* [meta-python][jethro][PATCH][V2] python-m2crypto: fix SSLv2 symbol issue @ 2016-03-09 17:06 Armin Kuster 2016-03-09 19:11 ` Martin Jansa 0 siblings, 1 reply; 8+ messages in thread From: Armin Kuster @ 2016-03-09 17:06 UTC (permalink / raw) To: akuster, openembedded-devel From: Armin Kuster <akuster@mvista.com> missed using "-D" for OPENSSL_NO_SSL2 swig_features. ERROR: Failed to import the "M2Crypto" module: .../usr/lib/python2.7/site-packages/M2Crypto/__m2crypto.so: undefined symbol: SSLv2_method disable using SSLv2_method if not supported in openssl. This is now the case with the advent of CVE-2016-0800 Signed-off-by: Armin Kuster <akuster@mvista.com> --- ...y_build_with_SSLv2_when_it_is_not_available.patch | 20 ++++++++++++++++++++ .../python/python-m2crypto_0.21.1.bb | 4 +++- 2 files changed, 23 insertions(+), 1 deletion(-) create mode 100644 meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch diff --git a/meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch b/meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch new file mode 100644 index 0000000..526c23f --- /dev/null +++ b/meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch @@ -0,0 +1,20 @@ +Upstream-Status: Backport +https://gitlab.com/m2crypto/m2crypto/commit/ac01b38302474920288c1a9eb63fd35fa8d1db5b + +Signed-off-by: Armin Kuster <akuster@mvista.com> + +Index: M2Crypto-0.21.1/SWIG/_ssl.i +=================================================================== +--- M2Crypto-0.21.1.orig/SWIG/_ssl.i ++++ M2Crypto-0.21.1/SWIG/_ssl.i +@@ -48,8 +48,10 @@ extern const char *SSL_alert_desc_string + %rename(ssl_get_alert_desc_v) SSL_alert_desc_string_long; + extern const char *SSL_alert_desc_string_long(int); + ++#ifndef OPENSSL_NO_SSL2 + %rename(sslv2_method) SSLv2_method; + extern SSL_METHOD *SSLv2_method(void); ++#endif + %rename(sslv3_method) SSLv3_method; + extern SSL_METHOD *SSLv3_method(void); + %rename(sslv23_method) SSLv23_method; diff --git a/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb b/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb index ff6203f..9daea5e 100644 --- a/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb +++ b/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb @@ -8,7 +8,8 @@ LIC_FILES_CHKSUM = "file://LICENCE;md5=b0e1f0b7d0ce8a62c18b1287b991800e" SRC_URI = "http://pypi.python.org/packages/source/M/M2Crypto/M2Crypto-${PV}.tar.gz \ file://0001-setup.py-link-in-sysroot-not-in-host-directories.patch \ - file://0001-M2Crypto-Error-fix.patch" + file://0001-M2Crypto-Error-fix.patch \ + file://dont_try_build_with_SSLv2_when_it_is_not_available.patch" SRC_URI[md5sum] = "f93d8462ff7646397a9f77a2fe602d17" SRC_URI[sha256sum] = "25b94498505c2d800ee465db0cc1aff097b1615adc3ac042a1c85ceca264fc0a" @@ -19,6 +20,7 @@ inherit setuptools SWIG_FEATURES_x86-64 = "-D__x86_64__" SWIG_FEATURES ?= "" +SWIG_FEATURES += "-DOPENSSL_NO_SSL2" export SWIG_FEATURES # Get around a problem with swig, but only if the -- 2.3.5 ^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [meta-python][jethro][PATCH][V2] python-m2crypto: fix SSLv2 symbol issue 2016-03-09 17:06 [meta-python][jethro][PATCH][V2] python-m2crypto: fix SSLv2 symbol issue Armin Kuster @ 2016-03-09 19:11 ` Martin Jansa 2016-03-09 19:18 ` akuster808 0 siblings, 1 reply; 8+ messages in thread From: Martin Jansa @ 2016-03-09 19:11 UTC (permalink / raw) To: openembedded-devel; +Cc: akuster [-- Attachment #1: Type: text/plain, Size: 3687 bytes --] On Wed, Mar 09, 2016 at 09:06:57AM -0800, Armin Kuster wrote: > From: Armin Kuster <akuster@mvista.com> > > missed using "-D" for OPENSSL_NO_SSL2 swig_features. fido version: http://patchwork.openembedded.org/patch/117291/ needed -D as well, right? I've pushed both to fido-next and jethro-next > > ERROR: Failed to import the "M2Crypto" module: .../usr/lib/python2.7/site-packages/M2Crypto/__m2crypto.so: undefined symbol: