This bug was fixed in the package openssl - 3.0.2-0ubuntu1.13
---
openssl (3.0.2-0ubuntu1.13) jammy; urgency=medium
* Fix (upstream): crash when using an engine for ciphers used by DRBG
(LP: #2023545)
-
** Tags removed: verification-needed verification-needed-jammy
** Tags added: verification-done verification-done-jammy
** Tags removed: foundations-triage-discuss
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in
As expected, it wasn't very easy to create a reproducer since the
openssl tool couldn't be used and it required introducing errors in
lower layers. Moreover the CMS_dataFinal symbol cannot be overriden in a
meaningful way, probably either due to LTO or symbol visibility.
Fortunately it was still
Gil, can you do the verification? Thanks.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1994165
Title:
CMS_final: do not ignore CMS_dataFinal result
Status in openssl
Hello Gil, or anyone else affected,
Accepted openssl into jammy-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/openssl/3.0.2-0ubuntu1.13 in a few
hours, and then in the -proposed repository.
Please help us by testing this new package. See
I think the concerns Andreas raises regarding
debian/patches/lp1994165/0002-Handle-SMIME_crlf_copy-return-code.patch
are valid. Yes, there are cases where the return value of
SMIME_crlf_copy() is currently ignored and this results in other API
calls returning success when they should not.
Indeed, there is an "extra" change which I saw fit to include after
reviewing the change with care.
Replicating the issue directly involves using the openssl C APIs because
higher-level interfaces like the command-line ones prevent calling the
affected code in a way that will trigger the issue.
There are two changes here:
a) The original bug: CMS_final() was not taking into account the result
of CMS_dataFinal() when returning its return code. It might be that
CMS_dataFinal() failed, in which case an error would even be raised, but
the return code of CMS_final() would be that of
** Description changed:
=== SRU information ===
[Meta]
- This bug is part of a series of four bugs for a single SRU.
+ This bug is part of a series of three bugs for a single SRU.
The "central" bug with the global information and debdiff is
http://pad.lv/2033422
[Impact]
S/MIME
A version containing a fix for this has been uploaded to the Jammy queue
to be processed by the SRU team. Thanks, Adrien :)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
Ah, I noticed that this is part of a big SRU that's being completed on
bug #2033422. Just leaving a comment here for the record.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
Hello,
ubuntu-sponsors is subscribed to this bug but I couldn't find anything
actionable. I'm unsubscribing ubuntu-sponsors; feel free to subscribe it
again if there's anything that needs sponsoring. Thanks.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded
** Description changed:
=== SRU information ===
[Meta]
This bug is part of a series of four bugs for a single SRU.
- The "central" bug with the global information and debdiff is #2033422
+ The "central" bug with the global information and debdiff is
http://pad.lv/2033422
[Impact]
** Description changed:
=== SRU information ===
+ [Meta]
+ This bug is part of a series of four bugs for a single SRU.
+ The "central" bug with the global information and debdiff is #2033422
[Impact]
S/MIME signature can fail silently
The commit by upstream propagates the return code
** Description changed:
=== SRU information ===
[Impact]
S/MIME signature can fail silently
The commit by upstream propagates the return code of some functions rather
than ignore it.
[Test plan]
This issue is not very simple to reproduce because "openssl cms" cannot be
used to
** Description changed:
=== SRU information ===
[Impact]
S/MIME signature can fail silently
The commit by upstream propagates the return code of some functions rather
than ignore it.
[Test plan]
This issue is not very simple to reproduce because "openssl cms" cannot be
used to
** Description changed:
=== SRU information ===
[Impact]
S/MIME signature can fail silently
The commit by upstream propagates the return code of some functions rather
than ignore it.
[Test plan]
- This issue is not very simple to reproduce because "penssl cms" cannot be
used to
** Description changed:
+ === SRU information ===
+
+ [Impact]
+ S/MIME signature can fail silently
+ The commit by upstream propagates the return code of some functions rather
than ignore it.
+
+ [Test plan]
+ This issue is not very simple to reproduce because "penssl cms" cannot be
used to
Thanks a lot for taking the time to test and provide feedback.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1994165
Title:
CMS_final: do not ignore CMS_dataFinal result
Hi
It seems that the issue is solved.
Thanks
On Tue, Sep 12, 2023 at 12:16 PM Adrien Nader <1994...@bugs.launchpad.net>
wrote:
> I've created a PPA for Jammy that incorporates the fix mentionned. The
> details are available at
> https://launchpad.net/~adrien-n/+archive/ubuntu/openssl-jammy-sru
I've created a PPA for Jammy that incorporates the fix mentionned. The
details are available at
https://launchpad.net/~adrien-n/+archive/ubuntu/openssl-jammy-sru .
Could you test it and confirm your issue is solved?
--
You received this bug notification because you are a member of Ubuntu
Touch
** Also affects: openssl (Ubuntu Lunar)
Importance: Undecided
Status: New
** Changed in: openssl (Ubuntu Lunar)
Status: New => Fix Released
** Changed in: openssl (Ubuntu)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member
** Changed in: openssl (Ubuntu Jammy)
Status: Triaged => In Progress
** Changed in: openssl (Ubuntu Jammy)
Milestone: None => jammy-updates
** Changed in: openssl (Ubuntu)
Status: Triaged => In Progress
--
You received this bug notification because you are a member of Ubuntu
I was closing this for the reasons I outlined above. However, since
then, I've decided to try to do an SRU of openssl for Jammy and I can
try to integrate these changes.
** Changed in: openssl (Ubuntu)
Status: Incomplete => Won't Fix
** Changed in: openssl (Ubuntu Jammy)
Status:
Thanks.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1994165
Title:
CMS_final: do not ignore CMS_dataFinal result
Status in openssl package in Ubuntu:
Incomplete
** Changed in: openssl (Ubuntu Jammy)
Assignee: (unassigned) => Adrien Nader (adrien-n)
** Changed in: openssl (Ubuntu Kinetic)
Assignee: (unassigned) => Adrien Nader (adrien-n)
** Changed in: openssl (Ubuntu)
Assignee: (unassigned) => Adrien Nader (adrien-n)
** Changed in:
We'd need more details about the issue and its actual impact for you
since upstream doesn't consider this a security issue since it only
happens when signing, not when checking signatures (which makes sense).
Without this there is no process for pushing an update to a released
version.
--
You
Hi,
This is a serious bug.
CMS_final() finalises the structure cms. Its purpose is to perform any
operations necessary on cms.
CMS_final() call to SMIME_crlf_copy() and not checking the return value
from SMIME_crlf_copy() so even SMIME_crlf_copy() fail, CMS_final() will
return ok but with wrong
Hi,
This is a serious bug.
CMS_final() finalises the structure cms. Its purpose is to perform any
operations necessary on cms.
CMS_final() call to SMIME_crlf_copy() and not checking the return value from
SMIME_crlf_copy() so even SMIME_crlf_copy() fail, CMS_final() will return ok
but with wrong
Hi Gil,
Can you explain a bit the actual impact of this bug and/or a scenario to
reproduce. The commit doesn't give us a lot of details and the issue
appears to be possibly quite serious but without diving deep into the
code and possibly writing a reproducer from scratch ourselves, it is
hard to
This should be fixed in lunar by merging openssl from Debian
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1994165
Title:
CMS_final: do not ignore CMS_dataFinal result
** Tags added: foundations-triage-discuss
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1994165
Title:
CMS_final: do not ignore CMS_dataFinal result
Status in openssl
3.0.6 include this fix.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1994165
Title:
CMS_final: do not ignore CMS_dataFinal result
Status in openssl package in Ubuntu:
"git tag --contains 67c0460b89cc1b0644a1a59af78284dfd8d720af" shows that
no release contains the upstream commit yet.
** Description changed:
https://github.com/openssl/openssl/pull/18876
The CMS_dataFinal result is important as signature may fail, however, it
is ignored while returning
34 matches
Mail list logo
