https://projects.osmocom.org/https://projects.osmocom.org/favicon.ico?16647414092016-11-09T10:21:01ZOpen Source Mobile Communicationslibosmocore - Bug #1694: integrate debian patcheshttps://projects.osmocom.org/issues/1694?journal_id=24102016-11-09T10:21:01Zlaforge
<ul><li><strong>Assignee</strong> set to <i>msuraev</i></li></ul> libosmocore - Bug #1694: integrate debian patcheshttps://projects.osmocom.org/issues/1694?journal_id=26152016-12-14T12:45:20Zmsuraev
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Stalled</i></li><li><strong>% Done</strong> changed from <i>0</i> to <i>10</i></li></ul><p>Gerrit <a class="issue tracker-1 status-5 priority-2 priority-default closed" title="Bug: simtrace component names on silk screen unreadable (Closed)" href="https://projects.osmocom.org/issues/1426">#1426</a> has been sent for review.</p> libosmocore - Bug #1694: integrate debian patcheshttps://projects.osmocom.org/issues/1694?journal_id=26202016-12-15T15:14:18Zlaforge
<ul></ul> libosmocore - Bug #1694: integrate debian patcheshttps://projects.osmocom.org/issues/1694?journal_id=26482016-12-19T16:13:59Zmsuraev
<ul></ul><p>libosmocore in Debian got 6 patches:<br />1,6 - erroneous<br />2,4 - already applied<br />3,5 - specific to Debian build process</p> libosmocore - Bug #1694: integrate debian patcheshttps://projects.osmocom.org/issues/1694?journal_id=26682016-12-20T18:12:29Zmsuraev
<ul></ul><p>openbsc got 5 patches:<br />2 are already fixed,<br />1 is debian-specific,<br />2 others are adopted into gerrit <a class="issue tracker-2 status-1 priority-1 priority-lowest" title="Feature: Add VCC current sensing circuit for SPA & DPA attacks (New)" href="https://projects.osmocom.org/issues/1463">#1463</a> and 1464</p> libosmocore - Bug #1694: integrate debian patcheshttps://projects.osmocom.org/issues/1694?journal_id=26692016-12-20T18:12:50Zmsuraev
<ul><li><strong>Status</strong> changed from <i>Stalled</i> to <i>In Progress</i></li></ul> libosmocore - Bug #1694: integrate debian patcheshttps://projects.osmocom.org/issues/1694?journal_id=26722016-12-21T13:07:28Zmsuraev
<ul></ul><p>libosmo-sccp have 3 patches:<br />- already fixed<br />- debian-specific<br />- conflicting with current master<br />General changes to debian/ were sent for review in gerrit # 1468.</p> libosmocore - Bug #1694: integrate debian patcheshttps://projects.osmocom.org/issues/1694?journal_id=26862016-12-22T13:52:02Zmsuraev
<ul><li><strong>% Done</strong> changed from <i>10</i> to <i>20</i></li></ul><p>Changes submitted to gerrit in 1469, 1473, 1478-1481, 1483-1485. The more intrusive changes are left for further iterations.</p> libosmocore - Bug #1694: integrate debian patcheshttps://projects.osmocom.org/issues/1694?journal_id=26992016-12-24T12:35:52Zmsuraev
<ul><li><strong>Status</strong> changed from <i>In Progress</i> to <i>Stalled</i></li></ul> libosmocore - Bug #1694: integrate debian patcheshttps://projects.osmocom.org/issues/1694?journal_id=27012016-12-27T11:03:19Zmsuraev
<ul><li><strong>Related to</strong> <i><a class="issue tracker-2 status-3 priority-2 priority-default closed" href="/issues/1894">Feature #1894</a>: include gnutls into our sdk</i> added</li></ul> libosmocore - Bug #1694: integrate debian patcheshttps://projects.osmocom.org/issues/1694?journal_id=27032016-12-27T11:05:20Zmsuraev
<ul><li><strong>Related to</strong> deleted (<i><a class="issue tracker-2 status-3 priority-2 priority-default closed" href="/issues/1894">Feature #1894</a>: include gnutls into our sdk</i>)</li></ul> libosmocore - Bug #1694: integrate debian patcheshttps://projects.osmocom.org/issues/1694?journal_id=27062016-12-27T11:05:22Zmsuraev
