[From nobody Sat Mar 21 14:57:04 2026
Received: (at submit) by bugs.debian.org; 25 Jul 2015 07:00:52 +0000
X-Spam-Checker-Version: SpamAssassin 3.4.0-bugs.debian.org_2005_01_02
 (2014-02-07) on buxtehude.debian.org
X-Spam-Level: 
X-Spam-Status: No, score=-11.9 required=4.0 tests=BAYES_00, FOURLA, HAS_PACKAGE,
 SPF_HELO_PASS,SPF_PASS,XMAILER_REPORTBUG autolearn=ham autolearn_force=no
 version=3.4.0-bugs.debian.org_2005_01_02
X-Spam-Bayes: score:0.0000 Tokens: new, 7; hammy, 150; neutral, 70; spammy, 0.
 spammytokens: hammytokens:0.000-+--systemd, 0.000-+--H*x:6.6.3, 
 0.000-+--H*UA:6.6.3, 0.000-+--H*x:reportbug,
 0.000-+--H*UA:reportbug
Return-path: &lt;schmorp@schmorp.de&gt;
Received: from mail.nethype.de ([5.9.56.24] ident=ed4f27b5)
 by buxtehude.debian.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84) (envelope-from &lt;schmorp@schmorp.de&gt;) id 1ZItRz-00059z-Qx
 for submit@bugs.debian.org; Sat, 25 Jul 2015 07:00:52 +0000
Received: from [10.0.0.5] (helo=doom.schmorp.de)
 by mail.nethype.de with esmtp (Exim 4.84)
 (envelope-from &lt;schmorp@schmorp.de&gt;) id 1ZItDH-0003pL-Q3
 for submit@bugs.debian.org; Sat, 25 Jul 2015 06:45:39 +0000
Received: from [10.0.0.1] (helo=cerebro.laendle)
 by doom.schmorp.de with esmtp (Exim 4.84)
 (envelope-from &lt;schmorp@schmorp.de&gt;) id 1ZItDH-0007m9-Lc
 for submit@bugs.debian.org; Sat, 25 Jul 2015 06:45:39 +0000
Received: from root by cerebro.laendle with local (Exim 4.84)
 (envelope-from &lt;root@schmorp.de&gt;) id 1ZItDH-0001EW-L4
 for submit@bugs.debian.org; Sat, 25 Jul 2015 08:45:39 +0200
Date: Sat, 25 Jul 2015 08:45:39 +0200
From: Marc Lehmann &lt;schmorp@schmorp.de&gt;
To: Debian Bug Tracking System &lt;submit@bugs.debian.org&gt;
Subject: libssl1.0.0: HMAC broken after upgrade to 1.0.2d-1
Message-ID: &lt;20150725064539.GA4485@schmorp.de&gt;
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Mailer: reportbug 6.6.3
X-Greylist: delayed 908 seconds by postgrey-1.35 at buxtehude;
 Sat, 25 Jul 2015 07:00:51 UTC
Delivered-To: submit@bugs.debian.org

Package: libssl1.0.0
Version: 1.0.2d-1
Severity: normal

[This is a re-sent, as the debian mailserver accepted the original
reportbug mail, but it never showed up, so I assume it was lost. Apologies
if it turns out to be a duplicate].

Dear Maintainer,

upgrading libssl1.0.0 from 1.0.1k-3+deb8u1 to 1.0.2d-1 breaks HMAC
authentication in a gvpe compiled with 1.0.1k-3. This is probably related
to #788511, but the problem occurs with the supposedly fixed version.

Downgrading libssl to 1.0.1k-3+deb8u1 (and nothing else) makes connections
work again.

Since the ABI was apparently broken before (#788511), chances are high
that the fix in 1.0.2d-1 isn't effective and 1.0.2d-1 is still ABI
incompatible to the version in jessie.

-- System Information:
Debian Release: 8.1
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.18.14-031814-generic (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libssl1.0.0 depends on:
ii  debconf [debconf-2.0]  1.5.56
ii  libc6                  2.19-18
ii  multiarch-support      2.19-18

libssl1.0.0 recommends no packages.

libssl1.0.0 suggests no packages.

-- debconf information excluded
]