Re: mailer.py commit says TypeError: must be unicode, not str

[Kenneth Porter]

On 2/8/2018 4:35 AM, Daniel Shahaf wrote:

So, just to be clear, the problem is that svn/fs.py is not py3
compatible, and having the 'builtins' module under py2 merely
exposes that?  I.e., we have no reason to suspect a bug in the 'future'
package's implementation of builtins.open() under py2.


That's my interpretation. As I said at the start of the thread, it was 
never clear why the internal temporary file was opened in text mode and 
update mode when the code was first written.

Re: x509 AlgorithmIdentifier parameters

[Thomas Singer]

Hi Philip,

Thank you for your effort in analyzing this bug and finding work-arounds 
or fixes.


We are using a magic script to build all subversion dependencies, e.g. 
openssl-1.0.2 and cyrus-sasl-2.1.26. I've used the master branch from 
 for compiling (~163MB for the 
master vs. ~24MB for version 1.0.2) which seems to have compiled fine, 
but unfortunately the cyrus-sasl-2.1.26 fails to build. Without actually 
understanding what happens there under the hood, I'm a little bit lost. 
Should cyrus-sasl also be updated to be compatible with the openssl master?


--
Best regards,
Thomas Singer
=
syntevo GmbH
http://www.syntevo.com
http://www.syntevo.com/blog


On 2018-02-03 22:40, Philip Martin wrote:

Philip Martin  writes:


A client using openssl 1.0 will connect to a server serving the
RSASSA-PSS cert.  Clients using openssl 1.1 fail to verify cert.  The
underlying openssl 1.1 error appears to be

   $ openssl s_client -connect localhost:8887 -CAfile apache2/ssl/ca-cert.pem
   ...
   Verify return code: 68 (CA signature digest algorithm too weak)

This suggests that RSASSA-PSS is obsolete, but as I mentioned earlier in
the thread there are recent changes to the openssl project
adding/extending RSASSA-PSS support as part of TLS 1.3:


I built openssl trunk (1.1.1-dev) and it is able to verify the cert:

$ LD_LIBRARY_PATH=/usr/local/openssl/lib /usr/local/openssl/bin/openssl 
s_client -connect localhost:8887 -CAfile=apache2/ssl/ca-cert.pem
...
Verify return code: 0 (ok)

This is exactly the same server and cert that cause openssl 1.1 to fail.

Re: Reviewing 1.10 APIs & compatibility

[Julian Foad]

Philip Martin wrote:

Julian Foad  writes:

Philip Martin wrote:

First I ran the 1.9 testsuite against 1.10 servers
over http:// and svn://.  [...]


Philip, please can you tell me how you did this?

[...]

I also ran the 1.10 testsuite against 1.9 servers over http:// and
svn://.  In order to run the svn:// tests I had to disable part of
ra-test 10 as the 1.9 server doesn't have r1723865 and the 1.10
testsuite would block.

[...]


Perhaps I answered the wrong question.  If you are asking how I disabled
part of ra-test then I simply removed the code and recompiled.  Looking
at it again I'm not sure why I referred to test 10 as the problem code
is in get_dir_test()


I meant how you tested 1.9 against 1.10 and 1.10 against 1.9 in general. 
Thanks for your first reply about that. This additional info is also useful.


- Julian


Index: ../src-1.10/subversion/tests/libsvn_ra/ra-test.c
===
--- ../src-1.10/subversion/tests/libsvn_ra/ra-test.c(revision 1823419)
+++ ../src-1.10/subversion/tests/libsvn_ra/ra-test.c(working copy)
@@ -604,6 +604,7 @@ get_dir_test(const svn_test_opts_t *opts,
  SVN_DIRENT_KIND, pool),
  SVN_ERR_FS_NOT_FOUND);
  
+#if 0

/* Test fetching SVN_DIRENT_SIZE without SVN_DIRENT_KIND. */
SVN_ERR(svn_ra_get_dir2(session, , NULL, NULL, "", 1,
SVN_DIRENT_SIZE, pool));
@@ -611,7 +612,6 @@ get_dir_test(const svn_test_opts_t *opts,
ent = svn_hash_gets(dirents, "A");
SVN_TEST_ASSERT(ent);
  
-#if 0

/* ra_serf has returns SVN_INVALID_SIZE instead of documented zero for
 * for directories. */
SVN_TEST_INT_ASSERT(ent->size, 0);