[Touch-packages] [Bug 1931994] Re: [Ubuntu 20.04] OpenSSL bugs in the s390x AES code
** Changed in: ubuntu-z-systems Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1931994 Title: [Ubuntu 20.04] OpenSSL bugs in the s390x AES code Status in Ubuntu on IBM z Systems: Fix Released Status in openssl package in Ubuntu: Fix Released Status in openssl source package in Bionic: Fix Released Status in openssl source package in Focal: Fix Released Status in openssl source package in Hirsute: Fix Released Status in openssl source package in Impish: Fix Released Bug description: Problem description: When passing a NULL key to reset AES EVC state, the state wouldn't be completely reset on s390x. https://github.com/openssl/openssl/pull/14900 Solution available here: https://github.com/openssl/openssl/commit/dc67210d909b5dd7a50f60a96f36f3f5a891b1c8 Should be applied to all distros where openssl 1.1.1 is included for consistency reason. -> 21.10, 20.04, 18.04. I think not needed for 16.04 anymore [Test plan] $ sudo apt install libssl-dev $ gcc test.c -o evc-test -lcrypto -lssl # See https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1931994/comments/2 for the test.c program $ ./evc-test && echo OK [Where problems could occur] This patch only touches s390x code paths, so there shouldn't be any regression on other architectures. However, on s390x this could reveal latent bugs by spreading a NULL key to new code paths. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1931994/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1931994] Re: [Ubuntu 20.04] OpenSSL bugs in the s390x AES code
This bug was fixed in the package openssl - 1.1.1-1ubuntu2.1~18.04.10 --- openssl (1.1.1-1ubuntu2.1~18.04.10) bionic; urgency=medium * Cherry-pick an upstream patch to fix s390x AES code (LP: #1931994) -- Simon Chopin Fri, 23 Jul 2021 14:32:42 +0200 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1931994 Title: [Ubuntu 20.04] OpenSSL bugs in the s390x AES code Status in Ubuntu on IBM z Systems: Fix Committed Status in openssl package in Ubuntu: Fix Released Status in openssl source package in Bionic: Fix Released Status in openssl source package in Focal: Fix Released Status in openssl source package in Hirsute: Fix Released Status in openssl source package in Impish: Fix Released Bug description: Problem description: When passing a NULL key to reset AES EVC state, the state wouldn't be completely reset on s390x. https://github.com/openssl/openssl/pull/14900 Solution available here: https://github.com/openssl/openssl/commit/dc67210d909b5dd7a50f60a96f36f3f5a891b1c8 Should be applied to all distros where openssl 1.1.1 is included for consistency reason. -> 21.10, 20.04, 18.04. I think not needed for 16.04 anymore [Test plan] $ sudo apt install libssl-dev $ gcc test.c -o evc-test -lcrypto -lssl # See https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1931994/comments/2 for the test.c program $ ./evc-test && echo OK [Where problems could occur] This patch only touches s390x code paths, so there shouldn't be any regression on other architectures. However, on s390x this could reveal latent bugs by spreading a NULL key to new code paths. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1931994/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1931994] Re: [Ubuntu 20.04] OpenSSL bugs in the s390x AES code
This bug was fixed in the package openssl - 1.1.1f-1ubuntu2.5 --- openssl (1.1.1f-1ubuntu2.5) focal; urgency=medium * Cherry-pick an upstream patch to fix s390x AES code (LP: #1931994) -- Simon Chopin Fri, 23 Jul 2021 14:32:42 +0200 ** Changed in: openssl (Ubuntu Focal) Status: Fix Committed => Fix Released ** Changed in: openssl (Ubuntu Bionic) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1931994 Title: [Ubuntu 20.04] OpenSSL bugs in the s390x AES code Status in Ubuntu on IBM z Systems: Fix Committed Status in openssl package in Ubuntu: Fix Released Status in openssl source package in Bionic: Fix Released Status in openssl source package in Focal: Fix Released Status in openssl source package in Hirsute: Fix Released Status in openssl source package in Impish: Fix Released Bug description: Problem description: When passing a NULL key to reset AES EVC state, the state wouldn't be completely reset on