Perl modules affected by openssl breakage
gregor herrmann
gregoa at debian.org
Mon May 19 22:27:09 UTC 2008
On Mon, 19 May 2008 02:52:00 -0300, Martín Ferrari wrote:
> > E.g. any local script or application using libcrypt-openssl-* packages for
> > key creation would need to re-generate keys. Do you have some pointers
> > for documentation that can be provided to users?
> I have checked upstream docs and I don't see anything particularly
> useful. But I think that the keys generated are in the same format as
> the ones produced by the openssl command, so the same
> instructions/caveats should apply.
I took a _short_ look on the libcrypt-openssl-* packages, and it
seems that they are just frontends/wrappers for using openssl (i.e.
they just allow creating keys but don't do anything themselves). [0]
Maybe a hint "Keys generated via libcrypt-openssl-* are affected in
the same way ..." might be appropriate.
> > Are their other packages maintained by you, which need pointers/
> > instructions on key rollovers?
> We should check firstly which packages could have generated weak keys.
Yup, checking packages that depend on/use libcrypt-openssl-* would be
worth looking at.
If I got it right the list is rather short:
gregoa at belanna:~$ grep-dctrl -s Package,Depends,Build-Depends,Build-Depends-Indep -F Depends,Build-Depends,Build-Depends-Indep -r libcrypt-openssl-.*-perl /var/lib/apt/lists/ftp.at.debian.org_debian_dists_unstable_*_Sources
Package: libcrypt-openssl-rsa-perl
Depends:
Build-Depends: debhelper (>= 6), libcrypt-openssl-bignum-perl, libcrypt-openssl-random-perl, libssl-dev, quilt
Build-Depends-Indep:
Package: libmail-dkim-perl
Depends:
Build-Depends: debhelper (>= 5)
Build-Depends-Indep: perl (>= 5.6.0-16), liberror-perl, libnet-dns-perl, libmailtools-perl, libdigest-sha1-perl, libdigest-sha-perl, libcrypt-openssl-rsa-perl (>= 0.24)
Cheers,
gregor
[0]
Crypt::OpenSSL::DSA(3)
It is a thin XS wrapper to the DSA functions contained in the
OpenSSL crypto library, located at http://www.openssl.org
--
.''`. http://info.comodo.priv.at/ | gpg key ID: 0x00F3CFE4
: :' : debian gnu/linux user, admin & developer - http://www.debian.org/
`. `' member of https://www.vibe.at/ | how to reply: http://got.to/quote/
`- NP: The Who: Magic Bus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-perl-maintainers/attachments/20080520/25ee6846/attachment-0001.pgp
More information about the pkg-perl-maintainers
mailing list