Package: tcl-tls
Version: 1.7.22-3+b1
Severity: normal
Tags: patch upstream
OpenSSL 3.0 introduced a new option `SSL_OP_IGNORE_UNEXPECTED_EOF`. If
this is not set, it handles unexpected EOF's as fatal errors. Since
TclTLS does not currently set it, some EOF's are treated as errors. I
have reported this upstream here:
https://core.tcl-lang.org/tcltls/tktview/c5811f0d433d34ca16ccecdec10fb61e2f3ba657
I've attached the patch I proposed in the upstream bug report. I'll add
some DEP-3 metadata and create an MR against the tcltls Salsa repo.
-- System Information:
Debian Release: trixie/sid
APT prefers testing-debug
APT policy: (990, 'testing-debug'), (990, 'testing'), (900,
'stable-updates'), (900, 'stable-security'), (900, 'stable-debug'), (900,
'stable'), (500, 'oldstable-updates'), (500, 'oldstable-security'), (500,
'oldstable-debug'), (500, 'oldstable'), (99, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.5.0-1-amd64 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) (ignored: LC_ALL
set to en_GB.UTF-8), LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages tcl-tls depends on:
ii libc6 2.37-12
ii libssl3 3.0.11-1
ii libtcl8.6 [libtcl] 8.6.13+dfsg-2
tcl-tls recommends no packages.
tcl-tls suggests no packages.
-- no debconf information
--- a/tls.c
+++ b/tls.c
@@ -1214,6 +1214,9 @@
SSL_CTX_set_app_data( ctx, (VOID*)interp); /* remember the interpreter */
SSL_CTX_set_options( ctx, SSL_OP_ALL); /* all SSL bug workarounds */
SSL_CTX_set_options( ctx, off);/* all SSL bug workarounds */
+#ifdef SSL_OP_IGNORE_UNEXPECTED_EOF
+SSL_CTX_set_options( ctx, SSL_OP_IGNORE_UNEXPECTED_EOF);
+#endif
SSL_CTX_sess_set_cache_size( ctx, 128);
if (ciphers != NULL)
