Re: python-urllib3 1.25.6 uploaded to experimental (closes CVE-2019-11236) but fails build tests

2019-10-12 Thread Daniele Tricoli
Hi Drew,

On 12/10/2019 07:57, Drew Parsons wrote:
> Hi Daniele, just letting you know I uploaded python-urllib3 1.25.6 to
> experimental.

Thanks for taking care of urllib3.

> I was having some SSL trouble connecting to https://pub.orcid.org.  The error
> trace cited urllib3/contrib/pyopenssl.py, so I downloaded and installed
> python-urllib3 1.25.6 to see if updates to default SSL/TLS versions made any
> difference.  It didn't fix my problem, but since I had the package update 
> ready
> I figured I might as well present it to experimental.

I hope to have the time to investigate also this: urllib3/contrib/pyopenssl.py
contains code to have SSL with SNI_-support for Python 2 and it depends on
pyOpenSSL, cryptography and idna. Maybe looking at them can give us more clues.

Also, could you see if using Python3 the connection to https://pub.orcid.org 
work?

> The new version fixes CVE-2019-11236 (Bug#927172).  As far as I can tell it
> also fixes CVE-2019-11324 (Bug#927412), but I figured it's best to let you
> review that.
> 
> Th package build was successful on my system but gives build-time errors in
> chroot (on buildd).  I'm not sure why that's failing.

I will look at them during this weekend, I already had a look at build log from
the phone, but it's better to look from a PC.

Regards,

-- 
  Daniele Tricoli 'eriol'
  https://mornie.org



signature.asc
Description: OpenPGP digital signature


python-urllib3 1.25.6 uploaded to experimental (closes CVE-2019-11236) but fails build tests

2019-10-12 Thread Drew Parsons
Hi Daniele, just letting you know I uploaded python-urllib3 1.25.6 to 
experimental.


I was having some SSL trouble connecting to https://pub.orcid.org.  The 
error trace cited urllib3/contrib/pyopenssl.py, so I downloaded and 
installed python-urllib3 1.25.6 to see if updates to default SSL/TLS 
versions made any difference.  It didn't fix my problem, but since I had 
the package update ready I figured I might as well present it to 
experimental.


The new version fixes CVE-2019-11236 (Bug#927172).  As far as I can tell 
it also fixes CVE-2019-11324 (Bug#927412), but I figured it's best to 
let you review that.


Th package build was successful on my system but gives build-time errors 
in chroot (on buildd).  I'm not sure why that's failing.


Drew