Bug#575038: marked as done (libgcrypt11: tiger192 message digest does not agree with other implementations)

Debian Bug Tracking System Sat, 17 Jul 2010 06:48:34 -0700

Your message dated Sat, 17 Jul 2010 13:47:19 +0000
with message-id <[email protected]>
and subject line Bug#575038: fixed in libgcrypt11 1.4.6-1
has caused the Debian Bug report #575038,
regarding libgcrypt11: tiger192 message digest does not agree with other 
implementations
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
575038: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575038
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: libgcrypt11
Version: 1.4.5-2
Severity: normal

libgcrypt's tiger192 message digest implementation doesn't appear to
match the output / test vectors used by other implementations.

This was reported to upstream back in November, with no response:

http://lists.gnupg.org/pipermail/gcrypt-devel/2009-November/001512.html

If this digest is commonly used by any implementation, i don't know
about it (http://source.debian.net/source appears to be offline, so i
can't do a full search right now).

If no one is inclined to resolve the problem, i think disabling the
cipher in debian's gcrypt packages might be reasonable.  shipping
non-standard implementations of a digest algorithm seems worse than
not shipping them at all.

    --dkg

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-trunk-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libgcrypt11 depends on:
ii  libc6                         2.10.2-6   Embedded GNU C Library: Shared lib
ii  libgpg-error0                 1.6-1      library for common error values an

libgcrypt11 recommends no packages.

Versions of packages libgcrypt11 suggests:
pn  rng-tools                     <none>     (no description available)

-- no debconf information

--- End Message ---

--- Begin Message ---

Source: libgcrypt11
Source-Version: 1.4.6-1

We believe that the bug you reported is fixed in the latest version of
libgcrypt11, which is due to be installed in the Debian FTP archive:

libgcrypt11-dbg_1.4.6-1_i386.deb
  to main/libg/libgcrypt11/libgcrypt11-dbg_1.4.6-1_i386.deb
libgcrypt11-dev_1.4.6-1_i386.deb
  to main/libg/libgcrypt11/libgcrypt11-dev_1.4.6-1_i386.deb
libgcrypt11-doc_1.4.6-1_all.deb
  to main/libg/libgcrypt11/libgcrypt11-doc_1.4.6-1_all.deb
libgcrypt11_1.4.6-1.debian.tar.gz
  to main/libg/libgcrypt11/libgcrypt11_1.4.6-1.debian.tar.gz
libgcrypt11_1.4.6-1.dsc
  to main/libg/libgcrypt11/libgcrypt11_1.4.6-1.dsc
libgcrypt11_1.4.6-1_i386.deb
  to main/libg/libgcrypt11/libgcrypt11_1.4.6-1_i386.deb
libgcrypt11_1.4.6.orig.tar.bz2
  to main/libg/libgcrypt11/libgcrypt11_1.4.6.orig.tar.bz2



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Metzler <[email protected]> (supplier of updated libgcrypt11 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Format: 1.8
Date: Sat, 17 Jul 2010 15:15:09 +0200
Source: libgcrypt11
Binary: libgcrypt11-doc libgcrypt11-dev libgcrypt11-dbg libgcrypt11
Architecture: source all i386
Version: 1.4.6-1
Distribution: experimental
Urgency: low
Maintainer: Debian GnuTLS Maintainers <[email protected]>
Changed-By: Andreas Metzler <[email protected]>
Description: 
 libgcrypt11 - LGPL Crypto library - runtime library
 libgcrypt11-dbg - LGPL Crypto library - debugger files
 libgcrypt11-dev - LGPL Crypto library - development files
 libgcrypt11-doc - LGPL Crypto library - documentation
Closes: 575038
Changes: 
 libgcrypt11 (1.4.6-1) experimental; urgency=low
 .
   * New upstream version.
   * Drop debian/patches/20_ftbfsmips.diff, included upstream.
   * Includes tiger message-digest variant with commonly used output print
     order. Closes: #575038
   * Interface extended (GCRY_MD_TIGER1 GCRY_MD_TIGER2
     GCRY_CIPHER_MODE_AESWRAP), bump shlibs.
   * Policy 3.9. I have kept the conflicts for libgcrypt{,7}-{doc,dev}
     unchanged instead of trying to convert them to Breaks. These would only
     trigger on upgrades from installations older than Sarge (3.1).
Checksums-Sha1: 
 c473369b780b007c36d1fd9655aad3a75506903d 1588 libgcrypt11_1.4.6-1.dsc
 445b9e158aaf91e24eae3d1040c6213e9d9f5ba6 1151877 libgcrypt11_1.4.6.orig.tar.bz2
 09fadb9403ad2264c9458851239eba020e49918c 11916 
libgcrypt11_1.4.6-1.debian.tar.gz
 28d754de51f479afd5ef9645a5670813acd394b6 671868 libgcrypt11-doc_1.4.6-1_all.deb
 41782e7ef388eb4e339f184f4e4b5402671d7968 363026 
libgcrypt11-dev_1.4.6-1_i386.deb
 82875761dbd678a453eebd369bafcf202bab4d92 363176 
libgcrypt11-dbg_1.4.6-1_i386.deb
 c46fc0df9aae394184c378633efc2d4f83d9b11b 267598 libgcrypt11_1.4.6-1_i386.deb
Checksums-Sha256: 
 905be41c4babefab63dc25466f76cc388d59a72a43d65a4eda2f80180875bbc5 1588 
libgcrypt11_1.4.6-1.dsc
 3e4b30da6b357b565333d0222133b64a0414be99ba72733081165c8ea9bc6b85 1151877 
libgcrypt11_1.4.6.orig.tar.bz2
 c86a2ac4c556e69b8e946f6a47f9566724f23deb8438811fa61847e12bddbe70 11916 
libgcrypt11_1.4.6-1.debian.tar.gz
 92b63d18538001edc03953e4d2347b79869324a471f80e880d65beb43464313f 671868 
libgcrypt11-doc_1.4.6-1_all.deb
 c6252e02d67368c8595c998267108c86c450bb77ed988c98408815528730e47e 363026 
libgcrypt11-dev_1.4.6-1_i386.deb
 5b602ef487ad90907c011591541b06b57ed539022c149e61dfa702396a243ff6 363176 
libgcrypt11-dbg_1.4.6-1_i386.deb
 a63f61c2f593c9b26b529e41d02d34974031bfedf9fb6f328c1283c6f961f503 267598 
libgcrypt11_1.4.6-1_i386.deb
Files: 
 8b6ce1f77e2b3473e029e01fb287d95b 1588 libs optional libgcrypt11_1.4.6-1.dsc
 dbf99425a4fe9217c84ce3a35d938634 1151877 libs optional 
libgcrypt11_1.4.6.orig.tar.bz2
 45742c9af0492646ea19ab45d2b6a65b 11916 libs optional 
libgcrypt11_1.4.6-1.debian.tar.gz
 2657f076972617859041690fc5a17c87 671868 doc optional 
libgcrypt11-doc_1.4.6-1_all.deb
 2bc1e0ec74df9df57a44f7e5378e1c05 363026 libdevel optional 
libgcrypt11-dev_1.4.6-1_i386.deb
 e0cf13fd22e560ab714411e49bf0d38e 363176 debug extra 
libgcrypt11-dbg_1.4.6-1_i386.deb
 abfde6df11da95563afb22ca4336b49c 267598 libs standard 
libgcrypt11_1.4.6-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEAREDAAYFAkxBregACgkQHTOcZYuNdmOpJQCgjQ116zNrQSt1TMRzbarPqJYi
VsoAniY82CG4P1p8Yp/gJNkJYiXRwHxU
=ZKOt
-----END PGP SIGNATURE-----

--- End Message ---

Bug#575038: marked as done (libgcrypt11: tiger192 message digest does not agree with other implementations)

Reply via email to