[Pkg-openssl-devel] Bug#895035: osc: crashes with memory corruption when using new libssl1.1
Kurt Roeckx
kurt at roeckx.be
Fri Apr 6 18:44:18 BST 2018
On Fri, Apr 06, 2018 at 01:58:03PM +0100, Simon McVittie wrote:
> Package: osc
> Version: 0.162.1-1
> Severity: grave
> Justification: osc tool becomes mostly unusable
>
> This is probably a bug in libssl1.1 or in python-m2crypto, but I'm
> reporting it against osc for now, because that's the only place I know
> how to reproduce it at the moment. X-Debbugs-Cc'd to the lower-level
> packages' maintainers.
>
> Steps to reproduce:
>
> * have an account on any OBS instance (I used <https://build.opensuse.org/>:
> anyone can register there, but an account is required to use the API)
> * be in a temporary directory
> * rm -fr binaries
> * osc -A https://api.opensuse.org getbinaries openSUSE:Leap:15.0 \
> hello standard x86_64
> (or some project/package combination that exists on your OBS)
>
> Expected result: osc downloads hello into ./binaries
>
> Actual result: osc usually segfaults in glibc malloc-related functions,
> probably due to memory corruption; sometimes glibc detects the memory
> corruption itself and aborts instead.
>
> Workaround: Downgrading libssl1.1 to 1.1.0f-3+deb9u2 from stable-security
> makes osc work correctly, so presumably this is a behaviour change
> between 1.1.0f and 1.1.0h, either a regression or something that triggers
> a pre-existing bug in python-m2crypto (or possibly osc).
Can you run it under valgrind?
Kurt
More information about the Pkg-openssl-devel
mailing list