Description of problem: yum install fails in FIPS mode (see reproducer) # yum -y reinstall openssl malloc: using debugging hooks Loaded plugins: katello, product-id, rhnplugin, security, subscription-manager Updating certificate-based repositories. Unable to read consumer identity Setting up Reinstall Process digest.c(151): OpenSSL internal error, assertion failed: Digest update previous FIPS forbidden algorithm error ignored Aborted Version-Release number of selected component (if applicable): yum-3.2.22-39.el5 openssl-0.9.8e-22.el5_8.2 How reproducible: 100% on i386 Steps to Reproduce: 1. Install EL5.8 2. Remove prelink # prelink -u -a # yum -y 3. Switch to FIPS 4. yum install anything Actual results: digest.c(151): OpenSSL internal error, assertion failed: Digest update previous FIPS forbidden algorithm error ignored Aborted Expected results: No error and yum works Additional info: I assume this is a yum issue, but feel free to reassign to openssl in needed. Tested onlu on i386 architecture. Tested also with older openssl, doesn't seem to be a regression in openssl (found while testing openssl ASYNC)
Just for reference the RHEL6 fixed bug is bug 541974.
I'm sure this was discussed in previous bugs ... the problems are: 1. If the repos. you are using have MD5 checksumed metadata ... yum will need to call MD5. 2. It's possible there are still bugs where yum calls MD5 routines where it doesn't need to, esp. in RHEL-5. 2. OpenSSL MD5 calls abort() in FIPS mode ... even if the usage was not in a security context.
Created attachment 599453 [details] [PATCH] vlan: filter device events on bonds Since bond masters and slaves only have separate vlan groups now, the vlan_device_event handler has to be taught to ignore network events from slave devices when they're truly attached to the bond master. We do this by looking up the network device of a given vide on both the slave and its master. if they match, then we're processing an event for a physical device that we don't really care about (since the masters events are realy what we're interested in. This patch adds that comparison, and allows us to filter those slave events that the vlan code should ignore. --- net/8021q/vlan.c | 64 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 files changed, 64 insertions(+), 0 deletions(-)
sorry, wrong bug, ignore last post