AFAIU there is no issue in the package at the moment so I'll close the
report. Thanks for investigating and trying the package reinstallation.
(Also, Alex, impressive intuition!)
** Changed in: openssl (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you are
** Changed in: openssl (Ubuntu)
Milestone: None => ubuntu-24.10
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1297025
Title:
Either the changelog.gz is missing or
I plan to work on this during the OO cycle. It's an issue inherited from
Debian AFAIU.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1297025
Title:
Either the
*** This bug is a duplicate of bug 1297025 ***
https://bugs.launchpad.net/bugs/1297025
** This bug has been marked a duplicate of bug 1297025
Either the changelog.gz is missing or there is an erroneous link in the
libssl1.0.0 package
--
You received this bug notification because you are
** Changed in: openssl (Ubuntu)
Status: Triaged => New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/2062167
Title:
[FFe] openssl: post-3.0.13 changes from git
Note that there is a CVE fix in there too. It's low-severity because
it's only unbounded memory growth but it's quite easy to trigger and I
think that anyone who has a webserver with TLS 1.3 will want it patched.
Therefore there should be an upload of this at least.
--
You received this bug
Public bug reported:
I would like to have the most recent openssl version possible in Noble.
For that I am requesting to upload all the commits in the openssl-3.0
branch that follow 3.0.13 which is already in the archive.
I would like to include 3.0.14 afterwards if feasible. Having the most
** Also affects: openssl (Ubuntu Noble)
Importance: Undecided
Status: Confirmed
** Also affects: openssl (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: openssl (Ubuntu Mantic)
Importance: Undecided
Status: New
** Changed in: openssl (Ubuntu
I'm going to target this to 24.10 as it's the first time it will be
possible to "solve" it. As far as I understand, there will probably be
performance loss with 3.3 compared to 1.1 but it's going to be a long
tail rather than a few big changes which have been included in 3.1, 3.2
and 3.3.
Btw,
Due to openssl's release schedule, 24.04 Noble Numbat will still use
3.0. It will be 3.0.13 unless a 3.0.14 is released very soon.
After Noble Numbat is released, I will work on openssl 3.3 for the
subsequent Ubuntu release. It is not yet released but will be soon so I
might start with beta/RC.
** Description changed:
+ NOTE: THIS IS AN ATTEMPT AT INCLUDING A BACKDOOR. THIS IS LEFT FOR
+ HISTORICAL PURPOSES ONLY AND MUST NOT BE DONE.
+
+
Please sync xz-utils 5.6.1-1 (main) from Debian unstable (main)
Hello! I am one of the upstream maintainers for XZ Utils. Version 5.6.1
was
I had forgotten about this bug. Thanks for bringing this up and let me
close this.
** Changed in: xz-utils (Ubuntu)
Status: New => Invalid
** Description changed:
+ NOTE: THE VERSION MENTIONED HERE HAS BEEN BACKDOORED.
+ I am keeping the text below unchanged due to its possible
I'll dive deeper into this. The timing collides with the t64 transition
so that makes me curious. Moreover, Debian reverted to 5.4.5 so the
situation where we're on 5.6.0 doesn't match Debian either.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages,
** Changed in: openssl (Ubuntu)
Status: Triaged => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/2056593
Title:
[FFE] FIPS compatibility patches
** Changed in: openssl (Ubuntu)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/2058017
Title:
openssl is not LTO-safe
Status
** Description changed:
tl;dr: since it's too much work to make openssl LTO-safe, upstream
doesn't see it as a goal and doesn't test it, and there are probably no
performance gains to LTO for this package.
Openssl is an old project and the codebase wasn't written with aliasing
rules
** Description changed:
tl;dr: since it's too much work to make openssl LTO-safe, upstream
doesn't see it as a goal and doesn't test it, and there are probably no
performance gains to LTO for this package.
