[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#980919: marked as done (buster-pu: package m2crypto/0.31.0-4+deb10u1)

Your message dated Sat, 06 Feb 2021 10:39:26 +0000
with message-id <6425525e38201ecf9a2d3e0f1e63c0d3b08e0fc0.camel@adam-barratt.org.uk>
and subject line Closing p-u bugs for updates in 10.8
has caused the Debian Bug report #980919,
regarding buster-pu: package m2crypto/0.31.0-4+deb10u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
980919: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980919
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
User: release.debian.org@packages.debian.org
Usertags: pu
Tags: buster
Severity: normal

This is the proposed update for Buster to fix a build failure against
openssl 1.1.1i which is proposed for Buster.
The patch touches only the testsuite.

The m2crypto issue is tracked upstream
   https://gitlab.com/m2crypto/m2crypto/-/issues/289

and I aligned the patch name and description (in debian/changelog) with
what has been applied for unstable as 0.37.1-1.
The package did not yet migrate to testing because it FTBFS on an IPv6
only buildd (unrelated issue, just built but has this RC bug).

I verified that the proposed m2crypto package builds against the
proposed openssl package.

Sebastian

diff -Nru m2crypto-0.31.0/debian/changelog m2crypto-0.31.0/debian/changelog
--- m2crypto-0.31.0/debian/changelog	2019-06-09 09:42:32.000000000 +0200
+++ m2crypto-0.31.0/debian/changelog	2021-01-24 12:01:15.000000000 +0100
@@ -1,3 +1,11 @@
+m2crypto (0.31.0-4+deb10u1) buster; urgency=medium
+
+  * Non-maintainer upload.
+  * debian/patches/MR261.patch
+    - fix compatibility with openssl/1.1.1i+; Closes: #954402
+
+ -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc>  Sun, 24 Jan 2021 12:01:15 +0100
+
 m2crypto (0.31.0-4) unstable; urgency=medium
 
   * Add a few patches from upstream to avoid a testsuite
diff -Nru m2crypto-0.31.0/debian/patches/MR261.patch m2crypto-0.31.0/debian/patches/MR261.patch
--- m2crypto-0.31.0/debian/patches/MR261.patch	1970-01-01 01:00:00.000000000 +0100
+++ m2crypto-0.31.0/debian/patches/MR261.patch	2021-01-24 11:55:01.000000000 +0100
@@ -0,0 +1,46 @@
+From: Casey Deccio <casey@deccio.net>
+Date: Fri, 8 Jan 2021 12:43:09 -0700
+Subject: [PATCH] Allow verify_cb_* to be called with ok=True
+
+With https://github.com/openssl/openssl/commit/2e06150e3928daa06d5ff70c32bffad8088ebe58
+OpenSSL allowed verificaton to continue on UNABLE_TO_VERIFY_LEAF_SIGNATURE
+---
+ tests/test_ssl.py | 14 ++++++++++++--
+ 1 file changed, 12 insertions(+), 2 deletions(-)
+
+diff --git a/tests/test_ssl.py b/tests/test_ssl.py
+index 92b6942c729a3..7a3271aa3dbc2 100644
+--- a/tests/test_ssl.py
++++ b/tests/test_ssl.py
+@@ -59,8 +59,13 @@ srv_host = 'localhost'
+ 
+ 
+ def verify_cb_new_function(ok, store):
+-    assert not ok
+     err = store.get_error()
++    # If err is X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE, then instead of
++    # aborting, this callback is called to retrieve additional error
++    # information.  In this case, ok might not be False.
++    # See https://github.com/openssl/openssl/commit/2e06150e3928daa06d5ff70c32bffad8088ebe58
++    if err != m2.X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
++        assert not ok
+     assert err in [m2.X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT,
+                    m2.X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
+                    m2.X509_V_ERR_CERT_UNTRUSTED,
+@@ -618,7 +623,12 @@ sleepTime = float(os.getenv('M2CRYPTO_TEST_SSL_SLEEP', '1.5'))
+ 
+     def verify_cb_old(self, ctx_ptr, x509_ptr, err, depth, ok):
+         try:
+-            self.assertFalse(ok)
++            # If err is X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE, then instead of
++            # aborting, this callback is called to retrieve additional error
++            # information.  In this case, ok might not be False.
++            # See https://github.com/openssl/openssl/commit/2e06150e3928daa06d5ff70c32bffad8088ebe58
++            if err != m2.X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
++                self.assertFalse(ok)
+             self.assertIn(err,
+                           [m2.X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT,
+                            m2.X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
+-- 
+2.30.0
+
diff -Nru m2crypto-0.31.0/debian/patches/series m2crypto-0.31.0/debian/patches/series
--- m2crypto-0.31.0/debian/patches/series	2019-06-09 09:42:08.000000000 +0200
+++ m2crypto-0.31.0/debian/patches/series	2021-01-24 12:00:36.000000000 +0100
@@ -4,3 +4,4 @@
 0004-Limit-tests.test_rsa.RSATestCase.test_public_encrypt.patch
 0005-tests.test_rsa-Fix-typo-to-match-for-proper-exceptio.patch
 0006-Be-resilient-against-the-situation-when-no-erorr-hap.patch
+MR261.patch

--- End Message ---
--- Begin Message --- 
Package: release.debian.org
Version: 10.8

Hi,

Each of the updates referenced by these bugs was included in today's
10.8 point release.

Regards,

Adam

--- End Message ---
Reply to: