Bug#930221: unblock: m2crypto/ 0.31.0-3.1
Control: tags -1 confirmed Hi Daniel, On 09-06-2019 10:05, Daniel Stender wrote: > On 6/8/19 9:20 PM, Paul Gevers wrote >> If this version gets uploaded, be it by the maintainers of m2crpyto or >> by Sebastian, it will be acceptable from the Release Team point of view. > > I've uploaded the package including these patches. Thanks a lot. In my opinion, no need to re-upload, but the check for the OpenSSL version seems to be failing (see below). That test should have been skipped. I'll trigger a test with openssl 1.1.1c to verify, but the test passed in unstable already. If that passes, I'll unblock this. Paul In testing (with openssl/1.1.1b-2): === FAILURES === ___ RSATestCase.test_public_encrypt self = @unittest.skipIf(m2.OPENSSL_VERSION_NUMBER < 0x1010103f, 'Relies on fix which happened only in OpenSSL 1.1.1c') def test_public_encrypt(self): priv = RSA.load_key(self.privkey) # pkcs1_padding, pkcs1_oaep_padding for padding in self.e_padding_ok: p = getattr(RSA, padding) ctxt = priv.public_encrypt(self.data, p) ptxt = priv.private_decrypt(ctxt, p) self.assertEqual(ptxt, self.data) # sslv23_padding ctxt = priv.public_encrypt(self.data, RSA.sslv23_padding) > res = priv.private_decrypt(ctxt, RSA.sslv23_padding) tests/test_rsa.py:129: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = data = '\x1c\x1a\xa2o>\xb7e\x0e\xeaX\x86\x0c\xda\x80y%t,\xccyN\xde\xed;P\xf8\xddL\x9de\x8e\x9b\\\xbbV\x16\x02\xb7\x11\x95\x02...xbb\\\xbe\x0b\x8b\xdb~\xb3HS\xdfIH\x7f\xec5L\xd1-FN\x882-I\xe3\x95\x11\xe0\xdeZ\xd8\xd2M\\\xc3\x93\xf2\xea\xa3\xcc\xa0' padding = 2 def private_decrypt(self, data, padding): # type: (bytes, int) -> bytes assert self.check_key(), 'key is not initialised' > return m2.rsa_private_decrypt(self.rsa, data, padding) E RSAError: sslv3 rollback attack signature.asc Description: OpenPGP digital signature
Processed: Re: Bug#930221: unblock: m2crypto/ 0.31.0-3.1
Processing control commands: > tags -1 confirmed Bug #930221 [release.debian.org] unblock: m2crypto/0.31.0-4 Ignoring request to alter tags of bug #930221 to the same tags previously set -- 930221: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930221 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#930221: unblock: m2crypto/ 0.31.0-3.1
Control: retitle -1 unblock: m2crypto/0.31.0-4
On 6/8/19 9:20 PM, Paul Gevers wrote
> If this version gets uploaded, be it by the maintainers of m2crpyto or
> by Sebastian, it will be acceptable from the Release Team point of view.
I've uploaded the package including these patches.
The package is m2crypto/0.31.0-4 though because it's not a NMU.
Fresh debdiff is attached.
Thanks again for patches.
Best,
Daniel Stender
--
4096R/DF5182C8 (sten...@debian.org)
https://danielstender.com
diff -Nru m2crypto-0.31.0/debian/changelog m2crypto-0.31.0/debian/changelog
--- m2crypto-0.31.0/debian/changelog 2019-03-11 19:44:01.0 +0100
+++ m2crypto-0.31.0/debian/changelog 2019-06-09 09:42:32.0 +0200
@@ -1,3 +1,11 @@
+m2crypto (0.31.0-4) unstable; urgency=medium
+
+ * Add a few patches from upstream to avoid a testsuite
+regression while testing for bug which was fixed in OpenSSL
+1.1.1c (Closes: #929903) [thanks to Sebastian Andrzej Siewior].
+
+ -- Daniel Stender Sun, 09 Jun 2019 09:42:32 +0200
+
m2crypto (0.31.0-3) unstable; urgency=medium
* add 0002-tests-test_ssl-use-ciphercuites-for-TLS1.3-cipher-in.patch
diff -Nru m2crypto-0.31.0/debian/patches/0003-Remove-duplicate-call-of-the-error-code.patch m2crypto-0.31.0/debian/patches/0003-Remove-duplicate-call-of-the-error-code.patch
--- m2crypto-0.31.0/debian/patches/0003-Remove-duplicate-call-of-the-error-code.patch 1970-01-01 01:00:00.0 +0100
+++ m2crypto-0.31.0/debian/patches/0003-Remove-duplicate-call-of-the-error-code.patch 2019-06-09 09:42:08.0 +0200
@@ -0,0 +1,25 @@
+From 83d4d9bc3aa4466e540fa00f8cc6891c0301ec82 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?=
+Date: Fri, 31 May 2019 17:00:14 +0200
+Subject: [PATCH] Remove duplicate call of the error code.
+
+---
+ tests/test_rsa.py | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/tests/test_rsa.py b/tests/test_rsa.py
+index 308b1b180445d..875b59c6844b5 100644
+--- a/tests/test_rsa.py
b/tests/test_rsa.py
+@@ -126,8 +126,6 @@ log = logging.getLogger('test_RSA')
+ ctxt = priv.public_encrypt(self.data, RSA.sslv23_padding)
+ with self.assertRaises(RSA.RSAError):
+ priv.private_decrypt(ctxt, RSA.sslv23_padding)
+-with self.assertRaises(RSA.RSAError):
+-priv.private_decrypt(ctxt, RSA.sslv23_padding)
+
+ # no_padding
+ with self.assertRaises(RSA.RSAError):
+--
+2.20.1
+
diff -Nru m2crypto-0.31.0/debian/patches/0004-Limit-tests.test_rsa.RSATestCase.test_public_encrypt.patch m2crypto-0.31.0/debian/patches/0004-Limit-tests.test_rsa.RSATestCase.test_public_encrypt.patch
--- m2crypto-0.31.0/debian/patches/0004-Limit-tests.test_rsa.RSATestCase.test_public_encrypt.patch 1970-01-01 01:00:00.0 +0100
+++ m2crypto-0.31.0/debian/patches/0004-Limit-tests.test_rsa.RSATestCase.test_public_encrypt.patch 2019-06-09 09:42:08.0 +0200
@@ -0,0 +1,42 @@
+From 0b22d79082afd7c564b2ac07fb0ef5d76d692586 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?=
+Date: Fri, 7 Jun 2019 11:43:03 +0200
+Subject: [PATCH] Limit tests.test_rsa.RSATestCase.test_public_encrypt just
+ to OpenSSL which sustains it.
+
+Fixes #258
+---
+ tests/test_rsa.py | 8 +---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/tests/test_rsa.py b/tests/test_rsa.py
+index 875b59c6844b5..7028b6085788e 100644
+--- a/tests/test_rsa.py
b/tests/test_rsa.py
+@@ -113,6 +113,8 @@ log = logging.getLogger('test_RSA')
+ with self.assertRaises(TypeError):
+ priv.private_encrypt(self.gen_callback, RSA.pkcs1_padding)
+
++@unittest.skipIf(m2.OPENSSL_VERSION_NUMBER < 0x1010103f,
++ 'Relies on fix which happened only in OpenSSL 1.1.1c')
+ def test_public_encrypt(self):
+ priv = RSA.load_key(self.privkey)
+ # pkcs1_padding, pkcs1_oaep_padding
+@@ -124,11 +126,11 @@ log = logging.getLogger('test_RSA')
+
+ # sslv23_padding
+ ctxt = priv.public_encrypt(self.data, RSA.sslv23_padding)
+-with self.assertRaises(RSA.RSAError):
+-priv.private_decrypt(ctxt, RSA.sslv23_padding)
++res = priv.private_decrypt(ctxt, RSA.sslv23_padding)
++self.assertEqual(res, self.data)
+
+ # no_padding
+-with self.assertRaises(RSA.RSAError):
++with six.assertRaisesRegex(self, TypeError, 'data too small'):
+ priv.public_encrypt(self.data, RSA.no_padding)
+
+ # Type-check the data to be encrypted.
+--
+2.20.1
+
diff -Nru m2crypto-0.31.0/debian/patches/0005-tests.test_rsa-Fix-typo-to-match-for-proper-exceptio.patch m2crypto-0.31.0/debian/patches/0005-tests.test_rsa-Fix-typo-to-match-for-proper-exceptio.patch
--- m2crypto-0.31.0/debian/patches/0005-tests.test_rsa-Fix-typo-to-match-for-proper-exceptio.patch 1970-01-01 01:00:00.0 +0100
+++ m2crypto-0.31.0/debian/patches/0005-tests.test_rsa-Fix-typo-to-match-for-proper-exceptio.patch 2019-06-09 09:42:08.0 +0200
Processed: Re: Bug#930221: unblock: m2crypto/ 0.31.0-3.1
Processing control commands: > retitle -1 unblock: m2crypto/0.31.0-4 Bug #930221 [release.debian.org] unblock: m2crypto/ 0.31.0-3.1 Changed Bug title to 'unblock: m2crypto/0.31.0-4' from 'unblock: m2crypto/ 0.31.0-3.1'. -- 930221: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930221 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#930221: unblock: m2crypto/ 0.31.0-3.1
On 6/8/19 9:20 PM, Paul Gevers wrote: > Control: tags -1 moreinfo confirmed > Control: block 930194 by -1 > > Hi Sebastian, Daniel, Python modules team > > On 08-06-2019 17:45, Sebastian Andrzej Siewior wrote: >> This is a proposal for m2crypto which could be uploaded to unstable and >> unblocked for Buster unless someone objects. >> The testsuite in m2crypto fails because it tests for a bug in openssl >> which was fixed in 1.1.1c which is currently in unstable (and is >> friendly asking for the Buster gates to open in #930194). The m2crypto >> bug is tracked in #929903. >> >> I backported three patches from upstream and made one additional myself >> (which has been forwarded) to get this sorted out. >> >> I don't mind if the maintainer of m2crypto takes over, I just wanted to >> make everything ready so nobody blaims openssl for stalling the Buster >> release :) >> >> unblock m2crypto/ 0.31.0-3.1 > > If this version gets uploaded, be it by the maintainers of m2crpyto or > by Sebastian, it will be acceptable from the Release Team point of view. > > Paul I'll take care about this tomorrow. Thx for fixes. Best, Daniel -- 4096R/DF5182C8 (sten...@debian.org) https://danielstender.com signature.asc Description: OpenPGP digital signature
Bug#930221: unblock: m2crypto/ 0.31.0-3.1
Control: tags -1 moreinfo confirmed Control: block 930194 by -1 Hi Sebastian, Daniel, Python modules team On 08-06-2019 17:45, Sebastian Andrzej Siewior wrote: > This is a proposal for m2crypto which could be uploaded to unstable and > unblocked for Buster unless someone objects. > The testsuite in m2crypto fails because it tests for a bug in openssl > which was fixed in 1.1.1c which is currently in unstable (and is > friendly asking for the Buster gates to open in #930194). The m2crypto > bug is tracked in #929903. > > I backported three patches from upstream and made one additional myself > (which has been forwarded) to get this sorted out. > > I don't mind if the maintainer of m2crypto takes over, I just wanted to > make everything ready so nobody blaims openssl for stalling the Buster > release :) > > unblock m2crypto/ 0.31.0-3.1 If this version gets uploaded, be it by the maintainers of m2crpyto or by Sebastian, it will be acceptable from the Release Team point of view. Paul signature.asc Description: OpenPGP digital signature
Processed: Re: Bug#930221: unblock: m2crypto/ 0.31.0-3.1
Processing control commands: > tags -1 moreinfo confirmed Bug #930221 [release.debian.org] unblock: m2crypto/ 0.31.0-3.1 Added tag(s) confirmed and moreinfo. > block 930194 by -1 Bug #930194 [release.debian.org] unblock: openssl/1.1.1c-1 930194 was not blocked by any bugs. 930194 was not blocking any bugs. Added blocking bug(s) of 930194: 930221 -- 930194: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930194 930221: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930221 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#930221: unblock: m2crypto/ 0.31.0-3.1
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
Severity: normal
This is a proposal for m2crypto which could be uploaded to unstable and
unblocked for Buster unless someone objects.
The testsuite in m2crypto fails because it tests for a bug in openssl
which was fixed in 1.1.1c which is currently in unstable (and is
friendly asking for the Buster gates to open in #930194). The m2crypto
bug is tracked in #929903.
I backported three patches from upstream and made one additional myself
(which has been forwarded) to get this sorted out.
I don't mind if the maintainer of m2crypto takes over, I just wanted to
make everything ready so nobody blaims openssl for stalling the Buster
release :)
unblock m2crypto/ 0.31.0-3.1
Sebastian
diff -Nru m2crypto-0.31.0/debian/changelog m2crypto-0.31.0/debian/changelog
--- m2crypto-0.31.0/debian/changelog 2019-03-11 19:44:01.0 +0100
+++ m2crypto-0.31.0/debian/changelog 2019-06-08 12:35:11.0 +0200
@@ -1,3 +1,11 @@
+m2crypto (0.31.0-3.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Add a few patches from upstream to avoid a testsuite regression while
+testing for bug which was fixed in OpenSSL 1.1.1c (Closes: #929903).