SSLv2_method > > disable using SSLv2_method if not supported in openssl. This is now the case > with the advent of CVE-2016-0800 > > Signed-off-by: Armin Kuster <akuster@mvista.com> > --- > ...y_build_with_SSLv2_when_it_is_not_available.patch | 20 ++++++++++++++++++++ > .../python/python-m2crypto_0.21.1.bb | 4 +++- > 2 files changed, 23 insertions(+), 1 deletion(-) > create mode 100644 meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch > > diff --git a/meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch b/meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch > new file mode 100644 > index 0000000..526c23f > --- /dev/null > +++ b/meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch > @@ -0,0 +1,20 @@ > +Upstream-Status: Backport > +https://gitlab.com/m2crypto/m2crypto/commit/ac01b38302474920288c1a9eb63fd35fa8d1db5b > + > +Signed-off-by: Armin Kuster <akuster@mvista.com> > + > +Index: M2Crypto-0.21.1/SWIG/_ssl.i > +=================================================================== > +--- M2Crypto-0.21.1.orig/SWIG/_ssl.i > ++++ M2Crypto-0.21.1/SWIG/_ssl.i > +@@ -48,8 +48,10 @@ extern const char *SSL_alert_desc_string > + %rename(ssl_get_alert_desc_v) SSL_alert_desc_string_long; > + extern const char *SSL_alert_desc_string_long(int); > + > ++#ifndef OPENSSL_NO_SSL2 > + %rename(sslv2_method) SSLv2_method; > + extern SSL_METHOD *SSLv2_method(void); > ++#endif > + %rename(sslv3_method) SSLv3_method; > + extern SSL_METHOD *SSLv3_method(void); > + %rename(sslv23_method) SSLv23_method; > diff --git a/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb b/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb > index ff6203f..9daea5e 100644 > --- a/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb > +++ b/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb > @@ -8,7 +8,8 @@ LIC_FILES_CHKSUM = "file://LICENCE;md5=b0e1f0b7d0ce8a62c18b1287b991800e" > > SRC_URI = "http://pypi.python.org/packages/source/M/M2Crypto/M2Crypto-${PV}.tar.gz \ > file://0001-setup.py-link-in-sysroot-not-in-host-directories.patch \ > - file://0001-M2Crypto-Error-fix.patch" > + file://0001-M2Crypto-Error-fix.patch \ > + file://dont_try_build_with_SSLv2_when_it_is_not_available.patch" > > SRC_URI[md5sum] = "f93d8462ff7646397a9f77a2fe602d17" > SRC_URI[sha256sum] = "25b94498505c2d800ee465db0cc1aff097b1615adc3ac042a1c85ceca264fc0a" > @@ -19,6 +20,7 @@ inherit setuptools > > SWIG_FEATURES_x86-64 = "-D__x86_64__" > SWIG_FEATURES ?= "" > +SWIG_FEATURES += "-DOPENSSL_NO_SSL2" > export SWIG_FEATURES > > # Get around a problem with swig, but only if the > -- > 2.3.5 > > -- > _______________________________________________ > Openembedded-devel mailing list > Openembedded-devel@lists.openembedded.org > http://lists.openembedded.org/mailman/listinfo/openembedded-devel -- Martin 'JaMa' Jansa jabber: Martin.Jansa@gmail.com [-- Attachment #2: Digital signature --] [-- Type: application/pgp-signature, Size: 188 bytes --] ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [meta-python][jethro][PATCH][V2] python-m2crypto: fix SSLv2 symbol issue 2016-03-09 19:11 ` Martin Jansa @ 2016-03-09 19:18 ` akuster808 2016-03-14 22:21 ` Pushpal Sidhu 0 siblings, 1 reply; 8+ messages in thread From: akuster808 @ 2016-03-09 19:18 UTC (permalink / raw) To: Martin Jansa, openembedded-devel On 03/09/2016 11:11 AM, Martin Jansa wrote: > On Wed, Mar 09, 2016 at 09:06:57AM -0800, Armin Kuster wrote: >> From: Armin Kuster <akuster@mvista.com> >> >> missed using "-D" for OPENSSL_NO_SSL2 swig_features. > > fido version: > http://patchwork.openembedded.org/patch/117291/ > needed -D as well, right? yes. > > I've pushed both to fido-next and jethro-next thanks -armin > >> >> ERROR: Failed to import the "M2Crypto" module: .../usr/lib/python2.7/site-packages/M2Crypto/__m2crypto.so: undefined symbol: SSLv2_method >> >> disable using SSLv2_method if not supported in openssl. This is now the case >> with the advent of CVE-2016-0800 >> >> Signed-off-by: Armin Kuster <akuster@mvista.com> >> --- >> ...y_build_with_SSLv2_when_it_is_not_available.patch | 20 ++++++++++++++++++++ >> .../python/python-m2crypto_0.21.1.bb | 4 +++- >> 2 files changed, 23 insertions(+), 1 deletion(-) >> create mode 100644 meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch >> >> diff --git a/meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch b/meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch >> new file mode 100644 >> index 0000000..526c23f >> --- /dev/null >> +++ b/meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch >> @@ -0,0 +1,20 @@ >> +Upstream-Status: Backport >> +https://gitlab.com/m2crypto/m2crypto/commit/ac01b38302474920288c1a9eb63fd35fa8d1db5b >> + >> +Signed-off-by: Armin Kuster <akuster@mvista.com> >> + >> +Index: M2Crypto-0.21.1/SWIG/_ssl.i >> +=================================================================== >> +--- M2Crypto-0.21.1.orig/SWIG/_ssl.i >> ++++ M2Crypto-0.21.1/SWIG/_ssl.i >> +@@ -48,8 +48,10 @@ extern const char *SSL_alert_desc_string >> + %rename(ssl_get_alert_desc_v) SSL_alert_desc_string_long; >> + extern const char *SSL_alert_desc_string_long(int); >> + >> ++#ifndef OPENSSL_NO_SSL2 >> + %rename(sslv2_method) SSLv2_method; >> + extern SSL_METHOD *SSLv2_method(void); >> ++#endif >> + %rename(sslv3_method) SSLv3_method; >> + extern SSL_METHOD *SSLv3_method(void); >> + %rename(sslv23_method) SSLv23_method; >> diff --git a/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb b/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb >> index ff6203f..9daea5e 100644 >> --- a/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb >> +++ b/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb >> @@ -8,7 +8,8 @@ LIC_FILES_CHKSUM = "file://LICENCE;md5=b0e1f0b7d0ce8a62c18b1287b991800e" >> >> SRC_URI = "http://pypi.python.org/packages/source/M/M2Crypto/M2Crypto-${PV}.tar.gz \ >> file://0001-setup.py-link-in-sysroot-not-in-host-directories.patch \ >> - file://0001-M2Crypto-Error-fix.patch" >> + file://0001-M2Crypto-Error-fix.patch \ >> + file://dont_try_build_with_SSLv2_when_it_is_not_available.patch" >> >> SRC_URI[md5sum] = "f93d8462ff7646397a9f77a2fe602d17" >> SRC_URI[sha256sum] = "25b94498505c2d800ee465db0cc1aff097b1615adc3ac042a1c85ceca264fc0a" >> @@ -19,6 +20,7 @@ inherit setuptools >> >> SWIG_FEATURES_x86-64 = "-D__x86_64__" >> SWIG_FEATURES ?= "" >> +SWIG_FEATURES += "-DOPENSSL_NO_SSL2" >> export SWIG_FEATURES >> >> # Get around a problem with swig, but only if the >> -- >> 2.3.5 >> >> -- >> _______________________________________________ >> Openembedded-devel mailing list >> Openembedded-devel@lists.openembedded.org >> http://lists.openembedded.org/mailman/listinfo/openembedded-devel > ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [meta-python][jethro][PATCH][V2] python-m2crypto: fix SSLv2 symbol issue 2016-03-09 19:18 ` akuster808 @ 2016-03-14 22:21 ` Pushpal Sidhu 2016-03-17 21:54 ` Martin Jansa 0 siblings, 1 reply; 8+ messages in thread From: Pushpal Sidhu @ 2016-03-14 22:21 UTC (permalink / raw) To: Martin Jansa; +Cc: openembedded-devel Hi, On Wed, Mar 9, 2016 at 11:18 AM, akuster808 <akuster808@gmail.com> wrote: > > > > On 03/09/2016 11:11 AM, Martin Jansa wrote: > > On Wed, Mar 09, 2016 at 09:06:57AM -0800, Armin Kuster wrote: > >> From: Armin Kuster <akuster@mvista.com> > >> > >> missed using "-D" for OPENSSL_NO_SSL2 swig_features. > > > > fido version: > > http://patchwork.openembedded.org/patch/117291/ > > needed -D as well, right? > > yes. > > > > > > I've pushed both to fido-next and jethro-next When will this be merged into fido/jethro? I've been running into this build breakage for about a week now and if I patch it myself, I'll only run into a conflict again later, causing more build issues. Thanks, - Pushpal > thanks > -armin > > > >> > >> ERROR: Failed to import the "M2Crypto" module: .../usr/lib/python2.7/site-packages/M2Crypto/__m2crypto.so: undefined symbol: SSLv2_method > >> > >> disable using SSLv2_method if not supported in openssl. This is now the case > >> with the advent of CVE-2016-0800 > >> > >> Signed-off-by: Armin Kuster <akuster@mvista.com> > >> --- > >> ...y_build_with_SSLv2_when_it_is_not_available.patch | 20 ++++++++++++++++++++ > >> .../python/python-m2crypto_0.21.1.bb | 4 +++- > >> 2 files changed, 23 insertions(+), 1 deletion(-) > >> create mode 100644 meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch > >> > >> diff --git a/meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch b/meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch > >> new file mode 100644 > >> index 0000000..526c23f > >> --- /dev/null > >> +++ b/meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch > >> @@ -0,0 +1,20 @@ > >> +Upstream-Status: Backport > >> +https://gitlab.com/m2crypto/m2crypto/commit/ac01b38302474920288c1a9eb63fd35fa8d1db5b > >> + > >> +Signed-off-by: Armin Kuster <akuster@mvista.com> > >> + > >> +Index: M2Crypto-0.21.1/SWIG/_ssl.i > >> +=================================================================== > >> +--- M2Crypto-0.21.1.orig/SWIG/_ssl.i > >> ++++ M2Crypto-0.21.1/SWIG/_ssl.i > >> +@@ -48,8 +48,10 @@ extern const char *SSL_alert_desc_string > >> + %rename(ssl_get_alert_desc_v) SSL_alert_desc_string_long; > >> + extern const char *SSL_alert_desc_string_long(int); > >> + > >> ++#ifndef OPENSSL_NO_SSL2 > >> + %rename(sslv2_method) SSLv2_method; > >> + extern SSL_METHOD *SSLv2_method(void); > >> ++#endif > >> + %rename(sslv3_method) SSLv3_method; > >> + extern SSL_METHOD *SSLv3_method(void); > >> + %rename(sslv23_method) SSLv23_method; > >> diff --git a/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb b/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb > >> index ff6203f..9daea5e 100644 > >> --- a/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb > >> +++ b/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb > >> @@ -8,7 +8,8 @@ LIC_FILES_CHKSUM = "file://LICENCE;md5=b0e1f0b7d0ce8a62c18b1287b991800e" > >> > >> SRC_URI = "http://pypi.python.org/packages/source/M/M2Crypto/M2Crypto-${PV}.tar.gz \ > >> file://0001-setup.py-link-in-sysroot-not-in-host-directories.patch \ > >> - file://0001-M2Crypto-Error-fix.patch" > >> + file://0001-M2Crypto-Error-fix.patch \ > >> + file://dont_try_build_with_SSLv2_when_it_is_not_available.patch" > >> > >> SRC_URI[md5sum] = "f93d8462ff7646397a9f77a2fe602d17" > >> SRC_URI[sha256sum] = "25b94498505c2d800ee465db0cc1aff097b1615adc3ac042a1c85ceca264fc0a" > >> @@ -19,6 +20,7 @@ inherit setuptools > >> > >> SWIG_FEATURES_x86-64 = "-D__x86_64__" > >> SWIG_FEATURES ?= "" > >> +SWIG_FEATURES += "-DOPENSSL_NO_SSL2" > >> export SWIG_FEATURES > >> > >> # Get around a problem with swig, but only if the > >> -- > >> 2.3.5 > >> > >> -- > >> _______________________________________________ > >> Openembedded-devel mailing list > >> Openembedded-devel@lists.openembedded.org > >> http://lists.openembedded.org/mailman/listinfo/openembedded-devel > > > -- > _______________________________________________ > Openembedded-devel mailing list > Openembedded-devel@lists.openembedded.org > http://lists.openembedded.org/mailman/listinfo/openembedded-devel ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [meta-python][jethro][PATCH][V2] python-m2crypto: fix SSLv2 symbol issue 2016-03-14 22:21 ` Pushpal Sidhu @ 2016-03-17 21:54 ` Martin Jansa 2016-03-17 22:58 ` Pushpal Sidhu 2016-03-29 9:58 ` Javier Viguera 0 siblings, 2 replies; 8+ messages in thread From: Martin Jansa @ 2016-03-17 21:54 UTC (permalink / raw) To: Pushpal Sidhu; +Cc: openembedded-devel [-- Attachment #1: Type: text/plain, Size: 4920 bytes --] On Mon, Mar 14, 2016 at 03:21:33PM -0700, Pushpal Sidhu wrote: > Hi, > > On