This bug was fixed in the package gnutls28 - 3.4.10-4ubuntu1.8

---------------
gnutls28 (3.4.10-4ubuntu1.8) xenial; urgency=medium

  * d/p/50_Update-session_ticket.c-to-add-support-for-zero-leng.patch:
    - add support for zero length  session tickets returned from the server,
      thanks Rod for the backport and testing! (lp: #1876286)

 -- Sebastien Bacher <seb...@ubuntu.com>  Wed, 17 Jun 2020 23:06:13
+0200

** Changed in: gnutls28 (Ubuntu Xenial)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1876286

Title:
  Evolution reports "Error performing TLS handshake: Internal error in
  memory allocation."

Status in Gnutls:
  Unknown
Status in claws-mail package in Ubuntu:
  Invalid
Status in evolution package in Ubuntu:
  Invalid
Status in gnutls28 package in Ubuntu:
  Fix Released
Status in gnutls28 source package in Xenial:
  Fix Released
Status in gnutls28 source package in Bionic:
  Fix Released
Status in claws-mail source package in Focal:
  Invalid
Status in evolution source package in Focal:
  Invalid
Status in gnutls28 source package in Focal:
  Fix Released
Status in claws-mail source package in Groovy:
  Invalid
Status in evolution source package in Groovy:
  Invalid
Status in gnutls28 source package in Groovy:
  Fix Released
Status in gnutls28 package in CentOS:
  Unknown

Bug description:
  [Impact]

  Evolution and Claws email clients stopped connecting to Yahoo, AOL,
  Verizon, AT&T, Bell South, etc email servers which are run by the same
  group. Users are unable to get to their email.

  The underlying problem is that GnuTLS does not support zero length
  session tickets.  The fix works by checking that that ticket_len > 0
  prior to calling gnutls_realloc_fast().

  Nominating for SRU, fulfills: "Updates that need to be applied to
  Ubuntu packages to adjust to changes in the environment, server
  protocols, web services, and similar, i. e. where the current version
  just ceases to work."

  
  [testcase]

  GnuTLS 3.6:
  $ gnutls-cli --priority=NORMAL:-VERS-TLS1.3 pop.verizon.net:995
  [...]
  - Status: The certificate is trusted.
  *** Fatal error: Internal error in memory allocation.

  the error should be fixed with the update

  GnuTLS 3.5:
  $ gnutls-cli pop.verizon.net:995

  GnuTLS 3.4:
  $ gnutls-cli -p 995 pop.verizon.net

  
  [regression potential]

  The fix works by checking that that ticket_len > 0 prior to calling
  gnutls_realloc_fast().  This creates two separate execution paths:

  1) If the session ticket length > 0, which is the primary use case,
  the original code block will be executed.

  2) If the session ticket len is 0, then the original code block will
  be skipped.

  Testing will need to include connections to servers that return
  session ticket length > 0 as well as ones that return session ticket
  length of 0.  Wireshark can be used to look at the NewSessionTicket
  handshake message to confirm the session ticket length.

  
  [Other Info]

  The GnuTLS project's merge request 1260 fixes this bug.  It was reviewed and 
approved by Daiki Ueno:
  https://gitlab.com/gnutls/gnutls/-/merge_requests/1260

  According to the GnuTLS project: "We utilize two continuous integration 
systems, the gitlab-ci and travis.  Gitlab-CI is used to test most of the Linux 
systems (see .gitlab-ci.yml), and is split in two phases, build image creation 
and compilation/test. The build image creation is done at the 
gnutls/build-images subproject and uploads the image at the gitlab.com 
container registry. The compilation/test phase is on every commit to gnutls 
project."
  Here are the results of the gitlab-ci pipeline showing all 19 tests passed 
for merge request 1260:
  https://gitlab.com/rrivers2/gnutls/-/pipelines/149155018

  Page 8, section 3.3 of RFC5077 describes the NewSessionTicket handshake 
message and indicates that a zero length session ticket is a legitimate value:
  https://tools.ietf.org/pdf/rfc5077.pdf

  --------------------------

  When GnuTLS connects to servers that return zero length session
  tickets using older TLS versions it returns the error code
  GNUTLS_E_MEMORY_ERROR and the connection is closed.  This prevents
  Evolution and Claws email clients from connecting to Yahoo, AOL,
  Verizon, AT&T, Bell South, etc email servers.  Evolution displays the
  message "Error performing TLS handshake: Internal error in memory
  allocation"

  
  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: libgnutls30 3.5.18-1ubuntu1.3
  ProcVersionSignature: Ubuntu 5.3.0-51.44~18.04.2-generic 5.3.18
  Uname: Linux 5.3.0-51-generic x86_64
  ApportVersion: 2.20.9-0ubuntu7.14
  Architecture: amd64
  CurrentDesktop: ubuntu:GNOME
  Date: Fri May 1 07:03:51 2020
  InstallationDate: Installed on 2017-12-12 (870 days ago)
  InstallationMedia: Ubuntu 16.04.3 LTS "Xenial Xerus" - Release amd64 
(20170801)
  ProcEnviron:
   PATH=(custom, no username)
   XDG_RUNTIME_DIR=<set>
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: gnutls28
  UpgradeStatus: Upgraded to bionic on 2018-12-28 (489 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/gnutls/+bug/1876286/+subscriptions

_______________________________________________
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to     : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

Reply via email to