> On Feb 9, 2016, at 12:08 PM, Glyph Lefkowitz <[email protected]> wrote: > > >> On Feb 8, 2016, at 10:56 PM, Amber Hawkie Brown <[email protected] >> <mailto:[email protected]>> wrote: >> >> Hi everyone, >> >> There's a known issue with Twisted + PyOpenSSL>=0.13 using OpenSSL version >> 1.0.2f. Please note, this only potentially affects you if: >> >> - You use Windows or OS X -- Cryptography 1.2.2's wheels have a bundled >> 1.0.2f. >> OR >> - You use a Linux or FreeBSD distribution which has OpenSSL 1.0.2f. If you >> are using a released distribution of Ubuntu or Debian, you most likely have >> a *patched* (so, still secure) past version (like Ubuntu 15.10, which has a >> patched 1.0.2d). If you are using Fedora 23, you may have 1.0.2f. You can >> check by running "openssl version". >> >> There is also an unrelated issue with CFFI that causes Cryptography 1.2 >> wheels for Windows/OS X to cause CPython to crash on interpreter shutdown. >> >> The current highest working Cryptography version that causes a test suite >> pass is 1.2.2 on Linux with OpenSSL versions other than 1.0.2f, 1.1.2 on >> Windows & OS X without an unreleased CFFI patch, and 1.2.1 once the CFFI >> patch is released. Our Windows and OS X builders have their Cryptography >> dependencies pinned to 1.1.2 until these problems are solved. >> >> Please note, this doesn't mean your applications may or may not work in >> practice with OpenSSL 1.0.2f! It just means the test suite does not pass, so >> we can't be absolutely sure that 1.0.2f will not cause problems for you. The >> latest patched versions of OpenSSL are strongly recommended from a security >> standpoint. >> >> The relevant issues are: >> >> - Make tests pass on 1.0.2f (Twisted, >> https://twistedmatrix.com/trac/ticket/8189 >> <https://twistedmatrix.com/trac/ticket/8189>) >> - Crash during interpreter shutdown when using static callbacks (CFFI, >> https://bitbucket.org/cffi/cffi/issues/246/crash-during-interpreter-shutdown-when >> >> <https://bitbucket.org/cffi/cffi/issues/246/crash-during-interpreter-shutdown-when>) > > Thanks for the write-up, Amber. > > The main consequence of this constellation of unfortunate facts is that it is > causing problems for Twisted development right now; the cffi issue may be > causing some issues with crashing at shutdown, but the crash occurs after > interpreter teardown so even programs that depend on "clean" shutdown (in the > sense that they need to do work at shutdown time) should be affected. > Systems that require a 0 exit-status from a daemon might be but hopefully > there aren't many of those.
One of these issues - the CFFI crash - https://bitbucket.org/cffi/cffi/issues/246/crash-during-interpreter-shutdown-when <https://bitbucket.org/cffi/cffi/issues/246/crash-during-interpreter-shutdown-when> - is now fixed and released in cffi 1.5.2. So we should start returning to normal shortly ;). > All of these issues are under active investigation by the Cryptography and > CFFI teams, and the one thing that might be an issue in Twisted (the 1.0.2f > compatibility issue as Amber described above) has already gotten some > attention from Tristan Seligmann and there should be a fix available shortly. > > In any case, I'm very happy that we are communicating better about arcane > issues like this :). We'll try to send an update when they're all resolved. > > -glyph >
_______________________________________________ Twisted-Python mailing list [email protected] http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
