On 03/04/2024 16.21, Djerk Geurts via FreeIPA-users wrote:
Not sure how long we’ll need to wait for a fix in Ubuntu 20.04, so we’re
uplifting our jumphosts to Ubuntu 22.04. We were going to wait so we could go
from 20.04 to 24.04, but alas…
Thank you for your time!
I'm the downstream maintainer of python-cryptography in RHEL and Fedora.
I found the problem in October 2021 and reported it to upstream. The
PyCA cryptography ticket
https://github.com/pyca/cryptography/issues/6368 has more information
and links to FreeIPA and Certmonger tickets.
Timeline: cryptography 35.0 was release on 2021-09-29. The problem was
detected by our tests and reported by me on 2021-10-04. I also wrote a
fix the same day. Certmonger release 0.79.15 fixed CSR generation and
was released 24h later. Cryptography added a temporary workaround
shortly after and removed the workaround in April 2022.
If Ubuntu hasn't fixed the problem as of today, then they probably have
missed the bug. We don't have control about the Debian/Ubuntu downstream
channel. The Debian maintainer Timo Aaltonen is responsive and addresses
problems fast. Could you please open an Ubuntu bug on Launchpad and ping
him?
Christian
--
Christian Heimes
Principal Software Engineer, Identity Management and Platform Security
Red Hat GmbH, https://de.redhat.com/ , Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Brian Klemm, Laurie Krebs, Michael O'Neill
--
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
