[Bug 2119094] Re: Segmentation fault crash on Ubuntu 24.04 with osslsigncode
Bryce Harrington
2119094 at bugs.launchpad.net
Mon Aug 4 23:34:29 UTC 2025
Where does libkmsp11-1.7-linux-amd64/libkmsp11.so come from? I see a
mention of it at this SO link, which sounds like it is a (proprietary?)
third party module:
https://stackoverflow.com/questions/79720915/install4j-v8-pkcs11-code-
signing-with-google-cloud-kms-libkmsp11-so-certifi
Presumably any generic self-signed cert.crt can be used, and that
test.exe is just a random workload?
In any case, the upstream patch looks simple, it just switches on an
established workaround quirk to also take effect for OpenSSL 3.0.13
(0x300000d0L), which is what we carry in noble. From the patch it
sounds like this crash (or at least the fix) doesn't apply for any other
Ubuntu releases. (It would be nice to verify this, though.)
** Tags added: server-todo
** Changed in: libp11 (Ubuntu)
Status: New => Triaged
** Also affects: libp11 (Ubuntu Noble)
Importance: Undecided
Status: New
** Also affects: osslsigncode (Ubuntu Noble)
Importance: Undecided
Status: New
** Also affects: libp11 (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: osslsigncode (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: libp11 (Ubuntu Plucky)
Importance: Undecided
Status: New
** Also affects: osslsigncode (Ubuntu Plucky)
Importance: Undecided
Status: New
** Also affects: libp11 (Ubuntu Questing)
Importance: Undecided
Status: Triaged
** Also affects: osslsigncode (Ubuntu Questing)
Importance: Undecided
Status: New
** No longer affects: osslsigncode (Ubuntu Questing)
** No longer affects: osslsigncode (Ubuntu Plucky)
** No longer affects: osslsigncode (Ubuntu Jammy)
** Changed in: libp11 (Ubuntu Questing)
Status: Triaged => Fix Released
** Changed in: libp11 (Ubuntu Plucky)
Status: New => Fix Released
** Changed in: libp11 (Ubuntu Jammy)
Status: New => Fix Released
** Changed in: libp11 (Ubuntu Noble)
Status: New => Triaged
** Bug watch added: github.com/mtrojnar/osslsigncode/issues #388
https://github.com/mtrojnar/osslsigncode/issues/388
** Also affects: libp11 via
https://github.com/mtrojnar/osslsigncode/issues/388
Importance: Unknown
Status: Unknown
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to libp11 in Ubuntu.
https://bugs.launchpad.net/bugs/2119094
Title:
Segmentation fault crash on Ubuntu 24.04 with osslsigncode
Status in libp11:
Unknown
Status in libp11 package in Ubuntu:
Fix Released
Status in osslsigncode package in Ubuntu:
New
Status in libp11 source package in Jammy:
Fix Released
Status in libp11 source package in Noble:
Triaged
Status in osslsigncode source package in Noble:
New
Status in libp11 source package in Plucky:
Fix Released
Status in libp11 source package in Questing:
Fix Released
Bug description:
osslsigncode is crashing for me when used with libengine-
pkcs11-openssl on Ubuntu 24.04, e.g. with Google Cloud KMS PKCS#11
provider:
```
osslsigncode sign \
-pkcs11engine /usr/lib/x86_64-linux-gnu/engines-3/pkcs11.so \
-pkcs11module $PWD/libkmsp11-1.7-linux-amd64/libkmsp11.so \
-certs cert.crt -key 'pkcs11:object=some-key' -h sha256 \
-t http://timestamp.digicert.com \
-in test.exe -out test-signed.exe
```
I think this is the following issue and fix:
* https://github.com/mtrojnar/osslsigncode/issues/388
* https://github.com/OpenSC/libp11/pull/554
Which should be considered for back porting or updating libp11 as this
is a crash bug that prevents this usage of osslsigncode with no
workaround.
To manage notifications about this bug go to:
https://bugs.launchpad.net/libp11/+bug/2119094/+subscriptions
More information about the foundations-bugs
mailing list