--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: buster-pu: package m2crypto/0.31.0-4+deb10u1
- From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
- Date: Sun, 24 Jan 2021 12:55:41 +0100
- Message-id: <20210124115541.j3eqpi34gssgf7az@flow>
Package: release.debian.org
User: release.debian.org@packages.debian.org
Usertags: pu
Tags: buster
Severity: normal
This is the proposed update for Buster to fix a build failure against
openssl 1.1.1i which is proposed for Buster.
The patch touches only the testsuite.
The m2crypto issue is tracked upstream
https://gitlab.com/m2crypto/m2crypto/-/issues/289
and I aligned the patch name and description (in debian/changelog) with
what has been applied for unstable as 0.37.1-1.
The package did not yet migrate to testing because it FTBFS on an IPv6
only buildd (unrelated issue, just built but has this RC bug).
I verified that the proposed m2crypto package builds against the
proposed openssl package.
Sebastian
diff -Nru m2crypto-0.31.0/debian/changelog m2crypto-0.31.0/debian/changelog
--- m2crypto-0.31.0/debian/changelog 2019-06-09 09:42:32.000000000 +0200
+++ m2crypto-0.31.0/debian/changelog 2021-01-24 12:01:15.000000000 +0100
@@ -1,3 +1,11 @@
+m2crypto (0.31.0-4+deb10u1) buster; urgency=medium
+
+ * Non-maintainer upload.
+ * debian/patches/MR261.patch
+ - fix compatibility with openssl/1.1.1i+; Closes: #954402
+
+ -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Sun, 24 Jan 2021 12:01:15 +0100
+
m2crypto (0.31.0-4) unstable; urgency=medium
* Add a few patches from upstream to avoid a testsuite
diff -Nru m2crypto-0.31.0/debian/patches/MR261.patch m2crypto-0.31.0/debian/patches/MR261.patch
--- m2crypto-0.31.0/debian/patches/MR261.patch 1970-01-01 01:00:00.000000000 +0100
+++ m2crypto-0.31.0/debian/patches/MR261.patch 2021-01-24 11:55:01.000000000 +0100
@@ -0,0 +1,46 @@
+From: Casey Deccio <casey@deccio.net>
+Date: Fri, 8 Jan 2021 12:43:09 -0700
+Subject: [PATCH] Allow verify_cb_* to be called with ok=True
+
+With https://github.com/openssl/openssl/commit/2e06150e3928daa06d5ff70c32bffad8088ebe58
+OpenSSL allowed verificaton to continue on UNABLE_TO_VERIFY_LEAF_SIGNATURE
+---
+ tests/test_ssl.py | 14 ++++++++++++--
+ 1 file changed, 12 insertions(+), 2 deletions(-)
+
+diff --git a/tests/test_ssl.py b/tests/test_ssl.py
+index 92b6942c729a3..7a3271aa3dbc2 100644
+--- a/tests/test_ssl.py
++++ b/tests/test_ssl.py
+@@ -59,8 +59,13 @@ srv_host = 'localhost'
+
+
+ def verify_cb_new_function(ok, store):
+- assert not ok
+ err = store.get_error()
++ # If err is X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE, then instead of
++ # aborting, this callback is called to retrieve additional error
++ # information. In this case, ok might not be False.
++ # See https://github.com/openssl/openssl/commit/2e06150e3928daa06d5ff70c32bffad8088ebe58
++ if err != m2.X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
++ assert not ok
+ assert err in [m2.X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT,
+ m2.X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
+ m2.X509_V_ERR_CERT_UNTRUSTED,
+@@ -618,7 +623,12 @@ sleepTime = float(os.getenv('M2CRYPTO_TEST_SSL_SLEEP', '1.5'))
+
+ def verify_cb_old(self, ctx_ptr, x509_ptr, err, depth, ok):
+ try:
+- self.assertFalse(ok)
++ # If err is X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE, then instead of
++ # aborting, this callback is called to retrieve additional error
++ # information. In this case, ok might not be False.
++ # See https://github.com/openssl/openssl/commit/2e06150e3928daa06d5ff70c32bffad8088ebe58
++ if err != m2.X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
++ self.assertFalse(ok)
+ self.assertIn(err,
+ [m2.X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT,
+ m2.X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
+--
+2.30.0
+
diff -Nru m2crypto-0.31.0/debian/patches/series m2crypto-0.31.0/debian/patches/series
--- m2crypto-0.31.0/debian/patches/series 2019-06-09 09:42:08.000000000 +0200
+++ m2crypto-0.31.0/debian/patches/series 2021-01-24 12:00:36.000000000 +0100
@@ -4,3 +4,4 @@
0004-Limit-tests.test_rsa.RSATestCase.test_public_encrypt.patch
0005-tests.test_rsa-Fix-typo-to-match-for-proper-exceptio.patch
0006-Be-resilient-against-the-situation-when-no-erorr-hap.patch
+MR261.patch
--- End Message ---