touch-packages team mailing list archive

[Mathieu Trudel-Lapierre <mathieu.tl@xxxxxxxxx>]

** Changed in: sbsigntool (Ubuntu)
       Status: New => In Progress

** Changed in: openssl (Ubuntu)
       Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1526959

Title:
  openssl 1.0.2e breaks sbsigntool

Status in openssl package in Ubuntu:
  Incomplete
Status in sbsigntool package in Ubuntu:
  In Progress

Bug description:
  Looks like sbsigntool now fails again to verify signed EFI binaries
  against a valid cert (and the signature is known to be valid).
  Reverting to 1.0.2d-0ubuntu2 lets it work again:

  [15:40:30] mtrudel@moloch:~u/shim-signed-1.12 $ sbverify --cert MicCorUEFCA2011_2011-06-27.crt shim.efi.signed
  warning: data remaining[1170360 vs 1289424]: gaps between PE/COFF sections?
  PKCS7 verification failed
  140048473532048:error:21075076:PKCS7 routines:PKCS7_verify:content and data present:pk7_smime.c:280:
  Signature verification failed
  [15:50:03] mtrudel@moloch:~u/shim-signed-1.12 $ sudo dpkg -i ../openssl_1.0.2d-0ubuntu2_amd64.deb ../libssl1.0.0_1.0.2d-0ubuntu2_amd64.deb
  dpkg : avertissement : dégradation (« downgrade ») de openssl depuis 1.0.2e-1ubuntu1 vers 1.0.2d-0ubuntu2
  (Lecture de la base de données... 291770 fichiers et répertoires déjà installés.)
  Préparation du dépaquetage de .../openssl_1.0.2d-0ubuntu2_amd64.deb ...
  Dépaquetage de openssl (1.0.2d-0ubuntu2) sur (1.0.2e-1ubuntu1) ...
  dpkg : avertissement : dégradation (« downgrade ») de libssl1.0.0:amd64 depuis 1.0.2e-1ubuntu1 vers 1.0.2d-0ubuntu2
  Préparation du dépaquetage de .../libssl1.0.0_1.0.2d-0ubuntu2_amd64.deb ...
  Dépaquetage de libssl1.0.0:amd64 (1.0.2d-0ubuntu2) sur (1.0.2e-1ubuntu1) ...
  Paramétrage de libssl1.0.0:amd64 (1.0.2d-0ubuntu2) ...
  Paramétrage de openssl (1.0.2d-0ubuntu2) ...
  Traitement des actions différées (« triggers ») pour man-db (2.7.5-1) ...
  Traitement des actions différées (« triggers ») pour libc-bin (2.21-0ubuntu5) ...
  [15:50:18] mtrudel@moloch:~u/shim-signed-1.12 $ sbverify --cert MicCorUEFCA2011_2011-06-27.crt shim.efi.signed
  warning: data remaining[1170360 vs 1289424]: gaps between PE/COFF sections?
  Signature verification OK

  We've hit a similar issue in the past; in lieue of
  sbsigntool/0.6-0ubuntu8:
  http://launchpadlibrarian.net/211726228/sbsigntool_0.6-0ubuntu7_0.6-0ubuntu8.diff.gz

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1526959/+subscriptions