| 2022-07-29 12:54:58 |
Nicolas Bock |
bug |
|
|
added bug |
| 2022-07-29 12:56:16 |
Nicolas Bock |
nominated for series |
|
Ubuntu Bionic |
|
| 2022-07-29 12:56:16 |
Nicolas Bock |
bug task added |
|
openssl (Ubuntu Bionic) |
|
| 2022-08-04 12:18:42 |
Nicolas Bock |
description |
Bionic's OpenSSL 1.1.1 package (https://launchpad.net/ubuntu/bionic/+source/openssl) is the only version of openssl 1.1.1 on any distro that we've encountered that does not have support for the OPENSSL_NO_ATEXIT functionality from 1.1.1b (openssl/openssl@c2b3db2).
The threading model in .NET has the possibility that background threads are still running when exit() is called, which can cause SIGSEGV if a background thread interacts with OpenSSL after/while it has unloaded. For that reason, we always initialize OpenSSL 1.1.1 with the OPENSSL_NO_ATEXIT flag (which, of all the distros we run on only has no effect on Bionic).
We feel that the stability of applications on Ubuntu 18.04 would be improved if the functionality of OPENSSL_NO_ATEXIT was merged into the bionic openssl 1.1.1 package, even if the constant isn't published into the header for the dev package.
Context: https://github.com/dotnet/runtime/issues/48411#issuecomment-1178405101 |
[Impact]
Bionic's OpenSSL 1.1.1 package (https://launchpad.net/ubuntu/bionic/+source/openssl) is the only version of openssl 1.1.1 on any distro that we've encountered that does not have support for the OPENSSL_NO_ATEXIT functionality from 1.1.1b (openssl/openssl@c2b3db2).
The threading model in .NET has the possibility that background threads are still running when exit() is called, which can cause SIGSEGV if a background thread interacts with OpenSSL after/while it has unloaded. For that reason, we always initialize OpenSSL 1.1.1 with the OPENSSL_NO_ATEXIT flag (which, of all the distros we run on only has no effect on Bionic).
We feel that the stability of applications on Ubuntu 18.04 would be improved if the functionality of OPENSSL_NO_ATEXIT was merged into the bionic openssl 1.1.1 package, even if the constant isn't published into the header for the dev package.
Context: https://github.com/dotnet/runtime/issues/48411#issuecomment-1178405101
[Test Plan]
The described behavior can be reproduced by passing the OPENSSL_NO_ATEXIT to the OPENSSL_init_ssl() call. The application will terminate with a SEGFAULT. More concretely, a minimal reproducer is:
#include <stdio.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
#ifndef OPENSSL_INIT_NO_ATEXIT
#define OPENSSL_INIT_NO_ATEXIT 0x00080000L
#endif
static void print_error_string()
{
printf("print_error_string:\n");
printf("ERR_reason_error_string(0) => %s\n", ERR_reason_error_string(0));
}
int main(int argc, char* argv[])
{
// register this handler first, so it runs last.
atexit(print_error_string);
OPENSSL_init_ssl(
OPENSSL_INIT_ADD_ALL_CIPHERS |
OPENSSL_INIT_ADD_ALL_DIGESTS |
OPENSSL_INIT_LOAD_CONFIG |
OPENSSL_INIT_NO_ATEXIT |
OPENSSL_INIT_LOAD_CRYPTO_STRINGS |
OPENSSL_INIT_LOAD_SSL_STRINGS,
NULL);
print_error_string();
return 0;
}
Building
$ sudo apt install libssl-dev
$ gcc test.c -lssl -lcrypto
$ ./a.out
print_error_string:
ERR_reason_error_string(0) => (null)
print_error_string:
Segmentation fault (core dumped)
[Where problems could occur]
* Think about what the upload changes in the software. Imagine the change is
wrong or breaks something else: how would this show up?
* It is assumed that any SRU candidate patch is well-tested before
upload and has a low overall risk of regression, but it's important
to make the effort to think about what ''could'' happen in the
event of a regression.
* This must '''never''' be "None" or "Low", or entirely an argument as to why
your upload is low risk.
* This both shows the SRU team that the risks have been considered,
and provides guidance to testers in regression-testing the SRU.
