Hello Dimitri, or anyone else affected, Accepted python2.7 into cosmic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/python2.7/2.7.16-2~18.10 in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-cosmic to verification-done-cosmic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-cosmic. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Description changed: + [Impact] + $ python -c 'import ssl; print(ssl.OP_NO_TLSv1_3)' Prints 0, for python2.7 built against 1.1.0 headers, yet prints 536870912 when built against 1.1.1 irrespective of the runtime libssl1.1 library version. This may yield confusion, especially since ssl.OPENSSL_VERSION reports runtime libssl version, not the version of the libssl headers. Such that, e.g. it looks like ssl module is running against 1.1.1, has OP_NO_TLSv1_3 option, yet cannot actually use it to disable TLSv1.3. Also vice versa, python2.7 build against 1.1.1 can be installed with 1.1.0 runtime library, and thus OP_NO_TLSv1_3 might be set, which is not understood by the runtime library. In libpython2.7-stdlib, please bump libssl1.1 version dep to "libssl1.1 (>= 1.1.1)" when building against libssl-dev >= 1.1.1. python3.x are not affected, as they started to exploit 1.1.1-only symbols/features, and thus already have an automatic dep on >= 1.1.1. + + [Test Case] + + Make sure the libssl1.1 build-dependency of python2.7 is at least 1.1.1. + + [Regression Potential] + + Potentially none, besides the usual regression potential of new + rebuilds. ** Changed in: python2.7 (Ubuntu Cosmic) Status: New => Fix Committed ** Tags added: verification-needed verification-needed-cosmic -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to python2.7 in Ubuntu. https://bugs.launchpad.net/bugs/1808476 Title: Please bump libssl1.1 dependency to at least >= 1.1.1, as headers leak constants Status in python2.7 package in Ubuntu: Fix Released Status in python2.7 source package in Bionic: New Status in python2.7 source package in Cosmic: Fix Committed Status in python2.7 source package in Disco: Fix Released Bug description: [Impact] $ python -c 'import ssl; print(ssl.OP_NO_TLSv1_3)' Prints 0, for python2.7 built against 1.1.0 headers, yet prints 536870912 when built against 1.1.1 irrespective of the runtime libssl1.1 library version. This may yield confusion, especially since ssl.OPENSSL_VERSION reports runtime libssl version, not the version of the libssl headers. Such that, e.g. it looks like ssl module is running against 1.1.1, has OP_NO_TLSv1_3 option, yet cannot actually use it to disable TLSv1.3. Also vice versa, python2.7 build against 1.1.1 can be installed with 1.1.0 runtime library, and thus OP_NO_TLSv1_3 might be set, which is not understood by the runtime library. In libpython2.7-stdlib, please bump libssl1.1 version dep to "libssl1.1 (>= 1.1.1)" when building against libssl-dev >= 1.1.1. python3.x are not affected, as they started to exploit 1.1.1-only symbols/features, and thus already have an automatic dep on >= 1.1.1. [Test Case] Make sure the libssl1.1 build-dependency of python2.7 is at least 1.1.1. [Regression Potential] Potentially none, besides the usual regression potential of new rebuilds. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python2.7/+bug/1808476/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
