[Bug 947747] New: npm: openssl fips failed
http://bugzilla.suse.com/show_bug.cgi?id=947747 Bug ID: 947747 Summary: npm: openssl fips failed Classification: openSUSE Product: openSUSE Factory Version: 2015* Hardware: Other OS: Other Status: NEW Severity: Major Priority: P5 - None Component: Development Assignee: bnc-team-screening@forge.provo.novell.com Reporter: fvogt@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- I wanted to install something using npm and even "npm -v" fails. Fully upgraded system after "zypper in nodejs-npm":
npm -v openssl fips failed: error:2D06C06E:FIPS routines:FIPS_module_mode_set:fingerprint does not match Aborted
Works fine on openSUSE 13.2. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=947747 http://bugzilla.suse.com/show_bug.cgi?id=947747#c3 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|bnc-team-screening@forge.pr |meissner@suse.com |ovo.novell.com | --- Comment #3 from Marcus Meissner <meissner@suse.com> --- can you run? rpm -q libopenssl1_0_0 libopenssl1_0_0-hmac -- You are receiving this mail because: You are on the CC list for the bug.
rpm -q libopenssl1_0_0 libopenssl1_0_0-hmac
http://bugzilla.suse.com/show_bug.cgi?id=947747 http://bugzilla.suse.com/show_bug.cgi?id=947747#c4 --- Comment #4 from Fabian Vogt <fvogt@suse.com> --- libopenssl1_0_0-1.0.2d-1.1.x86_64 package libopenssl1_0_0-hmac is not installed Indeed, installing libopenssl1_0_0-hmac fixes it. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=947747 http://bugzilla.suse.com/show_bug.cgi?id=947747#c5 --- Comment #5 from Marcus Meissner <meissner@suse.com> --- was the system fips enabkled? the error should not show up unless it is. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=947747 http://bugzilla.suse.com/show_bug.cgi?id=947747#c6 --- Comment #6 from Fabian Vogt <fvogt@suse.com> --- Nope,
cat /proc/cmdline BOOT_IMAGE=/boot/vmlinuz-4.1.6-3-desktop root=UUID=196cfdfc-b265-48bb-89f4-69ac7af42dd2 resume=/dev/sda1 splash=silent quiet showopts
zcat /proc/config.gz | grep -i fips (nothing)
-- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=947747 http://bugzilla.suse.com/show_bug.cgi?id=947747#c7 --- Comment #7 from Marcus Meissner <meissner@suse.com> --- nodejs/node-v4.0.0/src/node_crypto.cc void InitCryptoOnce() { SSL_library_init(); OpenSSL_add_all_algorithms(); SSL_load_error_strings(); crypto_lock_init(); CRYPTO_set_locking_callback(crypto_lock_cb); CRYPTO_THREADID_set_callback(crypto_threadid_cb); #ifdef OPENSSL_FIPS if (!FIPS_mode_set(1)) { int err = ERR_get_error(); fprintf(stderr, "openssl fips failed: %s\n", ERR_error_string(err, NULL)); UNREACHABLE(); } #endif // OPENSSL_FIPS Nodejs seems to enforce the FIPS mode. Either you relax this check, or you require libopenssl1_0_0-hmac from the nodejs RPM. (Perhaps relax this check is prefered.) -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=947747 http://bugzilla.suse.com/show_bug.cgi?id=947747#c8 --- Comment #8 from Federico Kereki <fkereki@gmail.com> --- I can confirm that installing libopenssl1_0_0-hmac solves the problem. I'd suggest that a dependency should be added to npm, to solve this problem for all users. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=947747 http://bugzilla.suse.com/show_bug.cgi?id=947747#c9 --- Comment #9 from Marcus Meissner <meissner@suse.com> --- osc rq show 334697 Request: #334697 submit: home:msmeissn:branches:devel:languages:nodejs/nodejs@2(cleanup) -> devel:languages:nodejs Message: - Do not force enable FIPS mode. bsc#947747 State: new 2015-09-29T05:24:50 msmeissn Comment: <no comment> History: 2015-09-29T05:24:50 msmeissn Request created shoud help -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=947747 http://bugzilla.suse.com/show_bug.cgi?id=947747#c16 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|CONFIRMED |RESOLVED Resolution|--- |FIXED --- Comment #16 from Marcus Meissner <meissner@suse.com> --- fix is at least submitted -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=947747 http://bugzilla.suse.com/show_bug.cgi?id=947747#c17 --- Comment #17 from Swamp Workflow Management <swamp@suse.de> --- This is an autogenerated message for OBS integration: This bug (947747) was mentioned in https://build.opensuse.org/request/show/636889 42.3+Backports:SLE-12 / nodejs8 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=947747 http://bugzilla.suse.com/show_bug.cgi?id=947747#c18 --- Comment #18 from Swamp Workflow Management <swamp@suse.de> --- This is an autogenerated message for OBS integration: This bug (947747) was mentioned in https://build.opensuse.org/request/show/642571 42.3+Backports:SLE-12 / nodejs8 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=947747 http://bugzilla.suse.com/show_bug.cgi?id=947747#c19 --- Comment #19 from Swamp Workflow Management <swamp@suse.de> --- This is an autogenerated message for OBS integration: This bug (947747) was mentioned in https://build.opensuse.org/request/show/649577 Backports:SLE-12-SP2 / nodejs8 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=947747 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard| |ibs:running:12711:low -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=947747 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|ibs:running:12711:low |ibs:running:12711:moderate -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=947747 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|ibs:running:12711:moderate |ibs:running:12711:important -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=947747 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|ibs:running:12711:important | -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=947747 Andrei Dziahel <develop7@develop7.info> changed: What |Removed |Added ---------------------------------------------------------------------------- CC|develop7@develop7.info | -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=947747 http://bugzilla.suse.com/show_bug.cgi?id=947747#c22 --- Comment #22 from Swamp Workflow Management <swamp@suse.de> --- SUSE-SU-2019:14246-1: An update that fixes 118 vulnerabilities is now available. Category: security (important) Bug References: 1000036,1001652,1025108,1029377,1029902,1040164,104105,1042670,1043008,1044946,1047925,1047936,1048299,1049186,1050653,1056058,1058013,1066242,1066953,1070738,1070853,1072320,1072322,1073796,1073798,1073799,1073803,1073808,1073818,1073823,1073829,1073830,1073832,1073846,1074235,1077230,1079761,1081750,1082318,1087453,1087459,1087463,1088573,1091764,1094814,1097158,1097375,1097401,1097404,1097748,1104841,1105019,1107030,1109465,1117473,1117626,1117627,1117629,1117630,1120644,1122191,1123482,1124525,1127532,1129346,1130694,1130840,1133452,1133810,1134209,1138459,1140290,1140868,1141853,1144919,1145665,1146090,1146091,1146093,1146094,1146095,1146097,1146099,1146100,1149323,1153423,1154738,1447070,1447409,744625,744629,845955,865853,905528,917607,935856,937414,947747,948045,948602,955142,957814,957815,961254,962297,966076,966077,985201,986541,991344,998743 CVE References: CVE-2013-2882,CVE-2013-6639,CVE-2013-6640,CVE-2013-6668,CVE-2014-0224,CVE-2015-3193,CVE-2015-3194,CVE-2015-5380,CVE-2015-7384,CVE-2016-2086,CVE-2016-2178,CVE-2016-2183,CVE-2016-2216,CVE-2016-5172,CVE-2016-5325,CVE-2016-6304,CVE-2016-6306,CVE-2016-7052,CVE-2016-7099,CVE-2017-1000381,CVE-2017-10686,CVE-2017-11111,CVE-2017-11499,CVE-2017-14228,CVE-2017-14849,CVE-2017-14919,CVE-2017-15896,CVE-2017-15897,CVE-2017-17810,CVE-2017-17811,CVE-2017-17812,CVE-2017-17813,CVE-2017-17814,CVE-2017-17815,CVE-2017-17816,CVE-2017-17817,CVE-2017-17818,CVE-2017-17819,CVE-2017-17820,CVE-2017-18207,CVE-2017-3735,CVE-2017-3736,CVE-2017-3738,CVE-2018-0732,CVE-2018-1000168,CVE-2018-12115,CVE-2018-12116,CVE-2018-12121,CVE-2018-12122,CVE-2018-12123,CVE-2018-20406,CVE-2018-20852,CVE-2018-7158,CVE-2018-7159,CVE-2018-7160,CVE-2018-7161,CVE-2018-7167,CVE-2019-10160,CVE-2019-11709,CVE-2019-11710,CVE-2019-11711,CVE-2019-11712,CVE-2019-11713,CVE-2019-11714,CVE-2019-11715,CVE-2019-11716,CVE-2019-11717,CVE-2019-11718,CV E-2019-11719,CVE-2019-11720,CVE-2019-11721,CVE-2019-11723,CVE-2019-11724,CVE-2019-11725,CVE-2019-11727,CVE-2019-11728,CVE-2019-11729,CVE-2019-11730,CVE-2019-11733,CVE-2019-11735,CVE-2019-11736,CVE-2019-11738,CVE-2019-11740,CVE-2019-11742,CVE-2019-11743,CVE-2019-11744,CVE-2019-11746,CVE-2019-11747,CVE-2019-11748,CVE-2019-11749,CVE-2019-11750,CVE-2019-11751,CVE-2019-11752,CVE-2019-11753,CVE-2019-11757,CVE-2019-11758,CVE-2019-11759,CVE-2019-11760,CVE-2019-11761,CVE-2019-11762,CVE-2019-11763,CVE-2019-11764,CVE-2019-13173,CVE-2019-15903,CVE-2019-5010,CVE-2019-5737,CVE-2019-9511,CVE-2019-9512,CVE-2019-9513,CVE-2019-9514,CVE-2019-9515,CVE-2019-9516,CVE-2019-9517,CVE-2019-9518,CVE-2019-9636,CVE-2019-9811,CVE-2019-9812,CVE-2019-9947 Sources used: SUSE Linux Enterprise Server 11-SP4-LTSS (src): MozillaFirefox-68.2.0-78.51.4, MozillaFirefox-branding-SLED-68-21.9.8, firefox-atk-2.26.1-2.8.4, firefox-cairo-1.15.10-2.13.4, firefox-gcc5-5.3.1+r233831-14.1, firefox-gcc8-8.2.1+r264010-2.5.1, firefox-gdk-pixbuf-2.36.11-2.8.4, firefox-glib2-2.54.3-2.14.7, firefox-gtk3-3.10.9-2.15.3, firefox-harfbuzz-1.7.5-2.7.4, firefox-libffi-3.2.1.git259-2.3.3, firefox-libffi-gcc5-5.3.1+r233831-14.1, firefox-pango-1.40.14-2.7.4, mozilla-nspr-4.21-29.6.1, mozilla-nss-3.45-38.9.3 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com