Add workaround for openssl bug RHBZ#2133884

2022-10-11 22:03:38 +01:00 · 2022-10-11 22:03:38 +01:00 · 75f10447a6
commit 75f10447a6
parent 079cc475fb
2 changed files with 49 additions and 2 deletions
--- a/0001-appliance-Copy-in-etc-crypto-policies-back-ends-file.patch
+++ b/0001-appliance-Copy-in-etc-crypto-policies-back-ends-file.patch
@ -0,0 +1,43 @@
+From d6ba398825bfdd67daf57bac0a4d8bcb281a62a8 Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Tue, 11 Oct 2022 21:48:30 +0100
+Subject: [PATCH] appliance: Copy in /etc/crypto-policies/back-ends/ files
+
+Downstream patched openssl in Fedora 37+ broke unless
+/etc/crypto-policies/back-ends/opensslcnf.conf is present.  Files in
+this directory are generated by %post rules that use scripting
+languages so cannot easily be created by supermin.
+
+Force a copy of the host files into the appliance.  This is not ideal
+and is hopefully a temporary fix until Fedora's openssl is fixed.
+
+A symptom of this problem is the error:
+
+  Requested hash sha256 is not supported.
+  Failed to set pbkdf parameters.
+
+Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2133884
+---
+ appliance/hostfiles.in | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/appliance/hostfiles.in b/appliance/hostfiles.in
+index e78c79bd34..2c42a858e8 100644
+--- a/appliance/hostfiles.in
+++ b/appliance/hostfiles.in
+@@ -14,6 +14,12 @@ dnl   FRUGALWARE=1   For Frugalware.
+ dnl   MAGEIA=1       For Mageia.
+ dnl   OPENMANDRIVA=1 For OpenMandriva.
+ 
+# Work around broken openssl in Fedora 37+ by forcibly copying in
+# these host configuration files (RHBZ#2133884).
+ifelse(REDHAT,1,
+/etc/crypto-policies/back-ends/*.config
+)
+
+ /etc/ld.so.cache
+ /lib/lsb/*
+ /usr/share/augeas/lenses/*.aug
+-- 
+2.37.0.rc2
+
--- a/libguestfs.spec
+++ b/libguestfs.spec
@ -48,7 +48,7 @@ Summary:       Access and modify virtual machine disk images
 Name:          libguestfs
 Epoch:         1
 Version:       1.49.5
-Release:       1%{?dist}
+Release:       2%{?dist}
 License:       LGPLv2+

 # Build only for architectures that have a kernel
@ -82,6 +82,10 @@ Source7:       libguestfs.keyring
 # Maintainer script which helps with handling patches.
 Source8:       copy-patches.sh

+# Workaround for openssl bug RHBZ#2133884
+# Upstream in libguestfs
+Patch:         0001-appliance-Copy-in-etc-crypto-policies-back-ends-file.patch
+
 %if 0%{patches_touch_autotools}
 BuildRequires: autoconf, automake, libtool, gettext-devel
 %endif
@ -1123,7 +1127,7 @@ rm ocaml/html/.gitignore


 %changelog
-* Tue Oct 11 2022 Richard W.M. Jones <rjones@redhat.com> - 1:1.49.5-1
+* Tue Oct 11 2022 Richard W.M. Jones <rjones@redhat.com> - 1:1.49.5-2
 - New upstream development version 1.49.5

 * Wed Oct 05 2022 Remi Collet <remi@remirepo.net> - 1:1.49.4-2