[meta-python][jethro][PATCH][V2] python-m2crypto: fix SSLv2 symbol issue

[meta-python][jethro][PATCH][V2] python-m2crypto: fix SSLv2 symbol issue

[Armin Kuster]

From: Armin Kuster <akuster@mvista.com>

missed using "-D"  for OPENSSL_NO_SSL2 swig_features.

ERROR: Failed to import the "M2Crypto" module: .../usr/lib/python2.7/site-packages/M2Crypto/__m2crypto.so: undefined symbol: SSLv2_method

disable using SSLv2_method if not supported in openssl. This is now the case
with the advent of CVE-2016-0800

Signed-off-by: Armin Kuster <akuster@mvista.com>
---
 ...y_build_with_SSLv2_when_it_is_not_available.patch | 20 ++++++++++++++++++++
 .../python/python-m2crypto_0.21.1.bb                 |  4 +++-
 2 files changed, 23 insertions(+), 1 deletion(-)
 create mode 100644 meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch

diff --git a/meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch b/meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch
new file mode 100644
index 0000000..526c23f
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch
@@ -0,0 +1,20 @@
+Upstream-Status: Backport
+https://gitlab.com/m2crypto/m2crypto/commit/ac01b38302474920288c1a9eb63fd35fa8d1db5b
+
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+Index: M2Crypto-0.21.1/SWIG/_ssl.i
+===================================================================
+--- M2Crypto-0.21.1.orig/SWIG/_ssl.i
++++ M2Crypto-0.21.1/SWIG/_ssl.i
+@@ -48,8 +48,10 @@ extern const char *SSL_alert_desc_string
+ %rename(ssl_get_alert_desc_v) SSL_alert_desc_string_long;
+ extern const char *SSL_alert_desc_string_long(int);
+ 
++#ifndef OPENSSL_NO_SSL2
+ %rename(sslv2_method) SSLv2_method;
+ extern SSL_METHOD *SSLv2_method(void);
++#endif
+ %rename(sslv3_method) SSLv3_method;
+ extern SSL_METHOD *SSLv3_method(void);
+ %rename(sslv23_method) SSLv23_method;
diff --git a/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb b/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb
index ff6203f..9daea5e 100644
--- a/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb
+++ b/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb
@@ -8,7 +8,8 @@ LIC_FILES_CHKSUM = "file://LICENCE;md5=b0e1f0b7d0ce8a62c18b1287b991800e"
 
 SRC_URI = "http://pypi.python.org/packages/source/M/M2Crypto/M2Crypto-${PV}.tar.gz \
            file://0001-setup.py-link-in-sysroot-not-in-host-directories.patch \
-           file://0001-M2Crypto-Error-fix.patch"
+           file://0001-M2Crypto-Error-fix.patch \
+           file://dont_try_build_with_SSLv2_when_it_is_not_available.patch"
 
 SRC_URI[md5sum] = "f93d8462ff7646397a9f77a2fe602d17"
 SRC_URI[sha256sum] = "25b94498505c2d800ee465db0cc1aff097b1615adc3ac042a1c85ceca264fc0a"
@@ -19,6 +20,7 @@ inherit setuptools
 
 SWIG_FEATURES_x86-64 = "-D__x86_64__"
 SWIG_FEATURES ?= ""
+SWIG_FEATURES += "-DOPENSSL_NO_SSL2"
 export SWIG_FEATURES
 
 # Get around a problem with swig, but only if the
-- 
2.3.5

Re: [meta-python][jethro][PATCH][V2] python-m2crypto: fix SSLv2 symbol issue

[Martin Jansa]

[-- Attachment #1: Type: text/plain, Size: 3687 bytes --]

On Wed, Mar 09, 2016 at 09:06:57AM -0800, Armin Kuster wrote:
> From: Armin Kuster <akuster@mvista.com>
> 
> missed using "-D"  for OPENSSL_NO_SSL2 swig_features.

fido version:
http://patchwork.openembedded.org/patch/117291/
needed -D as well, right?

