[Pkg-openssl-devel] Bug#793565: Bug#793565: libssl1.0.0: HMAC broken after upgrade to 1.0.2d-1

Kurt Roeckx kurt at roeckx.be
Thu Jul 30 18:58:21 UTC 2015


On Thu, Jul 30, 2015 at 08:52:33PM +0200, Marc Lehmann wrote:
> On Tue, Jul 28, 2015 at 11:26:50PM +0200, Kurt Roeckx <kurt at roeckx.be> wrote:
> > > but apart from lzf compression (which does access uninitialised data),
> > > there is no output from valgrind either, so it's at leats not some obvious
> > > corruption bug.
> > 
> > You could always try something as address santizer.
> 
> Forgive my ignorance, but I have no clue what you are even trying to tell
> me - what something should I try as address sanitizer(?), and to what end?
> Are you maybe suggetsing I should use e.g. gcc's -fsanitize=address? Or
> something else?

Yes, I was talking about -fsanitize=address.  I suggest you make a
static version of libcrypto/libssl and link that in gvpe.  I
suggest you build both openssl and gvpe with that option.

I currently have no other idea of what the cause could be.


Kurt



More information about the Pkg-openssl-devel mailing list