FS#58503 - [python2-m2crypto] osc commit segfaults
Attached to Project:
Community Packages
Opened by Andreas Baumann (andreas_baumann) - Tuesday, 08 May 2018, 18:57 GMT
Last edited by Morten Linderud (Foxboron) - Wednesday, 09 May 2018, 08:06 GMT
Opened by Andreas Baumann (andreas_baumann) - Tuesday, 08 May 2018, 18:57 GMT
Last edited by Morten Linderud (Foxboron) - Wednesday, 09 May 2018, 08:06 GMT
|
Details
Description:
osc commit leads to a segfault I attached a gdb stacktrace. I can confirm that downgrading to 0.29.0-1 solves the issue. Additional info: * package version(s): 0.30.1-1 I attached a gdb stacktrace. Sadly, I didn't have time yet to debug the module. 
gdb_log.txt
(4.7 KiB)
|
This task depends upon
Closed by Morten Linderud (Foxboron)
Wednesday, 09 May 2018, 08:06 GMT
Reason for closing: Not a bug
Wednesday, 09 May 2018, 08:06 GMT
Reason for closing: Not a bug
FS#58084Fixed in 0.29Now it's broken *again*?
@eschwartz: I don't think it's the same bug as has been fixed in 0.29.
Though I would argue that a Python wrapper should not be able to trigger
memory issues in OpenSSL under any circumstances. ;-)
I wanted to share the discussion in the mailing list of the OpenSuSE build service with you
(hope, I didn't make mistakes in quoting, just in case, you can always have a look at
the original posts in the opensuse-buildservice@opensuse.org mailing list archive at
https://lists.opensuse.org/opensuse-buildservice/2018-05/):
> On Mai 08 2018, Giovanni Santini <itachi.sama.amaterasu@gmail.com> wrote:
>
> I was trying to push an update to a package of mine but `osc ci` gives
> me a segfault which I am not sure how to debug.
>
> I am on Arch and I have the tools from the OBS tools official repo.
>
>
> On Tue, May 08, 2018 at 07:48:14PM +0200, Andreas Schwab wrote:
>
> If osc (a pure python app) crashes that looks like a python bug and
> should probably be reported to its Arch maintainer.
> On 2018-05-08 21:00:59 +0200, Andreas Baumann wrote:
> This is something I also hit on Archlinux. The problem is in
> python2-m2crypto.
>
> You can downgrade python2-m2crypto from 0.30.1-1 to 0.29.0-1 temporarily
> to work around the problem.
>
> I filled a bug upstream at:
>
> https://bugs.archlinux.org/task/58503
> Il 08/05/2018 21:36, Marcus Hüwe ha scritto:
>
> No, this is an osc issue. You hit this bug, because:
> - M2Crypto 0.30 got a bug fix [1]
> - OpenSSL_1_1_0h introduced a bug (commit 8e405776858 [2]) (which is
> fixed in the meantime (commit c4fa1f7fc01 [3])
> - osc's ssl session handling code was always "broken" (however, to
> trigger this bug, osc has to do "a lot" of https requests for more
> than 2 hours) (for the details see commit b730f88 [4])
> ...
>
> [1] https://gitlab.com/m2crypto/m2crypto/commit/f749f85db5a61ad4ee0a83d9424cc856ef76fcda
> [2] https://github.com/openssl/openssl/commit/8e405776858
> [3] https://github.com/openssl/openssl/commit/c4fa1f7fc01
> [4] https://github.com/openSUSE/osc/commit/b730f88
>
> Suggestions for that?
> My main idea is of downgrading `python-m2crypto` meanwhile and re-update
> it whenever the fixed `osc` get out :)
> Actually, we should do a new osc release, but we cannot ship an
> updated osc package for Arch, because Arch no longer provides an
> urlgrabber package. Fortunately, there is a PR [1] to get rid of
> the python-urlgrabber dependency (a review for this PR is on my
> TODO...).
> In the meantime, downgrading python2-m2crypto is probably the
> easiest workaround...
> Marcus
https://lists.opensuse.org/opensuse-buildservice/2018-05/msg00005.html