I've pushed both to fido-next and jethro-next

> 
> ERROR: Failed to import the "M2Crypto" module: .../usr/lib/python2.7/site-packages/M2Crypto/__m2crypto.so: undefined symbol: SSLv2_method
> 
> disable using SSLv2_method if not supported in openssl. This is now the case
> with the advent of CVE-2016-0800
> 
> Signed-off-by: Armin Kuster <akuster@mvista.com>
> ---
>  ...y_build_with_SSLv2_when_it_is_not_available.patch | 20 ++++++++++++++++++++
>  .../python/python-m2crypto_0.21.1.bb                 |  4 +++-
>  2 files changed, 23 insertions(+), 1 deletion(-)
>  create mode 100644 meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch
> 
> diff --git a/meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch b/meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch
> new file mode 100644
> index 0000000..526c23f
> --- /dev/null
> +++ b/meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch
> @@ -0,0 +1,20 @@
> +Upstream-Status: Backport
> +https://gitlab.com/m2crypto/m2crypto/commit/ac01b38302474920288c1a9eb63fd35fa8d1db5b
> +
> +Signed-off-by: Armin Kuster <akuster@mvista.com>
> +
> +Index: M2Crypto-0.21.1/SWIG/_ssl.i
> +===================================================================
> +--- M2Crypto-0.21.1.orig/SWIG/_ssl.i
> ++++ M2Crypto-0.21.1/SWIG/_ssl.i
> +@@ -48,8 +48,10 @@ extern const char *SSL_alert_desc_string
> + %rename(ssl_get_alert_desc_v) SSL_alert_desc_string_long;
> + extern const char *SSL_alert_desc_string_long(int);
> + 
> ++#ifndef OPENSSL_NO_SSL2
> + %rename(sslv2_method) SSLv2_method;
> + extern SSL_METHOD *SSLv2_method(void);
> ++#endif
> + %rename(sslv3_method) SSLv3_method;
> + extern SSL_METHOD *SSLv3_method(void);
> + %rename(sslv23_method) SSLv23_method;
> diff --git a/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb b/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb
> index ff6203f..9daea5e 100644
> --- a/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb
> +++ b/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb
> @@ -8,7 +8,8 @@ LIC_FILES_CHKSUM = "file://LICENCE;md5=b0e1f0b7d0ce8a62c18b1287b991800e"
>  
>  SRC_URI = "http://pypi.python.org/packages/source/M/M2Crypto/M2Crypto-${PV}.tar.gz \
>             file://0001-setup.py-link-in-sysroot-not-in-host-directories.patch \
> -           file://0001-M2Crypto-Error-fix.patch"
> +           file://0001-M2Crypto-Error-fix.patch \
> +           file://dont_try_build_with_SSLv2_when_it_is_not_available.patch"
>  
>  SRC_URI[md5sum] = "f93d8462ff7646397a9f77a2fe602d17"
>  SRC_URI[sha256sum] = "25b94498505c2d800ee465db0cc1aff097b1615adc3ac042a1c85ceca264fc0a"
> @@ -19,6 +20,7 @@ inherit setuptools
>  
>  SWIG_FEATURES_x86-64 = "-D__x86_64__"
>  SWIG_FEATURES ?= ""
> +SWIG_FEATURES += "-DOPENSSL_NO_SSL2"
>  export SWIG_FEATURES
>  
>  # Get around a problem with swig, but only if the
> -- 
> 2.3.5
> 
> -- 
> _______________________________________________
> Openembedded-devel mailing list
> Openembedded-devel@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-devel

-- 
Martin 'JaMa' Jansa     jabber: Martin.Jansa@gmail.com

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 188 bytes --]

Re: [meta-python][jethro][PATCH][V2] python-m2crypto: fix SSLv2 symbol issue

[akuster808]

On 03/09/2016 11:11 AM, Martin Jansa wrote:
> On Wed, Mar 09, 2016 at 09:06:57AM -0800, Armin Kuster wrote:
>> From: Armin Kuster <akuster@mvista.com>
>>
>> missed using "-D"  for OPENSSL_NO_SSL2 swig_features.
> 
> fido version:
> http://patchwork.openembedded.org/patch/117291/
> needed -D as well, right?

yes.


> 
> I've pushed both to fido-next and jethro-next

thanks
-armin
> 
>>
>> ERROR: Failed to import the "M2Crypto" module: .../usr/lib/python2.7/site-packages/M2Crypto/__m2crypto.so: undefined symbol: SSLv2_method
>>
>> disable using SSLv2_method if not supported in openssl. This is now the case
>> with the advent of CVE-2016-0800
>>
>> Signed-off-by: Armin Kuster <akuster@mvista.com>
>> ---
>>  ...y_build_with_SSLv2_when_it_is_not_available.patch | 20 ++++++++++++++++++++
>>  .../python/python-m2crypto_0.21.1.bb                 |  4 +++-
>>  2 files changed, 23 insertions(+), 1 deletion(-)
>>  create mode 100644 meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch
>>
>> diff --git a/meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch b/meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch
>> new file mode 100644
>> index 0000000..526c23f
>> --- /dev/null
>> +++ b/meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch
>> @@ -0,0 +1,20 @@
>> +Upstream-Status: Backport
>> +https://gitlab.com/m2crypto/m2crypto/commit/ac01b38302474920288c1a9eb63fd35fa8d1db5b
>> +
>> +Signed-off-by: Armin Kuster <akuster@mvista.com>
>> +
>> +Index: M2Crypto-0.21.1/SWIG/_ssl.i
>> +===================================================================
>> +--- M2Crypto-0.21.1.orig/SWIG/_ssl.i
>> ++++ M2Crypto-0.21.1/SWIG/_ssl.i
>> +@@ -48,8 +48,10 @@ extern const char *SSL_alert_desc_string
>> + %rename(ssl_get_alert_desc_v) SSL_alert_desc_string_long;
>> + extern const char *SSL_alert_desc_string_long(int);
>> + 
>> ++#ifndef OPENSSL_NO_SSL2
>> + %rename(sslv2_method) SSLv2_method;
>> + extern SSL_METHOD *SSLv2_method(void);
>> ++#endif
>> + %rename(sslv3_method) SSLv3_method;
>> + extern SSL_METHOD *SSLv3_method(void);
>> + %rename(sslv23_method) SSLv23_method;
>> diff --git a/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb b/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb
>> index ff6203f..9daea5e 100644
>> --- a/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb
>> +++ b/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb
>> @@ -8,7 +8,8 @@ LIC_FILES_CHKSUM = "file://LICENCE;md5=b0e1f0b7d0ce8a62c18b1287b991800e"
>>  
>>  SRC_URI = "http://pypi.python.org/packages/source/M/M2Crypto/M2Crypto-${PV}.tar.gz \
>>             file://0001-setup.py-link-in-sysroot-not-in-host-directories.patch \
>> -           file://0001-M2Crypto-Error-fix.patch"
>> +           file://0001-M2Crypto-Error-fix.patch \
>> +           file://dont_try_build_with_SSLv2_when_it_is_not_available.patch"
>>  
>>  SRC_URI[md5sum] = "f93d8462ff7646397a9f77a2fe602d17"
>>  SRC_URI[sha256sum] = "25b94498505c2d800ee465db0cc1aff097b1615adc3ac042a1c85ceca264fc0a"
>> @@ -19,6 +20,7 @@ inherit setuptools
>>  
>>  SWIG_FEATURES_x86-64 = "-D__x86_64__"
>>  SWIG_FEATURES ?= ""
>> +SWIG_FEATURES += "-DOPENSSL_NO_SSL2"
>>  export SWIG_FEATURES
>>  
>>  # Get around a problem with swig, but only if the
>> -- 
>> 2.3.5
>>
>> -- 
>> _______________________________________________
>> Openembedded-devel mailing list
>> Openembedded-devel@lists.openembedded.org
>> http://lists.openembedded.org/mailman/listinfo/openembedded-devel
> 

Re: [meta-python][jethro][PATCH][V2] python-m2crypto: fix SSLv2 symbol issue

[Pushpal Sidhu]

Hi,

On Wed, Mar 9, 2016 at 11:18 AM, akuster808 <akuster808@gmail.com> wrote:
>
>
>
> On 03/09/2016 11:11 AM, Martin Jansa wrote:
> > On Wed, Mar 09, 2016 at 09:06:57AM -0800, Armin Kuster wrote:
> >> From: Armin Kuster <akuster@mvista.com>
> >>
> >> missed using "-D"  for OPENSSL_NO_SSL2 swig_features.
> >
> > fido version:
> > http://patchwork.openembedded.org/patch/117291/
> > needed -D as well, right?
>
> yes.
>
>
> >
> > I've pushed both to fido-next and jethro-next

When will this be merged into fido/jethro? I've been running into this
build breakage for about a week now and if I patch it myself, I'll
only run into a conflict again later, causing more build issues.

Thanks,
- Pushpal

> thanks
> -armin
> >
> >>
> >> ERROR: Failed to import the "M2Crypto" module: .../usr/lib/python2.7/site-packages/M2Crypto/__m2crypto.so: undefined symbol: SSLv2_method
> >>
> >> disable using SSLv2_method if not supported in openssl. This is now the case
> >> with the advent of CVE-2016-0800
> >>
> >> Signed-off-by: Armin Kuster <akuster@mvista.com>
> >> ---
> >>  ...y_build_with_SSLv2_when_it_is_not_available.patch | 20 ++++++++++++++++++++
> >>  .../python/python-m2crypto_0.21.1.bb                 |  4 +++-
> >>  2 files changed, 23 insertions(+), 1 deletion(-)
> >>  create mode 100644 meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch
> >>
> >> diff --git a/meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch b/meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch
> >> new file mode 100644
> >> index 0000000..526c23f
> >> --- /dev/null
> >> +++ b/meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch
> >> @@ -0,0 +1,20 @@
> >> +Upstream-Status: Backport
> >> +https://gitlab.com/m2crypto/m2crypto/commit/ac01b38302474920288c1a9eb63fd35fa8d1db5b
> >> +
> >> +Signed-off-by: Armin Kuster <akuster@mvista.com>
> >> +
> >> +Index: M2Crypto-0.21.1/SWIG/_ssl.i
> >> +===================================================================
> >> +--- M2Crypto-0.21.1.orig/SWIG/_ssl.i
> >> ++++ M2Crypto-0.21.1/SWIG/_ssl.i
> >> +@@ -48,8 +48,10 @@ extern const char *SSL_alert_desc_string
> >> + %rename(ssl_get_alert_desc_v) SSL_alert_desc_string_long;
> >> + extern const char *SSL_alert_desc_string_long(int);
> >> +
> >> ++#ifndef OPENSSL_NO_SSL2
> >> + %rename(sslv2_method) SSLv2_method;
> >> + extern SSL_METHOD *SSLv2_method(void);
> >> ++#endif
> >> + %rename(sslv3_method) SSLv3_method;
> >> + extern SSL_METHOD *SSLv3_method(void);
> >> + %rename(sslv23_method) SSLv23_method;
> >> diff --git a/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb b/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb
> >> index ff6203f..9daea5e 100644
> >> --- a/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb
> >> +++ b/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb
> >> @@ -8,7 +8,8 @@ LIC_FILES_CHKSUM = "file://LICENCE;md5=b0e1f0b7d0ce8a62c18b1287b991800e"
> >>
> >>  SRC_URI = "http://pypi.python.org/packages/source/M/M2Crypto/M2Crypto-${PV}.tar.gz \
> >>             file://0001-setup.py-link-in-sysroot-not-in-host-directories.patch \
> >> -           file://0001-M2Crypto-Error-fix.patch"
> >> +           file://0001-M2Crypto-Error-fix.patch \
> >> +           file://dont_try_build_with_SSLv2_when_it_is_not_available.patch"
> >>
> >>  SRC_URI[md5sum] = "f93d8462ff7646397a9f77a2fe602d17"
> >>  SRC_URI[sha256sum] = "25b94498505c2d800ee465db0cc1aff097b1615adc3ac042a1c85ceca264fc0a"
> >> @@ -19,6 +20,7 @@ inherit setuptools
> >>
> >>  SWIG_FEATURES_x86-64 = "-D__x86_64__"
> >>  SWIG_FEATURES ?= ""
> >> +SWIG_FEATURES += "-DOPENSSL_NO_SSL2"
> >>  export SWIG_FEATURES
> >>
> >>  # Get around a problem with swig, but only if the
> >> --
> >> 2.3.5
> >>
> >> --
> >> _______________________________________________
> >> Openembedded-devel mailing list
> >> Openembedded-devel@lists.openembedded.org
> >> http://lists.openembedded.org/mailman/listinfo/openembedded-devel
> >
> --
> _______________________________________________
> Openembedded-devel mailing list
> Openembedded-devel@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-devel

Re: [meta-python][jethro][PATCH][V2] python-m2crypto: fix SSLv2 symbol issue

[Martin Jansa]

[-- Attachment #1: Type: text/plain, Size: 4920 bytes --]

On Mon, Mar 14, 2016 at 03:21:33PM -0700, Pushpal Sidhu wrote:
> Hi,
> 
> On Wed, Mar 9, 2016 at 11:18 AM, akuster808 <akuster808@gmail.com> wrote:
> >
> >
> >
> > On 03/09/2016 11:11 AM, Martin Jansa wrote:
> > > On Wed, Mar 09, 2016 at 09:06:57AM -0800, Armin Kuster wrote:
> > >> From: Armin Kuster <akuster@mvista.com>
> > >>
> > >> missed using "-D"  for OPENSSL_NO_SSL2 swig_features.
> > >
> > > fido version:
> > > http://patchwork.openembedded.org/patch/117291/
> > > needed -D as well, right?
> >
> > yes.
> >
> >
> > >
> > > I've pushed both to fido-next and jethro-next
> 
> When will this be merged into fido/jethro? I've been running into this
> build breakage for about a week now and if I patch it myself, I'll
> only run into a conflict again later, causing more build issues.

I'm still seeing multiple issues caused by last openssl upgrade, e.g.
ruby, pywbem, crda

Are they all supposed to be fixed by this?

> > thanks
> > -armin
> > >
> > >>
> > >> ERROR: Failed to import the "M2Crypto" module: .../usr/lib/python2.7/site-packages/M2Crypto/__m2crypto.so: undefined symbol: SSLv2_method
> > >>
> > >> disable using SSLv2_method if not supported in openssl. This is now the case
> > >> with the advent of CVE-2016-0800
> > >>
> > >> Signed-off-by: Armin Kuster <akuster@mvista.com>
> > >> ---
> > >>  ...y_build_with_SSLv2_when_it_is_not_available.patch | 20 ++++++++++++++++++++
> > >>  .../python/python-m2crypto_0.21.1.bb                 |  4 +++-
> > >>  2 files changed, 23 insertions(+), 1 deletion(-)
> > >>  create mode 100644 meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch
> > >>
> > >> diff --git a/meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch b/meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch
> > >> new file mode 100644
> > >> index 0000000..526c23f
> > >> --- /dev/null
> > >> +++ b/meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch
> > >> @@ -0,0 +1,20 @@
> > >> +Upstream-Status: Backport
> > >> +https://gitlab.com/m2crypto/m2crypto/commit/ac01b38302474920288c1a9eb63fd35fa8d1db5b
> > >> +
> > >> +Signed-off-by: Armin Kuster <akuster@mvista.com>
> > >> +
> > >> +Index: M2Crypto-0.21.1/SWIG/_ssl.i
> > >> +===================================================================
> > >> +--- M2Crypto-0.21.1.orig/SWIG/_ssl.i
> > >> ++++ M2Crypto-0.21.1/SWIG/_ssl.i
> > >> +@@ -48,8 +48,10 @@ extern const char *SSL_alert_desc_string
> > >> + %rename(ssl_get_alert_desc_v) SSL_alert_desc_string_long;
> > >> + extern const char *SSL_alert_desc_string_long(int);
> > >> +
> > >> ++#ifndef OPENSSL_NO_SSL2
> > >> + %rename(sslv2_method) SSLv2_method;
> > >> + extern SSL_METHOD *SSLv2_method(void);
> > >> ++#endif
> > >> + %rename(sslv3_method) SSLv3_method;
> > >> + extern SSL_METHOD *SSLv3_method(void);
> > >> + %rename(sslv23_method) SSLv23_method;
> > >> diff --git a/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb b/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb
> > >> index ff6203f..9daea5e 100644
> > >> --- a/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb
> > >> +++ b/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb
> > >> @@ -8,7 +8,8 @@ LIC_FILES_CHKSUM = "file://LICENCE;md5=b0e1f0b7d0ce8a62c18b1287b991800e"
> > >>
> > >>  SRC_URI = "http://pypi.python.org/packages/source/M/M2Crypto/M2Crypto-${PV}.tar.gz \
> > >>             file://0001-setup.py-link-in-sysroot-not-in-host-directories.patch \
> > >> -           file://0001-M2Crypto-Error-fix.patch"
> > >> +           file://0001-M2Crypto-Error-fix.patch \
> > >> +           file://dont_try_build_with_SSLv2_when_it_is_not_available.patch"
> > >>
> > >>  SRC_URI[md5sum] = "f93d8462ff7646397a9f77a2fe602d17"
> > >>  SRC_URI[sha256sum] = "25b94498505c2d800ee465db0cc1aff097b1615adc3ac042a1c85ceca264fc0a"
> > >> @@ -19,6 +20,7 @@ inherit setuptools
> > >>
> > >>  SWIG_FEATURES_x86-64 = "-D__x86_64__"
> > >>  SWIG_FEATURES ?= ""
> > >> +SWIG_FEATURES += "-DOPENSSL_NO_SSL2"
> > >>  export SWIG_FEATURES
> > >>
> > >>  # Get around a problem with swig, but only if the
> > >> --
> > >> 2.3.5
> > >>
> > >> --
> > >> _______________________________________________
> > >> Openembedded-devel mailing list
> > >> Openembedded-devel@lists.openembedded.org
> > >> http://lists.openembedded.org/mailman/listinfo/openembedded-devel
> > >
> > --
> > _______________________________________________
> > Openembedded-devel mailing list
> > Openembedded-devel@lists.openembedded.org
> > http://lists.openembedded.org/mailman/listinfo/openembedded-devel