s390x. https://github.com/openssl/openssl/pull/14900 Solution available here: https://github.com/openssl/openssl/commit/dc67210d909b5dd7a50f60a96f36f3f5a891b1c8 Should be applied to all distros where openssl 1.1.1 is included for consistency reason. -> 21.10, 20.04, 18.04. I think not needed for 16.04 anymore [Test plan] $ sudo apt install libssl-dev $ gcc test.c -o evc-test -lcrypto -lssl # See https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1931994/comments/2 for the test.c program $ ./evc-test && echo OK [Where problems could occur] This patch only touches s390x code paths, so there shouldn't be any regression on other architectures. However, on s390x this could reveal latent bugs by spreading a NULL key to new code paths. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1931994/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1931994] Re: [Ubuntu 20.04] OpenSSL bugs in the s390x AES code
This bug was fixed in the package openssl - 1.1.1j-1ubuntu3.2 --- openssl (1.1.1j-1ubuntu3.2) hirsute; urgency=medium * Cherry-pick an upstream patch to fix s390x AES code (LP: #1931994) openssl (1.1.1j-1ubuntu3.1) hirsute; urgency=medium * Split d/p/pr12272.patch into multiple patchfiles to fix dpkg-source error when attempting to build a source package, due to pr12272.patch patching files multiple times within the same patch. (LP: #1927161) - d/p/lp-1927161-1-x86-Add-endbranch-to-indirect-branch-targets-fo.patch - d/p/lp-1927161-2-Use-swapcontext-for-Intel-CET.patch - d/p/lp-1927161-3-x86-Always-generate-note-gnu-property-section-f.patch - d/p/lp-1927161-4-x86_64-Always-generate-note-gnu-property-sectio.patch - d/p/lp-1927161-5-x86_64-Add-endbranch-at-function-entries-for-In.patch -- Simon Chopin Fri, 23 Jul 2021 14:32:42 +0200 ** Changed in: openssl (Ubuntu Hirsute) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1931994 Title: [Ubuntu 20.04] OpenSSL bugs in the s390x AES code Status in Ubuntu on IBM z Systems: Fix Committed Status in openssl package in Ubuntu: Fix Released Status in openssl source package in Bionic: Fix Committed Status in openssl source package in Focal: Fix Committed Status in openssl source package in Hirsute: Fix Released Status in openssl source package in Impish: Fix Released Bug description: Problem description: When passing a NULL key to reset AES EVC state, the state wouldn't be completely reset on s390x. https://github.com/openssl/openssl/pull/14900 Solution available here: https://github.com/openssl/openssl/commit/dc67210d909b5dd7a50f60a96f36f3f5a891b1c8 Should be applied to all distros where openssl 1.1.1 is included for consistency reason. -> 21.10, 20.04, 18.04. I think not needed for 16.04 anymore [Test plan] $ sudo apt install libssl-dev $ gcc test.c -o evc-test -lcrypto -lssl # See https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1931994/comments/2 for the test.c program $ ./evc-test && echo OK [Where problems could occur] This patch only touches s390x code paths, so there shouldn't be any regression on other architectures. However, on s390x this could reveal latent bugs by spreading a NULL key to new code paths. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1931994/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1931994] Re: [Ubuntu 20.04] OpenSSL bugs in the s390x AES code
Sorry for the late response, but was quite busy. Yes I always have some systems in place (@schopin you can always ping me per MM is s/t is needed). I just did the verifications for hirsute and focal and both are fine: ubuntu@h7:~$ arch && lsb_release -c s390x Codename: hirsute ubuntu@h7:~$ apt-cache policy openssl openssl: Installed: 1.1.1j-1ubuntu3.2 Candidate: 1.1.1j-1ubuntu3.2 Version table: *** 1.1.1j-1ubuntu3.2 500 500 http://us.ports.ubuntu.com/ubuntu-ports hirsute-proposed/main s390x Packages 100 /var/lib/dpkg/status 1.1.1j-1ubuntu3 500 500 http://ports.ubuntu.com/ubuntu-ports hirsute/main s390x Packages ubuntu@h7:~$ gcc test.c -o evc-test -lcrypto -lssl ubuntu@h7:~$ ./evc-test && echo OK OK ubuntu@h7:~$ ubuntu@s15:~$ arch && lsb_release -c s390x Codename: focal ubuntu@s15:~$ apt-cache policy openssl openssl: Installed: 1.1.1f-1ubuntu2.5 Candidate: 1.1.1f-1ubuntu2.5 Version table: *** 1.1.1f-1ubuntu2.5 500 500 http://us.ports.ubuntu.com/ubuntu-ports focal-proposed/main s390x Packages 