Source: pyjwt, azure-cli
Control: found -1 pyjwt/2.1.0-1
Control: found -1 azure-cli/2.18.0-2
Severity: serious
Tags: sid bookworm
X-Debbugs-CC: debian-ci@lists.debian.org
User: debian-ci@lists.debian.org
Usertags: breaks needs-update
Dear maintainer(s),
With a recent upload of pyjwt the autopkgtest of azure-cli fails in
testing when that autopkgtest is run with the binary packages of pyjwt
from unstable. It passes when run with only packages from testing. In
tabular form:
pass fail
pyjwt from testing 2.1.0-1
azure-cli from testing 2.18.0-2
all others from testing from testing
I copied some of the output at the bottom of this report.
Currently this regression is blocking the migration of pyjwt to testing
[1]. Due to the nature of this issue, I filed this bug report against
both packages. Can you please investigate the situation and reassign the
bug to the right package?
More information about this bug and the reason for filing it can be found on
https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation
Paul
[1] https://qa.debian.org/excuses.php?package=pyjwt
https://ci.debian.net/data/autopkgtest/testing/amd64/a/azure-cli/15220083/log.gz
=================================== FAILURES
===================================
_____________ TestProfile.test_find_subscriptions_in_cloud_console
_____________
self = <jwt.algorithms.RSAAlgorithm object at 0x7f8308a46ac0>, key = b''
def prepare_key(self, key):
if isinstance(key, RSAPrivateKey) or isinstance(key, RSAPublicKey):
return key
if isinstance(key, (bytes, str)):
key = force_bytes(key)
try:
if key.startswith(b"ssh-rsa"):
key = load_ssh_public_key(key)
else:
> key = load_pem_private_key(key, password=None)
/usr/lib/python3/dist-packages/jwt/algorithms.py:256:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
_ _ _ _
data = b'', password = None
backend = <cryptography.hazmat.backends.openssl.backend.Backend object
at 0x7f8308b5c5b0>
def load_pem_private_key(data, password, backend=None):
backend = _get_backend(backend)
> return backend.load_pem_private_key(data, password)
/usr/lib/python3/dist-packages/cryptography/hazmat/primitives/serialization/base.py:18:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
_ _ _ _
self = <cryptography.hazmat.backends.openssl.backend.Backend object at
0x7f8308b5c5b0>
data = b'', password = None
def load_pem_private_key(self, data, password):
> return self._load_key(
self._lib.PEM_read_bio_PrivateKey,
self._evp_pkey_to_private_key,
data,
password,
)
/usr/lib/python3/dist-packages/cryptography/hazmat/backends/openssl/backend.py:1244:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
_ _ _ _
self = <cryptography.hazmat.backends.openssl.backend.Backend object at
0x7f8308b5c5b0>
openssl_read_func = <built-in method PEM_read_bio_PrivateKey of
_cffi_backend.Lib object at 0x7f8308c24590>
convert_func = <bound method Backend._evp_pkey_to_private_key of
<cryptography.hazmat.backends.openssl.backend.Backend object at
0x7f8308b5c5b0>>
data = b'', password = None
def _load_key(self, openssl_read_func, convert_func, data, password):
mem_bio = self._bytes_to_bio(data)
userdata = self._ffi.new("CRYPTOGRAPHY_PASSWORD_DATA *")
if password is not None:
utils._check_byteslike("password", password)
password_ptr = self._ffi.from_buffer(password)
userdata.password = password_ptr
userdata.length = len(password)
evp_pkey = openssl_read_func(
mem_bio.bio,
self._ffi.NULL,
self._ffi.addressof(
self._lib._original_lib, "Cryptography_pem_password_cb"
),
userdata,
)
if evp_pkey == self._ffi.NULL:
if userdata.error != 0:
self._consume_errors()
if userdata.error == -1:
raise TypeError(
"Password was not given but private key is
encrypted"
)
else:
assert userdata.error == -2
raise ValueError(
"Passwords longer than {} bytes are not supported "
"by this backend.".format(userdata.maxsize - 1)
)
else:
> self._handle_key_loading_error()
/usr/lib/python3/dist-packages/cryptography/hazmat/backends/openssl/backend.py:1475:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
_ _ _ _
self = <cryptography.hazmat.backends.openssl.backend.Backend object at
0x7f8308b5c5b0>
def _handle_key_loading_error(self):
errors = self._consume_errors()
if not errors:
raise ValueError(
"Could not deserialize key data. The data may be in an "
"incorrect format or it may be encrypted with an
unsupported "
"algorithm."
)
elif errors[0]._lib_reason_match(
self._lib.ERR_LIB_EVP, self._lib.EVP_R_BAD_DECRYPT
) or errors[0]._lib_reason_match(
self._lib.ERR_LIB_PKCS12,
self._lib.PKCS12_R_PKCS12_CIPHERFINAL_ERROR,
):
raise ValueError("Bad decrypt. Incorrect password?")
elif any(
error._lib_reason_match(
self._lib.ERR_LIB_EVP,
self._lib.EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM,
)
for error in errors
):
raise ValueError("Unsupported public key algorithm.")
else:
> raise ValueError(
"Could not deserialize key data. The data may be in an "
"incorrect format or it may be encrypted with an
unsupported "
"algorithm."
)
E ValueError: Could not deserialize key data. The data may be
in an incorrect format or it may be encrypted with an unsupported algorithm.
/usr/lib/python3/dist-packages/cryptography/hazmat/backends/openssl/backend.py:1517:
ValueError
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature