Your message dated Mon, 13 Jan 2025 22:39:56 +0000
with message-id <e1txt6c-00hh8a...@fasolo.debian.org>
and subject line Bug#1087954: fixed in ruby3.3 3.3.6-1.1
has caused the Debian Bug report #1087954,
regarding ruby3.3: Fix FTBFS against openssl 3.4
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1087954: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1087954
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: ruby3.3
Version: 3.3.5-2
Severity: important
Tags: sid patch
control: affects -1 src:openssl
User: pkg-openssl-de...@lists.alioth.debian.org
Usertags: openssl-3.4
ruby3.3's testsuite fails against openssl 3.4. The problem is that the
testuite tries a CSR version which was never defined and openssl 3.4
started to verify the argument. Patch has been backported from upstream.
Sebastian
>From 4418ceb66e8c6564ddfea0fc76c3abde285d7531 Mon Sep 17 00:00:00 2001
From: Job Snijders <j...@sobornost.net>
Date: Tue, 19 Nov 2024 20:49:31 +0000
Subject: [PATCH] [ruby/openssl] Only CSR version 1 (encoded as 0) is allowed
by PKIX standards
RFC 2986, section 4.1 only defines version 1 for CSRs. This version
is encoded as a 0. Starting with OpenSSL 3.3, setting the CSR version
to anything but 1 fails.
Do not attempt to generate a CSR with invalid version (which now fails)
and invalidate the CSR in test_sign_and_verify_rsa_sha1 by changing its
subject rather than using an invalid version.
This commit fixes the following error.
```
2) Error: test_version(OpenSSL::TestX509Request): OpenSSL::X509::RequestError:
X509_REQ_set_version: passed invalid argument
/home/runner/work/openssl/openssl/test/openssl/test_x509req.rb:18:in `version='
/home/runner/work/openssl/openssl/test/openssl/test_x509req.rb:18:in `issue_csr'
/home/runner/work/openssl/openssl/test/openssl/test_x509req.rb:43:in
`test_version'
40: req = OpenSSL::X509::Request.new(req.to_der)
41: assert_equal(0, req.version)
42:
=> 43: req = issue_csr(1, @dn, @rsa1024, OpenSSL::Digest.new('SHA256'))
44: assert_equal(1, req.version)
45: req = OpenSSL::X509::Request.new(req.to_der)
46: assert_equal(1, req.version)
```
https://github.com/ruby/openssl/commit/c06fdeb091
---
test/openssl/test_x509req.rb | 7 +------
1 file changed, 1 insertion(+), 6 deletions(-)
diff --git a/test/openssl/test_x509req.rb b/test/openssl/test_x509req.rb
index ff17c4116306..b98754b8c8e4 100644
--- a/test/openssl/test_x509req.rb
+++ b/test/openssl/test_x509req.rb
@@ -39,11 +39,6 @@ class OpenSSL::TestX509Request < OpenSSL::TestCase
assert_equal(0, req.version)
req = OpenSSL::X509::Request.new(req.to_der)
assert_equal(0, req.version)
-
- req = issue_csr(1, @dn, @rsa1024, OpenSSL::Digest.new('SHA256'))
- assert_equal(1, req.version)
- req = OpenSSL::X509::Request.new(req.to_der)
- assert_equal(1, req.version)
end
def test_subject
@@ -106,7 +101,7 @@ class OpenSSL::TestX509Request < OpenSSL::TestCase
assert_equal(false, req.verify(@rsa2048))
assert_equal(false, request_error_returns_false { req.verify(@dsa256) })
assert_equal(false, request_error_returns_false { req.verify(@dsa512) })
- req.version = 1
+ req.subject = OpenSSL::X509::Name.parse("/C=JP/CN=FooBarFooBar")
assert_equal(false, req.verify(@rsa1024))
rescue OpenSSL::X509::RequestError # RHEL 9 disables SHA1
end
--
2.45.2
--- End Message ---
--- Begin Message ---
Source: ruby3.3
Source-Version: 3.3.6-1.1
Done: Sebastian Andrzej Siewior <sebast...@breakpoint.cc>
We believe that the bug you reported is fixed in the latest version of
ruby3.3, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1087...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sebastian Andrzej Siewior <sebast...@breakpoint.cc> (supplier of updated
ruby3.3 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 10 Jan 2025 21:56:50 +0100
Source: ruby3.3
Architecture: source
Version: 3.3.6-1.1
Distribution: unstable
Urgency: medium
Maintainer: Debian Ruby Team
<pkg-ruby-extras-maintain...@lists.alioth.debian.org>
Changed-By: Sebastian Andrzej Siewior <sebast...@breakpoint.cc>
Closes: 1087954 1091505
Changes:
ruby3.3 (3.3.6-1.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Fix test failures with OpenSSL 3.4 (Closes: #1087954).
* Skip test_bundled_ca, it access internet (Closes: #1091505).
Checksums-Sha1:
85376536b133e979eb7ad20d648e228c1518b1be 2571 ruby3.3_3.3.6-1.1.dsc
7f0fbe67705255ddbf756eff2f7cb52c18621f66 63660 ruby3.3_3.3.6-1.1.debian.tar.xz
Checksums-Sha256:
094cfab76ac386cbabb3dbb30fab6cc41bfff06d4be3df0d47b03a2001c30a61 2571
ruby3.3_3.3.6-1.1.dsc
c502b6cae2f8474ffaaafe388f54e897d2f54f77e7f25a45c3eea3e8e5ae65cf 63660
ruby3.3_3.3.6-1.1.debian.tar.xz
Files:
77d95c47ee5bdfe3c270c10c4da542be 2571 ruby optional ruby3.3_3.3.6-1.1.dsc
81f9cd73d988419dd7b98e7ce279621c 63660 ruby optional
ruby3.3_3.3.6-1.1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEZCVGlf/wqkRmzBnme5boFiqM9dEFAmeBidsACgkQe5boFiqM
9dGEGQ//Ql0tkMzUS80Cm97xi8/1KbRq2QWoHCjjBp4ZkBNTqX2v1IDNfq/eX++B
RIZJ/QaI8T+4r+gihNQvn/GAWVohJ0CqIJ5wKCNalsKIcvwTThU+3d1uOUr5yS6I
THemAduR9P/HBhO1yQpAKeB7sRe+4T7RF96V/aBcvGA8VLuCekCowMx3g/qD4FD1
7UVSXc+4eJN6L6ArIXmGhhRKfqnIvGxoZyoPoDPMR0m1G/zGngAA3Kd/ijqu1nKm
28S+ma2uJCR+mWuQLgFLwAGhL9u59ojhhPbpmCtXTECrAkOm1Qx3Nw94GPHHXof2
6NekXDZI6+ivIatZ26MnMhYrY+1JVkQ8Wga2FQ8Yr/LNXN2mCmLhs6K99MeLr9yB
vw4qRSicO17xgfbAk0jEgbRTvQZZJ5gQkrFGGAYCd0O0LF36ouTjsAbOMuQCfcYM
5TN5hbZznIbsWFtxITdJ2QWni7pu6xGIuGAwNJ5apWCB3BI9YhzRLMVXdweQqZOL
cdRTpWmeOtrboqftuq9u0/1bkkpG0PPWLAGy7420L5OzqWeUt5Yod7phEdEv76Ki
WK+PZByqOFx8w+gmH5h+NETf3g7NC8XO+bI8Cku07PU3UgYtHcNE9WruglroZVPi
13ksHSCXfBel+uqYx131KKwgfsnuixUz/y1yVRE7e9fioWj0AIY=
=Gc78
-----END PGP SIGNATURE-----
pgpyNIDWiFhSW.pgp
Description: PGP signature
--- End Message ---
