Debian Bug report logs -
#788511
openssl: breaks ABI
Reported by: Kurt Roeckx <kurt@roeckx.be>
Date: Fri, 12 Jun 2015 06:33:02 UTC
Severity: serious
Merged with 788567
Found in version openssl/1.0.2b-1
Fixed in version openssl/1.0.2c-1
Done: kurt@roeckx.be (Kurt Roeckx)
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>:
Bug#788511; Package openssl.
(Fri, 12 Jun 2015 06:33:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Kurt Roeckx <kurt@roeckx.be>:
New Bug report received and forwarded. Copy sent to Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>.
(Fri, 12 Jun 2015 06:33:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: openssl
Version: 1.0.2b-1
Severity: serious
The HMAC_CTX structure added a new field at the end increasing
it's size. This can break applications that allocate it on the
stack.
It looks like at least OpenSSH 4.7 through 6.5 on 32 bit platforms
are affected.
Kurt
Reply sent
to Kurt Roeckx <kurt@roeckx.be>:
You have taken responsibility.
(Fri, 12 Jun 2015 18:51:07 GMT) (full text, mbox, link).
Notification sent
to Kurt Roeckx <kurt@roeckx.be>:
Bug acknowledged by developer.
(Fri, 12 Jun 2015 18:51:08 GMT) (full text, mbox, link).
Message #10 received at 788511-close@bugs.debian.org (full text, mbox, reply):
Source: openssl
Source-Version: 1.0.2c-1
We believe that the bug you reported is fixed in the latest version of
openssl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 788511@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Kurt Roeckx <kurt@roeckx.be> (supplier of updated openssl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 12 Jun 2015 20:35:12 +0200
Source: openssl
Binary: openssl libssl1.0.0 libcrypto1.0.0-udeb libssl-dev libssl-doc libssl1.0.0-dbg
Architecture: source amd64 all
Version: 1.0.2c-1
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <kurt@roeckx.be>
Description:
libcrypto1.0.0-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
libssl-dev - Secure Sockets Layer toolkit - development files
libssl-doc - Secure Sockets Layer toolkit - development documentation
libssl1.0.0 - Secure Sockets Layer toolkit - shared libraries
libssl1.0.0-dbg - Secure Sockets Layer toolkit - debug information
openssl - Secure Sockets Layer toolkit - cryptographic utility
Closes: 788511
Changes:
openssl (1.0.2c-1) unstable; urgency=medium
.
* New upstream version
- Fixes ABI (Closes: #788511)
Checksums-Sha1:
3d7a390fc4008aac6c6d035cce2447f51885ba3e 2227 openssl_1.0.2c-1.dsc
6e4a5e91159eb32383296c7c83ac0e59b83a0a44 5280670 openssl_1.0.2c.orig.tar.gz
fd0447c02649fdf271cb685048eb4a6e621b87d6 75220 openssl_1.0.2c-1.debian.tar.xz
66fcb9ba5e6c1219c851217d7d3aeba6de8e4f33 863850 libcrypto1.0.0-udeb_1.0.2c-1_amd64.udeb
91f25200ae56c7458deb72a0e7ef0fdc2d19039f 1529554 libssl-dev_1.0.2c-1_amd64.deb
e300a38df856a219633780e69e2da528b3e72563 1241334 libssl-doc_1.0.2c-1_all.deb
2727f129df6e1ca5aaf6ca9c57a4d024b28e8ffc 2956384 libssl1.0.0-dbg_1.0.2c-1_amd64.deb
1d49b16ed35ad43e5a6e8699549d79b2fc598af4 1272774 libssl1.0.0_1.0.2c-1_amd64.deb
03299575a9cac949f0b06a7fc1f2c57c8baa695b 695058 openssl_1.0.2c-1_amd64.deb
Checksums-Sha256:
4abf4d8348ce18a4ae8adc593bbb124fb2a13cec1a23f522d276f4ca0cd9eeca 2227 openssl_1.0.2c-1.dsc
0038ba37f35a6367c58f17a7a7f687953ef8ce4f9684bbdec63e62515ed36a83 5280670 openssl_1.0.2c.orig.tar.gz
2f3e59c516a3bb52d0f13e6996ff24d9d658c98c329149fbb2cc5d357d665ad8 75220 openssl_1.0.2c-1.debian.tar.xz