Openssl is an old project and the codebase wasn't written with aliasing
rules
** Description changed:
We have an open MR with a handful of FIPS compatibilty changes we wore hoping
to get into 24.04. The main purpose of the changes is to detect whether the
kernel is running in FIPS mode and adjust the behavior of the library
accordingly by loading the correct
** Changed in: openssl (Ubuntu)
Milestone: None => ubuntu-24.04
** Changed in: openssl (Ubuntu)
Assignee: (unassigned) => Adrien Nader (adrien-n)
** Changed in: openssl (Ubuntu)
Status: New => In Progress
--
You received this bug notification because you are a member
I did some additional tests too in a noble container.
With/without the env var to set the file location, including with the
file missing, with/without the env var to force FIPS mode, and using
values 0, 1, 42, -42, a.
By the way, note that access to these environment variables uses
** Summary changed:
- [FFe] openssl is not LTO-safe
+ openssl is not LTO-safe
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/2058017
Title:
openssl is not LTO-safe
** Description changed:
tl;dr: since it's too much work to make openssl LTO-safe, upstream
doesn't see it as a goal and doesn't test it, and there are probably no
performance gains to LTO for this package.
Openssl is an old project and the codebase wasn't written with aliasing
rules
** Summary changed:
- openssl is not LTO-safe
+ [FFe] openssl is not LTO-safe
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/2058017
Title:
[FFe] openssl is not LTO-safe
Public bug reported:
tl;dr: since it's too much work to make openssl LTO-safe, upstream
doesn't see it as a goal and doesn't test it, and there are probably no
performance gains to LTO for this package.
Openssl is an old project and the codebase wasn't written with aliasing
rules in mind. There
Thanks a lot for looking at this. The issue seems fixed on my machine.
There are currently several changes being prepared for openssl and I
think I'd rather batch them considering the state of the CI queue but
this will definitely go into Noble. Thanks again.
--
You received this bug
Hey,
I think everything in the gnutls/ directory should be allowed: there can
be profiles with arbitrary names (or at least alnum I guess) which
define priority/configuration strings that can be used by gnutls
applications. I'm not aware of anything else that typically goes there
but I haven't
There are several reasons a program can skip loading the openssl
configuration unfortunately: env vars pointing to another file, apparmor
preventing loading, library initilization skipping it, ...
Is the program that ignores the openssl configuration file in the Ubuntu
archive? Or public?
--
Thanks for continued investigation.
A reproducer would be valuable as it would allow me to verify
independently the patch is effective, within the limits of the
understanding of the situation of course and that can be especially
time-consuming when not having access to the remote server. :/
A
Graham pointed out that the upload was actually to unstable and
therefore autosync'ed already!
I'm going to keep the bug open until it migrates due to the possibility
of some testsuite failures.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages,
Public bug reported:
Xz-utils 5.6.0 was released last Friday. It features a much faster
decompression code on all platforms but on x86_64 in particular, it is
60% faster in my testing. It also aligns better current practices of
enabling multi-threading by default (always with a default memory
Thanks for the report. I am reluctant to backport this as I'm not sure
it makes a lot of sense system-wide. Curl upstream didn't seem happy
with enabling this work-around even in 2021. It seems the reason to
integrate this would be to be able to ignore this despite curl not
ignoring it nor
I'm not seeing the issue on 3.2.1. I'm preparing 3.0.13 without the AES
patch and will probably deal with it after the feature freeze at the end
of the month.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
While preparing an update to 3.0.13 for Noble, I started encoutering
testsuite failures.
The cause is the AES patch combined with 3.0.13 (more specifically with the
dupctx patches. The problematic combination looks something like the following:
- AES-GCM-enabled-with-AVX512-vAES-and-vPCLMULQDQ
-
Thanks for re-trying and reporting!
For some (possible) context: there have been some infrastructure issues
his week, especially at the beginning of the week: broken services and
delays in the pipelines. I was expecting this to be the cause of the
issue.
--
You received this bug notification
XZ developers have a couple questions regarding this after looking at the trace:
- is it reproducible? did it happen several times?
