Do not support OpenSSL 3
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ruby-bcrypt-pbkdf (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Jammy |
Invalid
|
Undecided
|
Unassigned | ||
Kinetic |
Invalid
|
Undecided
|
Unassigned | ||
ruby-net-ssh (Ubuntu) |
Fix Released
|
Critical
|
Lucas Kanashiro | ||
Jammy |
Fix Released
|
Critical
|
Lucas Kanashiro | ||
Kinetic |
Fix Released
|
Critical
|
Lucas Kanashiro | ||
vagrant (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Jammy |
Fix Released
|
Undecided
|
Unassigned | ||
Kinetic |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[Impact]
The ruby-net-ssh package in jammy fails most operations due to its incompatibility with OpenSSL 3.0, thus breaking most of its reverse-
[Test case]
Amend the following one-liner for a host to which you have SSH access via pubkey:
ruby -e "require 'net/ssh'; Net::SSH.
It currently fails with the following error:
/usr/share/
[Where problems could occur]
Even though the package is currently unusable, the fix could introduce problems via some subtle missuses of the new OpenSSL APIs.
[Original report]
Upstream still does not support OpenSSL 3, and due to that a bunch of tests are failing. Fedora has been seeing the same problem and they filed a bug upstream:
Related branches
- Utkarsh Gupta (community): Approve
- git-ubuntu import: Pending requested
-
Diff: 848 lines (+764/-1)12 files modifieddebian/changelog (+8/-0)
debian/control (+2/-1)
debian/patches/openssl-3/0002-Generate-all-DSA-keys-with-1024-bits.patch (+134/-0)
debian/patches/openssl-3/0003-tests-Enable-legacy-providers-if-using-OpenSSL-3.0.patch (+68/-0)
debian/patches/openssl-3/0004-buffer-create-RSA-keys-by-loading-PEM-data-directly.patch (+103/-0)
debian/patches/openssl-3/0005-buffer-create-DSA-keys-by-loading-PEM-data-directly.patch (+106/-0)
debian/patches/openssl-3/0006-transport-create-EC-keys-by-loading-PEM-data-directl.patch (+46/-0)
debian/patches/openssl-3/0007-Use-OpenSSL-PKey-EC.generate-static-method.patch (+147/-0)
debian/patches/openssl-3/0008-diffie-hellman-create-the-key-by-generating-the-PEM-.patch (+70/-0)
debian/patches/openssl-3/0009-Fix-unit-tests-for-OpenSSL-3.patch (+65/-0)
debian/patches/series (+8/-0)
debian/ruby-tests.rake (+7/-0)
Changed in ruby-net-ssh (Ubuntu): | |
importance: | Undecided → High |
tags: | added: transition-openssl3-jj |
tags: | added: patch |
tags: | added: fr-2166 |
description: | updated |
Changed in ruby-net-ssh (Ubuntu Jammy): | |
importance: | Undecided → Critical |
Changed in ruby-net-ssh (Ubuntu Kinetic): | |
assignee: | nobody → Lucas Kanashiro (lucaskanashiro) |
Changed in vagrant (Ubuntu Jammy): | |
status: | Confirmed → Fix Released |
Changed in vagrant (Ubuntu Kinetic): | |
status: | Triaged → Fix Released |
Changed in ruby-bcrypt-pbkdf (Ubuntu Jammy): | |
status: | Confirmed → Invalid |
This issue is currently blocking ruby2.7 removal from Jammy. The removal requires the migration of ruby-bcrypt-pbkdf in jammy-proposed:
$ reverse-depends src:ruby2.7
Reverse-Depends
* ruby-bcrypt-pbkdf (for libruby2.7)
Packages without architectures listed are reverse- dependencies in: amd64, arm64, armhf, ppc64el, s390x
And ruby-net-ssh is the only regression blocking the ruby-bcrypt-pbkdf migration.