XZ developers have a couple questions regarding this after looking at the trace:
- is it reproducible? did it happen several times?
- does the machine use ECC memory?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to xz-utils in
Thanks for re-trying and reporting!
For some (possible) context: there have been some infrastructure issues
his week, especially at the beginning of the week: broken services and
delays in the pipelines. I was expecting this to be the cause of the
issue.
--
You received this bug notification bec
While preparing an update to 3.0.13 for Noble, I started encoutering
testsuite failures.
The cause is the AES patch combined with 3.0.13 (more specifically with the
dupctx patches. The problematic combination looks something like the following:
- AES-GCM-enabled-with-AVX512-vAES-and-vPCLMULQDQ
-
I'm not seeing the issue on 3.2.1. I'm preparing 3.0.13 without the AES
patch and will probably deal with it after the feature freeze at the end
of the month.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
Thanks for the report. I am reluctant to backport this as I'm not sure
it makes a lot of sense system-wide. Curl upstream didn't seem happy
with enabling this work-around even in 2021. It seems the reason to
integrate this would be to be able to ignore this despite curl not
ignoring it nor offering
Public bug reported:
Xz-utils 5.6.0 was released last Friday. It features a much faster
decompression code on all platforms but on x86_64 in particular, it is
60% faster in my testing. It also aligns better current practices of
enabling multi-threading by default (always with a default memory limi
Graham pointed out that the upload was actually to unstable and
therefore autosync'ed already!
I'm going to keep the bug open until it migrates due to the possibility
of some testsuite failures.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which
Thanks for continued investigation.
A reproducer would be valuable as it would allow me to verify
independently the patch is effective, within the limits of the
understanding of the situation of course and that can be especially
time-consuming when not having access to the remote server. :/
A repr
There are several reasons a program can skip loading the openssl
configuration unfortunately: env vars pointing to another file, apparmor
preventing loading, library initilization skipping it, ...
Is the program that ignores the openssl configuration file in the Ubuntu
archive? Or public?
--
You
Hey,
I think everything in the gnutls/ directory should be allowed: there can
be profiles with arbitrary names (or at least alnum I guess) which
define priority/configuration strings that can be used by gnutls
applications. I'm not aware of anything else that typically goes there
but I haven't che
Thanks a lot for looking at this. The issue seems fixed on my machine.
There are currently several changes being prepared for openssl and I
think I'd rather batch them considering the state of the CI queue but
this will definitely go into Noble. Thanks again.
--
You received this bug notification
Public bug reported:
tl;dr: since it's too much work to make openssl LTO-safe, upstream
doesn't see it as a goal and doesn't test it, and there are probably no
performance gains to LTO for this package.
Openssl is an old project and the codebase wasn't written with aliasing
rules in mind. There a
** Summary changed:
- openssl is not LTO-safe
+ [FFe] openssl is not LTO-safe
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/2058017
Title:
[FFe] openssl is not LTO-safe
** Description changed:
tl;dr: since it's too much work to make openssl LTO-safe, upstream
doesn't see it as a goal and doesn't test it, and there are probably no
performance gains to LTO for this package.
Openssl is an old project and the codebase wasn't written with aliasing
rules i
** Summary changed:
- [FFe] openssl is not LTO-safe
+ openssl is not LTO-safe
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/2058017
Title:
openssl is not LTO-safe
Statu
I did some additional tests too in a noble container.
With/without the env var to set the file location, including with the
file missing, with/without the env var to force FIPS mode, and using
values 0, 1, 42, -42, a.
By the way, note that access to these environment variables uses
secure_getenv(
** Changed in: openssl (Ubuntu)
Milestone: None => ubuntu-24.04
** Changed in: openssl (Ubuntu)
Assignee: (unassigned) => Adrien Nader (adrien-n)
** Changed in: openssl (Ubuntu)
Status: New => In Progress
--
You received this bug notification because you are a member
** Description changed:
We have an open MR with a handful of FIPS compatibilty changes we wore hoping
to get into 24.04. The main purpose of the changes is to detect whether the
kernel is running in FIPS mode and adjust the behavior of the library
accordingly by loading the correct provide
** Description changed:
tl;dr: since it's too much work to make openssl LTO-safe, upstream
doesn't see it as a goal and doesn't test it, and there are probably no
performance gains to LTO for this package.
Openssl is an old project and the codebase wasn't written with aliasing
rules i
** Description changed:
tl;dr: since it's too much work to make openssl LTO-safe, upstream
doesn't see it as a goal and doesn't test it, and there are probably no
performance gains to LTO for this package.
Openssl is an old project and the codebase wasn't written with aliasing
rules i
** Changed in: openssl (Ubuntu)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/2058017
Title:
openssl is not LTO-safe
Status i
** Changed in: openssl (Ubuntu)
Status: Triaged => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/2056593
Title:
[FFE] FIPS compatibility patches
Sta
I'll dive deeper into this. The timing collides with the t64 transition
so that makes me curious. Moreover, Debian reverted to 5.4.5 so the
situation where we're on 5.6.0 doesn't match Debian either.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, w
I had forgotten about this bug. Thanks for bringing this up and let me
close this.
** Changed in: xz-utils (Ubuntu)
Status: New => Invalid
** Description changed:
+ NOTE: THE VERSION MENTIONED HERE HAS BEEN BACKDOORED.
+ I am keeping the text below unchanged due to its possible historical
** Description changed:
+ NOTE: THIS IS AN ATTEMPT AT INCLUDING A BACKDOOR. THIS IS LEFT FOR
+ HISTORICAL PURPOSES ONLY AND MUST NOT BE DONE.
+
+
Please sync xz-utils 5.6.1-1 (main) from Debian unstable (main)
Hello! I am one of the upstream maintainers for XZ Utils. Version 5.6.1
was r
Due to openssl's release schedule, 24.04 Noble Numbat will still use
3.0. It will be 3.0.13 unless a 3.0.14 is released very soon.
After Noble Numbat is released, I will work on openssl 3.3 for the
subsequent Ubuntu release. It is not yet released but will be soon so I
might start with beta/RC. Th
I'm going to target this to 24.10 as it's the first time it will be
possible to "solve" it. As far as I understand, there will probably be
performance loss with 3.3 compared to 1.1 but it's going to be a long
tail rather than a few big changes which have been included in 3.1, 3.2
and 3.3.
Btw, Ant
** Also affects: openssl (Ubuntu Noble)
Importance: Undecided
Status: Confirmed
** Also affects: openssl (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: openssl (Ubuntu Mantic)
Importance: Undecided
Status: New
** Changed in: openssl (Ubuntu Mantic
Public bug reported:
I would like to have the most recent openssl version possible in Noble.
For that I am requesting to upload all the commits in the openssl-3.0
branch that follow 3.0.13 which is already in the archive.
I would like to include 3.0.14 afterwards if feasible. Having the most
rece
Note that there is a CVE fix in there too. It's low-severity because
it's only unbounded memory growth but it's quite easy to trigger and I
think that anyone who has a webserver with TLS 1.3 will want it patched.
Therefore there should be an upload of this at least.
--
You received this bug notif
** Changed in: openssl (Ubuntu)
Status: Triaged => New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/2062167
Title:
[FFe] openssl: post-3.0.13 changes from git
St
*** This bug is a duplicate of bug 1297025 ***
https://bugs.launchpad.net/bugs/1297025
** This bug has been marked a duplicate of bug 1297025
Either the changelog.gz is missing or there is an erroneous link in the
libssl1.0.0 package
--
You received this bug notification because you are
I plan to work on this during the OO cycle. It's an issue inherited from
Debian AFAIU.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1297025
Title:
Either the changelog.g
** Changed in: openssl (Ubuntu)
Milestone: None => ubuntu-24.10
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1297025
Title:
Either the changelog.gz is missing or the
AFAIU there is no issue in the package at the moment so I'll close the
report. Thanks for investigating and trying the package reinstallation.
(Also, Alex, impressive intuition!)
** Changed in: openssl (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you are a
With everything happening with the Noble release, I didn't handle that
back in March and then I forgot about it. Sorry about that.
Is this still relevant?
