openssl 1.0.2e breaks sbsigntool
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openssl (Ubuntu) |
Invalid
|
Undecided
|
Marc Deslauriers | ||
sbsigntool (Ubuntu) |
Fix Released
|
Undecided
|
Mathieu Trudel-Lapierre |
Bug Description
Looks like sbsigntool now fails again to verify signed EFI binaries against a valid cert (and the signature is known to be valid). Reverting to 1.0.2d-0ubuntu2 lets it work again:
[15:40:30] mtrudel@
warning: data remaining[1170360 vs 1289424]: gaps between PE/COFF sections?
PKCS7 verification failed
140048473532048
Signature verification failed
[15:50:03] mtrudel@
dpkg : avertissement : dégradation (« downgrade ») de openssl depuis 1.0.2e-1ubuntu1 vers 1.0.2d-0ubuntu2
(Lecture de la base de données... 291770 fichiers et répertoires déjà installés.)
Préparation du dépaquetage de .../openssl_
Dépaquetage de openssl (1.0.2d-0ubuntu2) sur (1.0.2e-1ubuntu1) ...
dpkg : avertissement : dégradation (« downgrade ») de libssl1.0.0:amd64 depuis 1.0.2e-1ubuntu1 vers 1.0.2d-0ubuntu2
Préparation du dépaquetage de .../libssl1.
Dépaquetage de libssl1.0.0:amd64 (1.0.2d-0ubuntu2) sur (1.0.2e-1ubuntu1) ...
Paramétrage de libssl1.0.0:amd64 (1.0.2d-0ubuntu2) ...
Paramétrage de openssl (1.0.2d-0ubuntu2) ...
Traitement des actions différées (« triggers ») pour man-db (2.7.5-1) ...
Traitement des actions différées (« triggers ») pour libc-bin (2.21-0ubuntu5) ...
[15:50:18] mtrudel@
warning: data remaining[1170360 vs 1289424]: gaps between PE/COFF sections?
Signature verification OK
We've hit a similar issue in the past; in lieue of sbsigntool/
Changed in sbsigntool (Ubuntu): | |
status: | New → In Progress |
Changed in openssl (Ubuntu): | |
status: | New → Incomplete |
Changed in openssl (Ubuntu): | |
status: | Incomplete → Invalid |
Assigning the openssl task to mdeslaur; we've discussed this issue on IRC.