Bug#941452: stretch-pu: package python-cryptography/1.7.1-3+deb9u2

Mon, 30 Sep 2019 12:45:44 -0700 

Package: release.debian.org
User: release.debian....@packages.debian.org
Usertags: pu
Tags: stretch
Severity: normal

The upload of OpenSSL 1.1.1d to unstable broke the testsuite of
python-cryptography in unstable. These changes are also part of OpenSSL
1.1.0l (which should pop in Stretch via security) and break the
testsuite.
Only one test breaks and I propose to disable it (same issue as in
unstable).

Sebastian

diff -Nru python-cryptography-1.7.1/debian/changelog python-cryptography-1.7.1/debian/changelog
--- python-cryptography-1.7.1/debian/changelog	2018-09-02 15:17:35.000000000 +0200
+++ python-cryptography-1.7.1/debian/changelog	2019-09-30 20:58:11.000000000 +0200
@@ -1,3 +1,11 @@
+python-cryptography (1.7.1-3+deb9u2) stretch; urgency=medium
+
+  * Non-maintainer upload.
+  * Ignore test_load_ecdsa_no_named_curve in the testsuite because it known to
+    break with newer openssl (Closes: #940547).
+
+ -- Sebastian Andrzej Siewior <sebast...@breakpoint.cc>  Mon, 30 Sep 2019 20:58:11 +0200
+
 python-cryptography (1.7.1-3+deb9u1) stretch; urgency=medium
 
   * Remove BIO_callback_ctrl: The prototype differs with the OpenSSL's
diff -Nru python-cryptography-1.7.1/debian/patches/series python-cryptography-1.7.1/debian/patches/series
--- python-cryptography-1.7.1/debian/patches/series	2018-09-02 15:17:12.000000000 +0200
+++ python-cryptography-1.7.1/debian/patches/series	2019-09-30 20:58:11.000000000 +0200
@@ -1,3 +1,4 @@
 0001-add-memory-limit-check-for-scrypt.patch
 0002-fix-compilation-on-1.1.0f-3603.patch
 Remove-BIO_callback_ctrl.patch
+tests-Skip-test_load_ecdsa_no_named_curve.patch
diff -Nru python-cryptography-1.7.1/debian/patches/tests-Skip-test_load_ecdsa_no_named_curve.patch python-cryptography-1.7.1/debian/patches/tests-Skip-test_load_ecdsa_no_named_curve.patch
--- python-cryptography-1.7.1/debian/patches/tests-Skip-test_load_ecdsa_no_named_curve.patch	1970-01-01 01:00:00.000000000 +0100
+++ python-cryptography-1.7.1/debian/patches/tests-Skip-test_load_ecdsa_no_named_curve.patch	2019-09-30 20:58:11.000000000 +0200
@@ -0,0 +1,26 @@
+From: Sebastian Andrzej Siewior <sebast...@breakpoint.cc>
+Date: Tue, 24 Sep 2019 11:18:27 +0200
+Subject: [PATCH] tests: Skip test_load_ecdsa_no_named_curve
+
+The test_load_ecdsa_no_named_curve breaks with OpenSSL 1.1.1d which is
+due to to commit 9a43a733801bd ("[ec] Match built-in curves on
+EC_GROUP_new_from_ecparameters").
+
+Upstream is aware of the issue and it is tracked at
+	https://github.com/pyca/cryptography/issues/4998
+
+Signed-off-by: Sebastian Andrzej Siewior <sebast...@breakpoint.cc>
+---
+ tests/test_x509.py |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/tests/test_x509.py
++++ b/tests/test_x509.py
+@@ -3512,6 +3512,7 @@ from .utils import load_vectors_from_fil
+         verifier.update(cert.tbs_certificate_bytes)
+         verifier.verify()
+ 
++    @pytest.mark.skip(reason="Breaks with openssl 1.1.0l, https://github.com/pyca/cryptography/issues/4998";)
+     def test_load_ecdsa_no_named_curve(self, backend):
+         _skip_curve_unsupported(backend, ec.SECP256R1())
+         cert = _load_cert(

Reply via email to