Your message dated Thu, 22 Jan 2015 13:18:30 +0000 with message-id <20150122131830.GB29173@lupin.home.powdarrmonkey.net> and subject line Re: Bug#775841: unblock: python-astropy/0.4.2-2 has caused the Debian Bug report #775841, regarding unblock: python-astropy/0.4.2-2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 775841: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775841 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: unblock: python-astropy/0.4.2-2
- From: Ole Streicher <olebole@debian.org>
- Date: Tue, 20 Jan 2015 17:17:06 +0100
- Message-id: <[🔎] 20150120161706.5052.16752.reportbug@baikal.ole.ath.cx>
Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: unblock Please unblock package python-astropy Since openSSL removed SSLv2 and SSLv3, building python-astropy failed, which is reported in bug #775780. A debdiff is attached. unblock python-astropy/0.4.2-2 -- System Information: Debian Release: 8.0 APT prefers testing-updates APT policy: (500, 'testing-updates'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)diff -Nru python-astropy-0.4.2/debian/changelog python-astropy-0.4.2/debian/changelog --- python-astropy-0.4.2/debian/changelog 2014-09-24 16:01:03.000000000 +0200 +++ python-astropy-0.4.2/debian/changelog 2015-01-19 21:09:28.000000000 +0100 @@ -1,3 +1,9 @@ +python-astropy (0.4.2-2) unstable; urgency=medium + + * Don't set defalt SSL protocol in vo/samp/client.py. Closes: #775780 + + -- Ole Streicher <olebole@debian.org> Mon, 19 Jan 2015 21:07:18 +0100 + python-astropy (0.4.2-1) unstable; urgency=low * New upstream release. diff -Nru python-astropy-0.4.2/debian/patches/remove_ssl_2_3.patch python-astropy-0.4.2/debian/patches/remove_ssl_2_3.patch --- python-astropy-0.4.2/debian/patches/remove_ssl_2_3.patch 1970-01-01 01:00:00.000000000 +0100 +++ python-astropy-0.4.2/debian/patches/remove_ssl_2_3.patch 2015-01-19 17:21:10.000000000 +0100 @@ -0,0 +1,273 @@ +From: Michael Droettboom <mdboom@gmail.com> +Date: Fri, 16 Jan 2015 09:58:27 -0500 +Subject: [PATCH] Let Python choose the default SSL protocol for us. +--- a/astropy/vo/samp/client.py ++++ b/astropy/vo/samp/client.py +@@ -85,13 +85,13 @@ + passed from the Hub end of the connection. + + ssl_version : int, optional +- Which version of the SSL protocol to use. Typically, the server +- chooses a particular protocol version, and the client must adapt to +- the server's choice. Most of the versions are not interoperable with +- the other versions. If not specified the default SSL version is +- `ssl.PROTOCOL_SSLv23`. This version provides the most compatibility +- with other versions Hub side. Other SSL protocol versions are: +- `ssl.PROTOCOL_SSLv2`, `ssl.PROTOCOL_SSLv3` and `ssl.PROTOCOL_TLSv1`. ++ Which version of the SSL protocol to use. Typically, the ++ server chooses a particular protocol version, and the client ++ must adapt to the server's choice. Most of the versions are ++ not interoperable with the other versions. If not specified, ++ the default SSL version is taken from the default in the ++ installed version of the Python standard `ssl` library. See ++ the `ssl` documentation for more information. + + callable : bool, optional + Whether the client can receive calls and notifications. If set to +@@ -118,9 +118,6 @@ + if description is not None: + metadata["samp.description.text"] = description + +- if SSL_SUPPORT and ssl_version is None: +- ssl_version = ssl.PROTOCOL_SSLv23 +- + self._metadata = metadata + + self._addr = addr +--- a/astropy/vo/samp/hub.py ++++ b/astropy/vo/samp/hub.py +@@ -114,14 +114,14 @@ + passed from the Hub end of the connection. + + ssl_version : int, optional +- The ``ssl_version`` option specifies which version of the SSL protocol +- to use. Typically, the server chooses a particular protocol version, +- and the client must adapt to the server's choice. Most of the versions +- are not interoperable with the other versions. If not specified the +- default SSL version is `ssl.PROTOCOL_SSLv23`. This version provides +- the most compatibility with other versions client side. Other SSL +- protocol versions are: `ssl.PROTOCOL_SSLv2`, `ssl.PROTOCOL_SSLv3` and +- `ssl.PROTOCOL_TLSv1`. ++ The ``ssl_version`` option specifies which version of the SSL ++ protocol to use. Typically, the server chooses a particular ++ protocol version, and the client must adapt to the server's ++ choice. Most of the versions are not interoperable with the ++ other versions. If not specified, the default SSL version is ++ taken from the default in the installed version of the Python ++ standard `ssl` library. See the `ssl` documentation for more ++ information. + + web_profile : bool, optional + Enables or disables the Web Profile support. +@@ -165,9 +165,6 @@ + self._client_timeout = client_timeout + self._pool_size = pool_size + +- if SSL_SUPPORT and ssl_version is None: +- ssl_version = ssl.PROTOCOL_SSLv23 +- + self._web_profile = web_profile + self._web_profile_server = None + self._web_profile_callbacks = {} +--- a/astropy/vo/samp/hub_proxy.py ++++ b/astropy/vo/samp/hub_proxy.py +@@ -78,14 +78,14 @@ + certificate passed from the Hub end of the connection. + + ssl_version : int, optional +- Which version of the SSL protocol to use. Typically, the server +- chooses a particular protocol version, and the client must adapt +- to the server's choice. Most of the versions are not interoperable +- with the other versions. If not specified the default SSL version +- is `ssl.PROTOCOL_SSLv3`. This version provides the most +- compatibility with other versions server side. Other SSL protocol +- versions are: `ssl.PROTOCOL_SSLv2`, `ssl.PROTOCOL_SSLv3` and +- `ssl.PROTOCOL_TLSv1`. ++ Which version of the SSL protocol to use. Typically, the ++ server chooses a particular protocol version, and the ++ client must adapt to the server's choice. Most of the ++ versions are not interoperable with the other versions. If ++ not specified, the default SSL version is taken from the ++ default in the installed version of the Python standard ++ `ssl` library. See the `ssl` documentation for more ++ information. + + pool_size : int, optional + The number of socket connections opened to communicate with the +@@ -95,9 +95,6 @@ + self._connected = False + self.lockfile = {} + +- if SSL_SUPPORT and ssl_version is None: +- ssl_version = ssl.PROTOCOL_SSLv3 +- + if hub is not None and hub_params is not None: + raise ValueError("Cannot specify both hub and hub_params") + +--- a/astropy/vo/samp/hub_script.py ++++ b/astropy/vo/samp/hub_script.py +@@ -148,10 +148,14 @@ + "SSL protocol to use. Typically, the server chooses a particular " + "protocol version, and the client must adapt to the server's choice. " + "Most of the versions are not interoperable with the other versions. " +- "If not specified the default SSL version is SSLv23. This version " +- "provides the most compatibility with other versions client side. " +- "Other SSL protocol versions are: SSLv2, SSLv3 and TLSv1.", +- type=str, choices=["SSLv23", "SSLv2", "SSLv3", "TLSv1"], default="SSLv23") ++ "If not