500 http://ports.ubuntu.com/ubuntu-ports focal-proposed/main s390x Packages 100 /var/lib/dpkg/status 1.1.1f-1ubuntu2.4 500 500 http://ports.ubuntu.com/ubuntu-ports focal-updates/main s390x Packages 1.1.1f-1ubuntu2.3 500 500 http://ports.ubuntu.com/ubuntu-ports focal-security/main s390x Packages 1.1.1f-1ubuntu2 500 500 http://ports.ubuntu.com/ubuntu-ports focal/main s390x Packages ubuntu@s15:~$ gcc test.c -o evc-test -lcrypto -lssl ubuntu@s15:~$ ./evc-test && echo OK OK ubuntu@s15:~$ I'm updating the tags accordingly ... ** Tags removed: verification-needed verification-needed-focal verification-needed-hirsute ** Tags added: verification-done verification-done-focal verification-done-hirsute -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1931994 Title: [Ubuntu 20.04] OpenSSL bugs in the s390x AES code Status in Ubuntu on IBM z Systems: Fix Committed Status in openssl package in Ubuntu: Fix Released Status in openssl source package in Bionic: Fix Committed Status in openssl source package in Focal: Fix Committed Status in openssl source package in Hirsute: Fix Committed Status in openssl source package in Impish: Fix Released Bug description: Problem description: When passing a NULL key to reset AES EVC state, the state wouldn't be completely reset on s390x. https://github.com/openssl/openssl/pull/14900 Solution available here: https://github.com/openssl/openssl/commit/dc67210d909b5dd7a50f60a96f36f3f5a891b1c8 Should be applied to all distros where openssl 1.1.1 is included for consistency reason. -> 21.10, 20.04, 18.04. I think not needed for 16.04 anymore [Test plan] $ sudo apt install libssl-dev $ gcc test.c -o evc-test -lcrypto -lssl # See https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1931994/comments/2 for the test.c program $ ./evc-test && echo OK [Where problems could occur] This patch only touches s390x code paths, so there shouldn't be any regression on other architectures. However, on s390x this could reveal latent bugs by spreading a NULL key to new code paths. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1931994/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1931994] Re: [Ubuntu 20.04] OpenSSL bugs in the s390x AES code
This time properly tested and verified on bionic via juju/canonistack, where I sadly cannot boot any other version. The test fails properly there in the -updates version, and succeeds (without having to recompile) with the version in -proposed. In addition, I round-tripped a file through AES-256-CBC and AES-128-ECB for sanity-checking. ** Tags removed: verification-needed-bionic ** Tags added: verification-done-bionic -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1931994 Title: [Ubuntu 20.04] OpenSSL bugs in the s390x AES code Status in Ubuntu on IBM z Systems: Fix Committed Status in openssl package in Ubuntu: Fix Released Status in openssl source package in Bionic: Fix Committed Status in openssl source package in Focal: Fix Committed Status in openssl source package in Hirsute: Fix Committed Status in openssl source package in Impish: Fix Released Bug description: Problem description: When passing a NULL key to reset AES EVC state, the state wouldn't be completely reset on s390x. https://github.com/openssl/openssl/pull/14900 Solution available here: https://github.com/openssl/openssl/commit/dc67210d909b5dd7a50f60a96f36f3f5a891b1c8 Should be applied to all distros where openssl 1.1.1 is included for consistency reason. -> 21.10, 20.04, 18.04. I think not needed for 16.04 anymore [Test plan] $ sudo apt install libssl-dev $ gcc test.c -o evc-test -lcrypto -lssl # See https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1931994/comments/2 for the test.c program $ ./evc-test && echo OK [Where problems could occur] This patch only touches s390x code paths, so there shouldn't be any regression on other architectures. However, on s390x this could reveal latent bugs by spreading a NULL key to new code paths. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1931994/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1931994] Re: [Ubuntu 20.04] OpenSSL bugs in the s390x AES code
Verified on focal:
ubuntu@ubuntu:~$ dpkg-architecture --is s390x && [ "$(dpkg-query -W
-f='${Version}' libssl1.1)" = "1.1.1f-1ubuntu2.5" ] && gcc -o aes-test test.c
