Control: tags -1 patch On Tue, 27 Oct 2020 18:21:49 +0100 Lucas Nussbaum <lu...@debian.org> wrote:
During a rebuild of all packages in sid, your package failed to build on amd64.
[ snip ]
> ======================================================================
> FAIL: gear.tests.test_functional.TestFunctional.test_job(ssl)
> gear.tests.test_functional.TestFunctional.test_job(ssl)
> ----------------------------------------------------------------------
> testtools.testresult.real._StringException: pythonlogging:'': {{{
> Disconnected from 127.0.0.1 port 35395
> Disconnected from 127.0.0.1 port 35395
> Exception while connecting to <gear.Connection 0x7ffa64785d30 host: 127.0.0.1
port: 35395>
> Traceback (most recent call last):
> File "/<<PKGBUILDDIR>>/gear/__init__.py", line 756, in _connectLoop
> conn.reconnect()
> File "/<<PKGBUILDDIR>>/gear/__init__.py", line 232, in reconnect
> self.connect()
> File "/<<PKGBUILDDIR>>/gear/__init__.py", line 189, in connect
> s = ssl.wrap_socket(s, ssl_version=ssl.PROTOCOL_TLSv1,
> File "/usr/lib/python3.9/ssl.py", line 1402, in wrap_socket
> context.load_cert_chain(certfile, keyfile)
> ssl.SSLError: [SSL: EE_KEY_TOO_SMALL] ee key too small (_ssl.c:4021)
This has been fixed upstream; see [1]. I've adapted the patch to quilt and have prepared an NMU. See the attached debdiff.
diff -Nru python-gear-0.5.8/debian/changelog python-gear-0.5.8/debian/changelog --- python-gear-0.5.8/debian/changelog 2019-07-16 08:32:22.000000000 -0400 +++ python-gear-0.5.8/debian/changelog 2021-10-27 15:36:23.000000000 -0400 @@ -1,3 +1,11 @@ +python-gear (0.5.8-5.1) unstable; urgency=medium + + * Non-maintainer upload. + * debian/patches/bump-crypto-requirement.patch + - New patch; use a stronger key during tests (Closes: #973192) + + -- Doug Torrance <dtorra...@piedmont.edu> Wed, 27 Oct 2021 15:36:23 -0400 + python-gear (0.5.8-5) unstable; urgency=medium [ Ondřej Nový ] diff -Nru python-gear-0.5.8/debian/patches/bump-crypto-requirement.patch python-gear-0.5.8/debian/patches/bump-crypto-requirement.patch --- python-gear-0.5.8/debian/patches/bump-crypto-requirement.patch 1969-12-31 19:00:00.000000000 -0500 +++ python-gear-0.5.8/debian/patches/bump-crypto-requirement.patch 2021-10-27 15:33:07.000000000 -0400 @@ -0,0 +1,29 @@ +Description: Bump crypto requirement to accomodate security standards + This patch ensures that the ssl engine does not complains about: + - ssl.SSLError: [SSL: EE_KEY_TOO_SMALL] ee key too small (_ssl.c:2951) + - ssl.SSLError: [SSL: CA_MD_TOO_WEAK] ca md too weak (_ssl.c:2951) +Author: Fabien Boucher <fbouc...@redhat.com> +Origin: https://opendev.org/opendev/gear/commit/79e1c30 +Bug-Debian: https://bugs.debian.org/973192 +Last-Update: 2021-10-27 + +--- a/gear/tests/test_functional.py ++++ b/gear/tests/test_functional.py +@@ -75,7 +75,7 @@ + + def create_cert(self, cn, issuer=None, signing_key=None): + key = crypto.PKey() +- key.generate_key(crypto.TYPE_RSA, 1024) ++ key.generate_key(crypto.TYPE_RSA, 2048) + + cert = crypto.X509() + subject = cert.get_subject() +@@ -94,7 +94,7 @@ + else: + cert.set_issuer(subject) + if signing_key: +- cert.sign(signing_key, 'sha1') ++ cert.sign(signing_key, 'sha256') + else: + cert.sign(key, 'sha1') + diff -Nru python-gear-0.5.8/debian/patches/series python-gear-0.5.8/debian/patches/series --- python-gear-0.5.8/debian/patches/series 1969-12-31 19:00:00.000000000 -0500 +++ python-gear-0.5.8/debian/patches/series 2021-10-27 15:33:07.000000000 -0400 @@ -0,0 +1 @@ +bump-crypto-requirement.patch
[1] https://opendev.org/opendev/gear/commit/79e1c30
signature.asc
Description: PGP signature
_______________________________________________ Python-modules-team mailing list Python-modules-team@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/python-modules-team
