Package: python-cryptography
Version: 2.1.3-1
Severity: grave
Justification: renders package unusable (I think, please drop severity if not)
I use offlineimap with python-keyring, retrieving my IMAP password from
gnome-keyring. This uses python-secretstorage and python-cryptography
behind the scenes.
I recently upgraded python[3]-cryptography from 1.9-1 to 2.1.3-1. During
this transaction, the python[3]-cffi-backend packages were removed as
"no longer used". This causes a previously-working offlineimap configuration
to fail:
ERROR: While attempting to sync account '<redacted>'
No module named _cffi_backend
...
File "<string>", line 1, in <module>
File "/usr/lib/python2.7/dist-packages/keyring/core.py", line 41, in
get_password
return _keyring_backend.get_password(service_name, username)
File "/usr/lib/python2.7/dist-packages/keyring/backends/SecretService.py",
line 65, in get_password
return item.get_secret().decode('utf-8')
File "/usr/lib/python2.7/dist-packages/secretstorage/item.py", line 102, in
get_secret
decryptor = Cipher(aes, modes.CBC(aes_iv), default_backend()).decryptor()
File
"/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/__init__.py",
line 15, in default_backend
from cryptography.hazmat.backends.openssl.backend import backend
File
"/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/__init__.py",
line 7, in <module>
from cryptography.hazmat.backends.openssl.backend import backend
File
"/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.py",
line 16, in <module>
from cryptography import utils, x509
File "/usr/lib/python2.7/dist-packages/cryptography/x509/__init__.py", line
8, in <module>
from cryptography.x509.base import (
File "/usr/lib/python2.7/dist-packages/cryptography/x509/base.py", line 16,
in <module>
from cryptography.x509.extensions import Extension, ExtensionType
File "/usr/lib/python2.7/dist-packages/cryptography/x509/extensions.py", line
18, in <module>
from cryptography.hazmat.primitives import constant_time, serialization
File
"/usr/lib/python2.7/dist-packages/cryptography/hazmat/primitives/constant_time.py",
line 9, in <module>
from cryptography.hazmat.bindings._constant_time import lib
I've set a release-critical severity to block testing migration, on
the assumption that this breaks all other uses of python-cryptography.
If that isn't true, please drop the severity.
Regards,
smcv
-- System Information:
Debian Release: buster/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'buildd-unstable'), (500,
'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental-debug'), (1,
'buildd-experimental'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.13.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB:en
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages python-cryptography depends on:
ii libc6 2.24-17
ii libssl1.1 1.1.0g-2
ii python 2.7.14-1
ii python-asn1crypto 0.22.0-1
ii python-idna 2.5-1
ii python-six 1.11.0-1
python-cryptography recommends no packages.
Versions of packages python-cryptography suggests:
pn python-cryptography-doc <none>
pn python-cryptography-vectors <none>
-- no debconf information
