openssl 1.1.1-1ubuntu2.1~18.04.1 contains upstream bug 7350
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenSSL |
Fix Released
|
Unknown
|
|||
openssl (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Undecided
|
Unassigned | ||
Cosmic |
Won't Fix
|
Undecided
|
Unassigned | ||
Disco |
Fix Released
|
Undecided
|
Unassigned | ||
Eoan |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[Impact]
* Regression was introduced in OpenSSL 1.1.1 and fixed in 1.1.1b that prevents initialising libcrypto/libssl multiple times, and/or with different options.
* This breaks existing applications that correctly use init API, ie. initialise libcrypto before/separately from libssl and/or with different options.
[Test Case]
* python3 ./test_
test_multiple_init (__main_
-------
Ran 1 test in 0.014s
OK
[Regression Potential]
* This is a cherrypick from upstream, and is backwards compatible with existing code. Simply init succeeds under more conditions now, than it did previously in 1.1.1. Also with this fix, OpenSSL is back to how things used to work with 1.1.0 and prior releases.
[Original Bug report]
After the update of openssl in bionic, I started having an issue and after troubleshooting found this issue:
https:/
Applying the patch linked in that issue and rebuilding the openssl package avoided the issue.
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: openssl 1.1.1-1ubuntu2.
ProcVersionSign
Uname: Linux 4.15.0-51-generic x86_64
ApportVersion: 2.20.9-0ubuntu7.6
Architecture: amd64
Date: Thu Jun 13 00:21:16 2019
InstallationDate: Installed on 2019-06-12 (0 days ago)
InstallationMedia: Ubuntu-Server 18.04 LTS "Bionic Beaver" - Release amd64 (20180426)
ProcEnviron:
TERM=xterm-
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: openssl
UpgradeStatus: No upgrade log present (probably fresh install)
Changed in openssl: | |
status: | Unknown → Fix Released |
tags: | added: regression-update |
tags: | added: regression-release |
description: | updated |
tags: |
added: verification-done verification-done-bionic removed: verification-needed verification-needed-bionic |
Changed in openssl (Ubuntu Cosmic): | |
status: | Fix Committed → Won't Fix |
tags: | removed: verification-done verification-needed-cosmic |
Can you please provide sources of your app / example of behaviour that needs fixing?
For us to prepare an SRU, we'd need to provide the following details:
https:/ /wiki.ubuntu. com/StableRelea seUpdates# SRU_Bug_ Template
Would you be able to provide details requested there? as in fill out the below template's Impact, Test Case, Regression Potential sections
I've tried to understand the upstream issue linked, but i'm not affected so I am struggling a bit.
Something minimal is ideal, like a tiny main(){}; C function that like calls double init, and works with openssl 1.1.0 from bionic-release, but fails with openssl 1.1.1 from bionic-updates.
[Impact]
* An explanation of the effects of the bug on users and
* justification for backporting the fix to the stable release.
* In addition, it is helpful, but not required, to include an
explanation of how the upload fixes this bug.
[Test Case]
* detailed instructions how to reproduce the bug
* these should allow someone who is not familiar with the affected
package to reproduce the bug and verify that the updated package fixes
the problem.
[Regression Potential]
* discussion of how regressions are most likely to manifest as a result of this change.
* It is assumed that any SRU candidate patch is well-tested before
upload and has a low overall risk of regression, but it's important
to make the effort to think about what ''could'' happen in the
event of a regression.
* This both shows the SRU team that the risks have been considered,
and provides guidance to testers in regression-testing the SRU.
[Other Info]
* Anything else you think is useful to include
* Anticipate questions from users, SRU, +1 maintenance, security teams and the Technical Board
* and address these questions in advance