Skip to content

Include openssl-fips-provider in EL9 openssl downgrade#1963

Merged
Odilhao merged 1 commit into
theforeman:masterfrom
zjhuntin:fix-openssl-fips-provider-downgrade
Jul 8, 2026
Merged

Include openssl-fips-provider in EL9 openssl downgrade#1963
Odilhao merged 1 commit into
theforeman:masterfrom
zjhuntin:fix-openssl-fips-provider-downgrade

Conversation

@zjhuntin

@zjhuntin zjhuntin commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

The openssl 3.5.7-1 workaround from #1960 (57f417c) excludes openssl-fips-provider-3.5.7-1 but does not downgrade it. When the box already has openssl-fips-provider-3.5.7-1 installed, its dependency on openssl-libs = 3.5.7-1 conflicts with the exclude, causing a depsolve failure.

Adds openssl-fips-provider-3.5.5-3.el9 to the downgrade list so all three packages pin to the same known-good NVR.

The openssl 3.5.7-1 workaround from 57f417c excludes
openssl-fips-provider-3.5.7-1 but does not downgrade it, causing a
depsolve failure when the package is already installed on the box and
its dependency on openssl-libs 3.5.7-1 conflicts with the exclude.

Add openssl-fips-provider-3.5.5-3.el9 to the downgrade list so all
three packages pin to the same known-good NVR.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@Odilhao Odilhao merged commit f9dcec8 into theforeman:master Jul 8, 2026
7 of 8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants