[Bug 1921518] Re: OpenSSL "double free" error

Mon Aug 23 18:40:30 UTC 2021

@vladimir sokolovsky

Note, that the proposed PPA is built for all architectures, and all
configurations of the packages in questions as used in Ubuntu. Meaning,
they are all compiled in multiple configurations, which are mutually
incompatible. To ensure one installs the upgraded packages suitable for
ones own system, one should not download all/any/individual debs from
the archive, but instead one should only download and upgrade the
packages that are already present on ones own system only.

For example, your comments indicate that incompatible packages were
downloaded and attempted to be forcefully installed, breaking your
system.

Please revert the system to stock configurate.

Enable the ppa as mentioned in https://launchpad.net/~ci-train-ppa-
service/+archive/ubuntu/4654 "Adding this PPA to your system" I.e.
specifically `sudo add-apt-repository ppa:ci-train-ppa-service/4654`
followed by `sudo apt update; sudo apt full-upgrade`

This should only install relevant packages for your system from the
proposed ppa, specifically things like "libssl1.1 openssl cur libcurl4"
in the deb format for the arm64 server architecture only.

Do not install any packages that have udeb in the name, they are not
used on servers and have incompatible configuration.

The above is preferred.

If you do not have direct access to launchpad PPA on your system under
test, you can use pull-pkg utility from ubuntu-dev-tools to download
packages you require, but then you must be extra careful to upgrade only
the matching set of packages. For example

$ pull-pkg -D ppa --ppa ci-train-ppa-service/4654 --arch arm64 --pull debs openssl focal
$ pull-pkg -D ppa --ppa ci-train-ppa-service/4654 --arch arm64 --pull debs curl focal

Transfer the debs to your system under test.
Check packages that are already installed, and upgrade only the ones that are already on your system.
I.e.
$ dpkg -l | grep -e 7.68.0 -e 1.1.1f
$ sudo apt install ./curl_*.deb ./libssl1.1_*.deb ./openssl_*.deb ./libcurl4_*.deb

If needed, you can also use pull-pkg tool to download debug symbols
packages to assist in debugging. And again only install debug symbols
packages for the libraries and packages already present on your system;
as again there are debug symbols provided for all configurations, which
are incompatible with each other and cannot be all installed
simultaneously.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1921518

Title:
  OpenSSL "double free" error

Status in openssl package in Ubuntu:
  Incomplete
Status in openssl source package in Focal:
  Incomplete

Bug description:
  "double free" error is seen when using curl utility. Error is from
  libcrypto.so which is part of the OpenSSL package. This happens only
  when OpenSSL is configured to use a dynamic engine.

  OpenSSL version is 1.1.1f

  The issue is not encountered if
  http://www.openssl.org/source/openssl-1.1.1f.tar.gz is used instead.

  OpenSSL can be configured to use a dynamic engine by editing the default openssl config file which is located at '/etc/ssl/openssl.cnf' on Ubuntu systems.

  On Bluefield systems, config diff to enable PKA dynamic engine, is as
  below:

  +openssl_conf = conf_section
  +
   # Extra OBJECT IDENTIFIER info:
   #oid_file              = $ENV::HOME/.oid
   oid_section            = new_oids

  +[ conf_section ]
  +engines = engine_section
  +
  +[ engine_section ]
  +bf = bf_section
  +
  +[ bf_section ]
  +engine_id=pka
  +dynamic_path=/usr/lib/aarch64-linux-gnu/engines-1.1/pka.so
  +init=0
  +

  engine_id above refers to dynamic engine name/identifier.
  dynamic_path points to the .so file for the dynamic engine.

  # curl -O https://tpo.pe/pathogen.vim

  double free or corruption (out)

  Aborted (core dumped)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1921518/+subscriptions