====================================================================== FAIL: test_der (OpenSSL.test.test_crypto.X509NameTests) ---------------------------------------------------------------------- Traceback (most recent call last): File "/var/tmp/portage/dev-python/pyopenssl-0.14/work/pyOpenSSL-0.14/OpenSSL/test/test_crypto.py", line 907, in test_der b('0\x1b1\x0b0\t\x06\x03U\x04\x06\x13\x02US' AssertionError: b'0\x1b1\x0b0\t\x06\x03U\x04\x06\x13\x02US1\x0c0\n\x06\x03U\x04\x03\x0c\x03foo' != b'0\x1b1\x0b0\t\x06\x03U\x04\x06\x13\x02US1\x0c0\n\x06\x03U\x04\x03\x13\x03foo' ---------------------------------------------------------------------- Portage 2.2.8-r1 (default/linux/alpha/13.0, gcc-4.7.3, glibc-2.17, 3.11.9 alpha) ================================================================= System uname: Linux-3.11.9-alpha-EV68AL-with-gentoo-2.2 KiB Mem: 3918320 total, 1729000 free KiB Swap: 0 total, 0 free Timestamp of tree: Sat, 21 Jun 2014 10:00:01 +0000 ld GNU ld (Gentoo 2.23.2 p1.0) 2.23.2 app-shells/bash: 4.2_p45 dev-lang/python: 2.7.5-r3, 3.3.3 dev-util/pkgconfig: 0.28 sys-apps/baselayout: 2.2 sys-apps/openrc: 0.12.4 sys-apps/sandbox: 2.6-r1 sys-devel/autoconf: 2.69 sys-devel/automake: 1.13.4 sys-devel/binutils: 2.23.2 sys-devel/gcc: 4.7.3-r1 sys-devel/gcc-config: 1.7.3 sys-devel/libtool: 2.4.2 sys-devel/make: 3.82-r4 sys-kernel/linux-headers: 3.13 (virtual/os-headers) sys-libs/glibc: 2.17 Repositories: gentoo ACCEPT_KEYWORDS="alpha" ACCEPT_LICENSE="*" CBUILD="alpha-unknown-linux-gnu" CFLAGS="-mieee -pipe -O2 -mcpu=ev67" CHOST="alpha-unknown-linux-gnu" CONFIG_PROTECT="/etc" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/sandbox.d /etc/terminfo" CXXFLAGS="-mieee -pipe -O2 -mcpu=ev67" DISTDIR="/usr/portage/distfiles" FCFLAGS="-O2 -pipe" FEATURES="assume-digests binpkg-logs buildpkg config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync" FFLAGS="-O2 -pipe" GENTOO_MIRRORS="http://mirror.switch.ch/ftp/mirror/gentoo/" LANG="en_US.utf8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="" USE="acl alpha berkdb bzip2 cli cracklib crypt cxx dri fortran gdbm iconv ipv6 modules ncurses nls nptl openmp pam pcre readline session ssl tcpd unicode zlib" ALSA_CARDS="ali5451 als4000 bt87x ca0106 cmipci emu10k1 ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 maestro3 trident usb-audio via82xx ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-5" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_3" RUBY_TARGETS="ruby19 ruby20" USERLAND="GNU" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, MAKEOPTS, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, SYNC, USE_PYTHON
Created attachment 379394 [details] pyopenssl build log
This isn't Alpha-specific: I reproduced it on ~amd64 and narrowed it down to an OpenSSL commit present in 1.0.1h. See attached pyopenssl bug report.
(In reply to Marien Zwart from comment #2) > This isn't Alpha-specific: I reproduced it on ~amd64 and narrowed it down to > an OpenSSL commit present in 1.0.1h. See attached pyopenssl bug report. well right. Do you agree that a fix for this requires <dev-libs/openssl-1.0.1h? I set it to that for now. I consider that fixes this bug, however being a test suite It suggests there's something wrong with /openssl-1.0.1h and up, so leaving open.
Previous version of openssl is vulnerable, so by setting dependency like this you force every pyopenssl user to use a known-vulnerable version. Don't do this for the sake of having happy tests!
better question, why is a vulnerable version of openssl still in tree?
(In reply to Matthew Thode ( prometheanfire ) from comment #5) > better question, why is a vulnerable version of openssl still in tree? Because arch teams are still stabilizing the new version, obviously.
(In reply to Michał Górny from comment #4) > Previous version of openssl is vulnerable, so by setting dependency like > this you force every pyopenssl user to use a known-vulnerable version. Don't > do this for the sake of having happy tests! It was a temp measure. Why do you think I left it OPEN?
I have found a path to a final fix but it needs a second patch. The < dep will ofcourse 'go'. I'll do it later since I suspect no-one else will beat me
(In reply to Ian Delaney from comment #7) > It was a temp measure. Why do you think I left it OPEN? This was a bad move. Please stop doing this in the future.
(In reply to Mike Gilbert from comment #9) > (In reply to Ian Delaney from comment #7) > > It was a temp measure. Why do you think I left it OPEN? > > This was a bad move. Please stop doing this in the future. Well this is dealt with. The bug made and closed by marienz actually refers to a commit in cryptography which fixes this. 23 Jun 2014; Ian Delaney <idella4@gentoo.org> pyopenssl-0.14.ebuild: update dep to cryptography-0.2.1-r2, fixes Bug #514418 by klausman