Bug#581240: marked as done ([gdc-4.3] Calculation of MD5 sums seriously broken)

2010-05-24 Thread Debian Bug Tracking System
Your message dated Mon, 24 May 2010 09:36:04 +
with message-id e1ogu4q-0006et...@ries.debian.org
and subject line Bug#581240: fixed in gdc-4.3 1:1.046-4.3.5-1
has caused the Debian Bug report #581240,
regarding [gdc-4.3] Calculation of MD5 sums seriously broken
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
581240: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=581240
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: gdc-4.3
Version: 1:1.046-4.3.4-5
Severity: serious


The MD5-sums calculated by std.md5 are seriously broken - they're not
only wrong, they're different on each run..
gdc-4.1 and the closed-source dmd do *not* have this bug. Because
md5.d in the gdc-4.1 and gdc-4.3 package sources are identical I file
this as a bug in the compiler, not libphobos.
I consider this a serious bug because it makes std.md5 unusable and
probably affects other code as well (why should it only break the MD5
code).

I attached a simple testcase to demonstrate this bug. When it's build
with gdc-4.1 I get the following output:
900150983CD24FB0D6963F7D28E17F72, when it's built with gdc-4.3 I
get:
9BB8D85B9EC69BAAE48AFD6DC642C4B7
Error: AssertError Failure md5test.d(8)
or 73295B9A9D13003D9E6065260759FBD4
Error: AssertError Failure md5test.d(8)
... (a different sum on each run).

Cheers,
- Daniel


--- System information. ---
Architecture: i386
Kernel:   Linux 2.6.32-3-686

Debian Release: squeeze/sid
  500 testing security.debian.org
  500 testing ftp.de.debian.org

--- Package information. ---
Depends (Version) | Installed
=-+-
gcc-4.3-base (= 4.3.4-1) | 4.3.4-10
g++-4.3  (= 4.3.4-1) | 4.3.4-10
libphobos-4.3-dev (= 1:1.046-4.3.4-5) | 1:1.046-4.3.4-5
libc6(= 2.3) | 2.10.2-6
libgcc1  (= 1:4.1.1) | 1:4.4.2-9
libgmp3c2 | 2:4.3.2+dfsg-1
libmpfr1ldbl  | 2.4.2-3
libstdc++6 (= 4.1.1) | 4.4.2-9


Package's Recommends field is empty.

Package's Suggests field is empty.
import std.md5;
import std.stdio;

void main(){
	// testcase from md5.d unittests
	ubyte[16] digest;
	sum (digest, abc);
	writefln(digestToString(digest));
assert(digest == cast(ubyte[])x900150983cd24fb0d6963f7d28e17f72);
}
---End Message---
---BeginMessage---
Source: gdc-4.3
Source-Version: 1:1.046-4.3.5-1

We believe that the bug you reported is fixed in the latest version of
gdc-4.3, which is due to be installed in the Debian FTP archive:

