Your message dated Fri, 28 Jul 2023 12:35:15 +0000
with message-id <[email protected]>
and subject line Bug#1042449: fixed in libprotocol-http2-perl 1.10-3
has caused the Debian Bug report #1042449,
regarding libprotocol-http2-perl: Test-suite fails if OpenSSL configured with
seclevel 2
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1042449: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042449
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libprotocol-http2-perl
Severity: normal
Tags: patch
User: [email protected]
Usertags: origin-ubuntu mantic ubuntu-patch
Dear Maintainer,
The package uses the hardcoded tlsv1 value in its test-suite.
When OpenSSL has been built with security level 2 (or is set to level 2
at runtime), the TLSv1 protocol is rejected. This makes the
libprotocol-http2-perl build / autopkgtest fail.
There is an upstream bug report:
https://github.com/vlet/p5-Protocol-HTTP2/issues/15
And a PR was opened usptream:
https://github.com/vlet/p5-Protocol-HTTP2/pull/16
Debian is currently unaffected (I assume the security level is set to 1
at build-time) but in the future OpenSSL 3.1 will reject TLSv1 at
security level 1.
In Ubuntu, the attached patch was applied to achieve the following:
* Do not hardcode the test-suite TLS version to tlsv1 - which is disabled by
OpenSSL seclevel 2 on Ubuntu (LP: #2023586).
Thanks for considering the patch.
-- System Information:
Debian Release: bookworm/sid
APT prefers lunar-updates
APT policy: (500, 'lunar-updates'), (500, 'lunar-security'), (500, 'lunar'),
(100, 'lunar-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.1.0-16-generic (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff -Nru libprotocol-http2-perl-1.10/debian/patches/no-tlsv1.patch
libprotocol-http2-perl-1.10/debian/patches/no-tlsv1.patch
--- libprotocol-http2-perl-1.10/debian/patches/no-tlsv1.patch 1970-01-01
01:00:00.000000000 +0100
+++ libprotocol-http2-perl-1.10/debian/patches/no-tlsv1.patch 2023-07-28
11:43:40.000000000 +0200
@@ -0,0 +1,32 @@
+Description: Remove hardcoded tlsv1 protocol version
+ The test-suite of libprotocol-http2-perl uses a hardcoded value of tlsv1 -
+ which is disabled in Ubuntu by means of OpenSSL seclevel. Specifying another
+ version like tlsv1_2 would work but it seems sensible to leave that up to the
+ system decide.
+Author: Olivier Gayot <[email protected]>
+Bug-Ubuntu: https://launchpad.net/bugs/2023586
+Forwarded: https://github.com/vlet/p5-Protocol-HTTP2/pull/16
+Last-Update: 2023-07-28
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+Index: b/t/lib/PH2ClientServerTest.pm
+===================================================================
+--- a/t/lib/PH2ClientServerTest.pm 2023-07-28 11:35:33.957861624 +0200
++++ b/t/lib/PH2ClientServerTest.pm 2023-07-28 11:43:04.843734902 +0200
+@@ -43,7 +43,6 @@
+ if ( !$h{upgrade} && ( $h{npn} || $h{alpn} ) ) {
+ eval {
+ $tls = AnyEvent::TLS->new(
+- method => 'tlsv1',
+ cert_file => $tls_crt,
+ key_file => $tls_key,
+ );
+@@ -122,7 +121,7 @@
+ }
+ elsif ( $h{npn} || $h{alpn} ) {
+ eval {
+- $tls = AnyEvent::TLS->new( method => 'tlsv1', );
++ $tls = AnyEvent::TLS->new();
+
+ if ( delete $h{npn} ) {
+
diff -Nru libprotocol-http2-perl-1.10/debian/patches/series
libprotocol-http2-perl-1.10/debian/patches/series
--- libprotocol-http2-perl-1.10/debian/patches/series 1970-01-01
01:00:00.000000000 +0100
+++ libprotocol-http2-perl-1.10/debian/patches/series 2023-07-28
11:43:11.000000000 +0200
@@ -0,0 +1 @@
+no-tlsv1.patch
--- End Message ---
--- Begin Message ---
Source: libprotocol-http2-perl
Source-Version: 1.10-3
Done: gregor herrmann <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libprotocol-http2-perl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
gregor herrmann <[email protected]> (supplier of updated libprotocol-http2-perl
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 28 Jul 2023 13:38:28 +0200
Source: libprotocol-http2-perl
Architecture: source
Version: 1.10-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Perl Group <[email protected]>
Changed-By: gregor herrmann <[email protected]>
Closes: 1042449
Changes:
libprotocol-http2-perl (1.10-3) unstable; urgency=medium
.
