Debian Bug report logs -
#433395
dar: New upstream version with incremented archive header version due to fixed blowfish encryption cipher.
Reported by: Peter Colberg <peterco@gmx.net>
Date: Mon, 16 Jul 2007 21:57:01 UTC
Severity: normal
Found in version dar/2.3.3-1
Fixed in version dar/2.3.4-1
Done: Brian May <bam@snoopy.debian.net>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to
debian-bugs-dist@lists.debian.org, Brian May <bam@snoopy.debian.net>:
Bug#433395; Package
dar.
Full text and
rfc822 format available.
Acknowledgement sent to
Peter Colberg <peterco@gmx.net>:
New Bug report received and forwarded. Copy sent to
Brian May <bam@snoopy.debian.net>.
Full text and
rfc822 format available.
Message #5 received at submit@bugs.debian.org (full text, mbox):
Package: dar
Version: 2.3.3-1
Severity: normal
A new upstream version of dar (2.3.4) has been released two weeks ago,
which fixes the weakened blowfish encryption code as discovered and
resolved by Dwayne C. Litzenberger.
However, there is a minor difference to the patch which is included
in the current Debian version (2.3.3-1). Instead of assigning the
fixed blowfish encryption mode a new cipher name (blowfish2), the
archive header version has been incremented, thus preserving
backwards compatibility.
With dar 2.3.4, archives created with a previous version will be
decrypted with the weakened blowfish cipher, while newly created
archives are decrypted in fixed blowfish mode cipher mode.
Unfortunately, this renders all encrypted archives created with
the current Debian version unreadable[1]. Thus, the package should
be updated to the latest upstream version as soon as possible.
(To paraphrase: There's a new upstream version available... ;-).)
Regards,
Peter
[1] Just for reference, the script I employed to fix my dar archives.
#!/usr/bin/python
#
# Fix dar archive header version
#
# Copyright (C) 2007 Peter Colberg <peterco@gmx.net>
# Licensed under the terms of the GNU General Public License.
#
# This script overwrites the dar archive header
# version for archives encrypted with the blowfish2
# cipher in Debian's dar version 2.3.3-1, thus
# making them readable by dar 2.3.4.
#
import sys, os
for fn in sys.argv[1:]:
f = os.open(fn, os.O_WRONLY)
os.lseek(f, 0x10, 0)
os.write(f, '06')
os.close(f)
Reply sent to
Brian May <bam@snoopy.debian.net>:
You have taken responsibility.
Full text and
rfc822 format available.
Notification sent to
Peter Colberg <peterco@gmx.net>:
Bug acknowledged by developer.
Full text and
rfc822 format available.
Message #10 received at 433395-close@bugs.debian.org (full text, mbox):
Source: dar
Source-Version: 2.3.4-1
We believe that the bug you reported is fixed in the latest version of
dar, which is due to be installed in the Debian FTP archive:
dar-docs_2.3.4-1_all.deb
to pool/main/d/dar/dar-docs_2.3.4-1_all.deb
dar-static_2.3.4-1_i386.deb
to pool/main/d/dar/dar-static_2.3.4-1_i386.deb
dar_2.3.4-1.diff.gz
to pool/main/d/dar/dar_2.3.4-1.diff.gz
dar_2.3.4-1.dsc
to pool/main/d/dar/dar_2.3.4-1.dsc
dar_2.3.4-1_i386.deb
to pool/main/d/dar/dar_2.3.4-1_i386.deb
dar_2.3.4.orig.tar.gz
to pool/main/d/dar/dar_2.3.4.orig.tar.gz
libdar-dev_2.3.4-1_i386.deb
to pool/main/d/dar/libdar-dev_2.3.4-1_i386.deb
libdar64-4_2.3.4-1_i386.deb
to pool/main/d/dar/libdar64-4_2.3.4-1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 433395@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Brian May <bam@snoopy.debian.net> (supplier of updated dar package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 17 Jul 2007 09:53:54 +1000
Source: dar
Binary: dar-static libdar-dev dar libdar64-4 dar-docs
Architecture: source i386 all
Version: 2.3.4-1
Distribution: unstable
Urgency: low
Maintainer: Brian May <bam@snoopy.debian.net>
Changed-By: Brian May <bam@snoopy.debian.net>
Description:
dar - Disk ARchive: Backup directory tree and files
dar-docs - Disk ARchive: Backup directory tree and files
dar-static - Disk ARchive: Backup directory tree and files
libdar-dev - Disk ARchive: Development files for shared library
libdar64-4 - Disk ARchive: Shared library
Closes: 433395
Changes:
dar (2.3.4-1) unstable; urgency=low
.
* New upstream version (closes: 433395).
* Renders archives created with 2.3.3-1 unreadable.
* Please see http://bugs.debian.org/433395 for work around.
Files:
5cb2bba0197ee2d650e36d7946de6175 679 utils optional dar_2.3.4-1.dsc
270d0517afdcbb2fbca60d674b5ca4bc 1186874 utils optional dar_2.3.4.orig.tar.gz
82508ffda95ed3650bbc717f6f7275d7 3122 utils optional dar_2.3.4-1.diff.gz
dd8c4aba3b79ba9e1d9b45cfd9fcba9f 860182 doc optional dar-docs_2.3.4-1_all.deb
704d5c988e8034bbf89e07e5dd92b6fd 879744 devel optional libdar-dev_2.3.4-1_i386.deb
a8fb452274a53e5ad1c9ffa753cb6f63 502924 libs optional libdar64-4_2.3.4-1_i386.deb
4cb194cd306579be726956e50cb680eb 1213528 utils optional dar-static_2.3.4-1_i386.deb
ff771d261e4cdca7cb4efab8c8950408 291040 utils optional dar_2.3.4-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGnEzKuCinHABTDCQRAsGQAKCUMmYZui2ty6SIIQrKwtJUmFgZggCeOvHO
ZFayqmNwkxsQ2XMRFmv9+98=
=pt1H
-----END PGP SIGNATURE-----
Bug archived.
Request was from
Debbugs Internal Request <owner@bugs.debian.org>
to
internal_control@bugs.debian.org.
(Sat, 25 Aug 2007 07:31:28 GMT)
Full text and
rfc822 format available.
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Tue Feb 9 19:42:13 2010;
Machine Name:
busoni.debian.org
Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.