-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi,
Am So den 28. Feb 2010 um 13:28 schrieb Kurt Roeckx: > On Sun, Feb 28, 2010 at 09:18:11AM +0100, Klaus Ethgen wrote: > > Package: openssl > > Version: 0.9.8m-1 > > Severity: critical > > > > The newest update of openssl breaks encryption software like encfs to > > shred data on the end of many files. > > > > This is a serious data lost! > > Can you provide more information about this? Sorry, I have no idea. I just downgraded back to release 0.9.8k-8 and pinned the version 0.9.8m-1 as bad. As I wrote the error happens at the end of some files on a encfs encrypted filesystem. The file just have garbage there. I have no idea what might trigger the bug but the reproducing should be easy: - - install openssl and libssl0.9.8 before version 0.9.8m-1 - - Create a encfs dir (I use ssl/blowfish as cipher) - - Put some files from several bytes to several kilobytes into that directory - - Upgrade to version 0.9.8m-1 of openssl - - Mount and verify the files in the encfs container Some errors I remember: - - File length 362, just text was corrupted after around byte 320. - - File length 3134, secring.gpg from gpg was corrupted at unknown position. - - The rtorrent cache and some torrent files as well as some of the files therein was corrupted. I hope that will help to reproduce the bug. Maybe you can bisect it. Regards Klaus - -- Klaus Ethgen http://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <kl...@ethgen.de> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEVAwUBS4poNp+OKpjRpO3lAQqFdAf/fBRcXm4r9BLr8PhMdkQ9gMsZH4namoZc IfhS/a83LTJHcy/CFMDgTr//tU4gsWtumtauJ9M8IYon1HxDn5XczVcWMq85MZg4 JQ3jWanLHswymptHnT7P731OUIy0IdtGvtlFp+Jk61ZVOja5i5XNtlM5bEn/E8Ca rgoxZ5QH8NUCwYLA39FS2mr0LCfyUlnbyu7OLrkwBJq4XQLnfjHmpICRjY7vj0Ak OOA4hB2ZwL+MGwqDwnq28ekSDGvh4bdWjJfZRAEtBPtnyo9U6t2TEB0JTnO+H5NV mdRpzIl4+paJQc489ZBNdKAoy6FM5/uCxCPrdcdVOBoj6ovxiC560g== =98eZ -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