-- 
Martin 'JaMa' Jansa     jabber: Martin.Jansa@gmail.com

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 188 bytes --]

Re: [meta-python][jethro][PATCH][V2] python-m2crypto: fix SSLv2 symbol issue

[Pushpal Sidhu]

On Thu, Mar 17, 2016 at 2:54 PM, Martin Jansa <martin.jansa@gmail.com> wrote:
> On Mon, Mar 14, 2016 at 03:21:33PM -0700, Pushpal Sidhu wrote:
>> Hi,
>>
>> On Wed, Mar 9, 2016 at 11:18 AM, akuster808 <akuster808@gmail.com> wrote:
>> >
>> >
>> >
>> > On 03/09/2016 11:11 AM, Martin Jansa wrote:
>> > > On Wed, Mar 09, 2016 at 09:06:57AM -0800, Armin Kuster wrote:
>> > >> From: Armin Kuster <akuster@mvista.com>
>> > >>
>> > >> missed using "-D"  for OPENSSL_NO_SSL2 swig_features.
>> > >
>> > > fido version:
>> > > http://patchwork.openembedded.org/patch/117291/
>> > > needed -D as well, right?
>> >
>> > yes.
>> >
>> >
>> > >
>> > > I've pushed both to fido-next and jethro-next
>>
>> When will this be merged into fido/jethro? I've been running into this
>> build breakage for about a week now and if I patch it myself, I'll
>> only run into a conflict again later, causing more build issues.
>
> I'm still seeing multiple issues caused by last openssl upgrade, e.g.
> ruby, pywbem, crda
>
> Are they all supposed to be fixed by this?

Good point, it doesn't seem like they are because these tools haven't
been updated to stop supporting SSLv2. We either need to patch every
broken package or update them (which may or may not fix them). For
example, I bumped the crda package from 3.13 -> 3.18 (fido), but I
still run into this problem.

Another approach we can try is by updating m2crypto as Armin did here:
http://patchwork.openembedded.org/patch/117217/. This would have to be
backported all the way back to fido (unless openssl was updated for
other branches as well). Apparently, this fixes crda, might be a fix
for other packages as well?

