[Bug 1893924] Re: memory leak in GnuTLS iov operations used by Samba
** Changed in: gnutls28 (Debian) Status: Unknown => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1893924 Title: memory leak in GnuTLS iov operations used by Samba To manage notifications about this bug go to: https://bugs.launchpad.net/gnutls/+bug/1893924/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1893924] Re: memory leak in GnuTLS iov operations used by Samba
** Tags added: fr-693 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1893924 Title: memory leak in GnuTLS iov operations used by Samba To manage notifications about this bug go to: https://bugs.launchpad.net/gnutls/+bug/1893924/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1893924] Re: memory leak in GnuTLS iov operations used by Samba
This bug was fixed in the package gnutls28 - 3.6.15-4ubuntu2 --- gnutls28 (3.6.15-4ubuntu2) groovy; urgency=low * Merge from Debian unstable LP: #1893924. Remaining changes: - Enable CET. - Set default priority string to only allow TLS1.2, DTLS1.2, and TLS1.3 with medium security profile (2048 RSA keys minimum, and similar). * Add patch to fix ftbfs gnulib with new glibc. gnutls28 (3.6.15-4) unstable; urgency=medium * autopkgtest: Require build-essential. * autopkgtest: respect dpkg-buildflags for helper-binary build. gnutls28 (3.6.15-3) unstable; urgency=medium * More autopkgtest hotfixes. gnutls28 (3.6.15-2) unstable; urgency=medium * 50_autopkgtestfixes.diff: Fix testsuite issues when running against installed gnutls-bin. * In autopkgtest set top_builddir and builddir, ignore tests/cert-tests/tolerate-invalid-time and tests/gnutls-cli-debug.sh. gnutls28 (3.6.15-1) unstable; urgency=low * New upstream version. + Fixes NULL pointer dereference if a no_renegotiation alert is sent with unexpected timing. CVE-2020-24659 / GNUTLS-SA-2020-09-04 Closes: #969547 + Drop 50_01-serv-omit-upper-bound-of-maxearlydata-option-definit.patch 50_02-gnutls_aead_cipher_init-fix-potential-memleak.patch 50_03-gnutls_cipher_init-fix-potential-memleak.patch 50_04-crypto-api-always-allocate-memory-when-serializing-i.patch + Fix build error due to outdated gettext in Debian by removing newer gettext m4 macros from m4/. gnutls28 (3.6.14-2) unstable; urgency=medium * Pull selected patches from upstream GIT: + 50_01-serv-omit-upper-bound-of-maxearlydata-option-definit.patch: Fixes difference in generated docs on 32 and 64 bit archs. + 50_02-gnutls_aead_cipher_init-fix-potential-memleak.patch 50_03-gnutls_cipher_init-fix-potential-memleak.patch Fix memleak in gnutls_aead_cipher_init() with keys having invalid length. (Broken since 3.6.3) + 50_04-crypto-api-always-allocate-memory-when-serializing-i.patch Closes: #962467 gnutls28 (3.6.14-1) unstable; urgency=high * Drop debugging code added in -4, fixes nocheck profile build error. Closes: #962199 * Add Daiki Ueno 462225C3B46F34879FC8496CD605848ED7E69871 key to debian/upstream/signing-key.asc. * New upstream version. + Fixes insecure session ticket key construction. [GNUTLS-SA-2020-06-03, CVE-2020-13777] Closes: #962289 + Drop 50_Update-session_ticket.c-to-add-support-for-zero-leng.patch 51_01-_gnutls_pkcs11_verify_crt_status-check-validity-agai.patch 51_02-x509-trigger-fallback-verification-path-when-cert-is.patch 51_03-tests-add-test-case-for-certificate-chain-supersedin.patch * Drop guile-gnutls.lintian-overrides. * 40_fix_ipv6only_testsuite_AI_ADDRCONFIG.diff: In gnutls-serv do not pass AI_ADDRCONFIG to getaddrinfo. This broke the testsuite on systems without IPv4 on non-loopback addresses. (Thanks, Adrian Bunk and Julien Cristau!) Hopefully Closes: #962218 -- Dimitri John Ledkov Thu, 24 Sep 2020 12:03:44 +0100 ** Changed in: gnutls28 (Ubuntu Groovy) Status: Fix Committed => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-13777 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-24659 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1893924 Title: memory leak in GnuTLS iov operations used by Samba To manage notifications about this bug go to: https://bugs.launchpad.net/gnutls/+bug/1893924/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1893924] Re: memory leak in GnuTLS iov operations used by Samba
