Package: m2crypto Version: 0.42.0-2 Severity: normal Tags: patch pending Dear maintainer,
I've prepared an NMU for m2crypto (versioned as 0.42.0-2.1) and uploaded it to DELAYED/3. Please feel free to tell me if I should delay it longer. Regards. Sebastian
diff -Nru m2crypto-0.42.0/debian/changelog m2crypto-0.42.0/debian/changelog --- m2crypto-0.42.0/debian/changelog 2024-10-21 11:42:00.000000000 +0200 +++ m2crypto-0.42.0/debian/changelog 2025-01-10 12:47:19.000000000 +0100 @@ -1,3 +1,12 @@ +m2crypto (0.42.0-2.1) unstable; urgency=medium + + * Non-maintainer upload. + * Remove invalid test for X509_REQ_set_version() (Closes: #1085588). + * Raise proper error if load_key_bio() fails (Closes: #1091133). + * swig workaround: Shadow sys/types.h, discussed in #1091133. + + -- Sebastian Andrzej Siewior <sebast...@breakpoint.cc> Fri, 10 Jan 2025 12:47:19 +0100 + m2crypto (0.42.0-2) unstable; urgency=high * Team upload. diff -Nru m2crypto-0.42.0/debian/patches/0001-test_x509-Use-only-X509_VERSION_1-0-as-version-for-C.patch m2crypto-0.42.0/debian/patches/0001-test_x509-Use-only-X509_VERSION_1-0-as-version-for-C.patch --- m2crypto-0.42.0/debian/patches/0001-test_x509-Use-only-X509_VERSION_1-0-as-version-for-C.patch 1970-01-01 01:00:00.000000000 +0100 +++ m2crypto-0.42.0/debian/patches/0001-test_x509-Use-only-X509_VERSION_1-0-as-version-for-C.patch 2025-01-10 12:47:19.000000000 +0100 @@ -0,0 +1,28 @@ +From: Sebastian Andrzej Siewior <sebast...@breakpoint.cc> +Date: Sun, 20 Oct 2024 21:19:33 +0200 +Subject: [PATCH 1/4] test_x509: Use only X509_VERSION_1 (0) as version for + CSR. + +Upstream: e939d914f60c211a549d43d6d44cd58b7b7ea622 + +RFC 2986 only defines a single version for CSRs: X509_VERSION_1 (0). +OpenSSL starting with 3.4 rejects everything else. + +Remove the tests where X509_VERSION_2 (1) is used X509_REQ_set_version. + +Signed-off-by: Sebastian Andrzej Siewior <sebast...@breakpoint.cc> +--- + tests/test_x509.py | 2 -- + 1 file changed, 2 deletions(-) + +--- a/tests/test_x509.py ++++ b/tests/test_x509.py +@@ -240,8 +240,6 @@ log = logging.getLogger(__name__) + self.assertEqual(req.as_text(), req4t) + self.assertEqual(req.as_der(), req4.as_der()) + self.assertEqual(req.get_version(), 0) +- req.set_version(1) +- self.assertEqual(req.get_version(), 1) + req.set_version(0) + self.assertEqual(req.get_version(), 0) + diff -Nru m2crypto-0.42.0/debian/patches/0002-fix-EC-raise-ValueError-when-load_key_bio-cannot-rea.patch m2crypto-0.42.0/debian/patches/0002-fix-EC-raise-ValueError-when-load_key_bio-cannot-rea.patch --- m2crypto-0.42.0/debian/patches/0002-fix-EC-raise-ValueError-when-load_key_bio-cannot-rea.patch 1970-01-01 01:00:00.000000000 +0100 +++ m2crypto-0.42.0/debian/patches/0002-fix-EC-raise-ValueError-when-load_key_bio-cannot-rea.patch 2025-01-10 12:47:19.000000000 +0100 @@ -0,0 +1,30 @@ +From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= <mc...@cepl.eu> +Date: Mon, 14 Oct 2024 08:19:25 +0200 +Subject: [PATCH 2/4] fix[EC]: raise ValueError when load_key_bio() cannot read + the file. + +Upstream: 83877a3f7630b2ce6144c0b26c98f75ad787fe6e + +Fixes: https://todo.sr.ht/~mcepl/m2crypto/363 +--- + src/M2Crypto/EC.py | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +--- a/src/M2Crypto/EC.py ++++ b/src/M2Crypto/EC.py +@@ -393,7 +393,14 @@ NID_wap_wsg_idm_ecid_wtls12 = m2.NID_wap + :param callback: Python callback object that will be invoked + if the EC key pair is passphrase-protected. + """ +- return EC(m2.ec_key_read_bio(bio._ptr(), callback), 1) ++ key = m2.ec_key_read_bio(bio._ptr(), callback) ++ if key is None: ++ raise ValueError( ++ "Cannot read EC key pair from PEM file {}.".format( ++ bio.fname ++ ) ++ ) ++ return EC(key, 1) + + + def load_pub_key(file): diff -Nru m2crypto-0.42.0/debian/patches/0003-fix-EC-raise-IOError-instead-when-load_key_bio-canno.patch m2crypto-0.42.0/debian/patches/0003-fix-EC-raise-IOError-instead-when-load_key_bio-canno.patch --- m2crypto-0.42.0/debian/patches/0003-fix-EC-raise-IOError-instead-when-load_key_bio-canno.patch 1970-01-01 01:00:00.000000000 +0100 +++ m2crypto-0.42.0/debian/patches/0003-fix-EC-raise-IOError-instead-when-load_key_bio-canno.patch 2025-01-10 12:47:19.000000000 +0100 @@ -0,0 +1,35 @@ +From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= <mc...