Bug 23111

Summary:	Kodi on Mageia 6 i586 fails to access HTTPS URLs (fixed in python-cryptography-1.7 and later)
Product:	Mageia	Reporter:	Buchan Milne <bgmilne>
Component:	RPM Packages	Assignee:	All Packagers <pkg-bugs>
Status:	RESOLVED FIXED	QA Contact:
Severity:	normal
Priority:	Normal	CC:	bruno, davidwhodgins, geiger.david68210, makowski.mageia, marja11, qa-bugs, smelror
Version:	6	Keywords:	feedback
Target Milestone:	---
Hardware:	All
OS:	Linux
URL:	https://forum.kodi.tv/showthread.php?tid=306162
Whiteboard:
Source RPM:	python-cryptography-1.5.3-1.mga6.src.rpm	CVE:
Status comment:
Bug Depends on:	23339
Bug Blocks:

Description Buchan Milne 2018-06-03 21:31:14 CEST

Description of problem:
Since upgrading to Mageia 6 on my media player (an ION-based chipset that includes an Intel Atom 330 which is 32-bit-only), I have had a number of problems relating to accessing HTTPS URLs. For example, the provided media info plugins are unable to scan media as they fail connecting to any meta-data sources. However, the easiest to reproduce is probably using the Youtube add-on (which sometimes has its own issues).

I was getting similar errors as those reported in this thread:
https://forum.kodi.tv/showthread.php?tid=306162

It seems like this issue is fixed in python-cryptography-1.7 and later, by this pull request:
https://github.com/pyca/cryptography/pull/3229#issuecomment-259865239

I have created an update to 1.7.2 for mga6 (from mga6 svn's 1.5.3), and rebuilt it on my media player (and the required python-cryptography-vectors-1.7.2), and after upgrading to it, all the symptoms I had in Kodi since upgrading from Mageia 5 to Mageia 6 are resolved.

These are the locally-built packages I have now with a working Kodi:
[bgmilne@xbmc ~]$ rpm -qa --qf '%{NAME}-%{VERSION}-%{RELEASE}.%{ARCH} %{BUILDHOST}\n'  |grep xbmc
python-cryptography-vectors-1.7.2-1.mga6.noarch xbmc.ranger.dnsalias.com
python-cryptography-1.7.2-1.mga6.i586 xbmc.ranger.dnsalias.com
python3-cryptography-vectors-1.7.2-1.mga6.noarch xbmc.ranger.dnsalias.com
[bgmilne@xbmc ~]$

I can do some of the work for this update, depending on how much the maintainer would prefer to do.

Also, I haven't tested any other packages that use this package, but it seems to have been stable at this version upstream, and it is possible other packages that use it also have problems due to this issue. Newer versions (such as the 2.2.2 currently in cauldron) had too many new dependencies not available in mga6, so I didn't try that approach.

Version-Release number of selected component (if applicable):
1.5.3-1

How reproducible:
Always on i586 (x86_64 doesn't seem to exhibit it as much)


Steps to Reproduce:
1. Install Kodi
2. Install the Youtube addon
3. Try and search and play a video using the add-on, and notice that it can search but not play a video (and doesn't provide a usual error for other common failures of this add-on).
4. Inspect the log file (~/.kodi/temp/kodi.log) and find errors such as: "CCurlFile::Stat - Failed: SSL connect error(35)" (I don't have the full error, as kodi only keeps the last two log files).

Marja Van Waes 2018-06-04 20:04:04 CEST

CC: (none) => makowski.mageia, marja11
Assignee: bugsquad => python
Summary: Kodi on Mageia 6 i586 fails to access HTTPS URLs => Kodi on Mageia 6 i586 fails to access HTTPS URLs (fixed in python-cryptography-1.7 and later)

Stig-Ørjan Smelror 2018-06-19 12:07:06 CEST

CC: (none) => smelror
Assignee: python => smelror

Comment 1 Stig-Ørjan Smelror 2018-06-19 18:08:35 CEST

Advisory
========

python-cryptography and python-cryptography-vectors has been updated to the latest version to support HTTPS URLs in Kodi.

References
==========

https://bugs.mageia.org/show_bug.cgi?id=23111


Files
=====

Uploaded to core/updates_testing

python-cryptography-2.2.2-1.mga6
python3-cryptography-2.2.2-1.mga6

python-cryptography-vectors-2.2.2-1.mga6
python3-cryptography-vectors-2.2.2-1.mga6

Stig-Ørjan Smelror 2018-06-19 18:08:45 CEST

Assignee: smelror => qa-bugs

Comment 2 Stig-Ørjan Smelror 2018-06-19 18:15:00 CEST

Advisory
========

python-cffi, python-cryptography and python-cryptography-vectors has been updated to the latest version to support HTTPS URLs in Kodi.

