[Bug 1066032] Re: Deadlock when reading a public key
This bug was fixed in the package openssl - 1.0.1c-3ubuntu2.4 --- openssl (1.0.1c-3ubuntu2.4) quantal; urgency=low [ Dmitrijs Ledkovs ] * Enable arm assembly code. (LP: #1083498) (Closes: #676533) * Enable optimized 64bit elliptic curve code contributed by Google. (LP: #1018522) [ Marc Deslauriers ] * debian/patches/fix_key_decoding_deadlock.patch: Fix possible deadlock when decoding public keys. (LP: #1066032) -- Dmitrijs LedkovsThu, 04 Apr 2013 12:15:11 +0100 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1066032 Title: Deadlock when reading a public key To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/1066032/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1066032] Re: Deadlock when reading a public key
This bug was fixed in the package openssl - 1.0.1-4ubuntu5.9 --- openssl (1.0.1-4ubuntu5.9) precise; urgency=low [ Dmitrijs Ledkovs ] * Enable arm assembly code. (LP: #1083498) (Closes: #676533) * Enable optimized 64bit elliptic curve code contributed by Google. (LP: #1018522) [ Marc Deslauriers ] * debian/patches/fix_key_decoding_deadlock.patch: Fix possible deadlock when decoding public keys. (LP: #1066032) -- Dmitrijs LedkovsMon, 15 Apr 2013 13:44:50 +0100 ** Changed in: openssl (Ubuntu Precise) Status: Fix Committed => Fix Released ** Changed in: openssl (Ubuntu Quantal) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1066032 Title: Deadlock when reading a public key To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/1066032/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1066032] Re: Deadlock when reading a public key
** Tags added: verification-done-quantal ** Tags removed: verification-needed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1066032 Title: Deadlock when reading a public key To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/1066032/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1066032] Re: Deadlock when reading a public key
** Tags added: verification-done-precise -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1066032 Title: Deadlock when reading a public key To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/1066032/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1066032] Re: Deadlock when reading a public key
Brian, I've been running apache with openssl 1.0.1-4ubuntu5.9 for almost a week now and it appears to be pretty stable. No issues so far. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1066032 Title: Deadlock when reading a public key To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/1066032/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1066032] Re: Deadlock when reading a public key
Hello Ivo, or anyone else affected, Accepted openssl into precise-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.9 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance! ** Changed in: openssl (Ubuntu Precise) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1066032 Title: Deadlock when reading a public key To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/1066032/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1066032] Re: Deadlock when reading a public key
Hello Ivo, or anyone else affected, Accepted openssl into quantal-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/openssl/1.0.1c- 3ubuntu2.4 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance! ** Changed in: openssl (Ubuntu Quantal) Status: In Progress => Fix Committed ** Tags added: verification-needed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1066032 Title: Deadlock when reading a public key To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/1066032/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1066032] Re: Deadlock when reading a public key
It's been a month now chaps. May we have an update on this, please? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1066032 Title: Deadlock when reading a public key To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/1066032/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1066032] Re: Deadlock when reading a public key
Uploaded into precise-proposed and quantal-proposed, unapproved queues. Pending members of SRU team to review, accept and publish it in the -proposed pocket. ** Changed in: openssl (Ubuntu Quantal) Status: Confirmed => In Progress ** Changed in: openssl (Ubuntu Precise) Status: Confirmed => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1066032 Title: Deadlock when reading a public key To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/1066032/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1066032] Re: Deadlock when reading a public key
** Description changed: - We're experiencing deadlocks in Ubuntu 12.04 at our customers. After - some investigation, a known bug in OpenSSL 1.0.1c (and other versions) - is causing this. The bug itself was known since one day after this - release (11th of May this year). + [SRU request] + + [Impact] + A deadlock exists in the public key decoding code of openssl in Precise and Quantal. Users of openssl is environments where a large number of keys are being processed may hit it, causing the application to hang. This has been fixed in the development release by backporting a trivial patch from upstream. + + [Test Case] + There is currently no known reliable way of reproducing the deadlock. + The openssl test suite passes with the patch, and the QRT scripts have been run successfully. + + [Regression Potential] + The patch is trivial, and shouldn't cause any regressions. It has been used in a couple of upstream releases so far. If the patch does introduce a regression, it would affect public key decoding and would be apparent. + + + Original report: + We're experiencing deadlocks in Ubuntu 12.04 at our customers. After some investigation, a known bug in OpenSSL 1.0.1c (and other versions) is causing this. The bug itself was known since one day after this release (11th of May this year). OpenSSL bug report: http://rt.openssl.org/Ticket/Display.html?id=2813&user=guest&pass=guest Commit that fixes the issue in OpenSSL 1.0.1: http://cvs.openssl.org/chngview?cn=22570 For now, we're distributing a modified version of the OpenSSL packages for Ubuntu, but of course we're not the only ones with this bug. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1066032 Title: Deadlock when reading a public key To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/1066032/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1066032] Re: Deadlock when reading a public key
** Changed in: openssl (Ubuntu Precise) Importance: Undecided => High ** Changed in: openssl (Ubuntu Quantal) Importance: Undecided => High ** Changed in: openssl (Ubuntu Raring) Importance: Undecided => High -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1066032 Title: Deadlock when reading a public key To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/1066032/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1066032] Re: Deadlock when reading a public key
This bug was fixed in the package openssl - 1.0.1c-4ubuntu6 --- openssl (1.0.1c-4ubuntu6) raring; urgency=low * debian/patches/fix_key_decoding_deadlock.patch: Fix possible deadlock when decoding public keys. (LP: #1066032) -- Marc DeslauriersWed, 06 Mar 2013 08:11:19 -0500 ** Changed in: openssl (Ubuntu Raring) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1066032 Title: Deadlock when reading a public key To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/1066032/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1066032] Re: Deadlock when reading a public key
** Also affects: openssl (Ubuntu Raring) Importance: Undecided Assignee: Marc Deslauriers (mdeslaur) Status: Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1066032 Title: Deadlock when reading a public key To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/1066032/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1066032] Re: Deadlock when reading a public key
This is a real shame and embarrassment that this bug is still not fixed in the LTS even with the upstream patch being available for so long. Importance should be high as opposed to undecided. This bug was affecting my reverse proxy - Apache would fail every few hours which in a production environment is absurd. To produce fixed packages it took me half an hour, apparently Canonical need half a year. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1066032 Title: Deadlock when reading a public key To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/1066032/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1066032] Re: Deadlock when reading a public key
Is there any progress to be reported? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1066032 Title: Deadlock when reading a public key To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/1066032/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1066032] Re: Deadlock when reading a public key
** Changed in: openssl (Ubuntu Precise) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: openssl (Ubuntu) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: openssl (Ubuntu Quantal) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1066032 Title: Deadlock when reading a public key To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/1066032/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1066032] Re: Deadlock when reading a public key
I'm hitting this bug also and was just wondering is a fix planed or should I try to get hold of the modified version of openssl? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1066032 Title: Deadlock when reading a public key To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/1066032/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1066032] Re: Deadlock when reading a public key
** Also affects: openssl (Ubuntu Precise) Importance: Undecided Status: New ** Also affects: openssl (Ubuntu Quantal) Importance: Undecided Status: New ** Changed in: openssl (Ubuntu Precise) Status: New => Confirmed ** Changed in: openssl (Ubuntu Quantal) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1066032 Title: Deadlock when reading a public key To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/1066032/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1066032] Re: Deadlock when reading a public key
** Changed in: openssl Status: Unknown => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1066032 Title: Deadlock when reading a public key To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/1066032/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1066032] Re: Deadlock when reading a public key
** Bug watch added: OpenSSL RT #2813 http://rt.openssl.org/Ticket/Display.html?id=2813 ** Also affects: openssl via http://rt.openssl.org/Ticket/Display.html?id=2813 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1066032 Title: Deadlock when reading a public key To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/1066032/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs