Ubuntu
openssl-pkcs11-sign-provider package

[24.04 FEAT] [SEC2327] openssl-pkcs11-sign-provider: fork support

Bug #2050015 reported by bugproxy
18
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Ubuntu on IBM z Systems
Fix Released
High
Skipper Bug Screeners
openssl-pkcs11-sign-provider (Ubuntu)
Fix Released
Undecided
Alexandre Erwin Ittner

Bug Description

The openssl-pkcs11-sign provider must not be used by programs that issue a fork, because PKCS #11 requires to run a separate C_Initialize() for each process.
This feature extends the openssl-pkcs11 provider such that it can be used by programs that issue forks.

bugproxy (bugproxy)
tags: added: architecture-s39064 bugnameltc-204742 severity-high targetmilestone-inin2404
Changed in ubuntu:
assignee: nobody → Skipper Bug Screeners (skipper-screen-team)
affects: ubuntu → linux (Ubuntu)
Frank Heimes (fheimes)
affects: linux (Ubuntu) → openssl-pkcs11-sign-provider (Ubuntu)
Changed in ubuntu-z-systems:
assignee: nobody → Skipper Bug Screeners (skipper-screen-team)
Changed in openssl-pkcs11-sign-provider (Ubuntu):
assignee: Skipper Bug Screeners (skipper-screen-team) → nobody
Changed in ubuntu-z-systems:
importance: Undecided → High
status: New → Triaged
Changed in openssl-pkcs11-sign-provider (Ubuntu):
status: New → Triaged
Revision history for this message
bugproxy (bugproxy) wrote : Comment bridged from LTC Bugzilla

------- Comment From <email address hidden> 2024-02-15 09:16 EDT-------
Thanks Holger for your work and for providing the corresponding detailed information:
The openssl-pkcs11-sign-provider has been released with version 1.0.1, which (amongst others) contains the fork support.

commit: 0af8d26dcad1beae2277f9a54caa3ed6f1fde22a
tag: v1.0.1

The release on github provides the source tarballs [1], as well as the GPG signatures.

[1] https://github.com/opencryptoki/openssl-pkcs11-sign-provider/releases/tag/v1.0.1

Frank Heimes (fheimes)
Changed in openssl-pkcs11-sign-provider (Ubuntu):
assignee: nobody → Alexandre Erwin Ittner (aittner)
information type: Private → Public
Revision history for this message
Alexandre Erwin Ittner (aittner) wrote :

Updating package to the latest upstream release (1.0.1). Debdiff attached.

Changed in openssl-pkcs11-sign-provider (Ubuntu):
status: Triaged → In Progress
Revision history for this message
Alexandre Erwin Ittner (aittner) wrote :

New debdiff: also update package description, removing reference to the package being a proof-of-concept and replacing "repository" with "package".

Frank Heimes (fheimes)
Changed in ubuntu-z-systems:
status: Triaged → In Progress
Revision history for this message
Frank Heimes (fheimes) wrote :

Thank you Alexandre for the work on this package update!

Review chacklist:
- changelog looks good:
  - with correct version string
  - correct code-name
  - referencing the LP bug number (in the correct format)
  - and all changes are mentioned
- maintainer field is ok
- no (old) patches (at all) to care about, no new ones
- debdiff looks reasonable
- no rdeps
- lintian (-EvIL -pedantic) on src pkg with zero output
- successfully test builds:
  https://launchpad.net/~fheimes/+archive/ubuntu/lp2050015
- build log looks good, no issues (just one warning)
- lintian (-EvIL -pedantic) on binary DEBs without any error or warning
- sanity checks are fine, install and upgrade tests tests are fine too
- LP bug is public
Looks all pretty good, well done.

I just simplified the d/watch file and adjusted d/copyright (to make it fit to the new release) - and added both to the changelog.

To me it looks like it is ready to be sponsored...

Revision history for this message
Frank Heimes (fheimes) wrote :

Uploaded (and upload accepted).

Thanks for your contribution, Alexandre !

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssl-pkcs11-sign-provider - 1.0.1-0ubuntu1

---------------
openssl-pkcs11-sign-provider (1.0.1-0ubuntu1) noble; urgency=medium

  * New upstream release.
    - Solves 'support for programs calling fork()', LP: #2050015.
    - d/control: Update description.
    - d/docs: Replace README to README.md.
    - Update and simplify d/watch.
    - Update d/copyright and adjust it to the new release.

 -- Frank Heimes <email address hidden> Fri, 16 Feb 2024 14:07:41 +0100

Changed in openssl-pkcs11-sign-provider (Ubuntu):
status: In Progress → Fix Released
Frank Heimes (fheimes)
Changed in ubuntu-z-systems:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.