[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS

Mon Jun 10 16:04:19 UTC 2019

This bug was fixed in the package openssl - 1.1.1-1ubuntu2.1~18.04.1

---------------
openssl (1.1.1-1ubuntu2.1~18.04.1) bionic; urgency=medium

  * Backport OpenSSL 1.1.1 to 18.04 LTS. LP: #1797386
  * Adjust Breaks on versions published in bionic-release.

openssl (1.1.1-1ubuntu2.1) cosmic-security; urgency=medium

  * SECURITY UPDATE: timing side channel attack in DSA
    - debian/patches/CVE-2018-0734-1.patch: fix mod inverse in
      crypto/dsa/dsa_ossl.c.
    - debian/patches/CVE-2018-0734-2.patch: fix timing vulnerability in
      crypto/dsa/dsa_ossl.c.
    - debian/patches/CVE-2018-0734-3.patch: add a constant time flag in
      crypto/dsa/dsa_ossl.c.
    - CVE-2018-0734
  * SECURITY UPDATE: timing side channel attack in ECDSA
    - debian/patches/CVE-2018-0735.patch: fix timing vulberability in
      crypto/ec/ec_mult.c.
    - CVE-2018-0735

openssl (1.1.1-1ubuntu2) cosmic; urgency=medium

  * Fixup typpos in the autopkgtest binary name.

openssl (1.1.1-1ubuntu1) cosmic; urgency=medium

  * Merge from Debian unstable, remaining changes:
    - Replace duplicate files in the doc directory with symlinks.
    - debian/libssl1.1.postinst:
      + Display a system restart required notification on libssl1.1
        upgrade on servers.
      + Use a different priority for libssl1.1/restart-services depending
        on whether a desktop, or server dist-upgrade is being performed.
    - Revert "Enable system default config to enforce TLS1.2 as a
      minimum" & "Increase default security level from 1 to 2".
    - Further decrease security level from 1 to 0, for compatibility with
      openssl 1.0.2.

openssl (1.1.1-1) unstable; urgency=medium

  * New upstream version.
   - Update symbol file for 1.1.1
   - CVE-2018-0732 (actually since pre8).
  * Add Breaks on python-httplib2 (Addresses: #907015)
  * Add hardening=+all.
  * Update to policy 4.2.1
    - Less verbose testsuite with terse
    - Use RRR=no

openssl (1.1.1~~pre9-1) unstable; urgency=medium

  * New upstream version.
    - Support the final TLS 1.3 version (RFC 8446)
  * Upload to unstable

openssl (1.1.1~~pre8-1) experimental; urgency=medium

  * New upstream version.

openssl (1.1.1~~pre7-1) experimental; urgency=medium

  * Drop afalgeng on kfreebsd-* which go enabled because they inherit from
    the linux target.
  * Fix debian-rules-sets-dpkg-architecture-variable.
  * Update to policy 4.1.4
    - only Suggest: libssl-doc instead Recommends (only documentation and
      example code is shipped).
    - drop Priority: important.
    - use signing-key.asc and a https links for downloads
  * Use compat 11.
    - this moves the examples to /usr/share/doc/libssl-{doc->dev}/demos but it
      seems to make sense.
  * Add a 25-test_verify.t for autopkgtest which runs against intalled
    openssl binary.
  * Fix CVE-2018-0737 (Closes: #895844).

openssl (1.1.1~~pre6-2) experimental; urgency=medium

  * Update libssl1.1.symbols

openssl (1.1.1~~pre6-1) experimental; urgency=medium

  * New upstream version
  * Increase default security level from 1 to 2. This moves from the 80 bit
    security level to the 112 bit securit level and will require 2048 bit RSA
    and DHE keys.

openssl (1.1.1~~pre4-1) experimental; urgency=medium

  * Update to 1.1.1-pre4 (Closes: #892276, #894282).
  * Add riscv64 target (Closes: #891797).

openssl (1.1.1~~pre3-1) experimental; urgency=medium

  * Update to 1.1.1-pre3
  * Don't suggest 1024 bit RSA key to be typical (Closes: #878303).
  * Don't insist on TLS1.3 cipher for <TLS1.3 connections (Closes: #891570).
  * Enable system default config to enforce TLS1.2 as a minimum.

openssl (1.1.1~~pre2-1) experimental; urgency=medium

  * Update to 1.1.1-pre2

openssl (1.1.1~~pre1-1) experimental; urgency=medium

  * Abort the build if symbols are discovered which are not part of the
    symbols file.
  * Add config support for MIPS R6, patch by YunQiang Su (Closes: #882007).
  * Enable afalgeng on Linux targets (Closes: #888305)
  * Update 1.1.1-pre1.

 -- Dimitri John Ledkov <xnox at ubuntu.com>  Thu, 13 Dec 2018 14:02:15
+1100

** Changed in: python2.7 (Ubuntu Bionic)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1797386

Title:
  [SRU] OpenSSL 1.1.1 to 18.04 LTS

Status in libwww-perl package in Ubuntu:
  Fix Released
Status in openssl package in Ubuntu:
  Fix Released
Status in python-tornado package in Ubuntu:
  In Progress
Status in libio-socket-ssl-perl source package in Bionic:
  Fix Released
Status in libnet-ssleay-perl source package in Bionic:
  Fix Released
Status in libwww-perl source package in Bionic:
  Fix Released
Status in openssl source package in Bionic:
  Fix Released
Status in python-cryptography source package in Bionic:
  Fix Released
Status in python2.7 source package in Bionic:
  Fix Released
Status in python3.6 source package in Bionic:
  Fix Released
Status in python3.7 source package in Bionic:
  Fix Released
Status in r-cran-openssl source package in Bionic:
  Fix Released
Status in ruby-openssl source package in Bionic:
  Fix Released
Status in ruby2.5 source package in Bionic:
  Fix Released

Bug description:
  [Impact]

   * OpenSSL 1.1.1 is an LTS release upstream, which will continue to
  receive security support for much longer than 1.1.0 series will.

