Your message dated Tue, 01 Aug 2023 14:36:11 +0000 with message-id <[email protected]> and subject line Bug#748061: fixed in cyrus-sasl2 2.1.28+dfsg1-2 has caused the Debian Bug report #748061, regarding SASL's version of MD5_CTX lacks 4 bytes to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 748061: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=748061 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: cyrus-sasl2 Version: 2.1.26.dfsg1-9 Usertags: goto-cc During a rebuild of all packages in a clean sid chroot (and cowbuilder+pbuilder) the build failed with the following error. Please note that we use our research compiler tool-chain (using tools from the cbmc package), which permits extended reporting on type inconsistencies at link time. [...] libtool: link: gcc -shared -fPIC -DPIC .libs/otp.o .libs/otp_init.o .libs/plugin_common.o -L/usr/lib/mit-krb5 -L/usr/x86_64-linux-gnu/lib -lcrypto -lresolv -O2 -Wl,-z -Wl,relro -Wl,-z -Wl,now -Wl,-z -Wl,defs -Wl,-soname -Wl,libotp.so.2 -o .libs/libotp.so.2.0.25 error: conflicting function declarations "otp_client_plug_init" old definition in module otp file ../../plugins/otp.c line 1832 signed int (struct sasl_utils *utils, signed int maxversion, signed int *out_version, struct sasl_client_plug **pluglist, signed int *plugcount) new definition in module otp_init file ../../plugins/otp_init.c line 41 signed int (struct sasl_utils *, signed int, signed int *, struct sasl_client_plug **, signed int *) Makefile:658: recipe for target 'libotp.la' failed make[4]: *** [libotp.la] Error 64 make[4]: Leaving directory '/srv/jenkins-slave/workspace/sid-goto-cc-cyrus-sasl2/cyrus-sasl2-2.1.26.dfsg1/build-mit/plugins' Makefile:580: recipe for target 'all-recursive' failed While the above declarations appear to be sane, closer inspection yields different implementations of the MD5_CTX type. This will either be openssl's version: struct MD5state_st { unsigned int A; unsigned int B; unsigned int C; unsigned int D; unsigned int Nl; unsigned int Nh; unsigned int [16l] data; unsigned int num; } Or SASL's built-in variant: typedef struct { unsigned int [4l] state; unsigned int [2l] count; unsigned char [64l] buffer; } MD5_CTX First of all, the missing 4 bytes (the num field) may be problematic as SASL's version seemingly mirrors the byte layout. As the above linking error shows, indeed these functions appear to use either of the two types interchangeably. Thus the data of the num field will get lost or become inconsistent (or insufficient memory will be allocated). I'm leaving it to the maintainer to judge the actual severity of this as I'm lacking any actual knowledge of the inner workings of the code. Best, Michael
pgpF09LMOViFE.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---Source: cyrus-sasl2 Source-Version: 2.1.28+dfsg1-2 Done: Bastian Germann <[email protected]> We believe that the bug you reported is fixed in the latest version of cyrus-sasl2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bastian Germann <[email protected]> (supplier of updated cyrus-sasl2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 01 Aug 2023 16:16:30 +0200 Source: cyrus-sasl2 Architecture: source Version: 2.1.28+dfsg1-2 Distribution: unstable Urgency: medium Maintainer: Debian Cyrus Team <[email protected]> Changed-By: Bastian Germann <[email protected]> Closes: 748061 Changes: cyrus-sasl2 (2.1.28+dfsg1-2) unstable; urgency=medium . * Eliminate RSA-MD from binaries (Closes: #748061) Checksums-Sha1: 3090576252dc136dae6fddfa06826c214e019e87 3330 cyrus-sasl2_2.1.28+dfsg1-2.dsc 0b9cfed652d87fa73a6ec056c16ebec2b2df6bcf 106524 cyrus-sasl2_2.1.28+dfsg1-2.debian.tar.xz 583a5be2db54cd3bc7851b3212b329abf1bf5ce9 9476 cyrus-sasl2_2.1.28+dfsg1-2_source.buildinfo Checksums-Sha256: 1fe176e9e25374bb477cf9d7a184cdd1ce740bd1dd4fe538722165a01bdc249b 3330 cyrus-sasl2_2.1.28+dfsg1-2.dsc 722b2a3ed0525f6d414c6d77fd056b082491c5597ad07ca21473d8be04158018 106524 cyrus-sasl2_2.1.28+dfsg1-2.debian.tar.xz d46db7c1220fb71f20b0ba3412b4b42cc0698f11f3e555487f9b053ee7bf119c 9476 cyrus-sasl2_2.1.28+dfsg1-2_source.buildinfo Files: 45f7a133b91be30bdd676a0a1bd850a6 3330 libs optional cyrus-sasl2_2.1.28+dfsg1-2.dsc 21efe8effc60843342c3ff4c7da8d953 106524 libs optional cyrus-sasl2_2.1.28+dfsg1-2.debian.tar.xz f326e4908445e4a57df8b71764a09ecc 9476 libs optional cyrus-sasl2_2.1.28+dfsg1-2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQHEBAEBCgAuFiEEQGIgyLhVKAI3jM5BH1x6i0VWQxQFAmTJFvwQHGJhZ2VAZGVi aWFuLm9yZwAKCRAfXHqLRVZDFKo9DADwZAPEdCaGE4nyKaj8hi3kyhLQb3tCMwqZ yNJLLkgBI2x0JCpoAYIVZBSx4F/oDvdOgrWXuVYW0NXTQWTJYMBRibhLCZBnfeWD YyCKuP3kxfXvaUHn8vj5UCWCapEtJGj1lVRyNfb5pB4isrj+jjLxECSZaKd8z3UH xJzcSdte0/rWEpYPQQkheyc3Msil36L4kGy4uySBv2i5Jd+Ctri8b6wg5sotxhJA df7NPLooZUe5QXqhJuHs6qpGvG2arM2qDxu1r0SUHTAiimBPFnRay/lVqaXCm70w 3B9MCnBlyrDYlhIxFXgB3xFAzmXncsKlETjfkyhBWUIhjN+S7US2yOCjACPWKXZp AMXpSB0GZwdtJCFltL7goUQq2fB8wCes0XgnyiRTrOGcBZ2IeCEsTUHPG9ale/bo GePfkCp6rmOISikRQSXLBuJh4fem+xxETDOPU7Fz+tJe8P7DjNGj6m4zi9fUsVxv EMhAwLLGstaBpDqmYhmqE6WQBFKMNxQ= =sQBr -----END PGP SIGNATURE-----
--- End Message ---
