{{ message }}
[3.9] gh-108310: Fix CVE-2023-40217: Check for & avoid the ssl pre-close flaw#108320
Merged
ambv merged 1 commit intoAug 22, 2023
Merged
[3.9] gh-108310: Fix CVE-2023-40217: Check for & avoid the ssl pre-close flaw#108320ambv merged 1 commit into
ambv merged 1 commit into
Conversation
Contributor
Sorry, something went wrong.
…ose flaw Instances of `ssl.SSLSocket` were vulnerable to a bypass of the TLS handshake and included protections (like certificate verification) and treating sent unencrypted data as if it were post-handshake TLS encrypted data. The vulnerability is caused when a socket is connected, data is sent by the malicious peer and stored in a buffer, and then the malicious peer closes the socket within a small timing window before the other peers’ TLS handshake can begin. After this sequence of events the closed socket will not immediately attempt a TLS handshake due to not being connected but will also allow the buffered data to be read as if a successful TLS handshake had occurred. Co-Authored-By: Gregory P. Smith [Google LLC] <greg@krypto.org>
2 tasks
⚠️⚠️⚠️ Buildbot failure ⚠️⚠️⚠️Hi! The buildbot AMD64 RHEL7 LTO + PGO 3.9 has failed when building commit 264b1da. What do you need to do:
You can take a look at the buildbot page here: https://buildbot.python.org/all/#builders/240/builds/601 Failed tests:
Failed subtests:
Summary of the results of the build (if available): == Tests result: FAILURE then FAILURE == 411 tests OK. 10 slowest tests:
1 test failed: 13 tests skipped: 1 re-run test: Total duration: 2 min 28 sec Click to see traceback logsTraceback (most recent call last):
File "/home/buildbot/buildarea/3.9.cstratak-RHEL7-x86_64.lto-pgo/build/Lib/multiprocessing/resource_tracker.py", line 201, in main
cache[rtype].remove(name)
KeyError: '/psm_8cbe36b6'
Traceback (most recent call last):
File "/home/buildbot/buildarea/3.9.cstratak-RHEL7-x86_64.lto-pgo/build/Lib/multiprocessing/resource_tracker.py", line 201, in main
cache[rtype].remove(name)
KeyError: '/psm_973e3686'
Traceback (most recent call last):
File "/home/buildbot/buildarea/3.9.cstratak-RHEL7-x86_64.lto-pgo/build/Lib/multiprocessing/resource_tracker.py", line 201, in main
cache[rtype].remove(name)
KeyError: '/psm_377fe0cd'
Traceback (most recent call last):
File "/home/buildbot/buildarea/3.9.cstratak-RHEL7-x86_64.lto-pgo/build/Lib/test/test_ssl.py", line 4988, in test_preauth_data_to_tls_client
client.connect(server.listener.getsockname())
ConnectionResetError: [Errno 104] Connection reset by peer
|
Sorry, something went wrong.
⚠️⚠️⚠️ Buildbot failure ⚠️⚠️⚠️Hi! The buildbot ARM64 macOS 3.9 has failed when building commit 264b1da. What do you need to do:
You can take a look at the buildbot page here: https://buildbot.python.org/all/#builders/726/builds/400 Failed tests:
Failed subtests:
Summary of the results of the build (if available): == Tests result: FAILURE then FAILURE == 405 tests OK. 10 slowest tests:
1 test failed: 16 tests skipped: 1 re-run test: Total duration: 8 min 53 sec Click to see traceback logsTraceback (most recent call last):
File "/Users/buildbot/buildarea/3.9.pablogsal-macos-m1.macos-with-brew/build/Lib/multiprocessing/resource_tracker.py", line 201, in main
cache[rtype].remove(name)
KeyError: '/psm_452cdc06'
Traceback (most recent call last):
File "/Users/buildbot/buildarea/3.9.pablogsal-macos-m1.macos-with-brew/build/Lib/test/test_asyncio/test_events.py", line 617, in test_create_ssl_connection
self._test_create_ssl_connection(httpd, create_connection,
File "/Users/buildbot/buildarea/3.9.pablogsal-macos-m1.macos-with-brew/build/Lib/test/test_asyncio/test_events.py", line 605, in _test_create_ssl_connection
self._basetest_create_ssl_connection(conn_fut, check_sockname,
File "/Users/buildbot/buildarea/3.9.pablogsal-macos-m1.macos-with-brew/build/Lib/test/test_asyncio/test_events.py", line 564, in _basetest_create_ssl_connection
tr, pr = self.loop.run_until_complete(connection_fut)
File "/Users/buildbot/buildarea/3.9.pablogsal-macos-m1.macos-with-brew/build/Lib/asyncio/base_events.py", line 647, in run_until_complete
return future.result()
File "/Users/buildbot/buildarea/3.9.pablogsal-macos-m1.macos-with-brew/build/Lib/asyncio/base_events.py", line 1090, in create_connection
transport, protocol = await self._create_connection_transport(
File "/Users/buildbot/buildarea/3.9.pablogsal-macos-m1.macos-with-brew/build/Lib/asyncio/base_events.py", line 1120, in _create_connection_transport
await waiter
ConnectionResetError
Traceback (most recent call last):
File "/Users/buildbot/buildarea/3.9.pablogsal-macos-m1.macos-with-brew/build/Lib/multiprocessing/resource_tracker.py", line 201, in main
cache[rtype].remove(name)
KeyError: '/psm_ac85ba1a'
Traceback (most recent call last):
File "/Users/buildbot/buildarea/3.9.pablogsal-macos-m1.macos-with-brew/build/Lib/test/test_asyncio/test_events.py", line 633, in test_create_ssl_unix_connection
self._test_create_ssl_connection(httpd, create_connection,
File "/Users/buildbot/buildarea/3.9.pablogsal-macos-m1.macos-with-brew/build/Lib/test/test_asyncio/test_events.py", line 605, in _test_create_ssl_connection
self._basetest_create_ssl_connection(conn_fut, check_sockname,
File "/Users/buildbot/buildarea/3.9.pablogsal-macos-m1.macos-with-brew/build/Lib/test/test_asyncio/test_events.py", line 564, in _basetest_create_ssl_connection
tr, pr = self.loop.run_until_complete(connection_fut)
File "/Users/buildbot/buildarea/3.9.pablogsal-macos-m1.macos-with-brew/build/Lib/asyncio/base_events.py", line 647, in run_until_complete
return future.result()
File "/Users/buildbot/buildarea/3.9.pablogsal-macos-m1.macos-with-brew/build/Lib/asyncio/unix_events.py", line 258, in create_unix_connection
transport, protocol = await self._create_connection_transport(
File "/Users/buildbot/buildarea/3.9.pablogsal-macos-m1.macos-with-brew/build/Lib/asyncio/base_events.py", line 1120, in _create_connection_transport
await waiter
ConnectionResetError
|
Sorry, something went wrong.
⚠️⚠️⚠️ Buildbot failure ⚠️⚠️⚠️Hi! The buildbot AMD64 RHEL7 LTO 3.9 has failed when building commit 264b1da. What do you need to do:
You can take a look at the buildbot page here: https://buildbot.python.org/all/#builders/412/builds/601 Failed tests:
Failed subtests:
Summary of the results of the build (if available): == Tests result: FAILURE then FAILURE == 412 tests OK. 10 slowest tests:
1 test failed: 12 tests skipped: 1 re-run test: Total duration: 2 min 52 sec Click to see traceback logsTraceback (most recent call last):
File "/home/buildbot/buildarea/3.9.cstratak-RHEL7-x86_64.lto/build/Lib/test/test_ssl.py", line 4988, in test_preauth_data_to_tls_client
client.connect(server.listener.getsockname())
ConnectionResetError: [Errno 104] Connection reset by peer
Traceback (most recent call last):
File "/home/buildbot/buildarea/3.9.cstratak-RHEL7-x86_64.lto/build/Lib/multiprocessing/resource_tracker.py", line 201, in main
cache[rtype].remove(name)
KeyError: '/psm_ed5fa457'
Traceback (most recent call last):
File "/home/buildbot/buildarea/3.9.cstratak-RHEL7-x86_64.lto/build/Lib/multiprocessing/resource_tracker.py", line 201, in main
cache[rtype].remove(name)
KeyError: '/psm_bb406249'
Traceback (most recent call last):
File "/home/buildbot/buildarea/3.9.cstratak-RHEL7-x86_64.lto/build/Lib/multiprocessing/resource_tracker.py", line 201, in main
cache[rtype].remove(name)
KeyError: '/psm_bff6d2ad'
|
Sorry, something went wrong.
⚠️⚠️⚠️ Buildbot failure ⚠️⚠️⚠️Hi! The buildbot AMD64 RHEL8 FIPS Only Blake2 Builtin Hash 3.9 has failed when building commit 264b1da. What do you need to do:
You can take a look at the buildbot page here: https://buildbot.python.org/all/#builders/382/builds/638 Failed tests:
Failed subtests:
Summary of the results of the build (if available): == Tests result: FAILURE then FAILURE == 412 tests OK. 10 slowest tests:
1 test failed: 12 tests skipped: 1 re-run test: Total duration: 12 min 27 sec Click to see traceback logsTraceback (most recent call last):
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-fips-x86_64.no-builtin-hashes-except-blake2/build/Lib/test/test_socket.py", line 6268, in test_hmac_sha1
algo.setsockopt(socket.SOL_ALG, socket.ALG_SET_KEY, b"Jefe")
OSError: [Errno 22] Invalid argument
|
Sorry, something went wrong.
⚠️⚠️⚠️ Buildbot failure ⚠️⚠️⚠️Hi! The buildbot PPC64LE RHEL8 3.9 has failed when building commit 264b1da. What do you need to do:
You can take a look at the buildbot page here: https://buildbot.python.org/all/#builders/250/builds/537 Failed tests:
Summary of the results of the build (if available): == Click to see traceback logsremote: Enumerating objects: 3481, done.
remote: Counting objects: 0% (1/2076)
remote: Counting objects: 1% (21/2076)
remote: Counting objects: 2% (42/2076)
remote: Counting objects: 3% (63/2076)
remote: Counting objects: 4% (84/2076)
remote: Counting objects: 5% (104/2076)
remote: Counting objects: 6% (125/2076)
remote: Counting objects: 7% (146/2076)
remote: Counting objects: 8% (167/2076)
remote: Counting objects: 9% (187/2076)
remote: Counting objects: 10% (208/2076)
remote: Counting objects: 11% (229/2076)
remote: Counting objects: 12% (250/2076)
remote: Counting objects: 13% (270/2076)
remote: Counting objects: 14% (291/2076)
remote: Counting objects: 15% (312/2076)
remote: Counting objects: 16% (333/2076)
remote: Counting objects: 17% (353/2076)
remote: Counting objects: 18% (374/2076)
remote: Counting objects: 19% (395/2076)
remote: Counting objects: 20% (416/2076)
remote: Counting objects: 21% (436/2076)
remote: Counting objects: 22% (457/2076)
remote: Counting objects: 23% (478/2076)
remote: Counting objects: 24% (499/2076)
remote: Counting objects: 25% (519/2076)
remote: Counting objects: 26% (540/2076)
remote: Counting objects: 27% (561/2076)
remote: Counting objects: 28% (582/2076)
remote: Counting objects: 29% (603/2076)
remote: Counting objects: 30% (623/2076)
remote: Counting objects: 31% (644/2076)
remote: Counting objects: 32% (665/2076)
remote: Counting objects: 33% (686/2076)
remote: Counting objects: 34% (706/2076)
remote: Counting objects: 35% (727/2076)
remote: Counting objects: 36% (748/2076)
remote: Counting objects: 37% (769/2076)
remote: Counting objects: 38% (789/2076)
remote: Counting objects: 39% (810/2076)
remote: Counting objects: 40% (831/2076)
remote: Counting objects: 41% (852/2076)
remote: Counting objects: 42% (872/2076)
remote: Counting objects: 43% (893/2076)
remote: Counting objects: 44% (914/2076)
remote: Counting objects: 45% (935/2076)
