Merely starting httpd now fail when mod_auth_mellon is installed on the system. Reproducible: Always Steps to Reproduce: 1. dnf install -y httpd mod_auth_mellon 2. systemctl start httpd 3. systemctl status httpd Actual Results: Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xeu httpd.service" for details. × httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; preset: disabled) Drop-In: /usr/lib/systemd/system/service.d └─10-timeout-abort.conf Active: failed (Result: exit-code) since Tue 2023-04-18 10:46:34 CEST; 7s ago Docs: man:httpd.service(8) Process: 1066 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE) Main PID: 1066 (code=exited, status=1/FAILURE) CPU: 25ms Apr 18 10:46:34 machine.example.com systemd[1]: Starting httpd.service - The Apache HTTP Server... Apr 18 10:46:34 machine.example.com httpd[1066]: httpd: Syntax error on line 61 of /etc/httpd/conf/httpd.conf: Syntax error on line 1 of /etc/httpd/conf.modules.d/10-auth_mellon.conf: Cannot load modules/mod_auth_mellon.so into server: /lib64/liblasso.so.3: undefined symbol: xmlSecOpenSSLKeyDataDsaGetDsa Apr 18 10:46:34 machine.example.com systemd[1]: httpd.service: Main process exited, code=exited, status=1/FAILURE Apr 18 10:46:34 machine.example.com systemd[1]: httpd.service: Failed with result 'exit-code'. Apr 18 10:46:34 machine.example.com systemd[1]: Failed to start httpd.service - The Apache HTTP Server. Expected Results: No error, httpd listening for connections. This is with httpd x86_64 2.4.57-1.fc39 beaker-Fedora-Everything 51 k mod_auth_mellon x86_64 0.18.1-3.fc39 beaker-Fedora-Everything 1.3 M lasso x86_64 2.7.0-9.fc37 beaker-Fedora-Everything 201 k
I assume this might be related to the fact that lasso FTBFS in Fedora 38: bug 2142849. On Fedora 38 mod_auth_mellon fails with coredump after lasso:ERROR:tools.c:586:lasso_query_sign: assertion failed: (rsa) on Fedora 39 (rawhide) it completely stops Apache HTTP Server from starting.
How hard would it be to actually make the dependent packages in Fedora compliant with the new xmlsec 1.3 API? If you think it is not realistic, just building the previous version likely with an Epoch bump should work. But beware that some packages might have already adapted to the new version, so for them it would be another incompatible change. So starting with the list of component that depend on xmlsec1 seems like a needed first step anyway.
Hello, any chance of getting some resolution any time soon?
FEDORA-2023-5c4fd46363 has been submitted as an update to Fedora 39. https://bodhi.fedoraproject.org/updates/FEDORA-2023-5c4fd46363
FEDORA-2023-5c4fd46363 has been pushed to the Fedora 39 stable repository. If problem still persists, please make note of it in this bug report.
The end of month is coming and I will be off, so I did the revert today to unblock others. I'm ready to work on that update again once I'm back. Tomáš
Here is my copr repo with 1.3 version https://copr.fedorainfracloud.org/coprs/thalman/xmlsec1/ Tomáš
Just a heads-up on what is going to happen to packages that were lucky enough to be built with 1.3.0 at some point: https://github.com/OpenSCAP/openscap/issues/1995.
The revert lead to lasso failures again, reported as bug 2217937.