<ul><li><strong>Blocked by</strong> <i><a class="issue tracker-2 status-3 priority-2 priority-default closed" href="/issues/1894">Feature #1894</a>: include gnutls into our sdk</i> added</li></ul> libosmocore - Bug #1694: integrate debian patcheshttps://projects.osmocom.org/issues/1694?journal_id=42982017-06-15T14:05:10Zmsuraev
<ul></ul><p>Gerrit 1464, 1526 are under review.</p> libosmocore - Bug #1694: integrate debian patcheshttps://projects.osmocom.org/issues/1694?journal_id=55502017-10-05T06:24:54Zlaforge
<ul></ul><p>ping? no status update for 3 months?</p> libosmocore - Bug #1694: integrate debian patcheshttps://projects.osmocom.org/issues/1694?journal_id=55572017-10-05T08:41:17Zmsuraev
<ul><li><strong>% Done</strong> changed from <i>20</i> to <i>30</i></li></ul><p>Blocked by on-going discussion on OpenSSL and getrandom(). The biggest piece which is still out there is license incompatibility due to use of OpenSSL functions.</p>
<p>Proposed solutions:<br />- use re-licensed (under Apache 2.0) OpenSSL<br />- use getrandom()</p>
<p>The patches implementing 2nd approach are available in gerrit 1526, 3819-3821.</p>
<p>The downsides:<br />- the process of re-licensing of OpenSSL is not finished yet, it's unclear from which version onwards it'll be under Apache 2.0 and when this version hits the repositories.<br />- exessive use of random might (in theory) deplete entropy pool.</p>
<p>The last problem is not specific to either solution but can occur on both of them. So far we've dealt with it by falling back to insecure random generator while logging warning message.</p> libosmocore - Bug #1694: integrate debian patcheshttps://projects.osmocom.org/issues/1694?journal_id=57552017-10-11T08:32:52Zlaforge
<ul><li><strong>Priority</strong> changed from <i>Normal</i> to <i>High</i></li></ul><p>random-related patches have been merged, so please un-stall this.</p> libosmocore - Bug #1694: integrate debian patcheshttps://projects.osmocom.org/issues/1694?journal_id=57672017-10-11T12:03:01Zmsuraev
<ul><li><strong>Status</strong> changed from <i>Stalled</i> to <i>In Progress</i></li><li><strong>% Done</strong> changed from <i>30</i> to <i>40</i></li></ul><p>Before merging related gerrit 3819-3821 we have to figure out why SYS_getrandom is undefined in case of our jenkins build. Initially I've suspected that configure test somehow fails but according to test results on gerrit 4193 that's not the case.</p> libosmocore - Bug #1694: integrate debian patcheshttps://projects.osmocom.org/issues/1694?journal_id=57812017-10-12T12:44:59Zmsuraev
<ul><li><strong>Status</strong> changed from <i>In Progress</i> to <i>Feedback</i></li></ul><p>On OBS SYS_getrandom is detected properly on all distros with the exception of debian 8. The getrandom syscall was introduced in kernel 3.17, Debian 8 has 3.16 according to <a class="external" href="https://wiki.debian.org/DebianJessie">https://wiki.debian.org/DebianJessie</a></p>
<p>From libosmocore PoV it's fine, however applications which do not implement insecure random fallback won't work on Debian 8. Not sure what shall I do about it?</p> libosmocore - Bug #1694: integrate debian patcheshttps://projects.osmocom.org/issues/1694?journal_id=57842017-10-12T14:00:19Zlaforge
<ul></ul><p>On Thu, Oct 12, 2017 at 12:44:59PM +0000, msuraev [REDMINE] wrote:</p>
<blockquote>
<p>Issue <a class="issue tracker-1 status-3 priority-3 priority-high3 closed" title="Bug: integrate debian patches (Resolved)" href="https://projects.osmocom.org/issues/1694">#1694</a> has been updated by msuraev.</p>
<p>Status changed from In Progress to Feedback</p>
<p>On OBS SYS_getrandom is detected properly on all distros with the exception of debian 8. The getrandom syscall was introduced in kernel 3.17, Debian 8 has 3.16 according to <a class="external" href="https://wiki.debian.org/DebianJessie">https://wiki.debian.org/DebianJessie</a></p>
