1389805 – [LLNL 7.4 FEAT] Rebase jansson to at least 2.10

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1389805 - [LLNL 7.4 FEAT] Rebase jansson to at least 2.10

Summary: [LLNL 7.4 FEAT] Rebase jansson to at least 2.10

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	jansson
Sub Component:
Version:	7.3
Hardware:	x86_64
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	rc
Target Release:	7.4
Assignee:	Xin Long
QA Contact:	BaseOS QE Security Team
Docs Contact:	Ioanna Gkioka
URL:
Whiteboard:
Depends On:
Blocks:	1300696 1300697 1384121 1384257 1399228 1403375 1425715 1446211
TreeView+	depends on / blocked

Reported:	2016-10-28 17:07 UTC by Ben Woodard
Modified:	2017-08-01 12:41 UTC (History)
CC List:	15 users (show)
Fixed In Version:	jansson-2.10-1.el7
Doc Type:	Rebase: Bug Fixes and Enhancements
Doc Text:	_jansson_ rebased to version 2.10 The jansson library has been updated to version 2.10, which provides several bug fixes and enhancements over the previous version. Notably, interfaces have been added to support the clevis, tang and jose applications.
Clone Of:
Environment:
Last Closed:	2017-08-01 12:41:57 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2017:2195	0	normal	SHIPPED_LIVE	jansson enhancement update	2017-08-01 16:09:05 UTC

Description Ben Woodard 2016-10-28 17:07:40 UTC

Description of problem:

We are migrating from RHEL6 to RHEL7. Jansson is in EPEL for RHEL6 but it is:
jansson-2.6-1.el6.i686.rpm so many developers have been writing code based upon the 2.6 API. However, in RHEL7 there is jansson-2.4-6.el7.x86_64.rpm

One of the problems with this is developers have been using json_array_foreach() which no longer exists. There are other problems but that is the most evident.

EPEL with its looser rebase requirements is no longer an option because Jansson is now in the main distro.

The 2.4 version is known to have weak hash functions: http://www.digip.org/blog/2014/04/jansson-2.6-released.html and so it would be good to not be subject to that weakness. While investigating that problem for this ticket, I found: https://bugzilla.redhat.com/show_bug.cgi?id=1063831 but we are not entirely sure that addresses the same problem. Even if the fix was backported to 2.4 then that could create problems with the internal API versioning in the library.

Jansson as with many other simple libraries exports its "API Version" via preprocessor macros, e.g. JANSSON_VERSION_HEX or similar, to allow calling code to determine features, work around issues, etc. By backporting fixes, you may be violating those tests and confusing applications that make use of it. Someone could add a w/a to their code for the patched security update based on JANSSON_VERSION, which would now be incorrect since RH has broken the contract of the #define

jansson 2.4 provides libjansson.so.4.4.0 and jansson 2.6 provides libjansson.so.4.6.0, so they should be are ABI compatible. It is just that 2.6 also adds some functions used by developers here.

Additional info:
We did see: https://bugzilla.redhat.com/show_bug.cgi?id=1177645 which was closed won't fix but the requestor didn't really provide a good reason why they wanted the newer version of jansson. As stated above our business case is that RHEL7's 2.4 is a missing functions that developers relied on when developing on using EPEL'2.6 version of the library and uncertainty as to whether the weak hash functions problem has been addressed fully and difficulty in testing in code whether the version being used is a weak version of a suitably strong one.

Comment 1 Ben Woodard 2016-10-28 17:12:19 UTC

Customer is also willing to accept a SCL version with a new library if the risk is determined to be too high to rebase the disto version.

Comment 2 Ben Woodard 2016-10-28 17:21:44 UTC

Another missing feature that is impacting developers here are the json_pack/unpack functions which support of printf-like "format specifiers". As can be seen from: https://jansson.readthedocs.io/en/2.8/apiref.html#building-values quite a large number of useful ones were added between 2.4 and 2.6

Comment 10 Xin Long 2016-12-12 08:13:55 UTC

Hi, Amit
I built a rpm for rhel7.

http://10.73.130.57/tar/jansson-2.9-1.el7.x86_64.rpm

can you run all the libteam/teamd test cases against it with beaker job ?
(it maybe just need to "rpm -Uvh http://10.73.130.57/tar/jansson-2.9-1.el7.x86_64.rpm" before running the cases.)

Thanks.

Comment 12 Amit Supugade 2016-12-22 16:40:35 UTC

Hi Xin,
I ran team tests with rpm in #comment10, tests look good. Thanks!

Comment 22 Amit Supugade 2017-04-17 14:33:54 UTC

Hi,
Ran team tests with 'jansson-2.10-1.el7' as requested by Xin, tests look good. Thanks!

Comment 23 Tomas Dolezal 2017-05-29 11:45:28 UTC

verified integration with libnftnl-1.0.6-6.el7.x86_64 and nftables-0.6-4.el7.x86_64
seems to work correctly with jansson-2.10-1.el7.x86_64

command tested with both versions: nft export json
no difference observed for:
# nft list ruleset
table ip ip_table {
	chain filter_chain_input {
		type filter hook prerouting priority 0; policy accept;
		iifname "vet_cs_server" ip length != 100-200 ip protocol icmp drop
		iifname "vet_cs_server" ip length 84-90 ip protocol icmp drop
		iifname "vet_cs_server" ip length 80-90 ip protocol icmp drop
	}
}

Comment 24 Xin Long 2017-05-31 09:43:44 UTC

Thanks Amit, Tomas.

Set it verified, since Amit and Tomas have done the necessary tests against it.

Comment 25 errata-xmlrpc 2017-08-01 12:41:57 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2195

Note You need to log in before you can comment on or make changes to this bug.