And is there a reproducer that I can run? I'm asking for a reproducer
because having to rely on a reporter or an environement I don't have
acc
** Changed in: openssl (Ubuntu)
Milestone: None => ubuntu-24.10
** Also affects: openssl (Ubuntu Oracular)
Importance: Undecided
Status: New
** Also affects: openssl (Ubuntu Noble)
Importance: Undecided
Status: New
** Changed in: openssl (Ubuntu Noble)
Milestone: None
Hi Eric and thanks for the report.
The SRU process necessarily takes time and openssl is a library that is
installed everywhere and is therefore more difficult to get through the SRU
process.
Time-wise (including due to my own availability), I don't think there will be a
patched openssl version
I can confirm the issue:
BIOS Model name: AMD Ryzen 7 7840HS w/ Radeon 780M Graphics
Unknown CPU @ 3.8GHz
It looks very minor however. As far as I'm concerned, it doesn't look
like it would be worth SRU'ing it, and considering we're past feature-
freeze for oracular, I'm not sure it woul
sl (Ubuntu)
Assignee: (unassigned) => Adrien Nader (adrien)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/2073991
Title:
Add FIPS defines to Noble OpenSSL header file
Tobias, I think the files are available now.
Package: libssl3-dbgsym
Package-Type: ddeb
Architecture: amd64
Version: 3.0.2-0ubuntu1.18
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad
I've been preparing a build that includes these changes.
These are fine:
UBUNTU_OSSL_PROV_FIPS_PARAM_UNAPPROVED_USAGE
UBUNTU_OSSL_SELF_TEST_DESC_PCT_DH
These don't seem fine:
OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX
RSA_PSS_SALTLEN_AUTO_DIGEST_MAX
Defining them would change the behavior of t
Alright, 0046-signature-Clamp-PSS-salt-len-to-MD-len.patch has been
merged upstream for openssl 3.1:
https://github.com/openssl/openssl/commit/6c73ca4a2f4ea71f4a880670624e7b2fdb6f32da
No concern for OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX and
RSA_PSS_SALTLEN_AUTO_DIGEST_MAX in openssl >= 3.1 an
Attached is a debdiff against Ubuntu's 3.0.5-2ubuntu2.
** Patch added: "openssl_3.0.5-2ubuntu2-to-openssl_3.0.7-1ubuntu1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1998942/+attachment/5638958/+files/openssl_3.0.5-2ubuntu2-to-openssl_3.0.7-1ubuntu1.debdiff
--
You received
Attached is a debdiff against Debian's 3.0.7-1.
** Patch added: "openssl_3.0.7-1-to-openssl_3.0.7-1ubuntu1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1998942/+attachment/5638959/+files/openssl_3.0.7-1-to-openssl_3.0.7-1ubuntu1.debdiff
--
You received this bug notificatio
And PPA for this merge is available at
https://launchpad.net/~adrien-n/+archive/ubuntu/merge-openssl-3.0.7/ .
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1998942
Title:
Updated because Debian now has 3.0.7-2 which includes a patch for a low
severity security issue (CVE-2022-3996).
PPA is still at https://launchpad.net/~adrien-n/+archive/ubuntu/merge-
openssl-3.0.7 .
Attached is the debdiff from 3.0.5-2ubuntu2 to 3.0.7-2ubuntu1 .
** CVE added: https://cve.mitre.
Attached is the debdiff from 3.0.7-2 to 3.0.7-2ubuntu1.
** Patch added: "openssl_3.0.7-2-to-openssl_3.0.7-2ubuntu1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1998942/+attachment/5640127/+files/openssl_3.0.7-2-to-openssl_3.0.7-2ubuntu1.debdiff
--
You received this bug not
Public bug reported:
In 9.1-1ubuntu1 (lunar), a testcase has been renamed from proc-selinux-
segfault.sh to selinux-segfault.sh . This changes debian/tests/upstream
to reflect the change.
** Affects: coreutils (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug not
Attached patch. The crux is:
--- coreutils-9.1/debian/tests/upstream2022-12-08 14:47:43.0 +0100
+++ coreutils-9.1/debian/tests/upstream2023-01-10 14:19:26.0 +0100
@@ -136,7 +136,7 @@
ls/m-option.sh \
ls/multihardlink.sh \
ls/no-arg.sh \
-ls/proc-selinux-segfault.
