[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS
Gianfranco Costamagna
costamagnagianfranco at yahoo.it
Mon Apr 29 10:41:25 UTC 2019
python-tornado FTBFS with this proposed-pocket.
see e.g. the good build
https://launchpadlibrarian.net/421462446/buildlog_ubuntu-bionic-ppc64el.python-tornado_4.5.3-1build1_BUILDING.txt.gz
(release only pocket)
and the bad one:
https://launchpadlibrarian.net/421443840/buildlog_ubuntu-bionic-amd64.python-tornado_4.5.3-1build1_BUILDING.txt.gz
(proposed pocket)
test_inline_read_error (tornado.test.iostream_test.TestIOStreamSSL) ... FAIL
test_read_until_close_after_close (tornado.test.iostream_test.TestIOStreamSSL) ... FAIL
test_streaming_read_until_close_after_close (tornado.test.iostream_test.TestIOStreamSSL) ... FAIL
test_write_zero_bytes (tornado.test.iostream_test.TestIOStreamSSL) ... FAIL
test_inline_read_error (tornado.test.iostream_test.TestIOStreamSSLContext) ... FAIL
test_read_until_close_after_close (tornado.test.iostream_test.TestIOStreamSSLContext) ... FAIL
test_streaming_read_until_close_after_close (tornado.test.iostream_test.TestIOStreamSSLContext) ... FAIL
test_write_zero_bytes (tornado.test.iostream_test.TestIOStreamSSLContext) ... FAIL
======================================================================
FAIL: test_inline_read_error (tornado.test.iostream_test.TestIOStreamSSL)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/<<PKGBUILDDIR>>/tornado/testing.py", line 136, in __call__
result = self.orig_method(*args, **kwargs)
File "/<<PKGBUILDDIR>>/tornado/test/iostream_test.py", line 556, in test_inline_read_error
server.read_bytes(1, lambda data: None)
AssertionError: error not raised
======================================================================
FAIL: test_read_until_close_after_close (tornado.test.iostream_test.TestIOStreamSSL)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/<<PKGBUILDDIR>>/tornado/testing.py", line 136, in __call__
result = self.orig_method(*args, **kwargs)
File "/<<PKGBUILDDIR>>/tornado/test/iostream_test.py", line 451, in test_read_until_close_after_close
data = self.wait()
File "/<<PKGBUILDDIR>>/tornado/testing.py", line 336, in wait
self.__rethrow()
File "/<<PKGBUILDDIR>>/tornado/testing.py", line 272, in __rethrow
raise_exc_info(failure)
File "/<<PKGBUILDDIR>>/tornado/testing.py", line 320, in timeout_func
timeout)
AssertionError: Async operation timed out after 5 seconds
======================================================================
FAIL: test_streaming_read_until_close_after_close (tornado.test.iostream_test.TestIOStreamSSL)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/<<PKGBUILDDIR>>/tornado/testing.py", line 136, in __call__
result = self.orig_method(*args, **kwargs)
File "/<<PKGBUILDDIR>>/tornado/test/iostream_test.py", line 481, in test_streaming_read_until_close_after_close
data = self.wait()
File "/<<PKGBUILDDIR>>/tornado/testing.py", line 336, in wait
self.__rethrow()
File "/<<PKGBUILDDIR>>/tornado/testing.py", line 272, in __rethrow
raise_exc_info(failure)
File "/<<PKGBUILDDIR>>/tornado/testing.py", line 320, in timeout_func
timeout)
AssertionError: Async operation timed out after 5 seconds
======================================================================
FAIL: test_write_zero_bytes (tornado.test.iostream_test.TestIOStreamSSL)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/<<PKGBUILDDIR>>/tornado/testing.py", line 136, in __call__
result = self.orig_method(*args, **kwargs)
File "/<<PKGBUILDDIR>>/tornado/test/iostream_test.py", line 220, in test_write_zero_bytes
self.wait()
File "/<<PKGBUILDDIR>>/tornado/testing.py", line 336, in wait
self.__rethrow()
File "/<<PKGBUILDDIR>>/tornado/testing.py", line 272, in __rethrow
raise_exc_info(failure)
File "/<<PKGBUILDDIR>>/tornado/testing.py", line 320, in timeout_func
timeout)
AssertionError: Async operation timed out after 5 seconds
======================================================================
FAIL: test_inline_read_error (tornado.test.iostream_test.TestIOStreamSSLContext)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/<<PKGBUILDDIR>>/tornado/testing.py", line 136, in __call__
result = self.orig_method(*args, **kwargs)
File "/<<PKGBUILDDIR>>/tornado/test/iostream_test.py", line 556, in test_inline_read_error
server.read_bytes(1, lambda data: None)
AssertionError: error not raised
======================================================================
FAIL: test_read_until_close_after_close (tornado.test.iostream_test.TestIOStreamSSLContext)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/<<PKGBUILDDIR>>/tornado/testing.py", line 136, in __call__
result = self.orig_method(*args, **kwargs)
File "/<<PKGBUILDDIR>>/tornado/test/iostream_test.py", line 451, in test_read_until_close_after_close
data = self.wait()
File "/<<PKGBUILDDIR>>/tornado/testing.py", line 336, in wait
self.__rethrow()
File "/<<PKGBUILDDIR>>/tornado/testing.py", line 272, in __rethrow
raise_exc_info(failure)
File "/<<PKGBUILDDIR>>/tornado/testing.py", line 320, in timeout_func
timeout)
AssertionError: Async operation timed out after 5 seconds
======================================================================
FAIL: test_streaming_read_until_close_after_close (tornado.test.iostream_test.TestIOStreamSSLContext)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/<<PKGBUILDDIR>>/tornado/testing.py", line 136, in __call__
result = self.orig_method(*args, **kwargs)
File "/<<PKGBUILDDIR>>/tornado/test/iostream_test.py", line 481, in test_streaming_read_until_close_after_close
data = self.wait()
File "/<<PKGBUILDDIR>>/tornado/testing.py", line 336, in wait
self.__rethrow()
File "/<<PKGBUILDDIR>>/tornado/testing.py", line 272, in __rethrow
raise_exc_info(failure)
File "/<<PKGBUILDDIR>>/tornado/testing.py", line 320, in timeout_func
timeout)
AssertionError: Async operation timed out after 5 seconds
======================================================================
FAIL: test_write_zero_bytes (tornado.test.iostream_test.TestIOStreamSSLContext)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/<<PKGBUILDDIR>>/tornado/testing.py", line 136, in __call__
result = self.orig_method(*args, **kwargs)
File "/<<PKGBUILDDIR>>/tornado/test/iostream_test.py", line 220, in test_write_zero_bytes
self.wait()
File "/<<PKGBUILDDIR>>/tornado/testing.py", line 336, in wait
self.__rethrow()
File "/<<PKGBUILDDIR>>/tornado/testing.py", line 272, in __rethrow
raise_exc_info(failure)
File "/<<PKGBUILDDIR>>/tornado/testing.py", line 320, in timeout_func
timeout)
AssertionError: Async operation timed out after 5 seconds
** Also affects: python-tornado (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1797386
Title:
[SRU] OpenSSL 1.1.1 to 18.04 LTS
Status in openssl package in Ubuntu:
Fix Released
Status in python-tornado package in Ubuntu:
New
Status in libio-socket-ssl-perl source package in Bionic:
Incomplete
Status in libnet-ssleay-perl source package in Bionic:
Incomplete
Status in nova source package in Bionic:
Confirmed
Status in openssl source package in Bionic:
Fix Committed
Status in python-cryptography source package in Bionic:
Fix Committed
Status in python2.7 source package in Bionic:
Fix Committed
Status in python3.6 source package in Bionic:
Fix Committed
Status in python3.7 source package in Bionic:
Fix Committed
Status in r-cran-openssl source package in Bionic:
Fix Committed
Status in ruby-openssl source package in Bionic:
Fix Committed
Status in ruby2.5 source package in Bionic:
Confirmed
Bug description:
[Impact]
* OpenSSL 1.1.1 is an LTS release upstream, which will continue to
receive security support for much longer than 1.1.0 series will.