[Other Info]
* Anything else you think is useful to include
* Anticipate questions from users, SRU, +1 maintenance, security teams and the Technical Board
* and address these questions in advance |
|
| 2022-08-05 14:15:00 |
Nicolas Bock |
description |
[Impact]
Bionic's OpenSSL 1.1.1 package (https://launchpad.net/ubuntu/bionic/+source/openssl) is the only version of openssl 1.1.1 on any distro that we've encountered that does not have support for the OPENSSL_NO_ATEXIT functionality from 1.1.1b (openssl/openssl@c2b3db2).
The threading model in .NET has the possibility that background threads are still running when exit() is called, which can cause SIGSEGV if a background thread interacts with OpenSSL after/while it has unloaded. For that reason, we always initialize OpenSSL 1.1.1 with the OPENSSL_NO_ATEXIT flag (which, of all the distros we run on only has no effect on Bionic).
We feel that the stability of applications on Ubuntu 18.04 would be improved if the functionality of OPENSSL_NO_ATEXIT was merged into the bionic openssl 1.1.1 package, even if the constant isn't published into the header for the dev package.
Context: https://github.com/dotnet/runtime/issues/48411#issuecomment-1178405101
[Test Plan]
The described behavior can be reproduced by passing the OPENSSL_NO_ATEXIT to the OPENSSL_init_ssl() call. The application will terminate with a SEGFAULT. More concretely, a minimal reproducer is:
#include <stdio.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
#ifndef OPENSSL_INIT_NO_ATEXIT
#define OPENSSL_INIT_NO_ATEXIT 0x00080000L
#endif
static void print_error_string()
{
printf("print_error_string:\n");
printf("ERR_reason_error_string(0) => %s\n", ERR_reason_error_string(0));
}
int main(int argc, char* argv[])
{
// register this handler first, so it runs last.
atexit(print_error_string);
OPENSSL_init_ssl(
OPENSSL_INIT_ADD_ALL_CIPHERS |
OPENSSL_INIT_ADD_ALL_DIGESTS |
OPENSSL_INIT_LOAD_CONFIG |
OPENSSL_INIT_NO_ATEXIT |
OPENSSL_INIT_LOAD_CRYPTO_STRINGS |
OPENSSL_INIT_LOAD_SSL_STRINGS,
NULL);
print_error_string();
return 0;
}
Building
$ sudo apt install libssl-dev
$ gcc test.c -lssl -lcrypto
$ ./a.out
print_error_string:
ERR_reason_error_string(0) => (null)
print_error_string:
Segmentation fault (core dumped)
[Where problems could occur]
* Think about what the upload changes in the software. Imagine the change is
wrong or breaks something else: how would this show up?
* It is assumed that any SRU candidate patch is well-tested before
upload and has a low overall risk of regression, but it's important
to make the effort to think about what ''could'' happen in the
event of a regression.
* This must '''never''' be "None" or "Low", or entirely an argument as to why
your upload is low risk.
* This both shows the SRU team that the risks have been considered,
and provides guidance to testers in regression-testing the SRU.
[Other Info]
* Anything else you think is useful to include
* Anticipate questions from users, SRU, +1 maintenance, security teams and the Technical Board
* and address these questions in advance |
[Impact]
Bionic's OpenSSL 1.1.1 package (https://launchpad.net/ubuntu/bionic/+source/openssl) is the only version of openssl 1.1.1 on any distro that we've encountered that does not have support for the OPENSSL_NO_ATEXIT functionality from 1.1.1b (openssl/openssl@c2b3db2).
The threading model in .NET has the possibility that background threads are still running when exit() is called, which can cause SIGSEGV if a background thread interacts with OpenSSL after/while it has unloaded. For that reason, we always initialize OpenSSL 1.1.1 with the OPENSSL_NO_ATEXIT flag (which, of all the distros we run on only has no effect on Bionic).
We feel that the stability of applications on Ubuntu 18.04 would be improved if the functionality of OPENSSL_NO_ATEXIT was merged into the bionic openssl 1.1.1 package, even if the constant isn't published into the header for the dev package.
