Community Packages

Please read this before reporting a bug:

Do NOT report bugs when a package is just outdated, or it is in Unsupported. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#58503 - [python2-m2crypto] osc commit segfaults

Attached to Project: Community Packages
Opened by Andreas Baumann (andreas_baumann) - Tuesday, 08 May 2018, 18:57 GMT
Last edited by Morten Linderud (Foxboron) - Wednesday, 09 May 2018, 08:06 GMT
Task Type Bug Report
Category Packages
Status Closed
Assigned To Morten Linderud (Foxboron)
Architecture All
Severity Very Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No



osc commit

leads to a segfault I attached a gdb stacktrace.

I can confirm that downgrading to 0.29.0-1 solves the issue.

Additional info:
* package version(s): 0.30.1-1

I attached a gdb stacktrace.

Sadly, I didn't have time yet to debug the module.

This task depends upon

Closed by  Morten Linderud (Foxboron)
Wednesday, 09 May 2018, 08:06 GMT
Reason for closing:  Not a bug
Comment by Eli Schwartz (eschwartz) - Tuesday, 08 May 2018, 20:02 GMT
 FS#58084  Fixed in 0.29

Now it's broken *again*?
Comment by Doug Newgard (Scimmia) - Wednesday, 09 May 2018, 03:54 GMT
Yes, and the maintainer has already said that an AUR package crashing is not a priority, especially when nobody can show that it's not an osc problem.
Comment by Andreas Baumann (andreas_baumann) - Wednesday, 09 May 2018, 05:00 GMT
I agree, very low priority and a workaround is known.

@eschwartz: I don't think it's the same bug as has been fixed in 0.29.
Though I would argue that a Python wrapper should not be able to trigger
memory issues in OpenSSL under any circumstances. ;-)

I wanted to share the discussion in the mailing list of the OpenSuSE build service with you
(hope, I didn't make mistakes in quoting, just in case, you can always have a look at
the original posts in the mailing list archive at

> On Mai 08 2018, Giovanni Santini <> wrote:
> I was trying to push an update to a package of mine but `osc ci` gives
> me a segfault which I am not sure how to debug.
> I am on Arch and I have the tools from the OBS tools official repo.

> On Tue, May 08, 2018 at 07:48:14PM +0200, Andreas Schwab wrote:
> If osc (a pure python app) crashes that looks like a python bug and
> should probably be reported to its Arch maintainer.

> On 2018-05-08 21:00:59 +0200, Andreas Baumann wrote:
> This is something I also hit on Archlinux. The problem is in
> python2-m2crypto.
> You can downgrade python2-m2crypto from 0.30.1-1 to 0.29.0-1 temporarily
> to work around the problem.
> I filled a bug upstream at:

> Il 08/05/2018 21:36, Marcus Hüwe ha scritto:
> No, this is an osc issue. You hit this bug, because:
> - M2Crypto 0.30 got a bug fix [1]
> - OpenSSL_1_1_0h introduced a bug (commit 8e405776858 [2]) (which is
> fixed in the meantime (commit c4fa1f7fc01 [3])
> - osc's ssl session handling code was always "broken" (however, to
> trigger this bug, osc has to do "a lot" of https requests for more
> than 2 hours) (for the details see commit b730f88 [4])
> ...
> [1]
> [2]
> [3]
> [4]
> Suggestions for that?
> My main idea is of downgrading `python-m2crypto` meanwhile and re-update
> it whenever the fixed `osc` get out :)

> Actually, we should do a new osc release, but we cannot ship an
> updated osc package for Arch, because Arch no longer provides an
> urlgrabber package. Fortunately, there is a PR [1] to get rid of
> the python-urlgrabber dependency (a review for this PR is on my
> TODO...).

> In the meantime, downgrading python2-m2crypto is probably the
> easiest workaround...

> Marcus

Comment by Morten Linderud (Foxboron) - Wednesday, 09 May 2018, 08:05 GMT
Closing as the reply to the ML denotes how its an osc issue, and not an m2crypto issue.