Public bug reported:
The file:
/usr/lib/python2.7/dist-packages/M2Crypto/m2urllib.py
ends with the following snippet (where URLOpener is result of "from urrlib
import *")
# Minor brain surgery.
URLopener.open_https = open_https
This globally replaces urrlib.URLOpener.open_https method with
incompatible version.
The critical difference is in (lack of) error handling. While standard urllib
version ends with analysis of reply status and calls to self.http_error (which
further calls methods like http_error_401 and in the end for example handles
authorization errors), M2Crypto version blindly returns obtained payload
whatever the status is. Final part of M2Crypto's open_https is:
resp = h.getresponse()
fp = resp.fp
return addinfourl(fp, resp.msg, "https:" + url)
while urllib ends with
errcode, errmsg, headers = h.getreply()
# … and plenty of lines follow where addinfourl is used only if 200 <=
errcode < 300,
# otherwise self.http_error is called to handle the error
(there are also differences in preparation phase, I didn't analyse them)
~~~~~~~~~~
In my practice I have an app which subclasses urllib.FancyURLOpener to
provide customized error handling (in fact some custom ways of secrets
loading). After some update of some dependency of dependency of
dependency¹ my code use, M2Crypto appeared in the process and broke all
those callbacks by just never calling them.
¹ For curious: I got M2Crypto in process because keyring library (which I
actually use) for some reason imported keyrings.alt.Google (which I don't use
but keyring iterates over available backends and attempts to import them all)
which imported gdata which imported gdata.tlslite which imported M2Crypto.
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: python-m2crypto 0.27.0-5
ProcVersionSignature: Ubuntu 4.15.0-55.60-lowlatency 4.15.18
Uname: Linux 4.15.0-55-lowlatency x86_64
NonfreeKernelModules: nvidia_modeset nvidia
ApportVersion: 2.20.9-0ubuntu7.7
Architecture: amd64
CurrentDesktop: KDE
Date: Wed Sep 4 11:52:39 2019
EcryptfsInUse: Yes
InstallationDate: Installed on 2013-02-18 (2389 days ago)
InstallationMedia: Ubuntu-Server 12.04.1 LTS "Precise Pangolin" - Release amd64
(20120817.3)
SourcePackage: m2crypto
UpgradeStatus: Upgraded to bionic on 2018-04-11 (511 days ago)
** Affects: m2crypto (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug bionic
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1842640
Title:
M2Crypto, if imported, globally monkeypatches urllib in incompatible
manner (no error handling)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/m2crypto/+bug/1842640/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
