Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 661258 - dev-python/twisted-18.4.0[test] forces older <net-misc/openssh-7.6
Summary: dev-python/twisted-18.4.0[test] forces older <net-misc/openssh-7.6
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Python Gentoo Team
URL: https://twistedmatrix.com/trac/ticket...
Whiteboard:
Keywords:
Depends on: 705488
Blocks: CVE-2019-6111
  Show dependency tree
 
Reported: 2018-07-15 16:53 UTC by Mart Raudsepp
Modified: 2020-04-21 12:11 UTC (History)
5 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Mart Raudsepp gentoo-dev 2018-07-15 16:53:34 UTC
twisted-17.9.0 and twisted-18.4.0 ebuilds are forcing <net-misc/openssh-7.6, apparently due to https://twistedmatrix.com/trac/ticket/9311
But this blocks 7.7 as well, and I don't see the relevant tests fail with that (albeit I haven't tested with 7.6 on my setup).

Not very nice to force openssh downgrades for tests, possibly even unnecessarily.
Additionally other tests fail anyways :(
Comment 1 Larry the Git Cow gentoo-dev 2018-10-06 22:31:43 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fbabae323c3a5684c7886cd4a56cb153ef2b2c17

commit fbabae323c3a5684c7886cd4a56cb153ef2b2c17
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2018-10-06 22:31:32 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2018-10-06 22:31:32 +0000

    Revert "net-misc/openssh: Security cleanup"
    
    This reverts commit 5091fd8f2b5a7cb0d3e970df404446d3aef8f3c7.
    
    <net-misc/openssh-7.6 is still needed for dev-python/twisted.
    
    Bug: https://bugs.gentoo.org/661258
    Bug: https://bugs.gentoo.org/664264
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 net-misc/openssh/Manifest                 |   5 +
 net-misc/openssh/metadata.xml             |   2 +
 net-misc/openssh/openssh-7.5_p1-r4.ebuild | 334 ++++++++++++++++++++++++++++++
 3 files changed, 341 insertions(+)
Comment 2 Thomas Deutschmann gentoo-dev Security 2018-10-07 01:31:22 UTC
If nobody else will come up with a better solution, base-system will apply the following changes on 2018-10-08 to get rid of the OpenSSH blocker so we can clean up an old, vulnerable version, given that this bug exists for more than 12 months and the whole USE=conch thing is totally broken (I would suggest to p.u.mask "conch" but that's up to you):

diff --git a/dev-python/twisted/twisted-18.7.0.ebuild b/dev-python/twisted/twisted-18.7.0.ebuild
index 45bc575df11a..fc2c39e3dc59 100644
--- a/dev-python/twisted/twisted-18.7.0.ebuild
+++ b/dev-python/twisted/twisted-18.7.0.ebuild
@@ -75,7 +75,6 @@ DEPEND="
                dev-python/idna[${PYTHON_USEDEP}]
                dev-python/pyserial[${PYTHON_USEDEP}]
                >=dev-python/constantly-15.1.0[${PYTHON_USEDEP}]
-               <net-misc/openssh-7.6
        )
 "

