[SRU] ship new public cert

Bug #1483762 reported by Dustin Kirkland  on 2015-08-11
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
pollinate (Ubuntu)
High
Dustin Kirkland 
Trusty
High
Dustin Kirkland 
Vivid
High
Dustin Kirkland 
Wily
High
Dustin Kirkland 

Bug Description

Pollinate ships entropy.ubuntu.com's public certificate for tighter security.

This certificate has been updated and pollinate needs to be updated. The previous certificate is expiring at Thursday, October 15, 2015 at 11:10:53 AM.

[Impact]
Any new 14.04 (Trusty) cloud instance with a down-level version of pollinate will fail to seed their PRNG from entropy.ubuntu.com, after Thursday, October 15, 2015 at 11:10:53 AM.

[Test Case]
Run:
 $ sudo pollinate -r
to reseed your PRNG. If you have the old version of pollinate, you'll get certificate errors (See Comment #1), and it will exit non-zero. If you have the new version (already uploaded to ppa:pollinate/ppa, utopic, trusty-proposed), it will work again and exit zero (see Comment #2).

[Regression Potential]
Negligible. A single file is updated with a new public SSL certificate for https://entropy.ubuntu.com, in /etc/pollinate/entropy.ubuntu.com.pem

description: updated
Changed in pollinate (Ubuntu):
importance: Undecided → High
status: New → In Progress
Changed in pollinate (Ubuntu Trusty):
status: New → In Progress
Changed in pollinate (Ubuntu Vivid):
status: New → In Progress
Changed in pollinate (Ubuntu Trusty):
importance: Undecided → High
Changed in pollinate (Ubuntu Vivid):
importance: Undecided → High
Changed in pollinate (Ubuntu Trusty):
assignee: nobody → Dustin Kirkland  (kirkland)
Changed in pollinate (Ubuntu Vivid):
assignee: nobody → Dustin Kirkland  (kirkland)
Changed in pollinate (Ubuntu Wily):
assignee: nobody → Dustin Kirkland  (kirkland)
Changed in pollinate (Ubuntu Wily):
status: In Progress → Fix Committed
Dustin Kirkland  (kirkland) wrote :

Attaching a patch for trusty.

Dustin Kirkland  (kirkland) wrote :

Attaching a patch for vivid.

Changed in pollinate (Ubuntu Wily):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package pollinate - 4.7-0ubuntu1.3

---------------
pollinate (4.7-0ubuntu1.3) trusty-security; urgency=medium

  * entropy.ubuntu.com.pem: LP: #1483762
    - entropy.ubuntu.com SSL is coming up for renewal on 2015-09-15
    - update the certs for the pollinate package
    - Note that this changes the issuing CA to DigiCert, which requires
      a new intermediary.

 -- Dustin Kirkland <email address hidden> Tue, 11 Aug 2015 15:37:26 -0500

Changed in pollinate (Ubuntu Trusty):
status: In Progress → Fix Released
Seth Arnold (seth-arnold) wrote :

I overlooked a missing bug number for the cert update in the vivid changelog. Sorry.

Changed in pollinate (Ubuntu Vivid):
status: In Progress → Fix Released
information type: Public → Public Security
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers