Source: python3.7 Version: 3.7.0-5 X-Debbugs-CC: debian-ci@lists.debian.org, openssl@packages.debian.org User: debian-ci@lists.debian.org Usertags: needs-update Control: affects -1 src:openssl Control: block 907015 by -1 Dear maintainers, With a recent upload of openssl the autopkgtest of python3.7 started to fail in testing. I copied the some of the output below. Currently this regression is contributing to the delay of the migration of openssl to testing [1]. Of course, openssl shouldn't just break your autopkgtest (or even worse, your package), but it seems to me that the change in openssl was intended and your package needs to update to the new situation. If needed, please change the bug's severity. If this is a real problem in your package (and not only in your autopkgtest), the right binary package(s) from openssl should really add a versioned Breaks on the unfixed version of (one of your) package(s), hence I added a blocking relation on the openssl bug that tracks that. Note: the Breaks is nice even if the issue is only in the autopkgtest as it helps the migration software to figure out the right versions to combine in the tests. A quote from the openssl maintainer about the openssl update: " This is probably the result of the default openssl.cfg now having: [system_default_sect] MinProtocol = TLSv1.2 CipherString = DEFAULT@SECLEVEL=2 Where the SECLEVEL 2 requires a 112 / 2048 bit security level. " More information about this bug and the reason for filing it can be found on https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation Paul [1] https://qa.debian.org/excuses.php?package=openssl https://ci.debian.net/data/autopkgtest/testing/amd64/p/python3.7/869649/log.gz test_ciphers (test.test_ssl.SimpleBackgroundTests) ... server: new connection from ('127.0.0.1', 36034) server: bad connection attempt from ('127.0.0.1', 36034): Traceback (most recent call last): File "/usr/lib/python3.7/test/test_ssl.py", line 2126, in wrap_conn self.sock, server_side=True) File "/usr/lib/python3.7/ssl.py", line 412, in wrap_socket session=session File "/usr/lib/python3.7/ssl.py", line 850, in _create self.do_handshake() File "/usr/lib/python3.7/ssl.py", line 1108, in do_handshake self._sslobj.do_handshake() BrokenPipeError: [Errno 32] Broken pipe server: new connection from ('127.0.0.1', 36036) server: bad connection attempt from ('127.0.0.1', 36036): Traceback (most recent call last): File "/usr/lib/python3.7/test/test_ssl.py", line 2126, in wrap_conn self.sock, server_side=True) File "/usr/lib/python3.7/ssl.py", line 412, in wrap_socket session=session File "/usr/lib/python3.7/ssl.py", line 850, in _create self.do_handshake() File "/usr/lib/python3.7/ssl.py", line 1108, in do_handshake self._sslobj.do_handshake() BrokenPipeError: [Errno 32] Broken pipe ====================================================================== FAIL: test_options (test.test_ssl.ContextTests) ---------------------------------------------------------------------- Traceback (most recent call last): File "/usr/lib/python3.7/test/test_ssl.py", line 1030, in test_options self.assertEqual(default, ctx.options) AssertionError: <Opti[26 chars]CIPHER_SERVER_PREFERENCE|OP_NO_COMPRESSION: 2185363540> != <Opti[26 chars]CIPHER_SERVER_PREFERENCE|1048576|OP_NO_COMPRESSION: 2186412116> ====================================================================== FAIL: test_default_ecdh_curve (test.test_ssl.ThreadedTests) ---------------------------------------------------------------------- Traceback (most recent call last): File "/usr/lib/python3.7/test/test_ssl.py", line 3646, in test_default_ecdh_curve self.assertIn("ECDH", s.cipher()[0]) AssertionError: 'ECDH' not found in 'TLS_AES_256_GCM_SHA384' ====================================================================== FAIL: test_version_basic (test.test_ssl.ThreadedTests) ---------------------------------------------------------------------- Traceback (most recent call last): File "/usr/lib/python3.7/test/test_ssl.py", line 3550, in test_version_basic self.assertEqual(s.version(), 'TLSv1.2') AssertionError: 'TLSv1.3' != 'TLSv1.2' - TLSv1.3 ? ^ + TLSv1.2 ? ^
Attachment:
signature.asc
Description: OpenPGP digital signature