Your message dated Wed, 14 Aug 2024 20:32:37 +0000
with message-id <e1sekfd-00fmkv...@fasolo.debian.org>
and subject line Bug#1074764: fixed in openssl 3.0.13-1~deb12u2
has caused the Debian Bug report #1074764,
regarding signing with osslsigncode fails with a segmentation fault since
latest stable update
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1074764: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074764
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libssl3
Version: 3.0.13-1~deb12u1
Severity: important
Control: affects -1 osslsigncode
Dear Maintainers,
Since the last upgrade of openssl on bookworm (version 3.0.13-1~deb12u1), code
signing using osslsigncode (and my Yubikey) now fails with a segmentation
fault. It was working properly with version 3.0.11-1~deb12u2 (and note that
downgrading solves the problem).
Here is the command:
$ osslsigncode sign -pkcs11module /usr/lib/x86_64-linux-gnu/libykcs11.so.2 -key
"pkcs11:id=%01;type=private;pin-value=<EDITED>" -certs
~/code-signing-certificate.pem -n Foo -i https://www.foo.org -t
http://timestamp.comodoca.com -in installer.exe -out installer-signed.exe
Here is a backtrace obtained through gdb (slightly edited to avoid leaking
sensitive information):
Program received signal SIGSEGV, Segmentation fault.
pkcs11_ecdsa_sign (key=0x5555565c1d10, siglen=<synthetic pointer>,
sigret=0x7fffffffc0b0 ".>D ", msg_len=32,
msg=0x7fffffffc3c0 "<EDITED>") at ./src/p11_ec.c:409
409 ./src/p11_ec.c: No such file or directory.
(gdb) bt
#0 pkcs11_ecdsa_sign (key=0x5555565c1d10, siglen=<synthetic pointer>,
sigret=0x7fffffffc0b0 ".>D ", msg_len=32,
msg=0x7fffffffc3c0 "<EDITED>") at ./src/p11_ec.c:409
#1 pkcs11_ecdsa_sign_sig (dgst=0x7fffffffc3c0 "<EDITED>", dlen=32,
kinv=<optimized out>, rp=<optimized out>, ec=<optimized out>) at
./src/p11_ec.c:489
#2 0x00007ffff7b95385 in ossl_ecdsa_sign (type=<optimized out>,
dgst=<optimized out>, dlen=<optimized out>, sig=<optimized out>,
siglen=0x7fffffffc354, kinv=<optimized out>, r=0x0, eckey=0x5555565c0590)
at ../crypto/ec/ecdsa_ossl.c:73
#3 0x00007ffff7b96280 in ECDSA_sign (type=<optimized out>,
dgst=dgst@entry=0x7fffffffc3c0 "<EDITED>", dlen=dlen@entry=32,
sig=sig@entry=0x5555565c5af0 "<EDITED>",
siglen=siglen@entry=0x7fffffffc354, eckey=eckey@entry=0x5555565c0590)
at ../crypto/ec/ecdsa_sign.c:38
#4 0x00007ffff7b940ba in pkey_ec_sign (ctx=<optimized out>, sig=0x5555565c5af0
"<EDITED>", siglen=0x7fffffffc460,
tbs=0x7fffffffc3c0 "<EDITED>", tbslen=32)
at ../crypto/ec/ec_pmeth.c:136
#5 0x00007ffff7c1648e in EVP_DigestSignFinal (ctx=ctx@entry=0x5555565cc2a0,
sigret=0x5555565c5af0 "\005M\017\003PU",
siglen=siglen@entry=0x7fffffffc460) at ../crypto/evp/m_sigver.c:560
#6 0x00007ffff7c60468 in PKCS7_SIGNER_INFO_sign (si=si@entry=0x5555565cbc40)
at ../crypto/pkcs7/pk7_doit.c:945
#7 0x00007ffff7c60702 in do_pkcs7_signed_attrib (mctx=0x5555565cc5c0,
si=0x5555565cbc40) at ../crypto/pkcs7/pk7_doit.c:721
#8 PKCS7_dataFinal (p7=p7@entry=0x5555565cbab0, bio=bio@entry=0x5555565cbc90)
at ../crypto/pkcs7/pk7_doit.c:843
#9 0x0000555555567561 in set_signing_blob (len=74, buf=0x5555565dcad0
"<EDITED>",
hash=0x5555565bce50, sig=0x5555565cbab0) at ./osslsigncode.c:1758
#10 set_indirect_data_blob (header=0x7fffffffc740, options=0x4a,
indata=<optimized out>, type=FILE_TYPE_PE, hash=0x5555565bce50,
sig=0x5555565cbab0) at ./osslsigncode.c:1823
#11 get_pkcs7 (cmd=cmd@entry=CMD_SIGN, hash=hash@entry=0x5555565bce50,
type=<optimized out>, type@entry=FILE_TYPE_PE,
indata=indata@entry=0x7ffff0e00000 "MZ\220",
options=options@entry=0x7fffffffc850, header=header@entry=0x7fffffffc740,
cparams=0x7fffffffc7a0, cursig=0x0) at ./osslsigncode.c:5431
#12 0x000055555555d5e2 in pe_presign_file (type=<optimized out>,
cursig=<optimized out>, outdata=<optimized out>, hash=<optimized out>,
indata=<optimized out>, cparams=<optimized out>, options=<optimized out>,
header=<optimized out>, cmd=<optimized out>)
at ./osslsigncode.c:5543
#13 main (argc=<optimized out>, argv=<optimized out>) at ./osslsigncode.c:6173
Note that the segfault occurs in /usr/lib/x86_64-linux-gnu/engines-3/pkcs11.so
(from libengine-pkcs11-openssl), which is itself called by libcrypto.so.3 (from
libssl3).