Wed, Mar 9, 2016 at 11:18 AM, akuster808 <akuster808@gmail.com> wrote: > > > > > > > > On 03/09/2016 11:11 AM, Martin Jansa wrote: > > > On Wed, Mar 09, 2016 at 09:06:57AM -0800, Armin Kuster wrote: > > >> From: Armin Kuster <akuster@mvista.com> > > >> > > >> missed using "-D" for OPENSSL_NO_SSL2 swig_features. > > > > > > fido version: > > > http://patchwork.openembedded.org/patch/117291/ > > > needed -D as well, right? > > > > yes. > > > > > > > > > > I've pushed both to fido-next and jethro-next > > When will this be merged into fido/jethro? I've been running into this > build breakage for about a week now and if I patch it myself, I'll > only run into a conflict again later, causing more build issues. I'm still seeing multiple issues caused by last openssl upgrade, e.g. ruby, pywbem, crda Are they all supposed to be fixed by this? > > thanks > > -armin > > > > > >> > > >> ERROR: Failed to import the "M2Crypto" module: .../usr/lib/python2.7/site-packages/M2Crypto/__m2crypto.so: undefined symbol: SSLv2_method > > >> > > >> disable using SSLv2_method if not supported in openssl. This is now the case > > >> with the advent of CVE-2016-0800 > > >> > > >> Signed-off-by: Armin Kuster <akuster@mvista.com> > > >> --- > > >> ...y_build_with_SSLv2_when_it_is_not_available.patch | 20 ++++++++++++++++++++ > > >> .../python/python-m2crypto_0.21.1.bb | 4 +++- > > >> 2 files changed, 23 insertions(+), 1 deletion(-) > > >> create mode 100644 meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch > > >> > > >> diff --git a/meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch b/meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch > > >> new file mode 100644 > > >> index 0000000..526c23f > > >> --- /dev/null > > >> +++ b/meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch > > >> @@ -0,0 +1,20 @@ > > >> +Upstream-Status: Backport > > >> +https://gitlab.com/m2crypto/m2crypto/commit/ac01b38302474920288c1a9eb63fd35fa8d1db5b > > >> + > > >> +Signed-off-by: Armin Kuster <akuster@mvista.com> > > >> + > > >> +Index: M2Crypto-0.21.1/SWIG/_ssl.i > > >> +=================================================================== > > >> +--- M2Crypto-0.21.1.orig/SWIG/_ssl.i > > >> ++++ M2Crypto-0.21.1/SWIG/_ssl.i > > >> +@@ -48,8 +48,10 @@ extern const char *SSL_alert_desc_string > > >> + %rename(ssl_get_alert_desc_v) SSL_alert_desc_string_long; > > >> + extern const char *SSL_alert_desc_string_long(int); > > >> + > > >> ++#ifndef OPENSSL_NO_SSL2 > > >> + %rename(sslv2_method) SSLv2_method; > > >> + extern SSL_METHOD *SSLv2_method(void); > > >> ++#endif > > >> + %rename(sslv3_method) SSLv3_method; > > >> + extern SSL_METHOD *SSLv3_method(void); > > >> + %rename(sslv23_method) SSLv23_method; > > >> diff --git a/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb b/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb > > >> index ff6203f..9daea5e 100644 > > >> --- a/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb > > >> +++ b/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb > > >> @@ -8,7 +8,8 @@ LIC_FILES_CHKSUM = "file://LICENCE;md5=b0e1f0b7d0ce8a62c18b1287b991800e" > > >> > > >> SRC_URI = "http://pypi.python.org/packages/source/M/M2Crypto/M2Crypto-${PV}.tar.gz \ > > >> file://0001-setup.py-link-in-sysroot-not-in-host-directories.patch \ > > >> - file://0001-M2Crypto-Error-fix.patch" > > >> + file://0001-M2Crypto-Error-fix.patch \ > > >> + file://dont_try_build_with_SSLv2_when_it_is_not_available.patch" > > >> > > >> SRC_URI[md5sum] = "f93d8462ff7646397a9f77a2fe602d17" > > >> SRC_URI[sha256sum] = "25b94498505c2d800ee465db0cc1aff097b1615adc3ac042a1c85ceca264fc0a" > > >> @@ -19,6 +20,7 @@ inherit setuptools > > >> > > >> SWIG_FEATURES_x86-64 = "-D__x86_64__" > > >> SWIG_FEATURES ?= "" > > >> +SWIG_FEATURES += "-DOPENSSL_NO_SSL2" > > >> export SWIG_FEATURES > > >> > > >> # Get around a problem with swig, but only if the > > >> -- > > >> 2.3.5 > > >> > > >> -- > > >> _______________________________________________ > > >> Openembedded-devel mailing list > > >> Openembedded-devel@lists.openembedded.org > > >> http://lists.openembedded.org/mailman/listinfo/openembedded-devel > > > > > -- > > _______________________________________________ > > Openembedded-devel mailing list > > Openembedded-devel@lists.openembedded.org > > http://lists.openembedded.org/mailman/listinfo/openembedded-devel -- Martin 'JaMa' Jansa jabber: Martin.Jansa@gmail.com [-- Attachment #2: Digital signature --] [-- Type: application/pgp-signature, Size: 188 bytes --] ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [meta-python][jethro][PATCH][V2] python-m2crypto: fix SSLv2 symbol issue 2016-03-17 21:54 ` Martin Jansa @ 2016-03-17 22:58 ` Pushpal Sidhu 2016-03-29 9:58 ` Javier Viguera 1 sibling, 0 replies; 8+ messages in thread From: Pushpal Sidhu @ 2016-03-17 22:58 UTC (permalink / raw) To: Martin Jansa; +Cc: openembedded-devel On Thu, Mar 17, 2016 at 2:54 PM, Martin Jansa <martin.jansa@gmail.com> wrote: > On Mon, Mar 14, 2016 at 03:21:33PM -0700, Pushpal Sidhu wrote: >> Hi, >> >> On Wed, Mar 9, 2016 at 11:18 AM, akuster808 <akuster808@gmail.com> wrote: >> > >> > >> > >> > On 03/09/2016 11:11 AM, Martin Jansa wrote: >> > > On Wed, Mar 09, 2016 at 09:06:57AM -0800, Armin Kuster wrote: >> > >> From: Armin Kuster <akuster@mvista.com> >> > >> >> > >> missed using "-D" for OPENSSL_NO_SSL2 swig_features. >> > > >> > > fido version: >> > > http://patchwork.openembedded.org/patch/117291/ >> > > needed -D as well, right? >> > >> > yes. >> > >> > >> > > >> > > I've pushed both to fido-next and jethro-next >> >> When will this be merged into fido/jethro? I've been running into this >> build breakage for about a week now and if I patch it myself, I'll >> only run into a conflict again later, causing more build issues. > > I'm still seeing multiple issues caused by last openssl upgrade, e.g. > ruby, pywbem, crda > > Are they all supposed to be fixed by this? Good point, it doesn't seem like they are because these tools haven't been updated to stop supporting SSLv2. We either need to patch every broken package or update them (which may or may not fix them). For example, I bumped the crda package from 3.13 -> 3.18 (fido), but I still run into this problem. Another approach we can try is by updating m2crypto as Armin did here: http://patchwork.openembedded.org/patch/117217/. This would have to be backported all the way back to fido (unless openssl was updated for other branches as well). Apparently, this fixes crda, might be a fix for other packages as well? - Pushpal >> > thanks >> > -armin >> > > >> > >> >> > >> ERROR: Failed to import the "M2Crypto" module: .../usr/lib/python2.7/site-packages/M2Crypto/__m2crypto.so: undefined symbol: SSLv2_method >> > >> >> > >> disable using SSLv2_method if not supported in openssl. This is now the case >> > >> with the advent of CVE-2016-0800 >> > >> >> > >> Signed-off-by: Armin Kuster <akuster@mvista.com> >> > >> --- >> > >> ...y_build_with_SSLv2_when_it_is_not_available.patch | 20 ++++++++++++++++++++ >> > >> .../python/python-m2crypto_0.21.1.bb | 4 +++- >> > >> 2 files changed, 23 insertions(+), 1 deletion(-) >> > >> create mode 100644 meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch >> > >> >> > >> diff --git a/meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch b/meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch >> > >> new file mode 100644 >> > >> index 0000000..526c23f >> > >> --- /dev/null >> > >> +++ b/meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch >> > >> @@ -0,0 +1,20 @@ >> > >> +Upstream-Status: Backport >> > >> +https://gitlab.com/m2crypto/m2crypto/commit/ac01b38302474920288c1a9eb63fd35fa8d1db5b >> > >> + >> > >> +Signed-off-by: Armin Kuster <akuster@mvista.com> >> > >> + >> > >> +Index: M2Crypto-0.21.1/SWIG/_ssl.i >> > >> +=================================================================== >> > >> +--- M2Crypto-0.21.1.orig/SWIG/_ssl.i >> > >> ++++ M2Crypto-0.21.1/SWIG/_ssl.i >> > >> +@@ -48,8 +48,10 @@ extern const char *SSL_alert_desc_string >> > >> + %rename(ssl_get_alert_desc_v) SSL_alert_desc_string_long; >> > >> + extern const char *SSL_alert_desc_string_long(int); >> > >> + >> > >> ++#ifndef OPENSSL_NO_SSL2 >> > >> + %rename(sslv2_method) SSLv2_method; >> > >> + extern SSL_METHOD *SSLv2_method(void); >> > >> ++#endif >> > >> + %rename(sslv3_method) SSLv3_method; >> > >> + extern SSL_METHOD *SSLv3_method(void); >> > >> + %rename(sslv23_method) SSLv23_method; >> > >> diff --git a/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb b/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb >> > >> index ff6203f..9daea5e 100644 >> > >> --- a/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb >> > >> +++ b/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb >> > >> @@ -8,7 +8,8 @@ LIC_FILES_CHKSUM = "file://LICENCE;md5=b0e1f0b7d0ce8a62c18b1287b991800e" >> > >> >> > >> SRC_URI = "http://pypi.python.org/packages/source/M/M2Crypto/M2Crypto-${PV}.tar.gz \ >> > >> file://0001-setup.py-link-in-sysroot-not-in-host-directories.patch \ >> > >> - file://0001-M2Crypto-Error-fix.patch" >> > >> + file://0001-M2Crypto-Error-fix.patch \ >> > >> + file://dont_try_build_with_SSLv2_when_it_is_not_available.patch" >> > >> >> > >> SRC_URI[md5sum] = "f93d8462ff7646397a9f77a2fe602d17" >> > >> SRC_URI[sha256sum] = "25b94498505c2d800ee465db0cc1aff097b1615adc3ac042a1c85ceca264fc0a" >> > >> @@ -19,6 +20,7 @@ inherit setuptools >> > >> >> > >> SWIG_FEATURES_x86-64 = "-D__x86_64__" >> > >> SWIG_FEATURES ?= "" >> > >> +SWIG_FEATURES += "-DOPENSSL_NO_SSL2" >> > >> export SWIG_FEATURES >> > >> >> > >> # Get around a problem with swig, but only if the >> > >> -- >> > >> 2.3.5 >> > >> >> > >> -- >> > >> _______________________________________________ >> > >> Openembedded-devel mailing list >> > >> Openembedded-devel@lists.openembedded.org >> > >> http://lists.openembedded.org/mailman/listinfo/openembedded-devel >> > > >> > -- >> > _______________________________________________ >> > Openembedded-devel mailing list >> > Openembedded-devel@lists.openembedded.org >> > http://lists.openembedded.org/mailman/listinfo/openembedded-devel > > -- > Martin 'JaMa' Jansa jabber: Martin.Jansa@gmail.com ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [meta-python][jethro][PATCH][V2] python-m2crypto: fix SSLv2 symbol issue 2016-03-17 21:54 ` Martin Jansa 2016-03-17 22:58 ` Pushpal Sidhu @ 2016-03-29 9:58 ` Javier Viguera 2016-03-29 10:37 ` Martin Jansa 1 sibling, 1 reply; 8+ messages in thread From: Javier Viguera @ 2016-03-29 9:58 UTC (permalink / raw) To: openembedded-devel, Pushpal Sidhu, martin.jansa On 17/03/16 22:54, Martin Jansa wrote: > > I'm still seeing multiple issues caused by last openssl upgrade, e.g. > ruby, pywbem, crda > > Are they all supposed to be fixed by this? Well I just did a basic build tests with the three mentioned above (ruby, pywbem and crda) and these are the results: RUBY ~~~~ I don't see any difference with or without the patch, it's building fine even without the patch but the patch does not hurt either. PYWBEM_0.8.0 ~~~~~~~~~~~~ Without the patch fails with: File "/ssd/dey/jethro/x11/ccimx6sbc/tmp/sysroots/x86_64-linux/usr/lib/python2.7/site-packages/M2Crypto/_m2crypto.py", line 24, in swig_import_helper _mod = imp.load_module('__m2crypto', fp, pathname, description) ImportError: /ssd/dey/jethro/x11/ccimx6sbc/tmp/sysroots/x86_64-linux/usr/lib/python2.7/site-packages/M2Crypto/__m2crypto.so: undefined symbol: SSLv2_method With the patch PYWBEM builds fine. CRDA_3.18 ~~~~~~~~~ Without the patch fails with: NOTE: make -j 8 MAKEFLAGS= DESTDIR=/ssd/dey/jethro/x11/ccimx6sbc/tmp/work/cortexa9hf-vfp-neon-dey-linux-gnueabi/crda/3.18-r0/image