← Back to team overview

touch-packages team mailing list archive

  1. touch-packages team
  2. Mailing list archive
  3. Message #89628

[Bug 1474541] [NEW] sbsigntool broken by update to openssl 1.0.2c

  Thread PreviousDate PreviousThread Next 
Public bug reported:

An upload of shim-signed with no source changes is now failing to build
in wily, because sbverify fails:

  sbverify --cert MicCorUEFCA2011_2011-06-27.crt shim.efi.signed
  warning: data remaining[1170360 vs 1289424]: gaps between PE/COFF sections?
  PKCS7 verification failed
  139919811188368:error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error:pk7_smime.c:328:Verify error:unable to get issuer certificate
  Signature verification failed

(https://launchpad.net/ubuntu/+source/shim-signed/1.10/+build/7652431)

The package builds successfully on vivid but fails on wily.  sbsigntool
has not changed since vivid.  Upgrading to the wily version of
libssl1.0.0 in a vivid chroot reproduces the failure.

I'm not sure if this is a regression in libssl1.0.0 or a bug in
sbsigntool.

** Affects: openssl (Ubuntu)
     Importance: High
         Status: New

** Affects: sbsigntool (Ubuntu)
     Importance: High
         Status: New

** Affects: openssl (Ubuntu Wily)
     Importance: High
         Status: New

** Affects: sbsigntool (Ubuntu Wily)
     Importance: High
         Status: New

** Also affects: sbsigntool (Ubuntu)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1474541

Title:
  sbsigntool broken by update to openssl 1.0.2c

Status in openssl package in Ubuntu:
  New
Status in sbsigntool package in Ubuntu:
  New
Status in openssl source package in Wily:
  New
Status in sbsigntool source package in Wily:
  New

Bug description:
  An upload of shim-signed with no source changes is now failing to
  build in wily, because sbverify fails:

    sbverify --cert MicCorUEFCA2011_2011-06-27.crt shim.efi.signed
    warning: data remaining[1170360 vs 1289424]: gaps between PE/COFF sections?
    PKCS7 verification failed
    139919811188368:error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error:pk7_smime.c:328:Verify error:unable to get issuer certificate
    Signature verification failed

  (https://launchpad.net/ubuntu/+source/shim-signed/1.10/+build/7652431)

  The package builds successfully on vivid but fails on wily.
  sbsigntool has not changed since vivid.  Upgrading to the wily version
  of libssl1.0.0 in a vivid chroot reproduces the failure.

  I'm not sure if this is a regression in libssl1.0.0 or a bug in
  sbsigntool.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1474541/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next