Bug#1055416: marked as done (nodejs: Testsuite failure in test-crypto-dh since OpenSSL 3.0.12/3.1.4.)

Wed, 22 Nov 2023 11:10:08 -0800 

Your message dated Wed, 22 Nov 2023 19:06:39 +0000
with message-id <e1r5syz-002wpz...@fasolo.debian.org>
and subject line Bug#1055416: fixed in nodejs 18.13.0+dfsg1-1.1
has caused the Debian Bug report #1055416,
regarding nodejs: Testsuite failure in test-crypto-dh since OpenSSL 
3.0.12/3.1.4.
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1055416: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055416
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: nodejs
Version: 18.13.0+dfsg1-1
Severity: Serious
Tags: patch
control: affects -1 src:openssl

OpenSSL 3.0.12 and 3.1.4 changed the error response resulting a failure
in test parallel/test-crypto-dh.
This has been addressed in the master branch in commit
        8eea2d3709090 ("test: fix crypto-dh error message for OpenSSL 3.x")

An additional problem is that the check compares OpenSSL from compile
time not runtime. Which means I couldn't test upstream's version as-is.
The attached version takes always the 3.0.12/3.1.4 variant. Given that
the new upload picks up the new OpenSSL vesion then it should be okay to
apply the original commit.

Sebastian

From: Sebastian Andrzej Siewior <sebast...@breakpoint.cc>
Date: Sun, 5 Nov 2023 13:08:23 +0100
Subject: [PATCH] test: Alter error message.

This is variant of upstream's commit
	8eea2d3709090 ("test: fix crypto-dh error message for OpenSSL 3.x")

It does not work as-is in Debian because the testsuite may run against a
different version than the compiled once and the constant version check
does not apply.

Signed-off-by: Sebastian Andrzej Siewior <sebast...@breakpoint.cc>
---
 test/parallel/test-crypto-dh.js      |   4 +---
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/test/parallel/test-crypto-dh.js b/test/parallel/test-crypto-dh.js
index 18721fcf289e..506780db4cbe 100644
--- a/test/parallel/test-crypto-dh.js
+++ b/test/parallel/test-crypto-dh.js
@@ -165,9 +165,7 @@ if (common.hasOpenSSL3) {
 
 assert.throws(() => {
   dh3.computeSecret('');
-}, { message: common.hasOpenSSL3 ?
-  'error:02800080:Diffie-Hellman routines::invalid secret' :
-  'Supplied key is too small' });
+}, { message: 'Supplied key is too small' });
 
 // Invalid test: curve argument is undefined
 assert.throws(
-- 
2.42.0

--- End Message ---
--- Begin Message --- 
Source: nodejs
Source-Version: 18.13.0+dfsg1-1.1
Done: Sebastian Andrzej Siewior <sebast...@breakpoint.cc>

We believe that the bug you reported is fixed in the latest version of
nodejs, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1055...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sebastian Andrzej Siewior <sebast...@breakpoint.cc> (supplier of updated nodejs 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 22 Nov 2023 18:15:44 +0100
Source: nodejs
Architecture: source
Version: 18.13.0+dfsg1-1.1
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers 
<pkg-javascript-de...@alioth-lists.debian.net>
Changed-By: Sebastian Andrzej Siewior <sebast...@breakpoint.cc>
Closes: 1031834 1039990 1050739 1052470 1054892 1055416
Changes:
 nodejs (18.13.0+dfsg1-1.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Adapt testsuite failures in test-crypto-dh since OpenSSL 3.0.12/3.1.4
     (Closes: #1055416).
   * Adapt testsuite failures due TLSv < 1.1 available only at seclevel 0
     (Closes: #1052470).
   * CVE-2023-23919 (Node.js OpenSSL error handling issues in nodejs crypto
     library). (Closes: #1031834).
   * CVE-2023-23920 (Node.js insecure loading of ICU data through ICU_DATA
     environment variable) (Closes: #1031834).
   * CVE-2023-30590 (DiffieHellman do not generate keys after setting a private
     key) (Closes: #1039990).
   * CVE-2023-30589 (HTTP Request Smuggling via Empty headers separated by CR)
    (Closes: #1039990).
   * CVE-2023-30588 (Process interuption due to invalid Public Key information
     in x509 certificates) (Closes: #1039990).
   * CVE-2023-32559 (Permissions policies can be bypassed via process.binding)
     (Closes: #1050739).
   * CVE-2023-30581 (mainModule.proto bypass experimental policy mechanism)
     (Closes: #1039990).
   * CVE-2023-32002 (Permissions policies can be bypassed via Module._load)
     (Closes: #1050739).
   * CVE-2023-32006 (Permissions policies can impersonate other modules in
     using module.constructor.createRequire()) (Closes: #1050739).
   * CVE-2023-38552 (Integrity checks according to policies can be
     circumvented) (Closes: #1054892).
   * CVE-2023-39333 (Code injection via WebAssembly export names)
     (Closes: #1054892).
Checksums-Sha1:
 dcaebed33f6dcc4676e2de5744eedd113a8b896f 3893 nodejs_18.13.0+dfsg1-1.1.dsc
 40afec3b105abf5f5103060af70a3b92c4fe3133 193396 
nodejs_18.13.0+dfsg1-1.1.debian.tar.xz
Checksums-Sha256:
 28f1b461b19098a6c8a7918fa1e233350160c429dcfd5d5859d9e510948048c2 3893 
nodejs_18.13.0+dfsg1-1.1.dsc
 3bef0de67aa1831dc43fdda99f314cdb7b13361d3d3b34a88dd5df8b6e3cf23d 193396 
nodejs_18.13.0+dfsg1-1.1.debian.tar.xz
Files:
 7e942e84e0e8b3acebaa5ea6ca48aa49 3893 javascript optional 
nodejs_18.13.0+dfsg1-1.1.dsc
 2a6f98d11292e933c2d0f2fc486ce3b1 193396 javascript optional 
nodejs_18.13.0+dfsg1-1.1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQGzBAEBCgAdFiEEV4kucFIzBRM39v3RBWQfF1cS+lsFAmVeThAACgkQBWQfF1cS
+luFTAv/X+K/+6VVXsEJfu17fR8JCt2wwc55rQ/Za6rCIDpgWgIvwrxeMHdNTr0f
TmK5eEIhjZ2kL4y2CNhuBt2Hdmpa526RGdTmfgDxVop7VGFTamr9o3NQvrx6EaO3
AJhVRG6VGvVpPXBeVAdraXQWaTj+oda1idZf7Aw5/VdT3h+n4/do7XQtQJBlJFvG
TQSUq7PtGi3qJ9Pje1P0JQcIPPONsgqG18JHXlBPvWkoyah91YdGcsTyxTX1k241
l1Vb83HLSUU24xxk58oGJ7NAX82BDHGGxhgpDSm17sjlqjNtRdjPaUqAi+lyVohg
l1GppruqQYk80iG6Fgo1x5ew/XsTe+ger2kypJhcTIGwB6PlhTif/6J/ukwvln0p
F+I8Gd3ftj+U9CrfUDQfvh65k1wIJYVlb/97RQDZZNHZWQRlTc8QL++68aWImc7g
nSJ5DSSlLQHWb7z0+oQN4B4iQukAGo2iRoMlTbZYwedAEihClslofbAU2CGZCd44
eNLNnOX/
=7nMl
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to