specified the default SSL version is taken from the default in " ++ "the Python standard `ssl` library for the version of Python that is " ++ "installed. Other SSL protocol versions are: SSLv2, SSLv3, SSLv23, " ++ "TLSv1, TLSv1_1, TLSv1_2 but not all of them may be available on all " ++ "versions of Python.", ++ type=str, ++ choices=["SSLv23", "SSLv2", "SSLv3", "TLSv1", "TLSv1_1", "TLSv1_2"], ++ default=None) + + parser.add_argument_group(ssl_group) + +@@ -170,14 +174,14 @@ + else: + options.cert_reqs = ssl.CERT_NONE + +- if options.ssl_version == "SSLv2": +- options.ssl_version = ssl.PROTOCOL_SSLv2 +- elif options.ssl_version == "SSLv3": +- options.ssl_version = ssl.PROTOCOL_SSLv3 +- elif options.ssl_version == "TLSv1": +- options.ssl_version = ssl.PROTOCOL_TLSv1 +- else: +- options.ssl_version = ssl.PROTOCOL_SSLv23 ++ if options.ssl_version is not None: ++ if hasattr(ssl, 'PROTOCOL_' + options.ssl_version): ++ options.ssl_version = getattr( ++ ssl, 'PROTOCOL_' + options.ssl_version) ++ else: ++ raise ValueError( ++ "SSL protocol '{0}' not supported on this version of " ++ "Python".format(options.ssl_version)) + + if options.loglevel in ("OFF", "ERROR", "WARNING", "DEBUG", "INFO"): + log.setLevel(options.loglevel) +--- a/astropy/vo/samp/integrated_client.py ++++ b/astropy/vo/samp/integrated_client.py +@@ -68,13 +68,13 @@ + passed from the Hub end of the connection. + + ssl_version : int, optional +- Which version of the SSL protocol to use. Typically, the server chooses +- a particular protocol version, and the client must adapt to the +- server's choice. Most of the versions are not interoperable with the +- other versions. If not specified the default SSL version is +- `ssl.PROTOCOL_SSLv23`. This version provides the most compatibility +- with other versions Hub side. Other SSL protocol versions are: +- `ssl.PROTOCOL_SSLv2`, `ssl.PROTOCOL_SSLv3` and `ssl.PROTOCOL_TLSv1`. ++ Which version of the SSL protocol to use. Typically, the ++ server chooses a particular protocol version, and the client ++ must adapt to the server's choice. Most of the versions are ++ not interoperable with the other versions. If not specified, ++ the default SSL version is taken from the default in the ++ installed version of the Python standard `ssl` library. See ++ the `ssl` documentation for more information. + + callable : bool, optional + Whether the client can receive calls and notifications. If set to +@@ -167,14 +167,14 @@ + certificate passed from the Hub end of the connection. + + ssl_version : int, optional +- Which version of the SSL protocol to use. Typically, the server +- chooses a particular protocol version, and the client must adapt +- to the server's choice. Most of the versions are not interoperable +- with the other versions. If not specified the default SSL version +- is `ssl.PROTOCOL_SSLv3`. This version provides the most +- compatibility with other versions server side. Other SSL protocol +- versions are: `ssl.PROTOCOL_SSLv2`, `ssl.PROTOCOL_SSLv3` and +- `ssl.PROTOCOL_TLSv1`. ++ Which version of the SSL protocol to use. Typically, the ++ server chooses a particular protocol version, and the ++ client must adapt to the server's choice. Most of the ++ versions are not interoperable with the other versions. If ++ not specified, the default SSL version is taken from the ++ default in the installed version of the Python standard ++ `ssl` library. See the `ssl` documentation for more ++ information. + + pool_size : int, optional + The number of socket connections opened to communicate with the +--- a/astropy/vo/samp/ssl_utils.py ++++ b/astropy/vo/samp/ssl_utils.py +@@ -32,7 +32,7 @@ + + def __init__(self, host, port=None, key_file=None, cert_file=None, + cert_reqs=ssl.CERT_NONE, ca_certs=None, +- ssl_version=ssl.PROTOCOL_SSLv3, strict=None): ++ ssl_version=None, strict=None): + + HTTPConnection.