perl-Dancer-Session-Cookie-0.30-11.fc35 fails to build in Fedora 35 because a test fails: t/00-report-prereqs.t ........ ok # Failed test 'no warnings' # at /usr/share/perl5/vendor_perl/Test/Builder.pm line 193. # There were 2 warning(s) # Previous test 5 'Dancer::Session::Cookie->can(...)' # WARNING: The key derivation method "opensslv1" is deprecated. Using -pbkdf=>'pbkdf2' would be better. # Pass -nodeprecate=>1 to inhibit this message. # at /usr/share/perl5/vendor_perl/Session/Storage/Secure.pm line 213. # at /usr/share/perl5/vendor_perl/Crypt/CBC.pm line 455. # Crypt::CBC::_deprecation_warning(Crypt::CBC=HASH(0x15fbcf2b0)) called at /usr/share/perl5/vendor_perl/Crypt/CBC.pm line 158 # Crypt::CBC::start(Crypt::CBC=HASH(0x15fbcf2b0), "encrypting") called at /usr/share/perl5/vendor_perl/Crypt/CBC.pm line 125 # Crypt::CBC::encrypt(Crypt::CBC=HASH(0x15fbcf2b0), "=\x{f3}rl\x{4}\x{0}(*\x{1}bid&\$372223686496908815687397255954065325") called at /usr/share/perl5/vendor_perl/Session/Storage/Secure.pm line 213 # eval {...} called at /usr/share/perl5/vendor_perl/Session/Storage/Secure.pm line 212 # Session::Storage::Secure::encode(Session::Storage::Secure=HASH(0x15fb59f68), HASH(0x15e3e23f8)) called at /builddir/build/BUILD/Dancer-Session-Cookie-0.30/lib/Dancer/Session/Cookie.pm line 159 # Dancer::Session::Cookie::_cookie_value(Dancer::Session::Cookie=HASH(0x15e3dc7f0)) called at t/01-session.t line 32 # # ---------- # Previous test 6 'cookie value is defined' # WARNING: The key derivation method "opensslv1" is deprecated. Using -pbkdf=>'pbkdf2' would be better. # Pass -nodeprecate=>1 to inhibit this message. # at /usr/share/perl5/vendor_perl/Session/Storage/Secure.pm line 213. # at /usr/share/perl5/vendor_perl/Crypt/CBC.pm line 455. # Crypt::CBC::_deprecation_warning(Crypt::CBC=HASH(0x15fbddfd0)) called at /usr/share/perl5/vendor_perl/Crypt/CBC.pm line 158 # Crypt::CBC::start(Crypt::CBC=HASH(0x15fbddfd0), "encrypting") called at /usr/share/perl5/vendor_perl/Crypt/CBC.pm line 125 # Crypt::CBC::encrypt(Crypt::CBC=HASH(0x15fbddfd0), "=\x{f3}rl\x{4}\x{0}(*\x{2}cbarcbazbid&\$372223686496908815687397255954065325") called at /usr/share/perl5/vendor_perl/Session/Storage/Secure.pm line 213 # eval {...} called at /usr/share/perl5/vendor_perl/Session/Storage/Secure.pm line 212 # Session::Storage::Secure::encode(Session::Storage::Secure=HASH(0x15fb59f68), HASH(0x15fc17708)) called at /builddir/build/BUILD/Dancer-Session-Cookie-0.30/lib/Dancer/Session/Cookie.pm line 159 # Dancer::Session::Cookie::_cookie_value(Dancer::Session::Cookie=HASH(0x15e3dc7f0)) called at t/01-session.t line 35 # # Looks like you failed 1 test of 11. t/01-session.t ............... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/11 subtests A difference between passing and failing build root is at <https://koschei.fedoraproject.org/build/9922722>. An upgrade of perl-Crypt-CBC from 2.33-30.fc34 to 3.01-1.fc35
This is triggered by a change in Crypt-CBC-3.01: Revision history for Perl extension Crypt::CBC. 3.01 - Warn when the deprecated opensslv1 PBKDF (key derivation function) is used for encryption. Turn off with -nodeprecate=>1 or by choosing a different PBKDF, such as -pbkdf=>'pbkdf2'. and caused by Session::Storage::Secure->encode() which does not override the default Crypt::CBC->new() -pbkdf argument: my $cbc = Crypt::CBC->new( -key => $key, -cipher => 'Rijndael' ); my ( $ciphertext, $mac ); eval { $ciphertext = $self->transport_encoder->( $cbc->encrypt( $self->_freeze($data) ) ); $mac = $self->transport_encoder->( hmac_sha256( "$expires$sep$ciphertext", $key ) ); }; Reproducer: $ perl -MSession::Storage::Secure -e 'Session::Storage::Secure->new(secret_key=>1)->encode()' WARNING: The key derivation method "opensslv1" is deprecated. Using -pbkdf=>'pbkdf2' would be better. Pass -nodeprecate=>1 to inhibit this message. at /usr/share/perl5/vendor_perl/Session/Storage/Secure.pm line 213. The new CBC::Encrypt defaults to -pbkdf => 'opensslv1' to preserve compatibility and warns about that at the same time. Session::Storage::Secure can either pass -nodeprecate=>1 to silent the warning, or pass -pbkdf => 'pbkdf2' to use stronger encryption key. pbkdf2. Since changing -pkbkdf makes the encrypted data nondecryptable, Session::Storage::Secure should come up with a transition plan how to move to the stronger PBKDF (e.g with using an old_secrets-like argument). Please note that -pbkdf => 'opensslv1' uses MD5 underneath and that could become unavailable in the future because of the system-wide crypto-policy enforced by Fedora or OpenSSL upstream decision. I know that Session::Storage::Secure uses Digest::SHA::hmac_sha256() to populate the -key argument. And that is currently strong enough. Thus I recommend patching Fedora with -nodeprecate=>1 until upstream resolves it.
FEDORA-2021-ed3306a0fe has been submitted as an update to Fedora 34. https://bodhi.fedoraproject.org/updates/FEDORA-2021-ed3306a0fe
FEDORA-2021-ed3306a0fe has been pushed to the Fedora 34 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-ed3306a0fe` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-ed3306a0fe See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2021-ed3306a0fe has been pushed to the Fedora 34 stable repository. If problem still persists, please make note of it in this bug report.