Package: python-cryptography Version: 2.1.3-1 Severity: grave Justification: renders package unusable (I think, please drop severity if not)
I use offlineimap with python-keyring, retrieving my IMAP password from gnome-keyring. This uses python-secretstorage and python-cryptography behind the scenes. I recently upgraded python[3]-cryptography from 1.9-1 to 2.1.3-1. During this transaction, the python[3]-cffi-backend packages were removed as "no longer used". This causes a previously-working offlineimap configuration to fail: ERROR: While attempting to sync account '<redacted>' No module named _cffi_backend ... File "<string>", line 1, in <module> File "/usr/lib/python2.7/dist-packages/keyring/core.py", line 41, in get_password return _keyring_backend.get_password(service_name, username) File "/usr/lib/python2.7/dist-packages/keyring/backends/SecretService.py", line 65, in get_password return item.get_secret().decode('utf-8') File "/usr/lib/python2.7/dist-packages/secretstorage/item.py", line 102, in get_secret decryptor = Cipher(aes, modes.CBC(aes_iv), default_backend()).decryptor() File "/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/__init__.py", line 15, in default_backend from cryptography.hazmat.backends.openssl.backend import backend File "/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/__init__.py", line 7, in <module> from cryptography.hazmat.backends.openssl.backend import backend File "/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.py", line 16, in <module> from cryptography import utils, x509 File "/usr/lib/python2.7/dist-packages/cryptography/x509/__init__.py", line 8, in <module> from cryptography.x509.base import ( File "/usr/lib/python2.7/dist-packages/cryptography/x509/base.py", line 16, in <module> from cryptography.x509.extensions import Extension, ExtensionType File "/usr/lib/python2.7/dist-packages/cryptography/x509/extensions.py", line 18, in <module> from cryptography.hazmat.primitives import constant_time, serialization File "/usr/lib/python2.7/dist-packages/cryptography/hazmat/primitives/constant_time.py", line 9, in <module> from cryptography.hazmat.bindings._constant_time import lib I've set a release-critical severity to block testing migration, on the assumption that this breaks all other uses of python-cryptography. If that isn't true, please drop the severity. Regards, smcv -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'buildd-unstable'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental-debug'), (1, 'buildd-experimental'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.13.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages python-cryptography depends on: ii libc6 2.24-17 ii libssl1.1 1.1.0g-2 ii python 2.7.14-1 ii python-asn1crypto 0.22.0-1 ii python-idna 2.5-1 ii python-six 1.11.0-1 python-cryptography recommends no packages. Versions of packages python-cryptography suggests: pn python-cryptography-doc <none> pn python-cryptography-vectors <none> -- no debconf information