[Bug 1903890] Re: libffi7 missing from Ubuntu (pip's python3-openssl appears to be built against the wrong version of libffi)

Dimitri John Ledkov 1903890 at bugs.launchpad.net
Sat Feb 6 22:02:23 UTC 2021 

libffi7 (3.3-5ubuntu1) hirsute; urgency=medium

  * Provide libffi7 runtime library for the 3rd party app
    compatiblity. LP: #1903890

 -- Dimitri John Ledkov <xnox at ubuntu.com>  Fri, 05 Feb 2021 13:34:22
+0000


I have now shipped libffi7 in hirsute. Such that if one installs third-party binaries, on hirsute, one can install libffi7 from the archive, and things should "just work". It would be nice if somebody who is affected could verify that.

You can get hirsute trivially with lxd.

Or please provide concrete reproducer examples - i.e. specifically which
applications, downloaded from where, and installed how would be useful.
I see a few things mentioned in this bug report, but not detailed enough
for me to experience the issue myself.

** Changed in: libffi (Ubuntu)
       Status: New => Fix Released

** Changed in: pyopenssl (Ubuntu)
       Status: Confirmed => Incomplete

** Changed in: libffi (Ubuntu Groovy)
       Status: New => Incomplete

** Changed in: pyopenssl (Ubuntu Groovy)
       Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to libffi in Ubuntu.
https://bugs.launchpad.net/bugs/1903890

Title:
  libffi7 missing from Ubuntu (pip's python3-openssl appears to be built
  against the wrong version of libffi)

Status in libffi package in Ubuntu:
  Fix Released
Status in pyopenssl package in Ubuntu:
  Incomplete
Status in libffi source package in Groovy:
  Incomplete
Status in pyopenssl source package in Groovy:
  Incomplete

Bug description:
  Ubuntu groovy and up upgraded to libffi8ubuntu1, thus making Ubuntu
  incompatible with 3rd-party binaries that desire to use libffi7.

  Let's backport and provide libffi7 runtime library only, for those.

  Not sure how that would work with ctypes though.

  
  ---

  I've just upgraded to Ubuntu 20.10 which comes with python3-openssl
  version 19.0.1-2.  It breaks (at least some) Python applications that
  use the `requests` library to access HTTPS URLS.  For instance, this
  stack trace (note that I have clipped the first few frames from the
  stack as they are proprietary):

    File "/home/tkcook/.local/lib/python3.8/site-packages/requests/api.py", line 76, in get
      return request('get', url, params=params, **kwargs)
    File "/home/tkcook/.local/lib/python3.8/site-packages/requests/api.py", line 61, in request
      return session.request(method=method, url=url, **kwargs)
    File "/home/tkcook/.local/lib/python3.8/site-packages/requests/sessions.py", line 530, in request
      resp = self.send(prep, **send_kwargs)
    File "/home/tkcook/.local/lib/python3.8/site-packages/requests/sessions.py", line 643, in send
      r = adapter.send(request, **kwargs)
    File "/home/tkcook/.local/lib/python3.8/site-packages/requests/adapters.py", line 439, in send
      resp = conn.urlopen(
    File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 670, in urlopen
      httplib_response = self._make_request(
    File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 381, in _make_request
      self._validate_conn(conn)
    File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 978, in _validate_conn
      conn.connect()
    File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 342, in connect
      self.ssl_context = create_urllib3_context(
    File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 289, in create_urllib3_context
      context.verify_mode = cert_reqs
    File "/usr/lib/python3/dist-packages/urllib3/contrib/pyopenssl.py", line 438, in verify_mode
      self._ctx.set_verify(_stdlib_to_openssl_verify[value], _verify_callback)
    File "/usr/lib/python3/dist-packages/OpenSSL/SSL.py", line 1119, in set_verify
      self._verify_helper = _VerifyHelper(callback)
    File "/usr/lib/python3/dist-packages/OpenSSL/SSL.py", line 337, in __init__
      self.callback = _ffi.callback(
  SystemError: ffi_prep_closure(): bad user_data (it seems that the version of the libffi library seen at runtime is different from the 'ffi.h' file seen at compile-time)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libffi/+bug/1903890/+subscriptions

More information about the foundations-bugs mailing list