Bug#571810: [Pkg-openssl-devel] Bug#571810: New version breaks encfs containers (maybe other software related too!)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, Am So den 28. Feb 2010 um 21:24 schrieb Kurt Roeckx: commit 56bf036afe0ab64efdc49daeb3a01466792fa113 Author: steve steve Date: Mon Feb 15 19:40:45 2010 + The block length for CFB mode was incorrectly coded as 1 all the time. It should be the number of feedback bits expressed in bytes. For CFB1 mode set this to 1 by rounding up to the nearest multiple of 8. [...] I'm not sure what to do with this, I'll contact upstream about this. Any news about that bug? There are more and more packages in unstable depending on the broken libssl which blocks them from upgrade. I think the problem will get worse if it is not fixed recently as the used incompatible CFB will hold any upgrade possibility. Regards Klaus - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen kl...@ethgen.de Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEVAwUBS5d0sp+OKpjRpO3lAQoAeggAsFw6LWU7fho4OI0PAPfuKvWVRHSGCub8 QCLAocDv7Y/SuTydI3P/LBvue2nZ5bOALLMOol49XbV1cYydJyAiEZJoiAMrZlGX BE+5q+eemXYeHS88BlXzckli4sWlHSW8FY5N8SKEZ8mcTYdH6VhoETsr7+MopPRv 1WSNZjoXnmqprobf+n+aZxHSKPgeWYkwUz4eS1HLcCQ7B+t1inML5LkNygikpxbj ZUq5G4R2sZdn8XQw1gJz3dPZQYa8wQwk4W1P3FjKjxWH4AwZQMghN2u5YhecwwQY RPx5ypYqtf06DcJCaw6kT/qWGevrsZswtaYpVPTUhMZFWyDOiu7XJw== =Z+WJ -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#571810: [Pkg-openssl-devel] Bug#571810: New version breaks encfs containers (maybe other software related too!)
On Wed, Mar 10, 2010 at 11:30:10AM +0100, Klaus Ethgen wrote: Hi, Am So den 28. Feb 2010 um 21:24 schrieb Kurt Roeckx: commit 56bf036afe0ab64efdc49daeb3a01466792fa113 Author: steve steve Date: Mon Feb 15 19:40:45 2010 + The block length for CFB mode was incorrectly coded as 1 all the time. It should be the number of feedback bits expressed in bytes. For CFB1 mode set this to 1 by rounding up to the nearest multiple of 8. [...] I'm not sure what to do with this, I'll contact upstream about this. Any news about that bug? There are more and more packages in unstable depending on the broken libssl which blocks them from upgrade. I think the problem will get worse if it is not fixed recently as the used incompatible CFB will hold any upgrade possibility. I uploaded a 0.9.8m-2 version that fixes it 10 days ago. It will probably move to testing tomorrow. Applications should never be broken. What could be a problem is that you encypted something with the 0.9.8m-1 version and can't decrypt it with any other version. But that version was never part of testing. Kurt -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#571810: [Pkg-openssl-devel] Bug#571810: New version breaks encfs containers (maybe other software related too!)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, Am Mi den 10. Mär 2010 um 18:31 schrieb Kurt Roeckx: I uploaded a 0.9.8m-2 version that fixes it 10 days ago. It will probably move to testing tomorrow. Oh, my fault. I did a preference pin with the version but forgot that version pinning didn't work and neither do. So I miss to see that you did a new version cause _all_ libssl0.9.8 versions was pinned to -99. :-( commit 56bf036afe0ab64efdc49daeb3a01466792fa113 Author: steve steve Date: Mon Feb 15 19:40:45 2010 + The block length for CFB mode was incorrectly coded as 1 all the time. It should be the number of feedback bits expressed in bytes. For CFB1 mode set this to 1 by rounding up to the nearest multiple of 8. [...] I'm not sure what to do with this, I'll contact upstream about this. Any news about that bug? But what do the upstream note about the problem? Do they care about and do they have any explanation of the impact? Regards Klaus - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen kl...@ethgen.de Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEVAwUBS5fwnZ+OKpjRpO3lAQpYKAf/TFSnM+ru2KZ1LOpa/dtuJAFZJYCBdITO AYDm/W4EmfENp7unvHqLJN1lKQE32EwiecFiMyvm4griMWA+gdkxIoGn3cdeP5fH +Fpd8X3EbN6AL7A93yCfmI/t0HaLbiziGWRIbqH9Vfhi2+MFuI9E1Zso7ZFyE3H8 EGmOpBxyRe9lEEo3OV70xH2Yh2CndbRImYrZWUKFR9CBZ0d0BlxqozuEir422XFS iPwV64n0k1HvlPk0mRXYzjyCWyNSAPGoaxO68vQPLf/cGlW8KiqT8O+ifjALYP5X kDpWRLOGwZzi6dlcyyRsg9so2cnib3RXe4GDxls3n41GgI9oFYNbOg== =SNsc -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#571810: [Pkg-openssl-devel] Bug#571810: New version breaks encfs containers (maybe other software related too!)
On Wed, Mar 10, 2010 at 08:18:53PM +0100, Klaus Ethgen wrote: I'm not sure what to do with this, I'll contact upstream about this. Any news about that bug? But what do the upstream note about the problem? Do they care about and do they have any explanation of the impact? They're going to revert it too. Kurt -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#571810: [Pkg-openssl-devel] Bug#571810: New version breaks encfs containers (maybe other software related too!)
On Sun, Feb 28, 2010 at 09:18:11AM +0100, Klaus Ethgen wrote: Package: openssl Version: 0.9.8m-1 Severity: critical The newest update of openssl breaks encryption software like encfs to shred data on the end of many files. This is a serious data lost! Can you provide more information about this? Kurt -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#571810: [Pkg-openssl-devel] Bug#571810: New version breaks encfs containers (maybe other software related too!)
On Sun, Feb 28, 2010 at 09:18:11AM +0100, Klaus Ethgen wrote: Package: openssl Version: 0.9.8m-1 Severity: critical The newest update of openssl breaks encryption software like encfs to shred data on the end of many files. This is a serious data lost! #571797 suggests that downgrading should fix your problem, and that 0.9.8m-1 is compatible with itself. So I suggest you downgrade to 0.9.8k-8 again until I can fix this. Kurt -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#571810: [Pkg-openssl-devel] Bug#571810: New version breaks encfs containers (maybe other software related too!)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, Am So den 28. Feb 2010 um 13:28 schrieb Kurt Roeckx: On Sun, Feb 28, 2010 at 09:18:11AM +0100, Klaus Ethgen wrote: Package: openssl Version: 0.9.8m-1 Severity: critical The newest update of openssl breaks encryption software like encfs to shred data on the end of many files. This is a serious data lost! Can you provide more information about this? Sorry, I have no idea. I just downgraded back to release 0.9.8k-8 and pinned the version 0.9.8m-1 as bad. As I wrote the error happens at the end of some files on a encfs encrypted filesystem. The file just have garbage there. I have no idea what might trigger the bug but the reproducing should be easy: - - install openssl and libssl0.9.8 before version 0.9.8m-1 - - Create a encfs dir (I use ssl/blowfish as cipher) - - Put some files from several bytes to several kilobytes into that directory - - Upgrade to version 0.9.8m-1 of openssl - - Mount and verify the files in the encfs container Some errors I remember: - - File length 362, just text was corrupted after around byte 320. - - File length 3134, secring.gpg from gpg was corrupted at unknown position. - - The rtorrent cache and some torrent files as well as some of the files therein was corrupted. I hope that will help to reproduce the bug. Maybe you can bisect it. Regards Klaus - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen kl...@ethgen.de Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEVAwUBS4poNp+OKpjRpO3lAQqFdAf/fBRcXm4r9BLr8PhMdkQ9gMsZH4namoZc IfhS/a83LTJHcy/CFMDgTr//tU4gsWtumtauJ9M8IYon1HxDn5XczVcWMq85MZg4 JQ3jWanLHswymptHnT7P731OUIy0IdtGvtlFp+Jk61ZVOja5i5XNtlM5bEn/E8Ca rgoxZ5QH8NUCwYLA39FS2mr0LCfyUlnbyu7OLrkwBJq4XQLnfjHmpICRjY7vj0Ak OOA4hB2ZwL+MGwqDwnq28ekSDGvh4bdWjJfZRAEtBPtnyo9U6t2TEB0JTnO+H5NV mdRpzIl4+paJQc489ZBNdKAoy6FM5/uCxCPrdcdVOBoj6ovxiC560g== =98eZ -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#571810: [Pkg-openssl-devel] Bug#571810: New version breaks encfs containers (maybe other software related too!)