-lcrypto -lssl && ./aes-test && echo OK
OK
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1931994
Title:
[Ubuntu 20.04] OpenSSL bugs in the s390x AES code
Status in Ubuntu on IBM z Systems:
Fix Committed
Status in openssl package in Ubuntu:
Fix Released
Status in openssl source package in Bionic:
Fix Committed
Status in openssl source package in Focal:
Fix Committed
Status in openssl source package in Hirsute:
Fix Committed
Status in openssl source package in Impish:
Fix Released
Bug description:
Problem description:
When passing a NULL key to reset AES EVC state, the state wouldn't be
completely reset on s390x.
https://github.com/openssl/openssl/pull/14900
Solution available here:
https://github.com/openssl/openssl/commit/dc67210d909b5dd7a50f60a96f36f3f5a891b1c8
Should be applied to all distros where openssl 1.1.1 is included for
consistency reason.
-> 21.10, 20.04, 18.04.
I think not needed for 16.04 anymore
[Test plan]
$ sudo apt install libssl-dev
$ gcc test.c -o evc-test -lcrypto -lssl # See
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1931994/comments/2 for
the test.c program
$ ./evc-test && echo OK
[Where problems could occur]
This patch only touches s390x code paths, so there shouldn't be any
regression on other architectures. However, on s390x this could reveal
latent bugs by spreading a NULL key to new code paths.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1931994/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1931994] Re: [Ubuntu 20.04] OpenSSL bugs in the s390x AES code
I mean (for respective series): * Accomplish the steps in the Test Plan * Disclose the result in a comment here * Change the verification-needed- tag to verification-done- See comment #22 - #24. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1931994 Title: [Ubuntu 20.04] OpenSSL bugs in the s390x AES code Status in Ubuntu on IBM z Systems: Fix Committed Status in openssl package in Ubuntu: Fix Released Status in openssl source package in Bionic: Fix Committed Status in openssl source package in Focal: Fix Committed Status in openssl source package in Hirsute: Fix Committed Status in openssl source package in Impish: Fix Released Bug description: Problem description: When passing a NULL key to reset AES EVC state, the state wouldn't be completely reset on s390x. https://github.com/openssl/openssl/pull/14900 Solution available here: https://github.com/openssl/openssl/commit/dc67210d909b5dd7a50f60a96f36f3f5a891b1c8 Should be applied to all distros where openssl 1.1.1 is included for consistency reason. -> 21.10, 20.04, 18.04. I think not needed for 16.04 anymore [Test plan] $ sudo apt install libssl-dev $ gcc test.c -o evc-test -lcrypto -lssl # See https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1931994/comments/2 for the test.c program $ ./evc-test && echo OK [Where problems could occur] This patch only touches s390x code paths, so there shouldn't be any regression on other architectures. However, on s390x this could reveal latent bugs by spreading a NULL key to new code paths. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1931994/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1931994] Re: [Ubuntu 20.04] OpenSSL bugs in the s390x AES code
what do you mean by "verified"? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1931994 Title: [Ubuntu 20.04] OpenSSL bugs in the s390x AES code Status in Ubuntu on IBM z Systems: Fix Committed Status in openssl package in Ubuntu: Fix Released Status in openssl source package in Bionic: Fix Committed Status in openssl source package in Focal: Fix Committed Status in openssl source package in Hirsute: Fix Committed Status in openssl source package in Impish: Fix Released Bug description: Problem description: When passing a NULL key to reset AES EVC state, the state wouldn't be completely reset on s390x. https://github.com/openssl/openssl/pull/14900 Solution available here: https://github.com/openssl/openssl/commit/dc67210d909b5dd7a50f60a96f36f3f5a891b1c8 Should be applied to all distros where openssl 1.1.1 is included for consistency reason. -> 21.10, 20.04, 18.04. I think not needed for 16.04 anymore [Test plan] $ sudo apt install libssl-dev $ gcc test.c -o evc-test -lcrypto -lssl # See https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1931994/comments/2 for the test.c program $ ./evc-test && echo OK [Where problems could occur] This patch only touches s390x code paths, so there shouldn't be any regression on other architectures. However, on s390x this could reveal latent bugs by spreading a NULL key to new code paths. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1931994/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1931994] Re: [Ubuntu 20.04] OpenSSL bugs in the s390x AES code
@Simon: You know that the packages in respective -proposed pocket need to be verified too, right? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1931994 Title: [Ubuntu 20.04] OpenSSL bugs in the s390x AES code Status in Ubuntu on IBM z Systems: Fix Committed Status in openssl package in Ubuntu: Fix Released Status in openssl source package in Bionic: Fix Committed Status in openssl source package in Focal: Fix Committed Status in openssl source package in Hirsute: Fix Committed Status in openssl source package in Impish: Fix Released Bug description: Problem description: When passing a NULL key to reset AES EVC state, the state wouldn't be completely reset on s390x. https://github.com/openssl/openssl/pull/14900 Solution available here: https://github.com/openssl/openssl/commit/dc67210d909b5dd7a50f60a96f36f3f5a891b1c8 Should be applied to all distros where openssl 1.1.1 is included for consistency reason. -> 21.10, 20.04, 18.04. I think not needed for 16.04 anymore [Test plan] $ sudo apt install libssl-dev $ gcc test.c -o evc-test -lcrypto -lssl # See https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1931994/comments/2 for the test.c program $ ./evc-test && echo OK [Where problems could occur] This patch only touches s390x code paths, so there shouldn't be any regression on other architectures. However, on s390x this could reveal latent bugs by spreading a NULL key to new code paths. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1931994/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1931994] Re: [Ubuntu 20.04] OpenSSL bugs in the s390x AES code
For hirsute, all but two were flaky that turned green on rerun. The other ones will necessitate hints : https://code.launchpad.net/~schopin/britney/+git/hints-ubuntu/+merge/406595 https://code.launchpad.net/~schopin/britney/+git/hints-ubuntu/+merge/406596 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1931994 Title: [Ubuntu 20.04] OpenSSL bugs in the s390x AES code Status in Ubuntu on IBM z Systems: Fix Committed Status in openssl package in Ubuntu: Fix Released Status in openssl source package in Bionic: Fix Committed Status in openssl source package in Focal: Fix Committed Status in openssl source package in Hirsute: Fix Committed Status in openssl source package in Impish: Fix Released Bug description: Problem description: When passing a NULL key to reset AES EVC state, the state wouldn't be completely reset on s390x. https://github.com/openssl/openssl/pull/14900 Solution available here: https://github.com/openssl/openssl/commit/dc67210d909b5dd7a50f60a96f36f3f5a891b1c8 Should be applied to all distros where openssl 1.1.1 is included for consistency reason. -> 21.10, 20.04, 18.04. I think not needed for 16.04 anymore [Test plan] $ sudo apt install libssl-dev $ gcc test.c -o evc-test -lcrypto -lssl # See https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1931994/comments/2 for the test.c program $ ./evc-test && echo OK [Where problems could occur] This patch only touches s390x code paths, so there shouldn't be any regression on other architectures. However, on s390x this could reveal latent bugs by spreading a NULL key to new code paths. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1931994/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1931994] Re: [Ubuntu 20.04] OpenSSL bugs in the s390x AES code
