[Bug 1903890] Re: libffi7 missing from Ubuntu (pip's python3-openssl appears to be built against the wrong version of libffi)

Steve Langasek 1903890 at bugs.launchpad.net
Mon Jun 27 20:45:18 UTC 2022 

In doing some cleanup of the whitelist of Ubuntu packages for the i386
architecture, I ran across this issue because libffi7 is still in the
archive as of kinetic.  The backwards-compatibility package has been in
the archive now for 3 release cycles, including an LTS; that seems like
it should be enough time for third-parties to have updated to not depend
on an old version of libffi.

I'm therefore going to go ahead and remove libffi7 from kinetic.  If
someone still needs libffi7, please provide a complete step-by-step
reproducer for it because I'm not able to find any third-party binaries
(pip or lutris) that still require libffi7.

Removing packages from kinetic:
	libffi7 3.3-5ubuntu1 in kinetic
		libffi7 3.3-5ubuntu1 in kinetic amd64
		libffi7 3.3-5ubuntu1 in kinetic arm64
		libffi7 3.3-5ubuntu1 in kinetic armhf
		libffi7 3.3-5ubuntu1 in kinetic i386
		libffi7 3.3-5ubuntu1 in kinetic ppc64el
		libffi7 3.3-5ubuntu1 in kinetic riscv64
		libffi7 3.3-5ubuntu1 in kinetic s390x
Comment: Compatibility package, unmaintained, no apparent remaining users; LP: #1903890
1 package successfully removed.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to libffi in Ubuntu.
https://bugs.launchpad.net/bugs/1903890

Title:
  libffi7 missing from Ubuntu (pip's python3-openssl appears to be built
  against the wrong version of libffi)

Status in libffi package in Ubuntu:
  Fix Released
Status in libffi7 package in Ubuntu:
  Fix Released
Status in pyopenssl package in Ubuntu:
  Invalid
Status in libffi source package in Groovy:
  Won't Fix
Status in libffi7 source package in Groovy:
  Triaged
Status in pyopenssl source package in Groovy:
  Invalid

Bug description:
  Ubuntu groovy and up upgraded to libffi8ubuntu1, thus making Ubuntu
  incompatible with 3rd-party binaries that desire to use libffi7.

  Let's backport and provide libffi7 runtime library only, for those.

  Not sure how that would work with ctypes though.

  
  ---

  I've just upgraded to Ubuntu 20.10 which comes with python3-openssl
  version 19.0.1-2.  It breaks (at least some) Python applications that
  use the `requests` library to access HTTPS URLS.  For instance, this
  stack trace (note that I have clipped the first few frames from the
  stack as they are proprietary):

    File "/home/tkcook/.local/lib/python3.8/site-packages/requests/api.py", line 76, in get
      return request('get', url, params=params, **kwargs)
    File "/home/tkcook/.local/lib/python3.8/site-packages/requests/api.py", line 61, in request
      return session.request(method=method, url=url, **kwargs)
    File "/home/tkcook/.local/lib/python3.8/site-packages/requests/sessions.py", line 530, in request
      resp = self.send(prep, **send_kwargs)
    File "/home/tkcook/.local/lib/python3.8/site-packages/requests/sessions.py", line 643, in send
      r = adapter.send(request, **kwargs)
    File "/home/tkcook/.local/lib/python3.8/site-packages/requests/adapters.py", line 439, in send
      resp = conn.urlopen(
    File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 670, in urlopen
      httplib_response = self._make_request(
    File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 381, in _make_request
      self._validate_conn(conn)
    File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 978, in _validate_conn
      conn.connect()
    File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 342, in connect
      self.ssl_context = create_urllib3_context(
    File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 289, in create_urllib3_context
      context.verify_mode = cert_reqs
    File "/usr/lib/python3/dist-packages/urllib3/contrib/pyopenssl.py", line 438, in verify_mode
      self._ctx.set_verify(_stdlib_to_openssl_verify[value], _verify_callback)
    File "/usr/lib/python3/dist-packages/OpenSSL/SSL.py", line 1119, in set_verify
      self._verify_helper = _VerifyHelper(callback)
    File "/usr/lib/python3/dist-packages/OpenSSL/SSL.py", line 337, in __init__
      self.callback = _ffi.callback(
  SystemError: ffi_prep_closure(): bad user_data (it seems that the version of the libffi library seen at runtime is different from the 'ffi.h' file seen at compile-time)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libffi/+bug/1903890/+subscriptions

More information about the foundations-bugs mailing list