Bug#869856: openssl: FTBFS: Testsuite failures
On Sun, Aug 06, 2017 at 06:03:30PM +0200, Sebastian Andrzej Siewior wrote: > On 5 August 2017 23:31:33 CEST, Kurt Roeckxwrote: > > >I planned to break things by disabling TLS 1.0 and 1.1, which I > >might upload soon. I guess I can fix that at the same time. > > Do you intend a transition like we had for SSLv2 removal or do you plan just > to disable it? I remember a few packages using TLSv functions instead of > SSLv23 which is what should be used (and those will end up with nothing). I'm not sure what to do with the TLSv* methods. They have been deprecated and will be removed in 1.2. I could make them return NULL, or I could keep them working. I think I'm currently going for just making them turn NULL. I don't plan to remove any symbols, so there should be no need to change the soname. > Removing TLS1.0 and TLS1.1 sounds early but given that we aim Buster it looks > alright. My web server serves 1.2 only which only rejects a few bots of > questionable origin. My email server logs a few 1.0 legitimate connections > but that's how it is. They usually fallback to plain connection. Shouldn't we > announce it on D-D-A? Yes, the aim is to have this for Buster by default. And we can always revert this if too much is broken. But I think Buster is far enough in the future to try and do this now. Kurt
Bug#869856: openssl: FTBFS: Testsuite failures
On 5 August 2017 23:31:33 CEST, Kurt Roeckxwrote: >I planned to break things by disabling TLS 1.0 and 1.1, which I >might upload soon. I guess I can fix that at the same time. Do you intend a transition like we had for SSLv2 removal or do you plan just to disable it? I remember a few packages using TLSv functions instead of SSLv23 which is what should be used (and those will end up with nothing). Removing TLS1.0 and TLS1.1 sounds early but given that we aim Buster it looks alright. My web server serves 1.2 only which only rejects a few bots of questionable origin. My email server logs a few 1.0 legitimate connections but that's how it is. They usually fallback to plain connection. Shouldn't we announce it on D-D-A? > >Kurt Sebastian
Bug#869856: openssl: FTBFS: Testsuite failures
On Sat, Aug 05, 2017 at 09:03:41PM +0200, Sebastian Andrzej Siewior wrote: > control: tags -1 patch fixed-upstream pending > control: forwaded -1 https://github.com/openssl/openssl/issues/3562 > > On 2017-07-27 19:06:19 [-0700], Daniel Schepler wrote: > > It appears so. (Though I did have to apply it by hand as there was no > > "clientsession" line for patch to sync to in hunk #2.) > > okay. So we have fix a which will be part of 1.1.0g and I don't see a reason > to upload it right away. So I suggest to wait until upstream releases > something new. I planned to break things by disabling TLS 1.0 and 1.1, which I might upload soon. I guess I can fix that at the same time. Kurt
Processed: Re: Processed (with 1 error): Re: Bug#869856: openssl: FTBFS: Testsuite failures
Processing commands for cont...@bugs.debian.org: > forwarded 869856 https://github.com/openssl/openssl/issues/3562 Bug #869856 [src:openssl] openssl: FTBFS: Testsuite failures Set Bug forwarded-to-address to 'https://github.com/openssl/openssl/issues/3562'. > End of message, stopping processing here. Please contact me if you need assistance. -- 869856: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869856 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed (with 1 error): Re: Bug#869856: openssl: FTBFS: Testsuite failures
Processing control commands: > tags -1 patch fixed-upstream pending Bug #869856 [src:openssl] openssl: FTBFS: Testsuite failures Added tag(s) patch, pending, and fixed-upstream. > forwaded -1 https://github.com/openssl/openssl/issues/3562 Unknown command or malformed arguments to command. -- 869856: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869856 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#869856: openssl: FTBFS: Testsuite failures
control: tags -1 patch fixed-upstream pending control: forwaded -1 https://github.com/openssl/openssl/issues/3562 On 2017-07-27 19:06:19 [-0700], Daniel Schepler wrote: > It appears so. (Though I did have to apply it by hand as there was no > "clientsession" line for patch to sync to in hunk #2.) okay. So we have fix a which will be part of 1.1.0g and I don't see a reason to upload it right away. So I suggest to wait until upstream releases something new. Sebastian
Bug#869856: [Pkg-openssl-devel] Bug#869856: openssl: FTBFS: Testsuite failures
On Thu, Jul 27, 2017 at 9:05 AM, Kurt Roeckxwrote: > Does the attached patch fix it? It appears so. (Though I did have to apply it by hand as there was no "clientsession" line for patch to sync to in hunk #2.) -- Daniel Schepler
Bug#869856: [Pkg-openssl-devel] Bug#869856: openssl: FTBFS: Testsuite failures
On Thu, Jul 27, 2017 at 08:14:45AM -0700, Daniel Schepler wrote: > On Thu, Jul 27, 2017 at 12:02 AM, Kurt Roeckxwrote: > > Is that reproducible? > > Yes, it's definitely reproducible on my machine. Does the attached patch fix it? Kurt >From b72668a0d3586ee2560f0536c43e18991a4cfc6f Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Fri, 26 May 2017 13:06:08 +0100 Subject: [PATCH] Fix a Proxy race condition Issue #3562 describes a problem where a race condition can occur in the Proxy such that a test "ok" line can appear in the middle of other text causing the test harness to miss it. The issue is that we do not wait for the client process to finish after the test is complete, so that process may continue to write data to stdout/stderr at the same time that the test harness does. This commit fixes TLSProxy so that we always wait for the client process to finish before continuing. Fixes #3562 Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/3567) --- util/TLSProxy/Proxy.pm | 15 +++ 1 file changed, 15 insertions(+) diff --git a/util/TLSProxy/Proxy.pm b/util/TLSProxy/Proxy.pm index a826cb5257..5c363e76ed 100644 --- a/util/TLSProxy/Proxy.pm +++ b/util/TLSProxy/Proxy.pm @@ -49,6 +49,7 @@ sub new clientflags => "", serverconnects => 1, serverpid => 0, +clientpid => 0, reneg => 0, sessionfile => undef, @@ -113,6 +114,7 @@ sub clearClient $self->{message_list} = []; $self->{clientflags} = ""; $self->{sessionfile} = undef; +$self->{clientpid} = 0; $is_tls13 = 0; $ciphersuite = undef; @@ -240,6 +242,7 @@ sub clientstart } exec($execcmd); } +$self->clientpid($pid); } # Wait for incoming connection from client @@ -338,6 +341,10 @@ sub clientstart waitpid( $self->serverpid, 0); die "exit code $? from server process\n" if $? != 0; } +die "clientpid is zero\n" if $self->clientpid == 0; +print "Waiting for client process to close: ".$self->clientpid."\n"; +waitpid($self->clientpid, 0); + return 1; } @@ -531,6 +538,14 @@ sub serverpid } return $self->{serverpid}; } +sub clientpid +{ +my $self = shift; +if (@_) { +$self->{clientpid} = shift; +} +return $self->{clientpid}; +} sub fill_known_data { -- 2.13.2
Bug#869856: [Pkg-openssl-devel] Bug#869856: openssl: FTBFS: Testsuite failures
On Thu, Jul 27, 2017 at 12:02 AM, Kurt Roeckxwrote: > Is that reproducible? Yes, it's definitely reproducible on my machine. -- Daniel Schepler
Bug#869856: [Pkg-openssl-devel] Bug#869856: openssl: FTBFS: Testsuite failures
On Wed, Jul 26, 2017 at 11:18:32PM -0700, Daniel Schepler wrote: > Source: openssl > Version: 1.1.0f-3 > Severity: serious > > From my pbuilder build log (on amd64): > > ... > Test Summary Report > --- > ../../test/recipes/70-test_sslrecords.t (Wstat: 0 Tests: 10 Failed: 0) > Parse errors: Tests out of sequence. Found (5) but expected (4) >Tests out of sequence. Found (6) but expected (5) >Tests out of sequence. Found (7) but expected (6) >Tests out of sequence. Found (8) but expected (7) >Tests out of sequence. Found (9) but expected (8) > Displayed the first 5 of 8 TAP syntax errors. Is that reproducible? This was most likely fixed upstream the day after the release. Kurt
Bug#869856: openssl: FTBFS: Testsuite failures
Source: openssl Version: 1.1.0f-3 Severity: serious >From my pbuilder build log (on amd64): ... Test Summary Report --- ../../test/recipes/70-test_sslrecords.t (Wstat: 0 Tests: 10 Failed: 0) Parse errors: Tests out of sequence. Found (5) but expected (4) Tests out of sequence. Found (6) but expected (5) Tests out of sequence. Found (7) but expected (6) Tests out of sequence. Found (8) but expected (7) Tests out of sequence. Found (9) but expected (8) Displayed the first 5 of 8 TAP syntax errors. Re-run prove with the -p option to see them all. Files=95, Tests=534, 43 wallclock secs ( 1.22 usr 0.18 sys + 35.03 cusr 3.49 csys = 39.92 CPU) Result: FAIL Makefile:153: recipe for target '_tests' failed make[3]: *** [_tests] Error 8 make[3]: Leaving directory '/build/openssl-1.1.0f/build_shared' Makefile:151: recipe for target 'tests' failed make[2]: *** [tests] Error 2 make[2]: Leaving directory '/build/openssl-1.1.0f/build_shared' debian/rules:79: recipe for target 'override_dh_auto_test-arch' failed make[1]: *** [override_dh_auto_test-arch] Error 2 make[1]: Leaving directory '/build/openssl-1.1.0f' debian/rules:45: recipe for target 'build' failed make: *** [build] Error 2 dpkg-buildpackage: error: debian/rules build gave error exit status 2 -- Daniel Schepler