This bug was fixed in the package openssl - 3.0.3-5ubuntu2
---
openssl (3.0.3-5ubuntu2) kinetic; urgency=medium
* d/p/Set-systemwide-default-settings-for-libssl-users: don't comment out
the CipherString string to avoid an empty section.
-- Simon Chopin Tue, 31 May 2022 13:02
** Tags added: patch
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1974037
Title:
openssl: EVP_EC_gen() segfault without init
To manage notifications about this bug go to:
https://bugs.launchpad.ne
** Description changed:
- Imported from Debian bug http://bugs.debian.org/1010958:
+ [Impact]
+
+ The fix for
+ https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1968997 has
+ broken some code paths as the new string comparison functions now need
+ initialization, triggering segafults.
+
+
Attached is a debdiff for the Jammy changes. I'm still working on
Kinetic as this will be folded into the merge, but I still need to do
some more work as some new patches have surfaced upstream since then, as
well as a new Debian revision. I feel the Jammy SRU should still move
forward.
Note that
** Changed in: openssl (Ubuntu Kinetic)
Status: Confirmed => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1974037
Title:
openssl: EVP_EC_gen() segfault without init
To manage no
** Merge proposal linked:
https://code.launchpad.net/~schopin/ubuntu/+source/openssl/+git/openssl/+merge/423153
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1974037
Title:
openssl: EVP_EC_gen()
** Changed in: openssl (Debian)
Status: New => Fix Released
** Changed in: openssl (Debian)
Importance: Undecided => Unknown
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1974037
Title:
o
This issue has been introduced in 3.0.3 upstream but we've backported
the patch set to Jammy as well. The cherry-picked fix is in Debian in
3.0.3-4.
** Changed in: openssl (Ubuntu)
Status: New => Confirmed
** Also affects: openssl (Ubuntu Kinetic)
Importance: Undecided
Status: Co