2022-04-14 07:32:08 |
Ilgaz |
bug |
|
|
added bug |
2022-04-14 15:01:25 |
Jeremy Bícha |
tags |
amd64 apport-bug jammy |
amd64 apport-bug jammy rls-jj-incoming |
|
2022-04-14 15:01:56 |
Jeremy Bícha |
openssl (Ubuntu): importance |
Undecided |
High |
|
2022-04-14 15:02:02 |
Jeremy Bícha |
openssl (Ubuntu): status |
New |
Confirmed |
|
2022-04-14 15:45:38 |
Simon Chopin |
tags |
amd64 apport-bug jammy rls-jj-incoming |
amd64 apport-bug fr-2255 jammy rls-jj-incoming |
|
2022-04-14 18:20:53 |
Steve Langasek |
openssl (Ubuntu): importance |
High |
Critical |
|
2022-04-14 18:20:57 |
Steve Langasek |
openssl (Ubuntu): status |
Confirmed |
In Progress |
|
2022-04-14 18:21:02 |
Steve Langasek |
openssl (Ubuntu): assignee |
|
Steve Langasek (vorlon) |
|
2022-04-14 23:32:49 |
Steve Langasek |
openssl (Ubuntu): status |
In Progress |
Fix Committed |
|
2022-04-25 09:14:18 |
Simon Chopin |
openssl (Ubuntu): status |
Fix Committed |
In Progress |
|
2022-04-25 09:14:21 |
Simon Chopin |
openssl (Ubuntu): assignee |
Steve Langasek (vorlon) |
Simon Chopin (schopin) |
|
2022-04-28 15:07:22 |
Brian Murray |
nominated for series |
|
Ubuntu Kinetic |
|
2022-04-28 15:07:22 |
Brian Murray |
bug task added |
|
openssl (Ubuntu Kinetic) |
|
2022-04-28 15:07:22 |
Brian Murray |
nominated for series |
|
Ubuntu Jammy |
|
2022-04-28 15:07:22 |
Brian Murray |
bug task added |
|
openssl (Ubuntu Jammy) |
|
2022-04-28 15:08:01 |
Brian Murray |
tags |
amd64 apport-bug fr-2255 jammy rls-jj-incoming |
amd64 apport-bug fr-2255 jammy |
|
2022-05-05 08:38:17 |
Simon Chopin |
openssl (Ubuntu Jammy): status |
New |
Confirmed |
|
2022-05-05 08:38:21 |
Simon Chopin |
openssl (Ubuntu Jammy): status |
Confirmed |
In Progress |
|
2022-05-05 08:38:29 |
Simon Chopin |
description |
I noticed this when I checked "ua status". It alerted me that I should check my openssl configuration.
"ua status
Failed to access URL: https://contracts.canonical.com/v1/resources?architecture=amd64&kernel=5.15.0-25-generic&series=jammy
Cannot verify certificate of server
Please check your openssl configuration."
I also figured wget&curl doesn't work with https:// URLs at all.
On web I found:
https://github.com/openssl/openssl/issues/18039
So I changed locale to C_UTF-8
#locale
LANG=tr_TR.UTF-8
LANGUAGE=
LC_CTYPE="tr_TR.UTF-8"
LC_NUMERIC=tr_TR.UTF-8
LC_TIME=tr_TR.UTF-8
LC_COLLATE="tr_TR.UTF-8"
LC_MONETARY=tr_TR.UTF-8
LC_MESSAGES="tr_TR.UTF-8"
LC_PAPER=tr_TR.UTF-8
LC_NAME=tr_TR.UTF-8
LC_ADDRESS=tr_TR.UTF-8
LC_TELEPHONE=tr_TR.UTF-8
LC_MEASUREMENT=tr_TR.UTF-8
LC_IDENTIFICATION=tr_TR.UTF-8
LC_ALL=
casaba@ship-macbook:/backups$ sudo locale-gen c
ca_AD ca_ES.UTF-8 ca_IT ckb_IQ cs_CZ cy_GB.UTF-8
ca_AD.UTF-8 ca_ES@valencia ca_IT.UTF-8 cmn_TW cs_CZ.UTF-8
ca_ES ca_FR ce_RU crh_UA cv_RU
ca_ES@euro ca_FR.UTF-8 chr_US csb_PL cy_GB
casaba@ship-macbook:/backups$ sudo locale-gen C.UTF-8
Generating locales (this might take a while)...
