On Tue, Sep 09, 2003 at 03:03:23PM +0900, Jorgen Lundman wrote:
> 
> I use cgd with blowfish. I assume this is about the key padding bug? It 
> should not affect me as my keys are maximum length as it is, but if a 
> back-compatible patch exists, perhaps use it?

The you're obviously not keeping your machines very -current :-)
The bug will affect you, it's a kernel change.

I have to use a cgdconfig(8) binary from several months ago in
order to correctly enable my cgd's.  The problem is that the kernel
is taking too much data from cgdconfig as the key, and stuff on
the stack above the (correct) key is being used as well.

My conclusion that (probably) no-one else was using blowfish was
based, in part, on the fact that no-one else reported problems
after an update around the end of June or July...

I need to get around to taking my cgd's apart and testing to
confirm the bugfix and full operation is correct before and after
the fix. I haven't had a chance to do that, but I guess now I better :)

Having confirned this, the intention was to post a HEADS-UP to
current-users warning about the impending change, and polling to
see how many people are affected as to whether the backwards-compat
hair is necessary as part of the change.  Even if we add the b/c
code, administrative changes will be required depending on whether
the booted kernel is before or after the flag day.

Either way, both 1.6 and 2.0 should do the right thing and the same
thing (not what -current does today).

--
Dan.