Package: src:golang-github-digitorus-pkcs7
Version: 0.0~git20230818.3a137a8-2
Severity: serious
Tags: ftbfs trixie sid

Dear maintainer:

During a rebuild of all packages in unstable, your package failed to build:

--------------------------------------------------------------------------------
[...]
debian/rules clean
dh clean --builddirectory=_build --buildsystem=golang
dh_auto_clean -O--builddirectory=_build -O--buildsystem=golang
dh_autoreconf_clean -O--builddirectory=_build -O--buildsystem=golang
dh_clean -O--builddirectory=_build -O--buildsystem=golang
debian/rules binary
dh binary --builddirectory=_build --buildsystem=golang
dh_update_autotools_config -O--builddirectory=_build -O--buildsystem=golang
dh_autoreconf -O--builddirectory=_build -O--buildsystem=golang
dh_auto_configure -O--builddirectory=_build -O--buildsystem=golang
dh_auto_build -O--builddirectory=_build -O--buildsystem=golang
cd _build && go install -trimpath -v -p 2 github.com/digitorus/pkcs7 internal/unsafeheader
internal/goarch
internal/cpu
internal/abi
internal/bytealg
internal/byteorder
internal/coverage/rtcov
internal/chacha8rand
internal/godebugs
internal/goexperiment
internal/goos
internal/profilerecord
internal/runtime/atomic
internal/asan
internal/msan
internal/race
internal/runtime/exithook
internal/runtime/math
internal/runtime/sys
internal/runtime/syscall
internal/runtime/maps
internal/stringslite
sync/atomic
internal/sync
math/bits
unicode
runtime
unicode/utf8
math
crypto/internal/fips140/alias
crypto/internal/fips140deps/byteorder
crypto/internal/fips140deps/cpu
crypto/internal/fips140/subtle
internal/itoa
cmp
crypto/internal/boring/sig
unicode/utf16
vendor/golang.org/x/crypto/cryptobyte/asn1
internal/nettrace
encoding
internal/reflectlite
sync
errors
iter
internal/bisect
io
strconv
bytes
hash
internal/godebug
crypto
strings
crypto/internal/fips140deps/godebug
crypto/internal/impl
crypto/internal/fips140
internal/oserror
syscall
crypto/internal/fips140/sha256
crypto/internal/fips140/sha3
crypto/internal/fips140/sha512
crypto/internal/fips140/hmac
crypto/internal/fips140/check
crypto/internal/fips140/aes
internal/syscall/unix
path
slices
time
internal/syscall/execenv
internal/testlog
math/rand/v2
crypto/internal/randutil
crypto/subtle
reflect
io/fs
internal/filepathlite
internal/poll
os
crypto/internal/sysrand
crypto/internal/entropy
crypto/internal/fips140/drbg
crypto/internal/fips140/aes/gcm
crypto/internal/fips140only
internal/fmtsort
fmt
crypto/cipher
crypto/internal/boring
crypto/aes
crypto/des
math/rand
crypto/internal/fips140/nistec/fiat
math/big
crypto/internal/fips140/nistec
crypto/dsa
crypto/internal/fips140/edwards25519/field
crypto/internal/boring/bbig
crypto/internal/fips140/bigmod
crypto/sha3
crypto/internal/fips140/ecdh
crypto/elliptic
crypto/ecdh
crypto/internal/fips140/ecdsa
crypto/internal/fips140hash
crypto/sha512
encoding/asn1
crypto/internal/fips140/edwards25519
vendor/golang.org/x/crypto/cryptobyte
crypto/internal/fips140/ed25519
crypto/rand
crypto/ed25519
crypto/ecdsa
crypto/internal/fips140/rsa
crypto/rsa
crypto/sha1
crypto/md5
crypto/sha256
encoding/hex
encoding/binary
crypto/x509/pkix
maps
context
vendor/golang.org/x/net/dns/dnsmessage
encoding/base64
encoding/pem
internal/singleflight
weak
unique
runtime/cgo
net/netip
net/url
path/filepath
io/ioutil
os/exec
net
sort
flag
bufio
internal/sysinfo
runtime/debug
runtime/trace
testing
crypto/x509
github.com/digitorus/pkcs7
debian/rules override_dh_auto_test
make[1]: Entering directory '/<<PKGBUILDDIR>>'
env GODEBUG=x509sha1=1 dh_auto_test
cd _build && go test -vet=off -v -p 2 github.com/digitorus/pkcs7
=== RUN TestBer2Der
--- PASS: TestBer2Der (0.00s)
=== RUN TestBer2Der_Negatives
--- PASS: TestBer2Der_Negatives (0.00s)
=== RUN TestBer2Der_NestedMultipleIndefinite
--- PASS: TestBer2Der_NestedMultipleIndefinite (0.00s)
=== RUN TestVerifyIndefiniteLengthBer
--- PASS: TestVerifyIndefiniteLengthBer (0.00s)
=== RUN TestDecrypt
--- PASS: TestDecrypt (0.00s)
=== RUN TestEncrypt
--- PASS: TestEncrypt (0.11s)
=== RUN TestEncryptUsingPSK
--- PASS: TestEncryptUsingPSK (0.00s)
=== RUN TestPad
--- PASS: TestPad (0.00s)
=== RUN TestSign
sign_test.go:60: test SHA1-RSA/SHA1-RSA/SHA1-RSA: cannot add signer: pkcs7: certificate signature from parent is invalid: x509: cannot verify signature: insecure algorithm SHA1-RSA
--- FAIL: TestSign (0.00s)
=== RUN TestDSASignAndVerifyWithOpenSSL
--- PASS: TestDSASignAndVerifyWithOpenSSL (0.00s)
=== RUN TestSignWithoutAttributes
sign_test.go:213: test SHA1-RSA/SHA1-RSA: cannot verify signed data: pkcs7: failed to verify certificate chain: x509: certificate si

