Bug 1367548

Summary: [ESXi][RHEL7.5]xmlsec1-config reports incorrect cflags
Product: Red Hat Enterprise Linux 7 Reporter: David Lemke <lemke>
Component: xmlsec1Assignee: Simo Sorce <ssorce>
Status: CLOSED WONTFIX QA Contact: ldu <ldu>
Severity: high Docs Contact:
Priority: high    
Version: 7.2CC: boyang, cavery, hhei, jjarvis, jsavanyo, ldu, leiwang, mkosek, nkinder, nmavrogi, ravindrakumar, ribarry, rjones, tumeya, yacao, ybhasin
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: epm-rr
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1677447 (view as bug list) Environment:
Last Closed: 2019-02-11 15:41:35 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1269243, 1677447    
Attachments:
Description Flags
tar containing app showing issue none

Description David Lemke 2016-08-16 17:49:32 UTC 
Created attachment 1191339 [details]
tar containing app showing issue

Description of problem:

On CentOS 7.2, the xmlsec1-devel package includes an xmlsec1-config which has incorrect build flags.  The library was built using XMLSEC_NO_SIZE_T, but "xmlsec1-config --cflags" does not show that flag.

This results in any code built using those flags to have a mismatch on numerous data structures, because xmlSecSize is 4 bytes in the library, but 8 byes in code trusting the cflags.

Version-Release number of selected component (if applicable):
CentOS 6.7, 7.2

How reproducible:

Always

Steps to Reproduce:

build from sample, with appropriate tweaks to the Makefile.  Compare valgrind results from having XMLSEC_NO_SIZE_T defined and not.


Additional info:
https://bugzilla.redhat.com/show_bug.cgi?id=662306 seems to be the same issue.
Comment 1 Ravindra Kumar 2016-08-16 17:56:20 UTC 
Seems to have been originated from https://bugzilla.redhat.com/show_bug.cgi?id=192756.
Comment 3 Richard W.M. Jones 2016-08-30 12:04:49 UTC 
RHEL 7.3 external beta has been released, and I believe we have
a workaround we can use in the interim.  Therefore I am moving
this to 7.4.
Comment 7 ldu 2017-08-03 06:57:30 UTC 
This issue could be reproduce on RHEL7.4.
the reproduce steps:
1.Install a new RHEL 7.4 guest on ESXi6.5.
2.yum install xmlsec1-devel-1.2.20-5.el7.x86_64.rpm and all dependency.
3.check flag "XMLSEC_NO_SIZE_T" with command  mlsec1-config --cflags

the result is :
[root@bootp-73-199-156 ~]# xmlsec1-config --cflags
-D__XMLSEC_FUNCTION__=__FUNCTION__ -DXMLSEC_NO_GOST=1 -DXMLSEC_NO_XKMS=1 -DXMLSEC_DL_LIBLTDL=1 -I/usr/include/xmlsec1 -I/usr/include/libxml2 -DXMLSEC_CRYPTO_DYNAMIC_LOADING=1 -DXMLSEC_CRYPTO=\"openssl\"
Comment 13 Simo Sorce 2019-02-11 15:41:35 UTC 
This issue was not selected to be included either in Red Hat Enterprise Linux 7.7 because it is seen either as low or moderate impact to a small amount of use-cases. The next release will be in Maintenance Support 1 Phase, which means that qualified Critical and Important Security errata advisories (RHSAs) and Urgent Priority Bug Fix errata advisories (RHBAs) may be released as they become available. We will now close this issue, but if you believe that it qualifies for the Maintenance Support 1 Phase, please re-open; otherwise we recommend moving the request to Red Hat Enterprise Linux 8 if applicable.
Comment 14 Ravindra Kumar 2019-02-12 00:11:03 UTC 
I can't find xmlsec1-devel package for RHEL 8.

# dnf search xmlsec1
Updating Subscription Management repositories.
Updating Subscription Management repositories.
Last metadata expiration check: 0:27:17 ago on Mon 11 Feb 2019 06:43:08 PM EST.
======================================================================================================= Name Exactly Matched: xmlsec1 =======================================================================================================
xmlsec1.x86_64 : Library providing support for "XML Signature" and "XML Encryption" standards
xmlsec1.i686 : Library providing support for "XML Signature" and "XML Encryption" standards
xmlsec1.x86_64 : Library providing support for "XML Signature" and "XML Encryption" standards
=========================================================================================================== Name Matched: xmlsec1 ===========================================================================================================
xmlsec1-nss.x86_64 : NSS crypto plugin for XML Security Library
xmlsec1-nss.i686 : NSS crypto plugin for XML Security Library
xmlsec1-openssl.x86_64 : OpenSSL crypto plugin for XML Security Library
xmlsec1-openssl.x86_64 : OpenSSL crypto plugin for XML Security Library
xmlsec1-openssl.i686 : OpenSSL crypto plugin for XML Security Library
# 

How do I verify this for RHEL 8?
Comment 15 ldu 2019-02-14 09:34:29 UTC 
(In reply to Ravindra Kumar from comment #14)
> I can't find xmlsec1-devel package for RHEL 8.
> 
> # dnf search xmlsec1
> Updating Subscription Management repositories.
> Updating Subscription Management repositories.
> Last metadata expiration check: 0:27:17 ago on Mon 11 Feb 2019 06:43:08 PM
> EST.
> =============================================================================
> ========================== Name Exactly Matched: xmlsec1
> =============================================================================
> ==========================
> xmlsec1.x86_64 : Library providing support for "XML Signature" and "XML
> Encryption" standards
> xmlsec1.i686 : Library providing support for "XML Signature" and "XML
> Encryption" standards
> xmlsec1.x86_64 : Library providing support for "XML Signature" and "XML
> Encryption" standards
> =============================================================================
> ============================== Name Matched: xmlsec1
> =============================================================================
> ==============================
> xmlsec1-nss.x86_64 : NSS crypto plugin for XML Security Library
> xmlsec1-nss.i686 : NSS crypto plugin for XML Security Library
> xmlsec1-openssl.x86_64 : OpenSSL crypto plugin for XML Security Library
> xmlsec1-openssl.x86_64 : OpenSSL crypto plugin for XML Security Library
> xmlsec1-openssl.i686 : OpenSSL crypto plugin for XML Security Library
> # 
> 
> How do I verify this for RHEL 8?

Hi Ravindra,
The RHEL8 have not contain package xmlsec1-devel in repo, but I can download it from internal site, if you need I can share to you.
I test on RHEL 8 VM, the test result is same as rhel7.
[root@bootp-73-199-20 ~]# xmlsec1-config --cflags
-D__XMLSEC_FUNCTION__=__func__ -DXMLSEC_NO_GOST=1 -DXMLSEC_NO_GOST2012=1 -DXMLSEC_DL_LIBLTDL=1 -I/usr/include/xmlsec1 -I/usr/include/libxml2 -DXMLSEC_CRYPTO_DYNAMIC_LOADING=1
[root@bootp-73-199-20 ~]# uname -r
4.18.0-64.el8.x86_64
[root@bootp-73-199-20 ~]# 
if you need any other info, please contact me freely!

Lili Du
Comment 16 Ravindra Kumar 2019-02-14 20:08:37 UTC 
Thanks Lili for your update.

Based on your update, the bug still holds good for RHEL 8. And, RHBZ is not allowing me to change the product to RHEL 8.

Could you please help reopen this bug for RHEL 8? Or, do we need to create a new one?
Comment 17 Simo Sorce 2019-02-14 20:53:30 UTC 
Please clone to RHEL8