Context: https://github.com/dotnet/runtime/issues/48411#issuecomment-1178405101
[Test Plan]
The described behavior can be reproduced by passing the OPENSSL_NO_ATEXIT to the OPENSSL_init_ssl() call. The application will terminate with a SEGFAULT. More concretely, a minimal reproducer is:
#include <stdio.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
#ifndef OPENSSL_INIT_NO_ATEXIT
#define OPENSSL_INIT_NO_ATEXIT 0x00080000L
#endif
static void print_error_string()
{
printf("print_error_string:\n");
printf("ERR_reason_error_string(0) => %s\n", ERR_reason_error_string(0));
}
int main(int argc, char* argv[])
{
// register this handler first, so it runs last.
atexit(print_error_string);
OPENSSL_init_ssl(
OPENSSL_INIT_ADD_ALL_CIPHERS |
OPENSSL_INIT_ADD_ALL_DIGESTS |
OPENSSL_INIT_LOAD_CONFIG |
OPENSSL_INIT_NO_ATEXIT |
OPENSSL_INIT_LOAD_CRYPTO_STRINGS |
OPENSSL_INIT_LOAD_SSL_STRINGS,
NULL);
print_error_string();
return 0;
}
Building
$ sudo apt install libssl-dev
$ gcc test.c -lssl -lcrypto
$ ./a.out
print_error_string:
ERR_reason_error_string(0) => (null)
print_error_string:
Segmentation fault (core dumped)
[Where problems could occur]
The patches adds an option to the OPENSSL_init_crypto() function to disable the default behavior of calling of a cleanup function on application exit. The patch also includes a few bug fixes around various initializations that were supposed to happen once when running threaded but were not.
These changes have the potential for regressions and it is conceivable that they lead to incorrect behavior. However, I have also backported and included all new testing functions in the hope that the changed behavior will get appropriate testing. |
|
| 2022-08-05 14:15:28 |
Nicolas Bock |
bug |
|
|
added subscriber Ubuntu Security Sponsors Team |
| 2022-08-05 14:15:44 |
Nicolas Bock |
bug |
|
|
added subscriber SE SRU ("STS") Sponsors |
| 2022-08-05 14:16:21 |
Nicolas Bock |
bug |
|
|
added subscriber Ubuntu Sponsors Team |
| 2022-08-05 14:16:28 |
Nicolas Bock |
removed subscriber SE SRU ("STS") Sponsors |
|
|
|
| 2022-08-05 14:16:37 |
Nicolas Bock |
removed subscriber Ubuntu Security Sponsors Team |
|
|
|
| 2022-08-05 14:16:44 |
Nicolas Bock |
bug |
|
|
added subscriber SE SRU ("STS") Sponsors |
| 2022-08-05 14:20:30 |
Nicolas Bock |
attachment added |
|
openssl-atexit-1.debdiff https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1983100/+attachment/5607147/+files/openssl-atexit-1.debdiff |
|
| 2022-08-05 14:23:26 |
Mauricio Faria de Oliveira |
removed subscriber Ubuntu Sponsors Team |
|
|
|
| 2022-08-05 17:42:06 |
Heitor Alves de Siqueira |
tags |
|
se-sponsor-halves |
|
| 2022-08-06 14:52:06 |
Heitor Alves de Siqueira |
openssl (Ubuntu Bionic): status |
New |
Incomplete |
|
| 2022-08-06 14:52:18 |
Heitor Alves de Siqueira |
openssl (Ubuntu): status |
New |
Fix Released |
|
| 2022-08-06 14:52:24 |
Heitor Alves de Siqueira |
openssl (Ubuntu Bionic): importance |
Undecided |
Medium |
|
| 2022-08-06 14:52:36 |
Heitor Alves de Siqueira |
openssl (Ubuntu Bionic): assignee |
|
Nicolas Bock (nicolasbock) |
|
| 2022-08-09 18:12:08 |
Heitor Alves de Siqueira |
bug |
|
|
added subscriber Heitor Alves de Siqueira |
| 2023-04-11 15:28:35 |
Tom Moyer |
openssl (Ubuntu Bionic): assignee |
Nicolas Bock (nicolasbock) |
Tom Moyer (tom-tom) |
|
| 2023-05-03 16:24:42 |
Tom Moyer |
description |
[Impact]
Bionic's OpenSSL 1.1.1 package (https://launchpad.net/ubuntu/bionic/+source/openssl) is the only version of openssl 1.1.1 on any distro that we've encountered that does not have support for the OPENSSL_NO_ATEXIT functionality from 1.1.1b (openssl/openssl@c2b3db2).
The threading model in .NET has the possibility that background threads are still running when exit() is called, which can cause SIGSEGV if a background thread interacts with OpenSSL after/while it has unloaded. For that reason, we always initialize OpenSSL 1.1.1 with the OPENSSL_NO_ATEXIT flag (which, of all the distros we run on only has no effect on Bionic).