[ Olivier Gayot ]
* Do not hardcode the test-suite TLS version to tlsv1 which is disabled
by OpenSSL seclevel 2 on Ubuntu (LP: #2023586) (Closes: #1042449)
.
[ gregor herrmann ]
* Stop removing empty manpages in debian/rules.
Build-depend on libmodule-build-tiny-perl (>= 0.040) instead.
* Update years of packaging copyright.
* Declare compliance with Debian Policy 4.6.2.
* Set Rules-Requires-Root: no.
Checksums-Sha1:
c9a3f4d2eae91c86c2babe005dfe5e9fda1c0cdf 2569 libprotocol-http2-perl_1.10-3.dsc
04447a72aa9965f8536c0cebd6861c5a2b7cbaaf 2972
libprotocol-http2-perl_1.10-3.debian.tar.xz
Checksums-Sha256:
adf2622c10e0984261781cb28579e0efe08c58e76909782894e012fdfa7b15c1 2569
libprotocol-http2-perl_1.10-3.dsc
efa10ed9a8b045413fd5a439edbb33b5d8880672ef112bf8c7178ecb4b210cdf 2972
libprotocol-http2-perl_1.10-3.debian.tar.xz
Files:
16ca94746c967764ccc07b19beaa3a68 2569 perl optional
libprotocol-http2-perl_1.10-3.dsc
35d7cf47006ec60c69b098ff770c410a 2972 perl optional
libprotocol-http2-perl_1.10-3.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE0eExbpOnYKgQTYX6uzpoAYZJqgYFAmTDqTxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEQx
RTEzMTZFOTNBNzYwQTgxMDREODVGQUJCM0E2ODAxODY0OUFBMDYACgkQuzpoAYZJ
qgb1GRAAl1CuW1I+kx6CG9PO8I7872rwsPB9MJTvv3o8ekPgQcSSOSWCI3h6lYEp
N75DcddCTl40BLPw9ovKSlm8j1LRv5t7XIHz+0ptL2b9JLR7ZTgDJTgFxW1tot5X
bMcBqcD5lPnEI1ZomzNu7IoKPzXP+KGkuxpoglkP0BgLDAyub7GjHA/Jyaq9a9k8
xxkDQnzN20ep84ijIyVUcdPjEP+uoZr9ljVQGEgfU/zEMiHt75hvKVr+6tan41o5
OuFSYj99f71Ph59sQPR4RRLrlqsHx6YxD548erzsgmMPGMdFawSw/JwSGnnNixsC
fxvTQQBK8V8puv/j/bUDnyNf9d8gl5Cfd88zpiPby4uhF+kSclO5YyfLNQ0MTloP
MXsh+BM3SDFfi8x9arYn4YPWzv9KBMxsWKgnhLFwsnNqonGSp9fywocSp4KpZIz1
t8OC8RGVrL+tyf6vKZzQ41kxXhw34tBB/q1UZCVqnX1qUvIn1UMrJ4DkUFyc8FOD
4GQZn9nA5gvDJVaWLwb/R9f4IHggqMb+jsB+L6/GR5FlHnAYQRok0k6jtRKEftgh
L/PjJNuzH/dUZe4YIgv3X2/I41XHwRiDaAjxNRL+3+8aWCgz/P2bqLYuUZtcRG8m
sLod/oh6Uaigtq5sFFgKa2r0Sqf2H2SC1B/pau+LtHu0Uwma5Sg=
=0UDO
-----END PGP SIGNATURE-----
--- End Message ---