- does the machine use ECC memory?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to xz-utils
** Tags removed: verification-needed verification-needed-jammy
** Tags added: verification-done verification-done-jammy
** Tags removed: foundations-triage-discuss
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in
Frank and Grgo, thanks for the verification. That was very helpful.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/2023545
Title:
[UBUNTU 22.04] openssl with ibmca engine
Thanks a lot for the verification Simon!
I looked at the test results and I believe failed tests are all fine:
- diffoscope: pyhon "ModuleNotFoundError: No module named 'tests.utils'"
- dotnet*: complains that this dotnet is not tested for 24.04 (yes, 24.04);
this system of keeping a matrix of
As expected, it wasn't very easy to create a reproducer since the
openssl tool couldn't be used and it required introducing errors in
lower layers. Moreover the CMS_dataFinal symbol cannot be overriden in a
meaningful way, probably either due to LTO or symbol visibility.
Fortunately it was still
Gil, can you do the verification? Thanks.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1994165
Title:
CMS_final: do not ignore CMS_dataFinal result
Status in openssl
Thanks for the review and upload.
I have a similar take on the patches in this series and I believe it
would be very difficult and riskier to try to skip some of the patches
in this series which has seen real-world use as a whole, starting with
openssl >= 3.0.4 (which we started shipping in
I'm attaching an updated debdiff.
- remove left-over patches for a bug that we decided to not handle as part of
this SRU (patches were already unlisted from d/p/series)
- added Bug-Ubuntu entries to patches
PPA is the same. New build is at
https://launchpad.net/~adrien-n/+archive/ubuntu/jammy-
Here is an updated version.
I've dropped the extra patch for #1994165 and fixed the changelog where
I had swapped comments for two of the patches.
I've created a new PPA at
https://launchpad.net/~adrien-n/+archive/ubuntu/jammy-
openssl-2033422-sru because the version is unchanged (there has been
I tested this patch set on a Zen 4 machine too and saw roughly similar
speedups.
And before someone asks: no, I'm not testing that on Via CPUs!
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
Sometimes I don't understand what happens when I attempt to reply by
mail...
Anyway...
The affected code is in libcrypto which I think sees fewer important security
fixes. Therefore it's possible to build it and put it in your library search
path. This should fix the issue without being too
There aren't many ways to make localtime() fail and we still don't know
how this happened in this case. We expect this happens maybe on a 32-bit
machine. You can't have a really huge value in btmp anyway because
everything is stored on 32-bit signed integers but maybe seconds are
negative or
Thanks a lot for the tests, that's very appreciated.
I ran that on my laptop (11th Gen Intel(R) Core(TM) i5-1135G7 @ 2.40GHz)
which quite surprisingly has all these CPU features. Mostly idle,
dynamic CPU governor but no thermal throttling at all (and if there
were, it would probably slow down the
Openssl's support policy means we won't be using a non-LTS version in
Ubuntu. There's a small window where we might use a non-LTS version
provided we are sure we can upgrade to an LTS version of openssl in time
for our own LTS but at the moment this situation has not happened yet.
Openssl 3.1 is
Apologies for not answering earlier; I wasn't available when I first saw
your message.
FWIW, there's just been another report of the same issue with a
different scenario but that's half-way between the "streaming" case and
the "data at rest" one.
The reason this fix is difficult to integrate in
*** This bug is a duplicate of bug 1990216 ***
https://bugs.launchpad.net/bugs/1990216
** This bug has been marked a duplicate of bug 1990216
backport fix for "OpenSSL 3 cannot decrypt data encrypted with OpenSSL 1.1
with blowfish in OFB or CFB modes" to Jammy
--
You received this bug
Indeed, there is an "extra" change which I saw fit to include after
reviewing the change with care.
Replicating the issue directly involves using the openssl C APIs because
higher-level interfaces like the command-line ones prevent calling the
affected code in a way that will trigger the issue.
As you mention, it's difficult to test with this reproducer specifically
since it's specialized hardware and I've largely had to rely on testing
from the proxied persons who also have interests and duties in this
working well. The issue also appears without the specific hardware when
using
Thanks for looking more deeply than I did. I guess I'll upload both to
my PPA, using whichever version is in -proposed right now.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apport in Ubuntu.
