Debian Patches

Status for librist/0.2.17+dfsg-1

Patch Description Author Forwarded Bugs Origin Last update
system_cJSON.patch Ensure to only reference system cJSON during build
===================================================================		 Florian Ernst <florian@debian.org> not-needed
expect_multicast_tests_to_fail.patch We cannot assume to have multicast traffic allowed in the build hosts
===================================================================		 Florian Ernst <florian@debian.org> not-needed
f8d31daefe93a900b6b04614819d18564173401c.patch test(srp): regenerate fixtures for 2048-bit NG against PAD-compliant exchange

Since 0.2.16 the SRP authenticator zero-pads the u and k hash inputs
to N-length per RFC 5054 §2.6 (and therefore TR-06-2). The fixtures
in srp_examples.c were captured against the pre-PAD code and have
failed deterministically since 0.2.16 with both gnutls, system
mbedtls 3.6, and bundled mbedtls — see #215.

A separate hardening change also enforced a 1024-bit minimum for
caller-supplied N in librist_crypto_srp_client_ctx_create(), which
caused test_srp_client_ctx_create (and three downstream tests) to
deref a NULL ctx and segfault on the deprecated 512-bit modulus.

Switch the deterministic setup to the 2048-bit RFC 5054 group
(NG_DEFAULT) and re-record every fixture from the current
PAD-compliant exchange. The DEBUG_USE_EXAMPLE_CONSTANTS hooks in
srp.c still pin a, b, and salt, so the run remains deterministic.
test_srp_client_ctx_create now exercises both the default_ng=true
path and a custom-N path with NG_2048, asserts non-NULL on every
create, and uses the standard sizeof()/mbedtls_mpi_size() byte
widths instead of the obsolete 64-byte buffers.

Fixes #215 (segfaults + hash mismatches).		 Sergio Ammirata <sergio@ammirata.net> yes debian https://code.videolan.org/rist/librist/-/commit/f8d31daefe93a900b6b04614819d18564173401c 2026-06-02

All known versions for source package 'librist'

Links