This bug is used to track the readiness of krb5 with OpenSSL 3.0.0. Currently the build fails to build with OpenSSL 3.0.0 with the following logs Task info: https://koji.fedoraproject.org/koji/taskinfo?taskID=78020207 Kindly fix them to ensure this package builds with OpenSSL 3.0.0 You can treat the deprecated warnings not as errors if you want to continue to use deprecated functions, but it is encouraged to use the new APIs, and this migration could be done sooner than later. To not treat deprecated warnings as errors, you may use -Wno-error=deprecated-declarations To port to new APIs, kindly refer to the OpenSSL upstream migration guide: https://www.openssl.org/docs/manmaster/man7/migration_guide.html Thank you
This pulls in openssl1.1 to the default buildroot. I also see that it appears to be fixed in c9s: https://gitlab.com/redhat/centos-stream/rpms/krb5/-/commits/c9s
Yes, there is a plan to pull a fix from upstream similar to c9s. If this can wait couple days... We are busy with security updates in Samba and FreeIPA.
Hi, I'd like to start testing systemd transition from gcrypt to openssl, and it would be great if krb5 could be rebuilt against openssl-3. Currently that fails because ld refuses to link to libcrypto.so.3 and /usr/lib64/libgssapi_krb5.so.2 which is linked to libcrypto.so.1.1. FWIW, I rebuilt the cs9 version in mock and I'm using that locally and it seems to work fine.
I'll look at this over coming weekend. Sorry.
Fixed in krb5-1.19.2-4.fc36 https://bodhi.fedoraproject.org/updates/FEDORA-2021-d13ffd8da0 $ rpm -q --requires -p https://kojipkgs.fedoraproject.org//packages/krb5/1.19.2/4.fc36/x86_64/krb5-libs-1.19.2-4.fc36.x86_64.rpm|grep libcrypto.so libcrypto.so.3()(64bit) libcrypto.so.3(OPENSSL_3.0.0)(64bit)
Zbyszek, could you please verify and close this bug?
Not caused by krb5 at all, but removing openssl1.1 from the buildroot broke cmake: /usr/bin/cmake: error while loading shared libraries: libcrypto.so.1.1: cannot open shared object file: No such file or directory https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/LAHTJWRB5HEPY3YNM7BSDGVZHGIHRORN/ And appstream-util: appstream-util: error while loading shared libraries: libcrypto.so.1.1: cannot open shared object file: No such file or directory https://koschei.fedoraproject.org/build/11634367 I wonder how is this possible :/
(In reply to Miro Hrončok from comment #7) > Not caused by krb5 at all, but removing openssl1.1 from the buildroot broke > cmake: > > /usr/bin/cmake: error while loading shared libraries: libcrypto.so.1.1: > cannot open shared object file: No such file or directory > > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/ > thread/LAHTJWRB5HEPY3YNM7BSDGVZHGIHRORN/ > > And appstream-util: > > appstream-util: error while loading shared libraries: libcrypto.so.1.1: > cannot open shared object file: No such file or directory > > https://koschei.fedoraproject.org/build/11634367 > > > I wonder how is this possible :/ https://bugzilla.redhat.com/show_bug.cgi?id=2028852
Thanks! Other bugs notwithstanding, krb5 is fixed. I'll close this here.
The issue is only for rawhide, and the update has gone stable.