We feel that the stability of applications on Ubuntu 18.04 would be improved if the functionality of OPENSSL_NO_ATEXIT was merged into the bionic openssl 1.1.1 package, even if the constant isn't published into the header for the dev package.
Context: https://github.com/dotnet/runtime/issues/48411#issuecomment-1178405101
[Test Plan]
The described behavior can be reproduced by passing the OPENSSL_NO_ATEXIT to the OPENSSL_init_ssl() call. The application will terminate with a SEGFAULT. More concretely, a minimal reproducer is:
#include <stdio.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
#ifndef OPENSSL_INIT_NO_ATEXIT
#define OPENSSL_INIT_NO_ATEXIT 0x00080000L
#endif
static void print_error_string()
{
printf("print_error_string:\n");
printf("ERR_reason_error_string(0) => %s\n", ERR_reason_error_string(0));
}
int main(int argc, char* argv[])
{
// register this handler first, so it runs last.
atexit(print_error_string);
OPENSSL_init_ssl(
OPENSSL_INIT_ADD_ALL_CIPHERS |
OPENSSL_INIT_ADD_ALL_DIGESTS |
OPENSSL_INIT_LOAD_CONFIG |
OPENSSL_INIT_NO_ATEXIT |
OPENSSL_INIT_LOAD_CRYPTO_STRINGS |
OPENSSL_INIT_LOAD_SSL_STRINGS,
NULL);
print_error_string();
return 0;
}
Building
$ sudo apt install libssl-dev
$ gcc test.c -lssl -lcrypto
$ ./a.out
print_error_string:
ERR_reason_error_string(0) => (null)
print_error_string:
Segmentation fault (core dumped)
[Where problems could occur]
The patches adds an option to the OPENSSL_init_crypto() function to disable the default behavior of calling of a cleanup function on application exit. The patch also includes a few bug fixes around various initializations that were supposed to happen once when running threaded but were not.
These changes have the potential for regressions and it is conceivable that they lead to incorrect behavior. However, I have also backported and included all new testing functions in the hope that the changed behavior will get appropriate testing. |
[Impact]
Bionic's OpenSSL 1.1.1 package (https://launchpad.net/ubuntu/bionic/+source/openssl) is the only version of openssl 1.1.1 on any distro that we've encountered that does not have support for the OPENSSL_NO_ATEXIT functionality from 1.1.1b (openssl/openssl@c2b3db2).
The threading model in .NET has the possibility that background threads are still running when exit() is called, which can cause SIGSEGV if a background thread interacts with OpenSSL after/while it has unloaded. For that reason, we always initialize OpenSSL 1.1.1 with the OPENSSL_NO_ATEXIT flag (which, of all the distros we run on only has no effect on Bionic).
We feel that the stability of applications on Ubuntu 18.04 would be improved if the functionality of OPENSSL_NO_ATEXIT was merged into the bionic openssl 1.1.1 package, even if the constant isn't published into the header for the dev package.
Context: https://github.com/dotnet/runtime/issues/48411#issuecomment-1178405101
[Test Plan]
The described behavior can be reproduced by passing the OPENSSL_NO_ATEXIT to the OPENSSL_init_ssl() call. The application will terminate with a SEGFAULT. More concretely, a minimal reproducer is:
#include <stdio.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
#ifndef OPENSSL_INIT_NO_ATEXIT
#define OPENSSL_INIT_NO_ATEXIT 0x00080000L
#endif
static void print_error_string()
{
printf("print_error_string:\n");
printf("ERR_reason_error_string(0) => %s\n", ERR_reason_error_string(0));
}
int main(int argc, char* argv[])
{
// register this handler first, so it runs last.
