Bug 1462211
Summary: | symbol SSL_CTX_set_srp_username, version OPENSSL_1_1_0 not defined in file libssl.so.1.1 with link time reference | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Lukas Slebodnik <lslebodn> |
Component: | openssl | Assignee: | Tomas Mraz <tmraz> |
Status: | CLOSED WONTFIX | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | urgent | Docs Contact: | |
Priority: | unspecified | ||
Version: | rawhide | CC: | kdudka, tmraz |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | All | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2017-06-16 15:07:05 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Lukas Slebodnik
2017-06-16 12:31:01 UTC
And here is an example how it broke all package managers in rawhide [root@vm-153 fedora_rawhide]# docker run -ti --rm fedora:rawhide bash [root@239b7f7e5d0e /]# dnf install -y --setopt=debuglevel=0 --setopt=errorlevel=0 microdnf yum [root@239b7f7e5d0e /]# [root@239b7f7e5d0e /]# rpm -q libcurl openssl-libs libcurl-7.54.1-1.fc27.x86_64 openssl-libs-1.1.0e-1.fc27.x86_64 [root@239b7f7e5d0e /]# [root@239b7f7e5d0e /]# dnf update -y openssl-libs Python detected LC_CTYPE=C: LC_CTYPE & LANG coerced to C.UTF-8 (set another locale or PYTHONCOERCECLOCALE=0 to disable this locale coercion behavior). Traceback (most recent call last): File "/usr/bin/dnf", line 57, in <module> from dnf.cli import main File "/usr/lib/python3.6/site-packages/dnf/__init__.py", line 31, in <module> import dnf.base File "/usr/lib/python3.6/site-packages/dnf/base.py", line 26, in <module> from dnf.comps import CompsQuery File "/usr/lib/python3.6/site-packages/dnf/comps.py", line 29, in <module> import dnf.util File "/usr/lib/python3.6/site-packages/dnf/util.py", line 32, in <module> import librepo File "/usr/lib64/python3.6/site-packages/librepo/__init__.py", line 1077, in <module> import librepo._librepo ImportError: /lib64/libcurl.so.4: symbol SSL_CTX_set_srp_username, version OPENSSL_1_1_0 not defined in file libssl.so.1.1 with link time reference [root@239b7f7e5d0e /]# [root@239b7f7e5d0e /]# yum-deprecated update -y openssl-libs Yum command has been deprecated, use dnf instead. See 'man dnf' and 'man yum2dnf' for more information. There was a problem importing one of the Python modules required to run yum. The error leading to this problem was: /lib64/libcurl.so.4: symbol SSL_CTX_set_srp_username, version OPENSSL_1_1_0 not defined in file libssl.so.1.1 with link time reference Please install a package which provides this module, or verify that the module is installed correctly. It's possible that the above module doesn't match the current version of Python, which is: 2.7.13 (default, Jun 1 2017, 09:53:47) [GCC 7.1.1 20170526 (Red Hat 7.1.1-2)] If you cannot solve this problem yourself, please go to the yum faq at: http://yum.baseurl.org/wiki/Faq [root@239b7f7e5d0e /]# microdnf update -y openssl-libs microdnf: relocation error: /lib64/libcurl.so.4: symbol SSL_CTX_set_srp_username, version OPENSSL_1_1_0 not defined in file libssl.so.1.1 with link time reference I am sorry, but I do not want to diverge from upstream on the symbol versions. (In reply to Tomas Mraz from comment #2) > I am sorry, but I do not want to diverge from upstream on the symbol > versions. Then it need to be fixed in upstream as well. New symbols should not be added to the version which was already released. This was not the case this time - I've just enabled SRP support because it was now allowed by legal. Anyway the damage has been done, I am sorry for that, I'll try to abstain from enabling previously disabled features of OpenSSL in future. (In reply to Tomas Mraz from comment #4) > This was not the case this time - I've just enabled SRP support because it > was now allowed by legal. So IIUC newly added functions are due to optional "SRP support". But in this case They should be in version OPENSSL_1_1_0_SRP. So linker/rpm can detect it. Do you think it would be acceptable solution for upstream? (In reply to Tomas Mraz from comment #5) > Anyway the damage has been done, I am sorry for that, I'll try to abstain > from enabling previously disabled features of OpenSSL in future. I can happen in any other distribution. So it should really handled properly in upstream. (In reply to Lukas Slebodnik from comment #6) > (In reply to Tomas Mraz from comment #4) > > This was not the case this time - I've just enabled SRP support because it > > was now allowed by legal. > > So IIUC newly added functions are due to optional "SRP support". But in this > case > They should be in version OPENSSL_1_1_0_SRP. So linker/rpm can detect it. > > Do you think it would be acceptable solution for upstream? Yes, I think the resolution should be done in such way. Unfortunately I do not think they will apply it to already released version because it would probably break more things than fix. But for newly introduced optional features it can and should be done. Adding curl maintainer to CC; just in case of duplicated report as in Comment 1 Thanks for heads up! Bug #1462184 looks indeed like a duplicate of this one. |