Bug 1718074
Summary: | stop using GHmac | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 8 | Reporter: | Colin Walters <walters> |
Component: | cockpit | Assignee: | Martin Pitt <mpitt> |
Status: | CLOSED NOTABUG | QA Contact: | Release Test Team <release-test-team-automation> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 8.1 | ||
Target Milestone: | rc | ||
Target Release: | 8.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2019-06-06 20:40:11 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1630260, 1896162 |
Description
Colin Walters
2019-06-06 20:13:30 UTC
Specifically https://bugzilla.redhat.com/show_bug.cgi?id=1630260#c24 TL;DR it's possible for 8.1 glib will switch to making usage of g_hmac_*() a fatal error. You need to switch to a FIPS-validated library such as OpenSSL. GHMac is only being used in src/ssh/cockpitsshknownhosts.c. This is only a backwards compat shim for libssh 0.7, i. e. for RHEL 7 builds. This entire file isn't built for RHEL 8: if !HAVE_SSH_SESSION_HAS_KNOWN_HOSTS_ENTRY libcockpit_ssh_a_SOURCES += \ src/ssh/cockpitsshknownhosts.h \ src/ssh/cockpitsshknownhosts.c \ $(NULL) endif So this isn't an issue for RHEL 8. As soon as RHEL 7.7 is released, we can stop supporting RHEL 7 in our upstream master branch and then throw out two metric tons of obsolete code, also this one. :-) But this will just affect source code grepping, not runtime behaviour. |