Having run a successful
dnf update git (CVE remediation) I then ran
dnf update libxml2 (CVE remediation) however I got the following error(s).
2023-01-25T09:17:16Z INFO Dependencies resolved.
2023-01-25T09:17:16Z INFO =============================================================================================================================================================================================
Package Architecture Version Repository Size
=============================================================================================================================================================================================
Upgrading:
libxml2 ppc 2.10.3-1 AIX_Toolbox 4.6 M
libxml2-devel ppc 2.10.3-1 AIX_Toolbox 678 k
libxml2-python3 ppc 2.10.3-1 AIX_Toolbox 1.1 M
Transaction Summary
=============================================================================================================================================================================================
Upgrade 3 Packages
2023-01-25T09:17:16Z INFO Total download size: 6.3 M
2023-01-25T09:17:20Z INFO Downloading Packages:
2023-01-25T09:17:20Z DDEBUG Cleaning up.
2023-01-25T09:17:20Z SUBDEBUG
Traceback (most recent call last):
File "/opt/freeware/lib/python3.7/site-packages/dnf/cli/cli.py", line 226, in do_transaction
self.download_packages(install_pkgs, self.output.progress, total_cb)
File "/opt/freeware/lib/python3.7/site-packages/dnf/base.py", line 1149, in download_packages
self._download_remote_payloads(payloads, drpm, progress, callback_total)
File "/opt/freeware/lib/python3.7/site-packages/dnf/base.py", line 1079, in _download_remote_payloads
raise dnf.exceptions.DownloadError(errors._irrecoverable)
dnf.exceptions.DownloadError: Cannot download libxml2/libxml2-2.10.3-1.aix7.1.ppc.rpm: All mirrors were tried
I then ran
dnf info dnf and got the following "SSL connect errors".
# dnf info dnf
AIX generic repository 0.0 B/s | 0 B 00:00
Errors during downloading metadata for repository 'AIX_Toolbox':
- Curl error (35): SSL connect error for anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml">https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml [error:0609D09C:digital envelope routines:INT_CTX_NEW:unsupported algorithm]
Error: Failed to download metadata for repo 'AIX_Toolbox': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried
AIX noarch repository 0.0 B/s | 0 B 00:00
Errors during downloading metadata for repository 'AIX_Toolbox_noarch':
- Curl error (35): SSL connect error for anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/noarch/repodata/repomd.xml">https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/noarch/repodata/repomd.xml [error:0609D09C:digital envelope routines:INT_CTX_NEW:unsupported algorithm]
Error: Failed to download metadata for repo 'AIX_Toolbox_noarch': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried
AIX 7.3 specific repository 0.0 B/s | 0 B 00:00
Errors during downloading metadata for repository 'AIX_Toolbox_73':
- Curl error (35): SSL connect error for anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc-7.3/repodata/repomd.xml">https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc-7.3/repodata/repomd.xml [error:0609D09C:digital envelope routines:INT_CTX_NEW:unsupported algorithm]
Error: Failed to download metadata for repo 'AIX_Toolbox_73': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried
Ignoring repositories: AIX_Toolbox, AIX_Toolbox_noarch, AIX_Toolbox_73
Installed Packages
Name : dnf
Version : 4.2.17
Release : 64_51
Architecture : ppc
Size : 9.3 k
Source : dnf-4.2.17-64_51.src.rpm
Repository : @System
From repo : AIX_Toolbox_73
Summary : Package manager
URL : https://github.com/rpm-software-management/dnf
License : GPLv2+ and GPLv2 and GPL
Description : Utility that allows users to manage packages on their systems.
: It supports RPMs, modules and comps groups & environments.
Curl, itself, appears to be "ok" though.
# curl -vvv anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml
* Trying 170.225.126.18:80...
* Connected to public.dhe.ibm.com (170.225.126.18) port 80 (#0)
* Server auth using Basic with user 'anonymous'
> GET /aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml HTTP/1.1
> Host: public.dhe.ibm.com
> Authorization: Basic YW5vbnltb3VzOg==
> User-Agent: curl/7.86.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Date: Fri, 27 Jan 2023 10:26:22 GMT
< Last-Modified: Tue, 24 Jan 2023 16:01:49 GMT
< ETag: "98b6-aa8-5f304a2205540"
< Accept-Ranges: bytes
< Content-Length: 2728
< Content-Type: application/xml
<
<?xml version="1.0" encoding="UTF-8"?>
<repomd xmlns="http://linux.duke.edu/metadata/repo" xmlns:rpm="http://linux.duke.edu/metadata/rpm">
<revision>1674574271</revision>
<data type="primary">
<checksum type="sha256">6d2528556927ea4301641c07d2e0e89bd609cd3609ce90db0875a968c68562aa</checksum>
<open-checksum type="sha256">1f4f8d408eaeb23fa776646adbe0bc3f7582f396e2461403f431f49e022abab5</open-checksum>
<location href="repodata/primary.xml.gz"/>
<timestamp>1674571834</timestamp>
<size>782839</size>
<open-size>20254465</open-size>
</data>
<data type="filelists">
<checksum type="sha256">1cc4f711bd1d1dc85ade472839a9160ccbde33f7eb116b35eb6ecb89f39fb33e</checksum>
<open-checksum type="sha256">8476869534235193e4f43ddd1ec53ae81feb0777c3a83eef085f9e4897cbd35a</open-checksum>
<location href="repodata/filelists.xml.gz"/>
<timestamp>1674571834</timestamp>
<size>18394630</size>
<open-size>419656398</open-size>
</data>
<data type="other">
<checksum type="sha256">b75e00c04f3c92c3e7832345afc45bf36129923bb22b4b0cc7bd9fb13d6d4d1a</checksum>
<open-checksum type="sha256">07cafb0fca1adb038c028553be04eb25ace625a5006505d000eb9ff45d29bbf9</open-checksum>
<location href="repodata/other.xml.gz"/>
<timestamp>1674571834</timestamp>
<size>5265420</size>
<open-size>154309515</open-size>
</data>
<data type="primary_db">
<checksum type="sha256">eee046ae85bf876d2d14f2d7584ff55265024c0603941209db257ef04a7a99f3</checksum>
<open-checksum type="sha256">33514e82e024b00084578905faa8d96e705544f49bb815ec51b60fc8c54c84ce</open-checksum>
<location href="repodata/primary.sqlite.bz2"/>
<timestamp>1674574387</timestamp>
<size>3308980</size>
<open-size>32272384</open-size>
<database_version>10</database_version>
</data>
<data type="filelists_db">
<checksum type="sha256">18549270faffd8998b8a5f1f2b04c7057674c22bd224200f978656201b892fa9</checksum>
<open-checksum type="sha256">04ba145b924b89b9a3940d9fea518333725c0f80746c37e2dfa4a13ab8cac132</open-checksum>
<location href="repodata/filelists.sqlite.bz2"/>
<timestamp>1674574409</timestamp>
<size>4453444</size>
<open-size>131670016</open-size>
<database_version>10</database_version>
</data>
<data type="other_db">
<checksum type="sha256">56a8b923107cfc9aded9f2f4550f66e1b7973552d0fa503cfdc54ec173c1ee47</checksum>
<open-checksum type="sha256">8e01d88fb96385ba579101a11cbcfdf221e2f6c6981e254a88c0ed6d6e0d5970</open-checksum>
<location href="repodata/other.sqlite.bz2"/>
<timestamp>1674574404</timestamp>
<size>5091448</size>
<open-size>125337600</open-size>
<database_version>10</database_version>
</data>
</repomd>
* Connection #0 to host public.dhe.ibm.com left intact
#
System details
oslevel -s
7300-00-02-2220
dnf --version
4.2.17
Installed: dnf-0:4.2.17-64_51.ppc at Mon Jun 27 17:28:29 EST 2022
Built : at Wed Apr 27 03:13:08 EST 2022
curl --version
curl 7.86.0 (powerpc-ibm-aix7.1.3.0) libcurl/7.86.0 OpenSSL/1.1.1l zlib/1.2.13 libssh2/1.10.0 nghttp2/1.46.0
Release-Date: 2022-10-26
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS GSS-API HSTS HTTP2 HTTPS-proxy IPv6 Kerberos Largefile libz NTLM NTLM_WB SPNEGO SSL threadsafe UnixSockets
lslpp -L | grep -i openss
openssh.base.client 8.1.102.2105 C F Open Secure Shell Commands
openssh.base.server 8.1.102.2105 C F Open Secure Shell Server
openssh.license 8.1.102.2105 C F Open Secure Shell License
openssh.man.en_US 8.1.102.2105 C F Open Secure Shell
openssh.msg.EN_US 8.1.102.2105 C F Open Secure Shell Messages -
openssh.msg.en_US 8.1.102.2105 C F Open Secure Shell Messages -
openssl.base 1.1.2.1200 CE F Open Secure Socket Layer
openssl.license 1.1.2.1200 C F Open Secure Socket License
openssl.man.en_US 1.1.2.1200 C F Open Secure Socket Layer
I found the below (same issue) posted in the Power community section
Power
Ibm |
remove preview |
|
Power |
After upgrading dnf, I encountered following error. Any help is appreciated.$ dnf updateAIX generic repository 0 |
View this on Ibm > |
|
|
Am I needing to update to the following version of OpenSSL?
openssh.base.client 8.1.112.1201 C F Open Secure Shell Commands
openssh.base.server 8.1.112.1201 C F Open Secure Shell Server
openssh.license 8.1.112.1201 C F Open Secure Shell License
openssh.man.en_US 8.1.112.1201 C F Open Secure Shell
openssh.msg.EN_US 8.1.112.1201 C F Open Secure Shell Messages -
openssh.msg.en_US 8.1.112.1201 C F Open Secure Shell Messages -
openssl.base 3.0.7.1000 C F Open Secure Socket Layer
openssl.license 3.0.7.1000 C F Open Secure Socket License
openssl.man.en_US 3.0.7.1000 C F Open Secure Socket Layer
Many thanks, Steve
------------------------------
Steve Munday
AIX, IBM i, HMC, PowerVM
------------------------------