[Touch-packages] [Bug 1968997] Re: openssl has catastrophic issues when locale set to TR_UTF8
This bug was fixed in the package openssl - 3.0.3-0ubuntu1 --- openssl (3.0.3-0ubuntu1) kinetic; urgency=medium * New upstream release (LP: #1968997): - d/p/CVE-2022-*: dropped, present upstream - d/p/c_rehash-compat.patch: refreshed -- Simon Chopin Thu, 05 May 2022 10:56:04 +0200 ** Changed in: openssl (Ubuntu Kinetic) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1968997 Title: openssl has catastrophic issues when locale set to TR_UTF8 Status in openssl package in Ubuntu: Fix Released Status in openssl source package in Jammy: Fix Released Status in openssl source package in Kinetic: Fix Released Bug description: [Impact] Due to the case comparison differences in the Turkish locale, some routines in OpenSSL fail to recognize some algorithm names as valid, unexpectedly breaking crypto. [Test Plan] This bug is really easy to trigger: sudo locale-gen tr_TR.UTF-8 LANG=C curl https://ubuntu.com/ > /dev/null # This work LANG=tr_TF.UTF-8 curl https://ubuntu.com/ > /dev/null # This fails The error is curl: (35) error:0372:digital envelope routines::decode error [Where problems could occur] This patch set is relatively massive, and can cause regressions, as illustrated by the patch #5 which fixes one such regression. Those regressions would likely show up as either libssl crashes, in case of uninitialized objects, or as algorithm selection failures if somehow the case comparison is buggy. [Other Info] The fix has already been released upstream as part of their 3.0.3 release. [Original report] I noticed this when I checked "ua status". It alerted me that I should check my openssl configuration. "ua status Failed to access URL: https://contracts.canonical.com/v1/resources?architecture=amd64=5.15.0-25-generic=jammy Cannot verify certificate of server Please check your openssl configuration." I also figured wget doesn't work with https:// URLs at all. On web I found: https://github.com/openssl/openssl/issues/18039 So I changed locale to C_UTF-8 #locale LANG=tr_TR.UTF-8 LANGUAGE= LC_CTYPE="tr_TR.UTF-8" LC_NUMERIC=tr_TR.UTF-8 LC_TIME=tr_TR.UTF-8 LC_COLLATE="tr_TR.UTF-8" LC_MONETARY=tr_TR.UTF-8 LC_MESSAGES="tr_TR.UTF-8" LC_PAPER=tr_TR.UTF-8 LC_NAME=tr_TR.UTF-8 LC_ADDRESS=tr_TR.UTF-8 LC_TELEPHONE=tr_TR.UTF-8 LC_MEASUREMENT=tr_TR.UTF-8 LC_IDENTIFICATION=tr_TR.UTF-8 LC_ALL= casaba@ship-macbook:/backups$ sudo locale-gen c ca_AD ca_ES.UTF-8 ca_IT ckb_IQ cs_CZ cy_GB.UTF-8 ca_AD.UTF-8 ca_ES@valencia ca_IT.UTF-8 cmn_TW cs_CZ.UTF-8 ca_ES ca_FR ce_RU crh_UA cv_RU ca_ES@euro ca_FR.UTF-8 chr_US csb_PL cy_GB casaba@ship-macbook:/backups$ sudo locale-gen C.UTF-8 Generating locales (this might take a while)... C.UTF-8... done Generation complete. casaba@ship-macbook:/backups$ update-locale LANG=C.UTF8 casaba@ship-macbook:/backups$ sudo update-locale LANG=C.UTF8 Now the result is (after logout/login) ua status SERVICE ENTITLED STATUS DESCRIPTION cc-eal yes n/a Common Criteria EAL2 Provisioning Packages cis yes n/a Security compliance and audit tools esm-infra yes n/a UA Infra: Extended Security Maintenance (ESM) fips yes n/a NIST-certified core packages fips-updates yes n/a NIST-certified core packages with priority security updates livepatch yes n/a Canonical Livepatch service Enable services with: ua enable Account: il...@fastmail.fm Subscription: il...@fastmail.fm If Ubuntu 22 ships with current configuration, entire TR will suffer considering you can't find http:// downloads anymore. ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: openssl 3.0.2-0ubuntu1 ProcVersionSignature: Ubuntu 5.15.0-25.25-generic 5.15.30 Uname: Linux 5.15.0-25-generic x86_64 ApportVersion: 2.20.11-0ubuntu82 Architecture: amd64 CasperMD5CheckResult: unknown Date: Thu Apr 14 10:21:09 2022 InstallationDate: Installed on 2021-12-29 (105 days ago) InstallationMedia: Lubuntu 20.04.3 LTS "Focal Fossa" - Release amd64 (20210819) SourcePackage: openssl UpgradeStatus: Upgraded to jammy on 2022-04-09 (4 days ago) mtime.conffile..etc.ssl.openssl.cnf: 2022-04-10T13:11:20.222505 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1968997/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1968997] Re: openssl has catastrophic issues when locale set to TR_UTF8
This bug was fixed in the package openssl - 3.0.2-0ubuntu1.2 --- openssl (3.0.2-0ubuntu1.2) jammy; urgency=medium * d/p/lp1968997/*: cherry-pick a patchset to fix issues with the Turkish locale (LP: #1968997) -- Simon Chopin Thu, 05 May 2022 10:04:52 +0200 ** Changed in: openssl (Ubuntu Jammy) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1968997 Title: openssl has catastrophic issues when locale set to TR_UTF8 Status in openssl package in Ubuntu: Fix Committed Status in openssl source package in Jammy: Fix Released Status in openssl source package in Kinetic: Fix Committed Bug description: [Impact] Due to the case comparison differences in the Turkish locale, some routines in OpenSSL fail to recognize some algorithm names as valid, unexpectedly breaking crypto. [Test Plan] This bug is really easy to trigger: sudo locale-gen tr_TR.UTF-8 LANG=C curl https://ubuntu.com/ > /dev/null # This work LANG=tr_TF.UTF-8 curl https://ubuntu.com/ > /dev/null # This fails The error is curl: (35) error:0372:digital envelope routines::decode error [Where problems could occur] This patch set is relatively massive, and can cause regressions, as illustrated by the patch #5 which fixes one such regression. Those regressions would likely show up as either libssl crashes, in case of uninitialized objects, or as algorithm selection failures if somehow the case comparison is buggy. [Other Info] The fix has already been released upstream as part of their 3.0.3 release. [Original report] I noticed this when I checked "ua status". It alerted me that I should check my openssl configuration. "ua status Failed to access URL: https://contracts.canonical.com/v1/resources?architecture=amd64=5.15.0-25-generic=jammy Cannot verify certificate of server Please check your openssl configuration." I also figured wget doesn't work with https:// URLs at all. On web I found: https://github.com/openssl/openssl/issues/18039 So I changed locale to C_UTF-8 #locale LANG=tr_TR.UTF-8 LANGUAGE= LC_CTYPE="tr_TR.UTF-8" LC_NUMERIC=tr_TR.UTF-8 LC_TIME=tr_TR.UTF-8 LC_COLLATE="tr_TR.UTF-8" LC_MONETARY=tr_TR.UTF-8 LC_MESSAGES="tr_TR.UTF-8" LC_PAPER=tr_TR.UTF-8 LC_NAME=tr_TR.UTF-8 LC_ADDRESS=tr_TR.UTF-8 LC_TELEPHONE=tr_TR.UTF-8 LC_MEASUREMENT=tr_TR.UTF-8 LC_IDENTIFICATION=tr_TR.UTF-8 LC_ALL= casaba@ship-macbook:/backups$ sudo locale-gen c ca_AD ca_ES.UTF-8 ca_IT ckb_IQ cs_CZ cy_GB.UTF-8 ca_AD.UTF-8 ca_ES@valencia ca_IT.UTF-8 cmn_TW cs_CZ.UTF-8 ca_ES ca_FR ce_RU crh_UA cv_RU ca_ES@euro ca_FR.UTF-8 chr_US csb_PL cy_GB casaba@ship-macbook:/backups$ sudo locale-gen C.UTF-8 Generating locales (this might take a while)... C.UTF-8... done Generation complete. casaba@ship-macbook:/backups$ update-locale LANG=C.UTF8 casaba@ship-macbook:/backups$ sudo update-locale LANG=C.UTF8 Now the result is (after logout/login) ua status SERVICE ENTITLED STATUS DESCRIPTION cc-eal yes n/a Common Criteria EAL2 Provisioning Packages cis yes n/a Security compliance and audit tools esm-infra yes n/a UA Infra: Extended Security Maintenance (ESM) fips yes n/a NIST-certified core packages fips-updates yes n/a NIST-certified core packages with priority security updates livepatch yes n/a Canonical Livepatch service Enable services with: ua enable Account: il...@fastmail.fm Subscription: il...@fastmail.fm If Ubuntu 22 ships with current configuration, entire TR will suffer considering you can't find http:// downloads anymore. ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: openssl 3.0.2-0ubuntu1 ProcVersionSignature: Ubuntu 5.15.0-25.25-generic 5.15.30 Uname: Linux 5.15.0-25-generic x86_64 ApportVersion: 2.20.11-0ubuntu82 Architecture: amd64 CasperMD5CheckResult: unknown Date: Thu Apr 14 10:21:09 2022 InstallationDate: Installed on 2021-12-29 (105 days ago) InstallationMedia: Lubuntu 20.04.3 LTS "Focal Fossa" - Release amd64 (20210819) SourcePackage: openssl UpgradeStatus: Upgraded to jammy on 2022-04-09 (4 days ago) mtime.conffile..etc.ssl.openssl.cnf: 2022-04-10T13:11:20.222505 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1968997/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1968997] Re: openssl has catastrophic issues when locale set to TR_UTF8
** Tags added: verification-done -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1968997 Title: openssl has catastrophic issues when locale set to TR_UTF8 Status in openssl package in Ubuntu: Fix Committed Status in openssl source package in Jammy: Fix Committed Status in openssl source package in Kinetic: Fix Committed Bug description: [Impact] Due to the case comparison differences in the Turkish locale, some routines in OpenSSL fail to recognize some algorithm names as valid, unexpectedly breaking crypto. [Test Plan] This bug is really easy to trigger: sudo locale-gen tr_TR.UTF-8 LANG=C curl https://ubuntu.com/ > /dev/null # This work LANG=tr_TF.UTF-8 curl https://ubuntu.com/ > /dev/null # This fails The error is curl: (35) error:0372:digital envelope routines::decode error [Where problems could occur] This patch set is relatively massive, and can cause regressions, as illustrated by the patch #5 which fixes one such regression. Those regressions would likely show up as either libssl crashes, in case of uninitialized objects, or as algorithm selection failures if somehow the case comparison is buggy. [Other Info] The fix has already been released upstream as part of their 3.0.3 release. [Original report] I noticed this when I checked "ua status". It alerted me that I should check my openssl configuration. "ua status Failed to access URL: https://contracts.canonical.com/v1/resources?architecture=amd64=5.15.0-25-generic=jammy Cannot verify certificate of server Please check your openssl configuration." I also figured wget doesn't work with https:// URLs at all. On web I found: https://github.com/openssl/openssl/issues/18039 So I changed locale to C_UTF-8 #locale LANG=tr_TR.UTF-8 LANGUAGE= LC_CTYPE="tr_TR.UTF-8" LC_NUMERIC=tr_TR.UTF-8 LC_TIME=tr_TR.UTF-8 LC_COLLATE="tr_TR.UTF-8" LC_MONETARY=tr_TR.UTF-8 LC_MESSAGES="tr_TR.UTF-8" LC_PAPER=tr_TR.UTF-8 LC_NAME=tr_TR.UTF-8 LC_ADDRESS=tr_TR.UTF-8 LC_TELEPHONE=tr_TR.UTF-8 LC_MEASUREMENT=tr_TR.UTF-8 LC_IDENTIFICATION=tr_TR.UTF-8 LC_ALL= casaba@ship-macbook:/backups$ sudo locale-gen c ca_AD ca_ES.UTF-8 ca_IT ckb_IQ cs_CZ cy_GB.UTF-8 ca_AD.UTF-8 ca_ES@valencia ca_IT.UTF-8 cmn_TW cs_CZ.UTF-8 ca_ES ca_FR ce_RU crh_UA cv_RU ca_ES@euro ca_FR.UTF-8 chr_US csb_PL cy_GB casaba@ship-macbook:/backups$ sudo locale-gen C.UTF-8 Generating locales (this might take a while)... C.UTF-8... done Generation complete. casaba@ship-macbook:/backups$ update-locale LANG=C.UTF8 casaba@ship-macbook:/backups$ sudo update-locale LANG=C.UTF8 Now the result is (after logout/login) ua status SERVICE ENTITLED STATUS DESCRIPTION cc-eal yes n/a Common Criteria EAL2 Provisioning Packages cis yes n/a Security compliance and audit tools esm-infra yes n/a UA Infra: Extended Security Maintenance (ESM) fips yes n/a NIST-certified core packages fips-updates yes n/a NIST-certified core packages with priority security updates livepatch yes n/a Canonical Livepatch service Enable services with: ua enable Account: il...