Updated patch following Simon's feedback: there was a pretty bad mistake
in the debian changelog where I included UNRELEASEd changes from Debian
as a dedicated changelog entry.
I had to create a new PPA because as part of the changelog fix, I
changed the version back to 3.0.7-1ubuntu1 rather than
** Patch added: "openssl_3.0.7-1-to-openssl_3.0.7-1ubuntu1~ppa2.debdiff"
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1998942/+attachment/5640640/+files/openssl_3.0.7-1-to-openssl_3.0.7-1ubuntu1~ppa2.debdiff
--
You received this bug notification because you are a member of Ubuntu
To
The terrible thing with compression is how we know of no universal rule.
I'm sure you can even find non-pathological cases where lz4 compresses
better than zpaq (and does so 100 times faster). And that's without
taking I/O into account (or filters).
An important thing to keep in mind here is t
This is the debdiff from 0.24.1-2 to 0.24.1-2ubuntu1:
p11-kit-0.24.1-2-to-0.24.1-2ubuntu1.debdiff
This is the debdiff from 0.24.1-1ubuntu2 to 0.24.1-2ubuntu1:
p11-kit-0.24.1-1ubuntu2-to-0.24.1-2ubuntu1.debdiff
** Patch added: "p11-kit-0.24.1-1ubuntu2-to-0.24.1-2ubuntu1.debdiff"
https://bugs
Public bug reported:
This is a merge of Debian unstable's 0.24.1-2 as 0.24.1-2ubuntu1.
A PPA is available at
https://launchpad.net/~adrien-n/+archive/ubuntu/p11-kit-merge-0.24.1-2 .
** Affects: p11-kit (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notificati
The issue with being less verbose is that users will end up with the
same issue when two neighbor machines have different updates. This also
applies to machines belonging to different people as soon as these
people discuss about a but that could be caused or solved by these
updates.
I'd prefer to
** Summary changed:
- Merge Debian unstable's 0.24.1-2
+ Merge Debian unstable's p11-kit 0.24.1-2
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to p11-kit in Ubuntu.
https://bugs.launchpad.net/bugs/2003548
Title:
Merge Debi
Public bug reported:
Openssl 3.0.8 has been released. Unstable now contains 3.0.8-1 which we
can merge.
** Affects: openssl (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribe
** Tags added: fr-3408
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/2006954
Title:
openssl: merge unstable's 3.0.8-1
Status in openssl package in Ubuntu:
New
Bug des
** Changed in: openssl (Ubuntu)
Assignee: (unassigned) => Adrien Nader (adrien-n)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/2006954
Title:
openssl: me
I'm attaching patches for the merge.
The diff from 3.0.8-1 to 3.0.8-1ubuntu1 is in openssl_3.0.8-1.dsc-to-
openssl_3.0.8-1ubuntu1.dsc.diff .
** Patch added: "openssl_3.0.8-1.dsc-to-openssl_3.0.8-1ubuntu1.dsc.diff"
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2006954/+attachment/5648
I'm attaching patches for the merge.
The diff from 3.0.7-1ubuntu1 to 3.0.8-1ubuntu1 is in
openssl_3.0.8-1ubuntu1.dsc-to-openssl_3.0.8-1ubuntu1.dsc.diff .
PPA is at
https://launchpad.net/~adrien-n/+archive/ubuntu/openssl-3.0.8-1-merge-v2
** Patch added: "openssl_3.0.7-1ubuntu1.dsc-to-openssl_3.0.
Hi, if I understand correctly, you're either updating python-
cryptography or installing it in a virtual environment, is that right?
Lunar is going to have python3-openssl 23 and python3-cryptography 38
(actually they're already in the archive).
I don't think we could easily change the versions o
In addition to what Steve has said, I'm wondering if you can work around
this by using faketime when signing.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/2003701
Title:
No problem. I've marked the bug as Invalid. Thanks for your answer. :)
** Changed in: openssl (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.ne
Hi,
I have not been able to reproduce your issue. Since you did not provide
the exact command you've used, I did a different test that relies on the
engine. I did the following (lots of trial and error):
* git clone https://github.com/gost-engine/engine
* mkdir build
* cd build
* cmake -DOPENSSL_
** Changed in: openssl (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/2039142
Title:
openssl v3.0.2 is not work with dynamic engi
Removed ~ubuntu-sponsors for a few days while a few things settle.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/2033422
Title:
openssl: backport to jammy "clear method s
Hi Lucas,
Sorry, this is part of an SRU with 4 patches but that we've decided to
hold back for a bit (a few days after the current release). I've removed
ubuntu-sponsors from the "main" LP bug (link near the top of the bug
report) but not from the others. I'll do it now and I think maybe it's
bett
** Description changed:
=== SRU information ===
+ [ATTENTION]
+ This SRU contains FOUR changes which are listed in the section below.