@@ -97,6 +96,12 @@ python_prepare_all() {
        if use test ; then
                # Remove since this is an upstream distribution test for making releases
                rm src/twisted/python/test/test_release.py || die "rm src/twisted/python/test/test_release.py FAILED"
+
+               # Conch doesn't work with latest >=OpenSSH 7.6
+               #   - https://twistedmatrix.com/trac/ticket/9311
+               #   - https://twistedmatrix.com/trac/ticket/9515
+               rm src/twisted/conch/test/test_conch.py || die "rm src/twisted/conch/test/test_conch.py FAILED"
+               rm src/twisted/conch/test/test_cftp.py || die "rm src/twisted/conch/test/test_cftp.py FAILED"
        fi
        distutils-r1_python_prepare_all
 }
Comment 3 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2019-04-15 01:17:40 UTC
(In reply to Thomas Deutschmann from comment #2)
> If nobody else will come up with a better solution, base-system will apply
> the following changes on 2018-10-08 to get rid of the OpenSSH blocker so we
> can clean up an old, vulnerable version, given that this bug exists for more
> than 12 months and the whole USE=conch thing is totally broken (I would
> suggest to p.u.mask "conch" but that's up to you):
> 
> diff --git a/dev-python/twisted/twisted-18.7.0.ebuild
> b/dev-python/twisted/twisted-18.7.0.ebuild
> index 45bc575df11a..fc2c39e3dc59 100644
> --- a/dev-python/twisted/twisted-18.7.0.ebuild
> +++ b/dev-python/twisted/twisted-18.7.0.ebuild
> @@ -75,7 +75,6 @@ DEPEND="
>                 dev-python/idna[${PYTHON_USEDEP}]
>                 dev-python/pyserial[${PYTHON_USEDEP}]
>                 >=dev-python/constantly-15.1.0[${PYTHON_USEDEP}]
> -               <net-misc/openssh-7.6
>         )
>  "
> 
> @@ -97,6 +96,12 @@ python_prepare_all() {
>         if use test ; then
>                 # Remove since this is an upstream distribution test for
> making releases
>                 rm src/twisted/python/test/test_release.py || die "rm
> src/twisted/python/test/test_release.py FAILED"
> +
> +               # Conch doesn't work with latest >=OpenSSH 7.6
> +               #   - https://twistedmatrix.com/trac/ticket/9311
> +               #   - https://twistedmatrix.com/trac/ticket/9515
> +               rm src/twisted/conch/test/test_conch.py || die "rm
> src/twisted/conch/test/test_conch.py FAILED"
> +               rm src/twisted/conch/test/test_cftp.py || die "rm
> src/twisted/conch/test/test_cftp.py FAILED"
>         fi
>         distutils-r1_python_prepare_all
>  }

Let's do this already...
Comment 4 Larry the Git Cow gentoo-dev 2019-11-28 03:16:47 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=538d1343448d7d69ebc75afe857c6601eaa844fa

commit 538d1343448d7d69ebc75afe857c6601eaa844fa
Author:     Aaron Bauman <bman@gentoo.org>
AuthorDate: 2019-11-28 03:01:49 +0000
Commit:     Aaron Bauman <bman@gentoo.org>
CommitDate: 2019-11-28 03:16:34 +0000

    dev-python/twisted: bump to 19.10.0
    
    * Remove net-misc/openssh version constraint
    * dev-python/bcrypt is now in DEPEND
    * Drop all patches which are no longer required
    * Clean python_test() per previous comment
    
    Package is still not compatible with py3.8 but is very close. We should see full
    support soon. Most tests pass with py3.8. Additionally, dev-python/automat will
    require a bump to >=0.8.0 in order to support py3.8 within twisted.
    
    Bug: https://bugs.gentoo.org/661258
    Bug: https://bugs.gentoo.org/662340
    Bug: https://bugs.gentoo.org/677226
    Bug: https://bugs.gentoo.org/690790
    Bug: https://bugs.gentoo.org/683910
    
    Signed-off-by: Aaron Bauman <bman@gentoo.org>

 dev-python/twisted/Manifest               |   1 +
 dev-python/twisted/twisted-19.10.0.ebuild | 173 ++++++++++++++++++++++++++++++
 2 files changed, 174 insertions(+)
Comment 5 Larry the Git Cow gentoo-dev 2020-04-21 12:11:54 UTC
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=640ceed5adb749f557d2d55bd2cd07303a1a4d9d

commit 640ceed5adb749f557d2d55bd2cd07303a1a4d9d
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2020-04-21 12:11:37 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-04-21 12:11:46 +0000

    dev-python/twisted: drop conch tests
    
    Closes: https://bugs.gentoo.org/661258
    Package-Manager: Portage-2.3.99, Repoman-2.3.22
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 dev-python/twisted/twisted-18.4.0.ebuild | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)