On Fri, Jul 03, 2026 at 03:23:03PM +0200, Julian Andres Klode wrote:
> On Thu, Jun 25, 2026 at 08:54:01PM +0200, Sebastian Andrzej Siewior wrote:
> > Control: reassign -1 apt 3.0.3
> > 
> > On 2026-06-19 09:37:09 [+0200], Julian Andres Klode wrote:
> > > This seems to be a bug in OpenSSL, and the proposed workaround is
> > > wholly inappropriate. This also points out there is _another_ bug
> > > somewhere, as we _should_ have raised this error _before_ we enter
> > > the Read/Write functions.
> > 
> > Moving back to apt after consulting with upstream, the details are in
> >     https://github.com/openssl/openssl/issues/31624
> > 
> > There is:
> > | The correct fix is for the application (apt in this case), to do what
> > | postgresql did, and call ERR_clear_error(), prior to a subsequent SSL
> > | call.
> > 
> > and 
> 
> That is not a fix and not acceptable. We must not ignore random
> errors. I will not accept quick hacks that can fundamentally break
> security.
> 
> PostgreSQL's work around is a potential security issue and should
> be treated as such. It is not acceptable in production code to silently
> discard the error queue, errors need to be raised at the appropriate
> point in time (or discarded - with safety checks - at the appropriate
> point in time).
> 
> We should treat this as a release critical bug in postgresql tbh.
> 
> > 
> > | I want to add one nuance after checking the source code of 3.5: I'm not
> > | convinced that upstream libssl 3.5.6 is the source of the stale
> > | MD5/MD5-SHA1 error described here. In the code, the optional digest
> > | fetch helper ssl_evp_md_fetch uses ERR_set_mark / ERR_pop_to_mark, and
> > | the sigalg probing code is also protected.
> > | 
> > | Apt source code also uses OpenSSL EVP digest code outside the TLS path,
> > | including MD5 hashing, so there may be more than one possible source of
> > | a stale FIPS/provider error before the later TLS I/O.
> > 
> > > Thanks!
> > 
> > Sebastian
> 
> Right so the error is that the context is not correctly cleared where
> an optional MD5 operation failed.
> 
> The fix for that is identifying the failing MD5 operation, asserting
> that the error queue is empty before the call, and then discarding the
> error generated by the call after it.

I can offer

https://salsa.debian.org/apt-team/apt/-/merge_requests/590

There are some more bugs in methods/connect.cc, HandleError()
where we only look at the top error in the stack rather than
all errors.

Not yet sure how to fix this.

Posted about the general issue in

https://blog.jak-linux.org/2026/07/03/openssl-pandemic/
-- 
debian developer - deb.li/jak | jak-linux.org - free software dev
ubuntu core developer                              i speak de, en

Reply via email to