+
[Meta]
This bug is part of a series of four bugs for a single SRU.
This ( #2033422 ) is the "central" bug with the global information and
debdiff.
** Description changed:
=== SRU information ===
[ATTENTION]
This SRU contains FOUR changes which are listed in the section below.
[Meta]
This bug is part of a series of four bugs for a single SRU.
This ( #2033422 ) is the "central" bug with the global information and
debdiff.
** Description changed:
=== SRU information ===
[ATTENTION]
This SRU contains FOUR changes which are listed in the section below.
[Meta]
This bug is part of a series of four bugs for a single SRU.
This ( #2033422 ) is the "central" bug with the global information and
debdiff.
Forgot to upload the latest debdiff.
** Patch added: "openssl_3.0.2-0ubuntu1.12-to-3.0.2-0ubuntu1.13.diff"
https://bugs.launchpad.net/ubuntu/jammy/+source/openssl/+bug/2033422/+attachment/5713594/+files/openssl_3.0.2-0ubuntu1.12-to-3.0.2-0ubuntu1.13.diff
--
You received this bug notification
** Description changed:
=== SRU information ===
[ATTENTION]
This SRU contains FOUR changes which are listed in the section below.
[Meta]
This bug is part of a series of four bugs for a single SRU.
This ( #2033422 ) is the "central" bug with the global information and
debdiff.
** Description changed:
=== SRU information ===
[ATTENTION]
- This SRU contains FOUR changes which are listed in the section below.
+ This SRU contains THREE changes which are listed in the section below.
[Meta]
This bug is part of a series of four bugs for a single SRU.
This ( #20334
** Description changed:
=== SRU information ===
[Meta]
- This bug is part of a series of four bugs for a single SRU.
+ This bug is part of a series of three bugs for a single SRU.
The "central" bug with the global information and debdiff is
http://pad.lv/2033422
[Impact]
Openssl usin
** Description changed:
=== SRU information ===
[Meta]
- This bug is part of a series of four bugs for a single SRU.
+ This bug is part of a series of three bugs for a single SRU.
The "central" bug with the global information and debdiff is
http://pad.lv/2033422
[Impact]
S/MIME signa
** Description changed:
=== SRU information ===
[Meta]
- This bug is part of a series of four bugs for a single SRU.
+ This bug is part of a series of three bugs for a single SRU.
The "central" bug with the global information and debdiff is
http://pad.lv/2033422
[Impact]
Decryption f
I don't know why LP expired this bug since you commented after I changed
the its status...
Anyway, I'm going to mark it as New again. Unfortunately, I haven't had
time to try to reproduce this again and I won't have time before at
least two weeks due to some time off and Canonical events. It would
Hi Nathan,
Sorry, I didn't have enough time to comment here before a few days of
vacation.
This one is indeed not in the SRU at the moment. The description edit
itself did not make much sense.
I first discussed this topic with Simon but then also with Steve
Langasek, with others attending the sa
** Description changed:
=== SRU information ===
[ATTENTION]
This SRU contains THREE changes which are listed in the section below.
[Meta]
- This bug is part of a series of four bugs for a single SRU.
+ This bug is part of a series of three bugs for a single SRU.
This ( #2033422 ) is t
I'm going to mark this as duplicate of another bug which I have an
overdue answer to provide.
