** Description changed: - Imported from Debian bug http://bugs.debian.org/1010958: + [Impact] + + The fix for + https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1968997 has + broken some code paths as the new string comparison functions now need + initialization, triggering segafults. + + The provided debdiff fixes the immediate issue and also settles on a new + implementation not requiring the initialization in the first place. + + [Test Plan] + + Since this is a regression fix, we first need to check that the original + bug hasn't cropped up again: + + sudo locale-gen tr_TR.UTF-8 + LANG=C curl https://ubuntu.com/ > /dev/null # This work + LANG=tr_TF.UTF-8 curl https://ubuntu.com/ > /dev/null # This should work as well + + For the regression itself: + + sudo apt install libssl-dev + cat <<EOF > openssl_test.c + #include <openssl/evp.h> + int main() + { + EVP_PKEY_Q_keygen(NULL, NULL, "EC", "P-256"); + } + EOF + gcc openssl_test.c -lcrypto -lssl -o openssl_test + ./openssl_test + + + [Where problems could occur] + + This new patch set is relatively massive, on top of another massive one. + Some new regressions could crop up of a similar kind. Furthermore, the + homegrown string comparison function could be buggy, leading to algorithm name mismatches. + + [Other info] + + The patches all come from upstream and have been merged on their 3.0 + maintenance branch. + + [Original report] Source: sscg Version: 3.0.2-1 Severity: serious Tags: ftbfs https://buildd.debian.org/status/logs.php?pkg=sscg&ver=3.0.2-1%2Bb1 ... 1/10 generate_rsa_key_test FAIL 0.01s killed by signal 11 SIGSEGV 04:32:21 MALLOC_PERTURB_=87 /<<PKGBUILDDIR>>/obj-x86_64-linux-gnu/generate_rsa_key_test ... Summary of Failures: 1/10 generate_rsa_key_test FAIL 0.01s killed by signal 11 SIGSEGV Ok: 9 Expected Fail: 0 Fail: 1 Unexpected Pass: 0 Skipped: 0 Timeout: 0 dh_auto_test: error: cd obj-x86_64-linux-gnu && LC_ALL=C.UTF-8 MESON_TESTTHREADS=4 ninja test returned exit code 1 make: *** [debian/rules:6: binary-arch] Error 25 This has also been reported on the openssl-users mailing list: https://www.mail-archive.com/openssl-users@openssl.org/msg90830.html
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1974037 Title: openssl: EVP_EC_gen() segfault without init Status in openssl package in Ubuntu: In Progress Status in openssl source package in Jammy: Confirmed Status in openssl source package in Kinetic: In Progress Status in openssl package in Debian: Fix Released Bug description: [Impact] The fix for https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1968997 has broken some code paths as the new string comparison functions now need initialization, triggering segafults. The provided debdiff fixes the immediate issue and also settles on a new implementation not requiring the initialization in the first place. [Test Plan] Since this is a regression fix, we first need to check that the original bug hasn't cropped up again: sudo locale-gen tr_TR.UTF-8 LANG=C curl https://ubuntu.com/ > /dev/null # This work LANG=tr_TF.UTF-8 curl https://ubuntu.com/ > /dev/null # This should work as well For the regression itself: sudo apt install libssl-dev cat <<EOF > openssl_test.c #include <openssl/evp.h> int main() { EVP_PKEY_Q_keygen(NULL, NULL, "EC", "P-256"); } EOF gcc openssl_test.c -lcrypto -lssl -o openssl_test ./openssl_test [Where problems could occur] This new patch set is relatively massive, on top of another massive one. Some new regressions could crop up of a similar kind. Furthermore, the homegrown string comparison function could be buggy, leading to algorithm name mismatches. [Other info] The patches all come from upstream and have been merged on their 3.0 maintenance branch. [Original report] Source: sscg Version: 3.0.2-1 Severity: serious Tags: ftbfs https://buildd.debian.org/status/logs.php?pkg=sscg&ver=3.0.2-1%2Bb1 ... 1/10 generate_rsa_key_test FAIL 0.01s killed by signal 11 SIGSEGV 04:32:21 MALLOC_PERTURB_=87 /<<PKGBUILDDIR>>/obj-x86_64-linux-gnu/generate_rsa_key_test ... Summary of Failures: 1/10 generate_rsa_key_test FAIL 0.01s killed by signal 11 SIGSEGV Ok: 9 Expected Fail: 0 Fail: 1 Unexpected Pass: 0 Skipped: 0 Timeout: 0 dh_auto_test: error: cd obj-x86_64-linux-gnu && LC_ALL=C.UTF-8 MESON_TESTTHREADS=4 ninja test returned exit code 1 make: *** [debian/rules:6: binary-arch] Error 25 This has also been reported on the openssl-users mailing list: https://www.mail-archive.com/openssl-users@openssl.org/msg90830.html To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1974037/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