For the focal migration, I have asked for the following britney hints: https://code.launchpad.net/~schopin/britney/+git/hints-ubuntu/+merge/406594 https://code.launchpad.net/~schopin/britney/+git/hints-ubuntu/+merge/406593 The other tests seem to be flaky. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1931994 Title: [Ubuntu 20.04] OpenSSL bugs in the s390x AES code Status in Ubuntu on IBM z Systems: Fix Committed Status in openssl package in Ubuntu: Fix Released Status in openssl source package in Bionic: Fix Committed Status in openssl source package in Focal: Fix Committed Status in openssl source package in Hirsute: Fix Committed Status in openssl source package in Impish: Fix Released Bug description: Problem description: When passing a NULL key to reset AES EVC state, the state wouldn't be completely reset on s390x. https://github.com/openssl/openssl/pull/14900 Solution available here: https://github.com/openssl/openssl/commit/dc67210d909b5dd7a50f60a96f36f3f5a891b1c8 Should be applied to all distros where openssl 1.1.1 is included for consistency reason. -> 21.10, 20.04, 18.04. I think not needed for 16.04 anymore [Test plan] $ sudo apt install libssl-dev $ gcc test.c -o evc-test -lcrypto -lssl # See https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1931994/comments/2 for the test.c program $ ./evc-test && echo OK [Where problems could occur] This patch only touches s390x code paths, so there shouldn't be any regression on other architectures. However, on s390x this could reveal latent bugs by spreading a NULL key to new code paths. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1931994/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1931994] Re: [Ubuntu 20.04] OpenSSL bugs in the s390x AES code
** Changed in: ubuntu-z-systems Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1931994 Title: [Ubuntu 20.04] OpenSSL bugs in the s390x AES code Status in Ubuntu on IBM z Systems: Fix Committed Status in openssl package in Ubuntu: Fix Released Status in openssl source package in Bionic: Fix Committed Status in openssl source package in Focal: Fix Committed Status in openssl source package in Hirsute: Fix Committed Status in openssl source package in Impish: Fix Released Bug description: Problem description: When passing a NULL key to reset AES EVC state, the state wouldn't be completely reset on s390x. https://github.com/openssl/openssl/pull/14900 Solution available here: https://github.com/openssl/openssl/commit/dc67210d909b5dd7a50f60a96f36f3f5a891b1c8 Should be applied to all distros where openssl 1.1.1 is included for consistency reason. -> 21.10, 20.04, 18.04. I think not needed for 16.04 anymore [Test plan] $ sudo apt install libssl-dev $ gcc test.c -o evc-test -lcrypto -lssl # See https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1931994/comments/2 for the test.c program $ ./evc-test && echo OK [Where problems could occur] This patch only touches s390x code paths, so there shouldn't be any regression on other architectures. However, on s390x this could reveal latent bugs by spreading a NULL key to new code paths. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1931994/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1931994] Re: [Ubuntu 20.04] OpenSSL bugs in the s390x AES code
Hello bugproxy, or anyone else affected, Accepted openssl into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/openssl/1.1.1-1ubuntu2.1~18.04.10 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-bionic. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: openssl (Ubuntu Bionic) Status: In Progress => Fix Committed ** Tags added: verification-needed-bionic -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1931994 Title: [Ubuntu 20.04] OpenSSL bugs in the s390x AES code Status in Ubuntu on IBM z Systems: In Progress Status in openssl package in Ubuntu: Fix Released Status in openssl source package in Bionic: Fix Committed Status in openssl source package in Focal: Fix Committed Status in openssl source package in Hirsute: Fix Committed Status in openssl source package in Impish: Fix Released Bug description: Problem description: When passing a NULL key to reset AES EVC state, the state wouldn't be completely reset on s390x. https://github.com/openssl/openssl/pull/14900 Solution available here: https://github.com/openssl/openssl/commit/dc67210d909b5dd7a50f60a96f36f3f5a891b1c8 Should be applied to all distros where openssl 1.1.1 is included for consistency reason. -> 21.10, 20.04, 18.04. I think not needed for 16.04 anymore [Test plan] $ sudo apt install libssl-dev $ gcc test.c -o evc-test -lcrypto -lssl # See https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1931994/comments/2 for the test.c program $ ./evc-test && echo OK [Where problems could occur] This patch only touches s390x code paths, so there shouldn't be any regression on other architectures. However, on s390x this could reveal latent bugs by spreading a NULL key to new code paths. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1931994/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1931994] Re: [Ubuntu 20.04] OpenSSL bugs in the s390x AES code
