** Tags removed: verification-needed verification-needed-cosmic -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to python2.7 in Ubuntu. https://bugs.launchpad.net/bugs/1808476
Title: Please bump libssl1.1 dependency to at least >= 1.1.1, as headers leak constants Status in python2.7 package in Ubuntu: Fix Released Status in python2.7 source package in Bionic: New Status in python2.7 source package in Cosmic: Fix Released Status in python2.7 source package in Disco: Fix Released Bug description: [Impact] $ python -c 'import ssl; print(ssl.OP_NO_TLSv1_3)' Prints 0, for python2.7 built against 1.1.0 headers, yet prints 536870912 when built against 1.1.1 irrespective of the runtime libssl1.1 library version. This may yield confusion, especially since ssl.OPENSSL_VERSION reports runtime libssl version, not the version of the libssl headers. Such that, e.g. it looks like ssl module is running against 1.1.1, has OP_NO_TLSv1_3 option, yet cannot actually use it to disable TLSv1.3. Also vice versa, python2.7 build against 1.1.1 can be installed with 1.1.0 runtime library, and thus OP_NO_TLSv1_3 might be set, which is not understood by the runtime library. In libpython2.7-stdlib, please bump libssl1.1 version dep to "libssl1.1 (>= 1.1.1)" when building against libssl-dev >= 1.1.1. python3.x are not affected, as they started to exploit 1.1.1-only symbols/features, and thus already have an automatic dep on >= 1.1.1. [Test Case] Make sure the libssl1.1 build-dependency of python2.7 is at least 1.1.1. [Regression Potential] Potentially none, besides the usual regression potential of new rebuilds. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python2.7/+bug/1808476/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
