Bug 29637

Summary: Transmission crashes when downloading torrents due to openssl not having legacy (RC4) crypto enabled by default
Product: Mageia Reporter: Olav Vitters <olav>
Component: RPM PackagesAssignee: All Packagers <pkg-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: critical    
Priority: Normal CC: ftg, jani.valimaa
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: transmission-3.00-7.mga9.src.rpm CVE:
Status comment:

Description Olav Vitters 2021-11-08 20:43:38 CET 
Description of problem:
Transmission started crashing and producing a backtrace. The cause is that RC4 is disabled by default. Transmission upstream switched to relying on a RC4 library. Might be good to package current upstream including that library? Or somehow force the legacy things to be enabled only for transmission (no clue how).


Version-Release number of selected component (if applicable):
transmission-3.00-7.mga9.src.rpm
openssl-3.0.0-2.mga9.src.rpm


How reproducible:


Steps to Reproduce:
1. Download some torrrent, ensure encryption is forced
2. Wait for transmission to crash
3.

Workaround:
Edit /etc/pki/tls/openssl.cnf, enable legacy providers as explained in the config file.
Frank Griffin 2021-11-08 21:56:18 CET

CC: (none) => ftg

Comment 1 David Walser 2021-11-09 15:01:31 CET 
Transmission should be fixed upstream to not rely on the insecure algorithm.

Source RPM: transmission-3.00-7.mga9.src.rpm openssl-3.0.0-2.mga9.src.rpm => transmission-3.00-7.mga9.src.rpm

Comment 2 Jani Välimaa 2021-11-09 15:55:55 CET 
Upstream bug report:
https://github.com/transmission/transmission/issues/1777

Upstream fix:
https://github.com/transmission/transmission/commit/a459e5e11b2d2524b649f7487368de30c8d2af21

I don't know if it's possible to backport upstream fix to our pkg. IIRC the path didn't apply as is.
Comment 3 Frank Griffin 2021-11-12 00:27:57 CET 
The registered maintainer, akien, no longer appears to be in the database, so assigning to all maintainers.

Assignee: bugsquad => pkg-bugs

Comment 4 Jani Välimaa 2021-11-14 12:02:11 CET 
Backported upstream changes to transmission-3.00-8.mga9. Please test.

CC: (none) => jani.valimaa

Comment 5 Jani Välimaa 2021-11-18 17:31:57 CET 
Closing as FIXED. Feel free to reopen if needed.

Resolution: (none) => FIXED
Status: NEW => RESOLVED