[Bug 1922004] Re: gnutls28 OOM's on arm64, ppc64el and s390x with lto
Launchpad Bug Tracker
1922004 at bugs.launchpad.net
Thu Apr 15 18:24:56 UTC 2021
This bug was fixed in the package gnutls28 - 3.7.1-3ubuntu1
---------------
gnutls28 (3.7.1-3ubuntu1) hirsute; urgency=medium
* Merge from Debian unstable. Remaining changes:
- Enable CET.
- Set default priority string to only allow TLS1.2, DTLS1.2, and
TLS1.3 with medium security profile (2048 RSA keys minimum, and
similar).
* Fix FTBFS with lto - reduce parallelism to 2. LP: #1922004
* Merge CVE fixes CVE-2021-20231 CVE-2021-20232
gnutls28 (3.7.1-3) unstable; urgency=low
* Rename/refetch
*build-doc-install-missing-image-file-gnutls-crypto-l.patch, it is has
been merged into upstream GIT.
* Upload to unstable.
gnutls28 (3.7.1-2) experimental; urgency=medium
* Also run ocsptool tests in autopkgtest.
* Add CVE numbers to previous changelog entry.
* Pull selected fixes from upstream GIT:
+ 55_01-_gnutls_buffer_resize-account-for-unused-area-if-AGG.patch
+ 55_02-str-suppress-Wunused-function-if-AGGRESSIVE_REALLOC-.patch
+ 56_01-srptool-avoid-FILE-pointer-leak-on-error.patch
+ 56_02-gnutls-cli-debug-avoid-resource-leak-in-saving-DHE-p.patch
+ 56_03-src-avoid-file-descriptor-leak-in-socket_open2.patch
+ 56_04-examples-avoid-memory-leak-in-tlsproxy.patch
+ 56_05-examples-avoid-memory-leak-in-ex-verify.patch
* 60_build-doc-install-missing-image-file-gnutls-crypto-l.patch
Ship missing image file. (Thanks, lintian)
gnutls28 (3.7.1-1) unstable; urgency=medium
* New upstream version
Fixes potential use-after-free in sending "key_share" and "pre_shared_key"
extensions. GNUTLS-SA-2021-03-10. CVE-2021-20231 CVE-2021-20232
* Upload to unstable.
gnutls28 (3.7.0+git20210306-2) experimental; urgency=medium
* Fix autopkgtest skiplist.
gnutls28 (3.7.0+git20210306-1) experimental; urgency=low
* Update to GIT ba6e4b17bf74e58a8101f825011434b497eacbaa
+ Drop cherry-picked patches {48,49,50}_*.
+ Update copyright file.
gnutls28 (3.7.0-7) unstable; urgency=medium
* Pull 50_01-gnutls_session_is_resumed-don-t-check-session-ID-in-.patch
50_02-handshake-TLS-1.3-don-t-generate-session-ID-in-resum.patch
50_04-tests-close-unused-fd-opened-by-socketpair.patch from upstream
master, fixing session resumption in non-TLS1.3 mode, which broke ftp-ssl.
(Thanks to Tim Kosse for the pointer) Closes: #980119
gnutls28 (3.7.0-6) unstable; urgency=medium
* Update 49_0001-gnutls_x509_trust_list_verify_crt2-ignore-duplicate-.patch
with merged version from upstream GIT master. Features a fix for an assert
on connection to servers which send a duplicate chain including the
self-signed CA. Closes: #980513
-- Dimitri John Ledkov <xnox at ubuntu.com> Wed, 14 Apr 2021 15:44:37
+0100
** Changed in: gnutls28 (Ubuntu)
Status: New => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-20231
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-20232
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gnutls28 in Ubuntu.
https://bugs.launchpad.net/bugs/1922004
Title:
gnutls28 OOM's on arm64, ppc64el and s390x with lto
Status in gnutls28 package in Ubuntu:
Fix Released
Bug description:
seen in
https://people.canonical.com/~doko/ftbfs-report/test-rebuild-20210325-hirsute-hirsute.html
https://launchpad.net/ubuntu/+archive/test-
rebuild-20210325-hirsute/+sourcepub/12224570/+listing-archive-extra
barely succeeds on amd64 with 8G RAM + 4G swap
arm64 and ppc64el only have 8G RAM, no swap.
s390x has 8G RAM + 4G swap, but still runs out of memory. likely
because of the heavier inlining from the the baseline.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnutls28/+bug/1922004/+subscriptions
More information about the foundations-bugs
mailing list