Hide Forgot
Description of problem: We are migrating from RHEL6 to RHEL7. Jansson is in EPEL for RHEL6 but it is: jansson-2.6-1.el6.i686.rpm so many developers have been writing code based upon the 2.6 API. However, in RHEL7 there is jansson-2.4-6.el7.x86_64.rpm One of the problems with this is developers have been using json_array_foreach() which no longer exists. There are other problems but that is the most evident. EPEL with its looser rebase requirements is no longer an option because Jansson is now in the main distro. The 2.4 version is known to have weak hash functions: http://www.digip.org/blog/2014/04/jansson-2.6-released.html and so it would be good to not be subject to that weakness. While investigating that problem for this ticket, I found: https://bugzilla.redhat.com/show_bug.cgi?id=1063831 but we are not entirely sure that addresses the same problem. Even if the fix was backported to 2.4 then that could create problems with the internal API versioning in the library. Jansson as with many other simple libraries exports its "API Version" via preprocessor macros, e.g. JANSSON_VERSION_HEX or similar, to allow calling code to determine features, work around issues, etc. By backporting fixes, you may be violating those tests and confusing applications that make use of it. Someone could add a w/a to their code for the patched security update based on JANSSON_VERSION, which would now be incorrect since RH has broken the contract of the #define jansson 2.4 provides libjansson.so.4.4.0 and jansson 2.6 provides libjansson.so.4.6.0, so they should be are ABI compatible. It is just that 2.6 also adds some functions used by developers here. Additional info: We did see: https://bugzilla.redhat.com/show_bug.cgi?id=1177645 which was closed won't fix but the requestor didn't really provide a good reason why they wanted the newer version of jansson. As stated above our business case is that RHEL7's 2.4 is a missing functions that developers relied on when developing on using EPEL'2.6 version of the library and uncertainty as to whether the weak hash functions problem has been addressed fully and difficulty in testing in code whether the version being used is a weak version of a suitably strong one.
Customer is also willing to accept a SCL version with a new library if the risk is determined to be too high to rebase the disto version.
Another missing feature that is impacting developers here are the json_pack/unpack functions which support of printf-like "format specifiers". As can be seen from: https://jansson.readthedocs.io/en/2.8/apiref.html#building-values quite a large number of useful ones were added between 2.4 and 2.6
Hi, Amit I built a rpm for rhel7. http://10.73.130.57/tar/jansson-2.9-1.el7.x86_64.rpm can you run all the libteam/teamd test cases against it with beaker job ? (it maybe just need to "rpm -Uvh http://10.73.130.57/tar/jansson-2.9-1.el7.x86_64.rpm" before running the cases.) Thanks.
Hi Xin, I ran team tests with rpm in #comment10, tests look good. Thanks!
Hi, Ran team tests with 'jansson-2.10-1.el7' as requested by Xin, tests look good. Thanks!
verified integration with libnftnl-1.0.6-6.el7.x86_64 and nftables-0.6-4.el7.x86_64 seems to work correctly with jansson-2.10-1.el7.x86_64 command tested with both versions: nft export json no difference observed for: # nft list ruleset table ip ip_table { chain filter_chain_input { type filter hook prerouting priority 0; policy accept; iifname "vet_cs_server" ip length != 100-200 ip protocol icmp drop iifname "vet_cs_server" ip length 84-90 ip protocol icmp drop iifname "vet_cs_server" ip length 80-90 ip protocol icmp drop } }
Thanks Amit, Tomas. Set it verified, since Amit and Tomas have done the necessary tests against it.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:2195