Bug#930221: unblock: m2crypto/ 0.31.0-3.1
Control: tags -1 confirmed Hi Daniel, On 09-06-2019 10:05, Daniel Stender wrote: > On 6/8/19 9:20 PM, Paul Gevers wrote >> If this version gets uploaded, be it by the maintainers of m2crpyto or >> by Sebastian, it will be acceptable from the Release Team point of view. > > I've uploaded the package including these patches. Thanks a lot. In my opinion, no need to re-upload, but the check for the OpenSSL version seems to be failing (see below). That test should have been skipped. I'll trigger a test with openssl 1.1.1c to verify, but the test passed in unstable already. If that passes, I'll unblock this. Paul In testing (with openssl/1.1.1b-2): === FAILURES === ___ RSATestCase.test_public_encrypt self = @unittest.skipIf(m2.OPENSSL_VERSION_NUMBER < 0x1010103f, 'Relies on fix which happened only in OpenSSL 1.1.1c') def test_public_encrypt(self): priv = RSA.load_key(self.privkey) # pkcs1_padding, pkcs1_oaep_padding for padding in self.e_padding_ok: p = getattr(RSA, padding) ctxt = priv.public_encrypt(self.data, p) ptxt = priv.private_decrypt(ctxt, p) self.assertEqual(ptxt, self.data) # sslv23_padding ctxt = priv.public_encrypt(self.data, RSA.sslv23_padding) > res = priv.private_decrypt(ctxt, RSA.sslv23_padding) tests/test_rsa.py:129: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = data = '\x1c\x1a\xa2o>\xb7e\x0e\xeaX\x86\x0c\xda\x80y%t,\xccyN\xde\xed;P\xf8\xddL\x9de\x8e\x9b\\\xbbV\x16\x02\xb7\x11\x95\x02...xbb\\\xbe\x0b\x8b\xdb~\xb3HS\xdfIH\x7f\xec5L\xd1-FN\x882-I\xe3\x95\x11\xe0\xdeZ\xd8\xd2M\\\xc3\x93\xf2\xea\xa3\xcc\xa0' padding = 2 def private_decrypt(self, data, padding): # type: (bytes, int) -> bytes assert self.check_key(), 'key is not initialised' > return m2.rsa_private_decrypt(self.rsa, data, padding) E RSAError: sslv3 rollback attack signature.asc Description: OpenPGP digital signature
Processed: Re: Bug#930221: unblock: m2crypto/ 0.31.0-3.1
Processing control commands: > tags -1 confirmed Bug #930221 [release.debian.org] unblock: m2crypto/0.31.0-4 Ignoring request to alter tags of bug #930221 to the same tags previously set -- 930221: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930221 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#930221: unblock: m2crypto/ 0.31.0-3.1
Control: retitle -1 unblock: m2crypto/0.31.0-4 On 6/8/19 9:20 PM, Paul Gevers wrote > If this version gets uploaded, be it by the maintainers of m2crpyto or > by Sebastian, it will be acceptable from the Release Team point of view. I've uploaded the package including these patches. The package is m2crypto/0.31.0-4 though because it's not a NMU. Fresh debdiff is attached. Thanks again for patches. Best, Daniel Stender -- 4096R/DF5182C8 (sten...@debian.org) https://danielstender.com diff -Nru m2crypto-0.31.0/debian/changelog m2crypto-0.31.0/debian/changelog --- m2crypto-0.31.0/debian/changelog 2019-03-11 19:44:01.0 +0100 +++ m2crypto-0.31.0/debian/changelog 2019-06-09 09:42:32.0 +0200 @@ -1,3 +1,11 @@ +m2crypto (0.31.0-4) unstable; urgency=medium + + * Add a few patches from upstream to avoid a testsuite +regression while testing for bug which was fixed in OpenSSL +1.1.1c (Closes: #929903) [thanks to Sebastian Andrzej Siewior]. + + -- Daniel Stender Sun, 09 Jun 2019 09:42:32 +0200 + m2crypto (0.31.0-3) unstable; urgency=medium * add 0002-tests-test_ssl-use-ciphercuites-for-TLS1.3-cipher-in.patch diff -Nru m2crypto-0.31.0/debian/patches/0003-Remove-duplicate-call-of-the-error-code.patch m2crypto-0.31.0/debian/patches/0003-Remove-duplicate-call-of-the-error-code.patch --- m2crypto-0.31.0/debian/patches/0003-Remove-duplicate-call-of-the-error-code.patch 1970-01-01 01:00:00.0 +0100 +++ m2crypto-0.31.0/debian/patches/0003-Remove-duplicate-call-of-the-error-code.patch 