[Bug 2076114] [NEW] Pollen 4.22-0ubuntu2 installs deprecated Upstart files
Public bug reported: Pollen 4.22-0ubuntu2 installs upstart files (/etc/init/pollen.conf and /etc/init/pollen-restart.conf), while systemd has replaced upstart in the targeted ubuntu release. This should be caused by the debian/pollen.upstart and debian/pollen- restart.upstart files. The added files in /etc/init are probably okay to stay as they are not effective, but it would be better to remove them. See: https://manpages.debian.org/testing/debhelper/dh_installinit.1.en.html#debian/~3 ** Affects: pollen (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2076114 Title: Pollen 4.22-0ubuntu2 installs deprecated Upstart files To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pollen/+bug/2076114/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2081763] [NEW] [SRU] mellon_create_metadata is incompatible with OpenSSL 3 in jammy
Public bug reported: [ Impact ] The upgrade to OpenSSL 3 results in the failure of the mellon_create_metadata helper script to generate the initial SP metadata files required by apache mod_auth_mellon. Since ubuntu jammy uses OpenSSL 3, this fix is essential to restore the functionality of mellon_create_metadata. The issue arises because OpenSSL 3 no longer supports using device files, such as /dev/urandom, as RANDFILE input, which mellon_create_metadata depends on to generate SAML service provider metadata, including a public key pair and configuration XML file. [ Test Plan ] Run the following command: mellon_create_metadata urn:someservice https://sp.example.org/mellon Only two files, urn_someservice.cert and urn_someservice.key will be created in the current working directory. The expected output should include a third file, urn_someservice.xml. Note that there are no error messages indicating a problem, as stderr is suppressed in the script. [ Where problems could occur ] The upstream changes involve writing 256 bytes from /dev/urandom to a temporary file, which is then used as input for OpenSSL RANDFILE. While these changes are unlikely to cause significant regressions, there is a hypothetical issue where, in rare cases, the OpenSSL command might fail due to unrelated reasons. In such scenarios, the updated script could leave behind two residual temporary files instead of the single file left by the current version. However, since these files are small and typically cleaned up regularly by the system, this behavior should not negatively impact the user. [ Other Info ] Upstream fix: https://github.com/latchset/mod_auth_mellon/issues/105 Fixes: LP: #1945774, LP: #2052795 ** Affects: libapache2-mod-auth-mellon (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2081763 Title: [SRU] mellon_create_metadata is incompatible with OpenSSL 3 in jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libapache2-mod-auth-mellon/+bug/2081763/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2081763] Re: [SRU] mellon_create_metadata is incompatible with OpenSSL 3 in jammy
debdiff attached ** Patch added: "libapache2-mod-auth-mellon-0.18.0-2.debdiff" https://bugs.launchpad.net/ubuntu/+source/libapache2-mod-auth-mellon/+bug/2081763/+attachment/5821234/+files/libapache2-mod-auth-mellon-0.18.0-2.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2081763 Title: [SRU] mellon_create_metadata is incompatible with OpenSSL 3 in jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libapache2-mod-auth-mellon/+bug/2081763/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2081763] Re: [SRU] mellon_create_metadata is incompatible with OpenSSL 3 in jammy
*** This bug is a duplicate of bug 1945774 *** https://bugs.launchpad.net/bugs/1945774 ** This bug has been marked a duplicate of bug 1945774 openssl: breaks ssl-cert installation: 8022CB35777F:error:127A:random number generator:RAND_write_file:Not a regular file:../crypto/rand/randfile.c:190:Filename=/dev/urandom -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2081763 Title: [SRU] mellon_create_metadata is incompatible with OpenSSL 3 in jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libapache2-mod-auth-mellon/+bug/2081763/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1945774] Re: openssl: breaks ssl-cert installation: 8022CB35777F0000:error:1200007A:random number generator:RAND_write_file:Not a regular file:../crypto/rand/randfile.c:190:Filename=/dev/urandom
debdiff for libapache2-mod-auth-mellon attached ** Description changed: - Imported from Debian bug http://bugs.debian.org/990228: + [ Impact ] - Package: openssl - Version: 3.0.0~~alpha16-1 - Severity: serious - User: debian...@lists.debian.org - Usertags: piuparts + The upgrade to OpenSSL 3 results in the failure of the + mellon_create_metadata helper script to generate the initial SP metadata + files required by apache mod_auth_mellon. Since ubuntu jammy uses + OpenSSL 3, this fix is essential to restore the functionality of + mellon_create_metadata. The issue arises because OpenSSL 3 no longer + supports using device files, such as /dev/urandom, as RANDFILE input, + which mellon_create_metadata depends on to generate SAML service + provider metadata, including a public key pair and configuration + XML file. - Hi, + [ Test Plan ] - during a test with piuparts I noticed your package causes other package - to fail installation/upgrading. + Run the following command: + mellon_create_metadata urn:example https://example.org/mellon - From the attached log (scroll to the bottom...): + Only two files, urn_example.cert and urn_example.key will be + created in the current working directory. The expected output should + include a third file, urn_example.xml. Note that there are no + error messages indicating a problem, as stderr is suppressed in the + script. - ... - Setting up openssl (3.0.0~~alpha16-1) ... - Setting up libbsd0:amd64 (0.11.3-1) ... - Setting up readline-common (8.1-2) ... - Setting up libxml2:amd64 (2.9.10+dfsg-6.7) ... - Setting up libgdbm6:amd64 (1.19-2) ... - Setting up postgresql-client-common (226) ... - Setting up libedit2:amd64 (3.1-20210522-1~exp1) ... - Setting up libreadline8:amd64 (8.1-2) ... - Setting up libldap-2.4-2:amd64 (2.4.57+dfsg-3) ... - Setting up libllvm11:amd64 (1:11.0.1-2) ... - Setting up ssl-cert (1.1.0+nmu1) ... - Could not create certificate. Openssl output was: - Generating a RSA private key - ..+..+..+...+.+...+.+...+...+..+...+.+..+...+.+...+...+..+.+.+...+...+.+..++..+..+*.+*..+..++...+.+..+...++..+.++..++...++..+.+...+..+...+...+.+..+...+.++.+++.+..+.+.+..+..+.+...+.+.+.++.+.+.++++...+ - ..+.++...+...+...+..+..+.+...+.++...+.+..+..+..+*+...++..+...+..+...+..+.+..+*+..+...++..++..++.+..+...++.+.+..+.+.+..+.+..+..+..+.+++.++..+...+.+...+...+...+...+..++...+..+.+ - Writing new private key to '/etc/ssl/private/ssl-cert-snakeoil.key' - - - Warning: No -copy_extensions given; ignoring any extensions in the request - Cannot write random bytes: - 8022CB35777F:error:127A:random number generator:RAND_write_file:Not a regular file:../crypto/rand/randfile.c:190:Filename=/dev/urandom - dpkg: error processing package ssl-cert (--configure): -installed ssl-cert package post-installation script subprocess returned error exit status 1 - dpkg: dependency problems prevent configuration of postgresql-common: -postgresql-common depends on ssl-cert (>= 1.0.11); however: - Package ssl-cert is not configured yet. - ... + To test the generated metadata and the mod_auth_mellon module, you will + need apache installed. First create a directory /etc/apache2/saml2 and + move the three files generated in the previous step into this directory. - Hmm, well, yes, /dev/urandom is not a regular file. It's a character - device node. + Next, download the metadata for a test IdP and save it in the same + directory using the following command: + curl https://login.ubuntu.com/saml/metadata -Lo \ + /etc/apache2/saml2/idp_metadata.xml + Enable auth_mellon module (a2enmod auth_mellon) and create a test apache + configuration with the following content: - cheers, + + MellonEnable info + MellonEndpointPath /mellon/ + MellonSPMetadataFile /etc/apache2/saml2/urn_example.xml + MellonSPPrivateKeyFile /etc/apache2/saml2/urn_example.key + MellonSPCertFile /etc/apache2/saml2/urn_example.cert + MellonIdPMetadataFile /etc/apache2/saml2/idp
[Bug 1945774] Re: openssl: breaks ssl-cert installation: 8022CB35777F0000:error:1200007A:random number generator:RAND_write_file:Not a regular file:../crypto/rand/randfile.c:190:Filename=/dev/urandom
Continually refines the patch based on suggestions from athos-ribeiro: * Updates the Launchpad bug format * Removes redundant DEP3 headers ** Patch added: "libapache2-mod-auth-mellon_0.18.0-1ubuntu1.debdiff" https://bugs.launchpad.net/ubuntu/+source/ssl-cert/+bug/1945774/+attachment/5840307/+files/libapache2-mod-auth-mellon_0.18.0-1ubuntu1.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1945774 Title: openssl: breaks ssl-cert installation: 8022CB35777F:error:127A:random number generator:RAND_write_file:Not a regular file:../crypto/rand/randfile.c:190:Filename=/dev/urandom To manage notifications about this bug go to: https://bugs.launchpad.net/mod-auth-mellon/+bug/1945774/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1945774] Re: openssl: breaks ssl-cert installation: 8022CB35777F0000:error:1200007A:random number generator:RAND_write_file:Not a regular file:../crypto/rand/randfile.c:190:Filename=/dev/urandom
Update the patch based on suggestions from athos-ribeiro: * Add DEP3 headers to the upstream patch * Generate the changelog based on the DEP3 headers ** Patch added: "libapache2-mod-auth-mellon_0.18.0-1ubuntu1.debdiff" https://bugs.launchpad.net/ubuntu/+source/ssl-cert/+bug/1945774/+attachment/5838191/+files/libapache2-mod-auth-mellon_0.18.0-1ubuntu1.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1945774 Title: openssl: breaks ssl-cert installation: 8022CB35777F:error:127A:random number generator:RAND_write_file:Not a regular file:../crypto/rand/randfile.c:190:Filename=/dev/urandom To manage notifications about this bug go to: https://bugs.launchpad.net/mod-auth-mellon/+bug/1945774/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1945774] Re: openssl: breaks ssl-cert installation: 8022CB35777F0000:error:1200007A:random number generator:RAND_write_file:Not a regular file:../crypto/rand/randfile.c:190:Filename=/dev/urandom
Hello Renan, I have tested the proposed version of libapache2-mod-auth-mellon (0.18.0-1ubuntu0.1), and I can confirm that the issue described has been resolved in this new version. Thanks! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1945774 Title: openssl: breaks ssl-cert installation: 8022CB35777F:error:127A:random number generator:RAND_write_file:Not a regular file:../crypto/rand/randfile.c:190:Filename=/dev/urandom To manage notifications about this bug go to: https://bugs.launchpad.net/mod-auth-mellon/+bug/1945774/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