<p>From libosmocore PoV it's fine, however applications which do not implement insecure random fallback won't work on Debian 8. Not sure what shall I do about it?</p>
</blockquote>
<p><strong>sigh</strong>. Guess we need a compile-time switch for libosmocore to use openssl, after all.</p>
<p>The default should be off, but on Debian 8 or other older environments, this could be enabled<br />at compile time, at which point ./configure must find openssl or otherwise abort.</p>
<p>I'd rather not leave this up to each application to resolve by itself.</p>
<p>lick here: <a class="external" href="https://osmocom.org/my/account">https://osmocom.org/my/account</a></p> libosmocore - Bug #1694: integrate debian patcheshttps://projects.osmocom.org/issues/1694?journal_id=58262017-10-16T12:02:30Zmsuraev
<ul></ul><p>laforge wrote:</p>
<blockquote>
<p><strong>sigh</strong>. Guess we need a compile-time switch for libosmocore to use openssl, after all.</p>
</blockquote>
<p>This would not resolve the licensing issue - it will just move it from osmo-* to libosmocore and limit it to Debian 8 (which I think is as unlikely to get apache-licensed openssl as newer kernel with getrandom). I propose to use GnuTLS instead (it's license-compatible and available in Debian 8) as was the case with the earlier version of the patch.</p>
<blockquote>
<p>The default should be off, but on Debian 8 or other older environments, this could be enabled<br />at compile time, at which point ./configure must find openssl or otherwise abort.</p>
</blockquote>
<p>We can just enable it as a fallback to missing *getrandom instead of current "always return failure" fallback. Is there a case when we'd like to turn off this GnuTLS fallback and use current failure mode instead?</p>
<blockquote>
<p>lick here: <a class="external" href="https://osmocom.org/my/account">https://osmocom.org/my/account</a></p>
</blockquote>
<p>I'd rather not :-)</p> libosmocore - Bug #1694: integrate debian patcheshttps://projects.osmocom.org/issues/1694?journal_id=60412017-11-02T16:37:56Zmsuraev
<ul><li><strong>Status</strong> changed from <i>Feedback</i> to <i>Stalled</i></li></ul><p>Gerrit 4593 with fallback implementation is under review. Once it's merged, 3819-3821 jenkins tests should be retriggered.</p> libosmocore - Bug #1694: integrate debian patcheshttps://projects.osmocom.org/issues/1694?journal_id=60422017-11-02T16:38:21Zmsuraev
<ul><li><strong>Related to</strong> <i><a class="issue tracker-2 status-1 priority-1 priority-lowest" href="/issues/2610">Feature #2610</a>: optimize GnuTLS fallback</i> added</li></ul> libosmocore - Bug #1694: integrate debian patcheshttps://projects.osmocom.org/issues/1694?journal_id=60452017-11-02T16:38:31Zmsuraev
<ul><li><strong>Blocked by</strong> deleted (<i><a class="issue tracker-2 status-3 priority-2 priority-default closed" href="/issues/1894">Feature #1894</a>: include gnutls into our sdk</i>)</li></ul> libosmocore - Bug #1694: integrate debian patcheshttps://projects.osmocom.org/issues/1694?journal_id=63202017-11-21T18:35:50Zmsuraev
<ul><li><strong>% Done</strong> changed from <i>40</i> to <i>60</i></li></ul><p>4593 is merged, 3819-3821 were updated.</p> libosmocore - Bug #1694: integrate debian patcheshttps://projects.osmocom.org/issues/1694?journal_id=69872018-01-02T15:54:14Zmsuraev
<ul><li><strong>Status</strong> changed from <i>Stalled</i> to <i>Resolved</i></li><li><strong>% Done</strong> changed from <i>60</i> to <i>100</i></li></ul><p>Remaining patches 3819-3821 were merged. There's ongoing .deb packaging project - see <a class="external" href="https://osmocom.org/news/81">https://osmocom.org/news/81</a> so we can close this ticket.</p>