Your message dated Sun, 13 Oct 2019 19:17:22 +0000
with message-id <e1ijjmo-000doa...@fasolo.debian.org>
and subject line Bug#940547: fixed in python-cryptography 2.6.1-3+deb10u1
has caused the Debian Bug report #940547,
regarding python-cryptography: Testsuite fails with OpenSSL 1.1.1d
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
940547: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940547
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: python-cryptography
Version: 2.6.1-3
Severity: serious
The upload of latest openssl 1.1.1d triggert three testsuite failures in
python-cryptography [0]
- _________________ test_buffer_protocol_alternate_modes[mode5]
__________________
|mode = <cryptography.hazmat.primitives.ciphers.modes.XTS object at
0x7f0c8ceaba50>
|backend = <cryptography.hazmat.backends.openssl.backend.Backend object at
0x7f0c95a29cd0>
|
| @pytest.mark.parametrize(
| "mode",
| [
| modes.CBC(bytearray(b"\x00" * 16)),
| modes.CTR(bytearray(b"\x00" * 16)),
| modes.OFB(bytearray(b"\x00" * 16)),
| modes.CFB(bytearray(b"\x00" * 16)),
| modes.CFB8(bytearray(b"\x00" * 16)),
| modes.XTS(bytearray(b"\x00" * 16)),
| ]
| )
| @pytest.mark.requires_backend_interface(interface=CipherBackend)
| def test_buffer_protocol_alternate_modes(mode, backend):
| data = bytearray(b"sixteen_byte_msg")
| cipher = base.Cipher(
| algorithms.AES(bytearray(b"\x00" * 32)), mode, backend
| )
|> enc = cipher.encryptor()
|
|tests/hazmat/primitives/test_aes.py:495:
|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
_
|/usr/lib/python2.7/dist-packages/cryptography/hazmat/primitives/ciphers/base.py:121:
in encryptor
| self.algorithm, self.mode
|/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.py:295:
in create_symmetric_encryption_ctx
| return _CipherContext(self, cipher, mode, _CipherContext._ENCRYPT)
|/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/ciphers.py:116:
in __init__
| self._backend.openssl_assert(res != 0)
|/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.py:125:
in openssl_assert
| return binding._openssl_assert(self._lib, ok)
This is due to commit 2a5f63c9a61be ("Allow AES XTS decryption using duplicate
keys.").
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2a5f63c9a61be
- _____________________ TestDH.test_dh_parameters_supported
______________________
|self = <tests.hazmat.primitives.test_dh.TestDH object at 0x7f0c65bbb3d0>
|backend = <cryptography.hazmat.backends.openssl.backend.Backend object at
0x7f0c95a29cd0>
|
| def test_dh_parameters_supported(self, backend):
| assert backend.dh_parameters_supported(23, 5)
|> assert not backend.dh_parameters_supported(23, 18)
|E assert not True
|E + where True = <bound method Backend.dh_parameters_supported of
<cryptography.hazmat.backends.openssl.backend.Backend object at
0x7f0c95a29cd0>>(23, 18)
|E + where <bound method Backend.dh_parameters_supported of
<cryptography.hazmat.backends.openssl.backend.Backend object at
0x7f0c95a29cd0>> = <cryptography.hazmat.backends.openssl.backend.Backend object
at 0x7f0c95a29cd0>.dh_parameters_supported
|
|tests/hazmat/primitives/test_dh.py:161: AssertionError
This is due to commit ddd16c2fe988e ("Change DH parameters to generate the
order q subgroup instead of 2q").
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddd16c2fe988e
- _____________ TestECDSACertificate.test_load_ecdsa_no_named_curve
______________
|self = <tests.x509.test_x509.TestECDSACertificate object at 0x7f0c609e3590>
|backend = <cryptography.hazmat.backends.openssl.backend.Backend object at
0x7f0c95a29cd0>
|
| def test_load_ecdsa_no_named_curve(self, backend):
| _skip_curve_unsupported(backend, ec.SECP256R1())
| cert = _load_cert(
| os.path.join("x509", "custom", "ec_no_named_curve.pem"),
| x509.load_pem_x509_certificate,
| backend
| )
| with pytest.raises(NotImplementedError):
|> cert.public_key()
|E Failed: DID NOT RAISE <type 'exceptions.NotImplementedError'>
|
|tests/x509/test_x509.py:3722: Failed
This is due to commit 9a43a733801bd ("[ec] Match built-in curves on
EC_GROUP_new_from_ecparameters").
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a43a733801bd
The first two changes in OpenSSL have been made on purporse and I'm not
sure about the last one.
Could someone please comment?
[0]
https://ci.debian.net/data/autopkgtest/testing/amd64/p/python-cryptography/2969575/log.gz
Sebastian
--- End Message ---
--- Begin Message ---
Source: python-cryptography
Source-Version: 2.6.1-3+deb10u1
We believe that the bug you reported is fixed in the latest version of
python-cryptography, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 940...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sebastian Andrzej Siewior <sebast...@breakpoint.cc> (supplier of updated
python-cryptography package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 30 Sep 2019 20:55:00 +0200
Source: python-cryptography
Architecture: source
Version: 2.6.1-3+deb10u1
Distribution: buster
Urgency: medium
Maintainer: Tristan Seligmann <mithra...@debian.org>
Changed-By: Sebastian Andrzej Siewior <sebast...@breakpoint.cc>
Closes: 940547
Changes:
python-cryptography (2.6.1-3+deb10u1) buster; urgency=medium
.
* Non-maintainer upload.
* Backport two patches to fix the testsute with newer openssl.
* Ignore test_load_ecdsa_no_named_curve in the testsuite because it known to
break with newer openssl (Closes: #940547).
Checksums-Sha1:
197dc4755512e25b6b54b2eb64d63345b7ad6bc2 3382
python-cryptography_2.6.1-3+deb10u1.dsc
81042476100e4daf5c17e421697a2d1817695861 27116
python-cryptography_2.6.1-3+deb10u1.debian.tar.xz
Checksums-Sha256:
a2209899532d5421b1f41b2c029a80003a5ef8ddeda2377c32efc61603cabfdb 3382
python-cryptography_2.6.1-3+deb10u1.dsc
84788ff54a2fdc2e99c3ab3e3a92f947f8ff52e74d177e3e49e070d63f508699 27116
python-cryptography_2.6.1-3+deb10u1.debian.tar.xz
Files:
55e591024cca54f54afb3d144a29a913 3382 python optional
python-cryptography_2.6.1-3+deb10u1.dsc
b26d5456a35782db4716ebee4a07ab26 27116 python optional
python-cryptography_2.6.1-3+deb10u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQGzBAEBCgAdFiEEV4kucFIzBRM39v3RBWQfF1cS+lsFAl2SWm4ACgkQBWQfF1cS
+luFpQv+KPAonAQJYuO9/yFVvTpHmCrwUAXQss38x8IcgccowU3e9PB2JcBsL23D
ivrCE5mZSRxy+hauXioz/WoVyDZ/RwE8MpIlhUI9fO7XdNglQbn36zABAqhUjqMi
CyrQ7KSJGVn92xXxPdtltErA18PTf6vvKg0eK5mkLW1aOpl18W6+vYG3bnd3tisj
U5c/9udKYZ7FwJ2/vNQXhVHc88vqNm/OZMhoAi0rwUPMN00rIIUICpMSAtvbqUco
DoYcE4gMUBBt83nrGGVy8SjCjdHm1ed1OTfSt5m/k+1fa3vwOBgJ+QbvHLvRo9TJ
RhMu80+FmdXqlbsAPMnNpZWa8FE+bgyrR2Jvgw+sUefs0LAMMH2NSD1YKPe0ladY
ZAQ/GIFU6MQ/clpMiIBnvS2eTzfwgya7DZLroE0hBdrsTJ8gpTVmRiv5VveH+kBU
YikIYkbnE9Hwq84ZxiARrGOe6gCwBu6agTnwMymxIIqM0S9h374y8Z2ewxWva+XW
11VDNWqx
=8phl
-----END PGP SIGNATURE-----
--- End Message ---
