Bug#958496: marked as done (python3-m2crypto: broken by Python3.8 - python3.8 http.client module expects that m2crypto handles short read)

[Debian Bug Tracking System]

Your message dated Fri, 24 Apr 2020 04:03:42 +0000
with message-id <e1jrpz0-000idj...@fasolo.debian.org>
and subject line Bug#958496: fixed in m2crypto 0.35.2-1
has caused the Debian Bug report #958496,
regarding python3-m2crypto: broken by Python3.8 - python3.8 http.client module 
expects that m2crypto handles short read
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
958496: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=958496
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: python3-m2crypto
Version: 0.31.0-9+b1
Severity: grave
Justification: renders package unusable

Dear maintainer,

>From https://gitlab.com/m2crypto/m2crypto/-/merge_requests/242:
        In python3.8 the fp is wrapped in a Buffer.
        SSL.Connection.makefile returns a socketIO which is no buffer.
        SocketIO in 'r' mode:
        use io.BufferedReader
        SocketIO in 'rw' mode:
        use io.BufferedRWPair
At the moment, m2crypto breaks down when chunked reads are done.
See but report https://github.com/openSUSE/osc/issues/783
for more discussion.

I attach a debdiff against the current package. I can confirm that the
upstream fix applies cleanly to the version in Debian and fixes the
problem.

Thanks

Norbert

PS: m2crypto could need an update, too, latest version is 0.35.2


-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.6.5 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages python3-m2crypto depends on:
ii  libc6      2.30-4
ii  libssl1.1  1.1.1g-1
ii  python3    3.8.2-3

python3-m2crypto recommends no packages.

Versions of packages python3-m2crypto suggests:
pn  m2crypto-doc  <none>

-- no debconf information

diff -Nru m2crypto-0.31.0/debian/changelog m2crypto-0.31.0/debian/changelog
--- m2crypto-0.31.0/debian/changelog    2020-01-31 14:17:53.000000000 +0900
+++ m2crypto-0.31.0/debian/changelog    2020-04-23 07:21:19.000000000 +0900
@@ -1,3 +1,13 @@
+m2crypto (0.31.0-9.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix incompatibility with Python 3.8
+    python3.8 http.client module expects that m2crypto handles short read
+    (See https://github.com/openSUSE/osc/issues/783 and
+    https://github.com/openSUSE/osc/issues/783)
+
+ -- Norbert Preining <norb...@preining.info>  Thu, 23 Apr 2020 07:21:19 +0900
+
 m2crypto (0.31.0-9) unstable; urgency=medium
 
   [ Debian Janitor ]
diff -Nru 
m2crypto-0.31.0/debian/patches/d3a43ffe1bfe4c128d6ab7c390419dee68f4ca5a.patch 
m2crypto-0.31.0/debian/patches/d3a43ffe1bfe4c128d6ab7c390419dee68f4ca5a.patch
--- 
m2crypto-0.31.0/debian/patches/d3a43ffe1bfe4c128d6ab7c390419dee68f4ca5a.patch   
    1970-01-01 09:00:00.000000000 +0900
+++ 
m2crypto-0.31.0/debian/patches/d3a43ffe1bfe4c128d6ab7c390419dee68f4ca5a.patch   
    2020-04-23 07:15:49.000000000 +0900
@@ -0,0 +1,47 @@
+From d3a43ffe1bfe4c128d6ab7c390419dee68f4ca5a Mon Sep 17 00:00:00 2001
+From: lethliel <mstr...@suse.de>
+Date: Wed, 19 Feb 2020 11:53:05 +0100
+Subject: [PATCH] wrap SocketIO in io.Buffered* for makefile
+
+In python3.8 the fp is wrapped in a Buffer.
+SSL.Connection.makefile returns a socketIO which is no buffer.
+
+SocketIO in 'r' mode:
+use io.BufferedReader
+
+SocketIO in 'rw' mode:
+use io.BufferedRWPair
+---
+ M2Crypto/SSL/Connection.py | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/M2Crypto/SSL/Connection.py b/M2Crypto/SSL/Connection.py
+index 7053aa6b..01bb61c5 100644
+--- a/M2Crypto/SSL/Connection.py
++++ b/M2Crypto/SSL/Connection.py
+@@ -12,6 +12,7 @@ Copyright 2008 Heikki Toivonen. All rights reserved.
+ 
+ import logging
+ import socket
++import io
+ 
+ from M2Crypto import BIO, Err, X509, m2, py27plus, six, util  # noqa
+ from M2Crypto.SSL import Checker, Context, timeout  # noqa
+@@ -582,9 +583,12 @@ class Connection(object):
+         return m2.ssl_set_cipher_list(self.ssl, cipher_list)
+ 
+     def makefile(self, mode='rb', bufsize=-1):
+-        # type: (AnyStr, int) -> socket._fileobject
++        # type: (AnyStr, int) -> Union[io.BufferedRWPair,io.BufferedReader]
+         if six.PY3:
+-            return socket.SocketIO(self, mode)
++            raw = socket.SocketIO(self, mode)
++            if 'rw' in mode:
++                return io.BufferedRWPair(raw, raw)
++            return io.BufferedReader(raw, io.DEFAULT_BUFFER_SIZE)
+         else:
+             return socket._fileobject(self, mode, bufsize)
+ 
+-- 
+2.26.2
+
diff -Nru m2crypto-0.31.0/debian/patches/series 
m2crypto-0.31.0/debian/patches/series
--- m2crypto-0.31.0/debian/patches/series       2020-01-31 14:17:53.000000000 
+0900
+++ m2crypto-0.31.0/debian/patches/series       2020-04-23 07:18:47.000000000 
+0900
@@ -4,3 +4,4 @@
 0004-Limit-tests.test_rsa.RSATestCase.test_public_encrypt.patch
 0005-tests.test_rsa-Fix-typo-to-match-for-proper-exceptio.patch
 0006-Be-resilient-against-the-situation-when-no-error-hap.patch
+d3a43ffe1bfe4c128d6ab7c390419dee68f4ca5a.patch