atexit(print_error_string);
OPENSSL_init_ssl(
OPENSSL_INIT_ADD_ALL_CIPHERS |
OPENSSL_INIT_ADD_ALL_DIGESTS |
OPENSSL_INIT_LOAD_CONFIG |
OPENSSL_INIT_NO_ATEXIT |
OPENSSL_INIT_LOAD_CRYPTO_STRINGS |
OPENSSL_INIT_LOAD_SSL_STRINGS,
NULL);
print_error_string();
return 0;
}
Building
$ sudo apt install libssl-dev
$ gcc test.c -lssl -lcrypto
$ ./a.out
print_error_string:
ERR_reason_error_string(0) => (null)
print_error_string:
Segmentation fault (core dumped)
[Other Info]
All of these patches are included in upstream release 1.1.1b
- lp1983100-0001-Fix-shlibloadtest-to-properly-execute-the-dso_ref-te.patch
Fixes the shlibloadtest that was updated as part of #0005
- lp1983100-0002-Implement-OPENSSL_INIT_NO_ATEXIT.patch
Patch adds the OPENSSL_INIT_NO_ATEXIT option
- lp1983100-0003-Don-t-link-shlibloadtest-against-libcrypto.patch
Additional fixes for shlibloadtest
- lp1983100-0004-Fix-rpath-related-Linux-test_shlibload-failure.patch
Additional fixes for shlibloadtest
- lp1983100-0005-Test-atexit-handlers.patch
Adds test for OPENSSL_INIT_NO_ATEXIT option and updates the shlibloadtest
- lp1983100-0006-Introduce-a-no-pinshared-option.patch
This patch includes tests to ensure that if OPENSSL_INIT_NO_ATEXIT is not defined then the atexit() handler is run
- lp1983100-0007-Support-_onexit-in-preference-to-atexit-on-Windows.patch
This patch ensures that atexit() is only called when on non-Windows systems as Windows uses _onexit() during library unloading
All seven patches are required to ensure the correct logic and operation of the OPENSSL_INIT_NO_ATEXIT option.
[Where problems could occur]
The patches adds an option to the OPENSSL_init_crypto() function to disable the default behavior of calling of a cleanup function on application exit. The patch also includes a few bug fixes around various initializations that were supposed to happen once when running threaded but were not.
These changes have the potential for regressions and it is conceivable that they lead to incorrect behavior. However, I have also backported and included all new testing functions in the hope that the changed behavior will get appropriate testing. |
|
| 2023-05-03 16:27:00 |
Tom Moyer |
attachment added |
|
openssl-atexit-v2.debdiff https://bugs.launchpad.net/ubuntu/bionic/+source/openssl/+bug/1983100/+attachment/5670692/+files/openssl-atexit-v2.debdiff |
|
| 2023-05-04 06:37:27 |
Heitor Alves de Siqueira |
openssl (Ubuntu Bionic): status |
Incomplete |
In Progress |
|
| 2023-05-11 20:39:24 |
Heitor Alves de Siqueira |
openssl (Ubuntu Bionic): status |
In Progress |
Incomplete |
|
| 2023-07-05 15:14:42 |
Tom Moyer |
bug task added |
|
ubuntu-pro |
|
| 2023-07-05 15:15:33 |
Tom Moyer |
ubuntu-pro: assignee |
|
Tom Moyer (tom-tom) |
|
| 2023-07-05 15:15:55 |
Tom Moyer |
nominated for series |
|
ubuntu-pro/18.04 |
|
| 2023-07-05 15:15:55 |
Tom Moyer |
bug task added |
|
ubuntu-pro/18.04 |
|
| 2023-07-05 15:16:21 |
Tom Moyer |
ubuntu-pro/18.04: importance |
Undecided |
Medium |
|
| 2023-07-05 15:16:28 |
Tom Moyer |
ubuntu-pro/18.04: status |
New |
In Progress |
|
| 2023-08-01 13:30:22 |
Heitor Alves de Siqueira |
openssl (Ubuntu Bionic): status |
Incomplete |
Won't Fix |
|
| 2023-08-01 13:48:48 |
Heitor Alves de Siqueira |
attachment removed |
openssl-atexit-1.debdiff https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1983100/+attachment/5607147/+files/openssl-atexit-1.debdiff |
|
|
| 2023-08-01 13:48:54 |
Heitor Alves de Siqueira |
attachment removed |
openssl-atexit-v2.debdiff https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1983100/+attachment/5670692/+files/openssl-atexit-v2.debdiff |
|
|
| 2023-08-15 13:18:18 |
Heitor Alves de Siqueira |
ubuntu-pro/18.04: status |
In Progress |
Confirmed |
|
| 2023-08-15 13:18:19 |
Heitor Alves de Siqueira |
ubuntu-pro/18.04: status |
Confirmed |
Fix Released |
|
| 2023-08-15 13:53:46 |
Mauricio Faria de Oliveira |
openssl (Ubuntu Bionic): importance |
Medium |
Undecided |
|
| 2023-08-15 13:53:48 |
Mauricio Faria de Oliveira |
openssl (Ubuntu Bionic): assignee |
Tom Moyer (tom-tom) |
|
|