On Sun, Feb 28, 2010 at 01:57:26PM +0100, Klaus Ethgen wrote: Hi, Am So den 28. Feb 2010 um 13:28 schrieb Kurt Roeckx: On Sun, Feb 28, 2010 at 09:18:11AM +0100, Klaus Ethgen wrote: Package: openssl Version: 0.9.8m-1 Severity: critical The newest update of openssl breaks encryption software like encfs to shred data on the end of many files. This is a serious data lost! Can you provide more information about this? Sorry, I have no idea. I just downgraded back to release 0.9.8k-8 and pinned the version 0.9.8m-1 as bad. As I wrote the error happens at the end of some files on a encfs encrypted filesystem. The file just have garbage there. I have no idea what might trigger the bug but the reproducing should be easy: - install openssl and libssl0.9.8 before version 0.9.8m-1 - Create a encfs dir (I use ssl/blowfish as cipher) - Put some files from several bytes to several kilobytes into that directory - Upgrade to version 0.9.8m-1 of openssl - Mount and verify the files in the encfs container Some errors I remember: - File length 362, just text was corrupted after around byte 320. - File length 3134, secring.gpg from gpg was corrupted at unknown position. - The rtorrent cache and some torrent files as well as some of the files therein was corrupted. I hope that will help to reproduce the bug. Maybe you can bisect it. I can't find anything obvious wrong in the changes between the 2 versions. There was no changes to the blowfish code for instance, and the regression tests should have found that something broke. Can you try and build encfs against the newest libssl-dev and see if that fixes it? In that case it's some ABI breakage that I missed. Kurt -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#571810: [Pkg-openssl-devel] Bug#571810: New version breaks encfs containers (maybe other software related too!)
On Sun, Feb 28, 2010 at 03:15:51PM +0100, Kurt Roeckx wrote: On Sun, Feb 28, 2010 at 01:57:26PM +0100, Klaus Ethgen wrote: Hi, Am So den 28. Feb 2010 um 13:28 schrieb Kurt Roeckx: On Sun, Feb 28, 2010 at 09:18:11AM +0100, Klaus Ethgen wrote: Package: openssl Version: 0.9.8m-1 Severity: critical The newest update of openssl breaks encryption software like encfs to shred data on the end of many files. This is a serious data lost! Can you provide more information about this? Sorry, I have no idea. I just downgraded back to release 0.9.8k-8 and pinned the version 0.9.8m-1 as bad. As I wrote the error happens at the end of some files on a encfs encrypted filesystem. The file just have garbage there. I have no idea what might trigger the bug but the reproducing should be easy: - install openssl and libssl0.9.8 before version 0.9.8m-1 - Create a encfs dir (I use ssl/blowfish as cipher) - Put some files from several bytes to several kilobytes into that directory - Upgrade to version 0.9.8m-1 of openssl - Mount and verify the files in the encfs container Some errors I remember: - File length 362, just text was corrupted after around byte 320. - File length 3134, secring.gpg from gpg was corrupted at unknown position. - The rtorrent cache and some torrent files as well as some of the files therein was corrupted. I hope that will help to reproduce the bug. Maybe you can bisect it. I can't find anything obvious wrong in the changes between the 2 versions. There was no changes to the blowfish code for instance, and the regression tests should have found that something broke. Can you try and build encfs against the newest libssl-dev and see if that fixes it? In that case it's some ABI breakage that I missed. I just ran the regression tests against the old library, can't find an error in that case, so that's probably not the problem ... Kurt -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#571810: [Pkg-openssl-devel] Bug#571810: New version breaks encfs containers (maybe other software related too!)
On Sun, Feb 28, 2010 at 09:18:11AM +0100, Klaus Ethgen wrote: Package: openssl Version: 0.9.8m-1 Severity: critical The newest update of openssl breaks encryption software like encfs to shred data on the end of many files. This is a serious data lost! $ git bisect good 56bf036afe0ab64efdc49daeb3a01466792fa113 is the first bad commit commit 56bf036afe0ab64efdc49daeb3a01466792fa113 Author: steve steve Date: Mon Feb 15 19:40:45 2010 + The block length for CFB mode was incorrectly coded as 1 all the time. It should be the number of feedback bits expressed in bytes. For CFB1 mode set this to 1 by rounding up to the nearest multiple of 8. The diff is: diff --git a/openssl/crypto/evp/evp_locl.h b/openssl/crypto/evp/evp_locl.h index ef6c432..72105b0 100644 --- a/openssl/crypto/evp/evp_locl.h +++ b/openssl/crypto/evp/evp_locl.h @@ -127,9 +127,9 @@ BLOCK_CIPHER_def1(cname, cbc, cbc, CBC, kstruct, nid, block_size, key_len, \ #define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, \ iv_len, cbits, flags, init_key, cleanup, \ set_asn1, get_asn1, ctrl) \ -BLOCK_CIPHER_def1(cname, cfb##cbits, cfb##cbits, CFB, kstruct, nid, 1, \ - key_len, iv_len, flags, init_key, cleanup, set_asn1, \ - get_asn1, ctrl) +BLOCK_CIPHER_def1(cname, cfb##cbits, cfb##cbits, CFB, kstruct, nid, \ + (cbits + 7)/8, key_len, iv_len, \ + flags, init_key, cleanup, set_asn1, get_asn1, ctrl) #define BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, \ iv_len, cbits, flags, init_key, cleanup, \ I'm not sure what to do with this, I'll contact upstream about this. Kurt -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