But one important question: what is your actual usecase that is
negatively impacted?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed t
That looks a lot like the -fstack-clash-protection issue we've been
having recently for other packages on armhf.
dpkg 1.22.1ubuntu3 should fix this (
https://launchpad.net/ubuntu/+source/dpkg/1.22.1ubuntu3 )
The place where I've written the most details about this is
https://code.launchpad.net/~a
Thanks for looking more deeply than I did. I guess I'll upload both to
my PPA, using whichever version is in -proposed right now.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apport in Ubuntu.
https://bugs.launchpad.net/bug
As you mention, it's difficult to test with this reproducer specifically
since it's specialized hardware and I've largely had to rely on testing
from the proxied persons who also have interests and duties in this
working well. The issue also appears without the specific hardware when
using provider
Indeed, there is an "extra" change which I saw fit to include after
reviewing the change with care.
Replicating the issue directly involves using the openssl C APIs because
higher-level interfaces like the command-line ones prevent calling the
affected code in a way that will trigger the issue. Th
*** This bug is a duplicate of bug 1990216 ***
https://bugs.launchpad.net/bugs/1990216
** This bug has been marked a duplicate of bug 1990216
backport fix for "OpenSSL 3 cannot decrypt data encrypted with OpenSSL 1.1
with blowfish in OFB or CFB modes" to Jammy
--
You received this bug no
Apologies for not answering earlier; I wasn't available when I first saw
your message.
FWIW, there's just been another report of the same issue with a
different scenario but that's half-way between the "streaming" case and
the "data at rest" one.
The reason this fix is difficult to integrate in a
Openssl's support policy means we won't be using a non-LTS version in
Ubuntu. There's a small window where we might use a non-LTS version
provided we are sure we can upgrade to an LTS version of openssl in time
for our own LTS but at the moment this situation has not happened yet.
Openssl 3.1 is n
Thanks a lot for the tests, that's very appreciated.
I ran that on my laptop (11th Gen Intel(R) Core(TM) i5-1135G7 @ 2.40GHz)
which quite surprisingly has all these CPU features. Mostly idle,
dynamic CPU governor but no thermal throttling at all (and if there
were, it would probably slow down the
There aren't many ways to make localtime() fail and we still don't know
how this happened in this case. We expect this happens maybe on a 32-bit
machine. You can't have a really huge value in btmp anyway because
everything is stored on 32-bit signed integers but maybe seconds are
negative or micros
Sometimes I don't understand what happens when I attempt to reply by
mail...
Anyway...
The affected code is in libcrypto which I think sees fewer important security
fixes. Therefore it's possible to build it and put it in your library search
path. This should fix the issue without being too terr
I tested this patch set on a Zen 4 machine too and saw roughly similar
speedups.
And before someone asks: no, I'm not testing that on Via CPUs!
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.l
Here is an updated version.
I've dropped the extra patch for #1994165 and fixed the changelog where
I had swapped comments for two of the patches.
I've created a new PPA at
https://launchpad.net/~adrien-n/+archive/ubuntu/jammy-
openssl-2033422-sru because the version is unchanged (there has been
I'm attaching an updated debdiff.
- remove left-over patches for a bug that we decided to not handle as part of
this SRU (patches were already unlisted from d/p/series)
- added Bug-Ubuntu entries to patches
PPA is the same. New build is at
https://launchpad.net/~adrien-n/+archive/ubuntu/jammy-
o
Thanks for the review and upload.
I have a similar take on the patches in this series and I believe it
would be very difficult and riskier to try to skip some of the patches
in this series which has seen real-world use as a whole, starting with
openssl >= 3.0.4 (which we started shipping in lunar)
Gil, can you do the verification? Thanks.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1994165
Title:
CMS_final: do not ignore CMS_dataFinal result
Status in openssl pa
As expected, it wasn't very easy to create a reproducer since the
openssl tool couldn't be used and it required introducing errors in
lower layers. Moreover the CMS_dataFinal symbol cannot be overriden in a
meaningful way, probably either due to LTO or symbol visibility.
Fortunately it was still po
Frank and Grgo, thanks for the verification. That was very helpful.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/2023545
Title:
[UBUNTU 22.04] openssl with ibmca engine
Thanks a lot for the verification Simon!
I looked at the test results and I believe failed tests are all fine:
- diffoscope: pyhon "ModuleNotFoundError: No module named 'tests.utils'"
- dotnet*: complains that this dotnet is not tested for 24.04 (yes, 24.04);
this system of keeping a matrix of h
1 - 100 of 298 matches
Mail list logo
