Upstream bug in openssl 0.9.8e

A user has contacted us regarding a problem with the openssl 0.9.8e release, after investigating issues reported by EncFS users. The problem relates to Blowfish encryption, and the symptom is a failure to decrypt volumes created under previous openssl versions. Full details are in the following mailing list threads/posts:

http://www.mail-archive.com/openssl-users@openssl.org/msg48671.html http://archlinux.org/pipermail/arch-dev-public/2007-April/000322.html http://archlinux.org/pipermail/arch-dev-public/2007-April/000336.html

This issue is not included in openssl's known issues list, but it has been patched in their CVS repository. I have built openssl 0.9.8e-3 to include that patch, as per the mails above, and will put it in the testing repo until we are sure there are no unexpected issues with it.

I also have the previous 0.9.8d package, if any user wishes to downgrade temporarily for rescue purposes. That is available here:

http://www.archlinux.org/~tom/packages/openssl-0.9.8d-1.pkg.tar.gz

My thanks to Valient Gough and David Rosenstrauch for their assistance with this issue.