Bug#869856: openssl: FTBFS: Testsuite failures

2017-08-06 Thread Kurt Roeckx 
On Sun, Aug 06, 2017 at 06:03:30PM +0200, Sebastian Andrzej Siewior wrote:
> On 5 August 2017 23:31:33 CEST, Kurt Roeckx  wrote:
> 
> >I planned to break things by disabling TLS 1.0 and 1.1, which I
> >might upload soon. I guess I can fix that at the same time.
> 
> Do you intend a transition like we had for SSLv2 removal or do you plan just 
> to disable it? I remember a few packages using TLSv functions instead of 
> SSLv23 which is what should be used (and those will end up with nothing).

I'm not sure what to do with the TLSv* methods. They have been
deprecated and will be removed in 1.2. I could make them return
NULL, or I could keep them working. I think I'm currently going
for just making them turn NULL.

I don't plan to remove any symbols, so there should be no need to
change the soname.

> Removing TLS1.0 and TLS1.1 sounds early but given that we aim Buster it looks 
> alright. My web server serves 1.2 only which only rejects a few bots of 
> questionable origin. My email server logs a few 1.0 legitimate connections 
> but that's how it is. They usually fallback to plain connection. Shouldn't we 
> announce it on D-D-A?

Yes, the aim is to have this for Buster by default. And we can
always revert this if too much is broken. But I think Buster is
far enough in the future to try and do this now.


Kurt

Bug#869856: openssl: FTBFS: Testsuite failures

2017-08-06 Thread Sebastian Andrzej Siewior 
On 5 August 2017 23:31:33 CEST, Kurt Roeckx  wrote:

>I planned to break things by disabling TLS 1.0 and 1.1, which I
>might upload soon. I guess I can fix that at the same time.

Do you intend a transition like we had for SSLv2 removal or do you plan just to 
disable it? I remember a few packages using TLSv functions instead of SSLv23 
which is what should be used (and those will end up with nothing).

Removing TLS1.0 and TLS1.1 sounds early but given that we aim Buster it looks 
alright. My web server serves 1.2 only which only rejects a few bots of 
questionable origin. My email server logs a few 1.0 legitimate connections but 
that's how it is. They usually fallback to plain connection. Shouldn't we 
announce it on D-D-A?
>
>Kurt



Sebastian

Bug#869856: openssl: FTBFS: Testsuite failures

2017-08-05 Thread Kurt Roeckx 
On Sat, Aug 05, 2017 at 09:03:41PM +0200, Sebastian Andrzej Siewior wrote:
> control: tags -1 patch fixed-upstream pending
> control: forwaded -1 https://github.com/openssl/openssl/issues/3562
> 
> On 2017-07-27 19:06:19 [-0700], Daniel Schepler wrote:
> > It appears so.  (Though I did have to apply it by hand as there was no
> > "clientsession" line for patch to sync to in hunk #2.)
> 
> okay. So we have fix a which will be part of 1.1.0g and I don't see a reason
> to upload it right away. So I suggest to wait until upstream releases
> something new.

I planned to break things by disabling TLS 1.0 and 1.1, which I
might upload soon. I guess I can fix that at the same time.


Kurt

Processed: Re: Processed (with 1 error): Re: Bug#869856: openssl: FTBFS: Testsuite failures

2017-08-05 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> forwarded 869856 https://github.com/openssl/openssl/issues/3562
Bug #869856 [src:openssl] openssl: FTBFS: Testsuite failures
Set Bug forwarded-to-address to 
'https://github.com/openssl/openssl/issues/3562'.
>
End of message, stopping processing here.

Please contact me if you need assistance.
-- 
869856: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869856
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed (with 1 error): Re: Bug#869856: openssl: FTBFS: Testsuite failures

2017-08-05 Thread Debian Bug Tracking System 
Processing control commands:

> tags -1 patch fixed-upstream pending
Bug #869856 [src:openssl] openssl: FTBFS: Testsuite failures
Added tag(s) patch, pending, and fixed-upstream.
> forwaded -1 https://github.com/openssl/openssl/issues/3562
Unknown command or malformed arguments to command.


-- 
869856: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869856
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#869856: openssl: FTBFS: Testsuite failures

2017-08-05 Thread Sebastian Andrzej Siewior 
control: tags -1 patch fixed-upstream pending
control: forwaded -1 https://github.com/openssl/openssl/issues/3562

On 2017-07-27 19:06:19 [-0700], Daniel Schepler wrote:
> It appears so.  (Though I did have to apply it by hand as there was no
> "clientsession" line for patch to sync to in hunk #2.)

okay. So we have fix a which will be part of 1.1.0g and I don't see a reason
to upload it right away. So I suggest to wait until upstream releases
something new.

Sebastian

Bug#869856: [Pkg-openssl-devel] Bug#869856: openssl: FTBFS: Testsuite failures

2017-07-27 Thread Daniel Schepler 
On Thu, Jul 27, 2017 at 9:05 AM, Kurt Roeckx  wrote:
> Does the attached patch fix it?

It appears so.  (Though I did have to apply it by hand as there was no
"clientsession" line for patch to sync to in hunk #2.)
-- 
Daniel Schepler

Bug#869856: [Pkg-openssl-devel] Bug#869856: openssl: FTBFS: Testsuite failures

2017-07-27 Thread Kurt Roeckx 
On Thu, Jul 27, 2017 at 08:14:45AM -0700, Daniel Schepler wrote:
> On Thu, Jul 27, 2017 at 12:02 AM, Kurt Roeckx  wrote:
> > Is that reproducible?
> 
> Yes, it's definitely reproducible on my machine.

Does the attached patch fix it?


Kurt

>From b72668a0d3586ee2560f0536c43e18991a4cfc6f Mon Sep 17 00:00:00 2001
From: Matt Caswell 
Date: Fri, 26 May 2017 13:06:08 +0100
Subject: [PATCH] Fix a Proxy race condition

Issue #3562 describes a problem where a race condition can occur in the
Proxy such that a test "ok" line can appear in the middle of other text
causing the test harness to miss it. The issue is that we do not wait for
the client process to finish after the test is complete, so that process may
continue to write data to stdout/stderr at the same time that the test
harness does.

This commit fixes TLSProxy so that we always wait for the client process to
finish before continuing.

Fixes #3562

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/3567)
---
 util/TLSProxy/Proxy.pm | 15 +++
 1 file changed, 15 insertions(+)

diff --git a/util/TLSProxy/Proxy.pm b/util/TLSProxy/Proxy.pm
index a826cb5257..5c363e76ed 100644
--- a/util/TLSProxy/Proxy.pm
+++ b/util/TLSProxy/Proxy.pm
@@ -49,6 +49,7 @@ sub new
 clientflags => "",
 serverconnects => 1,
 serverpid => 0,
+clientpid => 0,
 reneg => 0,
 sessionfile => undef,
 
@@ -113,6 +114,7 @@ sub clearClient
 $self->{message_list} = [];
 $self->{clientflags} = "";
 $self->{sessionfile} = undef;
+$self->{clientpid} = 0;
 $is_tls13 = 0;
 $ciphersuite = undef;
 
@@ -240,6 +242,7 @@ sub clientstart
 }
 exec($execcmd);
 }
+$self->clientpid($pid);
 }
 
 # Wait for incoming connection from client
@@ -338,6 +341,10 @@ sub clientstart
 waitpid( $self->serverpid, 0);
 die "exit code $? from server process\n" if $? != 0;
 }
+die "clientpid is zero\n" if $self->clientpid == 0;
+print "Waiting for client process to close: ".$self->clientpid."\n";
+waitpid($self->clientpid, 0);
+
 return 1;
 }
 
@@ -531,6 +538,14 @@ sub serverpid
 }
 return $self->{serverpid};
 }
+sub clientpid
+{
+my $self = shift;
+if (@_) {
+$self->{clientpid} = shift;
+}
+return $self->{clientpid};
+}
 
 sub fill_known_data
 {
-- 
2.13.2

Bug#869856: [Pkg-openssl-devel] Bug#869856: openssl: FTBFS: Testsuite failures

2017-07-27 Thread Daniel Schepler 
On Thu, Jul 27, 2017 at 12:02 AM, Kurt Roeckx  wrote:
> Is that reproducible?

Yes, it's definitely reproducible on my machine.
-- 
Daniel Schepler

Bug#869856: [Pkg-openssl-devel] Bug#869856: openssl: FTBFS: Testsuite failures

2017-07-27 Thread Kurt Roeckx 
On Wed, Jul 26, 2017 at 11:18:32PM -0700, Daniel Schepler wrote:
> Source: openssl
> Version: 1.1.0f-3
> Severity: serious
> 
> From my pbuilder build log (on amd64):
> 
> ...
> Test Summary Report
> ---
> ../../test/recipes/70-test_sslrecords.t (Wstat: 0 Tests: 10 Failed: 0)
>  Parse errors: Tests out of sequence.  Found (5) but expected (4)
>Tests out of sequence.  Found (6) but expected (5)
>Tests out of sequence.  Found (7) but expected (6)
>Tests out of sequence.  Found (8) but expected (7)
>Tests out of sequence.  Found (9) but expected (8)
> Displayed the first 5 of 8 TAP syntax errors.

Is that reproducible?

This was most likely fixed upstream the day after the release.


Kurt

Bug#869856: openssl: FTBFS: Testsuite failures

2017-07-27 Thread Daniel Schepler 
Source: openssl
Version: 1.1.0f-3
Severity: serious

>From my pbuilder build log (on amd64):

...
Test Summary Report
---
../../test/recipes/70-test_sslrecords.t (Wstat: 0 Tests: 10 Failed: 0)
 Parse errors: Tests out of sequence.  Found (5) but expected (4)
   Tests out of sequence.  Found (6) but expected (5)
   Tests out of sequence.  Found (7) but expected (6)
   Tests out of sequence.  Found (8) but expected (7)
   Tests out of sequence.  Found (9) but expected (8)
Displayed the first 5 of 8 TAP syntax errors.
Re-run prove with the -p option to see them all.
Files=95, Tests=534, 43 wallclock secs ( 1.22 usr  0.18 sys + 35.03
cusr  3.49 csys = 39.92 CPU)
Result: FAIL
Makefile:153: recipe for target '_tests' failed
make[3]: *** [_tests] Error 8
make[3]: Leaving directory '/build/openssl-1.1.0f/build_shared'
Makefile:151: recipe for target 'tests' failed
make[2]: *** [tests] Error 2
make[2]: Leaving directory '/build/openssl-1.1.0f/build_shared'
debian/rules:79: recipe for target 'override_dh_auto_test-arch' failed
make[1]: *** [override_dh_auto_test-arch] Error 2
make[1]: Leaving directory '/build/openssl-1.1.0f'
debian/rules:45: recipe for target 'build' failed
make: *** [build] Error 2
dpkg-buildpackage: error: debian/rules build gave error exit status 2
-- 
Daniel Schepler