** Description changed: + [Impact] + The ibmca engine global state gets destroyed if the engine is loaded multiple times. This happens, e.g., during a git clone via https where first git-remote-https loads the engine and initializes it, and the libcurl loads the engine a second time, does not initialize it, but then destroy its second copy. During destruction, OpenSSL calls into the ibmca_destroy function when then manipulates global state that is shared with the first engine (the one loaded by git-remote-https which is still actively used). + + [Test Case] + I was able to build this package into a ppa and got the IBM team to confirm this problem was resolved for hirsute, groovy and focal see comment #2 and #3 + Another verification test will be done (as part of the SRU process) again by the IBM team. + + [What could go wrong] + Given this is an IBM component and that is happens on IBM hardware it is unlikely to affect anyone else. Also this problem was resolved initially upstream on April 28th and has been since included in Impish. the patch set applies cleanly on each version of ubuntu impacted (Hirsute, Groovy and Focal.) + + + [Original Description] + + Problem Description: - Loading and initializing the OpenSSL configuration twice causes ibmca to prematurely destroy global data. + Loading and initializing the OpenSSL configuration twice causes ibmca to prematurely destroy global data. This then causes crashes in applications that do this. It might happen if an application first initializes OpenSSls libcrypto and then libssl. - Solution: Please backport https://github.com/juergenchrist/openssl-ibmca/commit/40928425d848827fa8427d677e37178ab3b57e50 to fix this problem. focal (20.04LTS) (libs): 2.1.0-0ubuntu1 [ports]: s390x groovy (20.10) (libs): 2.1.1-0ubuntu1 [ports]: s390x hirsute (21.04) (libs): 2.1.1-0ubuntu1 [ports]: s390x git commit applies here cleanly. - impish (libs): 2.1.2-0ubuntu1 [ports]: s390x git commit should already be contained in this. So no need for another patch.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1926960 Title: OpenSSL 1.1.1g function EC_KEY_set_group() causes illegal instruction SIGILL in file crypto/ec/ec_key:477 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1926960/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
