[Bug 2137464] Re: crypto/ec/asm/ecp_nistp521-ppc64.pl output regex failure
Launchpad Bug Tracker
2137464 at bugs.launchpad.net
Sun Mar 8 04:57:17 UTC 2026
This bug was fixed in the package openssl - 3.5.5-1ubuntu1
---------------
openssl (3.5.5-1ubuntu1) resolute; urgency=medium
[ Eric Berry ]
* Enable CPU jitter fluctuations
* Detect FIPS jitterentropy mode and load jitterentropy enabled FIPS
provider (LP: #2141941)
[ Ravi Kant Sharma ]
* Merge with Debian unstable (LP: #2141708). Remaining changes:
- d/p/regex_match_ecp_nistp521-ppc64.patch
- Use perl:native in the autopkgtest for installability on i386.
- Symlink copyright/changelog.Debian.gz in libssl3* to libssl-dev/openssl
- Disable LTO with which the codebase is generally incompatible
(LP #2058017)
- Default config reads crypto-config and /etc/ssl/openssl.cnf.d dropins
- Don't enable or package anything FIPS (LP #2087955)
- Match last filename for output in ecp_nistp521-ppc64.pl (LP #2137464)
- Enable CPU jitter fluctuations
- fips patches (debian/patches/fips):
- crypto: Add kernel FIPS mode detection
- crypto: Automatically use the FIPS provider...
- apps/speed: Omit unavailable algorithms in FIPS mode
- apps: pass -propquery arg to the libctx DRBG fetches
- test: Ensure encoding runs with the correct context...
- Add Ubuntu-specific defines to help FIPS certification (LP #2073991)
+ UBUNTU_OSSL_SELF_TEST_DESC_PCT_DH
+ UBUNTU_OSSL_PROV_FIPS_PARAM_UNAPPROVED_USAGE
- Detect FIPS jitterentropy mode and load jitterentropy enabled FIPS
provider
* Refreshed patches
- fips/test-Ensure-encoding-runs-with-the-correct-context-during.patch
- fips/two-defines-for-fips-in-libssl-dev-headers.patch
- fips/crypto-Automatically-use-the-FIPS-provider-when-the-kerne.patch
openssl (3.5.5-1) unstable; urgency=medium
* Import 3.5.5
- CVE-2025-11187 (Improper validation of PBMAC1 parameters in PKCS#12 MAC
verification)
- CVE-2025-15467 (Stack buffer overflow in CMS AuthEnvelopedData parsing)
- CVE-2025-15468 (NULL dereference in SSL_CIPHER_find() function on unknown
cipher ID)
- CVE-2025-15469 ("openssl dgst" one-shot codepath silently truncates inputs
>16MB)
- CVE-2025-66199 (TLS 1.3 CompressedCertificate excessive memory allocation)
- CVE-2025-68160 (Heap out-of-bounds write in BIO_f_linebuffer on short
writes)
- CVE-2025-69418 (Unauthenticated/unencrypted trailing bytes with low-level
OCB function calls)
- CVE-2025-69419 (Out of bounds write in PKCS12_get_friendlyname() UTF-8
conversion)
- CVE-2025-69420 (Missing ASN1_TYPE validation in TS_RESP_verify_response()
function)
- CVE-2025-69421 (NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex
function)
- CVE-2026-22795 (Missing ASN1_TYPE validation in PKCS#12 parsing)
- CVE-2026-22796 (ASN1_TYPE Type Confusion in the
- PKCS7_digest_from_attributes() function)
openssl (3.5.4-1ubuntu1) resolute; urgency=medium
* Match last filename for output in ecp_nistp521-ppc64.pl (LP: #2137464)
- d/p/regex_match_ecp_nistp521-ppc64.patch
* Drop patches, merged upstream
- d/p/CVE-2025-9230.patch
- d/p/CVE-2025-9231-1.patch
- d/p/CVE-2025-9231-2.patch
- d/p/CVE-2025-9232.patch
* Merge with Debian unstable (LP: #2133492). Remaining changes:
- Use perl:native in the autopkgtest for installability on i386.
- Symlink copyright/changelog.Debian.gz in libssl3* to libssl-dev/openssl
- Disable LTO with which the codebase is generally incompatible (LP #2058017)
- Default config reads crypto-config and /etc/ssl/openssl.cnf.d dropins
- Don't enable or package anything FIPS (LP #2087955)
- Match last filename for output in ecp_nistp521-ppc64.pl (LP #2137464)
- fips patches (debian/patches/fips):
- crypto: Add kernel FIPS mode detection
- crypto: Automatically use the FIPS provider...
