Bug 1607792

Summary: add 'Provides: bundled(openssl) = 1.1.0h' to the spec file
Product: Red Hat Enterprise Linux 7 Reporter: Laszlo Ersek <lersek>
Component: ovmfAssignee: Laszlo Ersek <lersek>
Status: CLOSED ERRATA QA Contact: FuXiangChun <xfu>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.6CC: chayang, juzhang, lersek, michen, mtessun, thoger, virt-bugs
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ovmf-20180508-3.gitee3198e672e2.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1607801 (view as bug list) Environment:
Last Closed: 2018-10-30 09:36:07 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Laszlo Ersek 2018-07-24 09:40:57 UTC 
* Description of problem:

The "ovmf" package bundles OpenSSL (for valid reasons, e.g. because firmware
built from edk2 uses a different ABI than the ELF userspace on Linux). For
such cases, <https://fedoraproject.org/wiki/Bundled_Libraries> postulates
that the spec file provide a virtual "bundled" feature, such as:

  Provides: bundled(NAME) = VERSION

Note that RELEASE is not included; VERSION should reflect the upstream
basis. The guideline says,

  The version notes which version of the library was bundled. If there's
  been a lot of incomplete backporting of changes from newer versions of the
  library, it can be hard to establish what version to use here. A very
  general rule of thumb is to use the oldest version that seems reasonable
  as the reason we're doing this is to tell when a library contains issues
  that have been fixed in newer upstream versions.

* Version-Release number of selected component (if applicable):

ovmf-20180508-2.gitee3198e672e2.el7

* How reproducible:

100%

* Steps to Reproduce:

  rpm -q --provides -p OVMF-20180508-2.gitee3198e672e2.el7.noarch.rpm  \
  | grep openssl

* Actual results:

[nothing]

* Expected results:

bundled(openssl) = 1.1.0h

* Additional info:

The noted OVMF version/release bundles the prepped/hobbled OpenSSL tarball
from Fedora dist-git @ 264133c642cd. According to the "openssl.spec" file at
that commit, the upstream base is "1.1.0h".
Comment 8 Miroslav Rezanina 2018-07-27 11:01:23 UTC 
Fix included in ovmf-20180508-3.gitee3198e672e2.el7
Comment 10 FuXiangChun 2018-08-02 02:41:40 UTC 
Reproduced with OVMF-20180508-2.gitee3198e672e2.el7.noarch.rpm

#rpm -q --provides -p OVMF-20180508-2.gitee3198e672e2.el7.noarch.rpm    | grep openssl

nothing

#rpm -q --provides -p OVMF-20180508-3.gitee3198e672e2.el7.noarch.rpm| grep openssl
bundled(openssl) = 1.1.0h

According to comment0. will move this bug to verified
Comment 12 errata-xmlrpc 2018-10-30 09:36:07 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:3090