gh-101732: Modules/_ssl.c: use Y2038 compatible openssl function when available#118425
Uh oh!
There was an error while loading. Please reload this page.
Conversation
kanavinforce-pushed the fix-ssl-time branch 3 times, most recently from c6d5857 to 9c21373Compare
encukou commented May 2, 2024
Thanks. I see that the function was added in OpenSSL 3.3, released April 10. (It's not in Arch You'll probably know: is there a distro/container with OpenSSL 3.3, test this?) It returns I see that Arch Linux now has OpenSSL 3.3, so I should be able to test this in an Arch VM. Before I do that, please run your tests with |
kanavin commented May 2, 2024
I've done that with both original and fixed (as you requested) version. The tests are run on a 32 bit system running in qemu with time set to 2050, certificates regenerated to not be expired (discussed elsewhere :), and openssl 3.3.0. test_ssl fails without the patch and succeeds with it. |
kanavin commented May 3, 2024
Thread-sanitizer fail doesn't seem to be related? Hard for me to tell for sure. |
encukou commented May 3, 2024
Yes, doesn't seem related. Please don't force-push to CPython PRs; the brand new commits need to be reviewed all over again. In a bigger PR it would be an issue :) |
encukou left a comment
encukou left a comment There was a problem hiding this comment.
Turns out I can't easily get a 32-bit system with system clock set past 2038 :)
But on a 64-bit one, this passes, and I can't see anything wrong with the PR. So I'll merge.
kanavin commented May 3, 2024
If the system is using 32 bit time_t (which is the default in glibc), it will immediately collapse altogether. You need either a non-glibc alternative (e.g. musl), or everything needs to be rebuilt with -D_TIME_BITS=64, which as far as I know only the most recent release of Yocto does. Debian has plans, but I have no idea how far they are implemented. |
A number of items are removed because the issues have been resolved with recipe patches (in separate commits). Some issues were also resolved via upstream version updates: glib-2.0 update to 2.78.0 that includes: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3547https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3550 curl update to 8.3.0 that includes curl/curl#11610 util-linux update to 2.39 that includes util-linux/util-linux#2430util-linux/util-linux@3ab9e69util-linux/util-linux#2435 glib-networking update to 2.78.0 that includes https://gitlab.gnome.org/GNOME/glib-networking/-/merge_requests/241 python3-cryptography update to 42.0.0 which resolvespyca/cryptography#9370 via pyca/cryptography#9964 perl update to 5.40.0 which includes Perl/perl5#21379 python3 update to 3.13.0 which includes python/cpython#118425 tcl update to 9.0.0 which includes tcltk/tcl@4ca6172 (tcl8 recipe has a simple backport of this) Signed-off-by: Alexander Kanavin <alex@linutronix.de>
A number of items are removed because the issues have been resolved with recipe patches (in separate commits). Some issues were also resolved via upstream version updates: glib-2.0 update to 2.78.0 that includes: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3547https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3550 curl update to 8.3.0 that includes curl/curl#11610 util-linux update to 2.39 that includes util-linux/util-linux#2430util-linux/util-linux@3ab9e69util-linux/util-linux#2435 glib-networking update to 2.78.0 that includes https://gitlab.gnome.org/GNOME/glib-networking/-/merge_requests/241 python3-cryptography update to 42.0.0 which resolvespyca/cryptography#9370 via pyca/cryptography#9964 perl update to 5.40.0 which includes Perl/perl5#21379 python3 update to 3.13.0 which includes python/cpython#118425 python3 update to 3.13.1 which includes python/cpython#124972 tcl update to 9.0.0 which includes tcltk/tcl@4ca6172 (tcl8 recipe has a simple backport of this) dbus update to 1.16.0 which includes https://gitlab.freedesktop.org/dbus/dbus/-/merge_requests/444https://gitlab.freedesktop.org/dbus/dbus/-/merge_requests/289 Signed-off-by: Alexander Kanavin <alex@linutronix.de>
A number of items are removed because the issues have been resolved with recipe patches (in separate commits). Some issues were also resolved via upstream version updates: glib-2.0 update to 2.78.0 that includes: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3547https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3550 curl update to 8.3.0 that includes curl/curl#11610 util-linux update to 2.39 that includes util-linux/util-linux#2430util-linux/util-linux@3ab9e69util-linux/util-linux#2435 glib-networking update to 2.78.0 that includes https://gitlab.gnome.org/GNOME/glib-networking/-/merge_requests/241 python3-cryptography update to 42.0.0 which resolvespyca/cryptography#9370 via pyca/cryptography#9964 perl update to 5.40.0 which includes Perl/perl5#21379 python3 update to 3.13.0 which includes python/cpython#118425 python3 update to 3.13.1 which includes python/cpython#124972 tcl update to 9.0.0 which includes tcltk/tcl@4ca6172 (tcl8 recipe has a simple backport of this) dbus update to 1.16.0 which includes https://gitlab.freedesktop.org/dbus/dbus/-/merge_requests/444https://gitlab.freedesktop.org/dbus/dbus/-/merge_requests/289 Signed-off-by: Alexander Kanavin <alex@linutronix.de>
A number of items are removed because the issues have been resolved with recipe patches (in separate commits). Some issues were resolved via upstream version updates that bring in needed fixes: glib-2.0 update to 2.78.0 that includes: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3547https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3550 curl update to 8.3.0 that includes curl/curl#11610 util-linux update to 2.39 that includes util-linux/util-linux#2430util-linux/util-linux@3ab9e69util-linux/util-linux#2435 glib-networking update to 2.78.0 that includes https://gitlab.gnome.org/GNOME/glib-networking/-/merge_requests/241 python3-cryptography update to 42.0.0 which resolvespyca/cryptography#9370 via pyca/cryptography#9964 perl update to 5.40.0 which includes Perl/perl5#21379 python3 update to 3.13.0 which includes python/cpython#118425 python3 update to 3.13.1 which includes python/cpython#124972 tcl update to 9.0.0 which includes tcltk/tcl@4ca6172 (tcl8 recipe has a simple backport of this) dbus update to 1.16.0 which includes https://gitlab.freedesktop.org/dbus/dbus/-/merge_requests/444https://gitlab.freedesktop.org/dbus/dbus/-/merge_requests/289 openssh update to 10.0p1 which includes openssh/openssh-portable#425https://bugzilla.mindrot.org/show_bug.cgi?id=3684https://marc.info/?l=openbsd-bugs&m=172561736524815&w=2https://lists.mindrot.org/pipermail/openssh-unix-dev/2024-October/041621.html (all reporting the same issue) gcc update to 15.1 which includes llvm/llvm-project#99699 via gcc-mirror/gcc@fa32100 and allows dropping special flags and exceptions for gcc-sanitizers. Signed-off-by: Alexander Kanavin <alex@linutronix.de>
2 participants
Uh oh!
There was an error while loading. Please reload this page.