@cepl.eu> +Date: Mon, 14 Oct 2024 08:19:25 +0200 +Subject: [PATCH 3/4] fix[EC]: raise IOError instead when load_key_bio() cannot + read the file. + +Upstream: 9c1d4c4c3d29a0b5aa26a818db74f538a088250e + +It is probably more appropriate than ValueError when I/O is involved. +--- + src/M2Crypto/EC.py | 2 +- + tests/test_ecdsa.py | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +--- a/src/M2Crypto/EC.py ++++ b/src/M2Crypto/EC.py +@@ -395,7 +395,7 @@ NID_wap_wsg_idm_ecid_wtls12 = m2.NID_wap + """ + key = m2.ec_key_read_bio(bio._ptr(), callback) + if key is None: +- raise ValueError( ++ raise IOError( + "Cannot read EC key pair from PEM file {}.".format( + bio.fname + ) +--- a/tests/test_ecdsa.py ++++ b/tests/test_ecdsa.py +@@ -32,7 +32,7 @@ log = logging.getLogger(__name__) + pass + + def test_loadkey_junk(self): +- with self.assertRaises(ValueError): ++ with self.assertRaises(IOError): + EC.load_key(self.errkey) + + def test_loadkey(self): diff -Nru m2crypto-0.42.0/debian/patches/0004-swig-Workaround-for-reading-sys-select.h-ending-with.patch m2crypto-0.42.0/debian/patches/0004-swig-Workaround-for-reading-sys-select.h-ending-with.patch --- m2crypto-0.42.0/debian/patches/0004-swig-Workaround-for-reading-sys-select.h-ending-with.patch 1970-01-01 01:00:00.000000000 +0100 +++ m2crypto-0.42.0/debian/patches/0004-swig-Workaround-for-reading-sys-select.h-ending-with.patch 2025-01-10 12:47:19.000000000 +0100 @@ -0,0 +1,45 @@ +From: Sebastian Andrzej Siewior <sebast...@breakpoint.cc> +Date: Fri, 10 Jan 2025 11:14:45 +0100 +Subject: [PATCH 4/4] swig: Workaround for reading sys/select.h ending with + wrong types. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +| src/SWIG/_m2crypto_wrap.c: In function ‘_wrap_fd_set___fds_bits_set’: +| src/SWIG/_m2crypto_wrap.c:11872:88: error: ‘fd_set’ has no member named ‘__fds_bits’; did you mean ‘fds_bits’? +| 11872 | for (; ii < (size_t)1024/(8*(int) sizeof(__fd_mask)); ++ii) *(__fd_mask *)&arg1->__fds_bits[ii] = *((__fd_mask *)arg2 + ii); +| | ^~~~~~~~~~ +| | fds_bits +| src/SWIG/_m2crypto_wrap.c: In function ‘_wrap_fd_set___fds_bits_get’: +| src/SWIG/_m2crypto_wrap.c:11897:48: error: ‘fd_set’ has no member named ‘__fds_bits’; did you mean ‘fds_bits’? +| 11897 | result = (__fd_mask *)(__fd_mask *) ((arg1)->__fds_bits); +| | ^~~~~~~~~~ +| | fds_bits + +Suggested by Adrien Nader <adr...@notk.org> in #1091133. + +Signed-off-by: Sebastian Andrzej Siewior <sebast...@breakpoint.cc> +--- + setup.py | 2 ++ + system_shadowing/sys/types.h | 0 + setup.py | 2 ++ + system_shadowing/sys/types.h | 1 + + 2 files changed, 3 insertions(+) + create mode 100644 system_shadowing/sys/types.h + +--- a/setup.py ++++ b/setup.py +@@ -138,6 +138,8 @@ requires_list = [] + # this shortly to come up with a better fix. + self.swig_opts.append('-D_MSC_VER=1500') + ++ self.swig_opts.append('-Isystem_shadowing') ++ + log.debug('self.openssl_path = %s', self.openssl_path) + log.debug('self.bundledlls = %s', self.bundledlls) + +--- /dev/null ++++ b/system_shadowing/sys/types.h +@@ -0,0 +1 @@ ++/* empty */ diff -Nru m2crypto-0.42.0/debian/patches/series m2crypto-0.42.0/debian/patches/series --- m2crypto-0.42.0/debian/patches/series 2024-10-21 11:38:02.000000000 +0200 +++ m2crypto-0.42.0/debian/patches/series 2025-01-10 12:24:09.000000000 +0100 @@ -1,2 +1,6 @@ expect-failure-for-mktime-on-i386-only.patch fix-ssl-timeout-for-t64.patch +0001-test_x509-Use-only-X509_VERSION_1-0-as-version-for-C.patch +0002-fix-EC-raise-ValueError-when-load_key_bio-cannot-rea.patch +0003-fix-EC-raise-IOError-instead-when-load_key_bio-canno.patch +0004-swig-Workaround-for-reading-sys-select.h-ending-with.patch
