[Bug 1808476] Autopkgtest regression report (python2.7/2.7.17-1~18.04)

Ubuntu SRU Bot 1808476 at bugs.launchpad.net
Fri Dec 6 06:37:45 UTC 2019 

All autopkgtests for the newly accepted python2.7 (2.7.17-1~18.04) for bionic have finished running.
The following regressions have been reported in tests triggered by the package:

pdal/unknown (armhf)
mercurial/4.5.3-1ubuntu2.1 (arm64)


Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-
migration/bionic/update_excuses.html#python2.7

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to python2.7 in Ubuntu.
https://bugs.launchpad.net/bugs/1808476

Title:
  Please bump libssl1.1 dependency to at least >= 1.1.1, as headers leak
  constants

Status in python2.7 package in Ubuntu:
  Fix Released
Status in python2.7 source package in Bionic:
  Fix Committed
Status in python2.7 source package in Cosmic:
  Fix Released
Status in python2.7 source package in Disco:
  Fix Released

Bug description:
  [Impact]

  $ python -c 'import ssl; print(ssl.OP_NO_TLSv1_3)'

  Prints 0, for python2.7 built against 1.1.0 headers, yet prints
  536870912 when built against 1.1.1 irrespective of the runtime
  libssl1.1 library version.

  This may yield confusion, especially since ssl.OPENSSL_VERSION reports
  runtime libssl version, not the version of the libssl headers. Such
  that, e.g. it looks like ssl module is running against 1.1.1, has
  OP_NO_TLSv1_3 option, yet cannot actually use it to disable TLSv1.3.

  Also vice versa, python2.7 build against 1.1.1 can be installed with
  1.1.0 runtime library, and thus OP_NO_TLSv1_3 might be set, which is
  not understood by the runtime library.

  In libpython2.7-stdlib, please bump libssl1.1 version dep to
  "libssl1.1 (>= 1.1.1)" when building against libssl-dev >= 1.1.1.

  python3.x are not affected, as they started to exploit 1.1.1-only
  symbols/features, and thus already have an automatic dep on >= 1.1.1.

  [Test Case]

  Make sure the libssl1.1 build-dependency of python2.7 is at least
  1.1.1.

  [Regression Potential]

  Potentially none, besides the usual regression potential of new
  rebuilds.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python2.7/+bug/1808476/+subscriptions

More information about the foundations-bugs mailing list