[Pkg-cryptsetup-devel] Re: cryptsetup 1.0.3
Jonas Meurer
jonas at freesources.org
Wed May 10 20:58:59 UTC 2006
On 10/05/2006 David Härdeman wrote:
> >do you think that you fix #358452 in the svn within the next days? if
> >so, i would be glad to wait for that before i upload the package.
> >
> >the same for other changes, that you would like to make before 1.0.3-1
> >is uploaded. what about #362564, for example? does it need any extra
> >work, or is it fixed with the current solution in svn?
>
> I have a fixed version of the scripts in my local version of the svn
> repo, they just need some more testing. I'll do the testing during this
> week (esp. weekend). Could you defer the upload until monday?
sure, i'll wait.
> >also, it would be great to have a fix for #364529 and #365333 too,
>
> That's the same bug isn't it?
>
> In #364529 the bug is that non-terminal input is truncated at 32 characters
> In #365333 the reporter mentions that "key is a file containing 64 hex
> digits (i.e. 256 bits) and a \n", which should trigger the same bug.
yes, you're correct.
> >but i've neither time nor skills to do that.
>
> Ok, I took a look at it, and I think that the attached patch (against
> cryptsetup-1.0.3 tarball) should fix the 32-char truncation issue.
> Perhaps you could build a test .deb with it and as the submitters of the
> two bugs to test it? (I could do it myself, but sending random
> executables built by non-DD's to users seems like a bad idea).
>
> If it works, it should probably go upstream as well, since changing the
> passphrase reading functionality might be bad security-wise.
great, i just uploaded your patch (fixed for the patched debian
cryptsetup) to svn, and sended packages for testing to the bug
submitters.
thanks a lot
...
jonas
More information about the Pkg-cryptsetup-devel
mailing list