ACK from the security team on the low CVE being included in this SRU. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1828215
Title: openssl ca -spkac output regressed Status in OpenSSL: Fix Released Status in openssl package in Ubuntu: Fix Committed Status in openssl source package in Bionic: Fix Committed Status in openssl source package in Cosmic: Fix Committed Status in openssl source package in Disco: Fix Committed Status in openssl source package in Eoan: Fix Committed Bug description: [Impact] * openssl command line utility option parsing has regressed in 1.1.0i+ and produces binary output, where text output is expected, breaking applications that parse that. [Test Case] Setup CA: $ apt install openssl $ mkdir -p demoCA/private demoCA/newcerts $ touch demoCA/index.txt $ echo 01 > demoCA/serial $ openssl req -new -x509 -days 365 -newkey rsa:4096 -keyout demoCA/private/cakey.pem -out demoCA/cacert.pem # Use password test # Accept defaults for all other settings $ openssl req -new -days 365 -newkey rsa:4096 -keyout demoCA/sslkey.pem -out demoCA/sslcert.pem Generate regular request / key: # Use password test # Set common name to: example.com # Accept defaults for all other settings Generate spkac request: $ openssl spkac -key demoCA/sslkey.pem -out demoCA/sslcert.spkac $ cat <<EOF >>demoCA/sslcert.spkac countryName=AU stateOrProvinceName=Some-State organizationName=Internet Widgits Pty Ltd commonName=example.com EOF Sign spkac request: $ echo test | openssl ca -passin stdin -batch -spkac demoCA/sslcert.spkac -startdate 190121130654Z Expected: pure text output Unexpected: binary output for the signed cert Currently produces binary goop. Should produce PEM format Base64 encoded certificate data in a block surrounded with BEGIN/END certificate. [Regression Potential] * This is a regression in cosmic and up, and impeding regression in bionic with the upcoming 1.1.1 SRU. A bugfix exists upstream. [Other Info] * Originally reported https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1797386/comments/39 To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/1828215/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
