FTBFS - python-gear enforces TLSv1.0 usage

Bug #1951952 reported by Athos Ribeiro
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
python-gear (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

python-gear forces TLSv1.0 usage, which is no longer supported by our libssl.

Exception in connect loop:
Traceback (most recent call last):
  File "/<<PKGBUILDDIR>>/gear/__init__.py", line 2500, in _doConnectLoop
    self.connectLoop()
  File "/<<PKGBUILDDIR>>/gear/__init__.py", line 2526, in connectLoop
    c = ssl.wrap_socket(c, server_side=True,
  File "/usr/lib/python3.10/ssl.py", line 1441, in wrap_socket
    return context.wrap_socket(
  File "/usr/lib/python3.10/ssl.py", line 512, in wrap_socket
    return self.sslsocket_class._create(
  File "/usr/lib/python3.10/ssl.py", line 1070, in _create
    self.do_handshake()
  File "/usr/lib/python3.10/ssl.py", line 1341, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL] internal error (_ssl.c:997)
}}}

Traceback (most recent call last):
  File "/<<PKGBUILDDIR>>/gear/tests/test_functional.py", line 73, in setUp
    self.client.waitForServer()
  File "/<<PKGBUILDDIR>>/gear/__init__.py", line 1199, in waitForServer
    self.connections_condition.wait()
  File "/usr/lib/python3.10/threading.py", line 320, in wait
    waiter.acquire()
  File "/usr/lib/python3/dist-packages/fixtures/_fixtures/timeout.py", line 52, in signal_handler
    raise TimeoutException()
fixtures._fixtures.timeout.TimeoutException

Tags: ftbfs
Revision history for this message
Athos Ribeiro (athos-ribeiro) wrote :

This patch fixes the bug by applying 2 upstream patches, which introduce newr TLS versions support.

A PPA with the changes is available at
https://launchpad.net/~athos-ribeiro/+archive/ubuntu/python-gear-310/+packages

I ran the dep8 test suite with the proposed patch. Here is the result summary:

autopkgtest [10:04:18]: @@@@@@@@@@@@@@@@@@@@ summary
autodep8-python3 PASS (superficial)

Revision history for this message
Athos Ribeiro (athos-ribeiro) wrote :
Revision history for this message
Athos Ribeiro (athos-ribeiro) wrote :
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Thanks for working on this, Athos.

The debdiff looks good and I agree with the backports. I have also verified that the package builds fine with the proposed changes + openssl 3.

I just have some small requests before I proceed with the upload:

1) Could you add a period at the end of each changelog entry? I like to treat them as sentences, and as such I consider that they should be properly terminated.

2) Both patches should also have the "Bug-Ubuntu" DEP-3 header in order to help determining why they're needed.

3) When I'm backporting multiple patches for a logical change like this, I like writing a changelog entry like this:

  * Fix FTBFS with OpenSSL 3. (LP: #1951952)
    - d/p/add-SNI-support.patch: Add SNI support.
    - d/p/do-not-force-tls-v1.patch: Do not enforce TLS v1.0 usage.

I think it looks more organized and is easier to understand that the patches are part of something bigger.

If you could address these points, I can proceed with the upload right away.

Thanks again.

Revision history for this message
Athos Ribeiro (athos-ribeiro) wrote :
Revision history for this message
Athos Ribeiro (athos-ribeiro) wrote :

Hi Sergio, Thanks for the review :)

I just addressed the 3 items you listed there!

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Thanks, Athos.

Uploaded:

$ dput python-gear_0.5.8-6ubuntu1_source.changes
Trying to upload package to ubuntu
Checking signature on .changes
gpg: /home/sergio/work/python-gear/python-gear_0.5.8-6ubuntu1_source.changes: Valid signature from 106DA1C8C3CBBF14
Checking signature on .dsc
gpg: /home/sergio/work/python-gear/python-gear_0.5.8-6ubuntu1.dsc: Valid signature from 106DA1C8C3CBBF14
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading python-gear_0.5.8-6ubuntu1.dsc: done.
  Uploading python-gear_0.5.8-6ubuntu1.debian.tar.xz: done.
  Uploading python-gear_0.5.8-6ubuntu1_source.buildinfo: done.
  Uploading python-gear_0.5.8-6ubuntu1_source.changes: done.
Successfully uploaded packages.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package python-gear - 0.5.8-6ubuntu1

---------------
python-gear (0.5.8-6ubuntu1) jammy; urgency=medium

  * Fix FTBFS with OpenSSL 3. (LP: #1951952)
    - d/p/add-SNI-support.patch: Add SNI support.
    - d/p/do-not-force-tls-v1.patch: Do not enforce TLS v1.0 usage.

 -- Athos Ribeiro <email address hidden> Mon, 22 Nov 2021 18:57:15 -0300

Changed in python-gear (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.