Debian Patches
Status for m2crypto/0.42.0-3
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| expect-failure-for-mktime-on-i386-only.patch | Expect failure for mktime on i386 only | Bastian Germann <bage@debian.org> | no | 2024-07-18 | ||
| fix-ssl-timeout-for-t64.patch | Fix SSL timeout struct on 32-bit systems with 64-bit time_t | Spyros Seimenis <spyros.seimenis@canonical.com> | no | debian | ||
| 0001-test_x509-Use-only-X509_VERSION_1-0-as-version-for-C.patch | [PATCH 1/4] test_x509: Use only X509_VERSION_1 (0) as version for CSR. RFC 2986 only defines a single version for CSRs: X509_VERSION_1 (0). OpenSSL starting with 3.4 rejects everything else. Remove the tests where X509_VERSION_2 (1) is used X509_REQ_set_version. |
Sebastian Andrzej Siewior <sebastian@breakpoint.cc> | no | 2024-10-20 | ||
| 0002-fix-EC-raise-ValueError-when-load_key_bio-cannot-rea.patch | [PATCH 2/4] fix[EC]: raise ValueError when load_key_bio() cannot read the file. | =?UTF-8?q?Mat=C4=9Bj=20Cepl?= <mcepl@cepl.eu> | no | 2024-10-14 | ||
| 0003-fix-EC-raise-IOError-instead-when-load_key_bio-canno.patch | [PATCH 3/4] fix[EC]: raise IOError instead when load_key_bio() cannot read the file. It is probably more appropriate than ValueError when I/O is involved. |
=?UTF-8?q?Mat=C4=9Bj=20Cepl?= <mcepl@cepl.eu> | no | 2024-10-14 | ||
| 0004-swig-Workaround-for-reading-sys-select.h-ending-with.patch | [PATCH 4/4] swig: Workaround for reading sys/select.h ending with wrong types. | src/SWIG/_m2crypto_wrap.c: In function ‘_wrap_fd_set___fds_bits_set’: | src/SWIG/_m2crypto_wrap.c:11872:88: error: ‘fd_set’ has no member named ‘__fds_bits’; did you mean ‘fds_bits’? | 11872 | for (; ii < (size_t)1024/(8*(int) sizeof(__fd_mask)); ++ii) *(__fd_mask *)&arg1->__fds_bits[ii] = *((__fd_mask *)arg2 + ii); | | ^~~~~~~~~~ | | fds_bits | src/SWIG/_m2crypto_wrap.c: In function ‘_wrap_fd_set___fds_bits_get’: | src/SWIG/_m2crypto_wrap.c:11897:48: error: ‘fd_set’ has no member named ‘__fds_bits’; did you mean ‘fds_bits’? | 11897 | result = (__fd_mask *)(__fd_mask *) ((arg1)->__fds_bits); | | ^~~~~~~~~~ | | fds_bits Suggested by Adrien Nader <adrien@notk.org> in #1091133. |
Sebastian Andrzej Siewior <sebastian@breakpoint.cc> | no | 2025-01-10 | ||
| tests-do-not-pass-debug-to-openssl.patch | tests: Don't pass `-debug' to openssl. The HttpslibSSLSNIClientTestCase test starts "openssl s_server" as the server side and passes `-debug' as one of the arguments. This option increases the output while its content is not considered/ parsed by the test suite as far as I can observe. OpenSSL 3.5 (currently alpha) added post-quantum hybrid key agreement support. As part of this support keys for X25519MLKEM768 are sent during the client-hello phase and not just X25519. Since the keys for MLKEM768 are large, the client-hello and server-hello messages become significantly bigger (since now X25519MLKEM768 is now supported on both sides). This in turn increases the output generated by the `-debug' switch. The output of `openssl s_server' is not consumed while the application is running but cached in the PIPE and consumed after the server has been terminated and the output is parsed in self.stop_server(). Due to the big increase of the output due the additional keys the `test_IP_call' test stalls now because OpenSSL's write to the output blocks until the reader consumes it but this is not happening until after the tests completes. So the test stalls. The additional content generated by the `-debug' switch is not important for the tests. The `-msg' switch is used for hostname verification. Don't pass `-debug' to openssl. |
Sebastian Andrzej Siewior <sebastian@breakpoint.cc> | no | debian | 2025-03-24 |