@fastmail.fm Subscription: il...@fastmail.fm If Ubuntu 22 ships with current configuration, entire TR will suffer considering you can't find http:// downloads anymore. ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: openssl 3.0.2-0ubuntu1 ProcVersionSignature: Ubuntu 5.15.0-25.25-generic 5.15.30 Uname: Linux 5.15.0-25-generic x86_64 ApportVersion: 2.20.11-0ubuntu82 Architecture: amd64 CasperMD5CheckResult: unknown Date: Thu Apr 14 10:21:09 2022 InstallationDate: Installed on 2021-12-29 (105 days ago) InstallationMedia: Lubuntu 20.04.3 LTS "Focal Fossa" - Release amd64 (20210819) SourcePackage: openssl UpgradeStatus: Upgraded to jammy on 2022-04-09 (4 days ago) mtime.conffile..etc.ssl.openssl.cnf: 2022-04-10T13:11:20.222505 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1968997/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1968997] Re: openssl has catastrophic issues when locale set to TR_UTF8
** Tags removed: verification-needed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1968997 Title: openssl has catastrophic issues when locale set to TR_UTF8 Status in openssl package in Ubuntu: Fix Committed Status in openssl source package in Jammy: Fix Committed Status in openssl source package in Kinetic: Fix Committed Bug description: [Impact] Due to the case comparison differences in the Turkish locale, some routines in OpenSSL fail to recognize some algorithm names as valid, unexpectedly breaking crypto. [Test Plan] This bug is really easy to trigger: sudo locale-gen tr_TR.UTF-8 LANG=C curl https://ubuntu.com/ > /dev/null # This work LANG=tr_TF.UTF-8 curl https://ubuntu.com/ > /dev/null # This fails The error is curl: (35) error:0372:digital envelope routines::decode error [Where problems could occur] This patch set is relatively massive, and can cause regressions, as illustrated by the patch #5 which fixes one such regression. Those regressions would likely show up as either libssl crashes, in case of uninitialized objects, or as algorithm selection failures if somehow the case comparison is buggy. [Other Info] The fix has already been released upstream as part of their 3.0.3 release. [Original report] I noticed this when I checked "ua status". It alerted me that I should check my openssl configuration. "ua status Failed to access URL: https://contracts.canonical.com/v1/resources?architecture=amd64=5.15.0-25-generic=jammy Cannot verify certificate of server Please check your openssl configuration." I also figured wget doesn't work with https:// URLs at all. On web I found: https://github.com/openssl/openssl/issues/18039 So I changed locale to C_UTF-8 #locale LANG=tr_TR.UTF-8 LANGUAGE= LC_CTYPE="tr_TR.UTF-8" LC_NUMERIC=tr_TR.UTF-8 LC_TIME=tr_TR.UTF-8 LC_COLLATE="tr_TR.UTF-8" LC_MONETARY=tr_TR.UTF-8 LC_MESSAGES="tr_TR.UTF-8" LC_PAPER=tr_TR.UTF-8 LC_NAME=tr_TR.UTF-8 LC_ADDRESS=tr_TR.UTF-8 LC_TELEPHONE=tr_TR.UTF-8 LC_MEASUREMENT=tr_TR.UTF-8 LC_IDENTIFICATION=tr_TR.UTF-8 LC_ALL= casaba@ship-macbook:/backups$ sudo locale-gen c ca_AD ca_ES.UTF-8 ca_IT ckb_IQ cs_CZ cy_GB.UTF-8 ca_AD.UTF-8 ca_ES@valencia ca_IT.UTF-8 cmn_TW cs_CZ.UTF-8 ca_ES ca_FR ce_RU crh_UA cv_RU ca_ES@euro ca_FR.UTF-8 chr_US csb_PL cy_GB casaba@ship-macbook:/backups$ sudo locale-gen C.UTF-8 Generating locales (this might take a while)... C.UTF-8... done Generation complete. casaba@ship-macbook:/backups$ update-locale LANG=C.UTF8 casaba@ship-macbook:/backups$ sudo update-locale LANG=C.UTF8 Now the result is (after logout/login) ua status SERVICE ENTITLED STATUS DESCRIPTION cc-eal yes n/a Common Criteria EAL2 Provisioning Packages cis yes n/a Security compliance and audit tools esm-infra yes n/a UA Infra: Extended Security Maintenance (ESM) fips yes n/a NIST-certified core packages fips-updates yes n/a NIST-certified core packages with priority security updates livepatch yes n/a Canonical Livepatch service Enable services with: ua enable Account: il...@fastmail.fm Subscription: il...@fastmail.fm If Ubuntu 22 ships with current configuration, entire TR will suffer considering you can't find http:// downloads anymore. ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: openssl 3.0.2-0ubuntu1 ProcVersionSignature: Ubuntu 5.15.0-25.25-generic 5.15.30 Uname: Linux 5.15.0-25-generic x86_64 ApportVersion: 2.20.11-0ubuntu82 Architecture: amd64 CasperMD5CheckResult: unknown Date: Thu Apr 14 10:21:09 2022 InstallationDate: Installed on 2021-12-29 (105 days ago) InstallationMedia: Lubuntu 20.04.3 LTS "Focal Fossa" - Release amd64 (20210819) SourcePackage: openssl UpgradeStatus: Upgraded to jammy on 2022-04-09 (4 days ago) mtime.conffile..etc.ssl.openssl.cnf: 2022-04-10T13:11:20.222505 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1968997/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1968997] Re: openssl has catastrophic issues when locale set to TR_UTF8
I've been using 3.0.2-0ubuntu1.2 on jammy for a couple of days without any noticeable regression, and have confirmed that the bug has been fixed using the curl method outlined above. Marking as verified on jammy. ** Tags removed: verification-needed-jammy ** Tags added: verification-done-jammy -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1968997 Title: openssl has catastrophic issues when locale set to TR_UTF8 Status in openssl package in Ubuntu: Fix Committed Status in openssl source package in Jammy: Fix Committed Status in openssl source package in Kinetic: Fix Committed Bug description: [Impact] Due to the case comparison differences in the Turkish locale, some routines in OpenSSL fail to recognize some algorithm names as valid, unexpectedly breaking crypto. [Test Plan] This bug is really easy to trigger: sudo locale-gen tr_TR.UTF-8 LANG=C curl https://ubuntu.com/ > /dev/null # This work LANG=tr_TF.UTF-8 curl https://ubuntu.com/ > /dev/null # This fails The error is curl: (35) error:0372:digital envelope routines::decode error [Where problems could occur] This patch set is relatively massive, and can cause regressions, as illustrated by the patch #5 which fixes one such regression. Those regressions would likely show up as either libssl crashes, in case of uninitialized objects, or as algorithm selection failures if somehow the case comparison is buggy. [Other Info] The fix has already been released upstream as part of their 3.0.3 release. [Original report] I noticed this when I checked "ua status". It alerted me that I should check my openssl configuration. "ua status Failed to access URL: https://contracts.canonical.com/v1/resources?architecture=amd64=5.15.0-25-generic=jammy Cannot verify certificate of server Please check your openssl configuration." I also figured wget doesn't work with https:// URLs at all. On web I found: https://github.com/openssl/openssl/issues/18039 So I changed locale to C_UTF-8 #locale LANG=tr_TR.UTF-8 LANGUAGE= LC_CTYPE="tr_TR.UTF-8" LC_NUMERIC=tr_TR.UTF-8 LC_TIME=tr_TR.UTF-8 LC_COLLATE="tr_TR.UTF-8" LC_MONETARY=tr_TR.UTF-8 LC_MESSAGES="tr_TR.UTF-8" LC_PAPER=tr_TR.UTF-8 LC_NAME=tr_TR.UTF-8 LC_ADDRESS=tr_TR.UTF-8 LC_TELEPHONE=tr_TR.UTF-8 LC_MEASUREMENT=tr_TR.UTF-8 LC_IDENTIFICATION=tr_TR.UTF-8 LC_ALL= casaba@ship-macbook:/backups$ sudo locale-gen c ca_AD ca_ES.UTF-8 ca_IT ckb_IQ cs_CZ cy_GB.UTF-8 ca_AD.UTF-8 ca_ES@valencia ca_IT.UTF-8 cmn_TW cs_CZ.UTF-8 ca_ES ca_FR ce_RU crh_UA cv_RU ca_ES@euro ca_FR.UTF-8 chr_US csb_PL cy_GB casaba@ship-macbook:/backups$ sudo locale-gen C.UTF-8 Generating locales (this might take a while)... C.UTF-8... done Generation complete. casaba@ship-macbook:/backups$ update-locale LANG=C.UTF8 casaba@ship-macbook:/backups$ sudo update-locale LANG=C.UTF8 Now the result is (after logout/login) ua status SERVICE ENTITLED STATUS DESCRIPTION cc-eal yes n/a Common Criteria EAL2 Provisioning Packages cis yes n/a Security compliance and audit tools esm-infra yes n/a UA Infra: Extended Security Maintenance (ESM) fips yes n/a NIST-certified core packages fips-updates yes n/a NIST-certified core packages with priority security updates livepatch yes n/a Canonical Livepatch service Enable services with: ua enable Account: il...@fastmail.fm Subscription: il...@fastmail.fm If Ubuntu 22 ships with current configuration, entire TR will suffer considering you can't find http:// downloads anymore. ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: openssl 3.0.2-0ubuntu1 ProcVersionSignature: Ubuntu 5.15.0-25.25-generic 5.15.30 Uname: Linux 5.15.0-25-generic x86_64 ApportVersion: 2.20.11-0ubuntu82 Architecture: amd64 CasperMD5CheckResult: unknown Date: Thu Apr 14 10:21:09 2022 InstallationDate: Installed on 2021-12-29 (105 days ago) InstallationMedia: Lubuntu 20.04.3 LTS "Focal Fossa" - Release amd64 (20210819) SourcePackage: openssl UpgradeStatus: Upgraded to jammy on 2022-04-09 (4 days ago) mtime.conffile..etc.ssl.openssl.cnf: 2022-04-10T13:11:20.222505 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1968997/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1968997] Re: openssl has catastrophic issues when locale set to TR_UTF8
