Evolution reports "Error performing TLS handshake: Internal error in memory allocation."

Bug #1876286 reported by Rod Rivers on 2020-05-01
118
This bug affects 17 people
Affects Status Importance Assigned to Milestone
Gnutls
Unknown
Unknown
claws-mail (Ubuntu)
Status tracked in Groovy
Focal
Undecided
Unassigned
Groovy
Undecided
Unassigned
evolution (Ubuntu)
Status tracked in Groovy
Focal
Undecided
Unassigned
Groovy
Undecided
Unassigned
gnutls28 (CentOS)
Unknown
Unknown
gnutls28 (Ubuntu)
Status tracked in Groovy
Xenial
Undecided
Unassigned
Bionic
Undecided
Unassigned
Focal
High
Unassigned
Groovy
High
Unassigned

Bug Description

[Impact]

Evolution and Claws email clients stopped connecting to Yahoo, AOL, Verizon, AT&T, Bell South, etc email servers which are run by the same group. Users are unable to get to their email.

The underlying problem is that GnuTLS does not support zero length session tickets. The fix works by checking that that ticket_len > 0 prior to calling gnutls_realloc_fast().

Nominating for SRU, fulfills: "Updates that need to be applied to Ubuntu packages to adjust to changes in the environment, server protocols, web services, and similar, i. e. where the current version just ceases to work."

[testcase]

GnuTLS 3.6:
$ gnutls-cli --priority=NORMAL:-VERS-TLS1.3 pop.verizon.net:995
[...]
- Status: The certificate is trusted.
*** Fatal error: Internal error in memory allocation.

the error should be fixed with the update

GnuTLS 3.5:
$ gnutls-cli pop.verizon.net:995

GnuTLS 3.4:
$ gnutls-cli -p 995 pop.verizon.net

[regression potential]

The fix works by checking that that ticket_len > 0 prior to calling gnutls_realloc_fast(). This creates two separate execution paths:

1) If the session ticket length > 0, which is the primary use case, the original code block will be executed.

2) If the session ticket len is 0, then the original code block will be skipped.

Testing will need to include connections to servers that return session ticket length > 0 as well as ones that return session ticket length of 0. Wireshark can be used to look at the NewSessionTicket handshake message to confirm the session ticket length.

[Other Info]

The GnuTLS project's merge request 1260 fixes this bug. It was reviewed and approved by Daiki Ueno:
https://gitlab.com/gnutls/gnutls/-/merge_requests/1260

According to the GnuTLS project: "We utilize two continuous integration systems, the gitlab-ci and travis. Gitlab-CI is used to test most of the Linux systems (see .gitlab-ci.yml), and is split in two phases, build image creation and compilation/test. The build image creation is done at the gnutls/build-images subproject and uploads the image at the gitlab.com container registry. The compilation/test phase is on every commit to gnutls project."
Here are the results of the gitlab-ci pipeline showing all 19 tests passed for merge request 1260:
https://gitlab.com/rrivers2/gnutls/-/pipelines/149155018

Page 8, section 3.3 of RFC5077 describes the NewSessionTicket handshake message and indicates that a zero length session ticket is a legitimate value:
https://tools.ietf.org/pdf/rfc5077.pdf

--------------------------

When GnuTLS connects to servers that return zero length session tickets using older TLS versions it returns the error code GNUTLS_E_MEMORY_ERROR and the connection is closed. This prevents Evolution and Claws email clients from connecting to Yahoo, AOL, Verizon, AT&T, Bell South, etc email servers. Evolution displays the message "Error performing TLS handshake: Internal error in memory allocation"

ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: libgnutls30 3.5.18-1ubuntu1.3
ProcVersionSignature: Ubuntu 5.3.0-51.44~18.04.2-generic 5.3.18
Uname: Linux 5.3.0-51-generic x86_64
ApportVersion: 2.20.9-0ubuntu7.14
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Fri May 1 07:03:51 2020
InstallationDate: Installed on 2017-12-12 (870 days ago)
InstallationMedia: Ubuntu 16.04.3 LTS "Xenial Xerus" - Release amd64 (20170801)
ProcEnviron:
 PATH=(custom, no username)
 XDG_RUNTIME_DIR=<set>
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: gnutls28
UpgradeStatus: Upgraded to bionic on 2018-12-28 (489 days ago)

Rod Rivers (rrivers) wrote :
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in evolution (Ubuntu):
status: New → Confirmed
wpshooter (joverstreet1) wrote :

Am having this problem with my Verizon email account which was migrated to AOL several years back.
Am using Evolution version 3.28.5-0ubuntu0.18.04.2 which is the default version as presently updated for Linux Mint 19.3 mate 64 bit. AOL has been zero help in troubleshooting this problem

Problem started about 2 days ago.

Send email functions just fine.
Receiving email will not function. Gives error:
Error performing TLS handshake: Internal error in memory allocation
Have send function setup as: smtp.verizon.net on port 465 which has worked until just 2 days ago.
Have receive function setup as: pop.verizon.net on port 995 which has worked until just 2 days ago.
Encryption method on receive function encrytion method setup as: TLS on a dedicated port

Get this error when poll for supported types: Failed to query server for a list of supported authentication mechanisms. Error performing TLS handshake: Internal error in memory allocation.

Let me know if you need more info. <email address hidden> or <email address hidden>
Thanks.

wpshooter (joverstreet1) wrote :

Meant to say that smtp setting is still working, it is only the pop function that stopped working 2 days ago.

Rod Rivers (rrivers) wrote :

I haven't been able to get the pop3 debug logging to work. Maybe one of the developers could try to add another account with a pop connection to verizon from a fully patched 18.04 machine? The verizon.net settings are:

 Server: pop.verizon.net
 Port: 995

 Encryption method: TLS on a dedicated port

 Authentication: password

The Evolution wiki has instructions on debugging the mail backends. I tried to follow the instructions for pop3 but the logfile created had a length of 0. I tried to cut and paste from the wiki into a terminal to make sure there aren't any typos but had the same result. I noticed later on that page there is an all option. That worked but the entries were mostly imapx or DB. I couldn't find any pop logs or anything with TLS. Here is the link to the directions:
https://wiki.gnome.org/Apps/Evolution/Debugging

Wireshark shows a TLS connection made to pop.verizon.net (66.218.85.35). I can see the server cert chain. Towards the end of the connection there is a small amount of data returned by the server to which the client responds with a reset.

Let me know if there are any other logs I can collect, anything else to try on my end or if there is any other information you need to duplicate the issue.

Rod,

I experience, exact, same problem here using Evolution on Debian 9 with
verizon.net server (aol.com). If it would be helpful, I can send
similar wireshark recording of evolution communication with aol server.

Using Thunderbird on same Debian 9 OS, I have no problem.

Joe

Rod Rivers (rrivers) wrote :

Joe,

Thanks for the info! I made some progress on this today. Evidently Evolution uses GnuTLS to communicate with the pop server. If you run the following commands on a terminal you should get plenty of output that will allow you to decode the encrypted packets:
    export GNUTLS_DEBUG_LEVEL=99
    evolution

It looks like the handshake has just finished and the pop server is returning its first message:
  Post Office Protocol
      +OK Hello from jpop-0.1\r\n
          Response indicator: +OK
          Response description: Hello from jpop-0.1

I have attached the pcap, debug output and keys.

Rod

I am new to Linux and not that computer savvy. I don’t understand how to
decode encrypted packets. Also will this solve the problem? It would be
better for someone like myself to just have an ungrade to Evolution that
would contain the solution and have it work properly. Thanks for your
consideration.

-----Original Message-----
From: Rod Rivers
Sent: Tuesday, May 05, 2020 7:39 PM
To: <email address hidden>
Subject: [Bug 1876286] Re: Evolution reports "Error performing TLS
handshake: Internal error in memory allocation."

Joe,

Thanks for the info! I made some progress on this today. Evidently
Evolution uses GnuTLS to communicate with the pop server. If you run the
following commands on a terminal you should get plenty of output that will
allow you to decode the encrypted packets:
    export GNUTLS_DEBUG_LEVEL=99
    evolution

It looks like the handshake has just finished and the pop server is
returning its first message:
  Post Office Protocol
      +OK Hello from jpop-0.1\r\n
          Response indicator: +OK
          Response description: Hello from jpop-0.1

I have attached the pcap, debug output and keys.

Rod

** Attachment added: "EvolutionVerizonHandshakeFailure.zip"
   https://bugs.launchpad.net/ubuntu/+source/evolution/+bug/1876286/+attachment/5367101/+files/EvolutionVerizonHandshakeFailure.zip

--
You received this bug notification because you are subscribed to the bug
report.
https://bugs.launchpad.net/bugs/1876286

Title:
  Evolution reports "Error performing TLS handshake: Internal error in
  memory allocation."

Status in evolution package in Ubuntu:
  Confirmed

Bug description:
  When Evolution checks my verizon.net account it displays the message
  "Error performing TLS handshake: Internal error in memory allocation"
  and doesn't download any new email messages. This started happening
  two days ago shortly after updates were applied. Normally it would
  download the new email messages. Searching the web I found a Linux
  Mint forum with users having the same issue. Some users felt it maybe
  an expired certificate while others thought it might be related to the
  recent update. What can I do to get more information about this
  issue?

