Hello Steve, or anyone else affected, Accepted sbsigntool into trusty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/sbsigntool/0.6-0ubuntu7.2 in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance! ** Changed in: sbsigntool (Ubuntu Trusty) Status: In Progress => Fix Committed ** Tags added: verification-needed ** Changed in: sbsigntool (Ubuntu Precise) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1474541 Title: sbsigntool broken by update to openssl 1.0.2c Status in openssl package in Ubuntu: Invalid Status in sbsigntool package in Ubuntu: Fix Released Status in openssl source package in Precise: Invalid Status in sbsigntool source package in Precise: Fix Committed Status in openssl source package in Trusty: Invalid Status in sbsigntool source package in Trusty: Fix Committed Status in openssl source package in Wily: Invalid Status in sbsigntool source package in Wily: Fix Released Bug description: [Impact] Validating signature using sbsigntool for EFI binaries on Precise and Trusty. [Test case] 1) pull-lp-source shim-signed 2) sbverify --cert MicCorUEFCA2011_2011-06-27.crt shim.efi.signed [Regression potential] Complex signing scenarios may pass validation when they should not due to the unavailability of the issuer cert; but I can't think of a specific case where this might happen. --- An upload of shim-signed with no source changes is now failing to build in wily, because sbverify fails: sbverify --cert MicCorUEFCA2011_2011-06-27.crt shim.efi.signed warning: data remaining[1170360 vs 1289424]: gaps between PE/COFF sections? PKCS7 verification failed 139919811188368:error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error:pk7_smime.c:328:Verify error:unable to get issuer certificate Signature verification failed (https://launchpad.net/ubuntu/+source/shim-signed/1.10/+build/7652431) The package builds successfully on vivid but fails on wily. sbsigntool has not changed since vivid. Upgrading to the wily version of libssl1.0.0 in a vivid chroot reproduces the failure. I'm not sure if this is a regression in libssl1.0.0 or a bug in sbsigntool. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1474541/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
