Hotfix for KWallet in the Frameworks 5.22.0 Release

Sat May 14 03:05:02 UTC 2016

On Sat, May 14, 2016 00:11:21 Luca Giambonini wrote:
> In data lunedì, 9 maggio 2016 14:28:16 CEST, laurent Montel ha scritto:
> > Le lundi 9 mai 2016, 10:59:24 CEST Harald Sitter a écrit :
> > > On Sun, May 8, 2016 at 11:29 PM, Allen Winter <winter at kde.org> wrote:
> > > > Howdy,
> > > > 
> > > > Unfortunately my commit b3a95ba0540e01a9bb10db53fc449cc49ce9a9e8 for
> > > > the blowfish backend in kwallet broke things.
> > > > 
> > > > See https://bugs.kde.org/show_bug.cgi?id=362805
> > > > 
> > > > A patch can be found attached to that bug, or you can get commit
> > > > 87e774825b779ba846315a8b2ffe6479dd9f9814 from frameworks kwallet repo.
> > > 
> > > There may be more trouble afoot as we debugged a problem in neon today
> > > that turned out to be probably caused by
> > > 87e774825b779ba846315a8b2ffe6479dd9f9814 and went away when rolling
> > > back to a build of 15e6febac44810b1ee640ffd73cd3ef7d6360527
> > > 
> > > https://bugs.kde.org/show_bug.cgi?id=362842
> > 
> > Same for me It was necessary to revert to
> > 15e6febac44810b1ee640ffd73cd3ef7d6360527
> > 
> > Even with last master it doesn't work.
> > For me it will better to revert to
> > 15e6febac44810b1ee640ffd73cd3ef7d6360527
> > and release it until we understand why it's broken with this 2 last
> > patchs.
> > 
> > Regards
> > 
> > > HS
> 
> Hi,
> the official relese is tomorrow, do we have a proper solution to handle this
> issue? From Anke's mail seems that it works by reverting to the old verison
> from 5.21 (commit: 0d56c68d7a2204a987a5255096d004d5a696c0e5)
> there will be a new package online?

The new package should already be there according to dfaure's email from 
Tuesday:

> Done, with current master (0d56c68d7), as discussed in the Hotfix thread.
> 
> New version and tarball info:
> 
> kwallet v5.22.0-rc2
> a581cb8bd390d88d27e2388fad43c1dc0092266d
> 68a0415364235d38cb58d19accfba5a6e384b269fbb88d3caf3cb6f9c29d40c4 
> sources/kwallet-5.22.0.tar.xz

With that said, I have generated some autotests to verify the Blowfish 
functionality against the Blowfish official test vectors. The "broken" code in 
0d56c68d7 is actually unintentionally correct (the "shuffle" calls must be 
included in little-endian mode but not while in big-endian mode apparently -- 
though I've only tested on a little-endian machine!). I had sent the autotests 
to this list while the KDE mail servers were down -- apparently my sender did 
not re-send.

If anyone would like to verify the autotests I have attached them here, 
otherwise I'll open an RR for after the 5.22.0 release. Either way I will wait 
until after master becomes 5.23 to commit, but may be useful for packagers' 
testing.

Regards,
 - Michael Pyne
-------------- next part --------------
A non-text attachment was scrubbed...
Name: kwallet-blowfish-validation.diff
Type: text/x-patch
Size: 5489 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/release-team/attachments/20160513/f9adc938/attachment.bin>