Hello Simon, or anyone else affected, Accepted libapache2-mod-auth-mellon into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/libapache2-mod-auth- mellon/0.18.0-1ubuntu0.1 in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-jammy. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: libapache2-mod-auth-mellon (Ubuntu Jammy) Status: Triaged => Fix Committed ** Tags added: verification-needed verification-needed-jammy -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to hplip in Ubuntu. https://bugs.launchpad.net/bugs/1945774 Title: openssl: breaks ssl-cert installation: 8022CB35777F0000:error:1200007A:random number generator:RAND_write_file:Not a regular file:../crypto/rand/randfile.c:190:Filename=/dev/urandom Status in mod_auth_mellon: Fix Released Status in hplip package in Ubuntu: Fix Released Status in libapache2-mod-auth-mellon package in Ubuntu: Fix Released Status in ssl-cert package in Ubuntu: Fix Released Status in hplip source package in Jammy: Fix Released Status in libapache2-mod-auth-mellon source package in Jammy: Fix Committed Status in ssl-cert source package in Jammy: Fix Released Status in ssl-cert package in Debian: Fix Released Bug description: [ Impact ] The upgrade to OpenSSL 3 results in the failure of the mellon_create_metadata helper script to generate the initial SP metadata files required by apache mod_auth_mellon. Since ubuntu jammy uses OpenSSL 3, this fix is essential to restore the functionality of mellon_create_metadata. The issue arises because OpenSSL 3 no longer supports using device files, such as /dev/urandom, as RANDFILE input, which mellon_create_metadata depends on to generate SAML service provider metadata, including a public key pair and configuration XML file. [ Test Plan ] Run the following command: mellon_create_metadata urn:example https://example.org/mellon Only two files, urn_example.cert and urn_example.key will be created in the current working directory. The expected output should include a third file, urn_example.xml. Note that there are no error messages indicating a problem, as stderr is suppressed in the script. To test the generated metadata and the mod_auth_mellon module, you will need apache installed. First create a directory /etc/apache2/saml2 and move the three files generated in the previous step into this directory. Next, download the metadata for a test IdP and save it in the same directory using the following command: curl https://login.ubuntu.com/saml/metadata -Lo \ /etc/apache2/saml2/idp_metadata.xml Enable auth_mellon module (a2enmod auth_mellon) and create a test apache configuration with the following content: <Location / > MellonEnable info MellonEndpointPath /mellon/ MellonSPMetadataFile /etc/apache2/saml2/urn_example.xml MellonSPPrivateKeyFile /etc/apache2/saml2/urn_example.key MellonSPCertFile /etc/apache2/saml2/urn_example.cert MellonIdPMetadataFile /etc/apache2/saml2/idp_metadata.xml </Location> Restart apache and test the mellon login endpoint, and This should redirect you to the correct IdP login page with a SAML request, confirming that the metadata and the auth_mellon module are working correctly. curl -v '127.1/mellon/login?ReturnTo=http%3A%2F%2F127.0.0.1%2F&IdP=https%3A%2F%2Flogin.ubuntu.com' ... Location: https://login.ubuntu.com/saml/?SAMLRequest=hZJN... ... [ Where problems could occur ] The upstream changes involve writing 256 bytes from /dev/urandom to a temporary file, which is then used as input for OpenSSL RANDFILE. While these changes are unlikely to cause significant regressions, there is a hypothetical issue where, in rare cases, the OpenSSL command might fail due to unrelated reasons. In such scenarios, the updated script could leave behind two residual temporary files instead of the single file left by the current version. However, since these files are small and typically cleaned up regularly by the system, this behavior should not negatively impact the user. [ Other Info ] Upstream fix: https://github.com/latchset/mod_auth_mellon/issues/105 To manage notifications about this bug go to: https://bugs.launchpad.net/mod-auth-mellon/+bug/1945774/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
