Bug#858476: RFS: wolfssl/3.10.2+dfsg-1 [RC] -- wolfSSL encryption library

[Felix Lechner <felix.lechner@lease-up.com>]

For some reason, the latest version enabled SHA-224 only on amd64. Upstream advised that the algorithm should be available on all architectures. I uploaded an updated package to Mentors, but did not cross-build. Will you please try again? Thank you!

On Fri, Apr 7, 2017 at 7:53 PM, Adam Borowski <kilobyte@angband.pl> wrote:

On Wed, Mar 22, 2017 at 12:15:49PM -0700, Felix Lechner wrote:
> I am looking for a sponsor for my package "wolfssl":
>
>   * Package name    : wolfssl
>     Version         : 3.10.2+dfsg-1

> It builds those binary packages:
>
>     libwolfssl10 - wolfSSL encryption library
   vs libwolfssl3 in unstable, but as there are no rdepends, no transition
is needed, so that's ok
>     libwolfssl-dev - Development files for the wolfSSL encryption library

>   Changes since the last upload:
>
>   * New upstream release.
>   * New major version is 10
>   * New maintainer email address
>   * Fixes a low level vulnerability for buffer overflow when loading a
> malformed temporary DH file
>   * Fixes a medium level vulnerability for processing of OCSP response
>   * Fixes CVE-2017-6076, a low level vulnerability for a potential cache attack
> on RSA operations (Closes: #856114)

I'm afraid it FTBFSes due to missing symbols on many architectures: out of
those I tried, it succeeds on amd64 and x32, fails on armhf, arm64 and i386.


--- debian/libwolfssl10.symbols (libwolfssl10_3.10.2+dfsg-1_armhf)
+++ dpkg-gensymbolsptZH0b       2017-04-08 02:31:07.803935398 +0000
@@ -135,7 +135,7 @@
  wc_InitRng_ex@Base 3.10.2
  wc_InitRsaKey@Base 3.10.2
  wc_InitRsaKey_ex@Base 3.10.2
- wc_InitSha224@Base 3.10.2
+#MISSING: 3.10.2+dfsg-1# wc_InitSha224@Base 3.10.2
  wc_InitSha256@Base 3.10.2
  wc_InitSha384@Base 3.10.2
  wc_InitSha512@Base 3.10.2
@@ -209,10 +209,10 @@
  wc_SetSubjectBuffer@Base 3.10.2
  wc_SetSubjectKeyId@Base 3.10.2
  wc_SetSubjectKeyIdFromPublicKey@Base 3.10.2
- wc_Sha224Final@Base 3.10.2
- wc_Sha224GetHash@Base 3.10.2
- wc_Sha224Hash@Base 3.10.2
- wc_Sha224Update@Base 3.10.2
+#MISSING: 3.10.2+dfsg-1# wc_Sha224Final@Base 3.10.2
+#MISSING: 3.10.2+dfsg-1# wc_Sha224GetHash@Base 3.10.2
+#MISSING: 3.10.2+dfsg-1# wc_Sha224Hash@Base 3.10.2
+#MISSING: 3.10.2+dfsg-1# wc_Sha224Update@Base 3.10.2
  wc_Sha256Final@Base 3.10.2
  wc_Sha256GetHash@Base 3.10.2
  wc_Sha256Hash@Base 3.10.2
@@ -749,7 +749,7 @@
  wolfSSL_EVP_rc4@Base 3.10.2
  wolfSSL_EVP_ripemd160@Base 3.10.2
  wolfSSL_EVP_sha1@Base 3.10.2
- wolfSSL_EVP_sha224@Base 3.10.2
+#MISSING: 3.10.2+dfsg-1# wolfSSL_EVP_sha224@Base 3.10.2
  wolfSSL_EVP_sha256@Base 3.10.2
  wolfSSL_EVP_sha384@Base 3.10.2
  wolfSSL_EVP_sha512@Base 3.10.2
@@ -885,9 +885,9 @@
  wolfSSL_SHA1_Final@Base 3.10.2
  wolfSSL_SHA1_Init@Base 3.10.2
  wolfSSL_SHA1_Update@Base 3.10.2
- wolfSSL_SHA224_Final@Base 3.10.2
- wolfSSL_SHA224_Init@Base 3.10.2
- wolfSSL_SHA224_Update@Base 3.10.2
+#MISSING: 3.10.2+dfsg-1# wolfSSL_SHA224_Final@Base 3.10.2
+#MISSING: 3.10.2+dfsg-1# wolfSSL_SHA224_Init@Base 3.10.2
+#MISSING: 3.10.2+dfsg-1# wolfSSL_SHA224_Update@Base 3.10.2
  wolfSSL_SHA256_Final@Base 3.10.2
  wolfSSL_SHA256_Init@Base 3.10.2
  wolfSSL_SHA256_Update@Base 3.10.2

--- debian/libwolfssl10.symbols (libwolfssl10_3.10.2+dfsg-1_arm64)
+++ dpkg-gensymbolsUx3QLk       2017-04-08 02:39:25.711217905 +0000
@@ -135,7 +135,7 @@
  wc_InitRng_ex@Base 3.10.2
  wc_InitRsaKey@Base 3.10.2
  wc_InitRsaKey_ex@Base 3.10.2
- wc_InitSha224@Base 3.10.2
+#MISSING: 3.10.2+dfsg-1# wc_InitSha224@Base 3.10.2
  wc_InitSha256@Base 3.10.2
  wc_InitSha384@Base 3.10.2
  wc_InitSha512@Base 3.10.2
@@ -209,10 +209,10 @@
  wc_SetSubjectBuffer@Base 3.10.2
  wc_SetSubjectKeyId@Base 3.10.2
  wc_SetSubjectKeyIdFromPublicKey@Base 3.10.2
- wc_Sha224Final@Base 3.10.2
- wc_Sha224GetHash@Base 3.10.2
- wc_Sha224Hash@Base 3.10.2
- wc_Sha224Update@Base 3.10.2
+#MISSING: 3.10.2+dfsg-1# wc_Sha224Final@Base 3.10.2
+#MISSING: 3.10.2+dfsg-1# wc_Sha224GetHash@Base 3.10.2
+#MISSING: 3.10.2+dfsg-1# wc_Sha224Hash@Base 3.10.2
+#MISSING: 3.10.2+dfsg-1# wc_Sha224Update@Base 3.10.2
  wc_Sha256Final@Base 3.10.2
  wc_Sha256GetHash@Base 3.10.2
  wc_Sha256Hash@Base 3.10.2
@@ -749,7 +749,7 @@
  wolfSSL_EVP_rc4@Base 3.10.2
  wolfSSL_EVP_ripemd160@Base 3.10.2
  wolfSSL_EVP_sha1@Base 3.10.2
- wolfSSL_EVP_sha224@Base 3.10.2
+#MISSING: 3.10.2+dfsg-1# wolfSSL_EVP_sha224@Base 3.10.2
  wolfSSL_EVP_sha256@Base 3.10.2
  wolfSSL_EVP_sha384@Base 3.10.2
  wolfSSL_EVP_sha512@Base 3.10.2
@@ -885,9 +885,9 @@
  wolfSSL_SHA1_Final@Base 3.10.2
  wolfSSL_SHA1_Init@Base 3.10.2
  wolfSSL_SHA1_Update@Base 3.10.2
- wolfSSL_SHA224_Final@Base 3.10.2
- wolfSSL_SHA224_Init@Base 3.10.2
- wolfSSL_SHA224_Update@Base 3.10.2
+#MISSING: 3.10.2+dfsg-1# wolfSSL_SHA224_Final@Base 3.10.2
+#MISSING: 3.10.2+dfsg-1# wolfSSL_SHA224_Init@Base 3.10.2
+#MISSING: 3.10.2+dfsg-1# wolfSSL_SHA224_Update@Base 3.10.2
  wolfSSL_SHA256_Final@Base 3.10.2
  wolfSSL_SHA256_Init@Base 3.10.2
  wolfSSL_SHA256_Update@Base 3.10.2

--
⢀⣴⠾⠻⢶⣦⠀ Meow!
⣾⠁⢠⠒⠀⣿⡁
⢿⡄⠘⠷⠚⠋⠀ Collisions shmolisions, let's see them find a collision or second
⠈⠳⣄⠀⠀⠀⠀ preimage for double rot13!