Your message dated Thu, 26 Sep 2019 19:49:45 +0000
with message-id <e1idzlp-000hk8...@fasolo.debian.org>
and subject line Bug#940547: fixed in python-cryptography 2.6.1-3.1
has caused the Debian Bug report #940547,
regarding python-cryptography: Testsuite fails with OpenSSL 1.1.1d
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
940547: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940547
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: python-cryptography
Version: 2.6.1-3
Severity: serious
The upload of latest openssl 1.1.1d triggert three testsuite failures in
python-cryptography [0]
- _________________ test_buffer_protocol_alternate_modes[mode5]
__________________
|mode = <cryptography.hazmat.primitives.ciphers.modes.XTS object at
0x7f0c8ceaba50>
|backend = <cryptography.hazmat.backends.openssl.backend.Backend object at
0x7f0c95a29cd0>
|
| @pytest.mark.parametrize(
| "mode",
| [
| modes.CBC(bytearray(b"\x00" * 16)),
| modes.CTR(bytearray(b"\x00" * 16)),
| modes.OFB(bytearray(b"\x00" * 16)),
| modes.CFB(bytearray(b"\x00" * 16)),
| modes.CFB8(bytearray(b"\x00" * 16)),
| modes.XTS(bytearray(b"\x00" * 16)),
| ]
| )
| @pytest.mark.requires_backend_interface(interface=CipherBackend)
| def test_buffer_protocol_alternate_modes(mode, backend):
| data = bytearray(b"sixteen_byte_msg")
| cipher = base.Cipher(
| algorithms.AES(bytearray(b"\x00" * 32)), mode, backend
| )
|> enc = cipher.encryptor()
|
|tests/hazmat/primitives/test_aes.py:495:
|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
_
|/usr/lib/python2.7/dist-packages/cryptography/hazmat/primitives/ciphers/base.py:121:
in encryptor
| self.algorithm, self.mode
|/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.py:295:
in create_symmetric_encryption_ctx
| return _CipherContext(self, cipher, mode, _CipherContext._ENCRYPT)
|/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/ciphers.py:116:
in __init__
| self._backend.openssl_assert(res != 0)
|/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.py:125:
in openssl_assert
| return binding._openssl_assert(self._lib, ok)
This is due to commit 2a5f63c9a61be ("Allow AES XTS decryption using duplicate
keys.").
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2a5f63c9a61be
- _____________________ TestDH.test_dh_parameters_supported
______________________
|self = <tests.hazmat.primitives.test_dh.TestDH object at 0x7f0c65bbb3d0>
|backend = <cryptography.hazmat.backends.openssl.backend.Backend object at
0x7f0c95a29cd0>
|
| def test_dh_parameters_supported(self, backend):
| assert backend.dh_parameters_supported(23, 5)
|> assert not backend.dh_parameters_supported(23, 18)
|E assert not True
|E + where True = <bound method Backend.dh_parameters_supported of
<cryptography.hazmat.backends.openssl.backend.Backend object at
0x7f0c95a29cd0>>(23, 18)
|E + where <bound method Backend.dh_parameters_supported of
<cryptography.hazmat.backends.openssl.backend.Backend object at
0x7f0c95a29cd0>> = <cryptography.hazmat.backends.openssl.backend.Backend object
at 0x7f0c95a29cd0>.dh_parameters_supported
|
|tests/hazmat/primitives/test_dh.py:161: AssertionError
This is due to commit ddd16c2fe988e ("Change DH parameters to generate the
order q subgroup instead of 2q").
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddd16c2fe988e
- _____________ TestECDSACertificate.test_load_ecdsa_no_named_curve
______________
|self = <tests.x509.test_x509.TestECDSACertificate object at 0x7f0c609e3590>
|backend = <cryptography.hazmat.backends.openssl.backend.Backend object at
0x7f0c95a29cd0>
|
| def test_load_ecdsa_no_named_curve(self, backend):
| _skip_curve_unsupported(backend, ec.SECP256R1())
| cert = _load_cert(
| os.path.join("x509", "custom", "ec_no_named_curve.pem"),
| x509.load_pem_x509_certificate,
| backend
| )
| with pytest.raises(NotImplementedError):
|> cert.public_key()
|E Failed: DID NOT RAISE <type 'exceptions.NotImplementedError'>
|
|tests/x509/test_x509.py:3722: Failed
This is due to commit 9a43a733801bd ("[ec] Match built-in curves on
EC_GROUP_new_from_ecparameters").
