1) downgraded openssl to 1.1.1f-1ubuntu2.9 such that it doesn't have double free fix that was released in https://launchpad.net/ubuntu/+source/openssl/1.1.1f-1ubuntu2.10
2) installed old pka module from commit b0f32fa05298bf9e3997ea43fc1c11b90e0d662f 3) installed focal-updates version of curl Observed double free core dump: # dpkg-query -W | grep -e 1.1.1f -e curl -e pka curl 7.68.0-1ubuntu2.7 libcurl3-gnutls:arm64 7.68.0-1ubuntu2.7 libcurl4:arm64 7.68.0-1ubuntu2.7 libpka1:arm64 1.3-1 libssl-dev:arm64 1.1.1f-1ubuntu2.9 libssl1.1:arm64 1.1.1f-1ubuntu2.9 openssl 1.1.1f-1ubuntu2.9 # curl -o /dev/null https://start.ubuntu.com/connectivity-check.html % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0PKA_ENGINE: PKA instance is invalid PKA_ENGINE: failed to retrieve valid instance PKA_ENGINE: PKA instance is invalid PKA_ENGINE: failed to retrieve valid instance PKA_ENGINE: PKA instance is invalid PKA_ENGINE: failed to retrieve valid instance PKA_ENGINE: PKA instance is invalid PKA_ENGINE: failed to retrieve valid instance 100 576 100 576 0 0 2117 0 --:--:-- --:--:-- --:--:-- 2117 double free or corruption (out) Aborted (core dumped) Upgraded to new curl: # dpkg-query -W | grep -e 1.1.1f -e curl -e pka curl 7.68.0-1ubuntu2.8 libcurl3-gnutls:arm64 7.68.0-1ubuntu2.8 libcurl4:arm64 7.68.0-1ubuntu2.8 libpka1:arm64 1.3-1 libssl-dev:arm64 1.1.1f-1ubuntu2.9 libssl1.1:arm64 1.1.1f-1ubuntu2.9 openssl 1.1.1f-1ubuntu2.9 # curl -o /dev/null https://start.ubuntu.com/connectivity-check.html % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0PKA_ENGINE: PKA instance is invalid PKA_ENGINE: failed to retrieve valid instance PKA_ENGINE: PKA instance is invalid PKA_ENGINE: failed to retrieve valid instance PKA_ENGINE: PKA instance is invalid PKA_ENGINE: failed to retrieve valid instance PKA_ENGINE: PKA instance is invalid PKA_ENGINE: failed to retrieve valid instance PKA_ENGINE: PKA instance is invalid PKA_ENGINE: failed to retrieve valid instance 100 576 100 576 0 0 1894 0 --:--:-- --:--:-- --:--:-- 1888 Observed success without any double-free or segfault in openssl. Although this particular issue has already been fixed in openssl, it still makes sense to release this update of curl which includes correct openssl engine API usage. ** Tags removed: verification-needed verification-needed-focal ** Tags added: verification-done verification-done-focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1940528 Title: curl 7.68 does not init OpenSSL correctly To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/curl/+bug/1940528/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs