On Fri, Apr 06, 2018 at 01:58:03PM +0100, Simon McVittie wrote:
> Package: osc
> Version: 0.162.1-1
> Severity: grave
> Justification: osc tool becomes mostly unusable
> This is probably a bug in libssl1.1 or in python-m2crypto, but I'm
> reporting it against osc for now, because that's the only place I know
> how to reproduce it at the moment. X-Debbugs-Cc'd to the lower-level
> packages' maintainers.
> Steps to reproduce:
> * have an account on any OBS instance (I used <https://build.opensuse.org/>:
> anyone can register there, but an account is required to use the API)
> * be in a temporary directory
> * rm -fr binaries
> * osc -A https://api.opensuse.org getbinaries openSUSE:Leap:15.0 \
> hello standard x86_64
> (or some project/package combination that exists on your OBS)
> Expected result: osc downloads hello into ./binaries
> Actual result: osc usually segfaults in glibc malloc-related functions,
> probably due to memory corruption; sometimes glibc detects the memory
> corruption itself and aborts instead.
> Workaround: Downgrading libssl1.1 to 1.1.0f-3+deb9u2 from stable-security
> makes osc work correctly, so presumably this is a behaviour change
> between 1.1.0f and 1.1.0h, either a regression or something that triggers
> a pre-existing bug in python-m2crypto (or possibly osc).
Can you run it under valgrind?