Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
+++ This bug was initially created as a clone of Bug #1367548 +++
Description of problem:
On CentOS 7.2, the xmlsec1-devel package includes an xmlsec1-config which has incorrect build flags. The library was built using XMLSEC_NO_SIZE_T, but "xmlsec1-config --cflags" does not show that flag.
This results in any code built using those flags to have a mismatch on numerous data structures, because xmlSecSize is 4 bytes in the library, but 8 byes in code trusting the cflags.
Version-Release number of selected component (if applicable):
CentOS 6.7, 7.2
How reproducible:
Always
Steps to Reproduce:
build from sample, with appropriate tweaks to the Makefile. Compare valgrind results from having XMLSEC_NO_SIZE_T defined and not.
Additional info:
https://bugzilla.redhat.com/show_bug.cgi?id=662306 seems to be the same issue.
--- Additional comment from Ravindra Kumar on 2016-08-16 17:56:20 UTC ---
Seems to have been originated from https://bugzilla.redhat.com/show_bug.cgi?id=192756.
--- Additional comment from Richard W.M. Jones on 2016-08-30 12:04:49 UTC ---
RHEL 7.3 external beta has been released, and I believe we have
a workaround we can use in the interim. Therefore I am moving
this to 7.4.
--- Additional comment from ldu on 2017-08-03 06:57:30 UTC ---
This issue could be reproduce on RHEL7.4.
the reproduce steps:
1.Install a new RHEL 7.4 guest on ESXi6.5.
2.yum install xmlsec1-devel-1.2.20-5.el7.x86_64.rpm and all dependency.
3.check flag "XMLSEC_NO_SIZE_T" with command mlsec1-config --cflags
the result is :
[root@bootp-73-199-156 ~]# xmlsec1-config --cflags
-D__XMLSEC_FUNCTION__=__FUNCTION__ -DXMLSEC_NO_GOST=1 -DXMLSEC_NO_XKMS=1 -DXMLSEC_DL_LIBLTDL=1 -I/usr/include/xmlsec1 -I/usr/include/libxml2 -DXMLSEC_CRYPTO_DYNAMIC_LOADING=1 -DXMLSEC_CRYPTO=\"openssl\"
--- Additional comment from Simo Sorce on 2019-02-11 15:41:35 UTC ---
This issue was not selected to be included either in Red Hat Enterprise Linux 7.7 because it is seen either as low or moderate impact to a small amount of use-cases. The next release will be in Maintenance Support 1 Phase, which means that qualified Critical and Important Security errata advisories (RHSAs) and Urgent Priority Bug Fix errata advisories (RHBAs) may be released as they become available. We will now close this issue, but if you believe that it qualifies for the Maintenance Support 1 Phase, please re-open; otherwise we recommend moving the request to Red Hat Enterprise Linux 8 if applicable.
--- Additional comment from Ravindra Kumar on 2019-02-12 00:11:03 UTC ---
I can't find xmlsec1-devel package for RHEL 8.
# dnf search xmlsec1
Updating Subscription Management repositories.
Updating Subscription Management repositories.
Last metadata expiration check: 0:27:17 ago on Mon 11 Feb 2019 06:43:08 PM EST.
======================================================================================================= Name Exactly Matched: xmlsec1 =======================================================================================================
xmlsec1.x86_64 : Library providing support for "XML Signature" and "XML Encryption" standards
xmlsec1.i686 : Library providing support for "XML Signature" and "XML Encryption" standards
xmlsec1.x86_64 : Library providing support for "XML Signature" and "XML Encryption" standards
=========================================================================================================== Name Matched: xmlsec1 ===========================================================================================================
xmlsec1-nss.x86_64 : NSS crypto plugin for XML Security Library
xmlsec1-nss.i686 : NSS crypto plugin for XML Security Library
xmlsec1-openssl.x86_64 : OpenSSL crypto plugin for XML Security Library
xmlsec1-openssl.x86_64 : OpenSSL crypto plugin for XML Security Library
xmlsec1-openssl.i686 : OpenSSL crypto plugin for XML Security Library
#
How do I verify this for RHEL 8?
--- Additional comment from ldu on 2019-02-14 09:34:29 UTC ---
(In reply to Ravindra Kumar from comment #14)
> I can't find xmlsec1-devel package for RHEL 8.
>
> # dnf search xmlsec1
> Updating Subscription Management repositories.
> Updating Subscription Management repositories.
> Last metadata expiration check: 0:27:17 ago on Mon 11 Feb 2019 06:43:08 PM
> EST.
> =============================================================================
> ========================== Name Exactly Matched: xmlsec1
> =============================================================================
> ==========================
> xmlsec1.x86_64 : Library providing support for "XML Signature" and "XML
> Encryption" standards
> xmlsec1.i686 : Library providing support for "XML Signature" and "XML
> Encryption" standards
> xmlsec1.x86_64 : Library providing support for "XML Signature" and "XML
> Encryption" standards
> =============================================================================
> ============================== Name Matched: xmlsec1
> =============================================================================
> ==============================
> xmlsec1-nss.x86_64 : NSS crypto plugin for XML Security Library
> xmlsec1-nss.i686 : NSS crypto plugin for XML Security Library
> xmlsec1-openssl.x86_64 : OpenSSL crypto plugin for XML Security Library
> xmlsec1-openssl.x86_64 : OpenSSL crypto plugin for XML Security Library
> xmlsec1-openssl.i686 : OpenSSL crypto plugin for XML Security Library
> #
>
> How do I verify this for RHEL 8?
Hi Ravindra,
The RHEL8 have not contain package xmlsec1-devel in repo, but I can download it from internal site, if you need I can share to you.
I test on RHEL 8 VM, the test result is same as rhel7.
[root@bootp-73-199-20 ~]# xmlsec1-config --cflags
-D__XMLSEC_FUNCTION__=__func__ -DXMLSEC_NO_GOST=1 -DXMLSEC_NO_GOST2012=1 -DXMLSEC_DL_LIBLTDL=1 -I/usr/include/xmlsec1 -I/usr/include/libxml2 -DXMLSEC_CRYPTO_DYNAMIC_LOADING=1
[root@bootp-73-199-20 ~]# uname -r
4.18.0-64.el8.x86_64
[root@bootp-73-199-20 ~]#
if you need any other info, please contact me freely!
Lili Du
--- Additional comment from Ravindra Kumar on 2019-02-14 20:08:37 UTC ---
Thanks Lili for your update.
Based on your update, the bug still holds good for RHEL 8. And, RHBZ is not allowing me to change the product to RHEL 8.
Could you please help reopen this bug for RHEL 8? Or, do we need to create a new one?
--- Additional comment from Simo Sorce on 2019-02-14 20:53:30 UTC ---
Please clone to RHEL8
Hi Simo,
How to get package 'xmlsec1-devel' for RHEL8? As Ravindra noted, there is no this package when dnf search, ldu@ has confirmed this. ldu@ downloaded the rpm from internal brew system, but how to get it externally?
(In reply to Simo Sorce from comment #3)
> For devel packages like xmlsec1-devel you need to enable the CodeReady
> Builder (CBR) repository.
>
> See here for an overview of this new repo:
> https://developers.redhat.com/blog/2018/11/15/introducing-codeready-linux-
> builder/
Great, thanks for your information, Simo. Is this CodeReady Builder repo listed in the RHEL 8 documentation? I have not found it yet.
(In reply to Simo Sorce from comment #3)
> For devel packages like xmlsec1-devel you need to enable the CodeReady
> Builder (CBR) repository.
>
> See here for an overview of this new repo:
> https://developers.redhat.com/blog/2018/11/15/introducing-codeready-linux-
> builder/
Thanks Simo. I could verify xmlsec1-config now.
# cat /etc/redhat-release
Red Hat Enterprise Linux release 8.0 Beta (Ootpa)
# dnf info xmlsec1-devel
Updating Subscription Management repositories.
Updating Subscription Management repositories.
Last metadata expiration check: 0:01:08 ago on Thu 21 Feb 2019 08:55:32 PM EST.
Installed Packages
Name : xmlsec1-devel
Version : 1.2.25
Release : 4.el8
Arch : x86_64
Size : 3.5 M
Source : xmlsec1-1.2.25-4.el8.src.rpm
Repo : @System
From repo : codeready-builder-beta-for-rhel-8-x86_64-rpms
Summary : Libraries, includes, etc. to develop applications with XML Digital Signatures and XML Encryption support.
URL : http://www.aleksey.com/xmlsec/
License : MIT
Description : Libraries, includes, etc. you can use to develop applications with XML Digital
: Signatures and XML Encryption support.
Available Packages
Name : xmlsec1-devel
Version : 1.2.25
Release : 4.el8
Arch : i686
Size : 406 k
Source : xmlsec1-1.2.25-4.el8.src.rpm
Repo : codeready-builder-beta-for-rhel-8-x86_64-rpms
Summary : Libraries, includes, etc. to develop applications with XML Digital Signatures and XML Encryption support.
URL : http://www.aleksey.com/xmlsec/
License : MIT
Description : Libraries, includes, etc. you can use to develop applications with XML Digital
: Signatures and XML Encryption support.
# xmlsec1-config --version
1.2.25
# xmlsec1-config --cflags
-D__XMLSEC_FUNCTION__=__func__ -DXMLSEC_NO_GOST=1 -DXMLSEC_NO_GOST2012=1 -DXMLSEC_DL_LIBLTDL=1 -I/usr/include/xmlsec1 -I/usr/include/libxml2 -DXMLSEC_CRYPTO_DYNAMIC_LOADING=1
Comment 8Richard W.M. Jones
2019-04-01 07:50:33 UTC
# xmlsec1-config --cflags
-D__XMLSEC_FUNCTION__=__func__ -DXMLSEC_NO_GOST=1 -DXMLSEC_NO_GOST2012=1 -DXMLSEC_DL_LIBLTDL=1 -I/usr/include/xmlsec1 -I/usr/include/libxml2 -DXMLSEC_CRYPTO_DYNAMIC_LOADING=1
Are these correct? The original BZ description reports that -DXMLSEC_NO_SIZE_T is used to
build the library [I have verified this is still the case] and it is missing from the flags
above. XMLSEC_NO_SIZE_T is used in /usr/include/xmlsec1/xmlsec/xmlsec.h
So I would say this bug is still present.
Comment 9Richard W.M. Jones
2019-04-01 07:55:28 UTC
Looking at the spec file it does indeed seem to have been caused by this bogus
multilib fix for bug 192756:
# positively ugly but only sane way to get around #192756
sed 's+/lib64+/$archlib+g' < xmlsec1-config | sed 's+/lib+/$archlib+g' | sed 's+ -DXMLSEC_NO_SIZE_T++' > xmlsec1-config.$$ && mv xmlsec1-config.$$ xmlsec1-config