Hide Forgot
Created attachment 1191339 [details] tar containing app showing issue Description of problem: On CentOS 7.2, the xmlsec1-devel package includes an xmlsec1-config which has incorrect build flags. The library was built using XMLSEC_NO_SIZE_T, but "xmlsec1-config --cflags" does not show that flag. This results in any code built using those flags to have a mismatch on numerous data structures, because xmlSecSize is 4 bytes in the library, but 8 byes in code trusting the cflags. Version-Release number of selected component (if applicable): CentOS 6.7, 7.2 How reproducible: Always Steps to Reproduce: build from sample, with appropriate tweaks to the Makefile. Compare valgrind results from having XMLSEC_NO_SIZE_T defined and not. Additional info: https://bugzilla.redhat.com/show_bug.cgi?id=662306 seems to be the same issue.
Seems to have been originated from https://bugzilla.redhat.com/show_bug.cgi?id=192756.
RHEL 7.3 external beta has been released, and I believe we have a workaround we can use in the interim. Therefore I am moving this to 7.4.
This issue could be reproduce on RHEL7.4. the reproduce steps: 1.Install a new RHEL 7.4 guest on ESXi6.5. 2.yum install xmlsec1-devel-1.2.20-5.el7.x86_64.rpm and all dependency. 3.check flag "XMLSEC_NO_SIZE_T" with command mlsec1-config --cflags the result is : [root@bootp-73-199-156 ~]# xmlsec1-config --cflags -D__XMLSEC_FUNCTION__=__FUNCTION__ -DXMLSEC_NO_GOST=1 -DXMLSEC_NO_XKMS=1 -DXMLSEC_DL_LIBLTDL=1 -I/usr/include/xmlsec1 -I/usr/include/libxml2 -DXMLSEC_CRYPTO_DYNAMIC_LOADING=1 -DXMLSEC_CRYPTO=\"openssl\"
This issue was not selected to be included either in Red Hat Enterprise Linux 7.7 because it is seen either as low or moderate impact to a small amount of use-cases. The next release will be in Maintenance Support 1 Phase, which means that qualified Critical and Important Security errata advisories (RHSAs) and Urgent Priority Bug Fix errata advisories (RHBAs) may be released as they become available. We will now close this issue, but if you believe that it qualifies for the Maintenance Support 1 Phase, please re-open; otherwise we recommend moving the request to Red Hat Enterprise Linux 8 if applicable.
I can't find xmlsec1-devel package for RHEL 8. # dnf search xmlsec1 Updating Subscription Management repositories. Updating Subscription Management repositories. Last metadata expiration check: 0:27:17 ago on Mon 11 Feb 2019 06:43:08 PM EST. ======================================================================================================= Name Exactly Matched: xmlsec1 ======================================================================================================= xmlsec1.x86_64 : Library providing support for "XML Signature" and "XML Encryption" standards xmlsec1.i686 : Library providing support for "XML Signature" and "XML Encryption" standards xmlsec1.x86_64 : Library providing support for "XML Signature" and "XML Encryption" standards =========================================================================================================== Name Matched: xmlsec1 =========================================================================================================== xmlsec1-nss.x86_64 : NSS crypto plugin for XML Security Library xmlsec1-nss.i686 : NSS crypto plugin for XML Security Library xmlsec1-openssl.x86_64 : OpenSSL crypto plugin for XML Security Library xmlsec1-openssl.x86_64 : OpenSSL crypto plugin for XML Security Library xmlsec1-openssl.i686 : OpenSSL crypto plugin for XML Security Library # How do I verify this for RHEL 8?
(In reply to Ravindra Kumar from comment #14) > I can't find xmlsec1-devel package for RHEL 8. > > # dnf search xmlsec1 > Updating Subscription Management repositories. > Updating Subscription Management repositories. > Last metadata expiration check: 0:27:17 ago on Mon 11 Feb 2019 06:43:08 PM > EST. > ============================================================================= > ========================== Name Exactly Matched: xmlsec1 > ============================================================================= > ========================== > xmlsec1.x86_64 : Library providing support for "XML Signature" and "XML > Encryption" standards > xmlsec1.i686 : Library providing support for "XML Signature" and "XML > Encryption" standards > xmlsec1.x86_64 : Library providing support for "XML Signature" and "XML > Encryption" standards > ============================================================================= > ============================== Name Matched: xmlsec1 > ============================================================================= > ============================== > xmlsec1-nss.x86_64 : NSS crypto plugin for XML Security Library > xmlsec1-nss.i686 : NSS crypto plugin for XML Security Library > xmlsec1-openssl.x86_64 : OpenSSL crypto plugin for XML Security Library > xmlsec1-openssl.x86_64 : OpenSSL crypto plugin for XML Security Library > xmlsec1-openssl.i686 : OpenSSL crypto plugin for XML Security Library > # > > How do I verify this for RHEL 8? Hi Ravindra, The RHEL8 have not contain package xmlsec1-devel in repo, but I can download it from internal site, if you need I can share to you. I test on RHEL 8 VM, the test result is same as rhel7. [root@bootp-73-199-20 ~]# xmlsec1-config --cflags -D__XMLSEC_FUNCTION__=__func__ -DXMLSEC_NO_GOST=1 -DXMLSEC_NO_GOST2012=1 -DXMLSEC_DL_LIBLTDL=1 -I/usr/include/xmlsec1 -I/usr/include/libxml2 -DXMLSEC_CRYPTO_DYNAMIC_LOADING=1 [root@bootp-73-199-20 ~]# uname -r 4.18.0-64.el8.x86_64 [root@bootp-73-199-20 ~]# if you need any other info, please contact me freely! Lili Du
Thanks Lili for your update. Based on your update, the bug still holds good for RHEL 8. And, RHBZ is not allowing me to change the product to RHEL 8. Could you please help reopen this bug for RHEL 8? Or, do we need to create a new one?
Please clone to RHEL8