proposed-migration for m2crypto 0.40.1-2build1

Bug #2059156 reported by Steve Langasek
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
m2crypto (Ubuntu)
Status tracked in Oracular
Noble
Fix Committed
High
Spyros Seimenis
Oracular
Fix Released
High
Spyros Seimenis

Bug Description

[ Impact ]

 * Users of the m2crypto library on i386 face potential breakage since the timeout code in SSL doesn't account for t64 support.

 * This was causing autopkgtests failures and is currently regressed in baseline.

 * The proposed patch uses "long long" instead of "long" when packing time values that are used as arguments to library calls that use time_t structures but excludes i386 and i686 from this new behavior since support for t64 hasn't been added for those architectures.

[ Test Plan ]

 * Test by running the test suite (or the autopkgtests) on an armhf system will cause tests to fail.

 * the failed test can be run by issuing `python3 -munittest -v tests.test_ssl.MiscSSLClientTestCase` or by running the autopkgtests.

 * after applying the patch, running the autopkgtest suite both in an armhf and an i386 host.

[ Where problems could occur ]

 * The package features an example SSL connection client which uses the affected code. In case of further breakage caused by the patch, users of that SSL client would be affected.

[ Other Info ]

 * This has been fixed in Oracular and in Debian.

[Original report]

m2crypto 0.40.1-2build1 fails tests on armhf:

423s =================================== FAILURES ==============================
=====
423s ______________ MiscSSLClientTestCase.test_server_simple_timeouts __________
_____
423s
423s self = <tests.test_ssl.MiscSSLClientTestCase testMethod=test_server_simple_
timeouts>
423s
423s def test_server_simple_timeouts(self):
423s pid = self.start_server(self.args)
423s # Arbitrary value:
423s test_timeout_sec = 909
423s # Linux rounds microseconds in the timeouts up to the HZ kernel par
ameter.
423s # Windows rounds down to milliseconds.
423s # To avoid checking for rounded values, pick interval long enough
423s # so that it is a whole number of ms and HZ for any reasonable HZ v
alue.
423s test_timeout_microsec = 500000
423s
423s try:
423s with self.assertRaises(ValueError):
423s SSL.Context('tlsv5')
423s ctx = SSL.Context()
423s s = SSL.Connection(ctx)
423s
423s r = s.get_socket_read_timeout()
423s w = s.get_socket_write_timeout()
423s self.assertEqual(r.sec, 0, r.sec)
423s self.assertEqual(r.microsec, 0, r.microsec)
423s self.assertEqual(w.sec, 0, w.sec)
423s self.assertEqual(w.microsec, 0, w.microsec)
423s
423s > s.set_socket_read_timeout(SSL.timeout())

"timeout" means time_t regression.

Steve Langasek (vorlon)
Changed in m2crypto (Ubuntu):
assignee: nobody → Steve Langasek (vorlon)
tags: added: time-t
description: updated
Changed in m2crypto (Ubuntu):
importance: Undecided → High
assignee: Steve Langasek (vorlon) → nobody
Changed in m2crypto (Ubuntu):
assignee: nobody → Spyros Seimenis (sespiros)
Revision history for this message
Matthias Klose (doko) wrote :

that seems to be fixed in 0.40.1-3 in oracular

Changed in m2crypto (Ubuntu):
assignee: Spyros Seimenis (sespiros) → nobody
status: New → Fix Released
Revision history for this message
Spyros Seimenis (sespiros) wrote :

Reopening as this was successful due to a hint that was later removed in https://git.launchpad.net/~ubuntu-release/britney/+git/hints-ubuntu/commit/?id=ab625ed721aff11293f445987e1b4983b67112c4.

The autopkgtests are still failing.

Changed in m2crypto (Ubuntu):
status: Fix Released → In Progress
assignee: nobody → Spyros Seimenis (sespiros)
Changed in m2crypto (Ubuntu Noble):
status: New → In Progress
assignee: nobody → Spyros Seimenis (sespiros)
importance: Undecided → High
Revision history for this message
Spyros Seimenis (sespiros) wrote :

Attaching the debdiff for noble and subscribing ubuntu-sponsors. I will submit the fix for oracular in Debian instead.

Revision history for this message
Benjamin Drung (bdrung) wrote :

The diff for 0.40.1-3 does not mention fixing timeout time_t issue. Can you explain how oracular is fixed? Was this fix forwarded to upstream?

Revision history for this message
Spyros Seimenis (sespiros) wrote :
Revision history for this message
Simon Chopin (schopin) wrote :

Having a proper upstream fix is way more involved, because we can't *know* what the time_t size is on any random system. It's probably a good idea to open a bug in their tracker to let them figure it out, though ;).

While the version in your Noble debdiff is technically OK since we already have a 0.40.1-3 in Oracular, we usually expect SRUs to use the schema documented there https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Update_the_packaging

(which I'm sure you're already familiar with ;) ).

Revision history for this message
Simon Chopin (schopin) wrote :

Also, thanks for using the DEP-3 headers on the patch, however Launchpad bugs should usually go in the Bug-Ubuntu field, leaving Bug: for any potential upstream bug.

Revision history for this message
Steve Langasek (vorlon) wrote :

Note for the record that this is now regressed in baseline (in the release pocket) and therefore does not block migrations, which is why the hint was dropped as no longer required. Fixing the tests so that they pass is of course ideal.

Revision history for this message
Spyros Seimenis (sespiros) wrote :

Uploaded debdiff for oracular.

Revision history for this message
Spyros Seimenis (sespiros) wrote :
Revision history for this message
Simon Quigley (tsimonq2) wrote :

Hi Spyros,

The package is orphaned in Debian, so I have gone ahead with an upload there. I added the Debian bug to the DEP-3 headers, and ordered the patch so it is the last one in the list instead of the first one.

In order to get this into Noble, an SRU bug template is required. For more details, please see this link: https://wiki.ubuntu.com/StableReleaseUpdates#SRU_Bug_Template (of course, if an SRU team member disagrees we can move forward without it; I am unsure of the implications in Noble.)

Unsubscribing sponsors for now, please feel free to resubscribe sponsors once the paperwork is done for Noble.

Thanks!

Changed in m2crypto (Ubuntu Oracular):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package m2crypto - 0.40.1-4

---------------
m2crypto (0.40.1-4) unstable; urgency=medium

  [ Simon Quigley ]
  * QA upload (Closes: #1072341).

  [ Spyros Seimenis ]
  * debian/patches/fix-ssl-timeout-for-t64.patch: Fix SSL timeout struct
    on 32-bit systems with 64-bit time_t. Closes LP: #2059156.

 -- Simon Quigley <email address hidden> Wed, 05 Jun 2024 09:12:03 -0500

Changed in m2crypto (Ubuntu Oracular):
status: Fix Committed → Fix Released
description: updated
Revision history for this message
Graham Inggs (ginggs) wrote :

Uploaded to Noble with minor changes:
closed this bug in the changelog
DEP-3 headers as per the upload to Debian

Revision history for this message
Timo Aaltonen (tjaalton) wrote : Please test proposed package

Hello Steve, or anyone else affected,

Accepted m2crypto into noble-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/m2crypto/0.40.1-2ubuntu1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-noble to verification-done-noble. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-noble. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in m2crypto (Ubuntu Noble):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-noble
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.