Summary: | dev-python/pyopenssl-0.14 fails tests with dev-libs/openssl-1.0.1h and up | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Tobias Klausmann (RETIRED) <klausman> |
Component: | Current packages | Assignee: | Python Gentoo Team <python> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | alpha, holger, marienz |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/pyca/pyopenssl/issues/129 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 503094 | ||
Attachments: | pyopenssl build log |
Description
Tobias Klausmann (RETIRED)
2014-06-22 10:16:14 UTC
Created attachment 379394 [details]
pyopenssl build log
This isn't Alpha-specific: I reproduced it on ~amd64 and narrowed it down to an OpenSSL commit present in 1.0.1h. See attached pyopenssl bug report. (In reply to Marien Zwart from comment #2) > This isn't Alpha-specific: I reproduced it on ~amd64 and narrowed it down to > an OpenSSL commit present in 1.0.1h. See attached pyopenssl bug report. well right. Do you agree that a fix for this requires <dev-libs/openssl-1.0.1h? I set it to that for now. I consider that fixes this bug, however being a test suite It suggests there's something wrong with /openssl-1.0.1h and up, so leaving open. Previous version of openssl is vulnerable, so by setting dependency like this you force every pyopenssl user to use a known-vulnerable version. Don't do this for the sake of having happy tests! better question, why is a vulnerable version of openssl still in tree? (In reply to Matthew Thode ( prometheanfire ) from comment #5) > better question, why is a vulnerable version of openssl still in tree? Because arch teams are still stabilizing the new version, obviously. (In reply to Michał Górny from comment #4) > Previous version of openssl is vulnerable, so by setting dependency like > this you force every pyopenssl user to use a known-vulnerable version. Don't > do this for the sake of having happy tests! It was a temp measure. Why do you think I left it OPEN? I have found a path to a final fix but it needs a second patch. The < dep will ofcourse 'go'. I'll do it later since I suspect no-one else will beat me (In reply to Ian Delaney from comment #7) > It was a temp measure. Why do you think I left it OPEN? This was a bad move. Please stop doing this in the future. (In reply to Mike Gilbert from comment #9) > (In reply to Ian Delaney from comment #7) > > It was a temp measure. Why do you think I left it OPEN? > > This was a bad move. Please stop doing this in the future. Well this is dealt with. The bug made and closed by marienz actually refers to a commit in cryptography which fixes this. 23 Jun 2014; Ian Delaney <idella4@gentoo.org> pyopenssl-0.14.ebuild: update dep to cryptography-0.2.1-r2, fixes Bug #514418 by klausman |