--- End Message ---

--- Begin Message ---

Source: m2crypto
Source-Version: 0.35.2-1
Done: Sandro Tosi <mo...@debian.org>

We believe that the bug you reported is fixed in the latest version of
m2crypto, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 958...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sandro Tosi <mo...@debian.org> (supplier of updated m2crypto package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 23 Apr 2020 23:48:21 -0400
Source: m2crypto
Architecture: source
Version: 0.35.2-1
Distribution: unstable
Urgency: medium
Maintainer: Sandro Tosi <mo...@debian.org>
Changed-By: Sandro Tosi <mo...@debian.org>
Closes: 954462 958496
Changes:
 m2crypto (0.35.2-1) unstable; urgency=medium
 .
   * New upstream release
   * run autopkgtests for all python3 supported versions; Closes: #954462
   * debian/copyright
     - update upstream copyright years
     - add myself to copyright, and order entries chrologically
   * debian/control
     - bump Standards-Version to 4.5.0 (no changes needed)
   * debian/patches/*
     - drop almost all patches, merged upstream
   * debian/patches/d3a43ffe1bfe4c128d6ab7c390419dee68f4ca5a.patch
     - add compatibility with python3.8 way of wrapping a fp in a Buffer;
       Closes: #958496
Checksums-Sha1:
 c7257008c4390f12c4673bf830cdf4a80aef316d 2304 m2crypto_0.35.2-1.dsc
 d08f3f28791d34379ec24957a4d70bb3eb4a4016 444256 m2crypto_0.35.2.orig.tar.xz
 9c9eb9e824b818d27938b171d9f0b690607b18ea 58496 m2crypto_0.35.2-1.debian.tar.xz
 23a63bce0c52215d2b8cb496d4a79c9978e221af 8024 
m2crypto_0.35.2-1_source.buildinfo
Checksums-Sha256:
 719deb2e68ced97ad9f0b0c3820ec58770f6af6d0b3a0f7f57336e82dc78440e 2304 
m2crypto_0.35.2-1.dsc
 1526ca976b312e020f13b7728befec278e91956f2c16d1499395b59c7ce4e120 444256 
m2crypto_0.35.2.orig.tar.xz
 9cfb54814c9640df33d09b6cab95b1373040c21b27ea17828a93994ba5387acc 58496 
m2crypto_0.35.2-1.debian.tar.xz
 901b4797f5ce6edb03856dd0b9de1e04ad252b68a463d8201d3c088b3560d1e7 8024 
m2crypto_0.35.2-1_source.buildinfo
Files:
 37b63c5e1cc4de46ed8dbe66add4b700 2304 python optional m2crypto_0.35.2-1.dsc
 7cd1bd05e064dc3748d5141cc3b74001 444256 python optional 
m2crypto_0.35.2.orig.tar.xz
 9f50a8666d8327182a1cedaf6e07e05e 58496 python optional 
m2crypto_0.35.2-1.debian.tar.xz
 c325f4c002fa437e528e7fe74f495a88 8024 python optional 
m2crypto_0.35.2-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEufrTGSrz5KUwnZ05h588mTgBqU8FAl6iYZsACgkQh588mTgB
qU/k6Q/9EHTV0pZ04Y3zaWvfzTnzeKClpXYij34UVqWhimDJKmchB2zTliN6wrF1
1A/wEdIzUqqPBFFNAMBoQLx1pGeHrcqoM7A3Z6b0PM32sm0kWudmfVLSAEd//Cb6
vUFEc6QTsY9ClzMO5znX4+rRrlEuxxTh+qCf1A98Jr2D5fyrAO/Ck5Fd9G29W/BS
6r6wXEJhhgmiJMJ3qKYviEGEfeI5Z69wKdE/LwUdSUqgEgtEjnYEZ/KXDua3qkOz
Mv4zAdfHp8VbQjVtd4V5Lfth5dPFOyavj00UeGT0O1oHe61o9YhhpqTscUTb7WOO
vU6iOpUSfDvpE/tH/2XuE3CEH9s3RMUDq1ARA0qEzcpSEFE2YygfCVBCHMP1oyaz
Q1+8Tr8HcBn5oTju+u0NXWibRzbTQJX7BS64XOCuktAaGOxWSC0riizy302+WUSK
cz/0/VDiITOjjZ43/LSKt4BRRTaEeLwXlF+7uXKL+qobcAUV1a5yxWxrAXeSrO8d
+omRNYyk2iqJUjy72xj2B2HXpd7HArtJuDnkxvDmO7VGO/Xfkvfp1q37xqt9zcB8
6oRM5PEmBHIEOjAM7cxq6+3PwmC5teGfDXEsFJfP8dPfHaPv2EuNSMXQgkYiE2J1
yxgArpe6bx4qzcVQOyKg34eHxyrEwknagsHWKy8k2x8rhQRCGqQ=
=r1Cq
-----END PGP SIGNATURE-----

--- End Message ---