[Pkg-openssl-devel] Bug#1074764: Bug#1074764: signing with osslsigncode fails with a segmentation fault since latest stable update

[Sébastien Villemot]

Control: tags -1 + patch

Le mercredi 03 juillet 2024 à 22:05 +0200, Sebastian Andrzej Siewior a
écrit :
> On 2024-07-02 16:23:58 [+0200], Sébastien Villemot wrote:
> > Since the last upgrade of openssl on bookworm (version 3.0.13-1~deb12u1), code
> > signing using osslsigncode (and my Yubikey) now fails with a segmentation
> > fault. It was working properly with version 3.0.11-1~deb12u2 (and note that
> > downgrading solves the problem).
> > 
> > Here is the command:
> > 
> > $ osslsigncode sign -pkcs11module
> > /usr/lib/x86_64-linux-gnu/libykcs11.so.2 -key
> > "pkcs11:id=%01;type=private;pin-value=<EDITED>" -certs
> > ~/code-signing-certificate.pem -n Foo -i https://www.foo.org -t
> > http://timestamp.comodoca.com -in installer.exe -out
> > installer-signed.exe
> …
> > 
> > Note that the segfault occurs in /usr/lib/x86_64-linux-gnu/engines-3/pkcs11.so
> > (from libengine-pkcs11-openssl), which is itself called by libcrypto.so.3 (from
> > libssl3).
> 
> Can you check if
> 	https://github.com/openssl/openssl/commit/39ea78379826fa98e8dc8c0d2b07e2c17cd68380
> 
> fixes it?	

Thanks, I confirm it does.

-- 
⢀⣴⠾⠻⢶⣦⠀  Sébastien Villemot
⣾⠁⢠⠒⠀⣿⡁  Debian Developer
⢿⡄⠘⠷⠚⠋⠀  https://sebastien.villemot.name
⠈⠳⣄⠀⠀⠀⠀  https://www.debian.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://alioth-lists.debian.net/pipermail/pkg-openssl-devel/attachments/20240704/f299783f/attachment.sig>