[Bug 1974037] Re: openssl: EVP_EC_gen() segfault without init

Simon Chopin 1974037 at bugs.launchpad.net
Tue May 24 16:48:23 UTC 2022 

Attached is a debdiff for the Jammy changes. I'm still working on
Kinetic as this will be folded into the merge, but I still need to do
some more work as some new patches have surfaced upstream since then, as
well as a new Debian revision. I feel the Jammy SRU should still move
forward.

Note that the patchset is consequent as upstream has changed their
approach to the issue a couple of times, now settling into
reimplementing the string comparison functions entirely rather than
relying on a C locale. This last approach has the benefit of not
requiring initialization, which seems to have been the cause of all the
regressions observed so far with the first solution.

The patches for that last approach haven't made their way to Debian yet,
AFAICT.

** Patch added: "openssl.debdiff"
   https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1974037/+attachment/5592652/+files/openssl.debdiff

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1974037

Title:
  openssl: EVP_EC_gen() segfault without init

Status in openssl package in Ubuntu:
  In Progress
Status in openssl source package in Jammy:
  Confirmed
Status in openssl source package in Kinetic:
  In Progress
Status in openssl package in Debian:
  Fix Released

Bug description:
  Imported from Debian bug http://bugs.debian.org/1010958:

  Source: sscg
  Version: 3.0.2-1
  Severity: serious
  Tags: ftbfs

  https://buildd.debian.org/status/logs.php?pkg=sscg&ver=3.0.2-1%2Bb1

  ...
   1/10 generate_rsa_key_test FAIL              0.01s   killed by signal 11 SIGSEGV
  04:32:21 MALLOC_PERTURB_=87 /<<PKGBUILDDIR>>/obj-x86_64-linux-gnu/generate_rsa_key_test
  ...

  Summary of Failures:

   1/10 generate_rsa_key_test FAIL              0.01s   killed by signal
  11 SIGSEGV

  Ok:                 9
  Expected Fail:      0
  Fail:               1
  Unexpected Pass:    0
  Skipped:            0
  Timeout:            0
  dh_auto_test: error: cd obj-x86_64-linux-gnu && LC_ALL=C.UTF-8 MESON_TESTTHREADS=4 ninja test returned exit code 1
  make: *** [debian/rules:6: binary-arch] Error 25

  This has also been reported on the openssl-users mailing list:

  https://www.mail-archive.com/openssl-users@openssl.org/msg90830.html

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1974037/+subscriptions

More information about the foundations-bugs mailing list