Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: car...@debian.org,bl...@debian.org,g...@debian.org
Hi SRM,
[ Reason ]
After the zeromq3 update to address CVE-2020-15166 Laszlo noticed that
the TestAsyncioAuthentication::test_blacklist was hanging. Luca
investigated the issue further an noticed that pyzmq was actually
relying in the test on the broken behaviour of zeromq3 which got
fixed.
[ Impact ]
When there would be need of an update of pyzmq in buster the test
suite would fail with the updated zeromq3 package.
[ Tests ]
Did run the full package build and so in particular the test suite
with the fixed zeromq3 and the patched pyzmq.
[ Risks ]
The updates involves only fixing the broken test, so I would consider
the risk minimal.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
Test is fixed and not relying anymore on the broken behaviour of
zeromq3.
Regards,
Salvatore
diff -Nru pyzmq-17.1.2/debian/changelog pyzmq-17.1.2/debian/changelog
--- pyzmq-17.1.2/debian/changelog 2019-01-19 22:26:02.0 +0100
+++ pyzmq-17.1.2/debian/changelog 2020-09-18 21:43:25.0 +0200
@@ -1,3 +1,10 @@
+pyzmq (17.1.2-2+deb10u1) buster; urgency=medium
+
+ * Non-maintainer upload.
+ * asyncio: wait for POLLOUT on sender in can_connect (Closes: #970567)
+
+ -- Salvatore Bonaccorso Fri, 18 Sep 2020 21:43:25 +0200
+
pyzmq (17.1.2-2) unstable; urgency=medium
[ Luca Boccassi ]
diff -Nru
pyzmq-17.1.2/debian/patches/asyncio-wait-for-POLLOUT-on-sender-in-can_connect.patch
pyzmq-17.1.2/debian/patches/asyncio-wait-for-POLLOUT-on-sender-in-can_connect.patch
---
pyzmq-17.1.2/debian/patches/asyncio-wait-for-POLLOUT-on-sender-in-can_connect.patch
1970-01-01 01:00:00.0 +0100
+++
pyzmq-17.1.2/debian/patches/asyncio-wait-for-POLLOUT-on-sender-in-can_connect.patch
2020-09-18 21:43:25.0 +0200
@@ -0,0 +1,24 @@
+From: Min RK
+Date: Wed, 9 Sep 2020 10:16:36 +0200
+Subject: asyncio: wait for POLLOUT on sender in can_connect
+Origin:
https://github.com/zeromq/pyzmq/commit/afd72820946f544790c6f70d90ba50eb29f1c6e1
+Bug: https://github.com/zeromq/pyzmq/issues/1418
+Bug-Debian: https://bugs.debian.org/970567
+
+matches login in thread, because POLLOUT will only be set if connection is
allowed
+---
+ zmq/tests/asyncio/_test_asyncio.py | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/zmq/tests/asyncio/_test_asyncio.py
b/zmq/tests/asyncio/_test_asyncio.py
+@@ -384,7 +384,8 @@ class TestAsyncioAuthentication(TestThre
+ port = server.bind_to_random_port(iface)
+ client.connect("%s:%i" % (iface, port))
+ msg = [b"Hello World"]
+-yield from server.send_multipart(msg)
++if (yield from server.poll(1000, zmq.POLLOUT)):
++yield from server.send_multipart(msg)
+ if (yield from client.poll(1000)):
+ rcvd_msg = yield from client.recv_multipart()
+ self.assertEqual(rcvd_msg, msg)
diff -Nru pyzmq-17.1.2/debian/patches/series pyzmq-17.1.2/debian/patches/series
--- pyzmq-17.1.2/debian/patches/series 2019-01-19 21:47:22.0 +0100
+++ pyzmq-17.1.2/debian/patches/series 2020-09-18 21:43:25.0 +0200
@@ -2,3 +2,4 @@
cffi-fix.patch
skip_large_send
fix_monitor_test.patch
+asyncio-wait-for-POLLOUT-on-sender-in-can_connect.patch
