Your message dated Tue, 07 Feb 2023 04:41:30 +0000 with message-id <[email protected]> and subject line Bug#1030716: fixed in openldap 2.5.13+dfsg-4 has caused the Debian Bug report #1030716, regarding openldap: password/sha2 produces incorrect SHA256 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 1030716: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030716 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: openldap Version: 2.5.13+dfsg-3 Severity: normal Dear Maintainer, we got a report[1] on Ubuntu that the contrib module password/sha2 was producing an incorrect SHA256 hash. It was confirmed for a number of releases (22.04, 22.10 and the upcoming 23.04). I checked and it also happens on current debian/sid: $ slappasswd -s secret -h '{SHA256}' -o module-load=pw-sha2 {SHA256}WIrrpN3OjEVOUf6yrH1j+o+ODuUuNBo979Od4UXnu54= $ echo "{SHA256}$(echo -n secret | openssl dgst -sha256 -binary | openssl enc -base64)" {SHA256}K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols= The suggested fix was to rebuild just this module with `-fno-strict-aliasing`, and indeed that fixed it in Ubuntu. Other options include: - finding the offending piece of code that is causing this optimization to misbehave - updating the module to use gnutls or openssl, whatever openldap ends up being linked with - not building/shipping this module 1. https://bugs.launchpad.net/bugs/2000817
--- End Message ---
--- Begin Message ---Source: openldap Source-Version: 2.5.13+dfsg-4 Done: Ryan Tandy <[email protected]> We believe that the bug you reported is fixed in the latest version of openldap, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Ryan Tandy <[email protected]> (supplier of updated openldap package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 06 Feb 2023 19:21:05 -0800 Source: openldap Architecture: source Version: 2.5.13+dfsg-4 Distribution: unstable Urgency: medium Maintainer: Debian OpenLDAP Maintainers <[email protected]> Changed-By: Ryan Tandy <[email protected]> Closes: 1030716 Changes: openldap (2.5.13+dfsg-4) unstable; urgency=medium . [ Andreas Hasenack ] * d/rules: Fix passwd/sha2 build (Closes: #1030716, LP: #2000817) * d/t/sha2-contrib: add test for sha2 module Checksums-Sha1: 9de16f40d733497d3ef555ef8048caee85902622 3233 openldap_2.5.13+dfsg-4.dsc fd13fc42530d47cb69a8f34bc631602faf40f040 164428 openldap_2.5.13+dfsg-4.debian.tar.xz Checksums-Sha256: eb1f6f40c0d507a416e7175f2fb1c2935c9c378dde2af230c5b95a98508f55a8 3233 openldap_2.5.13+dfsg-4.dsc d39ecfad898273dd5792e14843a55a5e845f6fa7beb8ce7910b01652bf82df04 164428 openldap_2.5.13+dfsg-4.debian.tar.xz Files: 9af3120ad32aa98f31e54b77a88436e3 3233 net optional openldap_2.5.13+dfsg-4.dsc 0cdefbfab09633442d078147636a193d 164428 net optional openldap_2.5.13+dfsg-4.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQJDBAEBCgAtFiEEPSfh0nqdQTd5kOFlIp/PEvXWa7YFAmPh0AQPHHJ5YW5AbmFy ZGlzLmNhAAoJECKfzxL11mu2hB0P/iEpBJdVPGfvULSYjr+0DlGAQaGj6AjopK2Y PItflzkbLymkfbjDC8NJRe83//fRCgMm5Qe4+P3nuoS88be3hT6RooGR2DI4Z6qa 5Asa8DXRbPSp4CYRjqobKTteRAzLPQ3YQ5gPuFGp4qTMPGbXGibhhZmC4dbGemT4 YMqFUok9KYqefMQ0vqPUHF1g8d7Dozl7F2ikDSmeWH1gV9VTafpw4mMx14ZuTEBQ C8HihAl8I4a93+dATrRxH/KZYhWTWwPE472UtudddtqpI+6unVjdv3Pw+/+bw4oq ObEW8t4NoKwwJzSbsiJst+yd5MLJe4Ul/NpBS/NYQAnAcLV1mpRJ66gJGTXw5TfR yZIH/KCoLOxGcdgCuHguo+r5w5PgIlFMZdbnTzVU3SrzvxN+TO1rc1PPt1jT/HpM fnkmZEZuY23XE9F+FSKNGsinesjlXLPZIcxAhobnR0tHykhDDCZtZRX8Fp6gdzOx iuRmQOAIxfpovj5caBANPzNBcOz4uzrbvzRKIWL0M16gCtsyVoU3CIfj1CBZwjwN TqdSSe6y6oJ7+i6Qa3LaIpbi+6HjAZaMr4vX4hSFZwqknLzosNZVtbPWFLOcjNFJ o4GgWSTLivUXfOGhO3X9nG8yfEBds8xHBYZUfmX5o1LKsNjjZEAf988f4Nv6JGWP /RyA8k5J =h+ZR -----END PGP SIGNATURE-----
--- End Message ---
