Package: liblasso3 Version: 2.8.0-1+b5 Severity: important Signature in the SAML GET binding is broken by the new xmlsec version,
lasso:ERROR:tools.c:586:lasso_query_sign: assertion failed: (rsa) Bail out! lasso:ERROR:tools.c:586:lasso_query_sign: assertion failed: (rsa) This is because it uses the OpenSSL 3.0 API and xmlSecOpenSSLKeyDataRsaGetRsa doesn't work anymore: /** * xmlSecOpenSSLKeyDataRsaGetRsa: * @data: the pointer to RSA key data. * * DEPRECATED. Gets the OpenSSL RSA key from RSA key data. * * Returns: pointer to OpenSSL RSA key or NULL if an error occurs. */ RSA* xmlSecOpenSSLKeyDataRsaGetRsa(xmlSecKeyDataPtr data) { #ifndef XMLSEC_OPENSSL_API_300 EVP_PKEY* pKey; xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataRsaId), NULL); pKey = xmlSecOpenSSLKeyDataRsaGetEvp(data); xmlSecAssert2((pKey == NULL) || (EVP_PKEY_base_id(pKey) == EVP_PKEY_RSA), NULL); return((pKey != NULL) ? EVP_PKEY_get0_RSA(pKey) : NULL); #else /* XMLSEC_OPENSSL_API_300 */ UNREFERENCED_PARAMETER(data); xmlSecNotImplementedError("OpenSSL 3.0 does not support direct access to RSA key"); return(NULL); #endif /* XMLSEC_OPENSSL_API_300 */ } (reported upstream as https://dev.entrouvert.org/issues/71313) -- System Information: Debian Release: bookworm/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 6.0.0-2-amd64 (SMP w/4 CPU threads; PREEMPT) Kernel taint flags: TAINT_WARN, TAINT_FIRMWARE_WORKAROUND, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), LANGUAGE=fr_BE:fr Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages liblasso3 depends on: ii libc6 2.36-5 ii libglib2.0-0 2.74.1-2 ii libssl3 3.0.7-1 ii libxml2 2.9.14+dfsg-1.1+b2 hi libxmlsec1 1.2.36-2 hi libxmlsec1-openssl 1.2.36-2 ii libxslt1.1 1.1.35-1 ii zlib1g 1:1.2.13.dfsg-1 liblasso3 recommends no packages. liblasso3 suggests no packages. -- no debconf information