Sorry for the late response, but was quite busy.
Yes I always have some systems in place (@schopin you can always ping me per MM
is s/t is needed).
I just did the verifications for hirsute and focal and both are fine:
ubuntu@h7:~$ arch && lsb_release -c
s390x
Codename: hirsute
ubuntu@h7:~$ apt-cache policy openssl
openssl:
Installed: 1.1.1j-1ubuntu3.2
Candidate: 1.1.1j-1ubuntu3.2
Version table:
*** 1.1.1j-1ubuntu3.2 500
500 http://us.ports.ubuntu.com/ubuntu-ports hirsute-proposed/main s390x
Packages
100 /var/lib/dpkg/status
1.1.1j-1ubuntu3 500
500 http://ports.ubuntu.com/ubuntu-ports hirsute/main s390x Packages
ubuntu@h7:~$ gcc test.c -o evc-test -lcrypto -lssl
ubuntu@h7:~$ ./evc-test && echo OK
OK
ubuntu@h7:~$
ubuntu@s15:~$ arch && lsb_release -c
s390x
Codename: focal
ubuntu@s15:~$ apt-cache policy openssl
openssl:
Installed: 1.1.1f-1ubuntu2.5
Candidate: 1.1.1f-1ubuntu2.5
Version table:
*** 1.1.1f-1ubuntu2.5 500
500 http://us.ports.ubuntu.com/ubuntu-ports focal-proposed/main s390x
Packages
500 http://ports.ubuntu.com/ubuntu-ports focal-proposed/main s390x
Packages
100 /var/lib/dpkg/status
1.1.1f-1ubuntu2.4 500
500 http://ports.ubuntu.com/ubuntu-ports focal-updates/main s390x
Packages
1.1.1f-1ubuntu2.3 500
500 http://ports.ubuntu.com/ubuntu-ports focal-security/main s390x
Packages
1.1.1f-1ubuntu2 500
500 http://ports.ubuntu.com/ubuntu-ports focal/main s390x Packages
ubuntu@s15:~$ gcc test.c -o evc-test -lcrypto -lssl
ubuntu@s15:~$ ./evc-test && echo OK
OK
ubuntu@s15:~$
I'm updating the tags accordingly ...
** Tags removed: verification-needed verification-needed-focal
verification-needed-hirsute
** Tags added: verification-done verification-done-focal
verification-done-hirsute
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1931994
Title:
[Ubuntu 20.04] OpenSSL bugs in the s390x AES code
Status in Ubuntu on IBM z Systems:
Fix Committed
Status in openssl package in Ubuntu:
Fix Released
Status in openssl source package in Bionic:
Fix Committed
Status in openssl source package in Focal:
Fix Committed
Status in openssl source package in Hirsute:
Fix Committed
Status in openssl source package in Impish:
Fix Released
Bug description:
Problem description:
When passing a NULL key to reset AES EVC state, the state wouldn't be
completely reset on s390x.
https://github.com/openssl/openssl/pull/14900
Solution available here:
https://github.com/openssl/openssl/commit/dc67210d909b5dd7a50f60a96f36f3f5a891b1c8
Should be applied to all distros where openssl 1.1.1 is included for
consistency reason.
-> 21.10, 20.04, 18.04.
I think not needed for 16.04 anymore....
[Test plan]
$ sudo apt install libssl-dev
$ gcc test.c -o evc-test -lcrypto -lssl # See
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1931994/comments/2 for
the test.c program
$ ./evc-test && echo OK
[Where problems could occur]
This patch only touches s390x code paths, so there shouldn't be any
regression on other architectures. However, on s390x this could reveal
latent bugs by spreading a NULL key to new code paths.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1931994/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
