[Bug 1443704] Re: Support for TLS 1.2 not present (added in 2.7.9)

Matthias Klose doko at ubuntu.com
Tue Jan 24 22:40:17 UTC 2017 

we did two four test rebuilds for the whole archive:

http://qa.ubuntuwire.org/ftbfs/rebuilds/test-rebuild-20161216-trusty.html
http://qa.ubuntuwire.org/ftbfs/rebuilds/test-rebuild-20161216-updates-trusty.html

http://qa.ubuntuwire.org/ftbfs/rebuilds/test-rebuild-20161216-python2712-trusty.html
http://qa.ubuntuwire.org/ftbfs/rebuilds/test-rebuild-20161216-updates-python2712-trusty.html

the latter two with the python2.7, python-defaults. python-stdlib-
extensions, python-eventlet and python-gevent packages from the ubuntu-
toolchain-r/ppa archive.

Comparing the build failures, I found the following regressions:

archivemail	0.9.0-1build1			i386 (maybe TODO)
  python related, disabled test in next upload
  https://launchpad.net/ubuntu/+source/archivemail/0.9.0-1.1
bzr		2.6.0+bzr6593-1ubuntu1		any (ok in updates)
cinder		1:2014.1-0ubuntu1		i386 (ok with updated kombu)
commons-exec	1.2-1				all (test failures, java)
docsis		0.9.6+git16-g61ee500+dfsg-2build1 ppc64el (unrelated, GCC ICE)
eclipse		3.8.1-5.1			arm64 (unrelated, OpenJDK issue?)
extsmail	1.4-1				arm64 (unrelated, GCC ICE)
gcc-defaults	1.124ubuntu6			i386 (unrelated)
  gcj out of memory error
glance		1:2014.1-0ubuntu1		all (ok with updated kombu)
indicator-sound	12.10.2+14.04.20140401-0ubuntu1	i386 (looks unrelated)
  test failures
initramfs-tools-ubuntu-touch	0.72		i386 amd64 armhf (TODO)
 TODO: E: Release signed by unknown key (key id 1E9377A2BA9EF27F)
kombu		3.0.7-1ubuntu1			i386 (ok, updated)
libcrypto++	5.6.1-6				armhf (ok in updates)
liblayout	0.2.10-2			i386 (unrelated)
  OpenJDK out of memory, works when built on amd64)
mgltools-pmv	1.5.7~rc1~cvs.20130519-2	all (TODO)
  pyversions: error parsing Python-Version attribute
nova		1:2014.1-0ubuntu1		i386 (ok with updated kombu)
nuitka		0.5.0.1+ds-1			all (TODO)
  test errors with new python2.7
obexftp		0.23-1.2ubuntu3			any (TODO)
  build error with -Werror=format-security
oslo.messaging	1.3.0-0ubuntu1			all (ok with updated kombu)
pyfltk		1.3.0-1				any (TODO)
  build error with -Werror=format-security
pymol		1.7.0.0-1			any (TODO)
  build error with -Werror=format-security
python-django	1.6.1-2				all (TODO)
  SyntaxError: Non-ASCII character '\xc6' in file test_jslex.py on line 26,
  but no encoding declared
python-eventlet	0.13.0-1ubuntu2			i386 (ok in proposed update)
  0.13.0-1ubuntu2.3
python-glanceclient	1:0.12.0-0ubuntu1	all (TODO)
python-pywcs	1.11-1				any (TODO)
  build error with -Werror=format-security
rawdog		2.19-1				all (TODO)
  Error while fetching feed:
  <urlopen error ('_ssl.c:574: The handshake operation timed out',)>
ruby-lapack	1.5-2				ppc64el (unrelated, ruby)
ruby-timers	1.1.0-1				i386 (unrelated, ruby)
sauerbraten	0.0.20130203.dfsg-1		arm64 (unrelated GCC ICE)
shinken		1.4-2				any
  pyversions: error parsing Python-Version attribute
tora		2.1.3-2build2			arm64 (unrelated, GCC ICE)
wxwidgets2.8	2.8.12.1+dfsg-2ubuntu2		any (unrelated, GCC ICE)
  dump available


With the kombu update in trusty-proposed, there is only the python-glanceclient packages which shows regressions in main.  There are a dozen or so packages in universe which show regressions as well, but on a first glance these look all fixable.

I didn't investigate if the compiler ICEs are really related to the
python2.7 update.  These seem to persist even when giving back the
packages on the buildds.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to python2.7 in Ubuntu.
https://bugs.launchpad.net/bugs/1443704

Title:
  Support for TLS 1.2 not present (added in 2.7.9)

Status in python2.7 package in Ubuntu:
  Confirmed

Bug description:
  There are security issues with TLS 1.0, but Python 2.7.9 doesn't
  explicitly support TLS 1.2, so programs written in python can't
  necessarily use it on 14.04.   This is requiring me to do a manual
  install of a more recent version of python, which is fine, but if this
  is an LTS release lack of support for TLS 1.2 is going to become an
  even bigger problem going forward.   This is specifically a problem
  with the getmail package.

  ksanti% lsb_release -rd
  Description:    Ubuntu 14.04.2 LTS
  Release:        14.04

  root at ksanti:/home/mellon/.getmail# apt-cache policy python2.7
  python2.7:
    Installed: 2.7.6-8
    Candidate: 2.7.6-8
    Version table:
   *** 2.7.6-8 0
          500 http://us.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
          100 /var/lib/dpkg/status

  What I'm expecting:

  root at ksanti:/home/mellon/Python-2.7.9# python
  Python 2.7.9 (default, Apr 13 2015, 19:47:19) 
  [GCC 4.8.2] on linux2
  Type "help", "copyright", "credits" or "license" for more information.
  >>> import ssl
  >>> 'PROTOCOL_TLSv1_2' in dir(ssl)
  True

  What I get:

  root at ksanti:/home/mellon/Python-2.7.9# /usr/bin/python
  Python 2.7.6 (default, Mar 22 2014, 22:59:56) 
  [GCC 4.8.2] on linux2
  Type "help", "copyright", "credits" or "license" for more information.
  >>> import ssl
  >>> 'PROTOCOL_TLSv1_2' in dir(ssl)
  False

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python2.7/+bug/1443704/+subscriptions

More information about the foundations-bugs mailing list