On Wed, Mar 22, 2017 at 12:15:49PM -0700, Felix Lechner wrote:
> I am looking for a sponsor for my package "wolfssl":
>
> * Package name : wolfssl
> Version : 3.10.2+dfsg-1
> It builds those binary packages:
>
> libwolfssl10 - wolfSSL encryption library
vs libwolfssl3 in unstable, but as there are no rdepends, no transition
is needed, so that's ok
> libwolfssl-dev - Development files for the wolfSSL encryption library
> Changes since the last upload:
>
> * New upstream release.
> * New major version is 10
> * New maintainer email address
> * Fixes a low level vulnerability for buffer overflow when loading a
> malformed temporary DH file
> * Fixes a medium level vulnerability for processing of OCSP response
> * Fixes CVE-2017-6076, a low level vulnerability for a potential cache attack
> on RSA operations (Closes: #856114)
I'm afraid it FTBFSes due to missing symbols on many architectures: out of
those I tried, it succeeds on amd64 and x32, fails on armhf, arm64 and i386.
--- debian/libwolfssl10.symbols (libwolfssl10_3.10.2+dfsg-1_armhf)
+++ dpkg-gensymbolsptZH0b 2017-04-08 02:31:07.803935398 +0000
@@ -135,7 +135,7 @@
wc_InitRng_ex@Base 3.10.2
wc_InitRsaKey@Base 3.10.2
wc_InitRsaKey_ex@Base 3.10.2
- wc_InitSha224@Base 3.10.2
+#MISSING: 3.10.2+dfsg-1# wc_InitSha224@Base 3.10.2
wc_InitSha256@Base 3.10.2
wc_InitSha384@Base 3.10.2
wc_InitSha512@Base 3.10.2
@@ -209,10 +209,10 @@
wc_SetSubjectBuffer@Base 3.10.2
wc_SetSubjectKeyId@Base 3.10.2
wc_SetSubjectKeyIdFromPublicKey@ Base 3.10.2
- wc_Sha224Final@Base 3.10.2
- wc_Sha224GetHash@Base 3.10.2
- wc_Sha224Hash@Base 3.10.2
- wc_Sha224Update@Base 3.10.2
+#MISSING: 3.10.2+dfsg-1# wc_Sha224Final@Base 3.10.2
+#MISSING: 3.10.2+dfsg-1# wc_Sha224GetHash@Base 3.10.2
+#MISSING: 3.10.2+dfsg-1# wc_Sha224Hash@Base 3.10.2
+#MISSING: 3.10.2+dfsg-1# wc_Sha224Update@Base 3.10.2
wc_Sha256Final@Base 3.10.2
wc_Sha256GetHash@Base 3.10.2
wc_Sha256Hash@Base 3.10.2
@@ -749,7 +749,7 @@
wolfSSL_EVP_rc4@Base 3.10.2
wolfSSL_EVP_ripemd160@Base 3.10.2
wolfSSL_EVP_sha1@Base 3.10.2
- wolfSSL_EVP_sha224@Base 3.10.2
+#MISSING: 3.10.2+dfsg-1# wolfSSL_EVP_sha224@Base 3.10.2
wolfSSL_EVP_sha256@Base 3.10.2
wolfSSL_EVP_sha384@Base 3.10.2
wolfSSL_EVP_sha512@Base 3.10.2
@@ -885,9 +885,9 @@
wolfSSL_SHA1_Final@Base 3.10.2
wolfSSL_SHA1_Init@Base 3.10.2
wolfSSL_SHA1_Update@Base 3.10.2
- wolfSSL_SHA224_Final@Base 3.10.2
- wolfSSL_SHA224_Init@Base 3.10.2
- wolfSSL_SHA224_Update@Base 3.10.2
+#MISSING: 3.10.2+dfsg-1# wolfSSL_SHA224_Final@Base 3.10.2
+#MISSING: 3.10.2+dfsg-1# wolfSSL_SHA224_Init@Base 3.10.2
+#MISSING: 3.10.2+dfsg-1# wolfSSL_SHA224_Update@Base 3.10.2
wolfSSL_SHA256_Final@Base 3.10.2
wolfSSL_SHA256_Init@Base 3.10.2
wolfSSL_SHA256_Update@Base 3.10.2
--- debian/libwolfssl10.symbols (libwolfssl10_3.10.2+dfsg-1_arm64)
+++ dpkg-gensymbolsUx3QLk 2017-04-08 02:39:25.711217905 +0000
@@ -135,7 +135,7 @@
wc_InitRng_ex@Base 3.10.2
wc_InitRsaKey@Base 3.10.2
wc_InitRsaKey_ex@Base 3.10.2
- wc_InitSha224@Base 3.10.2
+#MISSING: 3.10.2+dfsg-1# wc_InitSha224@Base 3.10.2
wc_InitSha256@Base 3.10.2
wc_InitSha384@Base 3.10.2
wc_InitSha512@Base 3.10.2
@@ -209,10 +209,10 @@
wc_SetSubjectBuffer@Base 3.10.2
wc_SetSubjectKeyId@Base 3.10.2
wc_SetSubjectKeyIdFromPublicKey@ Base 3.10.2
- wc_Sha224Final@Base 3.10.2
- wc_Sha224GetHash@Base 3.10.2
- wc_Sha224Hash@Base 3.10.2
- wc_Sha224Update@Base 3.10.2
+#MISSING: 3.10.2+dfsg-1# wc_Sha224Final@Base 3.10.2
+#MISSING: 3.10.2+dfsg-1# wc_Sha224GetHash@Base 3.10.2
+#MISSING: 3.10.2+dfsg-1# wc_Sha224Hash@Base 3.10.2
+#MISSING: 3.10.2+dfsg-1# wc_Sha224Update@Base 3.10.2
wc_Sha256Final@Base 3.10.2
wc_Sha256GetHash@Base 3.10.2
wc_Sha256Hash@Base 3.10.2
@@ -749,7 +749,7 @@
wolfSSL_EVP_rc4@Base 3.10.2
wolfSSL_EVP_ripemd160@Base 3.10.2
wolfSSL_EVP_sha1@Base 3.10.2
- wolfSSL_EVP_sha224@Base 3.10.2
+#MISSING: 3.10.2+dfsg-1# wolfSSL_EVP_sha224@Base 3.10.2
wolfSSL_EVP_sha256@Base 3.10.2
wolfSSL_EVP_sha384@Base 3.10.2
wolfSSL_EVP_sha512@Base 3.10.2
@@ -885,9 +885,9 @@
wolfSSL_SHA1_Final@Base 3.10.2
wolfSSL_SHA1_Init@Base 3.10.2
wolfSSL_SHA1_Update@Base 3.10.2
- wolfSSL_SHA224_Final@Base 3.10.2
- wolfSSL_SHA224_Init@Base 3.10.2
- wolfSSL_SHA224_Update@Base 3.10.2
+#MISSING: 3.10.2+dfsg-1# wolfSSL_SHA224_Final@Base 3.10.2
+#MISSING: 3.10.2+dfsg-1# wolfSSL_SHA224_Init@Base 3.10.2
+#MISSING: 3.10.2+dfsg-1# wolfSSL_SHA224_Update@Base 3.10.2
wolfSSL_SHA256_Final@Base 3.10.2
wolfSSL_SHA256_Init@Base 3.10.2
wolfSSL_SHA256_Update@Base 3.10.2
--
⢀⣴⠾⠻⢶⣦⠀ Meow!
⣾⠁⢠⠒⠀⣿⡁
⢿⡄⠘⠷⠚⠋⠀ Collisions shmolisions, let's see them find a collision or second
⠈⠳⣄⠀⠀⠀⠀ preimage for double rot13!