a72675d3654b3e5813c31679d01d4c02af98ad6d7ceb744931200bd445d399e5 863850 libcrypto1.0.0-udeb_1.0.2c-1_amd64.udeb
916ef3bdba2b05b93e41b1abac72c6276333a1212be5169dc980f53dca65a500 1529554 libssl-dev_1.0.2c-1_amd64.deb
d4061f1c297d42007caa433e328eaddc09a09e68410cd4cd5f674f7bc0c5de96 1241334 libssl-doc_1.0.2c-1_all.deb
a4162c4519cd6d34d9094469a789801aea77b02bf6ef5b7e80d8def0338799d4 2956384 libssl1.0.0-dbg_1.0.2c-1_amd64.deb
8dfe2e2b5c2acd5bef70e152389b815d695bf325f8fc2e8d4f40ecd6976042fd 1272774 libssl1.0.0_1.0.2c-1_amd64.deb
9466fe5a2138535bf43cfc390c1be1799f2f5ef72857a2c3573fc66a649bb5fb 695058 openssl_1.0.2c-1_amd64.deb
Files:
e18e1b5010b5f4fc2d226cd62de4abbf 2227 utils optional openssl_1.0.2c-1.dsc
8c8d81a9ae7005276e486702edbcd4b6 5280670 utils optional openssl_1.0.2c.orig.tar.gz
7467f3566ab23c5e2aea6f74543621a4 75220 utils optional openssl_1.0.2c-1.debian.tar.xz
326a1d7217c939a8a109eaa189648cd2 863850 debian-installer optional libcrypto1.0.0-udeb_1.0.2c-1_amd64.udeb
f728e4cd1331ebc8edc46693ec900676 1529554 libdevel optional libssl-dev_1.0.2c-1_amd64.deb
e5e374a399b98d08c51904bee25a1de9 1241334 doc optional libssl-doc_1.0.2c-1_all.deb
d9db026697d6aa4f2daf3e0955c6cc01 2956384 debug extra libssl1.0.0-dbg_1.0.2c-1_amd64.deb
6b2a47f599fb6a6dade583cd5d3c9679 1272774 libs important libssl1.0.0_1.0.2c-1_amd64.deb
0040fd60119b5b5bd04b266b5ab4ef92 695058 utils optional openssl_1.0.2c-1_amd64.deb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJVeyh0AAoJEOPE3c0eTBJEpVEQAK+S3Lh01CcdhWgdsRY+dPpU
v+pea8ZUWyFkixIBrtLZHnJ1sMJOPZ64h6IKikdhMPNYE25ADW4+iHFhBbyChV8n
HVQPp+c6wyzdxMi+gFgPANdaiasclZqbnCBo4DXT6txjzstiV2KPlpBkt41z8DtA
bs4X4FYkljA1FVDAgiWktTrmottOgxq8HcNTvJISK9n+7rIKj05sCc8FNBh6Opn1
ZpHzwbtBsbFD/bG1J5qFtKWmcdq2pw16CE+5G8Ssdzcs3jcDUr3/jRom4B5M7Bw4
8WRj3ndnr3Dot+a1AUyzbp7QX+E0k0QVSUXm4W1sVgg7c1RVFPKNwl8FJrTCRrj4
cRzc4mEOGR8YA/lCzKerLbzaPg0wUE8UIbdVhbh6nhkhTLCeMBlGvSNETB5roE0a
6RqamQWEQxtqDNymwHnUJDZtWPKXcBhWgO0a/F6iuCKVPozFXBws58QReGJgCvV3
2gszo5gfmcCXef2wCJKqStyzwRTvKuccjiw8yjixoVMAKcgOei4uW3pfGud9hldu
W5djuzwmKwjplwefN4UyS9flEFB14SZ/1xmx4JSMvm/zP4KjI+lQwHYHyZnYr3xG
5juMyy0KkLZKT8ZBuVINJBCygBhwkXeW7jiDoa0RmhJtegDx8fWXg4IGvbU+lgTq
0BfgR2TZk8tgmHk87Xa8
=Yoq2
-----END PGP SIGNATURE-----
Bug reopened
Request was from kurt@roeckx.be (Kurt Roeckx)
to control@bugs.debian.org.
(Sat, 13 Jun 2015 09:15:08 GMT) (full text, mbox, link).
No longer marked as fixed in versions openssl/1.0.2c-1.
Request was from kurt@roeckx.be (Kurt Roeckx)
to control@bugs.debian.org.
(Sat, 13 Jun 2015 09:15:09 GMT) (full text, mbox, link).
Marked as fixed in versions openssl/1.0.2c-1.
Request was from kurt@roeckx.be (Kurt Roeckx)
to control@bugs.debian.org.
(Sat, 13 Jun 2015 09:15:12 GMT) (full text, mbox, link).
Merged 788511 788567
Request was from kurt@roeckx.be (Kurt Roeckx)
to control@bugs.debian.org.
(Sat, 13 Jun 2015 09:15:13 GMT) (full text, mbox, link).
Marked Bug as done
Request was from kurt@roeckx.be (Kurt Roeckx)
to control@bugs.debian.org.
(Sun, 19 Jul 2015 21:03:06 GMT) (full text, mbox, link).
Notification sent
to Kurt Roeckx <kurt@roeckx.be>:
Bug acknowledged by developer.
(Sun, 19 Jul 2015 21:03:07 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 17 Aug 2015 07:26:00 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Thu Jan 4 06:00:46 2018;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.