Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Work around RHEL8 pooping the bed in OpenSSL's headers #12961

Merged
merged 1 commit into from Jun 28, 2023
Merged

Work around RHEL8 pooping the bed in OpenSSL's headers #12961

merged 1 commit into from Jun 28, 2023

Conversation

rgacogne
Copy link
Member

@rgacogne rgacogne commented Jun 28, 2023
edited

Short description

The openssl/kdf.h header on RHEL8 is invalid because someone backported a work-in-progress feature to an older OpenSSL branch and did not bother to backport the fixes that were added later.

Red Hat declined to fix their mess and helpfully suggested we do the work instead in https://bugzilla.redhat.com/show_bug.cgi?id=2215856

This will need to be backported to all the branches we want to support on RHEL 8 and co.

Fixes #12926:

  • before checking whether EVP_PKEY_CTX_set1_scrypt_salt is declared... no
  • after checking whether EVP_PKEY_CTX_set1_scrypt_salt is declared... yes and it actually compiles
# pdns/pdnsutil hash-password
Warning: unable to read configuration file '/usr/local/etc/pdns.conf': No such file or directory
$scrypt$ln=10,p=1,r=8$Vtrf782VeuoQNY9VE7mvUA==$KFn4DGLV0SV4O7Pxunb38MBHr3uCf5SXtfzsf30aeBc=

Checklist

I have:

  • read the CONTRIBUTING.md document
  • compiled this code
  • tested this code
  • included documentation (including possible behaviour changes)
  • documented the code
  • added or modified regression test(s)
  • added or modified unit test(s)

@rgacogne
Work around Red Hat 8 pooping the bed in OpenSSL's headers
3dabf2d 
The openssl/kdf.h header on EL8 is invalid because someone backported
a work-in-progress feature to an older OpenSSL branch and did not
bother to backport the fixes that were added later.

Red Hat declined to fix their mess and helpfully suggested we do the
work instead in https://bugzilla.redhat.com/show_bug.cgi?id=2215856
@rgacogne rgacogne added this to the common-soon milestone Jun 28, 2023
@Habbie
Copy link
Member

Habbie commented Jun 28, 2023

Fixes #12613

should be #12926

@rgacogne
Copy link
Member Author

Fixes #12613

should be #12926

Oops, correct! Sorry but I'm not going to fix it until there is a CVE assigned to it!

@rgacogne rgacogne changed the title Work around Red Hat 8 pooping the bed in OpenSSL's headers Work around RHEL8 pooping the bed in OpenSSL's headers Jun 28, 2023
@rgacogne rgacogne merged commit 7f0111e into PowerDNS:master Jun 28, 2023
74 checks passed
@rgacogne rgacogne deleted the doing-red-hat-job-myself branch June 28, 2023 15:33
@Habbie Habbie mentioned this pull request Jul 6, 2023
Merged
8 tasks
@omoerbeek omoerbeek mentioned this pull request Jul 6, 2023
Merged
8 tasks
This was referenced Jul 26, 2023
Merged
Merged
@rgacogne rgacogne mentioned this pull request Aug 14, 2023
Merged
8 tasks
@Habbie Habbie mentioned this pull request Oct 5, 2023
Merged
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Habbie Habbie Habbie approved these changes

Assignees
No one assigned
Labels
auth defect dnsdist rec
Projects
None yet
Milestone
common-soon
Development

Successfully merging this pull request may close these issues.

pdnsutil hash-password doesn't work on RHEL8
3 participants
@rgacogne @Habbie @omoerbeek