C.UTF-8... done
Generation complete.
casaba@ship-macbook:/backups$ update-locale LANG=C.UTF8
casaba@ship-macbook:/backups$ sudo update-locale LANG=C.UTF8
Now the result is (after logout/login)
ua status
SERVICE ENTITLED STATUS DESCRIPTION
cc-eal yes n/a Common Criteria EAL2 Provisioning Packages
cis yes n/a Security compliance and audit tools
esm-infra yes n/a UA Infra: Extended Security Maintenance (ESM)
fips yes n/a NIST-certified core packages
fips-updates yes n/a NIST-certified core packages with priority security updates
livepatch yes n/a Canonical Livepatch service
Enable services with: ua enable <service>
Account: ilgaz@fastmail.fm
Subscription: ilgaz@fastmail.fm
If Ubuntu 22 ships with current configuration, entire TR will suffer considering you can't find http:// downloads anymore.
ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: openssl 3.0.2-0ubuntu1
ProcVersionSignature: Ubuntu 5.15.0-25.25-generic 5.15.30
Uname: Linux 5.15.0-25-generic x86_64
ApportVersion: 2.20.11-0ubuntu82
Architecture: amd64
CasperMD5CheckResult: unknown
Date: Thu Apr 14 10:21:09 2022
InstallationDate: Installed on 2021-12-29 (105 days ago)
InstallationMedia: Lubuntu 20.04.3 LTS "Focal Fossa" - Release amd64 (20210819)
SourcePackage: openssl
UpgradeStatus: Upgraded to jammy on 2022-04-09 (4 days ago)
mtime.conffile..etc.ssl.openssl.cnf: 2022-04-10T13:11:20.222505 |
[Impact]
Due to the case comparison differences in the Turkish locale, some routines in
OpenSSL fail to recognize some algorithm names as valid, unexpectedly breaking
crypto.
[Test Plan]
This bug is really easy to trigger:
sudo locale-gen tr_TR.UTF-8
LANG=C curl https://ubuntu.com/ > /dev/null # This work
LANG=tr_TF.UTF-8 curl https://ubuntu.com/ > /dev/null # This fails
The error is curl: (35) error:03000072:digital envelope routines::decode error
[Where problems could occur]
This patch set is relatively massive, and can cause regressions, as illustrated
by the patch #5 which fixes one such regression. Those regressions would likely
show up as either libssl crashes, in case of uninitialized objects, or as
algorithm selection failures if somehow the case comparison is buggy.
[Other Info]
The fix has already been released upstream as part of their 3.0.3 release.
[Original report]
I noticed this when I checked "ua status". It alerted me that I should check my openssl configuration.
"ua status
Failed to access URL: https://contracts.canonical.com/v1/resources?architecture=amd64&kernel=5.15.0-25-generic&series=jammy
Cannot verify certificate of server
Please check your openssl configuration."
I also figured wget&curl doesn't work with https:// URLs at all.
On web I found:
https://github.com/openssl/openssl/issues/18039
So I changed locale to C_UTF-8
#locale
LANG=tr_TR.UTF-8
LANGUAGE=
LC_CTYPE="tr_TR.UTF-8"
LC_NUMERIC=tr_TR.UTF-8
LC_TIME=tr_TR.UTF-8
LC_COLLATE="tr_TR.UTF-8"
LC_MONETARY=tr_TR.UTF-8
LC_MESSAGES="tr_TR.UTF-8"
LC_PAPER=tr_TR.UTF-8
LC_NAME=tr_TR.UTF-8
LC_ADDRESS=tr_TR.UTF-8
LC_TELEPHONE=tr_TR.UTF-8
LC_MEASUREMENT=tr_TR.UTF-8
LC_IDENTIFICATION=tr_TR.UTF-8
LC_ALL=
casaba@ship-macbook:/backups$ sudo locale-gen c
ca_AD ca_ES.UTF-8 ca_IT ckb_IQ cs_CZ cy_GB.UTF-8
ca_AD.UTF-8 ca_ES@valencia ca_IT.UTF-8 cmn_TW cs_CZ.UTF-8
ca_ES ca_FR ce_RU crh_UA cv_RU
ca_ES@euro ca_FR.UTF-8 chr_US csb_PL cy_GB
casaba@ship-macbook:/backups$ sudo locale-gen C.UTF-8
Generating locales (this might take a while)...
C.UTF-8... done
Generation complete.
casaba@ship-macbook:/backups$ update-locale LANG=C.UTF8
casaba@ship-macbook:/backups$ sudo update-locale LANG=C.UTF8
Now the result is (after logout/login)
ua status
SERVICE ENTITLED STATUS DESCRIPTION
cc-eal yes n/a Common Criteria EAL2 Provisioning Packages
cis yes n/a Security compliance and audit tools
esm-infra yes n/a UA Infra: Extended Security Maintenance (ESM)
fips yes n/a NIST-certified core packages
fips-updates yes n/a NIST-certified core packages with priority security updates
livepatch yes n/a Canonical Livepatch service
Enable services with: ua enable <service>
Account: ilgaz@fastmail.fm
Subscription: ilgaz@fastmail.fm
If Ubuntu 22 ships with current configuration, entire TR will suffer considering you can't find http:// downloads anymore.
ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: openssl 3.0.2-0ubuntu1
ProcVersionSignature: Ubuntu 5.15.0-25.25-generic 5.15.30
Uname: Linux 5.15.0-25-generic x86_64
ApportVersion: 2.20.11-0ubuntu82
Architecture: amd64
CasperMD5CheckResult: unknown
Date: Thu Apr 14 10:21:09 2022
InstallationDate: Installed on 2021-12-29 (105 days ago)
InstallationMedia: Lubuntu 20.04.3 LTS "Focal Fossa" - Release amd64 (20210819)
SourcePackage: openssl
UpgradeStatus: Upgraded to jammy on 2022-04-09 (4 days ago)
mtime.conffile..etc.ssl.openssl.cnf: 2022-04-10T13:11:20.222505 |
|
2022-05-05 08:46:34 |
Simon Chopin |
attachment added |
|
openssl_jammy.debdiff https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1968997/+attachment/5586889/+files/openssl_jammy.debdiff |
|
2022-05-05 08:46:46 |
Simon Chopin |
bug |
|
|
added subscriber Ubuntu Sponsors Team |
2022-05-05 09:59:35 |
Simon Chopin |
attachment added |
|
openssl.debdiff https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1968997/+attachment/5586941/+files/openssl.debdiff |
|
2022-05-05 10:02:09 |
Simon Chopin |
attachment removed |
openssl.debdiff https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1968997/+attachment/5586941/+files/openssl.debdiff |
|
|
2022-05-05 10:02:50 |
Simon Chopin |
attachment added |
|
openssl.debdiff https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1968997/+attachment/5586942/+files/openssl.debdiff |
|
2022-05-05 12:11:49 |
Simon Chopin |
openssl (Ubuntu Jammy): importance |
Undecided |
Critical |
|
2022-05-05 12:12:43 |
Simon Chopin |
openssl (Ubuntu Jammy): status |
In Progress |
Confirmed |
|
2022-05-05 12:12:44 |
Simon Chopin |
openssl (Ubuntu Kinetic): status |
In Progress |
Confirmed |
|
2022-05-05 12:19:39 |
Graham Inggs |
removed subscriber Ubuntu Sponsors Team |
|
|
|
2022-05-05 12:19:40 |
Graham Inggs |
openssl (Ubuntu Jammy): assignee |
|
Graham Inggs (ginggs) |
|
2022-05-05 12:19:43 |
Graham Inggs |
openssl (Ubuntu Kinetic): assignee |
Simon Chopin (schopin) |
Graham Inggs (ginggs) |
|
2022-05-05 12:19:49 |
Graham Inggs |
openssl (Ubuntu Jammy): status |
Confirmed |
In Progress |
|
2022-05-05 12:19:53 |
Graham Inggs |
openssl (Ubuntu Kinetic): status |
Confirmed |
In Progress |
|
2022-05-05 13:20:04 |
Graham Inggs |
openssl (Ubuntu Kinetic): status |
In Progress |
Fix Committed |
|
2022-05-06 08:16:59 |
Timo Aaltonen |
openssl (Ubuntu Jammy): status |
In Progress |
Fix Committed |
|
2022-05-06 08:17:01 |
Timo Aaltonen |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2022-05-06 08:17:02 |
Timo Aaltonen |
bug |
|
|
added subscriber SRU Verification |
2022-05-06 08:17:04 |
Timo Aaltonen |
tags |
amd64 apport-bug fr-2255 jammy |
amd64 apport-bug fr-2255 jammy verification-needed verification-needed-jammy |
|
2022-05-09 12:31:48 |
Simon Chopin |
tags |
amd64 apport-bug fr-2255 jammy verification-needed verification-needed-jammy |
amd64 apport-bug fr-2255 jammy verification-done-jammy verification-needed |
|
2022-05-10 15:30:39 |
Simon Chopin |
tags |
amd64 apport-bug fr-2255 jammy verification-done-jammy verification-needed |
amd64 apport-bug fr-2255 jammy verification-done-jammy |
|
2022-05-12 13:48:40 |
Graham Inggs |
tags |
amd64 apport-bug fr-2255 jammy verification-done-jammy |
amd64 apport-bug fr-2255 jammy verification-done verification-done-jammy |
|
2022-05-17 08:47:04 |
Łukasz Zemczak |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
2022-05-17 08:47:47 |
Launchpad Janitor |
openssl (Ubuntu Jammy): status |
Fix Committed |
Fix Released |
|
2022-05-20 17:33:27 |
Launchpad Janitor |
openssl (Ubuntu Kinetic): status |
Fix Committed |
Fix Released |
|