Re: Heads-up: OpenSSL update

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Dear Dmitry,

On Fri, 2023-02-10 at 09:55 +0100, Dmitry Belyavskiy wrote:
> Dear Michel,
> 
> In RHEL/CentOS we currently provide a double versioning for
> OPENSSL_strcasecmp and OPENSSL_strncasecmp functions.
> They were added in 3.0.1 downstream and 3.0.3 upstream.
> 
> 0056-strcasecmp.patch in CentOS stream fixes the test in question.
> 
Ah, interesting. I took a look at the history of that patch, and
narrowed down the issue:

- with f2a49ef424f831aac988356fc8b2b910e443dc42 from Nov 25, rebuilding
in EPEL 8 fails:
  -
https://gitlab.com/redhat/centos-stream/rpms/openssl/-/commit/f2a49ef424f831aac988356fc8b2b910e443dc42
  https://koji.fedoraproject.org/koji/taskinfo?taskID=97348528

- with that patch backed out, building 3.0.7-2 succeeds:
  https://koji.fedoraproject.org/koji/taskinfo?taskID=97348707

Note that these are the exact openssl package from c9s, just rebuilt
with the g++ dependency replaced by gcc-c++.

I suppose the easiest resolution here is for me to build openssl3 (for
EPEL 8) with that commit backed out, but I'm a bit puzzled as to why
this happens. Any idea there?

Thanks,

Michel

> On Thu, Feb 9, 2023 at 9:47 PM Michel Alexandre Salim
> <salimma@xxxxxxxxxxxxxxxxx> wrote:
> > 
> > Hi Dmitry,
> > 
> > On Thu, 2023-02-09 at 18:02 +0100, Dmitry Belyavskiy wrote:
> > > Dear colleagues,
> > > 
> > > I've just pushed updates of OpenSSL to the 3.0.8 version to
> > > f36/37.
> > > I will also push to f38 and rawhide later today.
> > > 
> > > This is a security release, it fixes 8 MODERATE CVEs
> > > (https://www.openssl.org/news/secadv/20230207.txt)
> > > 
> > > I kindly ask you to test the version so it could be rolled up
> > > earlier.
> > > 
> > Would you happen to have any insight into why some tests are
> > failing
> > when rebuilt on EPEL 8?
> > 
> > This is with a scratch build of EPEL 8's openssl3 (which is just a
> > rebuild of openssl but renamed and with some subpackages removed)
> > https://koji.fedoraproject.org/koji/taskinfo?taskID=97314920
> > 
> > The errors are all identical, so to be doubly sure I rebuilt the
> > centos
> > 9 srpm (only on x86_64), just slightly modified to change the g++
> > BR to
> > gcc-c++, and it failed identically
> > https://koji.fedoraproject.org/koji/taskinfo?taskID=97318473
> > 
> > # The following symbols are missing in libcrypto.so.3:
> > #   OPENSSL_strcasecmp
> > #   OPENSSL_strncasecmp
> > # The following symbols are extra in libcrypto.so.3:
> > #   BIO_dgram_is_sctp
> > #   BIO_dgram_sctp_msg_waiting
> > #   BIO_dgram_sctp_notification_cb
> > #   BIO_dgram_sctp_wait_for_dry
> > #   BIO_new_dgram_sctp
> > #   BIO_s_datagram_sctp
> > not ok 2 - check that there are no missing symbols in
> > libcrypto.so.3
> > # -----------------------------------------------------------------
> > ----
> > ---------03-test_internal_modes.t ........... ok
> > 03-test_internal_namemap.t ......... ok
> > 03-test_internal_curve448.t ........ ok
> > 03-test_internal_poly1305.t ........ ok
> > # Looks like you failed 1 test of 4.01-test_symbol_presence.t
> > ..........
> > Dubious, test returned 1 (wstat 256, 0x100)
> > Failed 1/4 subtests
> > 02-test_lhash.t .......
> > 
> > Thanks,
> > 
> > --
> > Michel Alexandre Salim
> > identities:
> > https://keyoxide.org/5dce2e7e9c3b1cffd335c1d78b229d2f7ccc04f2
> > _______________________________________________
> > devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
> > To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
> > Fedora Code of Conduct:
> > https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> > List Guidelines:
> > https://fedoraproject.org/wiki/Mailing_list_guidelines
> > List Archives:
> > https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
> > Do not reply to spam, report it:
> > https://pagure.io/fedora-infrastructure/new_issue
> 
> 
> 
> -- 
> Dmitry Belyavskiy
> _______________________________________________
> devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines:
> https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
> Do not reply to spam, report it:
> https://pagure.io/fedora-infrastructure/new_issue

-- 
Michel Alexandre Salim
identities:
https://keyoxide.org/5dce2e7e9c3b1cffd335c1d78b229d2f7ccc04f2

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux