Update the patch based on suggestions from athos-ribeiro: * Add DEP3 headers to the upstream patch * Generate the changelog based on the DEP3 headers
** Patch added: "libapache2-mod-auth-mellon_0.18.0-1ubuntu1.debdiff" https://bugs.launchpad.net/ubuntu/+source/ssl-cert/+bug/1945774/+attachment/5838191/+files/libapache2-mod-auth-mellon_0.18.0-1ubuntu1.debdiff -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to hplip in Ubuntu. https://bugs.launchpad.net/bugs/1945774 Title: openssl: breaks ssl-cert installation: 8022CB35777F0000:error:1200007A:random number generator:RAND_write_file:Not a regular file:../crypto/rand/randfile.c:190:Filename=/dev/urandom Status in mod_auth_mellon: Fix Released Status in hplip package in Ubuntu: Fix Released Status in libapache2-mod-auth-mellon package in Ubuntu: Fix Released Status in ssl-cert package in Ubuntu: Fix Released Status in hplip source package in Jammy: Fix Released Status in libapache2-mod-auth-mellon source package in Jammy: Triaged Status in ssl-cert source package in Jammy: Fix Released Status in ssl-cert package in Debian: Fix Released Bug description: [ Impact ] The upgrade to OpenSSL 3 results in the failure of the mellon_create_metadata helper script to generate the initial SP metadata files required by apache mod_auth_mellon. Since ubuntu jammy uses OpenSSL 3, this fix is essential to restore the functionality of mellon_create_metadata. The issue arises because OpenSSL 3 no longer supports using device files, such as /dev/urandom, as RANDFILE input, which mellon_create_metadata depends on to generate SAML service provider metadata, including a public key pair and configuration XML file. [ Test Plan ] Run the following command: mellon_create_metadata urn:example https://example.org/mellon Only two files, urn_example.cert and urn_example.key will be created in the current working directory. The expected output should include a third file, urn_example.xml. Note that there are no error messages indicating a problem, as stderr is suppressed in the script. To test the generated metadata and the mod_auth_mellon module, you will need apache installed. First create a directory /etc/apache2/saml2 and move the three files generated in the previous step into this directory. Next, download the metadata for a test IdP and save it in the same directory using the following command: curl https://login.ubuntu.com/saml/metadata -Lo \ /etc/apache2/saml2/idp_metadata.xml Enable auth_mellon module (a2enmod auth_mellon) and create a test apache configuration with the following content: <Location / > MellonEnable info MellonEndpointPath /mellon/ MellonSPMetadataFile /etc/apache2/saml2/urn_example.xml MellonSPPrivateKeyFile /etc/apache2/saml2/urn_example.key MellonSPCertFile /etc/apache2/saml2/urn_example.cert MellonIdPMetadataFile /etc/apache2/saml2/idp_metadata.xml </Location> Restart apache and test the mellon login endpoint, and This should redirect you to the correct IdP login page with a SAML request, confirming that the metadata and the auth_mellon module are working correctly. curl -v '127.1/mellon/login?ReturnTo=http%3A%2F%2F127.0.0.1%2F&IdP=https%3A%2F%2Flogin.ubuntu.com' ... Location: https://login.ubuntu.com/saml/?SAMLRequest=hZJN... ... [ Where problems could occur ] The upstream changes involve writing 256 bytes from /dev/urandom to a temporary file, which is then used as input for OpenSSL RANDFILE. While these changes are unlikely to cause significant regressions, there is a hypothetical issue where, in rare cases, the OpenSSL command might fail due to unrelated reasons. In such scenarios, the updated script could leave behind two residual temporary files instead of the single file left by the current version. However, since these files are small and typically cleaned up regularly by the system, this behavior should not negatively impact the user. [ Other Info ] Upstream fix: https://github.com/latchset/mod_auth_mellon/issues/105 To manage notifications about this bug go to: https://bugs.launchpad.net/mod-auth-mellon/+bug/1945774/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
