[issue43382] github CI blocked by the Ubuntu CI with an SSL error

2021-03-03 Thread Dimitri John Ledkov
Dimitri John Ledkov added the comment: BTW. It would be advisable for Python3 to start enforcing security level 2, and prohibit DTLS v1.1 and lower by default too. By configuring openssl library on the host with setting security level, and/or setting min versions (if openssl on the host

[issue43382] github CI blocked by the Ubuntu CI with an SSL error

2021-03-03 Thread Dimitri John Ledkov
Dimitri John Ledkov added the comment: Ubuntu 20.04+ compile OpenSSL with default security level set to 2, and further customized security level 2 to prohibit TLS below v1.2 and DTLS below v1.2. You can export custom openssl configuration that sets security level back to 1, which

[issue38708] parse_message_id in email module is very buggy / crashy

2019-11-06 Thread Dimitri John Ledkov
Dimitri John Ledkov added the comment: Yes, issue38698 covers the UnboundLocalError, but doesn't cover inside get_msg_id there is also this gem: def get_msg_id(value): msg_id = MsgID() if value[0] in CFWS_LEADER: It should test value before accessing value[0] like

[issue38708] parse_message_id in email module is very buggy / crashy

2019-11-05 Thread Dimitri John Ledkov
New submission from Dimitri John Ledkov : email module has recently got parse_message_id which is more strict now, then before. However, it's not programmed as defensively as expected. Given bogus message-id, it crashes with unbound local variable, or like accessing a non-existing index

[issue34836] test_ssl.test_default_ecdh_curve needs no tls1.3 flag in 2.7, for now

2018-09-28 Thread Dimitri John Ledkov
Change by Dimitri John Ledkov : -- keywords: +patch pull_requests: +9024 stage: -> patch review ___ Python tracker <https://bugs.python.org/issue34836> ___ _

[issue34836] test_ssl.test_default_ecdh_curve needs no tls1.3 flag in 2.7, for now

2018-09-28 Thread Dimitri John Ledkov
New submission from Dimitri John Ledkov : test_default_ecdh_curve fails, as ssl.OP_NO_TLSv1_3 is not set on the context. and the test case can only work with non-tls1.3 connections. this indicates that the pull request that sprinkled ssl.OP_NO_TLSv1_3 everywhere was not backported, taking

[issue34834] test_ssl.test_options does not correctly account for built-in ctx defaults with openssl 1.1.1

2018-09-28 Thread Dimitri John Ledkov
Change by Dimitri John Ledkov : -- keywords: +patch pull_requests: +9022 stage: -> patch review ___ Python tracker <https://bugs.python.org/issue34834> ___ _

[issue34834] test_ssl.test_options does not correctly account for built-in ctx defaults with openssl 1.1.1

2018-09-28 Thread Dimitri John Ledkov
New submission from Dimitri John Ledkov : self.assertEqual(default, ctx.options) in test_options fails with openssl 1.1.1 as it does not correctly account for OP_ENABLE_MIDDLEBOX_COMPAT. It is not defined by the python2.7 ssl module either. either ssl.OP_ENABLE_MIDDLEBOX_COMPAT needs

[issue34818] test.test_ssl.ThreadedTests.test_tls1_3 fails in 2.7 with AttributeError: __exit__

2018-09-27 Thread Dimitri John Ledkov
Dimitri John Ledkov added the comment: Similar client sockets are used in that file, but they are wrapped in extra `with closing(...) as s:` Is closing() wrapper missing in this test case? -- ___ Python tracker <https://bugs.python.

[issue34818] test.test_ssl.ThreadedTests.test_tls1_3 fails in 2.7 with AttributeError: __exit__

2018-09-27 Thread Dimitri John Ledkov
New submission from Dimitri John Ledkov : test.test_ssl.ThreadedTests.test_tls1_3 fails in 2.7 with AttributeError: __exit__ When building python 2.7, update to 20180926 from the 2.7 branch, on Ubuntu 18.10 (cosmic) with OpenSSL 1.1.1 the test_ssl errors out like so

[issue34670] Add set_post_handshake_auth for TLS 1.3

2018-09-26 Thread Dimitri John Ledkov
Dimitri John Ledkov added the comment: Will this be backported to the 2.7 branch as well? Pretty please =) -- nosy: +xnox ___ Python tracker <https://bugs.python.org/issue34

[issue25751] ctypes.util , Shell Injection in find_library()

2015-11-30 Thread Dimitri John Ledkov
Dimitri John Ledkov added the comment: Whilst fixed in 3.5, it is not fixed in 2.7. And the reporter believes this is a security vulnerability. Can this be cherry-picked into the 2.7 branch? -- nosy: +xnox ___ Python tracker <rep...@bugs.python.

[issue1322] Deprecate platform.dist() and platform.linux_distribution() functions

2015-05-26 Thread Dimitri John Ledkov
Dimitri John Ledkov added the comment: Why not change them to parse os-release files as defined by http://www.freedesktop.org/software/systemd/man/os-release.html A lot of things use these functions to check what one is running on, despite the problems, and do different things at install

[issue1322] Deprecate platform.dist() and platform.linux_distribution() functions

2015-05-26 Thread Dimitri John Ledkov
Dimitri John Ledkov added the comment: Note that things have changed in this space, since the issue was opened in 2007. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue1322

[issue23168] test_file2k.py depends on sys.stdin being unseekable

2015-01-05 Thread Dimitri John Ledkov
Dimitri John Ledkov added the comment: Removing a test when it doesn't pass is not the correct way to fix a test... Whilst I agree, this is not what was done in http://bugs.python.org/issue14853 . There it was concluded that the test itself is bogus and tests essentially nothing

[issue23170] test_uuid test_ifconfig_getnode fails with Temporary failure in name resolution

2015-01-05 Thread Dimitri John Ledkov
New submission from Dimitri John Ledkov: Building 3.4.2, running testsuite on linux, test_uuid test_ifconfig_getnode fails as following: [365/388] test_uuid Warning -- sys.path was modified by test_site test test_uuid failed -- Traceback (most recent call last): File /builddir/build/BUILD

[issue23170] test_uuid test_ifconfig_getnode fails with Temporary failure in name resolution

2015-01-05 Thread Dimitri John Ledkov
Dimitri John Ledkov added the comment: The source code matches 3.4.2 tarball exactly. There is no arp_getnode test that I can see. 316@unittest.skipUnless(os.name == 'posix', 'requires Posix') 317def test_ifconfig_getnode(self): 318node = uuid._ifconfig_getnode() 319

[issue23170] test_uuid test_ifconfig_getnode fails with Temporary failure in name resolution

2015-01-05 Thread Dimitri John Ledkov
Dimitri John Ledkov added the comment: I guess this is related to http://bugs.python.org/issue17293 however I get a test-suite fail / exception there with 3.4.2 on Linux. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue23170

[issue17293] uuid.getnode() MAC address on AIX

2015-01-05 Thread Dimitri John Ledkov
Dimitri John Ledkov added the comment: I'm getting socket.gaierror from test_ifconfig_getnode / uuid._ifconfig_getnode() on python 3.4.2 on Linux, in a no network environment. Thus i'd like to see these try:/excepts: to be ported back to 3.4 branch, if they haven't been already. I filed http