Processing control commands:

tag -1 pending

Bug #1098553 [src:golang-github-digitorus-pkcs7] golang-github-digitorus-pkcs7: FTBFS: verify_test.go:576: Verify failed with error: pkcs7: failed to verify certificate chain
Added tag(s) pending.

--
1098553: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098553
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Control: tag -1 pending

Hello,

Bug #1098553 in golang-github-digitorus-pkcs7 reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/go-team/packages/golang-github-digitorus-pkcs7/-/commit/25e59bdc1dad05888eca647d82c03b3739449fce

------------------------------------------------------------------------ Disable RSA-SHA1 tests. Closes: #1098553. ------------------------------------------------------------------------

(this message was generated automatically)
--
Greetings

https://bugs.debian.org/1098553

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

This is a multi-part message in MIME format...

Your message dated Fri, 21 Mar 2025 23:23:48 +0000
with message-id <E1tvliO-002Wav-Pq@fasolo.debian.org>
and subject line Bug#1098553: fixed in golang-github-digitorus-pkcs7 0.0~git20230818.3a137a8-3
has caused the Debian Bug report #1098553,
regarding golang-github-digitorus-pkcs7: FTBFS: verify_test.go:576: Verify failed with error: pkcs7: failed to verify certificate chain
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


--
1098553: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098553
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

Received: (at submit) by bugs.debian.org; 21 Feb 2025 23:27:02 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.6-bugs.debian.org_2005_01_02
(2021-04-09) on buxtehude.debian.org
X-Spam-Level:
X-Spam-Status: No, score=-121.5 required=4.0 tests=ALL_TRUSTED,BAYES_00,
BODY_INCLUDES_PACKAGE,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,
DKIM_VALID_AU,DKIM_VALID_EF,FOURLA,FROMDEVELOPER,HAS_PACKAGE,
SPF_HELO_PASS,SPF_NONE,USER_IN_DKIM_WELCOMELIST,USER_IN_DKIM_WHITELIST,
X_DEBBUGS_CC autolearn=ham autolearn_force=no
version=3.4.6-bugs.debian.org_2005_01_02
X-Spam-Bayes: score:0.0000 Tokens: new, 52; hammy, 150; neutral, 271; spammy,
0. spammytokens: hammytokens:0.000-+--trixie, 0.000-+--pkgbuilddir,
0.000-+--PKGBUILDDIR, 0.000-+--sk:dh_auto, 0.000-+--H*F:U*sanvila Return-path: <sanvila@debian.org>
Received: from mailly.debian.org ([2001:41b8:202:deb:6564:a62:5