2019-06-09 09:42:08.0 +0200 @@ -0,0 +1,25 @@ +From 83d4d9bc3aa4466e540fa00f8cc6891c0301ec82 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= +Date: Fri, 31 May 2019 17:00:14 +0200 +Subject: [PATCH] Remove duplicate call of the error code. + +--- + tests/test_rsa.py | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/tests/test_rsa.py b/tests/test_rsa.py +index 308b1b180445d..875b59c6844b5 100644 +--- a/tests/test_rsa.py b/tests/test_rsa.py +@@ -126,8 +126,6 @@ log = logging.getLogger('test_RSA') + ctxt = priv.public_encrypt(self.data, RSA.sslv23_padding) + with self.assertRaises(RSA.RSAError): + priv.private_decrypt(ctxt, RSA.sslv23_padding) +-with self.assertRaises(RSA.RSAError): +-priv.private_decrypt(ctxt, RSA.sslv23_padding) + + # no_padding + with self.assertRaises(RSA.RSAError): +-- +2.20.1 + diff -Nru m2crypto-0.31.0/debian/patches/0004-Limit-tests.test_rsa.RSATestCase.test_public_encrypt.patch m2crypto-0.31.0/debian/patches/0004-Limit-tests.test_rsa.RSATestCase.test_public_encrypt.patch --- m2crypto-0.31.0/debian/patches/0004-Limit-tests.test_rsa.RSATestCase.test_public_encrypt.patch 1970-01-01 01:00:00.0 +0100 +++ m2crypto-0.31.0/debian/patches/0004-Limit-tests.test_rsa.RSATestCase.test_public_encrypt.patch 2019-06-09 09:42:08.0 +0200 @@ -0,0 +1,42 @@ +From 0b22d79082afd7c564b2ac07fb0ef5d76d692586 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= +Date: Fri, 7 Jun 2019 11:43:03 +0200 +Subject: [PATCH] Limit tests.test_rsa.RSATestCase.test_public_encrypt just + to OpenSSL which sustains it. + +Fixes #258 +--- + tests/test_rsa.py | 8 +--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/tests/test_rsa.py b/tests/test_rsa.py +index 875b59c6844b5..7028b6085788e 100644 +--- a/tests/test_rsa.py b/tests/test_rsa.py +@@ -113,6 +113,8 @@ log = logging.getLogger('test_RSA') + with self.assertRaises(TypeError): + priv.private_encrypt(self.gen_callback, RSA.pkcs1_padding) + ++@unittest.skipIf(m2.OPENSSL_VERSION_NUMBER < 0x1010103f, ++ 'Relies on fix which happened only in OpenSSL 1.1.1c') + def test_public_encrypt(self): + priv = RSA.load_key(self.privkey) + # pkcs1_padding, pkcs1_oaep_padding +@@ -124,11 +126,11 @@ log = logging.getLogger('test_RSA') + + # sslv23_padding + ctxt = priv.public_encrypt(self.data, RSA.sslv23_padding) +-with self.assertRaises(RSA.RSAError): +-priv.private_decrypt(ctxt, RSA.sslv23_padding) ++res = priv.private_decrypt(ctxt, RSA.sslv23_padding) ++self.assertEqual(res, self.data) + + # no_padding +-with self.assertRaises(RSA.RSAError): ++with six.assertRaisesRegex(self, TypeError, 'data too small'): + priv.public_encrypt(self.data, RSA.no_padding) + + # Type-check the data to be encrypted. +-- +2.20.1 + diff -Nru m2crypto-0.31.0/debian/patches/0005-tests.test_rsa-Fix-typo-to-match-for-proper-exceptio.patch m2crypto-0.31.0/debian/patches/0005-tests.test_rsa-Fix-typo-to-match-for-proper-exceptio.patch --- m2crypto-0.31.0/debian/patches/0005-tests.test_rsa-Fix-typo-to-match-for-proper-exceptio.patch 1970-01-01 01:00:00.0 +0100 +++ m2crypto-0.31.0/debian/patches/0005-tests.test_rsa-Fix-typo-to-match-for-proper-exceptio.patch 2019-06-09 09:42:08.0 +0200
Processed: Re: Bug#930221: unblock: m2crypto/ 0.31.0-3.1
Processing control commands: > retitle -1 unblock: m2crypto/0.31.0-4 Bug #930221 [release.debian.org] unblock: m2crypto/ 0.31.0-3.1 Changed Bug title to 'unblock: m2crypto/0.31.0-4' from 'unblock: m2crypto/ 0.31.0-3.1'. -- 930221: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930221 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#930221: unblock: m2crypto/ 0.31.0-3.1
On 6/8/19 9:20 PM, Paul Gevers wrote: > Control: tags -1 moreinfo confirmed > Control: block 930194 by -1 > > Hi Sebastian, Daniel, Python modules team > > On 08-06-2019 17:45, Sebastian Andrzej Siewior wrote: >> This is a proposal for m2crypto which could be uploaded to unstable and >> unblocked for Buster unless someone objects. >> The testsuite in m2crypto fails because it tests for a bug in openssl >> which was fixed in 1.1.1c which is currently in unstable (and is >> friendly asking for the Buster gates to open in #930194). The m2crypto >> bug is tracked in #929903. >> >> I backported three patches from upstream and made one additional myself >> (which has been forwarded) to get this sorted out. >> >> I don't mind if the maintainer of m2crypto takes over, I just wanted to >> make everything ready so nobody blaims openssl for stalling the Buster >> release :) >> >> unblock m2crypto/ 0.31.0-3.1 > > If this version gets uploaded, be it by the maintainers of m2crpyto or > by Sebastian, it will be acceptable from the Release Team point of view. > > Paul I'll take care about this tomorrow. Thx for fixes. Best, Daniel -- 4096R/DF5182C8 (sten...@debian.org) https://danielstender.com signature.asc Description: OpenPGP digital signature
Bug#930221: unblock: m2crypto/ 0.31.0-3.1
Control: tags -1 moreinfo confirmed Control: block 930194 by -1 Hi Sebastian, Daniel, Python modules team On 08-06-2019 17:45, Sebastian Andrzej Siewior wrote: > This is a proposal for m2crypto which could be uploaded to unstable and > unblocked for Buster unless someone objects. > The testsuite in m2crypto fails because it tests for a bug in openssl > which was fixed in 1.1.1c which is currently in unstable (and is > friendly asking for the Buster gates to open in #930194). The m2crypto > bug is tracked in #929903. > > I backported three patches from upstream and made one additional myself > (which has been forwarded) to get this sorted out. > > I don't mind if the maintainer of m2crypto takes over, I just wanted to > make everything ready so nobody blaims openssl for stalling the Buster > release :) > > unblock m2crypto/ 0.31.0-3.1 If this version gets uploaded, be it by the maintainers of m2crpyto or by Sebastian, it will be acceptable from the Release Team point of view. Paul signature.asc Description: OpenPGP digital signature
Processed: Re: Bug#930221: unblock: m2crypto/ 0.31.0-3.1
Processing control commands: > tags -1 moreinfo confirmed Bug #930221 [release.debian.org] unblock: m2crypto/ 0.31.0-3.1 Added tag(s) confirmed and moreinfo. > block 930194 by -1 Bug #930194 [release.debian.org] unblock: openssl/1.1.1c-1 930194 was not blocked by any bugs. 930194 was not blocking any bugs. Added blocking bug(s) of 930194: 930221 -- 930194: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930194 930221: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930221 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#930221: unblock: m2crypto/ 0.31.0-3.1
Package: release.debian.org User: release.debian@packages.debian.org Usertags: unblock Severity: normal This is a proposal for m2crypto which could be uploaded to unstable and unblocked for Buster unless someone objects. The testsuite in m2crypto fails because it tests for a bug in openssl which was fixed in 1.1.1c which is currently in unstable (and is friendly asking for the Buster gates to open in #930194). The m2crypto bug is tracked in #929903. I backported three patches from upstream and made one additional myself (which has been forwarded) to get this sorted out. I don't mind if the maintainer of m2crypto takes over, I just wanted to make everything ready so nobody blaims openssl for stalling the Buster release :) unblock m2crypto/ 0.31.0-3.1 Sebastian diff -Nru m2crypto-0.31.0/debian/changelog m2crypto-0.31.0/debian/changelog --- m2crypto-0.31.0/debian/changelog 2019-03-11 19:44:01.0 +0100 +++ m2crypto-0.31.0/debian/changelog 2019-06-08 12:35:11.0 +0200 @@ -1,3 +1,11 @@ +m2crypto (0.31.0-3.1) unstable; urgency=medium + + * Non-maintainer upload. + * Add a few patches from upstream to avoid a testsuite regression while +testing for bug which was fixed in OpenSSL 1.1.1c (Closes: #929903). + + -- Sebastian Andrzej Siewior Sat, 08 Jun 2019 12:35:11 +0200 + m2crypto (0.31.0-3) unstable; urgency=medium * add 0002-tests-test_ssl-use-ciphercuites-for-TLS1.3-cipher-in.patch diff -Nru m2crypto-0.31.0/debian/patches/0003-Remove-duplicate-call-of-the-error-code.patch m2crypto-0.31.0/debian/patches/0003-Remove-duplicate-call-of-the-error-code.patch --- m2crypto-0.31.0/debian/patches/0003-Remove-duplicate-call-of-the-error-code.patch 1970-01-01 01:00:00.0 +0100 +++ m2crypto-0.31.0/debian/patches/0003-Remove-duplicate-call-of-the-error-code.patch 2019-06-08 12:34:05.0 +0200 @@ -0,0 +1,25 @@ +From 83d4d9bc3aa4466e540fa00f8cc6891c0301ec82 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= +Date: Fri, 31 May 2019 17:00:14 +0200 +Subject: [PATCH] Remove duplicate call of the error code. + +--- + tests/test_rsa.py | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/tests/test_rsa.py b/tests/test_rsa.py +index 308b1b180445d..875b59c6844b5 100644 +--- a/tests/test_rsa.py b/tests/test_rsa.py +@@ -126,8 +126,6 @@ log = logging.getLogger('test_RSA') + ctxt = priv.public_encrypt(self.data, RSA.sslv23_padding) + with self.assertRaises(RSA.RSAError): + priv.private_decrypt(ctxt, RSA.sslv23_padding) +-with self.assertRaises(RSA.RSAError): +-priv.private_decrypt(ctxt, RSA.sslv23_padding) + + # no_padding + with self.assertRaises(RSA.RSAError): +-- +2.20.1 + diff -Nru m2crypto-0.31.0/debian/patches/0004-Limit-tests.test_rsa.RSATestCase.test_public_encrypt.patch m2crypto-0.31.0/debian/patches/0004-Limit-tests.test_rsa.RSATestCase.test_public_encrypt.patch --- m2crypto-0.31.0/debian/patches/0004-Limit-tests.test_rsa.RSATestCase.test_public_encrypt.patch 1970-01-01 01:00:00.0 +0100 +++ m2crypto-0.31.0/debian/patches/0004-Limit-tests.test_rsa.RSATestCase.test_public_encrypt.patch 2019-06-08 12:33:53.0 +0200 @@ -0,0 +1,42 @@ +From 0b22d79082afd7c564b2ac07fb0ef5d76d692586 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= +Date: Fri, 7 Jun 2019 11:43:03 +0200 +Subject: [PATCH] Limit tests.test_rsa.RSATestCase.test_public_encrypt just + to OpenSSL which sustains it. + +Fixes #258 +--- + tests/test_rsa.py | 8 +--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/tests/test_rsa.py b/tests/test_rsa.py +index 875b59c6844b5..7028b6085788e 100644 +--- a/tests/test_rsa.py b/tests/test_rsa.py +@@ -113,6 +113,8 @@ log = logging.getLogger('test_RSA') + with self.assertRaises(TypeError): + priv.private_encrypt(self.gen_callback, RSA.pkcs1_padding) + ++@unittest.skipIf(m2.OPENSSL_VERSION_NUMBER < 0x1010103f, ++ 'Relies on fix which happened only in OpenSSL 1.1.1c') + def test_public_encrypt(self): + priv = RSA.load_key(self.privkey) + # pkcs1_padding, pkcs1_oaep_padding +@@ -124,11 +126,11 @@ log = logging.getLogger('test_RSA') + + # sslv23_padding + ctxt = priv.public_encrypt(self.data, RSA.sslv23_padding) +-with self.assertRaises(RSA.RSAError): +-priv.private_decrypt(ctxt, RSA.sslv23_padding) ++res = priv.private_decrypt(ctxt, RSA.sslv23_padding) ++self.assertEqual(res, self.data) + + # no_padding +-with self.assertRaises(RSA.RSAError): ++with six.assertRaisesRegex(self, TypeError, 'data too small'): + priv.public_encrypt(self.data, RSA.no_padding) + + # Type-check the data to be encrypted. +-- +2.20.1 + diff -Nru m2crypto-0.31.0/debian/patches/0005-tests.test_rsa-Fix-typo-to-match-for-proper-exceptio.patch