That looks a lot like the -fstack-clash-protection issue we've been
having recently for other packages on armhf.
dpkg 1.22.1ubuntu3 should fix this (
https://launchpad.net/ubuntu/+source/dpkg/1.22.1ubuntu3 )
The place where I've written the most details about this is
I'm going to mark this as duplicate of another bug which I have an
overdue answer to provide.
But one important question: what is your actual usecase that is
negatively impacted?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed
** Description changed:
=== SRU information ===
[ATTENTION]
This SRU contains THREE changes which are listed in the section below.
[Meta]
- This bug is part of a series of four bugs for a single SRU.
+ This bug is part of a series of three bugs for a single SRU.
This ( #2033422 ) is
Hi Nathan,
Sorry, I didn't have enough time to comment here before a few days of
vacation.
This one is indeed not in the SRU at the moment. The description edit
itself did not make much sense.
I first discussed this topic with Simon but then also with Steve
Langasek, with others attending the
I don't know why LP expired this bug since you commented after I changed
the its status...
Anyway, I'm going to mark it as New again. Unfortunately, I haven't had
time to try to reproduce this again and I won't have time before at
least two weeks due to some time off and Canonical events. It
** Description changed:
=== SRU information ===
[Meta]
- This bug is part of a series of four bugs for a single SRU.
+ This bug is part of a series of three bugs for a single SRU.
The "central" bug with the global information and debdiff is
http://pad.lv/2033422
[Impact]
Decryption
** Description changed:
=== SRU information ===
[Meta]
- This bug is part of a series of four bugs for a single SRU.
+ This bug is part of a series of three bugs for a single SRU.
The "central" bug with the global information and debdiff is
http://pad.lv/2033422
[Impact]
S/MIME
** Description changed:
=== SRU information ===
[Meta]
- This bug is part of a series of four bugs for a single SRU.
+ This bug is part of a series of three bugs for a single SRU.
The "central" bug with the global information and debdiff is
http://pad.lv/2033422
[Impact]
Openssl
** Description changed:
=== SRU information ===
[ATTENTION]
- This SRU contains FOUR changes which are listed in the section below.
+ This SRU contains THREE changes which are listed in the section below.
[Meta]
This bug is part of a series of four bugs for a single SRU.
This (
** Description changed:
=== SRU information ===
[ATTENTION]
This SRU contains FOUR changes which are listed in the section below.
[Meta]
This bug is part of a series of four bugs for a single SRU.
This ( #2033422 ) is the "central" bug with the global information and
debdiff.
Forgot to upload the latest debdiff.
** Patch added: "openssl_3.0.2-0ubuntu1.12-to-3.0.2-0ubuntu1.13.diff"
https://bugs.launchpad.net/ubuntu/jammy/+source/openssl/+bug/2033422/+attachment/5713594/+files/openssl_3.0.2-0ubuntu1.12-to-3.0.2-0ubuntu1.13.diff
--
You received this bug
** Description changed:
=== SRU information ===
[ATTENTION]
This SRU contains FOUR changes which are listed in the section below.
[Meta]
This bug is part of a series of four bugs for a single SRU.
This ( #2033422 ) is the "central" bug with the global information and
debdiff.
** Description changed:
=== SRU information ===
[ATTENTION]
This SRU contains FOUR changes which are listed in the section below.
[Meta]
This bug is part of a series of four bugs for a single SRU.
This ( #2033422 ) is the "central" bug with the global information and
debdiff.
** Description changed:
=== SRU information ===
+ [ATTENTION]
+ This SRU contains FOUR changes which are listed in the section below.
+
[Meta]
This bug is part of a series of four bugs for a single SRU.
This ( #2033422 ) is the "central" bug with the global information and
debdiff.
