reopen 768681
severity 768681 important
thanks
On Wed, Dec 17, 2014 at 08:02:30AM +0100, Paul Gevers wrote:
> On 16-12-14 22:53, Kurt Roeckx wrote:
> > Which upstream?
>
> I meant openssl, as I thought William was referring to that.
>
> > Upsteam openssl is saying that this is intentional behavi
On 16-12-14 22:53, Kurt Roeckx wrote:
> Which upstream?
I meant openssl, as I thought William was referring to that.
> Upsteam openssl is saying that this is intentional behaviour, and
> as such I won't be fixing this.
Ok. So I suggest to tag this bug as wontfix, and depending on how you as
a te
On Tue, Dec 16, 2014 at 10:15:51PM +0100, Paul Gevers wrote:
> Control: tags -1 patch
>
> Hi William
>
> On Sun, 16 Nov 2014 18:28:05 +0100 William Bonnet
> wrote:
> > > If it is double-checked with upstream, then this bug report
> > > should be reassigned to openssl package.
> > I'll do it as s
Control: tags -1 patch
Hi William
On Sun, 16 Nov 2014 18:28:05 +0100 William Bonnet
wrote:
> > If it is double-checked with upstream, then this bug report
> > should be reassigned to openssl package.
> I'll do it as soon as upstream answer to my bug report.
I tried to find the openssl bug you s
Hi Kurt
> I think not returning which error occurred is actually intentional,
since you might
> leak that information and turn it into a padding oracle.
> But I'll check what the others thinks
Thanks for the feedback.
I have thought of the padding oracle attack, but since all others errors
have
On Sun, Nov 16, 2014 at 06:28:05PM +0100, William Bonnet wrote:
>
> NodeJs is expecting to have this test to fail, which is ok, but it is
> also checking for the failure reason. Since the EVPerr is not called
> before returning the computed zero value, openssl return an undefined
> failure reason.
Hi Jérémy
> I'm pretty amazed the problem comes from openssl.
So am i. But after analyzing the problem it really makes sense, let me
try to be more clear.
> Did you check upstream openssl ? maybe it's a known bug,
> so the "Origin" field could link to it, ideally.
I did checked upstream, and the p
Le dimanche 16 novembre 2014 à 14:43 +0100, William Bonnet a écrit :
> Hi,
>
> I would like to submit a patch to openssl in order to fix this issue. This
> patch is fixing a missing error code in the EVP_DecryptFinal_ex function
> which cause the failure of the NodeJS unit test.
>
> During the l
Hi,
I would like to submit a patch to openssl in order to fix this issue. This
patch is fixing a missing error code in the EVP_DecryptFinal_ex function
which cause the failure of the NodeJS unit test.
During the latest Debian Bug Squashing Party i was working on NodeJS
packaging with Jean Baptis
Hello,
We had a look on it during Debian BSP in Paris this week-end.
As commented in bug #766484 [1], this test fails since last openssl
upgrade to 1.0.1j-1.
I used debsnap to downgrade libssl-dev and libssl1.0.0. Build is
successfull up to libssl-dev 1.0.1i.
A patch [2] has been provided upstrea
Source: nodejs
Version: 0.10.29~dfsg-1
Severity: serious
Tags: jessie sid
User: debian...@lists.debian.org
Usertags: qa-ftbfs-20141108 qa-ftbfs
Justification: FTBFS in jessie on amd64
Hi,
During a rebuild of all packages in jessie (in a jessie chroot, not a
sid chroot), your package failed to bui
11 matches
Mail list logo
