Your message dated Wed, 10 Apr 2024 13:20:33 +0000
with message-id <e1ruxsp-00548c...@fasolo.debian.org>
and subject line Bug#1061869: fixed in sssd 2.9.4-2
has caused the Debian Bug report #1061869,
regarding sssd: Drop -extensions from openssl command if there is no -x509.
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1061869: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061869
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:sssd
Version: 2.9.4-1
Severity: important
Tags: sid patch
control: affects -1 src:openssl
control: forwarded -1 https://github.com/SSSD/sssd/pull/7151
User: pkg-openssl-de...@lists.alioth.debian.org
Usertags: openssl-3.2
tests: Drop -extensions from openssl command if there is no -x509
The 'openssl req' ignores the '-extensions' option without '-x509'.
OpenSSL versions prior 3.2 simply ignored it. Starting with version 3.2
an error is generated.
There are two patches attached: One against sssd and one against
debian/tests for debci.
Sebastian
From: Sebastian Andrzej Siewior <sebast...@breakpoint.cc>
Date: Wed, 24 Jan 2024 23:03:04 +0100
Subject: [PATCH] tests: Drop -extensions from openssl command if there is no
-x509
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The 'openssl req' ignores the '-extensions' option without '-x509'.
OpenSSL versions prior 3.2 simply ignored it. Starting with version 3.2
an error is generated:
| /usr/bin/openssl req -batch -config
| ../../../../../src/tests/test_CA/intermediate_CA/SSSD_test_intermediate_CA.config
| -new -nodes -key
| …/build/../src/tests/test_CA/intermediate_CA/SSSD_test_intermediate_CA_key.pem
-sha256 -extensions v3_ca -out SSSD_test_intermediate_CA_req.pem
| Error adding request extensions from section v3_ca
| 003163BAB27F0000:error:11000079:X509 V3 routines:v2i_AUTHORITY_KEYID:no issuer certificate:../crypto/x509/v3_akid.c:156:
| 003163BAB27F0000:error:11000080:X509 V3 routines:X509V3_EXT_nconf_int:error in extension:../crypto/x509/v3_conf.c:48:section=v3_ca, name=authorityKeyIdentifier, value=keyid:always,issuer:always
|
Remove the '-extensions' option.
Signed-off-by: Sebastian Andrzej Siewior <sebast...@breakpoint.cc>
---
src/tests/test_CA/intermediate_CA/Makefile.am | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/tests/test_CA/intermediate_CA/Makefile.am b/src/tests/test_CA/intermediate_CA/Makefile.am
index b439f82cb03e5..50fcddb8d2221 100644
--- a/src/tests/test_CA/intermediate_CA/Makefile.am
+++ b/src/tests/test_CA/intermediate_CA/Makefile.am
@@ -33,7 +33,7 @@ ca_all: clean SSSD_test_intermediate_CA.pem SSSD_test_intermediate_CA_full_db.pe
ln -s $(builddir)/../$@
SSSD_test_intermediate_CA_req.pem: $(openssl_intermediate_ca_key) $(openssl_intermediate_ca_config) SSSD_test_CA.pem
- $(OPENSSL) req -batch -config ${openssl_intermediate_ca_config} -new -nodes -key $< -sha256 -extensions v3_ca -out $@
+ $(OPENSSL) req -batch -config ${openssl_intermediate_ca_config} -new -nodes -key $< -sha256 -out $@
SSSD_test_intermediate_CA.pem: SSSD_test_intermediate_CA_req.pem $(openssl_root_ca_config) $(openssl_root_ca_key)
cd .. && $(OPENSSL) ca -config ${openssl_root_ca_config} -batch -notext -keyfile $(openssl_root_ca_key) -in $(abs_builddir)/$< -days 200 -extensions v3_intermediate_ca -out $(abs_builddir)/$@
--
2.43.0
From: Sebastian Andrzej Siewior <sebast...@breakpoint.cc>
Date: Mon, 29 Jan 2024 23:18:39 +0100
Subject: [PATCH] debian: tests: Drop -extensions from openssl command if there
is no -x509.
The 'openssl req' ignores the '-extensions' option without '-x509'.
OpenSSL versions prior 3.2 simply ignored it. Starting with version 3.2
an error is generated.
Remove the '-extensions' option.
