| 2015-07-14 20:19:46 |
Steve Langasek |
bug |
|
|
added bug |
| 2015-07-14 20:20:15 |
Steve Langasek |
bug task added |
|
sbsigntool (Ubuntu) |
|
| 2015-07-14 20:23:29 |
Steve Langasek |
openssl (Ubuntu): importance |
Undecided |
High |
|
| 2015-07-14 20:23:31 |
Steve Langasek |
sbsigntool (Ubuntu): importance |
Undecided |
High |
|
| 2015-07-14 20:23:36 |
Steve Langasek |
nominated for series |
|
Ubuntu Wily |
|
| 2015-07-14 20:23:36 |
Steve Langasek |
bug task added |
|
openssl (Ubuntu Wily) |
|
| 2015-07-14 20:23:36 |
Steve Langasek |
bug task added |
|
sbsigntool (Ubuntu Wily) |
|
| 2015-07-15 12:57:05 |
Marc Deslauriers |
attachment added |
|
openssl-102-compat.patch https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1474541/+attachment/4429349/+files/openssl-102-compat.patch |
|
| 2015-07-15 13:05:13 |
Marc Deslauriers |
bug |
|
|
added subscriber Marc Deslauriers |
| 2015-07-15 15:58:25 |
Steve Langasek |
openssl (Ubuntu Wily): status |
New |
Invalid |
|
| 2015-07-15 15:58:29 |
Steve Langasek |
sbsigntool (Ubuntu Wily): status |
New |
In Progress |
|
| 2015-07-15 15:58:31 |
Steve Langasek |
sbsigntool (Ubuntu Wily): assignee |
|
Steve Langasek (vorlon) |
|
| 2015-07-15 16:12:50 |
Launchpad Janitor |
branch linked |
|
lp:~ubuntu-branches/ubuntu/wily/sbsigntool/wily-proposed |
|
| 2015-07-15 16:17:53 |
Ubuntu Foundations Team Bug Bot |
tags |
|
patch |
|
| 2015-07-15 17:29:14 |
Launchpad Janitor |
sbsigntool (Ubuntu Wily): status |
In Progress |
Fix Released |
|
| 2016-05-27 19:50:46 |
Mathieu Trudel-Lapierre |
nominated for series |
|
Ubuntu Precise |
|
| 2016-05-27 19:50:46 |
Mathieu Trudel-Lapierre |
bug task added |
|
openssl (Ubuntu Precise) |
|
| 2016-05-27 19:50:46 |
Mathieu Trudel-Lapierre |
bug task added |
|
sbsigntool (Ubuntu Precise) |
|
| 2016-05-27 19:51:02 |
Mathieu Trudel-Lapierre |
nominated for series |
|
Ubuntu Trusty |
|
| 2016-05-27 19:51:02 |
Mathieu Trudel-Lapierre |
bug task added |
|
openssl (Ubuntu Trusty) |
|
| 2016-05-27 19:51:02 |
Mathieu Trudel-Lapierre |
bug task added |
|
sbsigntool (Ubuntu Trusty) |
|
| 2016-05-27 19:51:51 |
Mathieu Trudel-Lapierre |
sbsigntool (Ubuntu Trusty): status |
New |
In Progress |
|
| 2016-05-27 19:51:53 |
Mathieu Trudel-Lapierre |
sbsigntool (Ubuntu Precise): status |
New |
In Progress |
|
| 2016-05-27 19:57:56 |
Mathieu Trudel-Lapierre |
description |
An upload of shim-signed with no source changes is now failing to build in wily, because sbverify fails:
sbverify --cert MicCorUEFCA2011_2011-06-27.crt shim.efi.signed
warning: data remaining[1170360 vs 1289424]: gaps between PE/COFF sections?
PKCS7 verification failed
139919811188368:error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error:pk7_smime.c:328:Verify error:unable to get issuer certificate
Signature verification failed
(https://launchpad.net/ubuntu/+source/shim-signed/1.10/+build/7652431)
The package builds successfully on vivid but fails on wily. sbsigntool has not changed since vivid. Upgrading to the wily version of libssl1.0.0 in a vivid chroot reproduces the failure.
I'm not sure if this is a regression in libssl1.0.0 or a bug in sbsigntool. |
[Impact]
Validating signature using sbsigntool for EFI binaries on Precise and Trusty.
[Test case]
1) pull-lp-source shim-signed
2) sbverify --cert MicCorUEFCA2011_2011-06-27.crt shim.efi.signed
[Regression potential]
Complex signing scenarios may pass validation when they should not due to the unavailability of the issuer cert; but I can't think of a specific case where this might happen.
---
An upload of shim-signed with no source changes is now failing to build in wily, because sbverify fails:
sbverify --cert MicCorUEFCA2011_2011-06-27.crt shim.efi.signed
warning: data remaining[1170360 vs 1289424]: gaps between PE/COFF sections?
PKCS7 verification failed
139919811188368:error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error:pk7_smime.c:328:Verify error:unable to get issuer certificate
Signature verification failed
(https://launchpad.net/ubuntu/+source/shim-signed/1.10/+build/7652431)
The package builds successfully on vivid but fails on wily. sbsigntool has not changed since vivid. Upgrading to the wily version of libssl1.0.0 in a vivid chroot reproduces the failure.
I'm not sure if this is a regression in libssl1.0.0 or a bug in sbsigntool. |
|
| 2016-06-07 15:11:40 |
Mathieu Trudel-Lapierre |
openssl (Ubuntu Precise): status |
New |
Invalid |
|
| 2016-06-07 15:11:43 |
Mathieu Trudel-Lapierre |
openssl (Ubuntu Trusty): status |
New |
Invalid |
|
| 2016-06-07 15:11:45 |
Mathieu Trudel-Lapierre |
sbsigntool (Ubuntu Precise): assignee |
|
Mathieu Trudel-Lapierre (cyphermox) |
|
| 2016-06-07 15:11:46 |
Mathieu Trudel-Lapierre |
sbsigntool (Ubuntu Trusty): assignee |
|
Mathieu Trudel-Lapierre (cyphermox) |
|
| 2016-06-07 15:11:48 |
Mathieu Trudel-Lapierre |
sbsigntool (Ubuntu Precise): importance |
Undecided |
High |
|
| 2016-06-07 15:11:50 |
Mathieu Trudel-Lapierre |
sbsigntool (Ubuntu Trusty): importance |
Undecided |
High |
|
| 2016-06-08 05:00:20 |
Steve Langasek |
sbsigntool (Ubuntu Trusty): status |
In Progress |
Fix Committed |
|
| 2016-06-08 05:00:24 |
Steve Langasek |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
| 2016-06-08 05:00:32 |
Steve Langasek |
bug |
|
|
added subscriber SRU Verification |
| 2016-06-08 05:00:41 |
Steve Langasek |
tags |
patch |
patch verification-needed |
|
| 2016-06-08 05:04:36 |
Steve Langasek |
sbsigntool (Ubuntu Precise): status |
In Progress |
Fix Committed |
|
| 2016-06-08 06:01:44 |
Mathew Hodson |
bug task deleted |
openssl (Ubuntu) |
|
|
| 2016-06-08 06:02:01 |
Mathew Hodson |
bug task deleted |
openssl (Ubuntu Wily) |
|
|
| 2016-06-08 06:02:09 |
Mathew Hodson |
bug task deleted |
openssl (Ubuntu Trusty) |
|
|
| 2016-06-08 06:02:15 |
Mathew Hodson |
bug task deleted |
openssl (Ubuntu Precise) |
|
|
| 2016-06-30 21:26:23 |
Mathieu Trudel-Lapierre |
tags |
patch verification-needed |
patch verification-done-precise verification-needed |
|
| 2016-07-08 18:24:41 |
Mathieu Trudel-Lapierre |
tags |
patch verification-done-precise verification-needed |
patch verification-done verification-done-precise verification-done-trusty |
|
| 2016-07-12 06:32:09 |
Launchpad Janitor |
sbsigntool (Ubuntu Precise): status |
Fix Committed |
Fix Released |
|
| 2016-07-12 06:32:22 |
Martin Pitt |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
| 2016-07-12 06:33:02 |
Launchpad Janitor |
sbsigntool (Ubuntu Trusty): status |
Fix Committed |
Fix Released |
|
