Your message dated Tue, 17 Jul 2007 06:17:03 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#433395: fixed in dar 2.3.4-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: dar
Version: 2.3.3-1
Severity: normal
A new upstream version of dar (2.3.4) has been released two weeks ago,
which fixes the weakened blowfish encryption code as discovered and
resolved by Dwayne C. Litzenberger.
However, there is a minor difference to the patch which is included
in the current Debian version (2.3.3-1). Instead of assigning the
fixed blowfish encryption mode a new cipher name (blowfish2), the
archive header version has been incremented, thus preserving
backwards compatibility.
With dar 2.3.4, archives created with a previous version will be
decrypted with the weakened blowfish cipher, while newly created
archives are decrypted in fixed blowfish mode cipher mode.
Unfortunately, this renders all encrypted archives created with
the current Debian version unreadable[1]. Thus, the package should
be updated to the latest upstream version as soon as possible.
(To paraphrase: There's a new upstream version available... ;-).)
Regards,
Peter
[1] Just for reference, the script I employed to fix my dar archives.
#!/usr/bin/python
#
# Fix dar archive header version
#
# Copyright (C) 2007 Peter Colberg <[EMAIL PROTECTED]>
# Licensed under the terms of the GNU General Public License.
#
# This script overwrites the dar archive header
# version for archives encrypted with the blowfish2
# cipher in Debian's dar version 2.3.3-1, thus
# making them readable by dar 2.3.4.
#
import sys, os
for fn in sys.argv[1:]:
f = os.open(fn, os.O_WRONLY)
os.lseek(f, 0x10, 0)
os.write(f, '06')
os.close(f)
--- End Message ---
--- Begin Message ---
Source: dar
Source-Version: 2.3.4-1
We believe that the bug you reported is fixed in the latest version of
dar, which is due to be installed in the Debian FTP archive:
dar-docs_2.3.4-1_all.deb
to pool/main/d/dar/dar-docs_2.3.4-1_all.deb
dar-static_2.3.4-1_i386.deb
to pool/main/d/dar/dar-static_2.3.4-1_i386.deb
dar_2.3.4-1.diff.gz
to pool/main/d/dar/dar_2.3.4-1.diff.gz
dar_2.3.4-1.dsc
to pool/main/d/dar/dar_2.3.4-1.dsc
dar_2.3.4-1_i386.deb
to pool/main/d/dar/dar_2.3.4-1_i386.deb
dar_2.3.4.orig.tar.gz
to pool/main/d/dar/dar_2.3.4.orig.tar.gz
libdar-dev_2.3.4-1_i386.deb
to pool/main/d/dar/libdar-dev_2.3.4-1_i386.deb
libdar64-4_2.3.4-1_i386.deb
to pool/main/d/dar/libdar64-4_2.3.4-1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Brian May <[EMAIL PROTECTED]> (supplier of updated dar package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 17 Jul 2007 09:53:54 +1000
Source: dar
Binary: dar-static libdar-dev dar libdar64-4 dar-docs
Architecture: source i386 all
Version: 2.3.4-1
Distribution: unstable
Urgency: low
Maintainer: Brian May <[EMAIL PROTECTED]>
Changed-By: Brian May <[EMAIL PROTECTED]>
Description:
dar - Disk ARchive: Backup directory tree and files
dar-docs - Disk ARchive: Backup directory tree and files
dar-static - Disk ARchive: Backup directory tree and files
libdar-dev - Disk ARchive: Development files for shared library
libdar64-4 - Disk ARchive: Shared library
Closes: 433395
Changes:
dar (2.3.4-1) unstable; urgency=low
.
* New upstream version (closes: 433395).
* Renders archives created with 2.3.3-1 unreadable.
* Please see http://bugs.debian.org/433395 for work around.
Files:
5cb2bba0197ee2d650e36d7946de6175 679 utils optional dar_2.3.4-1.dsc
270d0517afdcbb2fbca60d674b5ca4bc 1186874 utils optional dar_2.3.4.orig.tar.gz
82508ffda95ed3650bbc717f6f7275d7 3122 utils optional dar_2.3.4-1.diff.gz
dd8c4aba3b79ba9e1d9b45cfd9fcba9f 860182 doc optional dar-docs_2.3.4-1_all.deb
704d5c988e8034bbf89e07e5dd92b6fd 879744 devel optional
libdar-dev_2.3.4-1_i386.deb
a8fb452274a53e5ad1c9ffa753cb6f63 502924 libs optional
libdar64-4_2.3.4-1_i386.deb
4cb194cd306579be726956e50cb680eb 1213528 utils optional
dar-static_2.3.4-1_i386.deb
ff771d261e4cdca7cb4efab8c8950408 291040 utils optional dar_2.3.4-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGnEzKuCinHABTDCQRAsGQAKCUMmYZui2ty6SIIQrKwtJUmFgZggCeOvHO
ZFayqmNwkxsQ2XMRFmv9+98=
=pt1H
-----END PGP SIGNATURE-----
--- End Message ---
