On Thu, Mar 17, 2016 at 2:54 PM, Martin Jansa <[email protected]> wrote: > On Mon, Mar 14, 2016 at 03:21:33PM -0700, Pushpal Sidhu wrote: >> Hi, >> >> On Wed, Mar 9, 2016 at 11:18 AM, akuster808 <[email protected]> wrote: >> > >> > >> > >> > On 03/09/2016 11:11 AM, Martin Jansa wrote: >> > > On Wed, Mar 09, 2016 at 09:06:57AM -0800, Armin Kuster wrote: >> > >> From: Armin Kuster <[email protected]> >> > >> >> > >> missed using "-D" for OPENSSL_NO_SSL2 swig_features. >> > > >> > > fido version: >> > > http://patchwork.openembedded.org/patch/117291/ >> > > needed -D as well, right? >> > >> > yes. >> > >> > >> > > >> > > I've pushed both to fido-next and jethro-next >> >> When will this be merged into fido/jethro? I've been running into this >> build breakage for about a week now and if I patch it myself, I'll >> only run into a conflict again later, causing more build issues. > > I'm still seeing multiple issues caused by last openssl upgrade, e.g. > ruby, pywbem, crda > > Are they all supposed to be fixed by this?
Good point, it doesn't seem like they are because these tools haven't been updated to stop supporting SSLv2. We either need to patch every broken package or update them (which may or may not fix them). For example, I bumped the crda package from 3.13 -> 3.18 (fido), but I still run into this problem. Another approach we can try is by updating m2crypto as Armin did here: http://patchwork.openembedded.org/patch/117217/. This would have to be backported all the way back to fido (unless openssl was updated for other branches as well). Apparently, this fixes crda, might be a fix for other packages as well? - Pushpal >> > thanks >> > -armin >> > > >> > >> >> > >> ERROR: Failed to import the "M2Crypto" module: >> > >> .../usr/lib/python2.7/site-packages/M2Crypto/__m2crypto.so: undefined >> > >> symbol: SSLv2_method >> > >> >> > >> disable using SSLv2_method if not supported in openssl. This is now the >> > >> case >> > >> with the advent of CVE-2016-0800 >> > >> >> > >> Signed-off-by: Armin Kuster <[email protected]> >> > >> --- >> > >> ...y_build_with_SSLv2_when_it_is_not_available.patch | 20 >> > >> ++++++++++++++++++++ >> > >> .../python/python-m2crypto_0.21.1.bb | 4 +++- >> > >> 2 files changed, 23 insertions(+), 1 deletion(-) >> > >> create mode 100644 >> > >> meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch >> > >> >> > >> diff --git >> > >> a/meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch >> > >> >> > >> b/meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch >> > >> new file mode 100644 >> > >> index 0000000..526c23f >> > >> --- /dev/null >> > >> +++ >> > >> b/meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch >> > >> @@ -0,0 +1,20 @@ >> > >> +Upstream-Status: Backport >> > >> +https://gitlab.com/m2crypto/m2crypto/commit/ac01b38302474920288c1a9eb63fd35fa8d1db5b >> > >> + >> > >> +Signed-off-by: Armin Kuster <[email protected]> >> > >> + >> > >> +Index: M2Crypto-0.21.1/SWIG/_ssl.i >> > >> +=================================================================== >> > >> +--- M2Crypto-0.21.1.orig/SWIG/_ssl.i >> > >> ++++ M2Crypto-0.21.1/SWIG/_ssl.i >> > >> +@@ -48,8 +48,10 @@ extern const char *SSL_alert_desc_string >> > >> + %rename(ssl_get_alert_desc_v) SSL_alert_desc_string_long; >> > >> + extern const char *SSL_alert_desc_string_long(int); >> > >> + >> > >> ++#ifndef OPENSSL_NO_SSL2 >> > >> + %rename(sslv2_method) SSLv2_method; >> > >> + extern SSL_METHOD *SSLv2_method(void); >> > >> ++#endif >> > >> + %rename(sslv3_method) SSLv3_method; >> > >> + extern SSL_METHOD *SSLv3_method(void); >> > >> + %rename(sslv23_method) SSLv23_method; >> > >> diff --git >> > >> a/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb >> > >> b/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb >> > >> index ff6203f..9daea5e 100644 >> > >> --- a/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb >> > >> +++ b/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb >> > >> @@ -8,7 +8,8 @@ LIC_FILES_CHKSUM = >> > >> "file://LICENCE;md5=b0e1f0b7d0ce8a62c18b1287b991800e" >> > >> >> > >> SRC_URI = >> > >> "http://pypi.python.org/packages/source/M/M2Crypto/M2Crypto-${PV}.tar.gz >> > >> \ >> > >> >> > >> file://0001-setup.py-link-in-sysroot-not-in-host-directories.patch \ >> > >> - file://0001-M2Crypto-Error-fix.patch" >> > >> + file://0001-M2Crypto-Error-fix.patch \ >> > >> + >> > >> file://dont_try_build_with_SSLv2_when_it_is_not_available.patch" >> > >> >> > >> SRC_URI[md5sum] = "f93d8462ff7646397a9f77a2fe602d17" >> > >> SRC_URI[sha256sum] = >> > >> "25b94498505c2d800ee465db0cc1aff097b1615adc3ac042a1c85ceca264fc0a" >> > >> @@ -19,6 +20,7 @@ inherit setuptools >> > >> >> > >> SWIG_FEATURES_x86-64 = "-D__x86_64__" >> > >> SWIG_FEATURES ?= "" >> > >> +SWIG_FEATURES += "-DOPENSSL_NO_SSL2" >> > >> export SWIG_FEATURES >> > >> >> > >> # Get around a problem with swig, but only if the >> > >> -- >> > >> 2.3.5 >> > >> >> > >> -- >> > >> _______________________________________________ >> > >> Openembedded-devel mailing list >> > >> [email protected] >> > >> http://lists.openembedded.org/mailman/listinfo/openembedded-devel >> > > >> > -- >> > _______________________________________________ >> > Openembedded-devel mailing list >> > [email protected] >> > http://lists.openembedded.org/mailman/listinfo/openembedded-devel > > -- > Martin 'JaMa' Jansa jabber: [email protected] -- _______________________________________________ Openembedded-devel mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-devel