Good news, proposed patch fixed the issue. Fresh Kubuntu (Turkish) on a VM with proposed patches enabled. Original symptom isn't there # sudo ua status [sudo] ilgaz için parola: SERVICE AVAILABLE DESCRIPTION cc-eal no Common Criteria EAL2 Provisioning Packages cis no Security compliance and audit tools esm-infrayesUA Infra: Extended Security Maintenance (ESM) fips no NIST-certified core packages fips-updates no NIST-certified core packages with priority security updates livepatchyesCanonical Livepatch service This machine is not attached to a UA subscription. Additionally this works (another symptom, wget) # wget https://cdimage.ubuntu.com/kubuntu/releases/22.04/release/kubuntu-22.04-desktop-amd64.iso.torrent --2022-05-06 14:33:48-- https://cdimage.ubuntu.com/kubuntu/releases/22.04/release/kubuntu-22.04-desktop-amd64.iso.torrent cdimage.ubuntu.com (cdimage.ubuntu.com) çözümleniyor... 91.189.91.124, 91.189.91.123, 185.125.190.37, ... cdimage.ubuntu.com (cdimage.ubuntu.com)|91.189.91.124|:443 bağlanılıyor... bağlantı kuruldu. HTTP isteği gönderildi, cevap bekleniyor... 200 OK Uzunluk: 280634 (274K) [application/x-bittorrent] Kayıt yeri: ‘kubuntu-22.04-desktop-amd64.iso.torrent’ kubuntu-22.04-desktop-a 100%[===>] 274,06K 505KB/ssüre 0,5s 2022-05-06 14:33:49 (505 KB/s) - ‘kubuntu-22.04-desktop- amd64.iso.torrent’ kaydedildi [280634/280634] # apt info openssl Package: openssl Version: 3.0.2-0ubuntu1.2 Priority: important Section: utils Origin: Ubuntu -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1968997 Title: openssl has catastrophic issues when locale set to TR_UTF8 Status in openssl package in Ubuntu: Fix Committed Status in openssl source package in Jammy: Fix Committed Status in openssl source package in Kinetic: Fix Committed Bug description: [Impact] Due to the case comparison differences in the Turkish locale, some routines in OpenSSL fail to recognize some algorithm names as valid, unexpectedly breaking crypto. [Test Plan] This bug is really easy to trigger: sudo locale-gen tr_TR.UTF-8 LANG=C curl https://ubuntu.com/ > /dev/null # This work LANG=tr_TF.UTF-8 curl https://ubuntu.com/ > /dev/null # This fails The error is curl: (35) error:0372:digital envelope routines::decode error [Where problems could occur] This patch set is relatively massive, and can cause regressions, as illustrated by the patch #5 which fixes one such regression. Those regressions would likely show up as either libssl crashes, in case of uninitialized objects, or as algorithm selection failures if somehow the case comparison is buggy. [Other Info] The fix has already been released upstream as part of their 3.0.3 release. [Original report] I noticed this when I checked "ua status". It alerted me that I should check my openssl configuration. "ua status Failed to access URL: https://contracts.canonical.com/v1/resources?architecture=amd64=5.15.0-25-generic=jammy Cannot verify certificate of server Please check your openssl configuration." I also figured wget doesn't work with https:// URLs at all. On web I found: https://github.com/openssl/openssl/issues/18039 So I changed locale to C_UTF-8 #locale LANG=tr_TR.UTF-8 LANGUAGE= LC_CTYPE="tr_TR.UTF-8" LC_NUMERIC=tr_TR.UTF-8 LC_TIME=tr_TR.UTF-8 LC_COLLATE="tr_TR.UTF-8" LC_MONETARY=tr_TR.UTF-8 LC_MESSAGES="tr_TR.UTF-8" LC_PAPER=tr_TR.UTF-8 LC_NAME=tr_TR.UTF-8 LC_ADDRESS=tr_TR.UTF-8 LC_TELEPHONE=tr_TR.UTF-8 LC_MEASUREMENT=tr_TR.UTF-8 LC_IDENTIFICATION=tr_TR.UTF-8 LC_ALL= casaba@ship-macbook:/backups$ sudo locale-gen c ca_AD ca_ES.UTF-8 ca_IT ckb_IQ cs_CZ cy_GB.UTF-8 ca_AD.UTF-8 ca_ES@valencia ca_IT.UTF-8 cmn_TW cs_CZ.UTF-8 ca_ES ca_FR ce_RU crh_UA cv_RU ca_ES@euro ca_FR.UTF-8 chr_US csb_PL cy_GB casaba@ship-macbook:/backups$ sudo locale-gen C.UTF-8 Generating locales (this might take a while)... C.UTF-8... done Generation complete. casaba@ship-macbook:/backups$ update-locale LANG=C.UTF8 casaba@ship-macbook:/backups$ sudo update-locale LANG=C.UTF8 Now the result is (after logout/login) ua status SERVICE ENTITLED STATUS DESCRIPTION cc-eal yes n/a Common Criteria EAL2 Provisioning Packages cis yes n/a Security compliance and audit tools esm-infra yes n/a UA Infra: Extended Security Maintenance (ESM) fips yes n/a NIST-certified core packages fips-updates yes n/a NIST-certified core packages with priority security updates livepatch yes n/a Canonical Livepatch service Enable services with: ua enable Account: il...@fastmail.fm Subscription: il...@fastmail.fm If Ubuntu 22 ships with current configuration, entire TR will suffer
[Touch-packages] [Bug 1968997] Re: openssl has catastrophic issues when locale set to TR_UTF8
Hello Ilgaz, or anyone else affected, Accepted openssl into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/openssl/3.0.2-0ubuntu1.2 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-jammy. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: openssl (Ubuntu Jammy) Status: In Progress => Fix Committed ** Tags added: verification-needed verification-needed-jammy -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1968997 Title: openssl has catastrophic issues when locale set to TR_UTF8 Status in openssl package in Ubuntu: Fix Committed Status in openssl source package in Jammy: Fix Committed Status in openssl source package in Kinetic: Fix Committed Bug description: [Impact] Due to the case comparison differences in the Turkish locale, some routines in OpenSSL fail to recognize some algorithm names as valid, unexpectedly breaking crypto. [Test Plan] This bug is really easy to trigger: sudo locale-gen tr_TR.UTF-8 LANG=C curl https://ubuntu.com/ > /dev/null # This work LANG=tr_TF.UTF-8 curl https://ubuntu.com/ > /dev/null # This fails The error is curl: (35) error:0372:digital envelope routines::decode error [Where problems could occur] This patch set is relatively massive, and can cause regressions, as illustrated by the patch #5 which fixes one such regression. Those regressions would likely show up as either libssl crashes, in case of uninitialized objects, or as algorithm selection failures if somehow the case comparison is buggy. [Other Info] The fix has already been released upstream as part of their 3.0.3 release. [Original report] I noticed this when I checked "ua status". It alerted me that I should check my openssl configuration. "ua status Failed to access URL: https://contracts.canonical.com/v1/resources?architecture=amd64=5.15.0-25-generic=jammy Cannot verify certificate of server Please check your openssl configuration." I also figured wget doesn't work with https:// URLs at all. On web I found: https://github.com/openssl/openssl/issues/18039 So I changed locale to C_UTF-8 #locale LANG=tr_TR.UTF-8 LANGUAGE= LC_CTYPE="tr_TR.UTF-8" LC_NUMERIC=tr_TR.UTF-8 LC_TIME=tr_TR.UTF-8 LC_COLLATE="tr_TR.UTF-8" LC_MONETARY=tr_TR.UTF-8 LC_MESSAGES="tr_TR.UTF-8" LC_PAPER=tr_TR.UTF-8 LC_NAME=tr_TR.UTF-8 LC_ADDRESS=tr_TR.UTF-8 LC_TELEPHONE=tr_TR.UTF-8 LC_MEASUREMENT=tr_TR.UTF-8 LC_IDENTIFICATION=tr_TR.UTF-8 LC_ALL= casaba@ship-macbook:/backups$ sudo locale-gen c ca_AD ca_ES.UTF-8 ca_IT ckb_IQ cs_CZ cy_GB.UTF-8 ca_AD.UTF-8 ca_ES@valencia ca_IT.UTF-8 cmn_TW cs_CZ.UTF-8 ca_ES ca_FR ce_RU crh_UA cv_RU ca_ES@euro ca_FR.UTF-8 chr_US csb_PL cy_GB casaba@ship-macbook:/backups$ sudo locale-gen C.UTF-8 Generating locales (this might take a while)... C.UTF-8... done Generation complete. casaba@ship-macbook:/backups$ update-locale LANG=C.UTF8 casaba@ship-macbook:/backups$ sudo update-locale LANG=C.UTF8 Now the result is (after logout/login) ua status SERVICE ENTITLED STATUS DESCRIPTION cc-eal yes n/a Common Criteria EAL2 Provisioning Packages cis yes n/a Security compliance and audit tools esm-infra yes n/a UA Infra: Extended Security Maintenance (ESM) fips yes n/a NIST-certified core packages fips-updates yes n/a NIST-certified core packages with priority security updates livepatch yes n/a Canonical Livepatch service Enable services with: ua enable Account: il...@fastmail.fm Subscription: il...@fastmail.fm If Ubuntu 22 ships with current configuration, entire TR will suffer considering you can't find http:// downloads anymore. ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: openssl 3.0.2-0ubuntu1 ProcVersionSignature: Ubuntu 5.15.0-25.25-generic 5.15.30 Uname: Linux 5.15.0-25-generic
[Touch-packages] [Bug 1968997] Re: openssl has catastrophic issues when locale set to TR_UTF8
** Changed in: openssl (Ubuntu Kinetic) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1968997 Title: openssl has catastrophic issues when locale set to TR_UTF8 Status in openssl package in Ubuntu: Fix Committed Status in openssl source package in Jammy: In Progress Status in openssl source package in Kinetic: Fix Committed Bug description: [Impact] Due to the case comparison differences in the Turkish locale, some routines in OpenSSL fail to recognize some algorithm names as valid, unexpectedly breaking crypto. [Test Plan] This bug is really easy to trigger: sudo locale-gen tr_TR.UTF-8 LANG=C curl https://ubuntu.com/ > /dev/null # This work LANG=tr_TF.UTF-8 curl https://ubuntu.com/ > /dev/null # This fails The error is curl: (35) error:0372:digital envelope routines::decode error [Where problems could occur] This patch set is relatively massive, and can cause regressions, as illustrated by the patch #5 which fixes one such regression. Those regressions would likely show up as either libssl crashes, in case of uninitialized objects, or as algorithm selection failures if somehow the case comparison is buggy. [Other Info] The fix has already been released upstream as part of their 3.0.3 release. [Original report] I noticed this when I checked "ua status". It alerted me that I should check my openssl configuration. "ua status Failed to access URL: https://contracts.canonical.com/v1/resources?architecture=amd64=5.15.0-25-generic=jammy Cannot verify certificate of server Please check your openssl configuration." I also figured wget doesn't work with https:// URLs at all. On web I found: https://github.com/openssl/openssl/issues/18039 So I changed locale to C_UTF-8 #locale LANG=tr_TR.UTF-8 LANGUAGE= LC_CTYPE="tr_TR.UTF-8" LC_NUMERIC=tr_TR.UTF-8 LC_TIME=tr_TR.UTF-8 LC_COLLATE="tr_TR.UTF-8" LC_MONETARY=tr_TR.UTF-8 LC_MESSAGES="tr_TR.UTF-8" LC_PAPER=tr_TR.UTF-8 LC_NAME=tr_TR.UTF-8 LC_ADDRESS=tr_TR.UTF-8 LC_TELEPHONE=tr_TR.UTF-8 LC_MEASUREMENT=tr_TR.UTF-8 LC_IDENTIFICATION=tr_TR.UTF-8 LC_ALL= casaba@ship-macbook:/backups$ sudo locale-gen c ca_AD ca_ES.UTF-8 ca_IT ckb_IQ cs_CZ cy_GB.UTF-8 ca_AD.UTF-8 ca_ES@valencia ca_IT.UTF-8 cmn_TW cs_CZ.UTF-8 ca_ES ca_FR ce_RU crh_UA cv_RU ca_ES@euro ca_FR.UTF-8 chr_US csb_PL cy_GB casaba@ship-macbook:/backups$ sudo locale-gen C.UTF-8 Generating locales (this might take a while)... C.UTF-8... done Generation complete. casaba@ship-macbook:/backups$ update-locale LANG=C.UTF8 casaba@ship-macbook:/backups$ sudo update-locale LANG=C.UTF8 Now the result is (after logout/login) ua status SERVICE ENTITLED STATUS DESCRIPTION cc-eal yes n/a Common Criteria EAL2 Provisioning Packages cis yes n/a Security compliance and audit tools esm-infra yes n/a UA Infra: Extended Security Maintenance (ESM) fips yes n/a NIST-certified core packages fips-updates yes n/a NIST-certified core packages with priority security updates livepatch yes n/a Canonical Livepatch service Enable services with: ua enable Account: il...@fastmail.fm Subscription: il...@fastmail.fm If Ubuntu 22 ships with current configuration, entire TR will suffer considering you can't find http:// downloads anymore. ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: openssl 3.0.2-0ubuntu1 ProcVersionSignature: Ubuntu 5.15.0-25.25-generic 5.15.30 Uname: Linux 5.15.0-25-generic x86_64 ApportVersion: 2.20.11-0ubuntu82 Architecture: amd64 CasperMD5CheckResult: unknown Date: Thu Apr 14 10:21:09 2022 InstallationDate: Installed on 2021-12-29 (105 days ago) InstallationMedia: Lubuntu 20.04.3 LTS "Focal Fossa" - Release amd64 (20210819) SourcePackage: openssl UpgradeStatus: Upgraded to jammy on 2022-04-09 (4 days ago) mtime.conffile..etc.ssl.openssl.cnf: 2022-04-10T13:11:20.222505 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1968997/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1968997] Re: openssl has catastrophic issues when locale set to TR_UTF8
** Changed in: openssl (Ubuntu Jammy) Assignee: (unassigned) => Graham Inggs (ginggs) ** Changed in: openssl (Ubuntu Kinetic) Assignee: Simon Chopin (schopin) => Graham Inggs (ginggs) ** Changed in: openssl (Ubuntu Jammy) Status: Confirmed => In Progress ** Changed in: openssl (Ubuntu Kinetic) Status: Confirmed => In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1968997 Title: openssl has catastrophic issues when locale set to TR_UTF8 Status in openssl package in Ubuntu: In Progress Status in openssl source package in Jammy: In Progress Status in openssl source package in Kinetic: In Progress Bug description: [Impact] Due to the case comparison differences in the Turkish locale, some routines in OpenSSL fail to recognize some algorithm names as valid, unexpectedly breaking crypto. [Test Plan] This bug is really easy to trigger: sudo locale-gen tr_TR.UTF-8 LANG=C curl https://ubuntu.com/ > /dev/null # This work LANG=tr_TF.UTF-8 curl https://ubuntu.com/ > /dev/null # This fails The error is curl: (35) error:0372:digital envelope routines::decode error [Where problems could occur] This patch set is relatively massive, and can cause regressions, as illustrated by the patch #5 which fixes one such regression. Those regressions would likely show up as either libssl crashes, in case of uninitialized objects, or as algorithm selection failures if somehow the case comparison is buggy. [Other Info] The fix has already been released upstream as part of their 3.0.3 release. [Original report] I noticed this when I checked "ua status". It alerted me that I should check my openssl configuration. "ua status Failed to access URL: https://contracts.canonical.com/v1/resources?architecture=amd64=5.15.0-25-generic=jammy Cannot verify certificate of server Please check your openssl configuration." I also figured wget doesn't work with https:// URLs at all. On web I found: https://github.com/openssl/openssl/issues/18039 So I changed locale to C_UTF-8 #locale LANG=tr_TR.UTF-8 LANGUAGE= LC_CTYPE="tr_TR.UTF-8" LC_NUMERIC=tr_TR.UTF-8 LC_TIME=tr_TR.UTF-8 LC_COLLATE="tr_TR.UTF-8" LC_MONETARY=tr_TR.UTF-8 LC_MESSAGES="tr_TR.UTF-8" LC_PAPER=tr_TR.UTF-8 LC_NAME=tr_TR.UTF-8 LC_ADDRESS=tr_TR.UTF-8 LC_TELEPHONE=tr_TR.UTF-8 LC_MEASUREMENT=tr_TR.UTF-8 LC_IDENTIFICATION=tr_TR.UTF-8 LC_ALL= casaba@ship-macbook:/backups$ sudo locale-gen c ca_AD ca_ES.UTF-8 ca_IT ckb_IQ cs_CZ cy_GB.UTF-8 ca_AD.UTF-8 ca_ES@valencia ca_IT.UTF-8 cmn_TW cs_CZ.UTF-8 ca_ES ca_FR ce_RU crh_UA cv_RU ca_ES@euro ca_FR.UTF-8 chr_US csb_PL cy_GB casaba@ship-macbook:/backups$ sudo locale-gen C.UTF-8 Generating locales (this might take a while)... C.UTF-8... done Generation complete. casaba@ship-macbook:/backups$ update-locale LANG=C.UTF8 casaba@ship-macbook:/backups$ sudo update-locale LANG=C.UTF8 Now the result is (after logout/login) ua status SERVICE ENTITLED STATUS DESCRIPTION cc-eal yes n/a Common Criteria EAL2 Provisioning Packages cis yes n/a Security compliance and audit tools esm-infra yes n/a UA Infra: Extended Security Maintenance (ESM) fips yes n/a NIST-certified core packages fips-updates yes n/a NIST-certified core packages with priority security updates livepatch yes n/a Canonical Livepatch service Enable services with: ua enable Account: il...@fastmail.fm Subscription: il...@fastmail.fm If Ubuntu 22 ships with current configuration, entire TR will suffer considering you can't find http:// downloads anymore. ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: openssl 3.0.2-0ubuntu1 ProcVersionSignature: Ubuntu 5.15.0-25.25-generic 5.15.30 Uname: Linux 5.15.0-25-generic x86_64 ApportVersion: 2.20.11-0ubuntu82 Architecture: amd64 CasperMD5CheckResult: unknown Date: Thu Apr 14 10:21:09 2022 InstallationDate: Installed on 2021-12-29 (105 days ago) InstallationMedia: Lubuntu 20.04.3 LTS "Focal Fossa" - Release amd64 (20210819) SourcePackage: openssl UpgradeStatus: Upgraded to jammy on 2022-04-09 (4 days ago) mtime.conffile..etc.ssl.openssl.cnf: 2022-04-10T13:11:20.222505 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1968997/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1968997] Re: openssl has catastrophic issues when locale set to TR_UTF8
** Changed in: openssl (Ubuntu Jammy) Importance: Undecided => Critical ** Changed in: openssl (Ubuntu Jammy) Status: In Progress => Confirmed ** Changed in: openssl (Ubuntu Kinetic) Status: In Progress => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1968997 Title: openssl has catastrophic issues when locale set to TR_UTF8 Status in openssl package in Ubuntu: In Progress Status in openssl source package in Jammy: In Progress Status in openssl source package in Kinetic: In Progress Bug description: [Impact] Due to the case comparison differences in the Turkish locale, some routines in OpenSSL fail to recognize some algorithm names as valid, unexpectedly breaking crypto. [Test Plan] This bug is really easy to trigger: sudo locale-gen tr_TR.UTF-8 LANG=C curl https://ubuntu.com/ > /dev/null # This work LANG=tr_TF.UTF-8 curl https://ubuntu.com/ > /dev/null # This fails The error is curl: (35) error:0372:digital envelope routines::decode error [Where problems could occur] This patch set is relatively massive, and can cause regressions, as illustrated by the patch #5 which fixes one such regression. Those regressions would likely show up as either libssl crashes, in case of uninitialized objects, or as algorithm selection failures if somehow the case comparison is buggy. [Other Info] The fix has already been released upstream as part of their 3.0.3 release. [Original report] I noticed this when I checked "ua status". It alerted me that I should check my openssl configuration. "ua status Failed to access URL: https://contracts.canonical.com/v1/resources?architecture=amd64=5.15.0-25-generic=jammy Cannot verify certificate of server Please check your openssl configuration." I also figured wget doesn't work with https:// URLs at all. On web I found: https://github.com/openssl/openssl/issues/18039 So I changed locale to C_UTF-8 #locale LANG=tr_TR.UTF-8 LANGUAGE= LC_CTYPE="tr_TR.UTF-8" LC_NUMERIC=tr_TR.UTF-8 LC_TIME=tr_TR.UTF-8 LC_COLLATE="tr_TR.UTF-8" LC_MONETARY=tr_TR.UTF-8 LC_MESSAGES="tr_TR.UTF-8" LC_PAPER=tr_TR.UTF-8 LC_NAME=tr_TR.UTF-8 LC_ADDRESS=tr_TR.UTF-8 LC_TELEPHONE=tr_TR.UTF-8 LC_MEASUREMENT=tr_TR.UTF-8 LC_IDENTIFICATION=tr_TR.UTF-8 LC_ALL= casaba@ship-macbook:/backups$ sudo locale-gen c ca_AD ca_ES.UTF-8 ca_IT ckb_IQ cs_CZ cy_GB.UTF-8 ca_AD.UTF-8 ca_ES@valencia ca_IT.UTF-8 cmn_TW cs_CZ.UTF-8 ca_ES ca_FR ce_RU crh_UA cv_RU ca_ES@euro ca_FR.UTF-8 chr_US csb_PL cy_GB casaba@ship-macbook:/backups$ sudo locale-gen C.UTF-8 Generating locales (this might take a while)... C.UTF-8... done Generation complete. casaba@ship-macbook:/backups$ update-locale LANG=C.UTF8 casaba@ship-macbook:/backups$ sudo update-locale LANG=C.UTF8 Now the result is (after logout/login) ua status SERVICE ENTITLED STATUS DESCRIPTION cc-eal yes n/a Common Criteria EAL2 Provisioning Packages cis yes n/a Security compliance and audit tools esm-infra yes n/a UA Infra: Extended Security Maintenance (ESM) fips yes n/a NIST-certified core packages fips-updates yes n/a NIST-certified core packages with priority security updates livepatch yes n/a Canonical Livepatch service Enable services with: ua enable Account: il...@fastmail.fm Subscription: il...@fastmail.fm If Ubuntu 22 ships with current configuration, entire TR will suffer considering you can't find http:// downloads anymore. ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: openssl 3.0.2-0ubuntu1 ProcVersionSignature: Ubuntu 5.15.0-25.25-generic 5.15.30 Uname: Linux 5.15.0-25-generic x86_64 ApportVersion: 2.20.11-0ubuntu82 Architecture: amd64 CasperMD5CheckResult: unknown Date: Thu Apr 14 10:21:09 2022 InstallationDate: Installed on 2021-12-29 (105 days ago) InstallationMedia: Lubuntu 20.04.3 LTS "Focal Fossa" - Release amd64 (20210819) SourcePackage: openssl UpgradeStatus: Upgraded to jammy on 2022-04-09 (4 days ago) mtime.conffile..etc.ssl.openssl.cnf: 2022-04-10T13:11:20.222505 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1968997/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1968997] Re: openssl has catastrophic issues when locale set to TR_UTF8
** Patch added: "openssl.debdiff" https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1968997/+attachment/5586942/+files/openssl.debdiff -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1968997 Title: openssl has catastrophic issues when locale set to TR_UTF8 Status in openssl package in Ubuntu: In Progress Status in openssl source package in Jammy: In Progress Status in openssl source package in Kinetic: In Progress Bug description: [Impact] Due to the case comparison differences in the Turkish locale, some routines in OpenSSL fail to recognize some algorithm names as valid, unexpectedly breaking crypto. [Test Plan] This bug is really easy to trigger: sudo locale-gen tr_TR.UTF-8 LANG=C curl https://ubuntu.com/ > /dev/null # This work LANG=tr_TF.UTF-8 curl https://ubuntu.com/ > /dev/null # This fails The error is curl: (35) error:0372:digital envelope routines::decode error [Where problems could occur] This patch set is relatively massive, and can cause regressions, as illustrated by the patch #5 which fixes one such regression. Those regressions would likely show up as either libssl crashes, in case of uninitialized objects, or as algorithm selection failures if somehow the case comparison is buggy. [Other Info] The fix has already been released upstream as part of their 3.0.3 release. [Original report] I noticed this when I checked "ua status". It alerted me that I should check my openssl configuration. "ua status Failed to access URL: https://contracts.canonical.com/v1/resources?architecture=amd64=5.15.0-25-generic=jammy Cannot verify certificate of server Please check your openssl configuration." I also figured wget doesn't work with https:// URLs at all. On web I found: https://github.com/openssl/openssl/issues/18039 So I changed locale to C_UTF-8 #locale LANG=tr_TR.UTF-8 LANGUAGE= LC_CTYPE="tr_TR.UTF-8" LC_NUMERIC=tr_TR.UTF-8 LC_TIME=tr_TR.UTF-8 LC_COLLATE="tr_TR.UTF-8" LC_MONETARY=tr_TR.UTF-8 LC_MESSAGES="tr_TR.UTF-8" LC_PAPER=tr_TR.UTF-8 LC_NAME=tr_TR.UTF-8 LC_ADDRESS=tr_TR.UTF-8 LC_TELEPHONE=tr_TR.UTF-8 LC_MEASUREMENT=tr_TR.UTF-8 LC_IDENTIFICATION=tr_TR.UTF-8 LC_ALL= casaba@ship-macbook:/backups$ sudo locale-gen c ca_AD ca_ES.UTF-8 ca_IT ckb_IQ cs_CZ cy_GB.UTF-8 ca_AD.UTF-8 ca_ES@valencia ca_IT.UTF-8 cmn_TW cs_CZ.UTF-8 ca_ES ca_FR ce_RU crh_UA cv_RU ca_ES@euro ca_FR.UTF-8 chr_US csb_PL cy_GB casaba@ship-macbook:/backups$ sudo locale-gen C.UTF-8 Generating locales (this might take a while)... C.UTF-8... done Generation complete. casaba@ship-macbook:/backups$ update-locale LANG=C.UTF8 casaba@ship-macbook:/backups$ sudo update-locale LANG=C.UTF8 Now the result is (after logout/login) ua status SERVICE ENTITLED STATUS DESCRIPTION cc-eal yes n/a Common Criteria EAL2 Provisioning Packages cis yes n/a Security compliance and audit tools esm-infra yes n/a UA Infra: Extended Security Maintenance (ESM) fips yes n/a NIST-certified core packages fips-updates yes n/a NIST-certified core packages with priority security updates livepatch yes n/a Canonical Livepatch service Enable services with: ua enable Account: il...@fastmail.fm Subscription: il...@fastmail.fm If Ubuntu 22 ships with current configuration, entire TR will suffer considering you can't find http:// downloads anymore. ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: openssl 3.0.2-0ubuntu1 ProcVersionSignature: Ubuntu 5.15.0-25.25-generic 5.15.30 Uname: Linux 5.15.0-25-generic x86_64 ApportVersion: 2.20.11-0ubuntu82 Architecture: amd64 CasperMD5CheckResult: unknown Date: Thu Apr 14 10:21:09 2022 InstallationDate: Installed on 2021-12-29 (105 days ago) InstallationMedia: Lubuntu 20.04.3 LTS "Focal Fossa" - Release amd64 (20210819) SourcePackage: openssl UpgradeStatus: Upgraded to jammy on 2022-04-09 (4 days ago) mtime.conffile..etc.ssl.openssl.cnf: 2022-04-10T13:11:20.222505 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1968997/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1968997] Re: openssl has catastrophic issues when locale set to TR_UTF8
Here's the debdiff for kinetic, which is the whole 3.0.3 upstream release. You'll find a build for it in my PPA: https://launchpad.net/~schopin/+archive/ubuntu/test- ppa/+sourcepub/13495883/+listing-archive-extra (just pop the extra changelog entry) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1968997 Title: openssl has catastrophic issues when locale set to TR_UTF8 Status in openssl package in Ubuntu: In Progress Status in openssl source package in Jammy: In Progress Status in openssl source package in Kinetic: In Progress Bug description: [Impact] Due to the case comparison differences in the Turkish locale, some routines in OpenSSL fail to recognize some algorithm names as valid, unexpectedly breaking crypto. [Test Plan] This bug is really easy to trigger: sudo locale-gen tr_TR.UTF-8 LANG=C curl https://ubuntu.com/ > /dev/null # This work LANG=tr_TF.UTF-8 curl https://ubuntu.com/ > /dev/null # This fails The error is curl: (35) error:0372:digital envelope routines::decode error [Where problems could occur] This patch set is relatively massive, and can cause regressions, as illustrated by the patch #5 which fixes one such regression. Those regressions would likely show up as either libssl crashes, in case of uninitialized objects, or as algorithm selection failures if somehow the case comparison is buggy. [Other Info] The fix has already been released upstream as part of their 3.0.3 release. [Original report] I noticed this when I checked "ua status". It alerted me that I should check my openssl configuration. "ua status Failed to access URL: https://contracts.canonical.com/v1/resources?architecture=amd64=5.15.0-25-generic=jammy Cannot verify certificate of server Please check your openssl configuration." I also figured wget doesn't work with https:// URLs at all. On web I found: https://github.com/openssl/openssl/issues/18039 So I changed locale to C_UTF-8 #locale LANG=tr_TR.UTF-8 LANGUAGE= LC_CTYPE="tr_TR.UTF-8" LC_NUMERIC=tr_TR.UTF-8 LC_TIME=tr_TR.UTF-8 LC_COLLATE="tr_TR.UTF-8" LC_MONETARY=tr_TR.UTF-8 LC_MESSAGES="tr_TR.UTF-8" LC_PAPER=tr_TR.UTF-8 LC_NAME=tr_TR.UTF-8 LC_ADDRESS=tr_TR.UTF-8 LC_TELEPHONE=tr_TR.UTF-8 LC_MEASUREMENT=tr_TR.UTF-8 LC_IDENTIFICATION=tr_TR.UTF-8 LC_ALL= casaba@ship-macbook:/backups$ sudo locale-gen c ca_AD ca_ES.UTF-8 ca_IT ckb_IQ cs_CZ cy_GB.UTF-8 ca_AD.UTF-8 ca_ES@valencia ca_IT.UTF-8 cmn_TW cs_CZ.UTF-8 ca_ES ca_FR ce_RU crh_UA cv_RU ca_ES@euro ca_FR.UTF-8 chr_US csb_PL cy_GB casaba@ship-macbook:/backups$ sudo locale-gen C.UTF-8 Generating locales (this might take a while)... C.UTF-8... done Generation complete. casaba@ship-macbook:/backups$ update-locale LANG=C.UTF8 casaba@ship-macbook:/backups$ sudo update-locale LANG=C.UTF8 Now the result is (after logout/login) ua status SERVICE ENTITLED STATUS DESCRIPTION cc-eal yes n/a Common Criteria EAL2 Provisioning Packages cis yes n/a Security compliance and audit tools esm-infra yes n/a UA Infra: Extended Security Maintenance (ESM) fips yes n/a NIST-certified core packages fips-updates yes n/a NIST-certified core packages with priority security updates livepatch yes n/a Canonical Livepatch service Enable services with: ua enable Account: il...@fastmail.fm Subscription: il...@fastmail.fm If Ubuntu 22 ships with current configuration, entire TR will suffer considering you can't find http:// downloads anymore. ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: openssl 3.0.2-0ubuntu1 ProcVersionSignature: Ubuntu 5.15.0-25.25-generic 5.15.30 Uname: Linux 5.15.0-25-generic x86_64 ApportVersion: 2.20.11-0ubuntu82 Architecture: amd64 CasperMD5CheckResult: unknown Date: Thu Apr 14 10:21:09 2022 InstallationDate: Installed on 2021-12-29 (105 days ago) InstallationMedia: Lubuntu 20.04.3 LTS "Focal Fossa" - Release amd64 (20210819) SourcePackage: openssl UpgradeStatus: Upgraded to jammy on 2022-04-09 (4 days ago) mtime.conffile..etc.ssl.openssl.cnf: 2022-04-10T13:11:20.222505 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1968997/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1968997] Re: openssl has catastrophic issues when locale set to TR_UTF8
Attached is the patch for the Jammy SRU ** Patch added: "openssl_jammy.debdiff" https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1968997/+attachment/5586889/+files/openssl_jammy.debdiff -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1968997 Title: openssl has catastrophic issues when locale set to TR_UTF8 Status in openssl package in Ubuntu: In Progress Status in openssl source package in Jammy: In Progress Status in openssl source package in Kinetic: In Progress Bug description: [Impact] Due to the case comparison differences in the Turkish locale, some routines in OpenSSL fail to recognize some algorithm names as valid, unexpectedly breaking crypto. [Test Plan] This bug is really easy to trigger: sudo locale-gen tr_TR.UTF-8 LANG=C curl https://ubuntu.com/ > /dev/null # This work LANG=tr_TF.UTF-8 curl https://ubuntu.com/ > /dev/null # This fails The error is curl: (35) error:0372:digital envelope routines::decode error [Where problems could occur] This patch set is relatively massive, and can cause regressions, as illustrated by the patch #5 which fixes one such regression. Those regressions would likely show up as either libssl crashes, in case of uninitialized objects, or as algorithm selection failures if somehow the case comparison is buggy. [Other Info] The fix has already been released upstream as part of their 3.0.3 release. [Original report] I noticed this when I checked "ua status". It alerted me that I should check my openssl configuration. "ua status Failed to access URL: https://contracts.canonical.com/v1/resources?architecture=amd64=5.15.0-25-generic=jammy Cannot verify certificate of server Please check your openssl configuration." I also figured wget doesn't work with https:// URLs at all. On web I found: https://github.com/openssl/openssl/issues/18039 So I changed locale to C_UTF-8 #locale LANG=tr_TR.UTF-8 LANGUAGE= LC_CTYPE="tr_TR.UTF-8" LC_NUMERIC=tr_TR.UTF-8 LC_TIME=tr_TR.UTF-8 LC_COLLATE="tr_TR.UTF-8" LC_MONETARY=tr_TR.UTF-8 LC_MESSAGES="tr_TR.UTF-8" LC_PAPER=tr_TR.UTF-8 LC_NAME=tr_TR.UTF-8 LC_ADDRESS=tr_TR.UTF-8 LC_TELEPHONE=tr_TR.UTF-8 LC_MEASUREMENT=tr_TR.UTF-8 LC_IDENTIFICATION=tr_TR.UTF-8 LC_ALL= casaba@ship-macbook:/backups$ sudo locale-gen c ca_AD ca_ES.UTF-8 ca_IT ckb_IQ cs_CZ cy_GB.UTF-8 ca_AD.UTF-8 ca_ES@valencia ca_IT.UTF-8 cmn_TW cs_CZ.UTF-8 ca_ES ca_FR ce_RU crh_UA cv_RU ca_ES@euro ca_FR.UTF-8 chr_US csb_PL cy_GB casaba@ship-macbook:/backups$ sudo locale-gen C.UTF-8 Generating locales (this might take a while)... C.UTF-8... done Generation complete. casaba@ship-macbook:/backups$ update-locale LANG=C.UTF8 casaba@ship-macbook:/backups$ sudo update-locale LANG=C.UTF8 Now the result is (after logout/login) ua status SERVICE ENTITLED STATUS DESCRIPTION cc-eal yes n/a Common Criteria EAL2 Provisioning Packages cis yes n/a Security compliance and audit tools esm-infra yes n/a UA Infra: Extended Security Maintenance (ESM) fips yes n/a NIST-certified core packages fips-updates yes n/a NIST-certified core packages with priority security updates livepatch yes n/a Canonical Livepatch service Enable services with: ua enable Account: il...