gdc-4.3_1.046-4.3.5-1.diff.gz
  to main/g/gdc-4.3/gdc-4.3_1.046-4.3.5-1.diff.gz
gdc-4.3_1.046-4.3.5-1.dsc
  to main/g/gdc-4.3/gdc-4.3_1.046-4.3.5-1.dsc
gdc-4.3_1.046-4.3.5-1_amd64.deb
  to main/g/gdc-4.3/gdc-4.3_1.046-4.3.5-1_amd64.deb
gdc-4.3_1.046-4.3.5.orig.tar.gz
  to main/g/gdc-4.3/gdc-4.3_1.046-4.3.5.orig.tar.gz
libphobos-4.3-dev_1.046-4.3.5-1_amd64.deb
  to main/g/gdc-4.3/libphobos-4.3-dev_1.046-4.3.5-1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 581...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Matthias Klose d...@debian.org (supplier of updated gdc-4.3 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Sun, 23 May 2010 09:50:27 +0200
Source: gdc-4.3
Binary: gdc-4.3 libphobos-4.3-dev
Architecture: source amd64
Version: 1:1.046-4.3.5-1
Distribution: unstable
Urgency: low
Maintainer: Debian GCC Maintainers debian-...@lists.debian.org
Changed-By: Matthias Klose d...@debian.org
Description: 
 gdc-4.3- The D compiler
 libphobos-4.3-dev - The phobos D standard library
Closes: 581240 581698
Changes: 
 gdc-4.3 (1:1.046-4.3.5-1) unstable; urgency=low
 .
   * Based on GCC-4.3.5.
 .
   [ Iain Buclaw ]
   * Fix some wrong-code bugs. Closes: #581240, #581698.
Checksums-Sha1: 
 5cb0edcbeed0fd764d8f046dada5d2c8e6b17f04 2251 gdc-4.3_1.046-4.3.5-1.dsc
 831aa5339059f1f72b007229d8e9aba87de485d4 2972925 
gdc-4.3_1.046-4.3.5.orig.tar.gz
 3ff5ef52e8e083a98acbaeb09383110bbfe0e61e 642771 gdc-4.3_1.046-4.3.5-1.diff.gz
 a4c5ccc151cbf1139a07734d5c5f7374a74fd34c 3769672 

Bug#581240: marked as done ([gdc-4.3] Calculation of MD5 sums seriously broken)

2010-05-23 Thread Debian Bug Tracking System
Your message dated Sun, 23 May 2010 11:02:49 +
with message-id e1og8xf-6i...@ries.debian.org
and subject line Bug#581240: fixed in gcc-4.3 4.3.5-1
has caused the Debian Bug report #581240,
regarding [gdc-4.3] Calculation of MD5 sums seriously broken
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
581240: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=581240
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: gdc-4.3
Version: 1:1.046-4.3.4-5
Severity: serious


The MD5-sums calculated by std.md5 are seriously broken - they're not
only wrong, they're different on each run..
gdc-4.1 and the closed-source dmd do *not* have this bug. Because
md5.d in the gdc-4.1 and gdc-4.3 package sources are identical I file
this as a bug in the compiler, not libphobos.
I consider this a serious bug because it makes std.md5 unusable and
probably affects other code as well (why should it only break the MD5
code).

I attached a simple testcase to demonstrate this bug. When it's build
with gdc-4.1 I get the following output:
900150983CD24FB0D6963F7D28E17F72, when it's built with gdc-4.3 I
get:
9BB8D85B9EC69BAAE48AFD6DC642C4B7
Error: AssertError Failure md5test.d(8)
or 73295B9A9D13003D9E6065260759FBD4
Error: AssertError Failure md5test.d(8)
... (a different sum on each run).

Cheers,
- Daniel


--- System information. ---
Architecture: i386
Kernel:   Linux 2.6.32-3-686

Debian Release: squeeze/sid
  500 testing security.debian.org
  500 testing ftp.de.debian.org

--- Package information. ---
Depends (Version) | Installed
=-+-
gcc-4.3-base (= 4.3.4-1) | 4.3.4-10
g++-4.3  (= 4.3.4-1) | 4.3.4-10
libphobos-4.3-dev (= 1:1.046-4.3.4-5) | 1:1.046-4.3.4-5
libc6(= 2.3) | 2.10.2-6
libgcc1  (= 1:4.1.1) | 1:4.4.2-9
libgmp3c2 | 2:4.3.2+dfsg-1
libmpfr1ldbl  | 2.4.2-3
libstdc++6 (= 4.1.1) | 4.4.2-9


Package's Recommends field is empty.

Package's Suggests field is empty.
import std.md5;
import std.stdio;

void main(){
	// testcase from md5.d unittests
	ubyte[16] digest;
	sum (digest, abc);
	writefln(digestToString(digest));
assert(digest == cast(ubyte[])x900150983cd24fb0d6963f7d28e17f72);
}
---End Message---
---BeginMessage---
Source: gcc-4.3
Source-Version: 4.3.5-1

We believe that the bug you reported is fixed in the latest version of
gcc-4.3, which is due to be installed in the Debian FTP archive:

cpp-4.3_4.3.5-1_amd64.deb
  to main/g/gcc-4.3/cpp-4.3_4.3.5-1_amd64.deb
g++-4.3-multilib_4.3.5-1_amd64.deb
  to main/g/gcc-4.3/g++-4.3-multilib_4.3.5-1_amd64.deb
g++-4.3_4.3.5-1_amd64.deb
  to main/g/gcc-4.3/g++-4.3_4.3.5-1_amd64.deb
gcc-4.3-base_4.3.5-1_amd64.deb
  to main/g/gcc-4.3/gcc-4.3-base_4.3.5-1_amd64.deb
gcc-4.3-locales_4.3.5-1_all.deb
  to main/g/gcc-4.3/gcc-4.3-locales_4.3.5-1_all.deb
gcc-4.3-multilib_4.3.5-1_amd64.deb
  to main/g/gcc-4.3/gcc-4.3-multilib_4.3.5-1_amd64.deb
gcc-4.3-source_4.3.5-1_all.deb
  to main/g/gcc-4.3/gcc-4.3-source_4.3.5-1_all.deb
gcc-4.3_4.3.5-1.diff.gz
  to main/g/gcc-4.3/gcc-4.3_4.3.5-1.diff.gz
gcc-4.3_4.3.5-1.dsc
  to main/g/gcc-4.3/gcc-4.3_4.3.5-1.dsc
gcc-4.3_4.3.5-1_amd64.deb
  to main/g/gcc-4.3/gcc-4.3_4.3.5-1_amd64.deb
gcc-4.3_4.3.5.orig.tar.gz
  to main/g/gcc-4.3/gcc-4.3_4.3.5.orig.tar.gz
gfortran-4.3-multilib_4.3.5-1_amd64.deb
  to main/g/gcc-4.3/gfortran-4.3-multilib_4.3.5-1_amd64.deb
gfortran-4.3_4.3.5-1_amd64.deb
  to main/g/gcc-4.3/gfortran-4.3_4.3.5-1_amd64.deb
gobjc++-4.3-multilib_4.3.5-1_amd64.deb
  to main/g/gcc-4.3/gobjc++-4.3-multilib_4.3.5-1_amd64.deb
gobjc++-4.3_4.3.5-1_amd64.deb
  to main/g/gcc-4.3/gobjc++-4.3_4.3.5-1_amd64.deb
gobjc-4.3-multilib_4.3.5-1_amd64.deb
  to main/g/gcc-4.3/gobjc-4.3-multilib_4.3.5-1_amd64.deb
gobjc-4.3_4.3.5-1_amd64.deb
  to main/g/gcc-4.3/gobjc-4.3_4.3.5-1_amd64.deb
lib32stdc++6-4.3-dbg_4.3.5-1_amd64.deb
  to main/g/gcc-4.3/lib32stdc++6-4.3-dbg_4.3.5-1_amd64.deb
libmudflap0-4.3-dev_4.3.5-1_amd64.deb
  to main/g/gcc-4.3/libmudflap0-4.3-dev_4.3.5-1_amd64.deb
libstdc++6-4.3-dbg_4.3.5-1_amd64.deb
  to main/g/gcc-4.3/libstdc++6-4.3-dbg_4.3.5-1_amd64.deb
libstdc++6-4.3-dev_4.3.5-1_amd64.deb
  to main/g/gcc-4.3/libstdc++6-4.3-dev_4.3.5-1_amd64.deb
libstdc++6-4.3-doc_4.3.5-1_all.deb
  to main/g/gcc-4.3/libstdc++6-4.3-doc_4.3.5-1_all.deb
libstdc++6-4.3-pic_4.3.5-1_amd64.deb
  to main/g/gcc-4.3/libstdc++6-4.3-pic_4.3.5-1_amd64.deb



A summary of the changes between