Ubuntu
openssl package

cryptography pkg 39.0.0 incompatible with pyOpenSSL 21.0.0 - crashes ensue

Bug #2004477 reported by Donald H Locker
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openssl (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

crypto.py crashes when starting protonvpn:

$ protonvpn-cli connect SE1
  Tue Jan 31 07:08:04 AM EST 2023
Traceback (most recent call last):
  File "/usr/bin/protonvpn-cli", line 11, in <module>
    load_entry_point('protonvpn-cli==3.13.0', 'console_scripts', 'protonvpn-cli')()
  File "/usr/lib/python3/dist-packages/protonvpn_cli/main.py", line 20, in main
    from .cli import ProtonVPNCLI
  File "/usr/lib/python3/dist-packages/protonvpn_cli/cli.py", line 4, in <module>
    from proton.constants import VERSION as proton_version
  File "/usr/lib/python3/dist-packages/proton/__init__.py", line 1, in <module>
    from .api import Session # noqa
  File "/usr/lib/python3/dist-packages/proton/api.py", line 21, in <module>
    from .cert_pinning import TLSPinningAdapter
  File "/usr/lib/python3/dist-packages/proton/cert_pinning.py", line 5, in <module>
    from OpenSSL import crypto
  File "/usr/lib/python3/dist-packages/OpenSSL/__init__.py", line 8, in <module>
    from OpenSSL import crypto, SSL
  File "/usr/lib/python3/dist-packages/OpenSSL/crypto.py", line 3279, in <module>
    _lib.OpenSSL_add_all_algorithms()
AttributeError: module 'lib' has no attribute 'OpenSSL_add_all_algorithms'
Tue Jan 31 07:08:05 AM EST 2023

c.f. https://askubuntu.com/questions/1450578/couldnt-launch-proton-vpn

but downgrading openssl package is not desirable for security reasons.

per https://github.com/pyca/cryptography/issues/7959 and other hits on search, cryptography package 39.0.0 is incompatible with pyOpenSSL 21.0.0; cryptography 38.0.4 works with 21.0.0; cryptography 39.0.0 requires 22.1.0 or greater.
Installed packages are python3-cryptography 3.4.8-1ubuntu2 and 21.0.0-1 python3-openssl
Currently, python3-openssl 22.1.0 is not available from repo.

$ lsb_release -rd:
Description: Ubuntu 22.04.1 LTS
Release: 22.04
$ apt-cache policy python3-openssl
python3-openssl:
  Installed: 21.0.0-1
  Candidate: 21.0.0-1
  Version table:
 *** 21.0.0-1 500
        500 http://archive.ubuntu.com/ubuntu jammy/main amd64 Packages
        500 http://archive.ubuntu.com/ubuntu jammy/main i386 Packages
        100 /var/lib/dpkg/status
$

See original description
Donald H Locker (dhlocker)
description: updated
Donald H Locker (dhlocker)
summary: - Can't launch proton vpn
+ cryptography pkg 39.0.0 incompatible with pyOpenSSL 21.0.0 - crashes
+ ensue
Revision history for this message
Adrien Nader (adrien) wrote :

Hi, if I understand correctly, you're either updating python-cryptography or installing it in a virtual environment, is that right?

Lunar is going to have python3-openssl 23 and python3-cryptography 38 (actually they're already in the archive).

I don't think we could easily change the versions of these in kinetic or jammy. Did you have a specific idea on how to go forward on this issue?

Revision history for this message
Donald H Locker (dhlocker) wrote :

I think this issue may have to be resolved by the maintainers of the package that broke my machine at that time. Going through logs, it appears that an HPLIP (HP Linux Imaging and Printing) update was the actual culprit in this case, by installing their required version of these packages as system-wide versions.

Thank you for the response, and my apologies for not addressing this bug sooner. It should be Resolved as Invalid. (I'll see if I can do that myself.)

Revision history for this message
Adrien Nader (adrien) wrote :

No problem. I've marked the bug as Invalid. Thanks for your answer. :)

Changed in openssl (Ubuntu):
status: New → Invalid
Revision history for this message
Grzegorz Lempart (lempciu) wrote :

Do you have any ideas on how to solve your problem?
I have exactly the same problem, that is related to HPLIP and ProtonVPN.

In order to install the drivers for HPLIP (after upgrade the system to Kubuntu 22.04 LTS) it was necessary to reinstall python3 and upgrade pip and openssl to 22.1.0

Revision history for this message
Donald H Locker (dhlocker) wrote :

My solution was as follows:
0 - observed that hplip-uninstall failed (c.f.https://bugs.launchpad.net/hplip/+bug/2008635 for details); great anxiety ensued; notes say "Total WAG experiment:" and then the following actions
1 - [Synaptic] install hplip (version 3.21.12+dfsg0-1) (also installs: hplip-data, lib{hpmud0,sane-hpaio}, printer-driver-{hpcups,postscript-hp}, python3-{notify2,renderpm,reportlab,reportlab-accel}), hplip-doc, hplip-gui (also installs: python3-dbus.mainloop.pyqt5)
-- note that after this installation, hp-info "works" (i.e. it doesn't crash immediately as in the bug report) and interacts appropriately with the printer (HP2734E)
2 - Found other files in /usr/share/hplip that the Jan 27 debacle installed, apparently by pip, so uninstalled them:
$ sudo bash
# for m in cffi charset-normalizer coloredlogs cryptography deprecation humanfriendly imageio img2pdf imutils networkx ocrmypdf opencv-python pdfminer.six pikepdf pluggy pycparser PyPDF2 PyWavelets scikit-image tesserocr tifffile tqdm pip; do pip uninstall $m; done
3 - [Synaptic] re-install python3-cryptography

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.