Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-86250

crypto-policies FTBFS

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • crypto-policies-20250404-2.gitca0e9a5.el10
    • No
    • Low
    • 1
    • rhel-security-crypto
    • ssg_security
    • 8
    • 10
    • 0.1
    • False
    • False
    • Hide

      None

      Show
      None
    • No
    • Crypto25Q2
    • Unspecified Release Note Type - Unknown
    • Unspecified
    • Unspecified
    • Unspecified
    • x86_64
    • None

      What were you trying to do that didn't work?

      build of crypto-policies fail in mock

      What is the impact of this issue to you?

       

      crypto-policies package can't be rebuild.

      Please provide the package NVR for which the bug is seen:

       

      crypto-policies-20250404-1.gitca0e9a5.el10

      How reproducible is this bug?:

       

      always.

      Steps to reproduce

      1.  try to build crypto-policies package after latest openssh update

      Expected results

      failed build.

      Actual results

       

       
Unsupported KEX algorithm "mlkem768x25519-sha256"
/tmp/tmpj87thbol line 4: Bad SSH2 KexAlgorithms 'mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512'.
/tmp/tmpj87thbol: terminating, 1 bad configuration options
There is an error in OpenSSH server generated policy
Policy:
Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr
MACs hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512
GSSAPIKexAlgorithms gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-
KexAlgorithms mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
PubkeyAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com
HostbasedAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com
CASignatureAlgorithms ecdsa-sha2-nistp256,sk-ecdsa-sha2-nistp256@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-256,rsa-sha2-512
RequiredRSASize 2048
Error testing config for openssh
sequoia-policy-config not found, skipping...
sequoia-policy-config not found, skipping...
make: *** [Makefile:71: check] Error 3

       

      This broke because openssh-9.9pl1-8.el10 switched from openssh provided mlkem to openssl provided one.

              asosedki@redhat.com Alexander Sosedkin
              bleve Tuomo Soini (Inactive)
              Alexander Sosedkin Alexander Sosedkin
              Ondrej Moris Ondrej Moris
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated: