Bug#1110165: marked as done (unblock: jose/14-2)

To: Ivo De Decker <ivodd@respighi.debian.org>
Subject: Bug#1110165: marked as done (unblock: jose/14-2)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Thu, 31 Jul 2025 17:43:02 +0000
Message-id: <[🔎] handler.1110165.D1110165.175398365053446.ackdone@bugs.debian.org>
Reply-to: 1110165@bugs.debian.org
References: <E1uhXGm-004gp1-2g@respighi.debian.org> <[🔎] 175391912744.638906.13467212940313070437.reportbug@localhost>

Your message dated Thu, 31 Jul 2025 17:40:44 +0000
with message-id <E1uhXGm-004gp1-2g@respighi.debian.org>
and subject line unblock jose
has caused the Debian Bug report #1110165,
regarding unblock: jose/14-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1110165: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110165
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: unblock: jose/14-2
From: Adrian Bunk <bunk@debian.org>
Date: Wed, 30 Jul 2025 23:45:27 +0000
Message-id: <[🔎] 175391912744.638906.13467212940313070437.reportbug@localhost>

Package: release.debian.org
Severity: normal
X-Debbugs-Cc: jose@packages.debian.org
Control: affects -1 + src:jose
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package jose

Only contains one bugfix (adding NULL pointer check).

unblock jose/14-2

diffstat for jose-14 jose-14

 changelog                                                                                                                |    6 +
 patches/cherry-picked/1752063697.v14-7-g5aaaaf6.openssl-handle-null-in-jose-openssl-jwk-from-ec-key-gracefully-172.patch |   33 ++++++++++
 patches/series                                                                                                           |    1 
 3 files changed, 40 insertions(+)

diff -Nru jose-14/debian/changelog jose-14/debian/changelog
--- jose-14/debian/changelog	2024-08-10 19:16:54.000000000 +0300
+++ jose-14/debian/changelog	2025-07-10 19:04:11.000000000 +0300
@@ -1,3 +1,9 @@
+jose (14-2) unstable; urgency=high
+
+  * Cherry-pick fix to handle possible Null pointer gracefully
+
+ -- Christoph Biedl <debian.axhn@manchmal.in-ulm.de>  Thu, 10 Jul 2025 18:04:11 +0200
+
 jose (14-1) unstable; urgency=medium
 
   * New upstream version 14
diff -Nru jose-14/debian/patches/cherry-picked/1752063697.v14-7-g5aaaaf6.openssl-handle-null-in-jose-openssl-jwk-from-ec-key-gracefully-172.patch jose-14/debian/patches/cherry-picked/1752063697.v14-7-g5aaaaf6.openssl-handle-null-in-jose-openssl-jwk-from-ec-key-gracefully-172.patch
--- jose-14/debian/patches/cherry-picked/1752063697.v14-7-g5aaaaf6.openssl-handle-null-in-jose-openssl-jwk-from-ec-key-gracefully-172.patch	1970-01-01 02:00:00.000000000 +0200
+++ jose-14/debian/patches/cherry-picked/1752063697.v14-7-g5aaaaf6.openssl-handle-null-in-jose-openssl-jwk-from-ec-key-gracefully-172.patch	2025-07-10 19:04:11.000000000 +0300
@@ -0,0 +1,33 @@
+Subject: Openssl: handle NULL in jose_openssl_jwk_from_EC_KEY gracefully (#172)
+Origin: upstream, commit v14-7-g5aaaaf6 <https://github.com/latchset/jose/commit/v14-7-g5aaaaf6>
+Author: Ahmad Fatoum <ahmad@a3f.at>
+Date: Wed Jul 9 14:21:37 2025 +0200
+
+    We already check that the RSA *key is not NULL in
+    jose_openssl_jwk_from_RSA(), but fail to do so for EC_KEY *key in
+    jose_openssl_jwk_from_EC_KEY().
+
+    But EVP_PKEY_get0_EC_KEY() can return NULL too, e.g., if
+    the EVP_PKEY comes from an OpenSSL provider that is not creating a
+    keymgmt instance for a public key and the default provider is not
+    loaded[1].
+
+    Instead of crashing inside OpenSSL when we pass a NULL pointer to
+    EC_KEY_get0_private_key(), detect this case and return gracefully.
+
+    [1]: https://github.com/openssl/openssl/discussions/25679
+
+    Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
+
+--- a/lib/openssl/jwk.c
++++ b/lib/openssl/jwk.c
+@@ -140,6 +140,9 @@
+ json_t *
+ jose_openssl_jwk_from_EC_KEY(jose_cfg_t *cfg, const EC_KEY *key)
+ {
++    if (!key)
++        return NULL;
++
+     return jose_openssl_jwk_from_EC_POINT(
+         cfg,
+         EC_KEY_get0_group(key),
diff -Nru jose-14/debian/patches/series jose-14/debian/patches/series
--- jose-14/debian/patches/series	2024-06-19 23:31:56.000000000 +0300
+++ jose-14/debian/patches/series	2025-07-10 19:04:11.000000000 +0300
@@ -1,5 +1,6 @@
 
 # cherry-picked commits. Keep in upstream's chronological order
+cherry-picked/1752063697.v14-7-g5aaaaf6.openssl-handle-null-in-jose-openssl-jwk-from-ec-key-gracefully-172.patch
 
 # patches for upstream

--- End Message ---

--- Begin Message ---

To: 1110165-done@bugs.debian.org

Subject: unblock jose

From: Ivo De Decker <ivodd@respighi.debian.org>

Date: Thu, 31 Jul 2025 17:40:44 +0000

Message-id: <E1uhXGm-004gp1-2g@respighi.debian.org>
Unblocked jose.
--- End Message ---

Reply to:

References:
- Bug#1110165: unblock: jose/14-2
  - From: Adrian Bunk <bunk@debian.org>

Prev by Date: Bug#1110084: marked as done (unblock: puppet-module-camptocamp-postfix/5.1.0-1)
Next by Date: Bug#1110167: marked as done (unblock: mimedefang/3.6-2)
Previous by thread: Processed: unblock: jose/14-2
Next by thread: Bug#1110166: unblock: dropbear/2025.88-2
Index(es):
- Date
- Thread