Bug#556939: marked as done (libgfshare-bin: can produce broken shares containing foo.000)

[Debian Bug Tracking System]

Your message dated Thu, 19 Nov 2009 00:33:19 +0000
with message-id <e1nauxb-0003qf...@ries.debian.org>
and subject line Bug#556939: fixed in libgfshare 1.0.2-3
has caused the Debian Bug report #556939,
regarding libgfshare-bin: can produce broken shares containing foo.000
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
556939: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=556939
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: libgfshare-bin
Version: 1.0.2-1
Severity: critical

Well, the subject basically says it all. Severity critical as even the
package description suggests using it for cryptographic keys, which
the access to large amounts of data can depend on, in which case the
inability to reconstruct the key could result in massive data loss.

Test case:

while :; do
        mkdir 8ec81f75-3bc9-4b95-812d-41ca28365aad || exit 1
        echo | gfsplit /dev/stdin 8ec81f75-3bc9-4b95-812d-41ca28365aad/x
        rm `ls 8ec81f75-3bc9-4b95-812d-41ca28365aad/x.* | tail -2`
        [ "`gfcombine -o /dev/stdout 8ec81f75-3bc9-4b95-812d-41ca28365aad/x.* | 
md5sum`" = '68b329da9893e34099c7d8ad5cb9c940  -' ] && echo OK || echo ERR
        rm -rf 8ec81f75-3bc9-4b95-812d-41ca28365aad
        sleep 1
done

--- End Message ---

--- Begin Message ---

Source: libgfshare
Source-Version: 1.0.2-3

We believe that the bug you reported is fixed in the latest version of
libgfshare, which is due to be installed in the Debian FTP archive:

libgfshare-bin_1.0.2-3_i386.deb
  to main/libg/libgfshare/libgfshare-bin_1.0.2-3_i386.deb
libgfshare-dbg_1.0.2-3_i386.deb
  to main/libg/libgfshare/libgfshare-dbg_1.0.2-3_i386.deb
libgfshare-dev_1.0.2-3_i386.deb
  to main/libg/libgfshare/libgfshare-dev_1.0.2-3_i386.deb
libgfshare1_1.0.2-3_i386.deb
  to main/libg/libgfshare/libgfshare1_1.0.2-3_i386.deb
libgfshare_1.0.2-3.diff.gz
  to main/libg/libgfshare/libgfshare_1.0.2-3.diff.gz
libgfshare_1.0.2-3.dsc
  to main/libg/libgfshare/libgfshare_1.0.2-3.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 556...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Simon McVittie <s...@debian.org> (supplier of updated libgfshare package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 19 Nov 2009 00:06:42 +0000
Source: libgfshare
Binary: libgfshare-bin libgfshare1 libgfshare-dev libgfshare-dbg
Architecture: source i386
Version: 1.0.2-3
Distribution: unstable
Urgency: medium
Maintainer: Simon McVittie <s...@debian.org>
Changed-By: Simon McVittie <s...@debian.org>
Description: 
 libgfshare-bin - utilities for multi-way secret-sharing
 libgfshare-dbg - library for multi-way secret-sharing (debug symbols)
 libgfshare-dev - library for multi-way secret-sharing (headers)
 libgfshare1 - library for multi-way secret-sharing
Closes: 556939
Changes: 
 libgfshare (1.0.2-3) unstable; urgency=medium
 .
   * debian/patches/100[1-4]*.patch: don't produce broken share number 000 from
     gfsplit, don't allow the library to produce it either, make gfcombine
     fail more usefully if one is used, and explain how to recover
     (Closes: #556939)
   * debian/NEWS: explain how to recover from foo.000 shares
   * Build-depend on autotools-dev to get updated config.{guess,sub}, to be
     nice to avr32 porters
   * Remove duplicate Priority field from control
   * Run basic tests during the build
   * Standards-Version: 3.8.3
     - move -dbg package to debug section
Checksums-Sha1: 
 5123b82cd4b04b974f0368db69ffe2c3e1924bd2 1773 libgfshare_1.0.2-3.dsc
 c1f10477ab652304eb88763f3b511f4915fc5355 6793 libgfshare_1.0.2-3.diff.gz
 192ff872d0a94552d437f6108141776dab951407 15894 libgfshare-bin_1.0.2-3_i386.deb
 9e26851c35dfad3bdc6f44306c77db9bdfd1dd0d 8690 libgfshare1_1.0.2-3_i386.deb
 9dd91345268ed61bf14f9036ba8c237b9800947c 6618 libgfshare-dev_1.0.2-3_i386.deb
 a306753844a57c4461cf70c504f7ed6e74cbf4bd 11790 libgfshare-dbg_1.0.2-3_i386.deb
Checksums-Sha256: 
 6974dde5db802104238821bc7097317faee8c3d73c7aa6008a7231b9653ab0a7 1773 
libgfshare_1.0.2-3.dsc
 35bbe6280683f73c91a6dba776a0860c7415e4fbc0c5c2828f9ca24678c39f56 6793 
libgfshare_1.0.2-3.diff.gz
 de6e5ca08219355a4a194934cf690cade0af77af915bed133250e919eab7aa57 15894 
libgfshare-bin_1.0.2-3_i386.deb
 528e8d97ba35abd16f8ea8a7287ea5859e315f085a29d7dcc56105d64ef74594 8690 
libgfshare1_1.0.2-3_i386.deb
 108ab9c50bcf184651c86bba6f4bab7a5380a749fea0016b5bdca4a3638c7c1a 6618 
libgfshare-dev_1.0.2-3_i386.deb
 3c5e168ac1f3103251cded1d0043bc477203edbe10f36a25ddb4408b11493dfb 11790 
libgfshare-dbg_1.0.2-3_i386.deb
Files: 
 10c8c76c6cf9d905b136873e5a992bed 1773 devel extra libgfshare_1.0.2-3.dsc
 0ee05a9f8424d6a5a2d5ec95fafd4e72 6793 devel extra libgfshare_1.0.2-3.diff.gz
 785cc7456bf8a98fbd743a26826f0650 15894 utils extra 
libgfshare-bin_1.0.2-3_i386.deb
 5ec87cb40d7b66d0107bb23085ffd7e7 8690 libs extra libgfshare1_1.0.2-3_i386.deb
 326e3b9697b8cfcddfdea7b86dc06204 6618 libdevel extra 
libgfshare-dev_1.0.2-3_i386.deb
 947af3f8911b3c292003e32bb85ec7cc 11790 debug extra 
libgfshare-dbg_1.0.2-3_i386.deb

-----BEGIN PGP SIGNATURE-----

iQIVAwUBSwSOsE3o/ypjx8yQAQhkBw//X1I3eppbmnUBKcrfytOSEihjcGvZS8jv
4Ku8UjwvO4LsAURKZ2H7jAlsMdC8YseLBHIfIoe4mXvCuOwz/WFycmISc/kmHkBC
IdlwtS1O+hTziEEl7UQic7LNvRKoXeZM7KrMfUZYH9A4CYc+YqYN4FLGBs/Cgche
bonvh6d0UFcr3GBrijGfuRwxqfCKyp67/f5Fet+IguQVZnREDUhbnRG31OnUDJVG
Jm7wgdYzjYKRa6jgEkPkM8qXPLxh3gSS8v6cAjX9oXYb94i7bG/yljPp6Q0kXbbZ
yuC7ybuEdDabRBlw2PHo6zLUCtZIsmSJIN3ZnBjNObORlSthSmcFZx+L+U/LY0PT
AN2RhBeTsIzZgGXM1YVzpiXPWoLxgwRWhXYXzYF/8J1LNw53FPFJKzZwq4F9KLLi
bgzm0ahdysFnIm55TmRMKaDqFpYEL9whGdJ0oJSN83OWNbloFrPDxaW2JjX3GYNL
Vzo2gHwhkVCEM2INmpzNa4v6G0/Ub87DlkHzWIRvuDnD4FfDWpZm9lMsR/fCBMIk
378+x5L0BZDN3va+QN7vnjbePc6Aa0JbQ68AIm7fAPo74MV2ug8U1VT60CZ8hAdM
zXoUbkufB52Xgtl0W4vWVNvGkVlxVTAZJxhLx96wGCikMTjkKDd6Dd+oK/3OnlS1
b/LlV/izkew=
=3HP6
-----END PGP SIGNATURE-----

--- End Message ---