__init__(self, host, port, strict) + +@@ -47,12 +47,18 @@ + + sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + sock.connect((self.host, self.port)) +- sslconn = ssl.wrap_socket(sock, server_side=False, +- certfile=self.cert_file, +- keyfile=self.key_file, +- cert_reqs=self.cert_reqs, +- ca_certs=self.ca_certs, +- ssl_version=self.ssl_version) ++ # We have to explicitly not pass the ssl_version to ++ # `ssl.wrap_socket` if it's None. ++ kwargs = { ++ 'server_size': False, ++ 'certfile': self.cert_file, ++ 'keyfile': self.key_file, ++ 'cert_reqs': self.cert_reqs, ++ 'ca_certs': self.ca_certs, ++ } ++ if self.ssl_version is not None: ++ kwargs['ssl_version'] = self.ssl_version ++ sslconn = ssl.wrap_socket(sock, **args) + self.sock = sslconn + + class HTTPS(HTTP): +@@ -64,7 +70,7 @@ + + def __init__(self, host='', port=None, key_file=None, cert_file=None, + cert_reqs=ssl.CERT_NONE, ca_certs=None, +- ssl_version=ssl.PROTOCOL_SSLv3): ++ ssl_version=None): + + # provide a default host, pass the X509 cert info + +@@ -97,7 +103,7 @@ + + def __init__(self, key_file=None, cert_file=None, + cert_reqs=ssl.CERT_NONE, ca_certs=None, +- ssl_version=ssl.PROTOCOL_SSLv3, strict=None, ++ ssl_version=None, strict=None, + use_datetime=0): + + xmlrpc.Transport.__init__(self, use_datetime) +@@ -151,10 +157,16 @@ + def get_request(self): + # override this to wrap socket with SSL + sock, addr = self.socket.accept() +- sslconn = ssl.wrap_socket(sock, server_side=True, +- certfile=self.cert_file, +- keyfile=self.key_file, +- cert_reqs=self.cert_reqs, +- ca_certs=self.ca_certs, +- ssl_version=self.ssl_version) ++ # We have to explicitly not pass the ssl_version to ++ # `ssl.wrap_socket` if it's None. ++ kwargs = { ++ 'server_side': True, ++ 'certfile': self.cert_file, ++ 'keyfile': self.key_file, ++ 'cert_reqs': self.cert_reqs, ++ 'ca_certs': self.ca_certs ++ } ++ if self.ssl_version is not None: ++ kwargs['ssl_version'] = self.ssl_version ++ sslconn = ssl.wrap_socket(sock, **kwargs) + return sslconn, addr diff -Nru python-astropy-0.4.2/debian/patches/series python-astropy-0.4.2/debian/patches/series --- python-astropy-0.4.2/debian/patches/series 2014-09-24 15:59:41.000000000 +0200 +++ python-astropy-0.4.2/debian/patches/series 2015-01-19 18:07:09.000000000 +0100 @@ -2,3 +2,4 @@ use_extern_ply.patch disable_helper.patch use_wcslib_4.24.patch +remove_ssl_2_3.patch
--- End Message ---
--- Begin Message ---
- To: Ole Streicher <olebole@debian.org>, 775841-done@bugs.debian.org
- Subject: Re: Bug#775841: unblock: python-astropy/0.4.2-2
- From: Jonathan Wiltshire <jmw@debian.org>
- Date: Thu, 22 Jan 2015 13:18:30 +0000
- Message-id: <20150122131830.GB29173@lupin.home.powdarrmonkey.net>
- In-reply-to: <[🔎] 20150120161706.5052.16752.reportbug@baikal.ole.ath.cx>
- References: <[🔎] 20150120161706.5052.16752.reportbug@baikal.ole.ath.cx>
On Tue, Jan 20, 2015 at 05:17:06PM +0100, Ole Streicher wrote: > Since openSSL removed SSLv2 and SSLv3, building python-astropy failed, which is > reported in bug #775780. Unblocked. -- Jonathan Wiltshire jmw@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51Attachment: signature.asc
Description: Digital signature
--- End Message ---