All autopkgtests for the newly accepted openssl (3.0.2-0ubuntu1.2) for jammy have finished running. The following regressions have been reported in tests triggered by the package:
mysql-8.0/8.0.29-0ubuntu0.22.04.2 (i386) resource-agents/1:4.7.0-1ubuntu7 (armhf) seqkit/2.1.0+ds-1 (arm64) ngircd/26.1-1 (s390x) linux-lowlatency/5.15.0-30.31 (arm64) python-bonsai/1.3.0+ds-3build1 (armhf) Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1]. https://people.canonical.com/~ubuntu-archive/proposed- migration/jammy/update_excuses.html#openssl [1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions Thank you! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1968997 Title: openssl has catastrophic issues when locale set to TR_UTF8 Status in openssl package in Ubuntu: Fix Committed Status in openssl source package in Jammy: Fix Committed Status in openssl source package in Kinetic: Fix Committed Bug description: [Impact] Due to the case comparison differences in the Turkish locale, some routines in OpenSSL fail to recognize some algorithm names as valid, unexpectedly breaking crypto. [Test Plan] This bug is really easy to trigger: sudo locale-gen tr_TR.UTF-8 LANG=C curl https://ubuntu.com/ > /dev/null # This work LANG=tr_TF.UTF-8 curl https://ubuntu.com/ > /dev/null # This fails The error is curl: (35) error:03000072:digital envelope routines::decode error [Where problems could occur] This patch set is relatively massive, and can cause regressions, as illustrated by the patch #5 which fixes one such regression. Those regressions would likely show up as either libssl crashes, in case of uninitialized objects, or as algorithm selection failures if somehow the case comparison is buggy. [Other Info] The fix has already been released upstream as part of their 3.0.3 release. [Original report] I noticed this when I checked "ua status". It alerted me that I should check my openssl configuration. "ua status Failed to access URL: https://contracts.canonical.com/v1/resources?architecture=amd64&kernel=5.15.0-25-generic&series=jammy Cannot verify certificate of server Please check your openssl configuration." I also figured wget&curl doesn't work with https:// URLs at all. On web I found: https://github.com/openssl/openssl/issues/18039 So I changed locale to C_UTF-8 #locale LANG=tr_TR.UTF-8 LANGUAGE= LC_CTYPE="tr_TR.UTF-8" LC_NUMERIC=tr_TR.UTF-8 LC_TIME=tr_TR.UTF-8 LC_COLLATE="tr_TR.UTF-8" LC_MONETARY=tr_TR.UTF-8 LC_MESSAGES="tr_TR.UTF-8" LC_PAPER=tr_TR.UTF-8 LC_NAME=tr_TR.UTF-8 LC_ADDRESS=tr_TR.UTF-8 LC_TELEPHONE=tr_TR.UTF-8 LC_MEASUREMENT=tr_TR.UTF-8 LC_IDENTIFICATION=tr_TR.UTF-8 LC_ALL= casaba@ship-macbook:/backups$ sudo locale-gen c ca_AD ca_ES.UTF-8 ca_IT ckb_IQ cs_CZ cy_GB.UTF-8 ca_AD.UTF-8 ca_ES@valencia ca_IT.UTF-8 cmn_TW cs_CZ.UTF-8 ca_ES ca_FR ce_RU crh_UA cv_RU ca_ES@euro ca_FR.UTF-8 chr_US csb_PL cy_GB casaba@ship-macbook:/backups$ sudo locale-gen C.UTF-8 Generating locales (this might take a while)... C.UTF-8... done Generation complete. casaba@ship-macbook:/backups$ update-locale LANG=C.UTF8 casaba@ship-macbook:/backups$ sudo update-locale LANG=C.UTF8 Now the result is (after logout/login) ua status SERVICE ENTITLED STATUS DESCRIPTION cc-eal yes n/a Common Criteria EAL2 Provisioning Packages cis yes n/a Security compliance and audit tools esm-infra yes n/a UA Infra: Extended Security Maintenance (ESM) fips yes n/a NIST-certified core packages fips-updates yes n/a NIST-certified core packages with priority security updates livepatch yes n/a Canonical Livepatch service Enable services with: ua enable <service> Account: il...@fastmail.fm Subscription: il...@fastmail.fm If Ubuntu 22 ships with current configuration, entire TR will suffer considering you can't find http:// downloads anymore. ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: openssl 3.0.2-0ubuntu1 ProcVersionSignature: Ubuntu 5.15.0-25.25-generic 5.15.30 Uname: Linux 5.15.0-25-generic x86_64 ApportVersion: 2.20.11-0ubuntu82 Architecture: amd64 CasperMD5CheckResult: unknown Date: Thu Apr 14 10:21:09 2022 InstallationDate: Installed on 2021-12-29 (105 days ago) InstallationMedia: Lubuntu 20.04.3 LTS "Focal Fossa" - Release amd64 (20210819) SourcePackage: openssl UpgradeStatus: Upgraded to jammy on 2022-04-09 (4 days ago) mtime.conffile..etc.ssl.openssl.cnf: 2022-04-10T13:11:20.222505 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1968997/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
