Debian Bug report logs - #637904
__m2crypto.so: undefined symbol: SSLv2_method

version graph

Package: python-m2crypto; Maintainer for python-m2crypto is Dima Barsky <dima@debian.org>; Source for python-m2crypto is src:m2crypto.

Reported by: Simon McVittie <smcv@debian.org>

Date: Mon, 15 Aug 2011 16:21:02 UTC

Severity: grave

Tags: patch

Found in version m2crypto/0.21.1-1

Fixed in version m2crypto/0.21.1-2

Done: Charles Plessy <plessy@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Dima Barsky <dima@debian.org>:
Bug#637904; Package python-m2crypto. (Mon, 15 Aug 2011 16:21:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Simon McVittie <smcv@debian.org>:
New Bug report received and forwarded. Copy sent to Dima Barsky <dima@debian.org>. (Mon, 15 Aug 2011 16:21:05 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Simon McVittie <smcv@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: __m2crypto.so: undefined symbol: SSLv2_method
Date: Mon, 15 Aug 2011 17:16:44 +0100
Package: python-m2crypto
Version: 0.21.1-1
Severity: grave
Justification: renders package unusable

m2crypto appears to have regressed between 0.20.1-1.1 and 0.21.1-1:

> smcv@reptile(sid-amd64)% python2.6 -c 'import M2Crypto'
> Traceback (most recent call last):
>   File "<string>", line 1, in <module>
>   File "/usr/lib/python2.6/dist-packages/M2Crypto/__init__.py", line 22, in <module>
>     import __m2crypto
> ImportError: /usr/lib/python2.6/dist-packages/M2Crypto/__m2crypto.so: undefined symbol: SSLv2_method

The amd64 binaries were the ones uploaded by the maintainer, but buildd logs
for a couple of arbitrarily-chosen architectures (i386 and s390) suggest that
this is a general problem with the package, not just a problem with the
maintainer's build environment:

> SWIG/_m2crypto_wrap.c: In function '_wrap_sslv2_method':
> SWIG/_m2crypto_wrap.c:15485:3: warning: implicit declaration of function 'SSLv2_method' [-Wimplicit-function-declaration]

Because the file in question is a Python module (basically a plugin),
unresolvable symbols do not cause the build to fail.

Regards,
    S

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (101, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.0.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages python-m2crypto depends on:
ii  libc6                         2.13-16    Embedded GNU C Library: Shared lib
ii  libssl1.0.0                   1.0.0d-3   SSL shared libraries
ii  python                        2.6.7-3    interactive high-level object-orie
ii  python-support                1.0.14     automated rebuilding support for P

python-m2crypto recommends no packages.

python-m2crypto suggests no packages.

-- no debconf information




Information forwarded to debian-bugs-dist@lists.debian.org, Dima Barsky <dima@debian.org>:
Bug#637904; Package python-m2crypto. (Mon, 15 Aug 2011 22:39:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Sebastian Ramacher <s.ramacher@gmx.at>:
Extra info received and forwarded to list. Copy sent to Dima Barsky <dima@debian.org>. (Mon, 15 Aug 2011 22:39:03 GMT) Full text and rfc822 format available.

Message #10 received at 637904@bugs.debian.org (full text, mbox):

From: Sebastian Ramacher <s.ramacher@gmx.at>
To: 637904@bugs.debian.org, Simon McVittie <smcv@debian.org>, Charles Plessy <plessy@debian.org>
Cc: control@bugs.debian.org
Subject: Re: __m2crypto.so: undefined symbol: SSLv2_method
Date: Tue, 16 Aug 2011 00:34:33 +0200
[Message part 1 (text/plain, inline)]
tag 637904 + patch
thanks

Simon McVittie <smcv@debian.org>
> m2crypto appears to have regressed between 0.20.1-1.1 and 0.21.1-1:
> 
>> smcv@reptile(sid-amd64)% python2.6 -c 'import M2Crypto'
>> Traceback (most recent call last):
>>   File "<string>", line 1, in <module>
>>   File "/usr/lib/python2.6/dist-packages/M2Crypto/__init__.py", line 22, in <module>
>>     import __m2crypto
>> ImportError: /usr/lib/python2.6/dist-packages/M2Crypto/__m2crypto.so: undefined symbol: SSLv2_method

It seems as the fix from 0.20.1-1.1 for this issue has been silently dropped.
But that fix still applies and works fine. I've attached the patch.

In view of #637750 please note that test_sslv23_no_v2_no_service and
test_sslv23_weak_crypto will fail because openssl seems to ignore -no_ssl3
silently. But I didn't dig any further.

Kind regards
-- 
Sebastian Ramacher
[m2crypo_no_ssl2.patch (text/x-diff, attachment)]
[signature.asc (application/pgp-signature, attachment)]

Added tag(s) patch. Request was from Sebastian Ramacher <s.ramacher@gmx.at> to control@bugs.debian.org. (Mon, 15 Aug 2011 22:39:04 GMT) Full text and rfc822 format available.

Reply sent to Charles Plessy <plessy@debian.org>:
You have taken responsibility. (Tue, 16 Aug 2011 00:21:06 GMT) Full text and rfc822 format available.

Notification sent to Simon McVittie <smcv@debian.org>:
Bug acknowledged by developer. (Tue, 16 Aug 2011 00:21:06 GMT) Full text and rfc822 format available.

Message #17 received at 637904-close@bugs.debian.org (full text, mbox):

From: Charles Plessy <plessy@debian.org>
To: 637904-close@bugs.debian.org
Subject: Bug#637904: fixed in m2crypto 0.21.1-2
Date: Tue, 16 Aug 2011 00:17:10 +0000
Source: m2crypto
Source-Version: 0.21.1-2

We believe that the bug you reported is fixed in the latest version of
m2crypto, which is due to be installed in the Debian FTP archive:

m2crypto_0.21.1-2.diff.gz
  to main/m/m2crypto/m2crypto_0.21.1-2.diff.gz
m2crypto_0.21.1-2.dsc
  to main/m/m2crypto/m2crypto_0.21.1-2.dsc
python-m2crypto_0.21.1-2_amd64.deb
  to main/m/m2crypto/python-m2crypto_0.21.1-2_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 637904@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Charles Plessy <plessy@debian.org> (supplier of updated m2crypto package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 16 Aug 2011 08:41:24 +0900
Source: m2crypto
Binary: python-m2crypto
Architecture: source amd64
Version: 0.21.1-2
Distribution: unstable
Urgency: low
Maintainer: Dima Barsky <dima@debian.org>
Changed-By: Charles Plessy <plessy@debian.org>
Description: 
 python-m2crypto - a crypto and SSL toolkit for Python
Closes: 637904
Changes: 
 m2crypto (0.21.1-2) unstable; urgency=low
 .
   [939cdded] Disable SSLv2_method when disabled in OpenSSL iself
              (Closes: #637904).
   [10433e12] Documented applied patches in debian/patches.
   [69b60a5d] Added debian/gbp.conf to show that the package is managed
              with git-buildpackage.
Checksums-Sha1: 
 6aa8253f50182cdca6b798169d8d274c06d52776 1946 m2crypto_0.21.1-2.dsc
 078a3c2253c48181603c9a91cd1bbb61b851d699 6530 m2crypto_0.21.1-2.diff.gz
 987ec30e827ab8ca64389855e9e40b4c69ff5eb9 195080 python-m2crypto_0.21.1-2_amd64.deb
Checksums-Sha256: 
 d645dcb71b7fbdaac13544cae2211cf134364a0447d772c60142f6f8f0737040 1946 m2crypto_0.21.1-2.dsc
 1798cca2468b0eee64c8c6bdffc9b574bff22816d2bdf0a6de382c2f148fbabc 6530 m2crypto_0.21.1-2.diff.gz
 c1cb5e60e3ad409f2546461e058e0080ddf0d017b12204e3623b08a4dfb1c604 195080 python-m2crypto_0.21.1-2_amd64.deb
Files: 
 dc469249923461fa11c1ff5b25a98855 1946 python optional m2crypto_0.21.1-2.dsc
 d3c28caf038d607e516b35c41eea8955 6530 python optional m2crypto_0.21.1-2.diff.gz
 923940a5b750c868424403e8542814af 195080 python optional python-m2crypto_0.21.1-2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBCAAGBQJOSbXnAAoJEMW9bI8ildUC0dYP/j4uzux87x8bDcoxrgaulgpF
zH5QclCOo9I5oLqZuIuB2jgDv9U7Apyxzn4/QpPMccx3v57GEoGYnjtF1z4YLHIe
DstpJgb6B3sZVat7c+nZmmVOGWIsv+tsdwW6QhMgO1quZDhy88FNLw1Ty0zBVbO1
BImb4IeDDTkdEfXUGPuVxS6Hla/xmha/XTrY7xRb+46NDEJtEL9d7lF2C57sRR2Y
a5ijrXcacBPXwJe/V39bv6cP6d6OR9vKoASPWpOfL8Jy2r8nibfRokJoEh/7YktI
yrsnuQxMUykpEX/Fa1Bs6cUxrjHpT3UWdqpoqcEMEbBXfzzMpgToWp/up7oFuHUu
u69MLB1Cn25+IO1zt1wNClHCAIyaQ42lf6TGajjCESLw3O5wM5qkvewz2EGYTymn
1W7irteVvIeFoMSRrW0Yz9cZGLgpjFOQ/mrcdqPH1t6m6ge81PqMkoRNgevHhp2E
g6lHroA9auAZ2fLDiavUsxt9IatlbU9lC6xr6JckR9ZHIVF65imzBax0BqiRPDTK
8FUm+IkjK1HjegJEEudeaBWBLLdkU+a8G6upyJL9dkEEq7qlvTpVbddaVuCItLxs
ExNcep26MsX2OMMhriZl/wy7kmjy09QQHIaWCJzbfaJ39Hm7dpMKyJi1IFNsw0+p
j+ahWkbQrEp1h3zejxKU
=Yx6d
-----END PGP SIGNATURE-----





Information forwarded to debian-bugs-dist@lists.debian.org, Dima Barsky <dima@debian.org>:
Bug#637904; Package python-m2crypto. (Tue, 16 Aug 2011 21:51:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Charles Plessy <plessy@debian.org>:
Extra info received and forwarded to list. Copy sent to Dima Barsky <dima@debian.org>. (Tue, 16 Aug 2011 21:51:06 GMT) Full text and rfc822 format available.

Message #22 received at 637904@bugs.debian.org (full text, mbox):

From: Charles Plessy <plessy@debian.org>
To: Simon McVittie <smcv@debian.org>, 637904@bugs.debian.org, Sebastian Ramacher <s.ramacher@gmx.at>
Subject: Re: Bug#637904: __m2crypto.so: undefined symbol: SSLv2_method
Date: Wed, 17 Aug 2011 06:46:02 +0900
Le Mon, Aug 15, 2011 at 05:16:44PM +0100, Simon McVittie a écrit :
> 
> m2crypto appears to have regressed between 0.20.1-1.1 and 0.21.1-1:
> 
> > smcv@reptile(sid-amd64)% python2.6 -c 'import M2Crypto'
> > Traceback (most recent call last):
> >   File "<string>", line 1, in <module>
> >   File "/usr/lib/python2.6/dist-packages/M2Crypto/__init__.py", line 22, in <module>
> >     import __m2crypto
> > ImportError: /usr/lib/python2.6/dist-packages/M2Crypto/__m2crypto.so: undefined symbol: SSLv2_method
> 
> The amd64 binaries were the ones uploaded by the maintainer, but buildd logs
> for a couple of arbitrarily-chosen architectures (i386 and s390) suggest that
> this is a general problem with the package, not just a problem with the
> maintainer's build environment:
> 
> > SWIG/_m2crypto_wrap.c: In function '_wrap_sslv2_method':
> > SWIG/_m2crypto_wrap.c:15485:3: warning: implicit declaration of function 'SSLv2_method' [-Wimplicit-function-declaration]
> 
> Because the file in question is a Python module (basically a plugin),
> unresolvable symbols do not cause the build to fail.

Thank you very much Simon and Sébastien for your help.

I have built the amd64 version of the package in a clean Sid chroot with
sbuild, and I indeed did not understand the compiler warnings.  The problem
should be solved now that I re-enabled Sebastian's patch, that I did not
realise was not part from revision 721 in Upstream's Subversion repository.  As
you can see from the commit diff below (I keep the build logs in the same Git
repository as the source package), the compiler warnings dissapeared as
expected.

http://anonscm.debian.org/gitweb/?p=collab-maint/m2crypto.git;a=commitdiff;h=3a906d75c341b97ba5cc03af76d535173b07cc4b#patch2

I tested python-m2crypto version 0.21.1-1 on my local system, which is a
mixture of Squeeze, Wheezy and Sid where libssl1.0.0 and libssl0.9.8 are
installed.  Given that the module was working well, as per successful use of
the euca2ools programs that use it, and given that the regression tests were
failing for lack of SSLv2 support, I thought that I successfully tested it
against libssl1.0.0, the OpenSSL library the package was built on depends on.

Have I misunderstood how dynamic libraries are used, or is it indeed a bug that a
package depending on libssl1.0.0 seems to be using libssl0.9.8 when
they are co-installed ?

Have a nice day,

-- 
Charles Plessy
Tsurumi, Kanagawa, Japan




Information forwarded to debian-bugs-dist@lists.debian.org, Dima Barsky <dima@debian.org>:
Bug#637904; Package python-m2crypto. (Wed, 17 Aug 2011 11:06:14 GMT) Full text and rfc822 format available.

Acknowledgement sent to Simon McVittie <smcv@debian.org>:
Extra info received and forwarded to list. Copy sent to Dima Barsky <dima@debian.org>. (Wed, 17 Aug 2011 11:06:17 GMT) Full text and rfc822 format available.

Message #27 received at 637904@bugs.debian.org (full text, mbox):

From: Simon McVittie <smcv@debian.org>
To: 637904@bugs.debian.org, Sebastian Ramacher <s.ramacher@gmx.at>
Subject: Re: Bug#637904: __m2crypto.so: undefined symbol: SSLv2_method
Date: Wed, 17 Aug 2011 11:46:49 +0100
On Wed, 17 Aug 2011 at 06:46:02 +0900, Charles Plessy wrote:
> I tested python-m2crypto version 0.21.1-1 on my local system, which is a
> mixture of Squeeze, Wheezy and Sid where libssl1.0.0 and libssl0.9.8 are
> installed.
[...]
> Have I misunderstood how dynamic libraries are used, or is it indeed a bug that a
> package depending on libssl1.0.0 seems to be using libssl0.9.8 when
> they are co-installed ?

Based on objdump, it shouldn't have worked for you: 0.21.1-1 and 0.21.1-2 both
have a NEEDED entry for libssl.so.1.0.0 and no NEEDED entry for
libssl.so.0.9.8, and each of libssl.so.1.0.0 and libssl.so.0.9.8 has the
appropriate thing as its SONAME, so __m2crypto.so should have picked up
libssl.so.1.0.0 and nothing else.

The only reason I can think of why it might have worked for you is if some
other library in the same process was still linked against libssl.so.0.9.8,
and the missing symbol was picked up from there? Versioned symbols are
meant to prevent that, though, and both libssl0.9.8 and libssl1.0.0 have
versioned symbols (OPENSSL_0.9.8 and OPENSSL_1.0.0 respectively), so
__m2crypto.so should have been specifically looking for an OPENSSL_1.0.0
implementation of each dynamic symbol it uses. (And according to objdump,
it does that correctly...)

    S




Information forwarded to debian-bugs-dist@lists.debian.org, Dima Barsky <dima@debian.org>:
Bug#637904; Package python-m2crypto. (Wed, 17 Aug 2011 20:09:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Julien Cristau <jcristau@debian.org>:
Extra info received and forwarded to list. Copy sent to Dima Barsky <dima@debian.org>. (Wed, 17 Aug 2011 20:09:05 GMT) Full text and rfc822 format available.

Message #32 received at 637904@bugs.debian.org (full text, mbox):

From: Julien Cristau <jcristau@debian.org>
To: Simon McVittie <smcv@debian.org>, 637904@bugs.debian.org
Cc: Sebastian Ramacher <s.ramacher@gmx.at>
Subject: Re: Bug#637904: __m2crypto.so: undefined symbol: SSLv2_method
Date: Wed, 17 Aug 2011 22:06:00 +0200
On Wed, Aug 17, 2011 at 11:46:49 +0100, Simon McVittie wrote:

> On Wed, 17 Aug 2011 at 06:46:02 +0900, Charles Plessy wrote:
> > I tested python-m2crypto version 0.21.1-1 on my local system, which is a
> > mixture of Squeeze, Wheezy and Sid where libssl1.0.0 and libssl0.9.8 are
> > installed.
> [...]
> > Have I misunderstood how dynamic libraries are used, or is it indeed a bug that a
> > package depending on libssl1.0.0 seems to be using libssl0.9.8 when
> > they are co-installed ?
> 
> Based on objdump, it shouldn't have worked for you: 0.21.1-1 and 0.21.1-2 both
> have a NEEDED entry for libssl.so.1.0.0 and no NEEDED entry for
> libssl.so.0.9.8, and each of libssl.so.1.0.0 and libssl.so.0.9.8 has the
> appropriate thing as its SONAME, so __m2crypto.so should have picked up
> libssl.so.1.0.0 and nothing else.
> 
> The only reason I can think of why it might have worked for you is if some
> other library in the same process was still linked against libssl.so.0.9.8,
> and the missing symbol was picked up from there? Versioned symbols are
> meant to prevent that, though, and both libssl0.9.8 and libssl1.0.0 have
> versioned symbols (OPENSSL_0.9.8 and OPENSSL_1.0.0 respectively), so
> __m2crypto.so should have been specifically looking for an OPENSSL_1.0.0
> implementation of each dynamic symbol it uses. (And according to objdump,
> it does that correctly...)
> 
It wouldn't be looking for a OPENSSL_1.0.0 version of a symbol that's
not in libssl1.0.0, though.

Cheers,
Julien




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 15 Sep 2011 07:30:27 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 15:19:28 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.