- apps/speed: Omit unavailable algorithms in FIPS mode
- apps: pass -propquery arg to the libctx DRBG fetches
- test: Ensure encoding runs with the correct context...
- Add Ubuntu-specific defines to help FIPS certification (LP #2073991)
+ UBUNTU_OSSL_SELF_TEST_DESC_PCT_DH
+ UBUNTU_OSSL_PROV_FIPS_PARAM_UNAPPROVED_USAGE
openssl (3.5.4-1) unstable; urgency=medium
* Import 3.5.4
- CVE-2025-9230 (Out-of-bounds read & write in RFC 3211 KEK Unwrap)
- CVE-2025-9231 (Timing side-channel in SM2 algorithm on 64 bit ARM)
- CVE-2025-9232 (Out-of-bounds read in HTTP client no_proxy handling)
-- Ravi Kant Sharma <ravi.kant.sharma at canonical.com> Sun, 15 Feb 2026
14:56:21 +0100
** Changed in: openssl (Ubuntu)
Status: Fix Committed => Fix Released
** CVE added: https://cve.org/CVERecord?id=CVE-2025-11187
** CVE added: https://cve.org/CVERecord?id=CVE-2025-15467
** CVE added: https://cve.org/CVERecord?id=CVE-2025-15468
** CVE added: https://cve.org/CVERecord?id=CVE-2025-15469
** CVE added: https://cve.org/CVERecord?id=CVE-2025-66199
** CVE added: https://cve.org/CVERecord?id=CVE-2025-68160
** CVE added: https://cve.org/CVERecord?id=CVE-2025-69418
** CVE added: https://cve.org/CVERecord?id=CVE-2025-69419
** CVE added: https://cve.org/CVERecord?id=CVE-2025-69420
** CVE added: https://cve.org/CVERecord?id=CVE-2025-69421
** CVE added: https://cve.org/CVERecord?id=CVE-2025-9230
** CVE added: https://cve.org/CVERecord?id=CVE-2025-9231
** CVE added: https://cve.org/CVERecord?id=CVE-2025-9232
** CVE added: https://cve.org/CVERecord?id=CVE-2026-22795
** CVE added: https://cve.org/CVERecord?id=CVE-2026-22796
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/2137464
Title:
crypto/ec/asm/ecp_nistp521-ppc64.pl output regex failure
Status in openssl package in Ubuntu:
Fix Released
Status in openssl source package in Jammy:
New
Status in openssl source package in Noble:
New
Status in openssl source package in Questing:
New
Bug description:
I have a scenario where the ecp_nistp521-ppc64.pl matches the
incorrect param for output instead of crypto/ec/ecp_nistp521-ppc64.s
Here is the build log on Ubuntu 24.04.
CC="gcc" /usr/bin/perl ../crypto/ec/asm/ecp_nistp521-ppc64.pl
"linux64le" -I. -Iinclude -Iproviders/common/include
-Iproviders/implementations/include -I.. -I../include
-I../providers/common/include -I../providers/implementations/include
-fPIC -pthread -m64 -Wa,--noexecstack -Wall -fzero-call-used-
regs=used-gpr -DOPENSSL_TLS_SECURITY_LEVEL=2 -Wa,--noexecstack -g -O3
-ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat
-Werror=format-security -fno-stack-clash-protection -fdebug-prefix-
map=/<<PKGBUILDDIR>>=/usr/src/openssl-3.0.13-0ubuntu3.7
-DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC
-DOPENSSLDIR="\"/usr/lib/ssl\"" -DENGINESDIR="\"/usr/lib/powerpc64le-
linux-gnu/engines-3\"" -DMODULESDIR="\"/usr/lib/powerpc64le-linux-
gnu/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -DNDEBUG -Wdate-time
-D_FORTIFY_SOURCE=3 -DAES_ASM -DECP_NISTP521_ASM -DECP_NISTZ256_ASM
-DKECCAK1600_ASM -DOPENSSL_BN_ASM_MONT -DOPENSSL_CPUID_OBJ
-DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM
-DX25519_ASM crypto/ec/ecp_nistp521-ppc64.s
It matches -fdebug-prefix-
map=/<<PKGBUILDDIR>>=/usr/src/openssl-3.0.13-0ubuntu3.7
This leads to ecp_nistp521-ppc64.pl writing output to STDOUT instead
of the file crypto/ec/ecp_nistp521-ppc64.s . The missing .s file leads
to gcc erroring out and build failure.
This does not happen on Questing and Resolute because the regex does
not match the openssl version release, it will fail once we have an
SRU.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2137464/+subscriptions
More information about the foundations-bugs
mailing list