Bug#498401: marked as done (irssi-plugin-otr truncates ~/.irssi/otr/otr.key during new key generation)

Mon, 19 Jan 2009 14:46:13 -0800 

Your message dated Mon, 19 Jan 2009 22:32:13 +0000
with message-id <[email protected]>
and subject line Bug#498401: fixed in irssi-plugin-otr 0.2+20090119-1
has caused the Debian Bug report #498401,
regarding irssi-plugin-otr truncates ~/.irssi/otr/otr.key during new key 
generation
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
498401: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498401
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: irssi-plugin-otr
Version: 0.2-1
Severity: normal

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I just tried out irssi-plugin-otr for the first time.  Very nice.  I'm
a little concerned about the behavior when using the plugin on
multiple networks, though, given that i've seen irssi itself crash in
the past.  In particular, i'm worried about the possibility of irssi
completely destroying the OTR private keystore.

Here's what i observed:

 * on first network where i tried to use OTR, there was a long lag
   during key generation (this is expected).

 * when the key was finally created, it populated ~/.irssi/otr/otr.key
   with the raw key material. (the ~/.irssi/otr directory should
   probably be created with mode 0700, btw).

 * When i tried to connect to a new network and to use OTR there, a
   new genkey operation started.

 * while this new genkey operation is underway, ~/.irssi/otr/otr.key
   is truncated to 0 length.

 * when the genkey completes, both keys get written back to
   ~/.irssi/otr/otr.key

If irssi crashes during this (lengthy) window, or if there's a power
failure, or whatever, it looks like all the previous private key
material will be destroyed permanently.  Since these are potentially
important credentials, it seems like it would be better for the OTR
plugin to modify the keyfile only *after* it completes the keygen.
And ideally, the operation would be an atomic one (create a new file,
and mv it into place?), to eliminate the window of possible failure.

Thanks for packaging this useful tool for debian!

Regards,

        --dkg

- -- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing'), (200, 'unstable'), (101, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages irssi-plugin-otr depends on:
ii  irssi                         0.8.12-4   terminal based IRC client
ii  libc6                         2.7-13     GNU C Library: Shared libraries
ii  libglib2.0-0                  2.16.4-2   The GLib library of C routines
ii  libotr2                       3.2.0-1    Off-the-Record Messaging library

irssi-plugin-otr recommends no packages.

irssi-plugin-otr suggests no packages.

- -- no debconf information

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQIVAwUBSMbIHszS7ZTSFznpAQJnkA//dt2tfO9ZlZAfp/udNEfHiYb15mK/DuJ2
Y18QDdDsuUuF0T/fxGdXq8iglOJTyYqdNj4Xcxa+lRwRe+TccZpJ9bv3fvooWxXs
vJxn3uOUhGPAOGRncYq/pxbO/e9BUvRM6XBHyeAXK0Op/G4qnvWb3QgMG7YfhqZX
ryChhoSeUPBMRKsNSCx7X7vkSRxg+Ha4YwtkM8YiAsK8sIb38pJb/+NxpnP+tZLG
R6ckhkPNVUoFNdVR+i4DWpl8v9y8Xr2y66UdKyshUuh6JrekZdBBNx5DwrJqF4Gq
KLcLfHubRLq4FyrHzh33+0CYxM/OXPkkgFuCwAysM0pgkglbGCFexSMR4/korju3
HV6PC9JaTPTIfmLYWUZEEjcn9s7aFQeR3/ib/z3WUPRGwtiMdJER4XcLV1+gMlZk
56aLgAuspWFDDJ0OfxUEosJqmTYZ2ClavB2Hw8VUIflR9q0wPbInrg8Vi73DJ4iS
CqH+sHTvkRB6WYDV/qNgw37VmHyOp6LR9RKSrZXX1jXKdvQJc9skOG/4J+ubK+5b
GXz7OO3SJ2pWE+tlyR4wMXaiYmFuYFImdGHtcFtCVarv2JPqcoCn3EvTb2NTeQkD
1eqmX3FKeInBc3mOUkMkcKVQrnKPUYiqjz8+UkCWe+xnVzwalbojaIJf7DpiqWFG
JSL1bhutg7Y=
=Um7m
-----END PGP SIGNATURE-----

