Merge ~adrien/ubuntu/+source/openssl:plucky-lp-2066990 into ubuntu/+source/openssl:ubuntu/devel

Proposed by Adrien Nader
Status: Merged
Merge reported by: Adrien Nader
Merged at revision: bee7392c0bc80f3c6cea813196d2ed93c750b8d6
Proposed branch: ~adrien/ubuntu/+source/openssl:plucky-lp-2066990
Merge into: ubuntu/+source/openssl:ubuntu/devel
Diff against target: 38 lines (+19/-0)
2 files modified
debian/changelog (+8/-0)
debian/patches/fips/crypto-Automatically-use-the-FIPS-provider-when-the-kerne.patch (+11/-0)
Reviewer Review Type Date Requested Status
Ubuntu Sponsors Pending
git-ubuntu import Pending
Review via email: mp+477583@code.launchpad.net

This proposal supersedes a proposal from 2024-12-02.

Description of the change

Please review this merge request.

# ๐Ÿ“Š PPA
A PPA is available at:
 https://launchpad.net/~adrien/+archive/ubuntu/plucky-openssl-lp-2066990

# ๐Ÿงช Autopkgtest results
- โœ… openssl on plucky for amd64 @ 27.11.24 13:31:08
      โ€ข Log: https://autopkgtest.ubuntu.com/results/autopkgtest-plucky-adrien-plucky-openssl-lp-2066990/plucky/amd64/o/openssl/20241127_133108_33cec@/log.gz
- โœ… openssl on plucky for arm64 @ 27.11.24 13:32:34
      โ€ข Log: https://autopkgtest.ubuntu.com/results/autopkgtest-plucky-adrien-plucky-openssl-lp-2066990/plucky/arm64/o/openssl/20241127_133234_67c49@/log.gz
- โœ… openssl on plucky for armhf @ 27.11.24 13:33:42
      โ€ข Log: https://autopkgtest.ubuntu.com/results/autopkgtest-plucky-adrien-plucky-openssl-lp-2066990/plucky/armhf/o/openssl/20241127_133342_477b4@/log.gz
- โœ… openssl on plucky for i386 @ 27.11.24 14:49:43
      โ€ข Log: https://autopkgtest.ubuntu.com/results/autopkgtest-plucky-adrien-plucky-openssl-lp-2066990/plucky/i386/o/openssl/20241127_144943_56cd8@/log.gz
- โœ… openssl on plucky for ppc64el @ 27.11.24 13:36:31
      โ€ข Log: https://autopkgtest.ubuntu.com/results/autopkgtest-plucky-adrien-plucky-openssl-lp-2066990/plucky/ppc64el/o/openssl/20241127_133631_44e0c@/log.gz
- โœ… openssl on plucky for s390x @ 27.11.24 13:31:09
      โ€ข Log: https://autopkgtest.ubuntu.com/results/autopkgtest-plucky-adrien-plucky-openssl-lp-2066990/plucky/s390x/o/openssl/20241127_133109_fceb6@/log.gz

# ๐Ÿ” Lintian diff from most recent published package
No relevant lintian change.

To post a comment you must log in.
Revision history for this message
Simon Chopin (schopin) wrote :

It could go as is, but I do have a couple of suggestions to make it even better IMHO ;)

bee7392... by Adrien Nader

reconstruct-changelog

Revision history for this message
Adrien Nader (adrien) wrote :

I've updated the changelog to make it clearer that an existing patch is modified.

I've kept the message unchanged due to the reason I pointed out earlier: openssl itself inserts an "error:" into the string.

Since there will probably be a change needed for m2crypto's FTBFS (swig + select), maybe we don't want to upload this now. I'll let you be the judge for that but I'd appreciate a +1 in the MR so that I know that no further change will be needed here (except probably to merge changelogs :) ).

Revision history for this message
Adrien Nader (adrien) wrote :

For the record, Simon acked the change out-of-band (thanks!). I may also have a fix for m2crypto's FTBFS which doesn't depend on changing openssl and what I said above may not be necessary but I'll only know in a couple days when I do more tests.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 17f7b45..1907b71 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,11 @@
6+openssl (3.4.0-1ubuntu2) plucky; urgency=medium
7+
8+ * d/p/fips/crypto-Automatically-use-the-FIPS-provider-when-the-kerne.patch:
9+ Extend the patch to print the error encounted when a fallback
10+ provider fails loading, e.g. due to FIPS auto-loading (LP: #2066990)
11+
12+ -- Adrien Nader <adrien.nader@canonical.com> Fri, 13 Dec 2024 12:44:42 +0100
13+
14 openssl (3.4.0-1ubuntu1) plucky; urgency=medium
15
16 * Merge with Debian unstable (LP: #2044795). Remaining changes:
17diff --git a/debian/patches/fips/crypto-Automatically-use-the-FIPS-provider-when-the-kerne.patch b/debian/patches/fips/crypto-Automatically-use-the-FIPS-provider-when-the-kerne.patch
18index d8a18f8..9c7f741 100644
19--- a/debian/patches/fips/crypto-Automatically-use-the-FIPS-provider-when-the-kerne.patch
20+++ b/debian/patches/fips/crypto-Automatically-use-the-FIPS-provider-when-the-kerne.patch
21@@ -78,6 +78,17 @@ provider.
22 OSSL_PROVIDER *prov = NULL;
23
24 if (!p->is_fallback)
25+@@ -1401,6 +1401,10 @@ static int provider_activate_fallbacks(struct provider_store_st *store)
26+ }
27+ err:
28+ CRYPTO_THREAD_unlock(store->lock);
29++ if (!ret)
30++ fprintf(stderr, "While loading \"%s\" provider: %s\n",
31++ (p != NULL ? p->name : "<unknown>"),
32++ ERR_error_string(ERR_peek_last_error(), NULL));
33+ return ret;
34+ }
35+
36 --- a/crypto/provider_local.h
37 +++ b/crypto/provider_local.h
38 @@ -23,7 +23,7 @@

Subscribers

People subscribed via source and target branches