Bug#923447: openssl breaks r-cran-openssl autopkgtest

classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

Bug#923447: openssl breaks r-cran-openssl autopkgtest

Paul Gevers-4
Source: openssl, r-cran-openssl
Control: found -1 openssl/1.1.1b-1
Control: found -1 r-cran-openssl/1.2.1+dfsg-1
Severity: important
X-Debbugs-CC: [hidden email]
User: [hidden email]
Usertags: breaks needs-update

Dear maintainers,

With a recent upload of openssl the autopkgtest of r-cran-openssl fails
in testing when that autopkgtest is run with the binary packages of
openssl from unstable. It passes when run with only packages from
testing. In tabular form:
                       pass            fail
openssl                from testing    1.1.1b-1
r-cran-openssl         from testing    1.2.1+dfsg-1
all others             from testing    from testing

I copied some of the output at the bottom of this report. The error
looks quite scary to me, but I have no idea if this means that
r-cran-openssl is really failing, or if openssl has changed it's
interface in a bad way.

Currently this regression is blocking the migration of openssl to
testing [1]. Due to the nature of this issue, I filed this bug report
against both packages. Can you please investigate the situation and
reassign the bug to the right package? If needed, please change the
bug's severity.

Please note that the window to fix this to allow openssl to migrate
without intervention is closing extremely soon.

More information about this bug and the reason for filing it can be found on
https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation

Paul

[1] https://qa.debian.org/excuses.php?package=openssl

https://ci.debian.net/data/autopkgtest/testing/amd64/r/r-cran-openssl/2021380/log.gz

autopkgtest [21:16:05]: test run-unit-test: [-----------------------

R version 3.5.2 (2018-12-20) -- "Eggshell Igloo"
Copyright (C) 2018 The R Foundation for Statistical Computing
Platform: x86_64-pc-linux-gnu (64-bit)

R is free software and comes with ABSOLUTELY NO WARRANTY.
You are welcome to redistribute it under certain conditions.
Type 'license()' or 'licence()' for distribution details.

R is a collaborative project with many contributors.
Type 'contributors()' for more information and
'citation()' on how to cite R or R packages in publications.

Type 'demo()' for some demos, 'help()' for on-line help, or
'help.start()' for an HTML browser interface to help.
Type 'q()' to quit R.

> library(testthat)
> library(openssl)
>
> test_check("openssl")
double free or corruption (fasttop)
Aborted
autopkgtest [21:16:05]: test run-unit-test: -----------------------]


signature.asc (499 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Bug#923447: openssl breaks r-cran-openssl autopkgtest

Andreas Tille-2
Hi,

I'd be deligted if somebody from the team could care since I'm
basically offline-ish until 4.3.

Thank you, Andreas.

On Thu, Feb 28, 2019 at 12:29:12PM +0100, Paul Gevers wrote:

> Source: openssl, r-cran-openssl
> Control: found -1 openssl/1.1.1b-1
> Control: found -1 r-cran-openssl/1.2.1+dfsg-1
> Severity: important
> X-Debbugs-CC: [hidden email]
> User: [hidden email]
> Usertags: breaks needs-update
>
> Dear maintainers,
>
> With a recent upload of openssl the autopkgtest of r-cran-openssl fails
> in testing when that autopkgtest is run with the binary packages of
> openssl from unstable. It passes when run with only packages from
> testing. In tabular form:
>                        pass            fail
> openssl                from testing    1.1.1b-1
> r-cran-openssl         from testing    1.2.1+dfsg-1
> all others             from testing    from testing
>
> I copied some of the output at the bottom of this report. The error
> looks quite scary to me, but I have no idea if this means that
> r-cran-openssl is really failing, or if openssl has changed it's
> interface in a bad way.
>
> Currently this regression is blocking the migration of openssl to
> testing [1]. Due to the nature of this issue, I filed this bug report
> against both packages. Can you please investigate the situation and
> reassign the bug to the right package? If needed, please change the
> bug's severity.
>
> Please note that the window to fix this to allow openssl to migrate
> without intervention is closing extremely soon.
>
> More information about this bug and the reason for filing it can be found on
> https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation
>
> Paul
>
> [1] https://qa.debian.org/excuses.php?package=openssl
>
> https://ci.debian.net/data/autopkgtest/testing/amd64/r/r-cran-openssl/2021380/log.gz
>
> autopkgtest [21:16:05]: test run-unit-test: [-----------------------
>
> R version 3.5.2 (2018-12-20) -- "Eggshell Igloo"
> Copyright (C) 2018 The R Foundation for Statistical Computing
> Platform: x86_64-pc-linux-gnu (64-bit)
>
> R is free software and comes with ABSOLUTELY NO WARRANTY.
> You are welcome to redistribute it under certain conditions.
> Type 'license()' or 'licence()' for distribution details.
>
> R is a collaborative project with many contributors.
> Type 'contributors()' for more information and
> 'citation()' on how to cite R or R packages in publications.
>
> Type 'demo()' for some demos, 'help()' for on-line help, or
> 'help.start()' for an HTML browser interface to help.
> Type 'q()' to quit R.
>
> > library(testthat)
> > library(openssl)
> >
> > test_check("openssl")
> double free or corruption (fasttop)
> Aborted
> autopkgtest [21:16:05]: test run-unit-test: -----------------------]
>




> _______________________________________________
> R-pkg-team mailing list
> [hidden email]
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/r-pkg-team


--
http://fam-tille.de

Reply | Threaded
Open this post in threaded view
|

Bug#923447: openssl breaks r-cran-openssl autopkgtest

Jeroen Ooms-3
I have submitted a hotfix release openssl 1.2.2 to cran that should
fix the issue. It should be there soon.




On Thu, Feb 28, 2019 at 5:24 PM Andreas Tille <[hidden email]> wrote:

>
> Hi,
>
> I'd be deligted if somebody from the team could care since I'm
> basically offline-ish until 4.3.
>
> Thank you, Andreas.
>
> On Thu, Feb 28, 2019 at 12:29:12PM +0100, Paul Gevers wrote:
> > Source: openssl, r-cran-openssl
> > Control: found -1 openssl/1.1.1b-1
> > Control: found -1 r-cran-openssl/1.2.1+dfsg-1
> > Severity: important
> > X-Debbugs-CC: [hidden email]
> > User: [hidden email]
> > Usertags: breaks needs-update
> >
> > Dear maintainers,
> >
> > With a recent upload of openssl the autopkgtest of r-cran-openssl fails
> > in testing when that autopkgtest is run with the binary packages of
> > openssl from unstable. It passes when run with only packages from
> > testing. In tabular form:
> >                        pass            fail
> > openssl                from testing    1.1.1b-1
> > r-cran-openssl         from testing    1.2.1+dfsg-1
> > all others             from testing    from testing
> >
> > I copied some of the output at the bottom of this report. The error
> > looks quite scary to me, but I have no idea if this means that
> > r-cran-openssl is really failing, or if openssl has changed it's
> > interface in a bad way.
> >
> > Currently this regression is blocking the migration of openssl to
> > testing [1]. Due to the nature of this issue, I filed this bug report
> > against both packages. Can you please investigate the situation and
> > reassign the bug to the right package? If needed, please change the
> > bug's severity.
> >
> > Please note that the window to fix this to allow openssl to migrate
> > without intervention is closing extremely soon.
> >
> > More information about this bug and the reason for filing it can be found on
> > https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation
> >
> > Paul
> >
> > [1] https://qa.debian.org/excuses.php?package=openssl
> >
> > https://ci.debian.net/data/autopkgtest/testing/amd64/r/r-cran-openssl/2021380/log.gz
> >
> > autopkgtest [21:16:05]: test run-unit-test: [-----------------------
> >
> > R version 3.5.2 (2018-12-20) -- "Eggshell Igloo"
> > Copyright (C) 2018 The R Foundation for Statistical Computing
> > Platform: x86_64-pc-linux-gnu (64-bit)
> >
> > R is free software and comes with ABSOLUTELY NO WARRANTY.
> > You are welcome to redistribute it under certain conditions.
> > Type 'license()' or 'licence()' for distribution details.
> >
> > R is a collaborative project with many contributors.
> > Type 'contributors()' for more information and
> > 'citation()' on how to cite R or R packages in publications.
> >
> > Type 'demo()' for some demos, 'help()' for on-line help, or
> > 'help.start()' for an HTML browser interface to help.
> > Type 'q()' to quit R.
> >
> > > library(testthat)
> > > library(openssl)
> > >
> > > test_check("openssl")
> > double free or corruption (fasttop)
> > Aborted
> > autopkgtest [21:16:05]: test run-unit-test: -----------------------]
> >
>
>
>
>
> > _______________________________________________
> > R-pkg-team mailing list
> > [hidden email]
> > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/r-pkg-team
>
>
> --
> http://fam-tille.de
>