- Pushpal

>> > thanks
>> > -armin
>> > >
>> > >>
>> > >> ERROR: Failed to import the "M2Crypto" module: .../usr/lib/python2.7/site-packages/M2Crypto/__m2crypto.so: undefined symbol: SSLv2_method
>> > >>
>> > >> disable using SSLv2_method if not supported in openssl. This is now the case
>> > >> with the advent of CVE-2016-0800
>> > >>
>> > >> Signed-off-by: Armin Kuster <akuster@mvista.com>
>> > >> ---
>> > >>  ...y_build_with_SSLv2_when_it_is_not_available.patch | 20 ++++++++++++++++++++
>> > >>  .../python/python-m2crypto_0.21.1.bb                 |  4 +++-
>> > >>  2 files changed, 23 insertions(+), 1 deletion(-)
>> > >>  create mode 100644 meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch
>> > >>
>> > >> diff --git a/meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch b/meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch
>> > >> new file mode 100644
>> > >> index 0000000..526c23f
>> > >> --- /dev/null
>> > >> +++ b/meta-python/recipes-devtools/python/python-m2crypto/dont_try_build_with_SSLv2_when_it_is_not_available.patch
>> > >> @@ -0,0 +1,20 @@
>> > >> +Upstream-Status: Backport
>> > >> +https://gitlab.com/m2crypto/m2crypto/commit/ac01b38302474920288c1a9eb63fd35fa8d1db5b
>> > >> +
>> > >> +Signed-off-by: Armin Kuster <akuster@mvista.com>
>> > >> +
>> > >> +Index: M2Crypto-0.21.1/SWIG/_ssl.i
>> > >> +===================================================================
>> > >> +--- M2Crypto-0.21.1.orig/SWIG/_ssl.i
>> > >> ++++ M2Crypto-0.21.1/SWIG/_ssl.i
>> > >> +@@ -48,8 +48,10 @@ extern const char *SSL_alert_desc_string
>> > >> + %rename(ssl_get_alert_desc_v) SSL_alert_desc_string_long;
>> > >> + extern const char *SSL_alert_desc_string_long(int);
>> > >> +
>> > >> ++#ifndef OPENSSL_NO_SSL2
>> > >> + %rename(sslv2_method) SSLv2_method;
>> > >> + extern SSL_METHOD *SSLv2_method(void);
>> > >> ++#endif
>> > >> + %rename(sslv3_method) SSLv3_method;
>> > >> + extern SSL_METHOD *SSLv3_method(void);
>> > >> + %rename(sslv23_method) SSLv23_method;
>> > >> diff --git a/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb b/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb
>> > >> index ff6203f..9daea5e 100644
>> > >> --- a/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb
>> > >> +++ b/meta-python/recipes-devtools/python/python-m2crypto_0.21.1.bb
>> > >> @@ -8,7 +8,8 @@ LIC_FILES_CHKSUM = "file://LICENCE;md5=b0e1f0b7d0ce8a62c18b1287b991800e"
>> > >>
>> > >>  SRC_URI = "http://pypi.python.org/packages/source/M/M2Crypto/M2Crypto-${PV}.tar.gz \
>> > >>             file://0001-setup.py-link-in-sysroot-not-in-host-directories.patch \
>> > >> -           file://0001-M2Crypto-Error-fix.patch"
>> > >> +           file://0001-M2Crypto-Error-fix.patch \
>> > >> +           file://dont_try_build_with_SSLv2_when_it_is_not_available.patch"
>> > >>
>> > >>  SRC_URI[md5sum] = "f93d8462ff7646397a9f77a2fe602d17"
>> > >>  SRC_URI[sha256sum] = "25b94498505c2d800ee465db0cc1aff097b1615adc3ac042a1c85ceca264fc0a"
>> > >> @@ -19,6 +20,7 @@ inherit setuptools
>> > >>
>> > >>  SWIG_FEATURES_x86-64 = "-D__x86_64__"
>> > >>  SWIG_FEATURES ?= ""
>> > >> +SWIG_FEATURES += "-DOPENSSL_NO_SSL2"
>> > >>  export SWIG_FEATURES
>> > >>
>> > >>  # Get around a problem with swig, but only if the
>> > >> --
>> > >> 2.3.5
>> > >>
>> > >> --
>> > >> _______________________________________________
>> > >> Openembedded-devel mailing list
>> > >> Openembedded-devel@lists.openembedded.org
>> > >> http://lists.openembedded.org/mailman/listinfo/openembedded-devel
>> > >
>> > --
>> > _______________________________________________
>> > Openembedded-devel mailing list
>> > Openembedded-devel@lists.openembedded.org
>> > http://lists.openembedded.org/mailman/listinfo/openembedded-devel
>
> --
> Martin 'JaMa' Jansa     jabber: Martin.Jansa@gmail.com

Re: [meta-python][jethro][PATCH][V2] python-m2crypto: fix SSLv2 symbol issue

[Javier Viguera]

On 17/03/16 22:54, Martin Jansa wrote:
>
> I'm still seeing multiple issues caused by last openssl upgrade, e.g.
> ruby, pywbem, crda
>
> Are they all supposed to be fixed by this?

Well I just did a basic build tests with the three mentioned above 
(ruby, pywbem and crda) and these are the results:

RUBY
~~~~
I don't see any difference with or without the patch, it's building fine 
even without the patch but the patch does not hurt either.

PYWBEM_0.8.0
~~~~~~~~~~~~
Without the patch fails with:

   File 
"/ssd/dey/jethro/x11/ccimx6sbc/tmp/sysroots/x86_64-linux/usr/lib/python2.7/site-packages/M2Crypto/_m2crypto.py", 
line 24, in swig_import_helper
     _mod = imp.load_module('__m2crypto', fp, pathname, description)
   ImportError: 
/ssd/dey/jethro/x11/ccimx6sbc/tmp/sysroots/x86_64-linux/usr/lib/python2.7/site-packages/M2Crypto/__m2crypto.so: 
undefined symbol: SSLv2_method

With the patch PYWBEM builds fine.

