslutil.o
./lib/.libs/saslutil.o
./lib/.libs/libsasl.so.8.10
./lib/.libs/libsasl.a
./acconfig.h.orig
./config.h
>Fix:

>Release-Note:
>Audit-Trail:
>Unformatted: