Mailinglist Archive: opensuse-bugs (6588 mails)

< Previous Next >
[Bug 1133924] osc python m2crypto ssl crash
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Tue, 30 Jul 2019 13:25:53 +0000
  • Message-id: <>

--- Comment #9 from Marcus Hüwe <suse-tux@xxxxxx> ---
(In reply to Jan Engelhardt from comment #6)
The python2 variant also exhibits the same issue (crash near *--dst, or
dying with i2d_x509-ish error message)

Can you still reproduce the problem? I was able to reproduce it on sunday
on some old TW version (beginning of february). Yesterday, I dup'ed to the
latest TW version and I'm not able to reproduce it anymore. Also, I'm not
able to reproduce it with Leap 15.1:/

Can you still reproduce it? Does the following repro work for you?

mkdir tmp
cd tmp
# download
# from
# into $PWD

git clone -b 0.165.2

export MY_APIURL=<your_apiurl> # insert your apiurl here

sed -i "s|APIURL|$MY_APIURL|"
mkdir ~/.osc-plugins # unless it already exists
cp ~/.osc-plugins

# the following is vulnerable to MITM attacks - enter some
# fake credentials that will result in a 401
python2 osc/ -c "$PWD/tmp_oscrc" -A "$MY_APIURL" repro

rm ~/.osc-plugins/*

The python2 call should segfault or yield some other errors
("HTTP Error 401: Unauthorized" is not considered as an error in this

You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >