[Pkg-javascript-devel] Bug#1064712: node-public-encrypt: FTBFS: TypeError: RSA_PKCS1_PADDING is no longer supported for private decryption, this can be reverted with --security-revert=CVE-2023-46809
Lucas Nussbaum
lucas at debian.org
Sun Feb 25 19:47:25 GMT 2024
Source: node-public-encrypt
Version: 4.0.3-1
Severity: serious
Justification: FTBFS
Tags: trixie sid ftbfs
User: lucas at debian.org
Usertags: ftbfs-20240224 ftbfs-trixie
Hi,
During a rebuild of all packages in sid, your package failed to build
on amd64.
Relevant part (hopefully):
> debian/rules binary
> dh binary
> dh_update_autotools_config
> dh_autoreconf
> dh_auto_configure --buildsystem=nodejs
> dh_auto_build --buildsystem=nodejs
> No build command found, searching known files
> dh_auto_test --buildsystem=nodejs
> mkdir -p node_modules
> ln -s ../. node_modules/public-encrypt
> /bin/sh -ex debian/tests/pkg-js/test
> + tape test/index.js
> TAP version 13
> # node tests
> ok 1 should be strictly equal
> ok 2 should be strictly equal
> ok 3 should be strictly equal
> ok 4 should be strictly equal
> ok 5 should throw
> # run 1
> # 1024 2 private keys
> ok 6 my decrypter my message
> ok 7 my decrypter node's message
> ok 8 node decrypter my message
> ok 9 node decrypter node's message
> ok 10 reverse methods my decrypter my message
> ok 11 reverse methods my decrypter node's message
> ok 12 reverse methods node decrypter my message
> ok 13 reverse methods node decrypter node's message
> # 1024 2 private keys with RSA_PKCS1_PADDING
> ok 14 my decrypter my message
> ok 15 my decrypter node's message
> node:internal/crypto/cipher:80
> return method(data, format, type, passphrase, buffer, padding, oaepHash,
> ^
>
> TypeError: RSA_PKCS1_PADDING is no longer supported for private decryption, this can be reverted with --security-revert=CVE-2023-46809
> at Object.privateDecrypt (node:internal/crypto/cipher:80:12)
> at Test.<anonymous> (/<<PKGBUILDDIR>>/test/index.js:56:25)
> at Test.bound [as _cb] (/usr/share/nodejs/tape/lib/test.js:95:17)
> at Test.run (/usr/share/nodejs/tape/lib/test.js:115:28)
> at Test.bound [as run] (/usr/share/nodejs/tape/lib/test.js:95:17)
> at Test._end (/usr/share/nodejs/tape/lib/test.js:218:5)
> at Test.bound [as _end] (/usr/share/nodejs/tape/lib/test.js:95:17)
> at Test.<anonymous> (/usr/share/nodejs/tape/lib/test.js:217:34)
> at Test.emit (node:events:517:28)
> at Test.bound [as emit] (/usr/share/nodejs/tape/lib/test.js:95:17) {
> code: 'ERR_INVALID_ARG_VALUE'
> }
>
> Node.js v18.19.1
> dh_auto_test: error: /bin/sh -ex debian/tests/pkg-js/test returned exit code 1
The full build log is available from:
http://qa-logs.debian.net/2024/02/24/node-public-encrypt_4.0.3-1_unstable.log
All bugs filed during this archive rebuild are listed at:
https://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=ftbfs-20240224;users=lucas@debian.org
or:
https://udd.debian.org/bugs/?release=na&merged=ign&fnewerval=7&flastmodval=7&fusertag=only&fusertagtag=ftbfs-20240224&fusertaguser=lucas@debian.org&allbugs=1&cseverity=1&ctags=1&caffected=1#results
A list of current common problems and possible solutions is available at
http://wiki.debian.org/qa.debian.org/FTBFS . You're welcome to contribute!
If you reassign this bug to another package, please mark it as 'affects'-ing
this package. See https://www.debian.org/Bugs/server-control#affects
If you fail to reproduce this, please provide a build log and diff it with mine
so that we can identify if something relevant changed in the meantime.
More information about the Pkg-javascript-devel
mailing list