Hello Rod, or anyone else affected,
Accepted gnutls28 into bionic-proposed. The package will build now and
be available at
https://launchpad.net/ubuntu/+source/gnutls28/3.5.18-1ubuntu1.4 in a few
hours, and then in the -proposed repository.
Please help us by testing this new package. See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed. Your feedback will aid us getting this
update out to other Ubuntu users.
If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, what testing has been
performed on the package and change the tag from verification-needed-
bionic to verification-done-bionic. If it does not fix the bug for you,
please add a comment stating that, and change the tag to verification-
failed-bionic. In either case, without details of your testing we will
not be able to proceed.
Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in
advance for helping!
N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.
** Changed in: gnutls28 (Ubuntu Bionic)
Status: New => Fix Committed
** Tags added: verification-needed-bionic
** Changed in: gnutls28 (Ubuntu Xenial)
Status: New => Fix Committed
** Tags added: verification-needed-xenial
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gnutls28 in Ubuntu.
https://bugs.launchpad.net/bugs/1876286
Title:
Evolution reports "Error performing TLS handshake: Internal error in
memory allocation."
Status in Gnutls:
Unknown
Status in claws-mail package in Ubuntu:
Invalid
Status in evolution package in Ubuntu:
Invalid
Status in gnutls28 package in Ubuntu:
Fix Released
Status in gnutls28 source package in Xenial:
Fix Committed
Status in gnutls28 source package in Bionic:
Fix Committed
Status in claws-mail source package in Focal:
Invalid
Status in evolution source package in Focal:
Invalid
Status in gnutls28 source package in Focal:
Fix Committed
Status in claws-mail source package in Groovy:
Invalid
Status in evolution source package in Groovy:
Invalid
Status in gnutls28 source package in Groovy:
Fix Released
Status in gnutls28 package in CentOS:
Unknown
Bug description:
[Impact]
Evolution and Claws email clients stopped connecting to Yahoo, AOL,
Verizon, AT&T, Bell South, etc email servers which are run by the same
group. Users are unable to get to their email.
The underlying problem is that GnuTLS does not support zero length
session tickets. The fix works by checking that that ticket_len > 0
prior to calling gnutls_realloc_fast().
Nominating for SRU, fulfills: "Updates that need to be applied to
Ubuntu packages to adjust to changes in the environment, server
protocols, web services, and similar, i. e. where the current version
just ceases to work."
[testcase]
GnuTLS 3.6:
$ gnutls-cli --priority=NORMAL:-VERS-TLS1.3 pop.verizon.net:995
[...]
- Status: The certificate is trusted.
*** Fatal error: Internal error in memory allocation.
the error should be fixed with the update
GnuTLS 3.5:
$ gnutls-cli pop.verizon.net:995
GnuTLS 3.4:
$ gnutls-cli -p 995 pop.verizon.net
[regression potential]
The fix works by checking that that ticket_len > 0 prior to calling
gnutls_realloc_fast(). This creates two separate execution paths:
1) If the session ticket length > 0, which is the primary use case,
the original code block will be executed.
2) If the session ticket len is 0, then the original code block will
be skipped.
Testing will need to include connections to servers that return
session ticket length > 0 as well as ones that return session ticket
length of 0. Wireshark can be used to look at the NewSessionTicket
handshake message to confirm the session ticket length.
[Other Info]
The GnuTLS project's merge request 1260 fixes this bug. It was reviewed and approved by Daiki Ueno:
https://gitlab.com/gnutls/gnutls/-/merge_requests/1260
According to the GnuTLS project: "We utilize two continuous integration systems, the gitlab-ci and travis. Gitlab-CI is used to test most of the Linux systems (see .gitlab-ci.yml), and is split in two phases, build image creation and compilation/test. The build image creation is done at the gnutls/build-images subproject and uploads the image at the gitlab.com container registry. The compilation/test phase is on every commit to gnutls project."
Here are the results of the gitlab-ci pipeline showing all 19 tests passed for merge request 1260:
https://gitlab.com/rrivers2/gnutls/-/pipelines/149155018
Page 8, section 3.3 of RFC5077 describes the NewSessionTicket handshake message and indicates that a zero length session ticket is a legitimate value:
https://tools.ietf.org/pdf/rfc5077.pdf
--------------------------
When GnuTLS connects to servers that return zero length session
tickets using older TLS versions it returns the error code
GNUTLS_E_MEMORY_ERROR and the connection is closed. This prevents
Evolution and Claws email clients from connecting to Yahoo, AOL,
Verizon, AT&T, Bell South, etc email servers. Evolution displays the
message "Error performing TLS handshake: Internal error in memory
allocation"
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: libgnutls30 3.5.18-1ubuntu1.3
ProcVersionSignature: Ubuntu 5.3.0-51.44~18.04.2-generic 5.3.18
Uname: Linux 5.3.0-51-generic x86_64
ApportVersion: 2.20.9-0ubuntu7.14
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Fri May 1 07:03:51 2020
InstallationDate: Installed on 2017-12-12 (870 days ago)
InstallationMedia: Ubuntu 16.04.3 LTS "Xenial Xerus" - Release amd64 (20170801)
ProcEnviron:
PATH=(custom, no username)
XDG_RUNTIME_DIR=<set>
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: gnutls28
UpgradeStatus: Upgraded to bionic on 2018-12-28 (489 days ago)
To manage notifications about this bug go to:
https://bugs.launchpad.net/gnutls/+bug/1876286/+subscriptions