LIBDIR=/usr/lib/crda LDLIBREG=-Wl,-rpath,/usr/lib/crda -lreg all_noverify GEN keys-gcrypt.c Trusted pubkeys: pubkeys/linville.key.pub.pem pubkeys/sforshee.key.pub.pem ERROR: Failed to import the "M2Crypto" module: /ssd/dey/jethro/x11/ccimx6sbc/tmp/sysroots/x86_64-linux/usr/lib/python2.7/site-packages/M2Crypto/__m2crypto.so: undefined symbol: SSLv2_method With the patch CRDA builds fine. So I would say that the patch improves the situation. It fixes the build for some packages and does not seem to break anything. I'm also having build failures for CRDA since almost a month now, so I would like to have the 'jethro-next' merged to 'jethro' as well. Thanks, Javier Viguera ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [meta-python][jethro][PATCH][V2] python-m2crypto: fix SSLv2 symbol issue 2016-03-29 9:58 ` Javier Viguera @ 2016-03-29 10:37 ` Martin Jansa 0 siblings, 0 replies; 8+ messages in thread From: Martin Jansa @ 2016-03-29 10:37 UTC (permalink / raw) To: Javier Viguera; +Cc: openembedded-devel [-- Attachment #1: Type: text/plain, Size: 2235 bytes --] On Tue, Mar 29, 2016 at 11:58:55AM +0200, Javier Viguera wrote: > On 17/03/16 22:54, Martin Jansa wrote: > > > > I'm still seeing multiple issues caused by last openssl upgrade, e.g. > > ruby, pywbem, crda > > > > Are they all supposed to be fixed by this? > > Well I just did a basic build tests with the three mentioned above > (ruby, pywbem and crda) and these are the results: > > RUBY > ~~~~ > I don't see any difference with or without the patch, it's building fine > even without the patch but the patch does not hurt either. > > PYWBEM_0.8.0 > ~~~~~~~~~~~~ > Without the patch fails with: > > File > "/ssd/dey/jethro/x11/ccimx6sbc/tmp/sysroots/x86_64-linux/usr/lib/python2.7/site-packages/M2Crypto/_m2crypto.py", > line 24, in swig_import_helper > _mod = imp.load_module('__m2crypto', fp, pathname, description) > ImportError: > /ssd/dey/jethro/x11/ccimx6sbc/tmp/sysroots/x86_64-linux/usr/lib/python2.7/site-packages/M2Crypto/__m2crypto.so: > undefined symbol: SSLv2_method > > With the patch PYWBEM builds fine. > > CRDA_3.18 > ~~~~~~~~~ > Without the patch fails with: > > NOTE: make -j 8 MAKEFLAGS= > DESTDIR=/ssd/dey/jethro/x11/ccimx6sbc/tmp/work/cortexa9hf-vfp-neon-dey-linux-gnueabi/crda/3.18-r0/image > LIBDIR=/usr/lib/crda LDLIBREG=-Wl,-rpath,/usr/lib/crda -lreg all_noverify > GEN keys-gcrypt.c > Trusted pubkeys: pubkeys/linville.key.pub.pem > pubkeys/sforshee.key.pub.pem > ERROR: Failed to import the "M2Crypto" module: > /ssd/dey/jethro/x11/ccimx6sbc/tmp/sysroots/x86_64-linux/usr/lib/python2.7/site-packages/M2Crypto/__m2crypto.so: > undefined symbol: SSLv2_method > > With the patch CRDA builds fine. > > So I would say that the patch improves the situation. It fixes the build > for some packages and does not seem to break anything. > > > I'm also having build failures for CRDA since almost a month now, so I > would like to have the 'jethro-next' merged to 'jethro' as well. Thanks for testing. ruby fix is pending in: http://lists.openembedded.org/pipermail/openembedded-core/2016-March/119582.html I've merged jethro-next in meta-oe repo. -- Martin 'JaMa' Jansa jabber: Martin.Jansa@gmail.com [-- Attachment #2: Digital signature --] [-- Type: application/pgp-signature, Size: 188 bytes --] ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2016-03-29 10:37 UTC | newest] Thread overview: 8+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2016-03-09 17:06 [meta-python][jethro][PATCH][V2] python-m2crypto: fix SSLv2 symbol issue Armin Kuster 2016-03-09 19:11 ` Martin Jansa 2016-03-09 19:18 ` akuster808 2016-03-14 22:21 ` Pushpal Sidhu 2016-03-17 21:54 ` Martin Jansa 2016-03-17 22:58 ` Pushpal Sidhu 2016-03-29 9:58 ` Javier Viguera 2016-03-29 10:37 ` Martin Jansa
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.