CRDA_3.18
~~~~~~~~~
Without the patch fails with:

NOTE: make -j 8 MAKEFLAGS= 
DESTDIR=/ssd/dey/jethro/x11/ccimx6sbc/tmp/work/cortexa9hf-vfp-neon-dey-linux-gnueabi/crda/3.18-r0/image 
LIBDIR=/usr/lib/crda LDLIBREG=-Wl,-rpath,/usr/lib/crda -lreg all_noverify
   GEN  keys-gcrypt.c
   Trusted pubkeys: pubkeys/linville.key.pub.pem 
pubkeys/sforshee.key.pub.pem
ERROR: Failed to import the "M2Crypto" module: 
/ssd/dey/jethro/x11/ccimx6sbc/tmp/sysroots/x86_64-linux/usr/lib/python2.7/site-packages/M2Crypto/__m2crypto.so: 
undefined symbol: SSLv2_method

With the patch CRDA builds fine.

So I would say that the patch improves the situation. It fixes the build 
for some packages and does not seem to break anything.


I'm also having build failures for CRDA since almost a month now, so I 
would like to have the 'jethro-next' merged to 'jethro' as well.


Thanks,

Javier Viguera

Re: [meta-python][jethro][PATCH][V2] python-m2crypto: fix SSLv2 symbol issue

[Martin Jansa]

[-- Attachment #1: Type: text/plain, Size: 2235 bytes --]

On Tue, Mar 29, 2016 at 11:58:55AM +0200, Javier Viguera wrote:
> On 17/03/16 22:54, Martin Jansa wrote:
> >
> > I'm still seeing multiple issues caused by last openssl upgrade, e.g.
> > ruby, pywbem, crda
> >
> > Are they all supposed to be fixed by this?
> 
> Well I just did a basic build tests with the three mentioned above 
> (ruby, pywbem and crda) and these are the results:
> 
> RUBY
> ~~~~
> I don't see any difference with or without the patch, it's building fine 
> even without the patch but the patch does not hurt either.
> 
> PYWBEM_0.8.0
> ~~~~~~~~~~~~
> Without the patch fails with:
> 
>    File 
> "/ssd/dey/jethro/x11/ccimx6sbc/tmp/sysroots/x86_64-linux/usr/lib/python2.7/site-packages/M2Crypto/_m2crypto.py", 
> line 24, in swig_import_helper
>      _mod = imp.load_module('__m2crypto', fp, pathname, description)
>    ImportError: 
> /ssd/dey/jethro/x11/ccimx6sbc/tmp/sysroots/x86_64-linux/usr/lib/python2.7/site-packages/M2Crypto/__m2crypto.so: 
> undefined symbol: SSLv2_method
> 
> With the patch PYWBEM builds fine.
> 
> CRDA_3.18
> ~~~~~~~~~
> Without the patch fails with:
> 
> NOTE: make -j 8 MAKEFLAGS= 
> DESTDIR=/ssd/dey/jethro/x11/ccimx6sbc/tmp/work/cortexa9hf-vfp-neon-dey-linux-gnueabi/crda/3.18-r0/image 
> LIBDIR=/usr/lib/crda LDLIBREG=-Wl,-rpath,/usr/lib/crda -lreg all_noverify
>    GEN  keys-gcrypt.c
>    Trusted pubkeys: pubkeys/linville.key.pub.pem 
> pubkeys/sforshee.key.pub.pem
> ERROR: Failed to import the "M2Crypto" module: 
> /ssd/dey/jethro/x11/ccimx6sbc/tmp/sysroots/x86_64-linux/usr/lib/python2.7/site-packages/M2Crypto/__m2crypto.so: 
> undefined symbol: SSLv2_method
> 
> With the patch CRDA builds fine.
> 
> So I would say that the patch improves the situation. It fixes the build 
> for some packages and does not seem to break anything.
> 
> 
> I'm also having build failures for CRDA since almost a month now, so I 
> would like to have the 'jethro-next' merged to 'jethro' as well.

Thanks for testing.

ruby fix is pending in:
http://lists.openembedded.org/pipermail/openembedded-core/2016-March/119582.html

I've merged jethro-next in meta-oe repo.

-- 
Martin 'JaMa' Jansa     jabber: Martin.Jansa@gmail.com

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 188 bytes --]