Debian Patches
Status for ocserv/1.5.0-1
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| pam-guard-page-disable-tail-call-opt.patch | pam-guard-page test: disable tail-call optimisation The pam-guard-page test overflows a PCL coroutine stack by infinite recursion to verify that the PROT_NONE guard page beneath it turns the overflow into a SIGSEGV. At -O2 (Debian's default) the compiler tail-call optimises the recursion into a loop that reuses a single frame, so the stack never grows, the guard page never faults, and the test hangs until its timeout -- deterministically, on every architecture. The volatile function pointer in the test prevents the recursion being elided but not the sibling-call optimisation. . Building just this test with -fno-optimize-sibling-calls restores the stack growth so the guard page fires and the test passes. Confirmed with a standalone reproducer: -O0 and -O2 -fno-optimize-sibling-calls pass, plain -O2 hangs. To be fixed upstream (the test should be made TCO-proof). |
Aron Xu <aron@debian.org> | no | 2026-06-16 | ||
| skip-test-gssapi-curl-regression.patch | Skip test-gssapi: curl Negotiate connection-reuse regression test-gssapi drives curl --negotiate (SPNEGO/NTLM via gss-ntlmssp) against ocserv. With sid's curl 8.21.0~rc2 it never completes: curl opens a fresh TCP connection for the credentialed retry instead of reusing the one that received the NTLM Type-2 challenge (observed in the build log as new source ports and a new ocserv worker per round), so the connection-bound handshake restarts indefinitely. The server side issues correct Type-2 challenges, so this is a client-side curl regression, not an ocserv bug. . Empirically a regression introduced after curl 8.20.0: the same test passes with curl 8.20.0-5 (Debian testing) and fails with 8.21.0~rc2. The -opt- gssapi variants pass via password/cert fallback and remain enabled. Re-add test-gssapi once curl restores connection reuse for the credential upgrade. |
Aron Xu <aron@debian.org> | not-needed | 2026-06-16 |