--- Begin Message ---
Source: ykclient
Version: 2.8-1
Tags: patch
Severity: serious
Justification: fails to build from source
ykclient FTBFS on architectures that have "char" unsigned (arm*,
powerpc, s390*):
| Test ../../tests/selftest.c:146 (main): invalid client_id set(a), correct
client_key, expect HEX_DECODE_ERROR
| ykclient_set_client_hex (105): Error decoding hex string
|
| Test ../../tests/selftest.c:151 (main): invalid client_id set(xx), correct
client_key, expect HEX_DECODE_ERROR
| ykclient_set_client_hex (105): Error decoding hex string
|
| Test ../../tests/selftest.c:156 (main): hex client_id set, correct
client_key, expect OK
| ykclient_set_client_hex (0): Success
|
| Test ../../tests/selftest.c:162 (main): validation request, expect
REPLAYED_OTP
| ykclient_request (2): Yubikey OTP was replayed (REPLAYED_OTP)
| used url:
http://api.yubico.com/wsapi/2.0/verify?id=1851&nonce=lhzubwgskfxlabuofqiacaxwvtuixywi&otp=dteffujehknhfjbrjnlnldnhcujvddbikngjrtgh&h=fHYKL35B0y7kqG6%2Br3H05r1h1lM%3D
|
| Test ../../tests/selftest.c:171 (main): set deadbeef client_id, expect OK
| ykclient_set_client_hex (0): Success
|
| Test ../../tests/selftest.c:177 (main): validation request, expect
BAD_SIGNATURE
| ykclient_request (3): Request signature was invalid (BAD_SIGNATURE)
| used url:
http://api5.yubico.com/wsapi/2.0/verify?id=1851&nonce=fxwrdrtljbstjcirudqhufidchjhdsok&otp=dteffujehknhfjbrjnlnldnhcujvddbikngjrtgh&h=y%2BagFIxlRkO8PxklcmKl3VpCiPU%3D
|
| Test ../../tests/selftest.c:186 (main): b64 set deadbeef client_id, expect OK
| ykclient_set_client_b64 (0): Success
|
| Test ../../tests/selftest.c:196 (main): validation request, expect
BAD_SERVER_SIGNATURE
| ykclient_request (106): Server response signature was invalid
(BAD_SERVER_SIGNATURE)
| used url:
http://api5.yubico.com/wsapi/2.0/verify?id=1851&nonce=qijyqyuxpcunudbyeilsxwzfanraxpxn&otp=dteffujehknhfjbrjnlnldnhcujvddbikngjrtgh&h=haGYbmYaG78McoTstt%2FFgvK14IU%3D
|
| Test ../../tests/selftest.c:210 (main): validation request, expect
BAD_SIGNATURE
| ykclient_request (3): Request signature was invalid (BAD_SIGNATURE)
| used url:
http://api5.yubico.com/wsapi/2.0/verify?id=1851&nonce=kbugwnngcvkkjypxyjpowekgbkscyukj&otp=dteffujehknhfjbrjnlnldnhcujvddbikngjrtgh&h=XTOiRnKbNKmpUoYWVEriNpcnRCs%3D
|
| Test ../../tests/selftest.c:220 (main): b64 set client_b64key, expect OK
| ykclient_set_client_b64 (0): Success
|
| Test ../../tests/selftest.c:226 (main): validation request, expect
REPLAYED_OTP
| ykclient_request (106): Server response signature was invalid
(BAD_SERVER_SIGNATURE)
| used url:
http://api5.yubico.com/wsapi/2.0/verify?id=1851&nonce=birkpjutyfkxlayvfcrxdcmzoeeqqtwt&otp=dteffujehknhfjbrjnlnldnhcujvddbikngjrtgh&h=%2BIH11rdoY4o7lXf1%2FugRwAZ6y1o%3D
| /bin/bash: line 5: 21179 Aborted ${dir}$tst
| FAIL: selftest
Full build logs:
https://buildd.debian.org/status/fetch.php?pkg=ykclient&arch=armel&ver=2.8-1&stamp=1340955748
https://buildd.debian.org/status/fetch.php?pkg=ykclient&arch=armhf&ver=2.8-1&stamp=1340952606
https://buildd.debian.org/status/fetch.php?pkg=ykclient&arch=powerpc&ver=2.8-1&stamp=1340952559
https://buildd.debian.org/status/fetch.php?pkg=ykclient&arch=s390&ver=2.8-1&stamp=1340993933
https://buildd.debian.org/status/fetch.php?pkg=ykclient&arch=s390x&ver=2.8-1&stamp=1346194901
I believe this is because libb64 decode is broken on these
architectures. See the upstream bug:
http://sourceforge.net/tracker/?func=detail&aid=3591129&group_id=152942&atid=785907
Indeed, applying the attached patch fixed FTBFS at least on s390.
Once libb64 is packaged separately in Debian (#694724) you might want
use it instead of the embedded copy. It will have this bug fixed, of
course. :)
I see that the buggy code is also present in wheezy and squeeze versions
which have been built successfully on unsigned-char architectures. Does
it mean these versions are unusable the architectures in question?
--
Jakub Wilk
--- ykclient-2.8.orig/b64/cdecode.c
+++ ykclient-2.8/b64/cdecode.c
@@ -9,10 +9,11 @@
int base64_decode_value(char value_in)
{
- static const char decoding[] = {62,-1,-1,-1,63,52,53,54,55,56,57,58,59,60,61,-1,-1,-1,-2,-1,-1,-1,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,-1,-1,-1,-1,-1,-1,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51};
+ static const signed char decoding[] = {62,-1,-1,-1,63,52,53,54,55,56,57,58,59,60,61,-1,-1,-1,-2,-1,-1,-1,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,-1,-1,-1,-1,-1,-1,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51};
static const char decoding_size = sizeof(decoding);
+ if (value_in < 43) return -1;
value_in -= 43;
- if (value_in < 0 || value_in > decoding_size) return -1;
+ if (value_in > decoding_size) return -1;
return decoding[(int)value_in];
}
@@ -26,7 +27,7 @@
{
const char* codechar = code_in;
char* plainchar = plaintext_out;
- char fragment;
+ int fragment;
*plainchar = state_in->plainchar;
@@ -42,7 +43,7 @@
state_in->plainchar = *plainchar;
return plainchar - plaintext_out;
}
- fragment = (char)base64_decode_value(*codechar++);
+ fragment = base64_decode_value(*codechar++);
} while (fragment < 0);
*plainchar = (fragment & 0x03f) << 2;
case step_b:
@@ -53,7 +54,7 @@
state_in->plainchar = *plainchar;
return plainchar - plaintext_out;
}
- fragment = (char)base64_decode_value(*codechar++);
+ fragment = base64_decode_value(*codechar++);
} while (fragment < 0);
*plainchar++ |= (fragment & 0x030) >> 4;
*plainchar = (fragment & 0x00f) << 4;
@@ -65,7 +66,7 @@
state_in->plainchar = *plainchar;
return plainchar - plaintext_out;
}
- fragment = (char)base64_decode_value(*codechar++);
+ fragment = base64_decode_value(*codechar++);
} while (fragment < 0);
*plainchar++ |= (fragment & 0x03c) >> 2;
*plainchar = (fragment & 0x003) << 6;
@@ -77,7 +78,7 @@
state_in->plainchar = *plainchar;
return plainchar - plaintext_out;
}
- fragment = (char)base64_decode_value(*codechar++);
+ fragment = base64_decode_value(*codechar++);
} while (fragment < 0);
*plainchar++ |= (fragment & 0x03f);
}
--- End Message ---
