--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: stretch-pu: package python-cryptography/1.7.1-3+deb9u2
- From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
- Date: Mon, 30 Sep 2019 21:43:57 +0200
- Message-id: <20190930194356.mvymp2p4x6uv2rs4@flow>
Package: release.debian.org
User: release.debian.org@packages.debian.org
Usertags: pu
Tags: stretch
Severity: normal
The upload of OpenSSL 1.1.1d to unstable broke the testsuite of
python-cryptography in unstable. These changes are also part of OpenSSL
1.1.0l (which should pop in Stretch via security) and break the
testsuite.
Only one test breaks and I propose to disable it (same issue as in
unstable).
Sebastian
diff -Nru python-cryptography-1.7.1/debian/changelog python-cryptography-1.7.1/debian/changelog
--- python-cryptography-1.7.1/debian/changelog 2018-09-02 15:17:35.000000000 +0200
+++ python-cryptography-1.7.1/debian/changelog 2019-09-30 20:58:11.000000000 +0200
@@ -1,3 +1,11 @@
+python-cryptography (1.7.1-3+deb9u2) stretch; urgency=medium
+
+ * Non-maintainer upload.
+ * Ignore test_load_ecdsa_no_named_curve in the testsuite because it known to
+ break with newer openssl (Closes: #940547).
+
+ -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Mon, 30 Sep 2019 20:58:11 +0200
+
python-cryptography (1.7.1-3+deb9u1) stretch; urgency=medium
* Remove BIO_callback_ctrl: The prototype differs with the OpenSSL's
diff -Nru python-cryptography-1.7.1/debian/patches/series python-cryptography-1.7.1/debian/patches/series
--- python-cryptography-1.7.1/debian/patches/series 2018-09-02 15:17:12.000000000 +0200
+++ python-cryptography-1.7.1/debian/patches/series 2019-09-30 20:58:11.000000000 +0200
@@ -1,3 +1,4 @@
0001-add-memory-limit-check-for-scrypt.patch
0002-fix-compilation-on-1.1.0f-3603.patch
Remove-BIO_callback_ctrl.patch
+tests-Skip-test_load_ecdsa_no_named_curve.patch
diff -Nru python-cryptography-1.7.1/debian/patches/tests-Skip-test_load_ecdsa_no_named_curve.patch python-cryptography-1.7.1/debian/patches/tests-Skip-test_load_ecdsa_no_named_curve.patch
--- python-cryptography-1.7.1/debian/patches/tests-Skip-test_load_ecdsa_no_named_curve.patch 1970-01-01 01:00:00.000000000 +0100
+++ python-cryptography-1.7.1/debian/patches/tests-Skip-test_load_ecdsa_no_named_curve.patch 2019-09-30 20:58:11.000000000 +0200
@@ -0,0 +1,26 @@
+From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
+Date: Tue, 24 Sep 2019 11:18:27 +0200
+Subject: [PATCH] tests: Skip test_load_ecdsa_no_named_curve
+
+The test_load_ecdsa_no_named_curve breaks with OpenSSL 1.1.1d which is
+due to to commit 9a43a733801bd ("[ec] Match built-in curves on
+EC_GROUP_new_from_ecparameters").
+
+Upstream is aware of the issue and it is tracked at
+ https://github.com/pyca/cryptography/issues/4998
+
+Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
+---
+ tests/test_x509.py | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/tests/test_x509.py
++++ b/tests/test_x509.py
+@@ -3512,6 +3512,7 @@ from .utils import load_vectors_from_fil
+ verifier.update(cert.tbs_certificate_bytes)
+ verifier.verify()
+
++ @pytest.mark.skip(reason="Breaks with openssl 1.1.0l, https://github.com/pyca/cryptography/issues/4998")
+ def test_load_ecdsa_no_named_curve(self, backend):
+ _skip_curve_unsupported(backend, ec.SECP256R1())
+ cert = _load_cert(
--- End Message ---