Hi Lucas,
Sorry, this is part of an SRU with 4 patches but that we've decided to
hold back for a bit (a few days after the current release). I've removed
ubuntu-sponsors from the "main" LP bug (link near the top of the bug
report) but not from the others. I'll do it now and I think maybe it's
Removed ~ubuntu-sponsors for a few days while a few things settle.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/2033422
Title:
openssl: backport to jammy "clear method
** Changed in: openssl (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/2039142
Title:
openssl v3.0.2 is not work with dynamic
Hi,
I have not been able to reproduce your issue. Since you did not provide
the exact command you've used, I did a different test that relies on the
engine. I did the following (lots of trial and error):
* git clone https://github.com/gost-engine/engine
* mkdir build
* cd build
* cmake
** Tags removed: foundations-todo
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/2023545
Title:
[UBUNTU 22.04] openssl with ibmca engine configured dumps core when
(did my mail answer from yesterday get eaten by launchpad?)
Here's an updated debdiff that:
- renames files using the lp- prefix,
- reworks the changelog to a more typical format:
* what (LP: #)
- ${file}
- adds DEP-3 to the patches
I've pushed an updated build on LP at
Thanks for the precision Marian.
Dimitri, do you know if the "sleep 1" works in practice?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to initramfs-tools in Ubuntu.
https://bugs.launchpad.net/bugs/2037202
Title:
** Description changed:
=== SRU information ===
[Meta]
This bug is part of a series of four bugs for a single SRU.
This ( #2033422 ) is the "central" bug with the global information and
debdiff.
This SRU addresses four issues with Jammy's openssl version:
- http://pad.lv/1990216:
** Description changed:
=== SRU information ===
[Meta]
This bug is part of a series of four bugs for a single SRU.
This ( #2033422 ) is the "central" bug with the global information and
debdiff.
This SRU addresses four issues with Jammy's openssl version:
- http://pad.lv/1990216:
** Description changed:
=== SRU information ===
[Meta]
This bug is part of a series of four bugs for a single SRU.
This ( #2033422 ) is the "central" bug with the global information and
debdiff.
This SRU addresses four issues with Jammy's openssl version:
- http://pad.lv/1990216:
** Description changed:
=== SRU information ===
[Meta]
This bug is part of a series of four bugs for a single SRU.
- The "central" bug with the global information and debdiff is #2033422
+ The "central" bug with the global information and debdiff is
http://pad.lv/2033422
[Impact]
** Description changed:
=== SRU information ===
[Meta]
This bug is part of a series of four bugs for a single SRU.
- The "central" bug with the global information and debdiff is #2033422
+ The "central" bug with the global information and debdiff is
http://pad.lv/2033422
[Impact]
** Description changed:
=== SRU information ===
[Meta]
This bug is part of a series of four bugs for a single SRU.
- The "central" bug with the global information and debdiff is #2033422
+ The "central" bug with the global information and debdiff is
http://pad.lv/2033422
[Impact]
** Description changed:
=== SRU information ===
[Meta]
This bug is part of a series of four bugs for a single SRU.
This ( #2033422 ) is the "central" bug with the global information and
debdiff.
This SRU addresses four issues with Jammy's openssl version:
- - #1990216: Blowfish
** Description changed:
=== SRU information ===
[Meta]
This bug is part of a series of four bugs for a single SRU.
This ( #2033422 ) is the "central" bug with the global information and
debdiff.
This SRU addresses four issues with Jammy's openssl version:
- #1990216: Blowfish
** Description changed:
=== SRU information ===
+ [Meta]
+ This bug is part of a series of four bugs for a single SRU.
+ The "central" bug with the global information and debdiff is #2033422
[Impact]
S/MIME signature can fail silently
The commit by upstream propagates the return code
** Description changed:
=== SRU information ===
+ [Meta]
+ This bug is part of a series of four bugs for a single SRU.
+ The "central" bug with the global information and debdiff is #2033422
[Impact]
Openssl using an engine dumps core upon certificate creation; other
operations are
** Description changed:
=== SRU information ===
+ [Meta]
+ This bug is part of a series of four bugs for a single SRU.
+ The "central" bug with the global information and debdiff is #2033422
[Impact]
Decryption for Blowfish with OFB and CFB modes fails due to using a key
shorter than
Attaching debdiff for openssl from 3.0.2-0ubuntu1.10 to
3.0.2-0ubuntu1.11
** Description changed:
=== SRU information ===
+ [Meta]
+ This bug is part of a series of four bugs for a single SRU.
+ The "central" bug with the global information and debdiff is #2033422
+
+ This SRU addresses four
** Description changed:
=== SRU information ===
[Impact]
Openssl using an engine dumps core upon certificate creation; other
operations are probably affected too. Overall, engines are likely mostly
unusable.
[Test plan]
An engine is needed to test the fix and I don't think we
** Description changed:
=== SRU information ===
[Impact]
Decryption for Blowfish with OFB and CFB modes fails due to using a key
shorter than expected by default.
Encryption will also use a key shorter than expected.
Exchange of encrypted data from/to Jammy using BF OFB/CFB will
** Description changed:
=== SRU information ===
[Impact]
Severely degraded performance for concurrent operations compared to openssl
1.1. The performance is so degraded that some workloads fail due to timeouts or
insufficient resources (noone magically has 5 times more machines). As a
** Description changed:
=== SRU information ===
[Impact]
S/MIME signature can fail silently
The commit by upstream propagates the return code of some functions rather
than ignore it.
[Test plan]
This issue is not very simple to reproduce because "openssl cms" cannot be
used to
** Description changed:
=== SRU information ===
[Impact]
S/MIME signature can fail silently
The commit by upstream propagates the return code of some functions rather
than ignore it.
[Test plan]
This issue is not very simple to reproduce because "openssl cms" cannot be
used to
** Description changed:
+ === SRU information ===
+
+ [Impact]
+ Severely degraded performance for concurrent operations compared to openssl
1.1. The performance is so degraded that some workloads fail due to timeouts or
insufficient resources (noone magically has 5 times more machines). As a
** Description changed:
+ === SRU information ===
+
+ [Impact]
+ Openssl using an engine dumps core upon certificate creation; other
operations are probably affected too. Overall, engines are likely mostly
unusable.
+
+ [Test plan]
+ An engine is needed to test the fix and I don't think we
** Description changed:
=== SRU information ===
[Impact]
S/MIME signature can fail silently
The commit by upstream propagates the return code of some functions rather
than ignore it.
[Test plan]
- This issue is not very simple to reproduce because "penssl cms" cannot be
used to
** Description changed:
=== SRU information ===
[Impact]
Decryption for Blowfish with OFB and CFB modes fails due to using a key
shorter than expected by default.
Encryption will also use a key shorter than expected.
Exchange of encrypted data from/to Jammy using BF OFB/CFB will
** Description changed:
- OpenSSL upstream implemented a fix for their issue #18359 "OpenSSL 3 cannot
decrypt data encrypted with OpenSSL 1.1 with blowfish in OFB or CFB modes"
- https://github.com/openssl/openssl/issues/18359
+ === SRU information ===
+
+ [Impact]
+ Decryption for Blowfish
** Description changed:
+ === SRU information ===
+
+ [Impact]
+ S/MIME signature can fail silently
+ The commit by upstream propagates the return code of some functions rather
than ignore it.
+
+ [Test plan]
+ This issue is not very simple to reproduce because "penssl cms" cannot be
used to
Should dhcp really be oneshot? I don't know what dhclient was doing (I
guess it was dhclient before) but it sounds difficult to synchronize
this properly. I imagine it's also possible to run the dhcp client in
oneshot mode in a loop with maybe 3 iterations and "sleep 1" in between.
--
You
Thanks a lot for taking the time to test and provide feedback.
I'll continue with the SRU process which should take a few more weeks
(I'd say between two and four but that's a very rough guess).
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages,
Thanks a lot for taking the time to test and provide feedback.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1994165
Title:
CMS_final: do not ignore CMS_dataFinal result
1 - 100 of 289 matches
Mail list logo