** Description changed:
The recent openssl update to 3.0.2-0ubuntu1.2 in jammy included some
buggy changes related to OPENSSL_strcasecmp. Briefly, it's possible for
OPENSSL_strcasecmp to be called before the global locale_t object has
- been initialized, causing a crash. For example, this bug can be
- trivially triggered with the program below.
+ been initialized, causing a crash in strcasecmp_l. For example, this bug
+ can be trivially triggered with the program below.
#include <openssl/evp.h>
int main()
{
- EVP_PKEY_Q_keygen(NULL, NULL, "EC", "P-256");
+ EVP_PKEY_Q_keygen(NULL, NULL, "EC", "P-256");
}
The problem is already fixed in the openssl-3.0 branch. Please consider
backporting this PR https://github.com/openssl/openssl/pull/18293 or
updating the ubuntu package to a more recent commit of that branch that
includes the fixes.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1975347
Title:
Backport OPENSSL_strcasecmp fixes from 3.0 branch
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1975347/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
