Package: libsodium13 Version: 1.0.0-1 Severity: important File: libsodium Dear Maintainer,
The version of libsodium you install on Debian is out of date. The current version supports overlapping encrypt and decrypt buffers (e.g. encrypt and decrypt in place), but when this is attempted with the version that is installed in Debian it corrupts the buffer on decrypt (without noting any error). This has wasted an incredible amount of time, and all future users of Debian are likely to encounter this same issue, because they expect overlapping decrypt/encrypt buffers to work (per-documentation). Please package up a newer version of libsodium with the support for overlapping buffers, else users of libsodium on Debian are going to be scratching their heads and wasting time with an advertised feature that works everywhere else, but corrupts data on debian after compressing and decompressing it. -- System Information: Debian Release: 8.4 APT prefers oldstable-updates APT policy: (500, 'oldstable-updates'), (500, 'stable'), (500, 'oldstable') Architecture: amd64 (x86_64) Kernel: Linux 4.1.5-x86_64-linode61 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages libsodium13:amd64 depends on: ii libc6 2.19-18+deb8u4 ii multiarch-support 2.19-18+deb8u4 libsodium13:amd64 recommends no packages. libsodium13:amd64 suggests no packages. -- no debconf information