@fastmail.fm Subscription: il...@fastmail.fm If Ubuntu 22 ships with current configuration, entire TR will suffer considering you can't find http:// downloads anymore. ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: openssl 3.0.2-0ubuntu1 ProcVersionSignature: Ubuntu 5.15.0-25.25-generic 5.15.30 Uname: Linux 5.15.0-25-generic x86_64 ApportVersion: 2.20.11-0ubuntu82 Architecture: amd64 CasperMD5CheckResult: unknown Date: Thu Apr 14 10:21:09 2022 InstallationDate: Installed on 2021-12-29 (105 days ago) InstallationMedia: Lubuntu 20.04.3 LTS "Focal Fossa" - Release amd64 (20210819) SourcePackage: openssl UpgradeStatus: Upgraded to jammy on 2022-04-09 (4 days ago) mtime.conffile..etc.ssl.openssl.cnf: 2022-04-10T13:11:20.222505 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1968997/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1968997] Re: openssl has catastrophic issues when locale set to TR_UTF8
** Changed in: openssl (Ubuntu Jammy) Status: New => Confirmed ** Changed in: openssl (Ubuntu Jammy) Status: Confirmed => In Progress ** Description changed: - I noticed this when I checked "ua status". It alerted me that I should - check my openssl configuration. + [Impact] + + Due to the case comparison differences in the Turkish locale, some routines in + OpenSSL fail to recognize some algorithm names as valid, unexpectedly breaking + crypto. + + [Test Plan] + + This bug is really easy to trigger: + + sudo locale-gen tr_TR.UTF-8 + LANG=C curl https://ubuntu.com/ > /dev/null # This work + LANG=tr_TF.UTF-8 curl https://ubuntu.com/ > /dev/null # This fails + + The error is curl: (35) error:0372:digital envelope routines::decode + error + + [Where problems could occur] + + This patch set is relatively massive, and can cause regressions, as illustrated + by the patch #5 which fixes one such regression. Those regressions would likely + show up as either libssl crashes, in case of uninitialized objects, or as + algorithm selection failures if somehow the case comparison is buggy. + + [Other Info] + + The fix has already been released upstream as part of their 3.0.3 release. + + [Original report] + I noticed this when I checked "ua status". It alerted me that I should check my openssl configuration. "ua status Failed to access URL: https://contracts.canonical.com/v1/resources?architecture=amd64=5.15.0-25-generic=jammy Cannot verify certificate of server Please check your openssl configuration." I also figured wget doesn't work with https:// URLs at all. On web I found: https://github.com/openssl/openssl/issues/18039 So I changed locale to C_UTF-8 #locale LANG=tr_TR.UTF-8 LANGUAGE= LC_CTYPE="tr_TR.UTF-8" LC_NUMERIC=tr_TR.UTF-8 LC_TIME=tr_TR.UTF-8 LC_COLLATE="tr_TR.UTF-8" LC_MONETARY=tr_TR.UTF-8 LC_MESSAGES="tr_TR.UTF-8" LC_PAPER=tr_TR.UTF-8 LC_NAME=tr_TR.UTF-8 LC_ADDRESS=tr_TR.UTF-8 LC_TELEPHONE=tr_TR.UTF-8 LC_MEASUREMENT=tr_TR.UTF-8 LC_IDENTIFICATION=tr_TR.UTF-8 LC_ALL= casaba@ship-macbook:/backups$ sudo locale-gen c - ca_AD ca_ES.UTF-8 ca_IT ckb_IQ cs_CZ cy_GB.UTF-8 - ca_AD.UTF-8 ca_ES@valencia ca_IT.UTF-8 cmn_TW cs_CZ.UTF-8 - ca_ES ca_FR ce_RU crh_UA cv_RU - ca_ES@euro ca_FR.UTF-8 chr_US csb_PL cy_GB - casaba@ship-macbook:/backups$ sudo locale-gen C.UTF-8 + ca_AD ca_ES.UTF-8 ca_IT ckb_IQ cs_CZ cy_GB.UTF-8 + ca_AD.UTF-8 ca_ES@valencia ca_IT.UTF-8 cmn_TW cs_CZ.UTF-8 + ca_ES ca_FR ce_RU crh_UA cv_RU + ca_ES@euro ca_FR.UTF-8 chr_US csb_PL cy_GB + casaba@ship-macbook:/backups$ sudo locale-gen C.UTF-8 Generating locales (this might take a while)... C.UTF-8... done Generation complete. casaba@ship-macbook:/backups$ update-locale LANG=C.UTF8 casaba@ship-macbook:/backups$ sudo update-locale LANG=C.UTF8 Now the result is (after logout/login) ua status - SERVICE ENTITLED STATUSDESCRIPTION - cc-ealyes n/a Common Criteria EAL2 Provisioning Packages - cis yes n/a Security compliance and audit tools - esm-infra yes n/a UA Infra: Extended Security Maintenance (ESM) - fips yes n/a NIST-certified core packages - fips-updates yes n/a NIST-certified core packages with priority security updates - livepatch yes n/a Canonical Livepatch service + SERVICE ENTITLED STATUS DESCRIPTION + cc-eal yes n/a Common Criteria EAL2 Provisioning Packages + cis yes n/a Security compliance and audit tools + esm-infra yes n/a UA Infra: Extended Security Maintenance (ESM) + fips yes n/a NIST-certified core packages + fips-updates yes n/a NIST-certified core packages with priority security updates + livepatch yes n/a Canonical Livepatch service Enable services with: ua enable Account: il...@fastmail.fm Subscription: il...@fastmail.fm If Ubuntu 22 ships with current configuration, entire TR will suffer considering you can't find http:// downloads anymore. ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: openssl 3.0.2-0ubuntu1 ProcVersionSignature: Ubuntu 5.15.0-25.25-generic 5.15.30 Uname: Linux 5.15.0-25-generic x86_64 ApportVersion: 2.20.11-0ubuntu82 Architecture: amd64 CasperMD5CheckResult: unknown Date: Thu Apr 14 10:21:09 2022 InstallationDate: Installed on 2021-12-29 (105 days ago) InstallationMedia: Lubuntu 20.04.3 LTS "Focal Fossa" - Release amd64 (20210819) SourcePackage: openssl UpgradeStatus: Upgraded to jammy on 2022-04-09 (4 days ago) mtime.conffile..etc.ssl.openssl.cnf: 2022-04-10T13:11:20.222505 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1968997 Title:
[Touch-packages] [Bug 1968997] Re: openssl has catastrophic issues when locale set to TR_UTF8
** Also affects: openssl (Ubuntu Kinetic) Importance: Critical Assignee: Simon Chopin (schopin) Status: In Progress ** Also affects: openssl (Ubuntu Jammy) Importance: Undecided Status: New ** Tags removed: rls-jj-incoming -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1968997 Title: openssl has catastrophic issues when locale set to TR_UTF8 Status in openssl package in Ubuntu: In Progress Status in openssl source package in Jammy: New Status in openssl source package in Kinetic: In Progress Bug description: I noticed this when I checked "ua status". It alerted me that I should check my openssl configuration. "ua status Failed to access URL: https://contracts.canonical.com/v1/resources?architecture=amd64=5.15.0-25-generic=jammy Cannot verify certificate of server Please check your openssl configuration." I also figured wget doesn't work with https:// URLs at all. On web I found: https://github.com/openssl/openssl/issues/18039 So I changed locale to C_UTF-8 #locale LANG=tr_TR.UTF-8 LANGUAGE= LC_CTYPE="tr_TR.UTF-8" LC_NUMERIC=tr_TR.UTF-8 LC_TIME=tr_TR.UTF-8 LC_COLLATE="tr_TR.UTF-8" LC_MONETARY=tr_TR.UTF-8 LC_MESSAGES="tr_TR.UTF-8" LC_PAPER=tr_TR.UTF-8 LC_NAME=tr_TR.UTF-8 LC_ADDRESS=tr_TR.UTF-8 LC_TELEPHONE=tr_TR.UTF-8 LC_MEASUREMENT=tr_TR.UTF-8 LC_IDENTIFICATION=tr_TR.UTF-8 LC_ALL= casaba@ship-macbook:/backups$ sudo locale-gen c ca_AD ca_ES.UTF-8 ca_IT ckb_IQ cs_CZ cy_GB.UTF-8 ca_AD.UTF-8 ca_ES@valencia ca_IT.UTF-8 cmn_TW cs_CZ.UTF-8 ca_ES ca_FR ce_RU crh_UA cv_RU ca_ES@euro ca_FR.UTF-8 chr_US csb_PL cy_GB casaba@ship-macbook:/backups$ sudo locale-gen C.UTF-8 Generating locales (this might take a while)... C.UTF-8... done Generation complete. casaba@ship-macbook:/backups$ update-locale LANG=C.UTF8 casaba@ship-macbook:/backups$ sudo update-locale LANG=C.UTF8 Now the result is (after logout/login) ua status SERVICE ENTITLED STATUSDESCRIPTION cc-ealyes n/a Common Criteria EAL2 Provisioning Packages cis yes n/a Security compliance and audit tools esm-infra yes n/a UA Infra: Extended Security Maintenance (ESM) fips yes n/a NIST-certified core packages fips-updates yes n/a NIST-certified core packages with priority security updates livepatch yes n/a Canonical Livepatch service Enable services with: ua enable Account: il...@fastmail.fm Subscription: il...@fastmail.fm If Ubuntu 22 ships with current configuration, entire TR will suffer considering you can't find http:// downloads anymore. ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: openssl 3.0.2-0ubuntu1 ProcVersionSignature: Ubuntu 5.15.0-25.25-generic 5.15.30 Uname: Linux 5.15.0-25-generic x86_64 ApportVersion: 2.20.11-0ubuntu82 Architecture: amd64 CasperMD5CheckResult: unknown Date: Thu Apr 14 10:21:09 2022 InstallationDate: Installed on 2021-12-29 (105 days ago) InstallationMedia: Lubuntu 20.04.3 LTS "Focal Fossa" - Release amd64 (20210819) SourcePackage: openssl UpgradeStatus: Upgraded to jammy on 2022-04-09 (4 days ago) mtime.conffile..etc.ssl.openssl.cnf: 2022-04-10T13:11:20.222505 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1968997/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1968997] Re: openssl has catastrophic issues when locale set to TR_UTF8
Moving back to In Progress and assigning to me, as there is now an upstream fix that has been merged in their 3.0 branch: https://github.com/openssl/openssl/pull/18103 (patches applied manually, hence the wrong status of the PR) (note that the patch caused a regression on their master branch, but apparently *not* on the 3.0 branch) I'll prepare an SRU for it ASAP. ** Changed in: openssl (Ubuntu) Status: Fix Committed => In Progress ** Changed in: openssl (Ubuntu) Assignee: Steve Langasek (vorlon) => Simon Chopin (schopin) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1968997 Title: openssl has catastrophic issues when locale set to TR_UTF8 Status in openssl package in Ubuntu: In Progress Bug description: I noticed this when I checked "ua status". It alerted me that I should check my openssl configuration. "ua status Failed to access URL: https://contracts.canonical.com/v1/resources?architecture=amd64=5.15.0-25-generic=jammy Cannot verify certificate of server Please check your openssl configuration." I also figured wget doesn't work with https:// URLs at all. On web I found: https://github.com/openssl/openssl/issues/18039 So I changed locale to C_UTF-8 #locale LANG=tr_TR.UTF-8 LANGUAGE= LC_CTYPE="tr_TR.UTF-8" LC_NUMERIC=tr_TR.UTF-8 LC_TIME=tr_TR.UTF-8 LC_COLLATE="tr_TR.UTF-8" LC_MONETARY=tr_TR.UTF-8 LC_MESSAGES="tr_TR.UTF-8" LC_PAPER=tr_TR.UTF-8 LC_NAME=tr_TR.UTF-8 LC_ADDRESS=tr_TR.UTF-8 LC_TELEPHONE=tr_TR.UTF-8 LC_MEASUREMENT=tr_TR.UTF-8 LC_IDENTIFICATION=tr_TR.UTF-8 LC_ALL= casaba@ship-macbook:/backups$ sudo locale-gen c ca_AD ca_ES.UTF-8 ca_IT ckb_IQ cs_CZ cy_GB.UTF-8 ca_AD.UTF-8 ca_ES@valencia ca_IT.UTF-8 cmn_TW cs_CZ.UTF-8 ca_ES ca_FR ce_RU crh_UA cv_RU ca_ES@euro ca_FR.UTF-8 chr_US csb_PL cy_GB casaba@ship-macbook:/backups$ sudo locale-gen C.UTF-8 Generating locales (this might take a while)... C.UTF-8... done Generation complete. casaba@ship-macbook:/backups$ update-locale LANG=C.UTF8 casaba@ship-macbook:/backups$ sudo update-locale LANG=C.UTF8 Now the result is (after logout/login) ua status SERVICE ENTITLED STATUSDESCRIPTION cc-ealyes n/a Common Criteria EAL2 Provisioning Packages cis yes n/a Security compliance and audit tools esm-infra yes n/a UA Infra: Extended Security Maintenance (ESM) fips yes n/a NIST-certified core packages fips-updates yes n/a NIST-certified core packages with priority security updates livepatch yes n/a Canonical Livepatch service Enable services with: ua enable Account: il...@fastmail.fm Subscription: il...@fastmail.fm If Ubuntu 22 ships with current configuration, entire TR will suffer considering you can't find http:// downloads anymore. ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: openssl 3.0.2-0ubuntu1 ProcVersionSignature: Ubuntu 5.15.0-25.25-generic 5.15.30 Uname: Linux 5.15.0-25-generic x86_64 ApportVersion: 2.20.11-0ubuntu82 Architecture: amd64 CasperMD5CheckResult: unknown Date: Thu Apr 14 10:21:09 2022 InstallationDate: Installed on 2021-12-29 (105 days ago) InstallationMedia: Lubuntu 20.04.3 LTS "Focal Fossa" - Release amd64 (20210819) SourcePackage: openssl UpgradeStatus: Upgraded to jammy on 2022-04-09 (4 days ago) mtime.conffile..etc.ssl.openssl.cnf: 2022-04-10T13:11:20.222505 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1968997/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1968997] Re: openssl has catastrophic issues when locale set to TR_UTF8
Note that because these locale objects are declared 'static', they don't go out of scope until the library is unloaded. So the only way this results in a memory leak is if a process is opening libssl via dlopen, then unloading it, then loading it again. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1968997 Title: openssl has catastrophic issues when locale set to TR_UTF8 Status in openssl package in Ubuntu: Fix Committed Bug description: I noticed this when I checked "ua status". It alerted me that I should check my openssl configuration. "ua status Failed to access URL: https://contracts.canonical.com/v1/resources?architecture=amd64=5.15.0-25-generic=jammy Cannot verify certificate of server Please check your openssl configuration." I also figured wget doesn't work with https:// URLs at all. On web I found: https://github.com/openssl/openssl/issues/18039 So I changed locale to C_UTF-8 #locale LANG=tr_TR.UTF-8 LANGUAGE= LC_CTYPE="tr_TR.UTF-8" LC_NUMERIC=tr_TR.UTF-8 LC_TIME=tr_TR.UTF-8 LC_COLLATE="tr_TR.UTF-8" LC_MONETARY=tr_TR.UTF-8 LC_MESSAGES="tr_TR.UTF-8" LC_PAPER=tr_TR.UTF-8 LC_NAME=tr_TR.UTF-8 LC_ADDRESS=tr_TR.UTF-8 LC_TELEPHONE=tr_TR.UTF-8 LC_MEASUREMENT=tr_TR.UTF-8 LC_IDENTIFICATION=tr_TR.UTF-8 LC_ALL= casaba@ship-macbook:/backups$ sudo locale-gen c ca_AD ca_ES.UTF-8 ca_IT ckb_IQ cs_CZ cy_GB.UTF-8 ca_AD.UTF-8 ca_ES@valencia ca_IT.UTF-8 cmn_TW cs_CZ.UTF-8 ca_ES ca_FR ce_RU crh_UA cv_RU ca_ES@euro ca_FR.UTF-8 chr_US csb_PL cy_GB casaba@ship-macbook:/backups$ sudo locale-gen C.UTF-8 Generating locales (this might take a while)... C.UTF-8... done Generation complete. casaba@ship-macbook:/backups$ update-locale LANG=C.UTF8 casaba@ship-macbook:/backups$ sudo update-locale LANG=C.UTF8 Now the result is (after logout/login) ua status SERVICE ENTITLED STATUSDESCRIPTION cc-ealyes n/a Common Criteria EAL2 Provisioning Packages cis yes n/a Security compliance and audit tools esm-infra yes n/a UA Infra: Extended Security Maintenance (ESM) fips yes n/a NIST-certified core packages fips-updates yes n/a NIST-certified core packages with priority security updates livepatch yes n/a Canonical Livepatch service Enable services with: ua enable Account: il...@fastmail.fm Subscription: il...@fastmail.fm If Ubuntu 22 ships with current configuration, entire TR will suffer considering you can't find http:// downloads anymore. ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: openssl 3.0.2-0ubuntu1 ProcVersionSignature: Ubuntu 5.15.0-25.25-generic 5.15.30 Uname: Linux 5.15.0-25-generic x86_64 ApportVersion: 2.20.11-0ubuntu82 Architecture: amd64 CasperMD5CheckResult: unknown Date: Thu Apr 14 10:21:09 2022 InstallationDate: Installed on 2021-12-29 (105 days ago) InstallationMedia: Lubuntu 20.04.3 LTS "Focal Fossa" - Release amd64 (20210819) SourcePackage: openssl UpgradeStatus: Upgraded to jammy on 2022-04-09 (4 days ago) mtime.conffile..etc.ssl.openssl.cnf: 2022-04-10T13:11:20.222505 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1968997/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1968997] Re: openssl has catastrophic issues when locale set to TR_UTF8
Upstream did a review of these changes and I think they have some valid points: https://github.com/openssl/openssl/pull/18115#issuecomment-1099784064 I'm also worried that the newlocale() calls have no corresponding freelocale() counterparts. I think this needs a bit more tinkering before we proceed - in lieu of these uncertainties, I'll reject if from the queue. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1968997 Title: openssl has catastrophic issues when locale set to TR_UTF8 Status in openssl package in Ubuntu: Fix Committed Bug description: I noticed this when I checked "ua status". It alerted me that I should check my openssl configuration. "ua status Failed to access URL: https://contracts.canonical.com/v1/resources?architecture=amd64=5.15.0-25-generic=jammy Cannot verify certificate of server Please check your openssl configuration." I also figured wget doesn't work with https:// URLs at all. On web I found: https://github.com/openssl/openssl/issues/18039 So I changed locale to C_UTF-8 #locale LANG=tr_TR.UTF-8 LANGUAGE= LC_CTYPE="tr_TR.UTF-8" LC_NUMERIC=tr_TR.UTF-8 LC_TIME=tr_TR.UTF-8 LC_COLLATE="tr_TR.UTF-8" LC_MONETARY=tr_TR.UTF-8 LC_MESSAGES="tr_TR.UTF-8" LC_PAPER=tr_TR.UTF-8 LC_NAME=tr_TR.UTF-8 LC_ADDRESS=tr_TR.UTF-8 LC_TELEPHONE=tr_TR.UTF-8 LC_MEASUREMENT=tr_TR.UTF-8 LC_IDENTIFICATION=tr_TR.UTF-8 LC_ALL= casaba@ship-macbook:/backups$ sudo locale-gen c ca_AD ca_ES.UTF-8 ca_IT ckb_IQ cs_CZ cy_GB.UTF-8 ca_AD.UTF-8 ca_ES@valencia ca_IT.UTF-8 cmn_TW cs_CZ.UTF-8 ca_ES ca_FR ce_RU crh_UA cv_RU ca_ES@euro ca_FR.UTF-8 chr_US csb_PL cy_GB casaba@ship-macbook:/backups$ sudo locale-gen C.UTF-8 Generating locales (this might take a while)... C.UTF-8... done Generation complete. casaba@ship-macbook:/backups$ update-locale LANG=C.UTF8 casaba@ship-macbook:/backups$ sudo update-locale LANG=C.UTF8 Now the result is (after logout/login) ua status SERVICE ENTITLED STATUSDESCRIPTION cc-ealyes n/a Common Criteria EAL2 Provisioning Packages cis yes n/a Security compliance and audit tools esm-infra yes n/a UA Infra: Extended Security Maintenance (ESM) fips yes n/a NIST-certified core packages fips-updates yes n/a NIST-certified core packages with priority security updates livepatch yes n/a Canonical Livepatch service Enable services with: ua enable Account: il...@fastmail.fm Subscription: il...@fastmail.fm If Ubuntu 22 ships with current configuration, entire TR will suffer considering you can't find http:// downloads anymore. ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: openssl 3.0.2-0ubuntu1 ProcVersionSignature: Ubuntu 5.15.0-25.25-generic 5.15.30 Uname: Linux 5.15.0-25-generic x86_64 ApportVersion: 2.20.11-0ubuntu82 Architecture: amd64 CasperMD5CheckResult: unknown Date: Thu Apr 14 10:21:09 2022 InstallationDate: Installed on 2021-12-29 (105 days ago) InstallationMedia: Lubuntu 20.04.3 LTS "Focal Fossa" - Release amd64 (20210819) SourcePackage: openssl UpgradeStatus: Upgraded to jammy on 2022-04-09 (4 days ago) mtime.conffile..etc.ssl.openssl.cnf: 2022-04-10T13:11:20.222505 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1968997/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1968997] Re: openssl has catastrophic issues when locale set to TR_UTF8
I've uploaded a fix to the jammy unapproved queue, but it's a rather large patch and I think it should be reviewed by another member of the release team. ** Changed in: openssl (Ubuntu) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1968997 Title: openssl has catastrophic issues when locale set to TR_UTF8 Status in openssl package in Ubuntu: Fix Committed Bug description: I noticed this when I checked "ua status". It alerted me that I should check my openssl configuration. "ua status Failed to access URL: https://contracts.canonical.com/v1/resources?architecture=amd64=5.15.0-25-generic=jammy Cannot verify certificate of server Please check your openssl configuration." I also figured wget doesn't work with https:// URLs at all. On web I found: https://github.com/openssl/openssl/issues/18039 So I changed locale to C_UTF-8 #locale LANG=tr_TR.UTF-8 LANGUAGE= LC_CTYPE="tr_TR.UTF-8" LC_NUMERIC=tr_TR.UTF-8 LC_TIME=tr_TR.UTF-8 LC_COLLATE="tr_TR.UTF-8" LC_MONETARY=tr_TR.UTF-8 LC_MESSAGES="tr_TR.UTF-8" LC_PAPER=tr_TR.UTF-8 LC_NAME=tr_TR.UTF-8 LC_ADDRESS=tr_TR.UTF-8 LC_TELEPHONE=tr_TR.UTF-8 LC_MEASUREMENT=tr_TR.UTF-8 LC_IDENTIFICATION=tr_TR.UTF-8 LC_ALL= casaba@ship-macbook:/backups$ sudo locale-gen c ca_AD ca_ES.UTF-8 ca_IT ckb_IQ cs_CZ cy_GB.UTF-8 ca_AD.UTF-8 ca_ES@valencia ca_IT.UTF-8 cmn_TW cs_CZ.UTF-8 ca_ES ca_FR ce_RU crh_UA cv_RU ca_ES@euro ca_FR.UTF-8 chr_US csb_PL cy_GB casaba@ship-macbook:/backups$ sudo locale-gen C.UTF-8 Generating locales (this might take a while)... C.UTF-8... done Generation complete. casaba@ship-macbook:/backups$ update-locale LANG=C.UTF8 casaba@ship-macbook:/backups$ sudo update-locale LANG=C.UTF8 Now the result is (after logout/login) ua status SERVICE ENTITLED STATUSDESCRIPTION cc-ealyes n/a Common Criteria EAL2 Provisioning Packages cis yes n/a Security compliance and audit tools esm-infra yes n/a UA Infra: Extended Security Maintenance (ESM) fips yes n/a NIST-certified core packages fips-updates yes n/a NIST-certified core packages with priority security updates livepatch yes n/a Canonical Livepatch service Enable services with: ua enable Account: il...@fastmail.fm Subscription: il...@fastmail.fm If Ubuntu 22 ships with current configuration, entire TR will suffer considering you can't find http:// downloads anymore. ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: openssl 3.0.2-0ubuntu1 ProcVersionSignature: Ubuntu 5.15.0-25.25-generic 5.15.30 Uname: Linux 5.15.0-25-generic x86_64 ApportVersion: 2.20.11-0ubuntu82 Architecture: amd64 CasperMD5CheckResult: unknown Date: Thu Apr 14 10:21:09 2022 InstallationDate: Installed on 2021-12-29 (105 days ago) InstallationMedia: Lubuntu 20.04.3 LTS "Focal Fossa" - Release amd64 (20210819) SourcePackage: openssl UpgradeStatus: Upgraded to jammy on 2022-04-09 (4 days ago) mtime.conffile..etc.ssl.openssl.cnf: 2022-04-10T13:11:20.222505 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1968997/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1968997] Re: openssl has catastrophic issues when locale set to TR_UTF8
