wolfssl - Debian Package Tracker

general

source: wolfssl (main)
version: 4.6.0-3
maintainer: Felix Lechner (DMD)
arch: any
std-ver: 4.5.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

old-bpo: 4.6.0-3~bpo10+1
stable: 4.6.0-3
testing: 4.6.0-3
unstable: 4.6.0-3

versioned links

4.6.0-3~bpo10+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.6.0-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libwolfssl-dev (1 bugs: 0, 1, 0, 0)
libwolfssl24

action needed

A new upstream version is available: 4.8.1 high

A new upstream version 4.8.1 is available, you should consider packaging it.

Created: 2021-02-18 Last update: 2021-09-24 19:37

3 security issues in sid high

There are 3 open security issues in sid.

3 important issues:

CVE-2021-24116: In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.
CVE-2021-37155: wolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a failure outcome when the serial number in an OCSP request differs from the serial number in the OCSP response.
CVE-2021-38597: wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain situations of irrelevant response data that contains the NoCheck extension.

Created: 2021-07-15 Last update: 2021-09-23 17:00

3 security issues in bookworm high

There are 3 open security issues in bookworm.

3 important issues:

CVE-2021-24116: In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.
CVE-2021-37155: wolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a failure outcome when the serial number in an OCSP request differs from the serial number in the OCSP response.
CVE-2021-38597: wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain situations of irrelevant response data that contains the NoCheck extension.

Created: 2021-08-15 Last update: 2021-09-23 17:00

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 4.7.0-1, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 7020d6879fd7e10ad5c5e07ac7fa7185b245b38f
Author: Felix Lechner <felix.lechner@lease-up.com>
Date:   Tue Feb 23 15:24:57 2021 -0800

    Enable some build options in configure.ac instead of d/rules.
    
    Part of an effort to stadardize build options across distributions:
    
    Upstream will enable reproducible builds by default for distro builds
    (see PR#3807). Cherry-picked here.
    
    Base64 will become part of --enable-all. David Garske indicated tha
    such a PR would be accepted.
    
    TLS 1.3 was already enabled by default, and no longer needs to be
    specified.

commit 918c89be8ebb8345c0501b52cced2531d84cd85a
Author: Felix Lechner <felix.lechner@lease-up.com>
Date:   Tue Feb 16 11:05:51 2021 -0800

    Update shared object symbols.

commit d7268564d5627a903c05113c9130c0e42b71c1d6
Author: Felix Lechner <felix.lechner@lease-up.com>
Date:   Tue Feb 16 10:58:42 2021 -0800

    Activate build option --enable-reproducible-build.

commit 44838891f9aa8d1ce1ad2bf3e432bd4813bfe24f
Author: Felix Lechner <felix.lechner@lease-up.com>
Date:   Tue Feb 16 10:48:04 2021 -0800

    Drop cherry-picked commit and patches accepted upstream; rebase remainig patches.
    
    The two patches no-build-path-in-library and reproducible-build were
    combined upstream in the new build option --enable-reproducible-build.

commit 512af1abbd1b51b061bfb354142b6d95f6ceced0
Author: Felix Lechner <felix.lechner@lease-up.com>
Date:   Tue Feb 16 11:19:19 2021 -0800

    Add unreleased changelog entry for new upstream version.

commit 47561d2894face0f41d7c4bce319bb2ff2a44203
Merge: 1d13e6308 830de9a9f
Author: Felix Lechner <felix.lechner@lease-up.com>
Date:   Tue Feb 16 10:42:04 2021 -0800

    Merge tag 'v4.7.0-stable' into debian/master
    
    wolfSSL Release v4.7.0 (02/16/2021)

commit 1d13e63082b64804378c528e9d276e9e43d938c0
Author: Felix Lechner <felix.lechner@lease-up.com>
Date:   Wed Feb 10 10:47:28 2021 -0800

    Add changelog entry for release into unstable.

commit 35cea483211b1baa8faa32c958498ddd7abb5618
Author: Felix Lechner <felix.lechner@lease-up.com>
Date:   Wed Feb 10 09:35:26 2021 -0800

    Do not store build path in library; fixes reproducible builds.

commit c231d0f849c946422ce0eca65965bc0e732aac85
Author: Felix Lechner <felix.lechner@lease-up.com>
Date:   Wed Feb 10 09:33:01 2021 -0800

    Cherry-pick merged PR#3676 "TLS 1.3: ensure key for signature in CertificateVerify"
    
    Fixes CVE-2021-3336.

commit 705b18e3ca4c67f776b193a1106e83f94ae3cc01
Author: Felix Lechner <felix.lechner@lease-up.com>
Date:   Wed Feb 3 10:52:34 2021 -0800

    Add changelog entry for release into unstable.

commit 182be9d8d97589e52bbe24eb7805e10ca0178c28
Author: Felix Lechner <felix.lechner@lease-up.com>
Date:   Wed Feb 3 09:01:30 2021 -0800

    Set Multi-Arch: no for libwolfssl-dev; bump Standards-Version to 4.5.1.
    