--- End Message ---
--- Begin Message --- 
Source: irssi-plugin-otr
Source-Version: 0.2+20090119-1

We believe that the bug you reported is fixed in the latest version of
irssi-plugin-otr, which is due to be installed in the Debian FTP archive:

irssi-plugin-otr_0.2+20090119-1.diff.gz
  to pool/main/i/irssi-plugin-otr/irssi-plugin-otr_0.2+20090119-1.diff.gz
irssi-plugin-otr_0.2+20090119-1.dsc
  to pool/main/i/irssi-plugin-otr/irssi-plugin-otr_0.2+20090119-1.dsc
irssi-plugin-otr_0.2+20090119-1_i386.deb
  to pool/main/i/irssi-plugin-otr/irssi-plugin-otr_0.2+20090119-1_i386.deb
irssi-plugin-otr_0.2+20090119.orig.tar.gz
  to pool/main/i/irssi-plugin-otr/irssi-plugin-otr_0.2+20090119.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
David Spreen <[email protected]> (supplier of updated irssi-plugin-otr 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 19 Jan 2009 14:07:25 -0800
Source: irssi-plugin-otr
Binary: irssi-plugin-otr
Architecture: source i386
Version: 0.2+20090119-1
Distribution: experimental
Urgency: low
Maintainer: David Spreen <[email protected]>
Changed-By: David Spreen <[email protected]>
Description: 
 irssi-plugin-otr - Off-the-Record Messaging Plugin for Irssi
Closes: 498401 498502
Changes: 
 irssi-plugin-otr (0.2+20090119-1) experimental; urgency=low
 .
   * New git snapshot. (Closes: #498502, 498401)
   * debian/rules: Changed build-system to cdbs.
   * debian/control: Added cdbs build-dependency.
Checksums-Sha1: 
 651ac6913c552c97f8050bff3ffd682c48caab63 1211 
irssi-plugin-otr_0.2+20090119-1.dsc
 444253f028eb619ecc98bdf9996eceaef4c5f81e 29477 
irssi-plugin-otr_0.2+20090119.orig.tar.gz
 bde2ff7b137fccafb2cc9acc482303618028087a 2371 
irssi-plugin-otr_0.2+20090119-1.diff.gz
 1e07c97b4e2abd7ccaff66ea7c8f65e0c409ba39 21128 
irssi-plugin-otr_0.2+20090119-1_i386.deb
Checksums-Sha256: 
 ff9da4ababfe3f7946f9ad72d6e54f87c717daba1b414a1626b6fd0ca5db4132 1211 
irssi-plugin-otr_0.2+20090119-1.dsc
 babaf802f462a1e2f6ffd0ebb347f348c00e9ce1c60d574dc8123937ea3cca62 29477 
irssi-plugin-otr_0.2+20090119.orig.tar.gz
 22afb404ced2d9557cd4cd93047f57c76093693385828dbe3d2fc1ae73c09bd5 2371 
irssi-plugin-otr_0.2+20090119-1.diff.gz
 c11bcb53016aaab6ecd2b985b208888947d46ad15e1f47806179069d38976b07 21128 
irssi-plugin-otr_0.2+20090119-1_i386.deb
Files: 
 9e9a82a40f7034a3cb47f04d0c7f4982 1211 net optional 
irssi-plugin-otr_0.2+20090119-1.dsc
 f43d527c6ce5e8c20076471af65fa891 29477 net optional 
irssi-plugin-otr_0.2+20090119.orig.tar.gz
 1cca17968558f3679f3973587ccfe316 2371 net optional 
irssi-plugin-otr_0.2+20090119-1.diff.gz
 004c5ce24fa2bf4b80c8f72a2d04404b 21128 net optional 
irssi-plugin-otr_0.2+20090119-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkl0+k0ACgkQdhEvvPyx3SOvfwCgkry+OsCnFmO44UpCyNZxFOI+
qbMAnAhKXH5ktI/xyRevGsgz7Mfx8MW2
=Hxc4
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to