Cheers,
--
⢀⣴⠾⠻⢶⣦⠀ Sébastien Villemot
⣾⠁⢠⠒⠀⣿⡁ Debian Developer
⢿⡄⠘⠷⠚⠋⠀ https://sebastien.villemot.name
⠈⠳⣄⠀⠀⠀⠀ https://www.debian.org
--- End Message ---
--- Begin Message ---
Source: openssl
Source-Version: 3.0.13-1~deb12u2
Done: Sebastian Andrzej Siewior <sebast...@breakpoint.cc>
We believe that the bug you reported is fixed in the latest version of
openssl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1074...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sebastian Andrzej Siewior <sebast...@breakpoint.cc> (supplier of updated
openssl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 05 Jul 2024 23:04:47 +0200
Source: openssl
Architecture: source
Version: 3.0.13-1~deb12u2
Distribution: bookworm
Urgency: medium
Maintainer: Debian OpenSSL Team <pkg-openssl-de...@alioth-lists.debian.net>
Changed-By: Sebastian Andrzej Siewior <sebast...@breakpoint.cc>
Closes: 1074764
Changes:
openssl (3.0.13-1~deb12u2) bookworm; urgency=medium
.
* Revert "Improved detection of engine-provided private "classic"
keys" (Closes: #1074764).
Checksums-Sha1:
9521ab11824d83a59e9007b7cf54bf44cac28ea5 2675 openssl_3.0.13-1~deb12u2.dsc
d47bf1583fda178891d3e9c7373305104faeb7ab 69968
openssl_3.0.13-1~deb12u2.debian.tar.xz
Checksums-Sha256:
6201164fa99ed5edebb64b66c938881b4b05077312c4337e5c6b188aa9afc803 2675
openssl_3.0.13-1~deb12u2.dsc
b9d2531675e89bac1c6eac9f0e660194b10b6b0fe451d1a66b90bdacf189deac 69968
openssl_3.0.13-1~deb12u2.debian.tar.xz
Files:
b97917d342398c273b25208fe3173aa9 2675 utils optional
openssl_3.0.13-1~deb12u2.dsc
e62257e4c6ebea881bc5e16a0e905076 69968 utils optional
openssl_3.0.13-1~deb12u2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEZCVGlf/wqkRmzBnme5boFiqM9dEFAmaMThMACgkQe5boFiqM
9dE9GBAAkc0q0enwB+XTjf9QvfjFZltYPIxvrGAWwjEQox+e0tJNggOsGdXHpOsj
Jr0rIhCgFyLMe5IhBzJDyQQYnYe9JOKLp11OHwJBTbZK9DRBfJEzVtHyy/VVadjd
fUJwtZlCiC/sZ4wDSIfSNdd1czSdYvUxUad347uSIldcTRqmXgvDXahZ+0pRnw3p
U5D8gqmKx/6KsqMrl09eR6K4VLON7h2jsRP+XOPWkVBiUPkj1fnepB83fCcUxk5G
4H9MF4BhvdsfGY/LzoiKmr9LS6uIf+LufG7fWvblZgXIELJypuZIlqtHKALPH7p2
w++P1olT+fz4LnOMlhxuvrhbKCYhCeOa7scwzoevwZb2EWpAvRqjvmsLVz+pVABg
M8jHlkn8PovIIh4h7BvM7FME/bP70g9Zy8UoFeOAY6NKo9OwxMMdvsH/gEcJ+Cp+
NKUx0xVXRpExktpWjLb1Zh4pFMylNiaawaow3MfvIWnP1d2Oj8+uR1MraIPRjFza
23imSITqyxpUwgJK4e77fQrulE06yXNiwg7KbDjZy7DUKUH4evzK4QgzbjzbgDXP
oG91a8QGTYXe9DXFxITWYGXzB5/Fn25UnXHeKthpFEtkrppTlOyiqOEaTUhhdHP/
BrW9BMfDleIrHMi/uisL1pG1YXSQrChXn2/iDuCgPmex3CHfZOE=
=2QVQ
-----END PGP SIGNATURE-----
pgpWJzkmXvZiM.pgp
Description: PGP signature
--- End Message ---
