Your message dated Thu, 15 Dec 2022 12:34:54 -0500 with message-id <cab4xwxxfxhjbkj58fbofnwgdkea-jyjbsk2gkxwxq96inz5...@mail.gmail.com> and subject line Re: python3-cryptography: Core dump in buster openssl binding has caused the Debian Bug report #985820, regarding python3-cryptography: Core dump in buster openssl binding to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 985820: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985820 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: python3-cryptography Version: 2.6.1-3+deb10u2 Severity: normal Tags: security A long-running, twisted-based server occasionally (days to weeks) gets aborted when processing HTTPS requests. Here's a basic core dump from an abort: #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 #1 0x00007f604e0d2535 in __GI_abort () at abort.c:79 #2 0x00007f604e129508 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7f604e23428d "%s\n") at ../sysdeps/posix/libc_fatal.c:181 #3 0x00007f604e12fc1a in malloc_printerr ( str=str@entry=0x7f604e23243b "free(): invalid pointer") at malloc.c:5341 #4 0x00007f604e13142c in _int_free (av=<optimized out>, p=<optimized out>, have_lock=<optimized out>) at malloc.c:4165 #5 0x00007f604d77a9be in SSL_SESSION_free () from /usr/lib/x86_64-linux-gnu/libssl.so.1.1 #6 0x00007f604d5ddc8c in OPENSSL_LH_doall_arg () from /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 #7 0x00007f604d77bf57 in SSL_CTX_flush_sessions () from /usr/lib/x86_64-linux-gnu/libssl.so.1.1 #8 0x00007f604d7924d3 in ?? () from /usr/lib/x86_64-linux-gnu/libssl.so.1.1 #9 0x00007f604d787e3e in ?? () from /usr/lib/x86_64-linux-gnu/libssl.so.1.1 #10 0x00007f604d773f34 in SSL_do_handshake () from /usr/lib/x86_64-linux-gnu/libssl.so.1.1 #11 0x00007f604d12971c in ?? () from /usr/lib/python3/dist-packages/cryptography/hazmat/bindings/_openssl.abi3.so #12 0x00000000005ccba1 in _PyMethodDef_RawFastCallKeywords () This is about all I know at this point. I've not yet managed to trigger this on a development system. On the operational system, I can live with having a watchdog restart the service when it gets aborted, so I could limp on until bullseye here. On the other hand, an invalid free in openssl sounds a bit unnerving, and so I thought I'd report this and offer to at least install debug packages and look more closely at the problem (disclaimer: as I may have to wait weeks until I'll get another abort, responses may be slow). -- System Information: Debian Release: 10.8 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable'), (500, 'oldstable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-9-amd64 (SMP w/16 CPU cores) Locale: LANG=en_US, LC_CTYPE=en_US (charmap=UTF-8) (ignored: LC_ALL set to de_DE.UTF-8), LANGUAGE=en_US (charmap=UTF-8) (ignored: LC_ALL set to de_DE.UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) LSM: AppArmor: enabled Versions of packages python3-cryptography depends on: ii libc6 2.28-10 ii libssl1.1 1.1.1d-0+deb10u5 ii python3 3.7.3-1 ii python3-asn1crypto 0.24.0-1 ii python3-cffi-backend [python3-cffi-backend-api-min] 1.12.2-1 pn python3-cffi-backend-api-max <none> ii python3-six 1.12.0-1 python3-cryptography recommends no packages. Versions of packages python3-cryptography suggests: pn python-cryptography-doc <none> pn python3-cryptography-vectors <none> -- no debconf information
--- End Message ---
--- Begin Message ---On Wed, 24 Mar 2021 11:13:38 +0100 Markus Demleitner <[email protected]> wrote: > Package: python3-cryptography > Version: 2.6.1-3+deb10u2 > Severity: normal > Tags: security > > A long-running, twisted-based server occasionally (days to weeks) gets aborted > when processing HTTPS requests. Here's a basic core dump from an abort: buster i no longer supported by debian, but by the LTS team: https://wiki.debian.org/LTS closing
--- End Message ---