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a43a733801bd
The first two changes in OpenSSL have been made on purporse and I'm not
sure about the last one.
Could someone please comment?
[0]
https://ci.debian.net/data/autopkgtest/testing/amd64/p/python-cryptography/2969575/log.gz
Sebastian
--- End Message ---
--- Begin Message ---
Source: python-cryptography
Source-Version: 2.6.1-3.1
We believe that the bug you reported is fixed in the latest version of
python-cryptography, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 940...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sebastian Andrzej Siewior <sebast...@breakpoint.cc> (supplier of updated
python-cryptography package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 24 Sep 2019 21:10:32 +0200
Source: python-cryptography
Architecture: source
Version: 2.6.1-3.1
Distribution: unstable
Urgency: medium
Maintainer: Tristan Seligmann <mithra...@debian.org>
Changed-By: Sebastian Andrzej Siewior <sebast...@breakpoint.cc>
Closes: 940547
Changes:
python-cryptography (2.6.1-3.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Backport two patches to fix the testsute with newer openssl.
* Ignore test_load_ecdsa_no_named_curve in the testsuite because it known to
break with newer openssl (Closes: #940547).
Checksums-Sha1:
b548fd126fe065bd65a03306f3ceca5cc2c7157a 3358 python-cryptography_2.6.1-3.1.dsc
f1c5038ffb3292bd3f16b1ff8799500449472c52 27108
python-cryptography_2.6.1-3.1.debian.tar.xz
7c674a02cdb5214655862287a8425ed6417f78ca 6260
python-cryptography_2.6.1-3.1_source.buildinfo
Checksums-Sha256:
d7bb0d42b6a73d5dee202ecd2c19f1d4aadf5256e8a777c9229e7dacd7887b01 3358
python-cryptography_2.6.1-3.1.dsc
66f8d4f6322eed1e8bc13cf016c5a272bbf0414a5dc86359475d92612c0fd519 27108
python-cryptography_2.6.1-3.1.debian.tar.xz
860078484756ba72b7c8da592858f554263838ed4cc7c93ee755144bcbd6b3f0 6260
python-cryptography_2.6.1-3.1_source.buildinfo
Files:
375ab6c3451de51198cab6836dd3d4f5 3358 python optional
python-cryptography_2.6.1-3.1.dsc
98701e1576378a31895206f81ad42327 27108 python optional
python-cryptography_2.6.1-3.1.debian.tar.xz
e67d63f335529c3d915d3e83e55758f5 6260 python optional
python-cryptography_2.6.1-3.1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQGzBAEBCgAdFiEEV4kucFIzBRM39v3RBWQfF1cS+lsFAl2KbWwACgkQBWQfF1cS
+lt99wwAhjpPbWM/S8ZmJyxPn58Y8YsuFgPquh3SJhbsScFZKIaWwTyP0zPGniNK
JsC3svFFZ3F8G+WGmPfYfbUdoML4zZV5H/HdEY26lCiczB/LLJfBU0O7jOVPJWEn
9S+sf4PLCjUZ0bVIGvzgmZSS0kwra5kAA/pKQo4YRlIkQlxJrurK4URxtwDHaU6a
183I4A36ZVu8ex2TWayKXxdvXm4zB/Ksn9AWW+O7EJGyNZnix7KCpciMMbkw7+7Q
tZ9osQh94W44mejj7kjtiYRQ40DhOZQaKGC15J/Drv/tsiw3AoZ+WKGYsZcwnR8P
9OSfcXV2thMCvhZae0csydGy21op9IxYM3BIXgRX29RewEXlPmXkNqOmNFMNNhgK
E8DazRR/90OvhW0VxSAo5PTTJ8K0shSSjzXAEbMY57c+SxUroFUoW7rqMPs+spgG
yxAO/F98i/PcJ30t5EHkehiPaJ5GoA2jyQMkgsiCJIyVTTwtGT4l57FdH+gtz/ya
dd9JGgSc
=ayKt
-----END PGP SIGNATURE-----
--- End Message ---