+
+ -- Sebastian Andrzej Siewior Sat, 08 Jun 2019 12:35:11 +0200
+
m2crypto (0.31.0-3) unstable; urgency=medium
* add 0002-tests-test_ssl-use-ciphercuites-for-TLS1.3-cipher-in.patch
diff -Nru m2crypto-0.31.0/debian/patches/0003-Remove-duplicate-call-of-the-error-code.patch m2crypto-0.31.0/debian/patches/0003-Remove-duplicate-call-of-the-error-code.patch
--- m2crypto-0.31.0/debian/patches/0003-Remove-duplicate-call-of-the-error-code.patch 1970-01-01 01:00:00.0 +0100
+++ m2crypto-0.31.0/debian/patches/0003-Remove-duplicate-call-of-the-error-code.patch 2019-06-08 12:34:05.0 +0200
@@ -0,0 +1,25 @@
+From 83d4d9bc3aa4466e540fa00f8cc6891c0301ec82 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?=
+Date: Fri, 31 May 2019 17:00:14 +0200
+Subject: [PATCH] Remove duplicate call of the error code.
+
+---
+ tests/test_rsa.py | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/tests/test_rsa.py b/tests/test_rsa.py
+index 308b1b180445d..875b59c6844b5 100644
+--- a/tests/test_rsa.py
b/tests/test_rsa.py
+@@ -126,8 +126,6 @@ log = logging.getLogger('test_RSA')
+ ctxt = priv.public_encrypt(self.data, RSA.sslv23_padding)
+ with self.assertRaises(RSA.RSAError):
+ priv.private_decrypt(ctxt, RSA.sslv23_padding)
+-with self.assertRaises(RSA.RSAError):
+-priv.private_decrypt(ctxt, RSA.sslv23_padding)
+
+ # no_padding
+ with self.assertRaises(RSA.RSAError):
+--
+2.20.1
+
diff -Nru m2crypto-0.31.0/debian/patches/0004-Limit-tests.test_rsa.RSATestCase.test_public_encrypt.patch m2crypto-0.31.0/debian/patches/0004-Limit-tests.test_rsa.RSATestCase.test_public_encrypt.patch
--- m2crypto-0.31.0/debian/patches/0004-Limit-tests.test_rsa.RSATestCase.test_public_encrypt.patch 1970-01-01 01:00:00.0 +0100
+++ m2crypto-0.31.0/debian/patches/0004-Limit-tests.test_rsa.RSATestCase.test_public_encrypt.patch 2019-06-08 12:33:53.0 +0200
@@ -0,0 +1,42 @@
+From 0b22d79082afd7c564b2ac07fb0ef5d76d692586 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?=
+Date: Fri, 7 Jun 2019 11:43:03 +0200
+Subject: [PATCH] Limit tests.test_rsa.RSATestCase.test_public_encrypt just
+ to OpenSSL which sustains it.
+
+Fixes #258
+---
+ tests/test_rsa.py | 8 +---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/tests/test_rsa.py b/tests/test_rsa.py
+index 875b59c6844b5..7028b6085788e 100644
+--- a/tests/test_rsa.py
b/tests/test_rsa.py
+@@ -113,6 +113,8 @@ log = logging.getLogger('test_RSA')
+ with self.assertRaises(TypeError):
+ priv.private_encrypt(self.gen_callback, RSA.pkcs1_padding)
+
++@unittest.skipIf(m2.OPENSSL_VERSION_NUMBER < 0x1010103f,
++ 'Relies on fix which happened only in OpenSSL 1.1.1c')
+ def test_public_encrypt(self):
+ priv = RSA.load_key(self.privkey)
+ # pkcs1_padding, pkcs1_oaep_padding
+@@ -124,11 +126,11 @@ log = logging.getLogger('test_RSA')
+
+ # sslv23_padding
+ ctxt = priv.public_encrypt(self.data, RSA.sslv23_padding)
+-with self.assertRaises(RSA.RSAError):
+-priv.private_decrypt(ctxt, RSA.sslv23_padding)
++res = priv.private_decrypt(ctxt, RSA.sslv23_padding)
++self.assertEqual(res, self.data)
+
+ # no_padding
+-with self.assertRaises(RSA.RSAError):
++with six.assertRaisesRegex(self, TypeError, 'data too small'):
+ priv.public_encrypt(self.data, RSA.no_padding)
+
+ # Type-check the data to be encrypted.
+--
+2.20.1
+
diff -Nru m2crypto-0.31.0/debian/patches/0005-tests.test_rsa-Fix-typo-to-match-for-proper-exceptio.patch