    It is too risky during the freeze to move any header files to an
    architecture dependent location. It should be done after the bullseye
    release.

commit 1ac486261f5d467be73f7a2a17028f3cc04112c0
Author: Felix Lechner <felix.lechner@lease-up.com>
Date:   Wed Jan 27 11:47:37 2021 -0800

    Add changelog entry for release into unstable.

commit 70a636e93ef222cafc8b4bab727e4f15a4bdafc3
Author: Felix Lechner <felix.lechner@lease-up.com>
Date:   Wed Jan 27 11:57:35 2021 -0800

    Update shared object symbols.

commit 8a8118a28a1d0f6744eacabe0ce697bb1e0cc03c
Author: Felix Lechner <felix.lechner@lease-up.com>
Date:   Wed Jan 27 11:44:53 2021 -0800

    Disable repackaging in d/watch; sources are now DFSG-compliant.

commit 031828e9eb58636f6861c2548dcbe0117ca19ab7
Author: Felix Lechner <felix.lechner@lease-up.com>
Date:   Wed Jan 27 15:38:25 2021 -0800

    Add two files to d/coyright that are now shipped in the sources.

commit 98e95626e762314b92b42fdfb19aa8016a8a3385
Author: Felix Lechner <felix.lechner@lease-up.com>
Date:   Wed Jan 27 11:43:47 2021 -0800

    Drop Files-Excluded from d/copyright; update copyright years.

commit f0a96a060dfbdb907a6fa4050441381cc72d61bd
Author: Felix Lechner <felix.lechner@lease-up.com>
Date:   Wed Jan 27 11:42:52 2021 -0800

    Refresh remaining Debian patches.

commit 0d800e0f9db2e6c3f5248f0ead2abac58aac2403
Author: Felix Lechner <felix.lechner@lease-up.com>
Date:   Wed Jan 27 11:41:12 2021 -0800

    Drop patch previously cherry-picked from upstream.

commit c6471e93522c8be6ef1ff37409a9736ca34b54b8
Merge: 36eceb7bc 9c87f979a
Author: Felix Lechner <felix.lechner@lease-up.com>
Date:   Fri Jan 8 09:29:35 2021 -0800

    Merge tag 'v4.6.0-stable' into debian/master
    
    wolfSSL Release v4.6.0 (12/22/2020)

commit 36eceb7bc8ba0c7ae11d010df34a8dee56de68e9
Author: Felix Lechner <felix.lechner@lease-up.com>
Date:   Thu Oct 1 06:18:23 2020 -0700

    Add changelog entry for release into unstable.

commit 6d7e82d5b69cf9f954e0a003060b43c5ddf8c644
Author: Felix Lechner <felix.lechner@lease-up.com>
Date:   Thu Oct 1 06:19:21 2020 -0700

    Add *~ to debian/.gitignore to exclude editor backup files.

commit 6f574068ef1de306f832f5b46a3441e7f8a2a423
Author: Felix Lechner <felix.lechner@lease-up.com>
Date:   Thu Oct 1 05:57:38 2020 -0700

    Add Salsa repository to Vcs-Git and Vcs-Browser.

commit 5a28ac02987acc4816330fd9052471869aeb9d14
Author: Felix Lechner <felix.lechner@lease-up.com>
Date:   Sun Sep 27 17:35:55 2020 -0700

    Enable standard CI pipeline on Salsa.

commit 4feb72588836e899208572263cbe749c413cf019
Author: Felix Lechner <felix.lechner@lease-up.com>
Date:   Sun Sep 27 17:29:20 2020 -0700

    Import Debian changes for version 4.5.0+dfsg-3 from the archive.

commit 6872af3cb17c61f77ec3d82bbea8bd00bdedac99
Author: Felix Lechner <felix.lechner@lease-up.com>
Date:   Sun Sep 27 17:25:14 2020 -0700

    Import Debian changes for version 4.5.0+dfsg-2 from the archive.

commit 8ef0407d2ffc97e7e9d3c88ff5ebc38d823b86cc
Author: Felix Lechner <felix.lechner@lease-up.com>
Date:   Sun Sep 27 17:05:58 2020 -0700

    Import Debian changes for version 4.5.0+dfsg-1 from the archive.
    
    Please do not forget the preceeding commit if this repo is ever recreated
    from scratch. The file is needed for git to see the Debian patches.

commit ba8310eeb60c847d1c1b786e12423be7f3fe611d
Author: Felix Lechner <felix.lechner@lease-up.com>
Date:   Sun Sep 27 17:04:01 2020 -0700

    Add d/.gitignore for Debian patches, which are named *.patch; upstream ignores those files.

commit e6a88df7f5ce66ab2ddb09222cd9e01ddc2854e7
Author: Felix Lechner <felix.lechner@lease-up.com>
Date:   Sun Sep 27 16:23:12 2020 -0700

    Remove files mentioned in d/copyright as unsuitable for distribution under DFSG.
    
    A preliminary inspection of these files showed that they may no longer be a
    concern. The next upstream release is probably acceptable for distribution
    under the DFSG without a similar modification.

Created: 2021-02-22 Last update: 2021-09-19 08:36

3 low-priority security issues in bullseye low

There are 3 open security issues in bullseye.

3 issues left for the package maintainer to handle:

CVE-2021-24116: (needs triaging) In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.
CVE-2021-37155: (needs triaging) wolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a failure outcome when the serial number in an OCSP request differs from the serial number in the OCSP response.
CVE-2021-38597: (needs triaging) wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain situations of irrelevant response data that contains the NoCheck extension.

You can find information about how to handle these issues in the security team's documentation.

Created: 2021-08-13 Last update: 2021-09-23 17:00

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.0 instead of 4.5.1).

Created: 2021-08-18 Last update: 2021-08-18 14:02

news

[rss feed]

[2021-02-15] wolfssl 4.6.0-3 MIGRATED to testing (Debian testing watch)
[2021-02-11] Accepted wolfssl 4.6.0-3~bpo10+1 (source) into buster-backports (Felix Lechner)
[2021-02-10] Accepted wolfssl 4.6.0-3 (source) into unstable (Felix Lechner)
[2021-02-06] wolfssl 4.6.0-2 MIGRATED to testing (Debian testing watch)
[2021-02-03] Accepted wolfssl 4.6.0-2 (source) into unstable (Felix Lechner)
[2021-01-30] wolfssl 4.6.0-1 MIGRATED to testing (Debian testing watch)
[2021-01-30] Accepted wolfssl 4.6.0-1~bpo10+1 (source) into buster-backports (Felix Lechner)
[2021-01-28] Accepted wolfssl 4.6.0-1 (source) into unstable (Felix Lechner)
[2020-10-20] Accepted wolfssl 4.5.0+dfsg-4~bpo10+1 (source) into buster-backports (Felix Lechner) (signed by: Unit 193)
[2020-10-05] wolfssl 4.5.0+dfsg-4 MIGRATED to testing (Debian testing watch)
[2020-10-01] Accepted wolfssl 4.5.0+dfsg-4 (source) into unstable (Felix Lechner)
[2020-09-30] wolfssl 4.5.0+dfsg-3 MIGRATED to testing (Debian testing watch)
[2020-09-27] Accepted wolfssl 4.5.0+dfsg-3 (source) into unstable (Felix Lechner)
[2020-09-18] wolfssl 4.5.0+dfsg-2 MIGRATED to testing (Debian testing watch)
[2020-09-16] Accepted wolfssl 4.5.0+dfsg-2 (source) into unstable (Felix Lechner)
[2020-09-15] Accepted wolfssl 4.5.0+dfsg-1 (source) into unstable (Felix Lechner)
[2020-07-06] wolfssl 4.4.0+dfsg-7 MIGRATED to testing (Debian testing watch)
[2020-07-04] Accepted wolfssl 4.4.0+dfsg-7 (source) into unstable (Felix Lechner)
[2020-07-03] Accepted wolfssl 4.4.0+dfsg-6 (source) into unstable (Felix Lechner)
[2020-07-01] Accepted wolfssl 4.4.0+dfsg-5 (source) into unstable (Felix Lechner)
[2020-07-01] Accepted wolfssl 4.4.0+dfsg-4 (source) into unstable (Felix Lechner)
[2020-06-30] Accepted wolfssl 4.4.0+dfsg-3 (source) into unstable (Felix Lechner)
[2020-05-19] Accepted wolfssl 4.4.0+dfsg-2~bpo10+1 (source) into buster-backports (Felix Lechner) (signed by: Unit 193)
[2020-05-18] wolfssl 4.4.0+dfsg-2 MIGRATED to testing (Debian testing watch)
[2020-05-12] Accepted wolfssl 4.4.0+dfsg-2 (source) into unstable (Felix Lechner)
[2020-05-11] Accepted wolfssl 4.4.0+dfsg-1 (source) into unstable (Felix Lechner)
[2020-01-12] Accepted wolfssl 4.3.0+dfsg-2~bpo10+1 (source amd64) into buster-backports, buster-backports (Felix Lechner) (signed by: Unit 193)
[2020-01-10] wolfssl 4.3.0+dfsg-2 MIGRATED to testing (Debian testing watch)
[2019-12-28] Accepted wolfssl 4.3.0+dfsg-2 (source) into unstable (Felix Lechner) (signed by: Unit 193)
[2019-12-28] Accepted wolfssl 4.2.0+dfsg-3~bpo10+1 (source amd64) into buster-backports, buster-backports (Felix Lechner) (signed by: Unit 193)

bugs [bug history graph]

all: 4
RC: 0
I&N: 4
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, clang, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 4.6.0-3
2 bugs