Reply | Threaded
Open this post in threaded view
|

Bug#923447: openssl breaks r-cran-openssl autopkgtest

Jeroen Ooms-3
FWIW, the underlying problem in a regression in libssl though. So if
the problem appears for other packages you could also backport this
libssl patch: https://github.com/openssl/openssl/issues/8375





On Fri, Mar 1, 2019 at 10:59 AM Jeroen Ooms <[hidden email]> wrote:

>
> I have submitted a hotfix release openssl 1.2.2 to cran that should
> fix the issue. It should be there soon.
>
>
>
>
> On Thu, Feb 28, 2019 at 5:24 PM Andreas Tille <[hidden email]> wrote:
> >
> > Hi,
> >
> > I'd be deligted if somebody from the team could care since I'm
> > basically offline-ish until 4.3.
> >
> > Thank you, Andreas.
> >
> > On Thu, Feb 28, 2019 at 12:29:12PM +0100, Paul Gevers wrote:
> > > Source: openssl, r-cran-openssl
> > > Control: found -1 openssl/1.1.1b-1
> > > Control: found -1 r-cran-openssl/1.2.1+dfsg-1
> > > Severity: important
> > > X-Debbugs-CC: [hidden email]
> > > User: [hidden email]
> > > Usertags: breaks needs-update
> > >
> > > Dear maintainers,
> > >
> > > With a recent upload of openssl the autopkgtest of r-cran-openssl fails
> > > in testing when that autopkgtest is run with the binary packages of
> > > openssl from unstable. It passes when run with only packages from
> > > testing. In tabular form:
> > >                        pass            fail
> > > openssl                from testing    1.1.1b-1
> > > r-cran-openssl         from testing    1.2.1+dfsg-1
> > > all others             from testing    from testing
> > >
> > > I copied some of the output at the bottom of this report. The error
> > > looks quite scary to me, but I have no idea if this means that
> > > r-cran-openssl is really failing, or if openssl has changed it's
> > > interface in a bad way.
> > >
> > > Currently this regression is blocking the migration of openssl to
> > > testing [1]. Due to the nature of this issue, I filed this bug report
> > > against both packages. Can you please investigate the situation and
> > > reassign the bug to the right package? If needed, please change the
> > > bug's severity.
> > >
> > > Please note that the window to fix this to allow openssl to migrate
> > > without intervention is closing extremely soon.
> > >
> > > More information about this bug and the reason for filing it can be found on
> > > https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation
> > >
> > > Paul
> > >
> > > [1] https://qa.debian.org/excuses.php?package=openssl
> > >
> > > https://ci.debian.net/data/autopkgtest/testing/amd64/r/r-cran-openssl/2021380/log.gz
> > >
> > > autopkgtest [21:16:05]: test run-unit-test: [-----------------------
> > >
> > > R version 3.5.2 (2018-12-20) -- "Eggshell Igloo"
> > > Copyright (C) 2018 The R Foundation for Statistical Computing
> > > Platform: x86_64-pc-linux-gnu (64-bit)
> > >
> > > R is free software and comes with ABSOLUTELY NO WARRANTY.
> > > You are welcome to redistribute it under certain conditions.
> > > Type 'license()' or 'licence()' for distribution details.
> > >
> > > R is a collaborative project with many contributors.
> > > Type 'contributors()' for more information and
> > > 'citation()' on how to cite R or R packages in publications.
> > >
> > > Type 'demo()' for some demos, 'help()' for on-line help, or
> > > 'help.start()' for an HTML browser interface to help.
> > > Type 'q()' to quit R.
> > >
> > > > library(testthat)
> > > > library(openssl)
> > > >
> > > > test_check("openssl")
> > > double free or corruption (fasttop)
> > > Aborted
> > > autopkgtest [21:16:05]: test run-unit-test: -----------------------]
> > >
> >
> >
> >
> >
> > > _______________________________________________
> > > R-pkg-team mailing list
> > > [hidden email]
> > > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/r-pkg-team
> >
> >
> > --
> > http://fam-tille.de
> >

Reply | Threaded
Open this post in threaded view
|

Bug#923447: openssl breaks r-cran-openssl autopkgtest

Paul Gevers-4
clone 923447 -1
reassign 923447 src:r-cran-openssl 1.2.1+dfsg-1
retitle 923447 r-cran-openssl needs update for new openssl
reassign -1 src:openssl 1.1.1b-1
retitle -1 openssl: regression in memory problems with BUF_MEM
affects -1 src:r-cran-openssl
tags -1 upstream patch
forwarded -1 https://github.com/openssl/openssl/issues/8375
thanks

Hi Jeroen, others,

On 01-03-2019 11:16, Jeroen Ooms wrote:
> FWIW, the underlying problem in a regression in libssl though. So if
> the problem appears for other packages you could also backport this
> libssl patch: https://github.com/openssl/openssl/issues/8375

So if I understand correctly, you improved r-cran-openssl to handle the
new situation, but libssl regressed as well. I have cloned this bug and
have tried to put your information correctly into the meta-data. Please
fix those if you think I made a mistake. I am not sure about the
severity of the libssl bug, so I'll leave that up to the libssl
maintainers to set correctly.

Paul


signature.asc (499 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Bug#923447: [Pkg-openssl-devel] Bug#923447: openssl breaks r-cran-openssl autopkgtest

Sebastian Andrzej Siewior
In reply to this post by Jeroen Ooms-3
On 2019-03-01 11:16:35 [+0100], Jeroen Ooms wrote:
> FWIW, the underlying problem in a regression in libssl though. So if
> the problem appears for other packages you could also backport this
> libssl patch: https://github.com/openssl/openssl/issues/8375

Does this problem solve your problem or does it have nothing to do with
the current situation?

Sebastian

Reply | Threaded
Open this post in threaded view
|

Bug#923447: [Pkg-openssl-devel] Bug#923447: openssl breaks r-cran-openssl autopkgtest

Jeroen Ooms-3
On Fri, Mar 1, 2019 at 8:05 PM Sebastian Andrzej Siewior
<[hidden email]> wrote:
>
> On 2019-03-01 11:16:35 [+0100], Jeroen Ooms wrote:
> > FWIW, the underlying problem in a regression in libssl though. So if
> > the problem appears for other packages you could also backport this
> > libssl patch: https://github.com/openssl/openssl/issues/8375
>
> Does this problem solve your problem or does it have nothing to do with
> the current situation?

As stated, that is the bug report in libssl which causes the crash in
r-cran-openssl (and the first reply links to a PR with a patch).

I have released a workaround in the R bindings so that it can work
with libssl 1.1.1b as-is. Hence in other to fix the crash in
r-cran-openssl, you either need to update to upstream version 1.2.2,
or alternatively, you could backport the libssl patch from the
discussion above.

Reply | Threaded
Open this post in threaded view
|

Bug#923447: openssl breaks r-cran-openssl autopkgtest

Sebastian Andrzej Siewior
On 2019-03-01 23:55:11 [+0100], Jeroen Ooms wrote:

> On Fri, Mar 1, 2019 at 8:05 PM Sebastian Andrzej Siewior
> <[hidden email]> wrote:
> >
> > On 2019-03-01 11:16:35 [+0100], Jeroen Ooms wrote:
> > > FWIW, the underlying problem in a regression in libssl though. So if
> > > the problem appears for other packages you could also backport this
> > > libssl patch: https://github.com/openssl/openssl/issues/8375
> >
> > Does this problem solve your problem or does it have nothing to do with
> > the current situation?
>
> As stated, that is the bug report in libssl which causes the crash in
> r-cran-openssl (and the first reply links to a PR with a patch).
>
> I have released a workaround in the R bindings so that it can work
> with libssl 1.1.1b as-is. Hence in other to fix the crash in
> r-cran-openssl, you either need to update to upstream version 1.2.2,
> or alternatively, you could backport the libssl patch from the
> discussion above.

So if the bug is really in libssl1.1 then I don't see why you should do
something. I will try to backport that commit then and make a new
upload.

Sebastian

Reply | Threaded
Open this post in threaded view
|

Bug#923447: openssl breaks r-cran-openssl autopkgtest

Sébastien Villemot-2
Le samedi 02 mars 2019 à 11:26 +0100, Sebastian Andrzej Siewior a écrit :
>
> So if the bug is really in libssl1.1 then I don't see why you should do
> something. I will try to backport that commit then and make a new
> upload.

Note that the bug has already been fixed in Debian (r-cran-openssl
1.2.2+dfsg-1), so no need for a new upload.

Thanks,

--
⢀⣴⠾⠻⢶⣦⠀  Sébastien Villemot
⣾⠁⢠⠒⠀⣿⡁  Debian Developer
⢿⡄⠘⠷⠚⠋⠀  http://sebastien.villemot.name
⠈⠳⣄⠀⠀⠀⠀  http://www.debian.org

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Bug#923447: openssl breaks r-cran-openssl autopkgtest

Sebastian Andrzej Siewior
On 2019-03-02 11:54:54 [+0100], Sébastien Villemot wrote:
> Le samedi 02 mars 2019 à 11:26 +0100, Sebastian Andrzej Siewior a écrit :
> >
> > So if the bug is really in libssl1.1 then I don't see why you should do
> > something. I will try to backport that commit then and make a new
> > upload.
>
> Note that the bug has already been fixed in Debian (r-cran-openssl
> 1.2.2+dfsg-1), so no need for a new upload.

Now I am confused. It is either a bug in openssl and should be fixed or
it is a bug in r-cran-openssl and should be fixed there.
So which one is it?

> Thanks,
>

Sebastian

Reply | Threaded
Open this post in threaded view
|

Bug#923447: openssl breaks r-cran-openssl autopkgtest

Sébastien Villemot-2
Le samedi 02 mars 2019 à 17:17 +0100, Sebastian Andrzej Siewior a écrit :

> On 2019-03-02 11:54:54 [+0100], Sébastien Villemot wrote:
> > Le samedi 02 mars 2019 à 11:26 +0100, Sebastian Andrzej Siewior a écrit :
> > >
> > > So if the bug is really in libssl1.1 then I don't see why you should do
> > > something. I will try to backport that commit then and make a new
> > > upload.
> >
> > Note that the bug has already been fixed in Debian (r-cran-openssl
> > 1.2.2+dfsg-1), so no need for a new upload.
>
> Now I am confused. It is either a bug in openssl and should be fixed or
> it is a bug in r-cran-openssl and should be fixed there.
> So which one is it?
From Debian's point of view, it is now both, since the bug has been
cloned: #923447 for r-cran-openssl (which is now fixed), and #923516
for openssl (still open).

There is nothing left to do for r-cran-openssl now, at least for
buster.

For openssl, it's up to its maintainers to decide what to do now.

--
⢀⣴⠾⠻⢶⣦⠀  Sébastien Villemot
⣾⠁⢠⠒⠀⣿⡁  Debian Developer
⢿⡄⠘⠷⠚⠋⠀  http://sebastien.villemot.name
⠈⠳⣄⠀⠀⠀⠀  http://www.debian.org

signature.asc (849 bytes) Download Attachment