Control: tags 1053483 + pending Dear maintainer,
I've prepared an NMU for hash-slinger (versioned as 3.1-1.2) and uploaded it to DELAYED/10. Please feel free to tell me if I should delay it longer. I didn't find a recent copy of the source code on Salsa as well, otherwise I would have submitted this as a MR there as well. I also plan on issuing a stable release update for this once the NMU lands in testing. Let me know if I should delay this as well. My work on this issue is tracked in this bug report and our internal tracker here as well: https://gitlab.torproject.org/tpo/tpa/team/-/issues/41350 Regards. --
diff -Nru hash-slinger-3.1/debian/changelog hash-slinger-3.1/debian/changelog --- hash-slinger-3.1/debian/changelog 2022-02-10 01:03:46.000000000 -0500 +++ hash-slinger-3.1/debian/changelog 2023-10-05 10:37:58.000000000 -0400 @@ -1,3 +1,10 @@ +hash-slinger (3.1-1.2) unstable; urgency=medium + + * Non-maintainer upload. + * Bug fix: "tlsa can produce invalid records" (Closes: #1053483) + + -- Antoine Beaupré <anar...@debian.org> Thu, 05 Oct 2023 10:37:58 -0400 + hash-slinger (3.1-1.1) unstable; urgency=low * Non-maintainer upload. diff -Nru hash-slinger-3.1/debian/patches/0001-fix-generic-TLSA-record-generation.patch hash-slinger-3.1/debian/patches/0001-fix-generic-TLSA-record-generation.patch --- hash-slinger-3.1/debian/patches/0001-fix-generic-TLSA-record-generation.patch 1969-12-31 19:00:00.000000000 -0500 +++ hash-slinger-3.1/debian/patches/0001-fix-generic-TLSA-record-generation.patch 2023-10-05 10:36:07.000000000 -0400 @@ -0,0 +1,34 @@ +From e3bec6e2a6b1bda7c52b4c585474fd7cc23ab643 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Charaoui?= <jer...@riseup.net> +Date: Wed, 4 Oct 2023 22:05:26 -0400 +Subject: [PATCH] fix generic TLSA record generation +Applied-Upstream: https://github.com/letoams/hash-slinger/commit/0bb0dba91c51d367d9a37297f13e07f33c01bfdc + +It seems like the calculation for the TLSA record never really worked, +as we're doing float division here on the `len()` field. In our case, +that field returned `35.0` which is not valid in our environment. + +Doing an integer division gives the correct result in most cases, I +believe. + +Closes: #45 +--- + tlsa | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tlsa b/tlsa +index cea7230..ec97150 100755 +--- a/tlsa ++++ b/tlsa +@@ -513,7 +513,7 @@ class TLSARecord: + def getRecord(self, generic=False): + """Returns the RR string of this TLSARecord, either in rfc (default) or generic format""" + if generic: +- return '%s IN TYPE52 \# %s %s%s%s%s' % (self.name, (len(self.cert)/2)+3 , self._toHex(self.usage), self._toHex(self.selector), self._toHex(self.mtype), self.cert) ++ return '%s IN TYPE52 \# %s %s%s%s%s' % (self.name, (len(self.cert)//2)+3 , self._toHex(self.usage), self._toHex(self.selector), self._toHex(self.mtype), self.cert) + return '%s IN TLSA %s %s %s %s' % (self.name, self.usage, self.selector, self.mtype, self.cert) + + def _toHex(self, val): +-- +2.39.2 + diff -Nru hash-slinger-3.1/debian/patches/series hash-slinger-3.1/debian/patches/series --- hash-slinger-3.1/debian/patches/series 2021-02-14 11:40:02.000000000 -0500 +++ hash-slinger-3.1/debian/patches/series 2023-10-05 10:36:07.000000000 -0400 @@ -1 +1,2 @@ 0001-Debian-default-root.key-resides-in-usr-share-dns-roo.patch +0001-fix-generic-TLSA-record-generation.patch
signature.asc
Description: PGP signature
