reopen 768681
severity 768681 important
thanks
On Wed, Dec 17, 2014 at 08:02:30AM +0100, Paul Gevers wrote:
On 16-12-14 22:53, Kurt Roeckx wrote:
Which upstream?
I meant openssl, as I thought William was referring to that.
Upsteam openssl is saying that this is intentional behaviour,
Control: tags -1 patch
Hi William
On Sun, 16 Nov 2014 18:28:05 +0100 William Bonnet will...@wbonnet.net
wrote:
If it is double-checked with upstream, then this bug report
should be reassigned to openssl package.
I'll do it as soon as upstream answer to my bug report.
I tried to find the
On Tue, Dec 16, 2014 at 10:15:51PM +0100, Paul Gevers wrote:
Control: tags -1 patch
Hi William
On Sun, 16 Nov 2014 18:28:05 +0100 William Bonnet will...@wbonnet.net
wrote:
If it is double-checked with upstream, then this bug report
should be reassigned to openssl package.
I'll do
On 16-12-14 22:53, Kurt Roeckx wrote:
Which upstream?
I meant openssl, as I thought William was referring to that.
Upsteam openssl is saying that this is intentional behaviour, and
as such I won't be fixing this.
Ok. So I suggest to tag this bug as wontfix, and depending on how you as
a team
Hi,
I would like to submit a patch to openssl in order to fix this issue. This
patch is fixing a missing error code in the EVP_DecryptFinal_ex function
which cause the failure of the NodeJS unit test.
During the latest Debian Bug Squashing Party i was working on NodeJS
packaging with Jean
Le dimanche 16 novembre 2014 à 14:43 +0100, William Bonnet a écrit :
Hi,
I would like to submit a patch to openssl in order to fix this issue. This
patch is fixing a missing error code in the EVP_DecryptFinal_ex function
which cause the failure of the NodeJS unit test.
During the latest
Hi Jérémy
I'm pretty amazed the problem comes from openssl.
So am i. But after analyzing the problem it really makes sense, let me
try to be more clear.
Did you check upstream openssl ? maybe it's a known bug,
so the Origin field could link to it, ideally.
I did checked upstream, and the
On Sun, Nov 16, 2014 at 06:28:05PM +0100, William Bonnet wrote:
NodeJs is expecting to have this test to fail, which is ok, but it is
also checking for the failure reason. Since the EVPerr is not called
before returning the computed zero value, openssl return an undefined
failure reason.
Hi Kurt
I think not returning which error occurred is actually intentional,
since you might
leak that information and turn it into a padding oracle.
But I'll check what the others thinks
Thanks for the feedback.
I have thought of the padding oracle attack, but since all others errors
have a
Hello,
We had a look on it during Debian BSP in Paris this week-end.
As commented in bug #766484 [1], this test fails since last openssl
upgrade to 1.0.1j-1.
I used debsnap to downgrade libssl-dev and libssl1.0.0. Build is
successfull up to libssl-dev 1.0.1i.
A patch [2] has been provided
Source: nodejs
Version: 0.10.29~dfsg-1
Severity: serious
Tags: jessie sid
User: debian...@lists.debian.org
Usertags: qa-ftbfs-20141108 qa-ftbfs
Justification: FTBFS in jessie on amd64
Hi,
During a rebuild of all packages in jessie (in a jessie chroot, not a
sid chroot), your package failed to
11 matches
Mail list logo