[Touch-packages] [Bug 1931994] Re: [Ubuntu 20.04] OpenSSL bugs im s390x AES code

Gunnar Hjalmarsson Tue, 27 Jul 2021 11:55:55 -0700

I re-run the failed tests, and both of them passed on the second
attempt, so it should migrate on impish soon.


The SRUs are now uploaded, following Brian's advice with respect to
hirsute.

@Simon: Good if you can unsubscribe ubuntu-sponsors.

** Changed in: openssl (Ubuntu Hirsute)
       Status: New => In Progress

** Changed in: openssl (Ubuntu Hirsute)
     Assignee: (unassigned) => Canonical Foundations Team 
(canonical-foundations)

** Changed in: openssl (Ubuntu Focal)
       Status: New => In Progress

** Changed in: openssl (Ubuntu Focal)
     Assignee: (unassigned) => Canonical Foundations Team 
(canonical-foundations)

** Changed in: openssl (Ubuntu Bionic)
       Status: New => In Progress

** Changed in: openssl (Ubuntu Bionic)
     Assignee: (unassigned) => Canonical Foundations Team 
(canonical-foundations)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1931994

Title:
  [Ubuntu 20.04] OpenSSL bugs im s390x AES code

Status in Ubuntu on IBM z Systems:
  In Progress
Status in openssl package in Ubuntu:
  Fix Committed
Status in openssl source package in Bionic:
  In Progress
Status in openssl source package in Focal:
  In Progress
Status in openssl source package in Hirsute:
  In Progress
Status in openssl source package in Impish:
  Fix Committed

Bug description:
  Problem description:

  When passing a NULL key to reset AES EVC state, the state wouldn't be 
completely reset on s390x.
  https://github.com/openssl/openssl/pull/14900

  Solution available here:
  
https://github.com/openssl/openssl/commit/dc67210d909b5dd7a50f60a96f36f3f5a891b1c8

  Should be applied to all distros where openssl 1.1.1 is included for 
consistency reason.
  -> 21.10, 20.04, 18.04.
  I think not needed for 16.04 anymore....

  [Test plan]

  $ sudo apt install libssl-dev
  $ gcc test.c -o evc-test -lcrypto -lssl # See 
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1931994/comments/2 for 
the test.c program
  $ ./evc-test && echo OK

  [Where problems could occur]

  This patch only touches s390x code paths, so there shouldn't be any 
regression on other architectures. However, on s390x this could reveal
  latent bugs by spreading a NULL key to new code paths.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1931994/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1931994] Re: [Ubuntu 20.04] OpenSSL bugs im s390x AES code

Reply via email to