[Bug 1951279] Re: OpenSSL 1.1.1f raise a segmentation faults on Arm64 builds

Hendrawan Kuncoro 1951279 at bugs.launchpad.net
Thu Nov 18 05:57:23 UTC 2021 

same issue
my environment is inside docker

------
docker run -it --platform linux/arm64 ubuntu:20.04 /bin/bash

Linux 888c7f7b294c 5.10.47-linuxkit #1 SMP PREEMPT Sat Jul 3 21:50:16
UTC 2021 aarch64 aarch64 aarch64 GNU/Linux

curl 7.68.0 (aarch64-unknown-linux-gnu) libcurl/7.68.0 OpenSSL/1.1.1f zlib/1.2.11 brotli/1.0.7 libidn2/2.2.0 libpsl/0.21.0 (+libidn2/2.2.0) libssh/0.9.3/openssl/zlib nghttp2/1.40.0 librtmp/2.3
Release-Date: 2020-01-08
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: AsynchDNS brotli GSS-API HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM NTLM_WB PSL SPNEGO SSL TLS-SRP UnixSocket

------

maybe that will help finding the root cause.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1951279

Title:
  OpenSSL 1.1.1f raise a segmentation faults on Arm64 builds

Status in openssl package in Ubuntu:
  Incomplete

Bug description:
  Description
  -----------

  It seems that current Ubuntu 20.04 (Focal) distribution for
  Arm64/Aarch64 raise a segmentation fault when certain validates some
  certificates.

  This issue affects only to Arm64/Aarch64 all the tools statically or
  dynamically linked with this version of the library are affected
  (Libcurl4, Curl, Wget, OpenJDK, Curl-PHP, etc).

  
  Environment and platform
  ------------------------
  Linux 5.4.0-89-generic #100-Ubuntu SMP Fri Sep 24 14:29:20 UTC 2021 aarch64 aarch64 aarch64 GNU/Linux

  
  Steps to reproduce
  ------------------

  1. Run:

  curl -v https://graph.facebook.com/v12.0/act_111/

  or

  wget https://graph.facebook.com/v12.0/act_111/

  
  Result received
  ---------------

  Segmentation fault (core dumped)

  
  Notes
  -----

  This bug was found by the Curl users:
  See: https://github.com/curl/curl/issues/8024

  I believe that this bug is related to
  https://ubuntu.com/security/CVE-2020-1967 that maybe used as a vector
  point for code injection.

  Actually there isn't any replacement for OpenSSL 1.1.1f for Focal
  (Arm64), so it makes difficult to use Ubuntu 20.04 in a production
  environment.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1951279/+subscriptions

More information about the foundations-bugs mailing list