Hello bugproxy, or anyone else affected, Accepted openssl into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/openssl/1.1.1f-1ubuntu2.5 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-focal. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: openssl (Ubuntu Focal) Status: In Progress => Fix Committed ** Tags added: verification-needed-focal -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1931994 Title: [Ubuntu 20.04] OpenSSL bugs in the s390x AES code Status in Ubuntu on IBM z Systems: In Progress Status in openssl package in Ubuntu: Fix Released Status in openssl source package in Bionic: In Progress Status in openssl source package in Focal: Fix Committed Status in openssl source package in Hirsute: Fix Committed Status in openssl source package in Impish: Fix Released Bug description: Problem description: When passing a NULL key to reset AES EVC state, the state wouldn't be completely reset on s390x. https://github.com/openssl/openssl/pull/14900 Solution available here: https://github.com/openssl/openssl/commit/dc67210d909b5dd7a50f60a96f36f3f5a891b1c8 Should be applied to all distros where openssl 1.1.1 is included for consistency reason. -> 21.10, 20.04, 18.04. I think not needed for 16.04 anymore [Test plan] $ sudo apt install libssl-dev $ gcc test.c -o evc-test -lcrypto -lssl # See https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1931994/comments/2 for the test.c program $ ./evc-test && echo OK [Where problems could occur] This patch only touches s390x code paths, so there shouldn't be any regression on other architectures. However, on s390x this could reveal latent bugs by spreading a NULL key to new code paths. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1931994/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1931994] Re: [Ubuntu 20.04] OpenSSL bugs in the s390x AES code
Hello bugproxy, or anyone else affected, Accepted openssl into hirsute-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/openssl/1.1.1j-1ubuntu3.2 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- hirsute to verification-done-hirsute. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-hirsute. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Summary changed: - [Ubuntu 20.04] OpenSSL bugs im s390x AES code + [Ubuntu 20.04] OpenSSL bugs in the s390x AES code ** Changed in: openssl (Ubuntu Hirsute) Status: In Progress => Fix Committed ** Tags added: verification-needed verification-needed-hirsute -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1931994 Title: [Ubuntu 20.04] OpenSSL bugs in the s390x AES code Status in Ubuntu on IBM z Systems: In Progress Status in openssl package in Ubuntu: Fix Released Status in openssl source package in Bionic: In Progress Status in openssl source package in Focal: In Progress Status in openssl source package in Hirsute: Fix Committed Status in openssl source package in Impish: Fix Released Bug description: Problem description: When passing a NULL key to reset AES EVC state, the state wouldn't be completely reset on s390x. https://github.com/openssl/openssl/pull/14900 Solution available here: https://github.com/openssl/openssl/commit/dc67210d909b5dd7a50f60a96f36f3f5a891b1c8 Should be applied to all distros where openssl 1.1.1 is included for consistency reason. -> 21.10, 20.04, 18.04. I think not needed for 16.04 anymore [Test plan] $ sudo apt install libssl-dev $ gcc test.c -o evc-test -lcrypto -lssl # See https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1931994/comments/2 for the test.c program $ ./evc-test && echo OK [Where problems could occur] This patch only touches s390x code paths, so there shouldn't be any regression on other architectures. However, on s390x this could reveal latent bugs by spreading a NULL key to new code paths. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1931994/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