Signed-off-by: Sebastian Andrzej Siewior <sebast...@breakpoint.cc>
---
debian/tests/sssd-softhism2-certificates-tests.sh | 2 --
1 file changed, 2 deletions(-)
diff --git a/debian/tests/sssd-softhism2-certificates-tests.sh b/debian/tests/sssd-softhism2-certificates-tests.sh
index a0676740e11d..2c3d167414a6 100644
--- a/debian/tests/sssd-softhism2-certificates-tests.sh
+++ b/debian/tests/sssd-softhism2-certificates-tests.sh
@@ -222,7 +222,6 @@ openssl req \
-key "$tmpdir/test-intermediate-CA-key.pem" \
-passout "$root_ca_key_pass" \
-sha256 \
- -extensions v3_ca \
-out "$tmpdir/test-intermediate-CA-certificate-request.pem"
openssl req -text -noout -in "$tmpdir/test-intermediate-CA-certificate-request.pem"
@@ -311,7 +310,6 @@ openssl req \
-key "$tmpdir/test-sub-intermediate-CA-key.pem" \
-passout "$intermediate_ca_key_pass" \
-sha256 \
- -extensions v3_ca \
-out "$tmpdir/test-sub-intermediate-CA-certificate-request.pem"
openssl req -text -noout -in "$tmpdir/test-sub-intermediate-CA-certificate-request.pem"
--
2.43.0
--- End Message ---
--- Begin Message ---
Source: sssd
Source-Version: 2.9.4-2
Done: Timo Aaltonen <tjaal...@debian.org>
We believe that the bug you reported is fixed in the latest version of
sssd, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1061...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Timo Aaltonen <tjaal...@debian.org> (supplier of updated sssd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 10 Apr 2024 15:56:46 +0300
Source: sssd
Built-For-Profiles: noudeb
Architecture: source
Version: 2.9.4-2
Distribution: unstable
Urgency: medium
Maintainer: Debian SSSD Team <pkg-sssd-de...@alioth-lists.debian.net>
Changed-By: Timo Aaltonen <tjaal...@debian.org>
Closes: 1061350 1061869
Changes:
sssd (2.9.4-2) unstable; urgency=medium
.
[ Michael Biebl ]
* Install PAM and NSS modules into /usr. (Closes: #1061350)
.
[ Timo Aaltonen ]
* tests: Drop -extensions from openssl command if there is no -x509.
Thanks, Sebastian Andrzej Siewior! (Closes: #1061869)
Checksums-Sha1:
c0518e8acff06a181e0d5590993ba5f7ebbbd675 5125 sssd_2.9.4-2.dsc
446c0ff313f2569a86eb6b1ca13a2f4915ed5809 46916 sssd_2.9.4-2.debian.tar.xz
842a837b305af1b7042ed86fd8dc5da2723ebd25 10415 sssd_2.9.4-2_source.buildinfo
Checksums-Sha256:
2ea27d2e45f3e4c7b3d9d760167c8989b41a747a3918482fb68ac881576f0aee 5125
sssd_2.9.4-2.dsc
4f00ab1d2c7906340f3705c35d8c5a3c18ec0ffc62a8b53f7ce6243ecce71f6e 46916
sssd_2.9.4-2.debian.tar.xz
747eb56ade5b987af03b812d419133a9c2295bd87b2f4d5a483028259716cd2e 10415
sssd_2.9.4-2_source.buildinfo
Files:
ab4cb36746f1fdec3e843116d9bc7478 5125 utils optional sssd_2.9.4-2.dsc
61f3fa1581ac0412f4856b8c6ec68938 46916 utils optional
sssd_2.9.4-2.debian.tar.xz
a8797c90571701b7150eea2413d88cac 10415 utils optional
sssd_2.9.4-2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEdS3ifE3rFwGbS2Yjy3AxZaiJhNwFAmYWjJsACgkQy3AxZaiJ
hNwSQw/+KuAZzWW/LUtzmCFRD7uwUbKQ3x0nUJ7TfVQeBTrgNClgLwe7vM4INyxN
3j9C6YIqhUSNf+pEVlANQ1fksGxjRzYpjyTv+7hxk5Zu+51aqldq5WN8HyhggN8N
J+Py6DtLaGG63Gia1h4cX2GifJOPInAQUXz1oxlk6/c0hnjLzgfagA7Sxb9T7T1m
QjIAL4aluourmLmGxjldogUATsMp2dybG4dvyqno3xHq3PNfNMF4q39S6+buER3V
uzv4scNj5zc+MzGBp4XT6SG2ITU9L5TqGqls3EQjGgpfbJn1GobTvSfu+YQk25uB
98+kJABcb+1HlZWrzqct+iyyRxQqvAK2zhqrDRbKjHcEx1ZU3AZrv2exwNwAosXO
LIeMdkpCE72I2ehcFolRZVGyU/aUZ9AHrNSRjNAWfcJ43Tpzr/fm4cxlnlRlZBKn
Fs2fpbG6r/0J2bSR3OcxWWSe5mrssbxH+nj3B6V0moq6ncFllWfJXnDep8oLTWgP
KDS/QvfmzJ1CTiypKua/iSISlDvlEUilaODtokezQoh+4ijDcB3UjdY0TVIKlIGA
bbzELEldZbKr+PeoIiZ74tksAK5iIFs34OAHxtyd3cSsAUP20egaQYSxRgdvFQ/Z
pZwaC2zLH8PGyXq23lF3Es8mXNHcGCcqKJTTLNVrHa3FE9cUexM=
=Orkp
-----END PGP SIGNATURE-----
pgpUKGbylEiTM.pgp
Description: PGP signature
--- End Message ---