" onto Ubuntu 20.20" I hope you mean 20.10 there (groovy), for which the fix is now pending. ** Changed in: gnutls28 (Ubuntu Groovy) Status: Confirmed => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1893924 Title: memory leak in GnuTLS iov operations used by Samba To manage notifications about this bug go to: https://bugs.launchpad.net/gnutls/+bug/1893924/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1893924] Re: memory leak in GnuTLS iov operations used by Samba
with the argumenatation in comment #4 you are basically arking all developers and users also installing 3rd party packages to stop using Ubuntu ? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1893924 Title: memory leak in GnuTLS iov operations used by Samba To manage notifications about this bug go to: https://bugs.launchpad.net/gnutls/+bug/1893924/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1893924] Re: memory leak in GnuTLS iov operations used by Samba
However we only ship samba 4.11 in focal, thus not affected by this change? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1893924 Title: memory leak in GnuTLS iov operations used by Samba To manage notifications about this bug go to: https://bugs.launchpad.net/gnutls/+bug/1893924/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1893924] Re: memory leak in GnuTLS iov operations used by Samba
what is the test case for this issue? Reading upstream bug report I am not sure this is reproducible without macOS client, or is it? ** No longer affects: gnutls28 (Ubuntu Focal) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1893924 Title: memory leak in GnuTLS iov operations used by Samba To manage notifications about this bug go to: https://bugs.launchpad.net/gnutls/+bug/1893924/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1893924] Re: memory leak in GnuTLS iov operations used by Samba
** Changed in: gnutls28 (Ubuntu Groovy) Status: New => Confirmed ** Also affects: gnutls28 (Ubuntu Focal) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1893924 Title: memory leak in GnuTLS iov operations used by Samba To manage notifications about this bug go to: https://bugs.launchpad.net/gnutls/+bug/1893924/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1893924] Re: memory leak in GnuTLS iov operations used by Samba
** Also affects: gnutls28 (Ubuntu Groovy) Importance: High Status: New ** Tags removed: rls-gg-incoming -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1893924 Title: memory leak in GnuTLS iov operations used by Samba To manage notifications about this bug go to: https://bugs.launchpad.net/gnutls/+bug/1893924/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1893924] Re: memory leak in GnuTLS iov operations used by Samba
Sure, but as upstream we otherwise need to warn Samba users not to deploy current versions onto Ubuntu 20.20, so it would be awesome if this could be fixed. Both Samba 4.12 and 4.13 (due to be released next week) are impacted. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1893924 Title: memory leak in GnuTLS iov operations used by Samba To manage notifications about this bug go to: https://bugs.launchpad.net/gnutls/+bug/1893924/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1893924] Re: memory leak in GnuTLS iov operations used by Samba
The issue should be fixed in the current Debian gnutls28 version but that hasn't been merged yet. On focal the samba package is at 4.11 so that shouldn't be an issue? ** Bug watch added: Debian Bug tracker #962467 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962467 ** Also affects: gnutls28 (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962467 Importance: Unknown Status: Unknown ** Changed in: gnutls28 (Ubuntu) Importance: Undecided => High ** Tags added: rls-gg-incoming -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1893924 Title: memory leak in GnuTLS iov operations used by Samba To manage notifications about this bug go to: https://bugs.launchpad.net/gnutls/+bug/1893924/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1893924] Re: memory leak in GnuTLS iov operations used by Samba
** Bug watch added: Samba Bugzilla #14399 https://bugzilla.samba.org/show_bug.cgi?id=14399 ** Also affects: gnutls via https://bugzilla.samba.org/show_bug.cgi?id=14399 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1893924 Title: memory leak in GnuTLS iov operations used by Samba To manage notifications about this bug go to: https://bugs.launchpad.net/gnutls/+bug/1893924/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