* OpenSSL 1.1.1 comes with support for TLS v1.3 which is expected to
be rapidly adopted due to increased set of supported hashes & algoes,
as well as improved handshake [re-]negotiation.
* OpenSSL 1.1.1 comes with improved hw-acceleration capabilities.
* OpenSSL 1.1.1 is ABI/API compatible with 1.1.0, however some
software is sensitive to the negotiation handshake and may either need
patches/improvements or clamp-down to maximum v1.2.
[Test Case]
* Rebuild all reverse dependencies
* Execute autopkg tests for all of them
* Clamp down to TLS v1.2 software that does not support TLS v1.3
(e.g. mongodb)
* Backport TLS v1.3 support patches, where applicable
[Test cases for the python updates]
python3.7 is a preview in bionic as a non-supported/non-default
version of python3. Passing it's own autopkgtests is sufficient
validation for python3.7. It includes a point release update, with
OpenSSL 1.1.1 compat and features.
python3.6 not only has OpenSSL 1.1.1 compat and features patches, but
also includes a point release update to 3.6.8. It has been part of the
full-archive rebuild and regression analysis. Autopkgtests were
triggered for python3.6 and python3-defaults with regressions already
fixed in the individual packages as appropriate.
python2.7 has the update from .15~rc1 to .15 final, with OpenSSL 1.1.1
compat only. It has been part of the full-archive rebuild and
regression analysis. Autopkgtests were triggered for python2.7 and
python-defaults with regressions already fixed in the individual
packages as appropriate.
The archive rebuilds done, were commulative with OpenJDK 11, OpenSSL 1.1.1 and python point releases as seen in:
http://people.canonical.com/~doko/ftbfs-report/test-rebuild-20181222-bionic.html
http://people.canonical.com/~doko/ftbfs-report/test-rebuild-20181222-test-bionic.html
And analyzed in
https://docs.google.com/spreadsheets/d/1tMIwlwoHH_1h5sbvUbNac6-HIPKi3e0Xr8ebchIOU1A/edit#gid=147857652
[Regression Potential]
* Connectivity interop is the biggest issues which will be
unavoidable with introducing TLS v1.3. However, tests on cosmic
demonstrate that curl/nginx/google-chrome/mozilla-firefox connect and
negotiate TLS v1.3 without issues.
* Mitigation of discovered connectivity issues will be possible by
clamping down to TLS v1.2 in either server-side or client-side
software or by backporting relevant support fixes
* Notable changes are listed here
https://wiki.openssl.org/index.php/TLS1.3
* Most common connectivity issues so far:
- client verifies SNI in TLSv1.3 mode, yet client doesn't set hostname. Solution is client change to set hostname, or to clamp down the client to TLSv1.2.
- session negotiation is different in TLSv1.3, existing client code
may fail to create/negotiate/resume session. Clients need to learn how
to use session callback.
* This update bundles python 3.6 and 3.7 point releases
[Other Info]
* Previous FFe for OpenSSL in 18.10 is at
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1793092
* TLS v1.3 support in NSS is expected to make it to 18.04 via
security updates
* TLS v1.3 support in GnuTLS is expected to be available in 19.04
* Test OpenSSL is being prepared in
https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/3473
[Autopkgtest Regressions]
dovecot/armhf - flakey
libnet-ssleay-perl - awaiting sru accept into proposed of
libnet-ssleay-perl and libio-socket-ssl-perl due to fixes and
versioned breaks.
linux* - rebuild testcases passes (for some edge flavours the build
fails in non-ssl portions of the build), ubuntu-regression-suite
testcase fails for a few variants but should have been skipped (in
progress to be fixed in
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1823056)
openvswitch/i386 - extremely flakey, errors out or fails mostly
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1797386/+subscriptions
More information about the foundations-bugs
mailing list