Package: release.debian.org User: release.debian....@packages.debian.org Usertags: unblock X-Debbugs-Cc: samuel...@debian.org Severity: normal
Please unblock package aeskeyfind [ Reason ] The recent introduction of integration tests, thanks to Jan Gru < j4n...@gmail.com> uncovered two critical issues with aeskeyfind: 1. A somewhat recent regression caused by compiler's change and aeskeyfind's code with undefined behavior 2. Failure to retrieve AES keys on a non-corrupted memory dump for archs arm64, armhf and ppc64el (integration tests only pass for amd64 and i386). Problem 1 is fixed by a patch provided by Adrian Bunk <b...@debian.org> and problem 2 is mitigated by disabling the other archs (restricting it to amd64 and i386). More details at the bugreport: https://bugs.debian.org/989179 [ Impact ] aeskeyfind will fail to fulfill its only purpose of finding AES keys on memory dumps. [ Tests ] The new integration tests allowed us to identify the issues in the first place. [ Risks ] Since aeskeyfind is also used to recover AES keys out of corrupted memory dumps, it **could** be possible that our fix for the non-corrupted scenario broke the detection for corrupted dumps. I'm very confident that this cannot be the case because of the way aeskeyfind looks for keys; without the fix it was still possible to retrieve the key by making use of the threshold (-t 50) parameter (which tweaks the heuristics of the algorithm). The fix allows us to use the default threshold value (-t 10) which means the algorithm gets the key with more confidence. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock aeskeyfind/1:1.0-11
aeskeyfind_1.0-11.debdiff
Description: Binary data