** Changed in: openssl (Ubuntu) Importance: High => Critical ** Changed in: openssl (Ubuntu) Status: Confirmed => In Progress ** Changed in: openssl (Ubuntu) Assignee: (unassigned) => Steve Langasek (vorlon) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1968997 Title: openssl has catastrophic issues when locale set to TR_UTF8 Status in openssl package in Ubuntu: In Progress Bug description: I noticed this when I checked "ua status". It alerted me that I should check my openssl configuration. "ua status Failed to access URL: https://contracts.canonical.com/v1/resources?architecture=amd64=5.15.0-25-generic=jammy Cannot verify certificate of server Please check your openssl configuration." I also figured wget doesn't work with https:// URLs at all. On web I found: https://github.com/openssl/openssl/issues/18039 So I changed locale to C_UTF-8 #locale LANG=tr_TR.UTF-8 LANGUAGE= LC_CTYPE="tr_TR.UTF-8" LC_NUMERIC=tr_TR.UTF-8 LC_TIME=tr_TR.UTF-8 LC_COLLATE="tr_TR.UTF-8" LC_MONETARY=tr_TR.UTF-8 LC_MESSAGES="tr_TR.UTF-8" LC_PAPER=tr_TR.UTF-8 LC_NAME=tr_TR.UTF-8 LC_ADDRESS=tr_TR.UTF-8 LC_TELEPHONE=tr_TR.UTF-8 LC_MEASUREMENT=tr_TR.UTF-8 LC_IDENTIFICATION=tr_TR.UTF-8 LC_ALL= casaba@ship-macbook:/backups$ sudo locale-gen c ca_AD ca_ES.UTF-8 ca_IT ckb_IQ cs_CZ cy_GB.UTF-8 ca_AD.UTF-8 ca_ES@valencia ca_IT.UTF-8 cmn_TW cs_CZ.UTF-8 ca_ES ca_FR ce_RU crh_UA cv_RU ca_ES@euro ca_FR.UTF-8 chr_US csb_PL cy_GB casaba@ship-macbook:/backups$ sudo locale-gen C.UTF-8 Generating locales (this might take a while)... C.UTF-8... done Generation complete. casaba@ship-macbook:/backups$ update-locale LANG=C.UTF8 casaba@ship-macbook:/backups$ sudo update-locale LANG=C.UTF8 Now the result is (after logout/login) ua status SERVICE ENTITLED STATUSDESCRIPTION cc-ealyes n/a Common Criteria EAL2 Provisioning Packages cis yes n/a Security compliance and audit tools esm-infra yes n/a UA Infra: Extended Security Maintenance (ESM) fips yes n/a NIST-certified core packages fips-updates yes n/a NIST-certified core packages with priority security updates livepatch yes n/a Canonical Livepatch service Enable services with: ua enable Account: il...@fastmail.fm Subscription: il...@fastmail.fm If Ubuntu 22 ships with current configuration, entire TR will suffer considering you can't find http:// downloads anymore. ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: openssl 3.0.2-0ubuntu1 ProcVersionSignature: Ubuntu 5.15.0-25.25-generic 5.15.30 Uname: Linux 5.15.0-25-generic x86_64 ApportVersion: 2.20.11-0ubuntu82 Architecture: amd64 CasperMD5CheckResult: unknown Date: Thu Apr 14 10:21:09 2022 InstallationDate: Installed on 2021-12-29 (105 days ago) InstallationMedia: Lubuntu 20.04.3 LTS "Focal Fossa" - Release amd64 (20210819) SourcePackage: openssl UpgradeStatus: Upgraded to jammy on 2022-04-09 (4 days ago) mtime.conffile..etc.ssl.openssl.cnf: 2022-04-10T13:11:20.222505 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1968997/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1968997] Re: openssl has catastrophic issues when locale set to TR_UTF8
** Tags added: fr-2255 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1968997 Title: openssl has catastrophic issues when locale set to TR_UTF8 Status in openssl package in Ubuntu: Confirmed Bug description: I noticed this when I checked "ua status". It alerted me that I should check my openssl configuration. "ua status Failed to access URL: https://contracts.canonical.com/v1/resources?architecture=amd64=5.15.0-25-generic=jammy Cannot verify certificate of server Please check your openssl configuration." I also figured wget doesn't work with https:// URLs at all. On web I found: https://github.com/openssl/openssl/issues/18039 So I changed locale to C_UTF-8 #locale LANG=tr_TR.UTF-8 LANGUAGE= LC_CTYPE="tr_TR.UTF-8" LC_NUMERIC=tr_TR.UTF-8 LC_TIME=tr_TR.UTF-8 LC_COLLATE="tr_TR.UTF-8" LC_MONETARY=tr_TR.UTF-8 LC_MESSAGES="tr_TR.UTF-8" LC_PAPER=tr_TR.UTF-8 LC_NAME=tr_TR.UTF-8 LC_ADDRESS=tr_TR.UTF-8 LC_TELEPHONE=tr_TR.UTF-8 LC_MEASUREMENT=tr_TR.UTF-8 LC_IDENTIFICATION=tr_TR.UTF-8 LC_ALL= casaba@ship-macbook:/backups$ sudo locale-gen c ca_AD ca_ES.UTF-8 ca_IT ckb_IQ cs_CZ cy_GB.UTF-8 ca_AD.UTF-8 ca_ES@valencia ca_IT.UTF-8 cmn_TW cs_CZ.UTF-8 ca_ES ca_FR ce_RU crh_UA cv_RU ca_ES@euro ca_FR.UTF-8 chr_US csb_PL cy_GB casaba@ship-macbook:/backups$ sudo locale-gen C.UTF-8 Generating locales (this might take a while)... C.UTF-8... done Generation complete. casaba@ship-macbook:/backups$ update-locale LANG=C.UTF8 casaba@ship-macbook:/backups$ sudo update-locale LANG=C.UTF8 Now the result is (after logout/login) ua status SERVICE ENTITLED STATUSDESCRIPTION cc-ealyes n/a Common Criteria EAL2 Provisioning Packages cis yes n/a Security compliance and audit tools esm-infra yes n/a UA Infra: Extended Security Maintenance (ESM) fips yes n/a NIST-certified core packages fips-updates yes n/a NIST-certified core packages with priority security updates livepatch yes n/a Canonical Livepatch service Enable services with: ua enable Account: il...@fastmail.fm Subscription: il...@fastmail.fm If Ubuntu 22 ships with current configuration, entire TR will suffer considering you can't find http:// downloads anymore. ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: openssl 3.0.2-0ubuntu1 ProcVersionSignature: Ubuntu 5.15.0-25.25-generic 5.15.30 Uname: Linux 5.15.0-25-generic x86_64 ApportVersion: 2.20.11-0ubuntu82 Architecture: amd64 CasperMD5CheckResult: unknown Date: Thu Apr 14 10:21:09 2022 InstallationDate: Installed on 2021-12-29 (105 days ago) InstallationMedia: Lubuntu 20.04.3 LTS "Focal Fossa" - Release amd64 (20210819) SourcePackage: openssl UpgradeStatus: Upgraded to jammy on 2022-04-09 (4 days ago) mtime.conffile..etc.ssl.openssl.cnf: 2022-04-10T13:11:20.222505 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1968997/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1968997] Re: openssl has catastrophic issues when locale set to TR_UTF8
** Tags added: rls-jj-incoming ** Changed in: openssl (Ubuntu) Importance: Undecided => High ** Changed in: openssl (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1968997 Title: openssl has catastrophic issues when locale set to TR_UTF8 Status in openssl package in Ubuntu: Confirmed Bug description: I noticed this when I checked "ua status". It alerted me that I should check my openssl configuration. "ua status Failed to access URL: https://contracts.canonical.com/v1/resources?architecture=amd64=5.15.0-25-generic=jammy Cannot verify certificate of server Please check your openssl configuration." I also figured wget doesn't work with https:// URLs at all. On web I found: https://github.com/openssl/openssl/issues/18039 So I changed locale to C_UTF-8 #locale LANG=tr_TR.UTF-8 LANGUAGE= LC_CTYPE="tr_TR.UTF-8" LC_NUMERIC=tr_TR.UTF-8 LC_TIME=tr_TR.UTF-8 LC_COLLATE="tr_TR.UTF-8" LC_MONETARY=tr_TR.UTF-8 LC_MESSAGES="tr_TR.UTF-8" LC_PAPER=tr_TR.UTF-8 LC_NAME=tr_TR.UTF-8 LC_ADDRESS=tr_TR.UTF-8 LC_TELEPHONE=tr_TR.UTF-8 LC_MEASUREMENT=tr_TR.UTF-8 LC_IDENTIFICATION=tr_TR.UTF-8 LC_ALL= casaba@ship-macbook:/backups$ sudo locale-gen c ca_AD ca_ES.UTF-8 ca_IT ckb_IQ cs_CZ cy_GB.UTF-8 ca_AD.UTF-8 ca_ES@valencia ca_IT.UTF-8 cmn_TW cs_CZ.UTF-8 ca_ES ca_FR ce_RU crh_UA cv_RU ca_ES@euro ca_FR.UTF-8 chr_US csb_PL cy_GB casaba@ship-macbook:/backups$ sudo locale-gen C.UTF-8 Generating locales (this might take a while)... C.UTF-8... done Generation complete. casaba@ship-macbook:/backups$ update-locale LANG=C.UTF8 casaba@ship-macbook:/backups$ sudo update-locale LANG=C.UTF8 Now the result is (after logout/login) ua status SERVICE ENTITLED STATUSDESCRIPTION cc-ealyes n/a Common Criteria EAL2 Provisioning Packages cis yes n/a Security compliance and audit tools esm-infra yes n/a UA Infra: Extended Security Maintenance (ESM) fips yes n/a NIST-certified core packages fips-updates yes n/a NIST-certified core packages with priority security updates livepatch yes n/a Canonical Livepatch service Enable services with: ua enable Account: il...@fastmail.fm Subscription: il...@fastmail.fm If Ubuntu 22 ships with current configuration, entire TR will suffer considering you can't find http:// downloads anymore. ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: openssl 3.0.2-0ubuntu1 ProcVersionSignature: Ubuntu 5.15.0-25.25-generic 5.15.30 Uname: Linux 5.15.0-25-generic x86_64 ApportVersion: 2.20.11-0ubuntu82 Architecture: amd64 CasperMD5CheckResult: unknown Date: Thu Apr 14 10:21:09 2022 InstallationDate: Installed on 2021-12-29 (105 days ago) InstallationMedia: Lubuntu 20.04.3 LTS "Focal Fossa" - Release amd64 (20210819) SourcePackage: openssl UpgradeStatus: Upgraded to jammy on 2022-04-09 (4 days ago) mtime.conffile..etc.ssl.openssl.cnf: 2022-04-10T13:11:20.222505 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1968997/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
