[From nobody Sat Mar 21 14:57:04 2026 Received: (at 793565-done) by bugs.debian.org; 21 Mar 2026 14:56:20 +0000 X-Spam-Checker-Version: SpamAssassin 4.0.1-bugs.debian.org_2005_01_02 (2024-03-25) on buxtehude.debian.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=4.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FOURLA,HAS_BUG_NUMBER, RCVD_IN_DNSWL_MED,SPF_HELO_PASS,SPF_PASS autolearn=ham autolearn_force=no version=4.0.1-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 27; hammy, 97; neutral, 27; spammy, 1. spammytokens:0.942-+--H*r:bugs.debian.org hammytokens:0.000-+--H*F:U*sebastian, 0.000-+--H*F:D*breakpoint.cc, 0.000-+--H*RU:sk:chamill, 0.000-+--H*r:sk:chamill, 0.000-+--H*rp:D*breakpoint.cc Return-path: <sebastian@breakpoint.cc> Received: from chamillionaire.breakpoint.cc ([91.216.245.30]:39152) by buxtehude.debian.org with esmtps (TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.96) (envelope-from <sebastian@breakpoint.cc>) id 1w3xkS-007gZ2-0x for 793565-done@bugs.debian.org; Sat, 21 Mar 2026 14:56:20 +0000 Date: Sat, 21 Mar 2026 15:56:17 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=breakpoint.cc; s=2025; t=1774104978; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=OlC7Sc4UEEKaYoH0pZ5HIPTRvFI1vElbVeCHe0biW0s=; b=PRJELnQyFvox09r5DJgTqwSQaMOriv6Rp4GJeF7LemIvDWR49dOpkpCy/+Ksqri5RBevB4 +Io8apO39p4Yz9xijnDNrpl+9LWaQ8Dj6m8Hq6zRX5mWu5Jo0d1xnSM7DsNi8JsHhsIIuT ndWa8gT5B1M4lmBUo7g0cGgAeI9Ar1MM5KKSvUQJLAOzPoSCeRAUy2s3nUg5KAr6oTLzOt sBmrpuVNi5ODq/EN4+WcVt28Ldax0cwbSSn4IByqF0mDXxNFiJ8sasdfumSiEtVuktuMxJ 4+nngvVdD0FKsefUTHS2oZzHe9Q6FWx2Z8F3NscoxlyYNeOV1j9jyyBzjzgz9A== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=breakpoint.cc; s=2025e; t=1774104978; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=OlC7Sc4UEEKaYoH0pZ5HIPTRvFI1vElbVeCHe0biW0s=; b=bTtUdkvp8s16fYxNPeuXGLGNZg1spCPFHD3jMpPBY+KR+Egf6JhYGJiAIwDgNciz8jRpta g7WqXLIN1FnbP1CA== From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> To: Marc Lehmann <schmorp@schmorp.de>, 793565-done@bugs.debian.org Subject: Re: Bug#793565: libssl1.0.0: HMAC broken after upgrade to 1.0.2d-1 Message-ID: <20260321145617.zHFvgSQ7@breakpoint.cc> References: <20150725064539.GA4485@schmorp.de> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20150725064539.GA4485@schmorp.de> On 2015-07-25 08:45:39 [+0200], Marc Lehmann wrote: > Dear Maintainer, > > upgrading libssl1.0.0 from 1.0.1k-3+deb8u1 to 1.0.2d-1 breaks HMAC > authentication in a gvpe compiled with 1.0.1k-3. This is probably related > to #788511, but the problem occurs with the supposedly fixed version. > > Downgrading libssl to 1.0.1k-3+deb8u1 (and nothing else) makes connections > work again. > > Since the ABI was apparently broken before (#788511), chances are high > that the fix in 1.0.2d-1 isn't effective and 1.0.2d-1 is still ABI > incompatible to the version in jessie. I've been just reading the thread and I *think* this bug no longer applies/ has been resovled. Please come back if this is not the case. Sebastian]