References
==========

https://bugs.mageia.org/show_bug.cgi?id=23111


Files
=====

Uploaded to core/updates_testing

python-cryptography-2.2.2-1.mga6
python3-cryptography-2.2.2-1.mga6

from python-cryptography-2.2.2-1.mga6.src.rpm

python-cryptography-vectors-2.2.2-1.mga6
python3-cryptography-vectors-2.2.2-1.mga6

from python-cryptography-vectors-2.2.2-1.mga6.src.rpm

python-cffi-1.7.0-1.mga6
python3-cffi-1.7.0-1.mga6
python-cffi-doc-1.7.0-1.mga6

from python-cffi-1.7.0-1.mga6.src.rpm

Comment 3 Dave Hodgins 2018-06-20 04:04:45 CEST

unselecting python-cryptography-2.2.2-1.mga6.x86_64
adding a reason to already rejected package python-cryptography-2.2.2-1.mga6.x86_64: unsatisfied pythonegg(2)(asn1crypto)[>= 0.21.0]

Looks like python2-asn1crypto-0.22.0-1.mga7.noarch.rpm will need to be backported
to Mageia 6 too, for this update.

Keywords: (none) => feedback
CC: (none) => davidwhodgins

Comment 4 Stig-Ørjan Smelror 2018-06-20 08:44:24 CEST

Advisory
========

python-cffi, python-cryptography and python-cryptography-vectors has been updated to the latest version and python2-asn1crypto has been backported to support HTTPS URLs in Kodi.

References
==========

https://bugs.mageia.org/show_bug.cgi?id=23111


Files
=====

Uploaded to core/updates_testing

python-cryptography-2.2.2-1.mga6
python3-cryptography-2.2.2-1.mga6

from python-cryptography-2.2.2-1.mga6.src.rpm

python-cryptography-vectors-2.2.2-1.mga6
python3-cryptography-vectors-2.2.2-1.mga6

from python-cryptography-vectors-2.2.2-1.mga6.src.rpm

python-cffi-1.7.0-1.mga6
python3-cffi-1.7.0-1.mga6
python-cffi-doc-1.7.0-1.mga6

from python-cffi-1.7.0-1.mga6.src.rpm

Uploaded to core/backports_testing

python2-asn1crypto-0.22.0-1.mga6
python3-asn1crypto-0.22.0-1.mga6

from python-asn1crypto-0.22.0-1.mga6.src.rpm

Comment 5 Dave Hodgins 2018-06-20 13:41:49 CEST

An update can not rely on packages from backports, as most users will not
have them enabled.

A new package that is required for a security update of an existing package is
an exception that will allow/require it to be in the updates repos. As it does
not negatively affect other packages, it fits into the version exception of
the updates policy.

If it did negatively affect other packages, that would have to be decided
on a case by case basis, based on the possible impact of the security problem.

Comment 6 Stig-Ørjan Smelror 2018-06-21 12:12:07 CEST

Advisory
========

python-cffi, python-cryptography and python-cryptography-vectors has been updated to the latest version and python2-asn1crypto has been backported to support HTTPS URLs in Kodi.

References
==========

https://bugs.mageia.org/show_bug.cgi?id=23111


Files
=====

Uploaded to core/updates_testing

python-cryptography-2.2.2-1.mga6
python3-cryptography-2.2.2-1.mga6

from python-cryptography-2.2.2-1.mga6.src.rpm

python-cryptography-vectors-2.2.2-1.mga6
python3-cryptography-vectors-2.2.2-1.mga6

from python-cryptography-vectors-2.2.2-1.mga6.src.rpm

python-cffi-1.7.0-1.mga6
python3-cffi-1.7.0-1.mga6
python-cffi-doc-1.7.0-1.mga6

from python-cffi-1.7.0-1.mga6.src.rpm

python2-asn1crypto-0.22.0-1.mga6
python3-asn1crypto-0.22.0-1.mga6

from python-asn1crypto-0.22.0-1.mga6.src.rpm

Comment 7 David GEIGER 2018-07-25 06:01:11 CEST

A requested package cannot be installed:
python3-cryptography-2.2.2-1.mga6.i586 (due to unsatisfied pythonegg(3)(ipaddress))

A requested package cannot be installed:
python3-cryptography-2.2.2-1.mga6.i586 (due to unsatisfied pythonegg(3)(enum34))


So this should be fixed with python-cryptography-2.2.2-1.1.mga6

CC: (none) => geiger.david68210

David Walser 2018-07-25 11:16:50 CEST

Depends on: (none) => 23339

Comment 8 David Walser 2018-07-25 11:17:29 CEST

A security update is needed for this.  See Bug 23339.

CC: (none) => qa-bugs
Assignee: qa-bugs => pkg-bugs

Comment 9 Bruno Cornec 2018-11-12 23:19:36 CET

Now that Bug mga#23339 is fixed, this BR should be resolved right ?

CC: (none) => bruno

Comment 10 Stig-Ørjan Smelror 2018-12-24 22:28:36 CET

Let's resolve this.

Status: NEW => RESOLVED
Resolution: (none) => FIXED