   * OpenSSL 1.1.1 comes with support for TLS v1.3 which is expected to
  be rapidly adopted due to increased set of supported hashes & algoes,
  as well as improved handshake [re-]negotiation.

   * OpenSSL 1.1.1 comes with improved hw-acceleration capabilities.

   * OpenSSL 1.1.1 is ABI/API compatible with 1.1.0, however some
  software is sensitive to the negotiation handshake and may either need
  patches/improvements or clamp-down to maximum v1.2.

  [Test Case]

   * Rebuild all reverse dependencies

   * Execute autopkg tests for all of them

   * Clamp down to TLS v1.2 software that does not support TLS v1.3
  (e.g. mongodb)

   * Backport TLS v1.3 support patches, where applicable

  [Test cases for the python updates]

  python3.7 is a preview in bionic as a non-supported/non-default
  version of python3. Passing it's own autopkgtests is sufficient
  validation for python3.7. It includes a point release update, with
  OpenSSL 1.1.1 compat and features.

  python3.6 not only has OpenSSL 1.1.1 compat and features patches, but
  also includes a point release update to 3.6.8. It has been part of the
  full-archive rebuild and regression analysis. Autopkgtests were
  triggered for python3.6 and python3-defaults with regressions already
  fixed in the individual packages as appropriate.

  python2.7 has the update from .15~rc1 to .15 final, with OpenSSL 1.1.1
  compat only. It has been part of the full-archive rebuild and
  regression analysis. Autopkgtests were triggered for python2.7 and
  python-defaults with regressions already fixed in the individual
  packages as appropriate.

  The archive rebuilds done, were commulative with OpenJDK 11, OpenSSL 1.1.1 and python point releases as seen in:
  http://people.canonical.com/~doko/ftbfs-report/test-rebuild-20181222-bionic.html
  http://people.canonical.com/~doko/ftbfs-report/test-rebuild-20181222-test-bionic.html

  And analyzed in
  https://docs.google.com/spreadsheets/d/1tMIwlwoHH_1h5sbvUbNac6-HIPKi3e0Xr8ebchIOU1A/edit#gid=147857652

  [ Test case libwww-perl (and deps) regression ]

  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914034

  1. apt install liblwp-protocol-https-perl
  2. enable -proposed
  3. apt install libio-socket-ssl-perl libnet-ssleay-perl
  4. perl -MLWP::UserAgent -e 'LWP::UserAgent->new->post("https://facebook.com", { data => "foo" }) or die'

  [Regression Potential]

   * Connectivity interop is the biggest issues which will be
  unavoidable with introducing TLS v1.3. However, tests on cosmic
  demonstrate that curl/nginx/google-chrome/mozilla-firefox connect and
  negotiate TLS v1.3 without issues.

   * Mitigation of discovered connectivity issues will be possible by
  clamping down to TLS v1.2 in either server-side or client-side
  software or by backporting relevant support fixes

   * Notable changes are listed here
  https://wiki.openssl.org/index.php/TLS1.3

   * Most common connectivity issues so far:
     - client verifies SNI in TLSv1.3 mode, yet client doesn't set hostname. Solution is client change to set hostname, or to clamp down the client to TLSv1.2.

     - session negotiation is different in TLSv1.3, existing client code
  may fail to create/negotiate/resume session. Clients need to learn how
  to use session callback.

     - non-application data records. TLSv1.3 sends more of these, when compared with previous versions, and some applications may not handle this correctly. Resulting in application data not being available, when previously expected. Mitigation around these involve disabling/enabling SSL_MODE_AUTO_RETRY or setting max protocol version to TLSv1.2. For example see discussion identified in the perl stack https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914034
  Similar hangs are possible with prior versions of TLS as well, it is however easier to trigger this with TLSv1.3.

   * Deprecated npn extenstion does not exist in TLSv1.3 implementation.

   * This update bundles python 3.6 and 3.7 point releases

   * libnet-ssleay-perl introduces two API changes which carry some risk of regression to consuming applications.  The risk is considered small.
    - Servers implemented in perl may now raise SIGPIPE in the event of a premature client disconnection.  This may be a behavior change in openssl itself but has only been noticed in the libnet-ssleay-perl tests.  This may represent a DoS attack against any third-party TLS-using servers implemented in perl if they do not already handle SIGPIPE gracefully.
    - The behavior of SSLeay::read() and SSLeay::write() has been changed to NOT retry on short reads/short writes, leading to the perl API more closely matching the C API.  There are new ssl_read_all() / ssl_write_all() calls for applications which want the previous behavior.

  [Other Info]

   * Previous FFe for OpenSSL in 18.10 is at
     https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1793092

   * TLS v1.3 support in NSS is expected to make it to 18.04 via
  security updates

   * TLS v1.3 support in GnuTLS is expected to be available in 19.04

   * Test OpenSSL is being prepared in
     https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/3473

  [Autopkgtest Regressions]

  dovecot/armhf - flakey

  libnet-ssleay-perl - awaiting sru accept into proposed of
  libnet-ssleay-perl and libio-socket-ssl-perl due to fixes and
  versioned breaks.

  linux* - rebuild testcases passes (for some edge flavours the build
  fails in non-ssl portions of the build), ubuntu-regression-suite
  testcase fails for a few variants but should have been skipped (in
  progress to be fixed in
  https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1823056)

  openvswitch/i386 - extremely flakey, errors out or fails mostly

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libwww-perl/+bug/1797386/+subscriptions