On Sat, Jul 25, 2015 at 10:48:51AM +0200, Kurt Roeckx <k...@roeckx.be> wrote: > > upgrading libssl1.0.0 from 1.0.1k-3+deb8u1 to 1.0.2d-1 breaks HMAC > > authentication in a gvpe compiled with 1.0.1k-3. > > I will need more information other than that it doesn't work.
Just ask, but without knowing what you want to know (you haven't said anything), I can only guess. > I don't have any idea who gvpe works. Well, many people "work gvpe". Maybe you meant "how"? gvpe uses openssl's HMAC (by default hmac-sha512) to verify packet integrity, and when upgrading libssl to 1.0.2d-1, for some connections, every packet gets a HMAC authentication error (causing complete loss of connectivity) that goes away once libssl is downgraded again. > > Since the ABI was apparently broken before (#788511), chances are high > > that the fix in 1.0.2d-1 isn't effective and 1.0.2d-1 is still ABI > > incompatible to the version in jessie. > > This is very unlikely. But if it's really the case rebuilding > against that version should fix the issue. I think you are not understanding the problem on a very basic level here - rebuilding a program using a shared library will not and can not fix bugs in that library. If libssl 1.0.2d-1 is incompatible to 1.0.1k-3 w.r.t. HMAC generation, then the only way to fix this is to patch and fix libssl, OR bump the soname, to indicate an incompatible version. -- The choice of a Deliantra, the free code+content MORPG -----==- _GNU_ http://www.deliantra.net ----==-- _ generation ---==---(_)__ __ ____ __ Marc Lehmann --==---/ / _ \/ // /\ \/ / schm...@schmorp.de -=====/_/_//_/\_,_/ /_/\_\ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org