Bug 1471159 - mariadb uses compat-openssl10
Summary: mariadb uses compat-openssl10
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: mariadb
Version: 26
Hardware: Unspecified
OS: Unspecified
medium
high
Target Milestone: ---
Assignee: Michal Schorm
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-07-14 14:29 UTC by Thomas Sailer
Modified: 2017-08-28 16:19 UTC (History)
10 users (show)

Fixed In Version: mariadb-10.1.26-2.fc26
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-08-28 16:19:37 UTC
Type: Bug


Attachments (Terms of Use)

Description Thomas Sailer 2017-07-14 14:29:22 UTC
Description of problem:
mariadb-libs-10.1.21-5.fc26.x86_64 still uses compat-openssl10. Since mariadb-libs is used in a lot of places that also directly use (the newer) openssl, and mixing both versions in the same address space is problematic, mariadb should be updated to use the standard (non-compat) openssl version

Comment 1 Michal Schorm 2017-07-14 14:51:48 UTC
This is a known issue.

MariaDB 10.1.25 is not prepared to use OpenSSL11.
Upstream decided to implement OpenSSL11 support only to MariaDB 10.2.x version.

It has been developing for a long time, so it doesn't get into f26.

MariaDB 10.2 is just now beeing incorporated into Rawhide (F27) and the it also support the OpenSSL11.
However the transition from 10.1 to 10.2 versions is very problematic (library soname changes and more), so I'd stay with the current state.

--

What do you think?

Comment 2 Thomas Sailer 2017-07-14 16:35:01 UTC
Problem is that now any non-trivial application will end up with both openssl10 and 11, and apparently the library symbols aren't properly versioned and incompatible, leading to crashes because the symbol from the wrong version of openssl is apparently called.

So really either mariadb has to stop using openssl10 or openssl10 and 11 need to be made compatible, for example with proper symbol versioning

Comment 3 Michal Schorm 2017-07-14 16:41:38 UTC
Ok, now I understand, it can be a real issue.

I'll discuss it and I'll se what possible solutions I'll find out.

Comment 4 Thomas Sailer 2017-07-15 22:34:02 UTC
When linking my application, the linker complains:

/usr/bin/ld: warning: libcrypto.so.10, needed by //usr/lib64/mysql/libmysqlclient.so.18, may conflict with libcrypto.so.1.1

(I don't need libmysqlclient.so.18 myself, it gets pulled in via geos)

Comment 5 Honza Horak 2017-08-01 13:30:39 UTC
Thomas, can you use the mariadb-connector-c instead? That library is built with openssl 1.1.

Comment 6 Thomas Sailer 2017-08-02 17:01:06 UTC
I am not even using mariadb myself, it gets pulled in by gdal (/usr/lib64/libgdal.so.20.1.3). So you need to ask the gdal maintainer whether gdal can use it - I suspect the answer is not out of the box...

Comment 7 Fedora Update System 2017-08-20 10:19:39 UTC
mariadb-10.1.26-2.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-b045a9a63d

Comment 8 Honza Horak 2017-08-20 11:14:28 UTC
The update above includes patches that were based on upstream patches that delivered OpenSSL 1.1 support for MariaDB 10.2. The upstream report for back-porting it to 10.1 is available at https://jira.mariadb.org/browse/MDEV-13592, but I don't expect they will push on it, so this change might stay in F26 as downstream only change.

The plan is to keep the update longer in Bodhi to see if it doesn't break anything, since each downstream patch si kinda risky. Let us know if you see any weird behaviour regarding SSL, there is always possibility to go back to compat-openssl10.

Comment 9 Honza Horak 2017-08-20 11:15:18 UTC
The patches are also available here:
https://src.fedoraproject.org/rpms/mariadb/c/39a24f0850321cbb97f3dd671a17e29fa4bdb4d4?branch=f26

Comment 10 Fedora Update System 2017-08-22 18:07:58 UTC
mariadb-10.1.26-2.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-b045a9a63d

Comment 11 Thomas Sailer 2017-08-23 07:45:46 UTC
Thank you very much! This works for me.

Comment 12 Fedora Update System 2017-08-28 16:19:37 UTC
mariadb-10.1.26-2.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.