remote: Counting objects: 46% (955/2076)
remote: Counting objects: 47% (976/2076)
remote: Counting objects: 48% (997/2076)
remote: Counting objects: 49% (1018/2076)
remote: Counting objects: 50% (1038/2076)
remote: Counting objects: 51% (1059/2076)
remote: Counting objects: 52% (1080/2076)
remote: Counting objects: 53% (1101/2076)
remote: Counting objects: 54% (1122/2076)
remote: Counting objects: 55% (1142/2076)
remote: Counting objects: 56% (1163/2076)
remote: Counting objects: 57% (1184/2076)
remote: Counting objects: 58% (1205/2076)
remote: Counting objects: 59% (1225/2076)
remote: Counting objects: 60% (1246/2076)
remote: Counting objects: 61% (1267/2076)
remote: Counting objects: 62% (1288/2076)
remote: Counting objects: 63% (1308/2076)
remote: Counting objects: 64% (1329/2076)
remote: Counting objects: 65% (1350/2076)
remote: Counting objects: 66% (1371/2076)
remote: Counting objects: 67% (1391/2076)
remote: Counting objects: 68% (1412/2076)
remote: Counting objects: 69% (1433/2076)
remote: Counting objects: 70% (1454/2076)
remote: Counting objects: 71% (1474/2076)
remote: Counting objects: 72% (1495/2076)
remote: Counting objects: 73% (1516/2076)
remote: Counting objects: 74% (1537/2076)
remote: Counting objects: 75% (1557/2076)
remote: Counting objects: 76% (1578/2076)
remote: Counting objects: 77% (1599/2076)
remote: Counting objects: 78% (1620/2076)
remote: Counting objects: 79% (1641/2076)
remote: Counting objects: 80% (1661/2076)
remote: Counting objects: 81% (1682/2076)
remote: Counting objects: 82% (1703/2076)
remote: Counting objects: 83% (1724/2076)
remote: Counting objects: 84% (1744/2076)
remote: Counting objects: 85% (1765/2076)
remote: Counting objects: 86% (1786/2076)
remote: Counting objects: 87% (1807/2076)
remote: Counting objects: 88% (1827/2076)
remote: Counting objects: 89% (1848/2076)
remote: Counting objects: 90% (1869/2076)
remote: Counting objects: 91% (1890/2076)
remote: Counting objects: 92% (1910/2076)
remote: Counting objects: 93% (1931/2076)
remote: Counting objects: 94% (1952/2076)
remote: Counting objects: 95% (1973/2076)
remote: Counting objects: 96% (1993/2076)
remote: Counting objects: 97% (2014/2076)
remote: Counting objects: 98% (2035/2076)
remote: Counting objects: 99% (2056/2076)
remote: Counting objects: 100% (2076/2076)
remote: Counting objects: 100% (2076/2076), done.
remote: Compressing objects: 33% (1/3)
remote: Compressing objects: 66% (2/3)
remote: Compressing objects: 100% (3/3)
remote: Compressing objects: 100% (3/3), done.
Receiving objects: 0% (1/3481)
Receiving objects: 1% (35/3481)
Receiving objects: 2% (70/3481)
Receiving objects: 3% (105/3481)
Receiving objects: 4% (140/3481)
Receiving objects: 5% (175/3481)
Receiving objects: 6% (209/3481)
Receiving objects: 7% (244/3481)
Receiving objects: 8% (279/3481)
Receiving objects: 9% (314/3481)
Receiving objects: 10% (349/3481)
Receiving objects: 11% (383/3481)
Receiving objects: 12% (418/3481)
Receiving objects: 13% (453/3481)
Receiving objects: 14% (488/3481)
Receiving objects: 15% (523/3481)
Receiving objects: 16% (557/3481)
Receiving objects: 17% (592/3481)
Receiving objects: 18% (627/3481)
Receiving objects: 19% (662/3481)
Receiving objects: 20% (697/3481)
Receiving objects: 21% (732/3481)
Receiving objects: 22% (766/3481)
Receiving objects: 23% (801/3481)
Receiving objects: 24% (836/3481)
Receiving objects: 25% (871/3481)
Receiving objects: 26% (906/3481)
Receiving objects: 27% (940/3481)
Receiving objects: 28% (975/3481)
Receiving objects: 29% (1010/3481)
Receiving objects: 30% (1045/3481)
Receiving objects: 31% (1080/3481)
Receiving objects: 32% (1114/3481)
Receiving objects: 33% (1149/3481)
Receiving objects: 34% (1184/3481)
Receiving objects: 35% (1219/3481)
Receiving objects: 36% (1254/3481)
Receiving objects: 37% (1288/3481)
Receiving objects: 38% (1323/3481)
Receiving objects: 39% (1358/3481)
Receiving objects: 40% (1393/3481)
Receiving objects: 41% (1428/3481)
Receiving objects: 42% (1463/3481)
Receiving objects: 43% (1497/3481)
Receiving objects: 44% (1532/3481)
Receiving objects: 45% (1567/3481)
Receiving objects: 46% (1602/3481)
Receiving objects: 47% (1637/3481)
Receiving objects: 48% (1671/3481)
Receiving objects: 49% (1706/3481)
Receiving objects: 50% (1741/3481)
Receiving objects: 51% (1776/3481)
Receiving objects: 52% (1811/3481)
Receiving objects: 53% (1845/3481)
Receiving objects: 54% (1880/3481)
Receiving objects: 55% (1915/3481)
Receiving objects: 56% (1950/3481)
Receiving objects: 57% (1985/3481)
Receiving objects: 58% (2019/3481)
Receiving objects: 59% (2054/3481)
Receiving objects: 60% (2089/3481)
Receiving objects: 61% (2124/3481)
Receiving objects: 62% (2159/3481)
Receiving objects: 63% (2194/3481)
Receiving objects: 64% (2228/3481)
Receiving objects: 65% (2263/3481)
Receiving objects: 66% (2298/3481)
Receiving objects: 67% (2333/3481)
Receiving objects: 68% (2368/3481)
Receiving objects: 69% (2402/3481)
Receiving objects: 70% (2437/3481)
Receiving objects: 71% (2472/3481)
Receiving objects: 72% (2507/3481)
Receiving objects: 73% (2542/3481)
Receiving objects: 74% (2576/3481)
Receiving objects: 75% (2611/3481)
Receiving objects: 76% (2646/3481)
Receiving objects: 77% (2681/3481)
Receiving objects: 78% (2716/3481)
Receiving objects: 79% (2750/3481)
Receiving objects: 80% (2785/3481)
Receiving objects: 81% (2820/3481)
Receiving objects: 82% (2855/3481)
Receiving objects: 83% (2890/3481)
Receiving objects: 84% (2925/3481)
Receiving objects: 85% (2959/3481)
Receiving objects: 86% (2994/3481)
Receiving objects: 87% (3029/3481)
Receiving objects: 88% (3064/3481)
Receiving objects: 89% (3099/3481)
Receiving objects: 90% (3133/3481)
Receiving objects: 91% (3168/3481)
Receiving objects: 92% (3203/3481)
Receiving objects: 93% (3238/3481)
Receiving objects: 94% (3273/3481)
remote: Total 3481 (delta 2073), reused 2073 (delta 2073), pack-reused 1405
Receiving objects: 95% (3307/3481)
Receiving objects: 96% (3342/3481)
Receiving objects: 97% (3377/3481)
Receiving objects: 98% (3412/3481)
Receiving objects: 99% (3447/3481)
Receiving objects: 100% (3481/3481)
Receiving objects: 100% (3481/3481), 5.93 MiB | 13.97 MiB/s, done.
Resolving deltas: 0% (0/2709)
Resolving deltas: 1% (28/2709)
Resolving deltas: 2% (55/2709)
Resolving deltas: 3% (82/2709)
Resolving deltas: 4% (109/2709)
Resolving deltas: 5% (136/2709)
Resolving deltas: 6% (164/2709)
Resolving deltas: 7% (190/2709)
Resolving deltas: 8% (217/2709)
Resolving deltas: 9% (244/2709)
Resolving deltas: 10% (271/2709)
Resolving deltas: 11% (298/2709)
Resolving deltas: 12% (326/2709)
Resolving deltas: 13% (354/2709)
Resolving deltas: 14% (381/2709)
Resolving deltas: 15% (407/2709)
Resolving deltas: 16% (434/2709)
Resolving deltas: 17% (461/2709)
Resolving deltas: 18% (488/2709)
Resolving deltas: 19% (516/2709)
Resolving deltas: 20% (542/2709)
Resolving deltas: 21% (569/2709)
Resolving deltas: 22% (596/2709)
Resolving deltas: 23% (624/2709)
Resolving deltas: 24% (651/2709)
Resolving deltas: 25% (678/2709)
Resolving deltas: 26% (705/2709)
Resolving deltas: 27% (732/2709)
Resolving deltas: 28% (759/2709)
Resolving deltas: 29% (786/2709)
Resolving deltas: 30% (813/2709)
Resolving deltas: 31% (840/2709)
Resolving deltas: 32% (867/2709)
Resolving deltas: 33% (894/2709)
Resolving deltas: 34% (922/2709)
Resolving deltas: 35% (949/2709)
Resolving deltas: 36% (976/2709)
Resolving deltas: 37% (1003/2709)
Resolving deltas: 38% (1030/2709)
Resolving deltas: 39% (1057/2709)
Resolving deltas: 40% (1084/2709)
Resolving deltas: 41% (1111/2709)
Resolving deltas: 42% (1138/2709)
Resolving deltas: 43% (1165/2709)
Resolving deltas: 44% (1192/2709)
Resolving deltas: 45% (1220/2709)
Resolving deltas: 46% (1247/2709)
Resolving deltas: 47% (1274/2709)
Resolving deltas: 48% (1301/2709)
Resolving deltas: 49% (1328/2709)
Resolving deltas: 50% (1355/2709)
Resolving deltas: 51% (1382/2709)
Resolving deltas: 52% (1409/2709)
Resolving deltas: 53% (1436/2709)
Resolving deltas: 54% (1463/2709)
Resolving deltas: 55% (1490/2709)
Resolving deltas: 56% (1518/2709)
Resolving deltas: 57% (1545/2709)
Resolving deltas: 58% (1572/2709)
Resolving deltas: 59% (1599/2709)
Resolving deltas: 60% (1626/2709)
Resolving deltas: 61% (1653/2709)
Resolving deltas: 62% (1680/2709)
Resolving deltas: 63% (1707/2709)
Resolving deltas: 64% (1734/2709)
Resolving deltas: 65% (1761/2709)
Resolving deltas: 66% (1788/2709)
Resolving deltas: 67% (1816/2709)
Resolving deltas: 68% (1843/2709)
Resolving deltas: 69% (1870/2709)
Resolving deltas: 69% (1880/2709)
Resolving deltas: 70% (1897/2709)
Resolving deltas: 71% (1924/2709)
Resolving deltas: 72% (1951/2709)
Resolving deltas: 72% (1958/2709)
Resolving deltas: 73% (1978/2709)
Resolving deltas: 74% (2005/2709)
Resolving deltas: 75% (2032/2709)
Resolving deltas: 75% (2036/2709)
Resolving deltas: 76% (2059/2709)
Resolving deltas: 77% (2086/2709)
Resolving deltas: 78% (2114/2709)
Resolving deltas: 79% (2141/2709)
Resolving deltas: 80% (2168/2709)
Resolving deltas: 81% (2195/2709)
Resolving deltas: 82% (2222/2709)
Resolving deltas: 83% (2249/2709)
Resolving deltas: 84% (2276/2709)
Resolving deltas: 85% (2303/2709)
Resolving deltas: 85% (2325/2709)
Resolving deltas: 86% (2330/2709)
Resolving deltas: 87% (2357/2709)
Resolving deltas: 88% (2384/2709)
Resolving deltas: 89% (2412/2709)
Resolving deltas: 90% (2439/2709)
Resolving deltas: 91% (2466/2709)
Resolving deltas: 91% (2475/2709)
Resolving deltas: 92% (2493/2709)
Resolving deltas: 93% (2520/2709)
Resolving deltas: 94% (2547/2709)
Resolving deltas: 95% (2574/2709)
Resolving deltas: 96% (2601/2709)
Resolving deltas: 97% (2628/2709)
Resolving deltas: 98% (2655/2709)
Resolving deltas: 99% (2682/2709)
Resolving deltas: 100% (2709/2709)
Resolving deltas: 100% (2709/2709), completed with 712 local objects.
From https://github.com/python/cpython
* branch 3.9 -> FETCH_HEAD
* [new tag] 3.7 -> 3.7
* [new tag] v3.12.0b3 -> v3.12.0b3
* [new tag] v3.12.0b4 -> v3.12.0b4
* [new tag] v3.12.0rc1 -> v3.12.0rc1
Note: switching to '264b1dacc67346efa0933d1e63f622676e0ed96b'.
You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by switching back to a branch.
If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -c with the switch command. Example:
git switch -c <new-branch-name>
Or undo this operation with:
git switch -
Turn off this advice by setting config variable advice.detachedHead to false
HEAD is now at 264b1dacc6 [3.9] gh-108310: Fix CVE-2023-40217: Check for & avoid the ssl pre-close flaw (#108320)
Switched to and reset branch '3.9'
configure: WARNING: unrecognized options: --without-static-libpython
configure: WARNING: unrecognized options: --without-static-libpython
../Modules/_threadmodule.c: In function ‘local_clear’:
../Modules/_threadmodule.c:812:20: warning: unused variable ‘tstate’ [-Wunused-variable]
PyThreadState *tstate;
^~~~~~
test_msilib skipped -- No module named '_msi'
test_startfile skipped -- object <module 'os' from '/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/build_oot/../Lib/os.py'> has no attribute 'startfile'
test_kqueue skipped -- test works only on BSD
test_ioctl skipped -- Unable to open /dev/tty
test_winsound skipped -- No module named 'winsound'
test_winreg skipped -- No module named 'winreg'
test_tk skipped -- Tk unavailable due to TclError: no display name and no $DISPLAY environment variab [...]
test_winconsoleio skipped -- test only relevant on win32
test_flock (__main__.FNTLEINTRTest) ... ok
test_lockf (__main__.FNTLEINTRTest) ... ok
test_read (__main__.OSEINTRTest) ... ok
test_wait (__main__.OSEINTRTest) ... ok
test_wait3 (__main__.OSEINTRTest) ... ok
test_wait4 (__main__.OSEINTRTest) ... ok
test_waitpid (__main__.OSEINTRTest) ... ok
test_write (__main__.OSEINTRTest) ... ok
test_devpoll (__main__.SelectEINTRTest) ... skipped 'need select.devpoll'
test_epoll (__main__.SelectEINTRTest) ... ok
test_kqueue (__main__.SelectEINTRTest) ... skipped 'need select.kqueue'
test_poll (__main__.SelectEINTRTest) ... ok
test_select (__main__.SelectEINTRTest) ... ok
test_sigtimedwait (__main__.SignalEINTRTest) ... ok
test_sigwaitinfo (__main__.SignalEINTRTest) ... ok
test_accept (__main__.SocketEINTRTest) ... ok
test_open (__main__.SocketEINTRTest) ... ok
test_os_open (__main__.SocketEINTRTest) ... ok
test_recv (__main__.SocketEINTRTest) ... ok
test_recvmsg (__main__.SocketEINTRTest) ... ok
test_send (__main__.SocketEINTRTest) ... ok
test_sendall (__main__.SocketEINTRTest) ... ok
test_sendmsg (__main__.SocketEINTRTest) ... ok
test_sleep (__main__.TimeEINTRTest) ... ok
----------------------------------------------------------------------
Ran 24 tests in 10.625s
OK (skipped=2)
test_ttk_guionly skipped -- Tk unavailable due to TclError: no display name and no $DISPLAY environment variab [...]
test_zipfile64 skipped -- test requires loads of disk-space bytes and a long time to run
test_tix skipped -- Tk unavailable due to TclError: no display name and no $DISPLAY environment variab [...]
test_devpoll skipped -- test works only on Solaris OS family
<string>:2: PendingDeprecationWarning: lib2to3 package is deprecated and may not be able to parse Python 3.10+
Timeout (0:15:00)!
Thread 0x00007fffa3cf5320 (most recent call first):
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/selectors.py", line 416 in select
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/subprocess.py", line 1995 in _communicate
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/subprocess.py", line 1134 in communicate
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/test/test_gdb.py", line 112 in run_gdb
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/test/test_gdb.py", line 226 in get_stack_trace
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/test/test_gdb.py", line 909 in test_pycfunction
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/unittest/case.py", line 550 in _callTestMethod
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/unittest/case.py", line 592 in run
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/unittest/case.py", line 651 in __call__
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/unittest/suite.py", line 122 in run
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/unittest/suite.py", line 84 in __call__
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/unittest/suite.py", line 122 in run
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/unittest/suite.py", line 84 in __call__
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/unittest/suite.py", line 122 in run
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/unittest/suite.py", line 84 in __call__
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/unittest/runner.py", line 184 in run
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/test/support/__init__.py", line 1850 in _run_suite
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/test/support/__init__.py", line 1974 in run_unittest
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/test/libregrtest/runtest.py", line 263 in _test_module
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/test/libregrtest/runtest.py", line 288 in _runtest_inner2
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/test/libregrtest/runtest.py", line 326 in _runtest_inner
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/test/libregrtest/runtest.py", line 204 in _runtest
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/test/libregrtest/runtest.py", line 247 in runtest
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/test/libregrtest/runtest_mp.py", line 83 in run_tests_worker
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/test/libregrtest/main.py", line 692 in _main
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/test/libregrtest/main.py", line 672 in main
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/test/libregrtest/main.py", line 733 in main
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/test/regrtest.py", line 43 in _main
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/test/regrtest.py", line 47 in <module>
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/runpy.py", line 87 in _run_code
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/runpy.py", line 197 in _run_module_as_main
Timeout (0:15:00)!
Thread 0x00007fff9e8e5320 (most recent call first):
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/selectors.py", line 416 in select
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/subprocess.py", line 1995 in _communicate
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/subprocess.py", line 1134 in communicate
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/test/test_gdb.py", line 112 in run_gdb
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/test/test_gdb.py", line 226 in get_stack_trace
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/test/test_gdb.py", line 909 in test_pycfunction
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/unittest/case.py", line 550 in _callTestMethod
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/unittest/case.py", line 592 in run
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/unittest/case.py", line 651 in __call__
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/unittest/suite.py", line 122 in run
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/unittest/suite.py", line 84 in __call__
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/unittest/suite.py", line 122 in run
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/unittest/suite.py", line 84 in __call__
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/unittest/suite.py", line 122 in run
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/unittest/suite.py", line 84 in __call__
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/unittest/runner.py", line 184 in run
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/test/support/__init__.py", line 1850 in _run_suite
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/test/support/__init__.py", line 1974 in run_unittest
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/test/libregrtest/runtest.py", line 263 in _test_module
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/test/libregrtest/runtest.py", line 288 in _runtest_inner2
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/test/libregrtest/runtest.py", line 326 in _runtest_inner
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/test/libregrtest/runtest.py", line 217 in _runtest
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/test/libregrtest/runtest.py", line 247 in runtest
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/test/libregrtest/main.py", line 334 in rerun_failed_tests
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/test/libregrtest/main.py", line 716 in _main
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/test/libregrtest/main.py", line 672 in main
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/test/libregrtest/main.py", line 733 in main
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/test/__main__.py", line 2 in <module>
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/runpy.py", line 87 in _run_code
File "/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/Lib/runpy.py", line 197 in _run_module_as_main
make: *** [Makefile:1240: buildbottest] Error 1
Cannot open file '/home/buildbot/buildarea/3.9.cstratak-RHEL8-ppc64le/build/build_oot/test-results.xml' for upload |
Sorry, something went wrong.
carlosroman
pushed a commit
to DataDog/cpython
that referenced
this pull request
Oct 11, 2023
…pre-close flaw (python#108320) pythongh-108310: Fix CVE-2023-40217: Check for & avoid the ssl pre-close flaw Instances of `ssl.SSLSocket` were vulnerable to a bypass of the TLS handshake and included protections (like certificate verification) and treating sent unencrypted data as if it were post-handshake TLS encrypted data. The vulnerability is caused when a socket is connected, data is sent by the malicious peer and stored in a buffer, and then the malicious peer closes the socket within a small timing window before the other peers’ TLS handshake can begin. After this sequence of events the closed socket will not immediately attempt a TLS handshake due to not being connected but will also allow the buffered data to be read as if a successful TLS handshake had occurred. Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.
Instances of
ssl.SSLSocketwere vulnerable to a bypass of the TLS handshake and included protections (like certificate verification) and treating sent unencrypted data as if it were post-handshake TLS encrypted data.The vulnerability is caused when a socket is connected, data is sent by the malicious peer and stored in a buffer, and then the malicious peer closes the socket within a small timing window before the other peers’ TLS handshake can begin. After this sequence of events the closed socket will not immediately attempt a TLS handshake due to not being connected but will also allow the buffered data to be read as if a successful TLS handshake had occurred.