This bug is used to track the readiness of m2crypto with OpenSSL 3.0.0. Currently the build fails to build with OpenSSL 3.0.0 with the following logs Task info: https://koji.fedoraproject.org/koji/taskinfo?taskID=78020217 Kindly fix them to ensure this package builds with OpenSSL 3.0.0 You can treat the deprecated warnings not as errors if you want to continue to use deprecated functions, but it is encouraged to use the new APIs, and this migration could be done sooner than later. To not treat deprecated warnings as errors, you may use -Wno-error=deprecated-declarations To port to new APIs, kindly refer to the OpenSSL upstream migration guide: https://www.openssl.org/docs/manmaster/man7/migration_guide.html Thank you
Created attachment 1855517 [details] m2crypto-0.38.0-4 build log with crashing test suite The FTBFS is caused by one of the tests crashing during the build: > test_algo_20_bf_ecb (tests.test_bio.CipherStreamTestCase) ... /var/tmp/rpm-tmp.Fcp34Q: line 42: 1470692 Segmentation fault (core dumped) /usr/bin/python3 setup.py test The full build log is attached.
This bug appears to have been reported against 'rawhide' during the Fedora 36 development cycle. Changing version to 36.
I made some progress, but the tests fail. It looks like there's some assumptions about OpenSSL that need to be fixed upstream. Upstream issue: https://gitlab.com/m2crypto/m2crypto/-/issues/310
I have a long term suspicion about lists of ciphers in the beginning of tests/test_bio.py: from tests.fips import fips_mode ciphers = [ 'des_ede_ecb', 'des_ede_cbc', 'des_ede_cfb', 'des_ede_ofb', 'des_ede3_ecb', 'des_ede3_cbc', 'des_ede3_cfb', 'des_ede3_ofb', 'aes_128_ecb', 'aes_128_cbc', 'aes_128_cfb', 'aes_128_ofb', 'aes_192_ecb', 'aes_192_cbc', 'aes_192_cfb', 'aes_192_ofb', 'aes_256_ecb', 'aes_256_cbc', 'aes_256_cfb', 'aes_256_ofb'] nonfips_ciphers = ['bf_ecb', 'bf_cbc', 'bf_cfb', 'bf_ofb', # 'idea_ecb', 'idea_cbc', 'idea_cfb', 'idea_ofb', 'cast5_ecb', 'cast5_cbc', 'cast5_cfb', 'cast5_ofb', # 'rc5_ecb', 'rc5_cbc', 'rc5_cfb', 'rc5_ofb', 'des_ecb', 'des_cbc', 'des_cfb', 'des_ofb', 'rc4', 'rc2_40_cbc'] if not fips_mode: # Forbidden ciphers ciphers += nonfips_ciphers This list is hard to maintain and it constant discrepancy with the current OpenSSL is endless source of problems. Notice for example, that at least for me the crash happens always in `tests.test_bio.CipherStreamTestCase.test_algo_20_bf_ecb` method which is the first nonfips_ciphers method (and yes, I have checked that my system is in non-FIPS mode and `fips_mode` is set correctly). I think this list should be either generated dynamically altogether or at least somewhere in `try_algo` there should be some check of the presence of the algorithm against the list generated dynamically by something like this script: from M2Crypto.SSL import Context, Connection ctx = Context() ctx.set_cipher_list('ALL') conn = Connection(ctx) cipher_list = list(conn.get_ciphers()) What do you think?
That makes sense to me. If you can make a patch for this, I can try it and we can see how it goes. :)
*** Bug 2098745 has been marked as a duplicate of this bug. ***
Hi! My package dnsviz depends on this package. So I attempted fast fixes to tests. I think it might be enough on F37. Created https://src.fedoraproject.org/rpms/m2crypto/pull-request/8 Would you look at it?
This bug appears to have been reported against 'rawhide' during the Fedora Linux 37 development cycle. Changing version to 37.
FEDORA-2022-246072ec85 has been submitted as an update to Fedora 36. https://bodhi.fedoraproject.org/updates/FEDORA-2022-246072ec85
FEDORA-2022-246072ec85 has been pushed to the Fedora 36 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2022-246072ec85` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-246072ec85 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Hello, Please note that this comment was generated automatically. If you feel that this output has mistakes, please contact me via email (mhroncok). All subpackages of a package against which this bug was filled are now installable or removed from Fedora 38. Thanks for taking care of it!
Hello, Please note that this comment was generated automatically. If you feel that this output has mistakes, please contact me via email (mhroncok). All subpackages of a package against which this bug was filled are now installable or removed from Fedora 37. Thanks for taking care of it!
FEDORA-2022-246072ec85 has been pushed to the Fedora 36 stable repository. If problem still persists, please make note of it in this bug report.