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: evolution 3.28.5-0ubuntu0.18.04.2
  ProcVersionSignature: Ubuntu 5.3.0-51.44~18.04.2-generic 5.3.18
  Uname: Linux 5.3.0-51-generic x86_64
  ApportVersion: 2.20.9-0ubuntu7.14
  Architecture: amd64
  CurrentDesktop: ubuntu:GNOME
  Date: Fri May 1 07:03:51 2020
  InstallationDate: Installed on 2017-12-12 (870 days ago)
  InstallationMedia: Ubuntu 16.04.3 LTS "Xenial Xerus" - Release amd64
(20170801)
  ProcEnviron:
   PATH=(custom, no username)
   XDG_RUNTIME_DIR=<set>
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: evolution
  UpgradeStatus: Upgraded to bionic on 2018-12-28 (489 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/evolution/+bug/1876286/+subscriptions

--
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

Rod,

I saw your suggestions re: obtaining additional info via terminal and
"export GNUTLS_DEBUG_LEVEL=99
evolution".

I wasn't sure whether you were suggesting that I use that technique to
obtain more info and then forward the info to you. On the chance that
you wanted me to forward the info to you, I did execute the commands
and I made a copy of the results. The copy consists of a 20-page PDF
file. Please let me know if you wish me to forward to you a copy of the
results.

I have very limited familiarity with TLS, etc., so I have no idea
whether the "results" would contain info regarding my password for the
email requested from the server, so I have deferred sending the results
to you.

I await your response.

Joe

Rod Rivers (rrivers) wrote :

Joe,

If your not sure if there is any sensitive information in the trace please do not send the files. I was able to get wireshark to decrypt and decode the pcap and was certain that no username/password was recorded in the files I posted.

The next logical step would be to get the source code, compile it and see if you can trace through it to find the line that is failing. I looked at the build instructions but they look complicated:
https://wiki.gnome.org/Apps/Evolution/Building

At this point I'm looking into either upgrading to Ubuntu 20.04 or installing the flatpack version that was mentioned in the Linux Mint forum.

Rod

Uninstalling the apt version and then installing the Flatpak version
didnt make
any difference for me - very disappointed. I prefer Evolution to
Thunderbird (sorry..mozilla)

Though I wonder if there were remnant files left behind from the apt
because my emails were still there
when i installed the Flatpak. Would those left behind filed after the
uninstall cause carry over problems
to the flatpak installed version ?

On Wed, May 6, 2020 at 9:05 PM Rod Rivers <email address hidden>
wrote:

> Joe,
>
> If your not sure if there is any sensitive information in the trace
> please do not send the files. I was able to get wireshark to decrypt
> and decode the pcap and was certain that no username/password was
> recorded in the files I posted.
>
> The next logical step would be to get the source code, compile it and see
> if you can trace through it to find the line that is failing. I looked at
> the build instructions but they look complicated:
> https://wiki.gnome.org/Apps/Evolution/Building
>
> At this point I'm looking into either upgrading to Ubuntu 20.04 or
> installing the flatpack version that was mentioned in the Linux Mint
> forum.
>
> Rod
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1876286
>
> Title:
> Evolution reports "Error performing TLS handshake: Internal error in
> memory allocation."
>
> Status in evolution package in Ubuntu:
> Confirmed
>
> Bug description:
> When Evolution checks my verizon.net account it displays the message
> "Error performing TLS handshake: Internal error in memory allocation"
> and doesn't download any new email messages. This started happening
> two days ago shortly after updates were applied. Normally it would
> download the new email messages. Searching the web I found a Linux
> Mint forum with users having the same issue. Some users felt it maybe
> an expired certificate while others thought it might be related to the
> recent update. What can I do to get more information about this
> issue?
>
> ProblemType: Bug
> DistroRelease: Ubuntu 18.04
> Package: evolution 3.28.5-0ubuntu0.18.04.2
> ProcVersionSignature: Ubuntu 5.3.0-51.44~18.04.2-generic 5.3.18
> Uname: Linux 5.3.0-51-generic x86_64
> ApportVersion: 2.20.9-0ubuntu7.14
> Architecture: amd64
> CurrentDesktop: ubuntu:GNOME
> Date: Fri May 1 07:03:51 2020
> InstallationDate: Installed on 2017-12-12 (870 days ago)
> InstallationMedia: Ubuntu 16.04.3 LTS "Xenial Xerus" - Release amd64
> (20170801)
> ProcEnviron:
> PATH=(custom, no username)
> XDG_RUNTIME_DIR=<set>
> LANG=en_US.UTF-8
> SHELL=/bin/bash
> SourcePackage: evolution
> UpgradeStatus: Upgraded to bionic on 2018-12-28 (489 days ago)
>
> To manage notifications about this bug go to:
>
> https://bugs.launchpad.net/ubuntu/+source/evolution/+bug/1876286/+subscriptions
>

Eric G. Stern (egstern1) wrote :

For me it affects IMAP mail retrieval from imap.aol.com.

Ade Vickers (adev73) wrote :

I'm also seeing the issue with my Yahoo imap access, which started today after an apt-get upgrade across my system.

Version no is: 3.28.5-0ubuntu0.18.04.2

Stephen Holden (stephenholden) wrote :

Started here yesterday accessing Rogers/Yahoo email using imap. Worked fine for the last year until yesterday...Gmail is still working.

Martin Althoff (hazymountain) wrote :

I'll just chime in with a "me too". Connecting to imap yahoo fails. A couple of other accounts work fine. I changed no mail settings. However some Ubuntu (18.04) updates ran.

Ted Clista (7cteddy) wrote :

I am using Zorin Lite. Verizon Pop3 through AOL. Everything worked fine until Apr 25. Having exactly the same problem. Cannot receive mail.

ernie menzies (ernie625) wrote :

Ubuntu Mate using Evolution which has been working fine, but as of yesterday is get error:

 "Failed to Send: Error performing TLS handshake: Internal error in memory allocation" when trying to access ATT.NET mail.

Both my Hotmail and Sonic.net mail send and receive normally. Had not updated anything or made any other changes before this happened. It just started out of the blue.

ernie menzies (ernie625) wrote :

CORRECTION (to above):

It says "FAILED TO OPEN FOLDER" not "failed to send".

Then followed by "Error performing TLS handshake: Internal error in memory allocation" but only when trying to access ATT.NET mail." (at least for now)

ernie menzies (ernie625) wrote :

Update 2:
Evolution is also displaying "Failed to connect to account ~ Error performing TLS handshake: Internal error in memory allocation"
Evolution will not load/expand the AT&T mail to the sidebar but it loads Hotmail and Sonic as I wrote above.

Matthew Colwell (mattcolwell) wrote :

This began occurring Thursday, May 7th, 2020. Failure to connect with any of my AT&T related accounts, showing the message "Error performing TLS handshake: Internal error in memory allocation." Evolution worked great for me prior to this point. Evolution 3.28.5-0ubuntu0.18.04.2 used on Linux Mint 19.3 Cinnamon 4.4.8.

Yi Li (stoneliyi) wrote :

I have the exactly the same problem starting since Thursday, May 7, 2020.

I have 3 accounts, 1 corp exchange acct, one gmail acct and one yahoo mail acct. only yahoo mail acct is failing with tls issue ""Error performing TLS handshake: Internal error in memory allocation.". (imap.mail.yahoo.com:993).

the other two accts work great.

Evolution 3.28.5-0ubuntu0.18.04.2 on Ubuntu 18.04.

Rod Rivers (rrivers) wrote :

I looked into upgrading from Ubuntu 18.04 to 20.04 but evidently that isn't an option until sometime in July. I tried to install the flatpack version and was able to get to all my email accounts again. Before trying this make sure to backup your current evolution data (File, Backup Evolution data ...). Then I followed the directions at the link below, make sure to follow the setup guide at the top:
https://flathub.org/apps/details/org.gnome.Evolution

2 comments hidden view all 113 comments
ernie menzies (ernie625) wrote :

Okay.... the common denominator in this issue is Yahoo mail.
They manage AT&T, AOL and Verizon.

Simon Baldwin (smnbldwn) wrote :

I am experiencing the same issue using Evolution 3.18.5.2 on Ubuntu 16.04 powerpc.
My Yahoo and Aim accounts will not connect and I get the message "The reported error was "Error performing TLS handshake: Internal error in memory allocation."

Donny Darko (donny9darko) wrote :

same problm here but only with yahoo email (IMAP). Ubuntu Mate 18.04 Kernel 5.3.0-51

Vincent Vermeulen (xenopeek) wrote :

Another mailclient, Claws-Mail, is reported to also be affected by the POP3 TLS handshake failure for Yahoo mail managed email (AT&T, AOL, BellSouth, Verizon) on Ubuntu 18.04 base.

This may be an issue with some system libraries used by both Evolution and Claws-Mail and maybe whatever security tightening Yahoo mail did recently.

A user of Evolution on Ubuntu 18.04 base reported to get Evolution to work again after installing these packages from Ubuntu 20.04:
libffi7
libgnutls30
libhogweed5
libnettle7
libp11-kit0

Not narrowed down yet but above may hold clue as to which package in Ubuntu 18.04 base is the cause.

ernie menzies (ernie625) wrote :

~ Vincent Vermeulen

IMAP TLS is also affected.

Yi Li (stoneliyi) wrote :

after installing 3.36.2 by flatpack, my yahoo acct starts to work again.

Was: Yahoo(IMAP), Evolution 3.28.5-0ubuntu0.18.04.2 on Ubuntu 18.04
Now: Yahoo(IMAP), Evolution 3.36.2 (by Flathub.org) on Ubuntu 18.04

Dear all,

I have had the same "...TLS handshake: Internal error in memory allocation"
with yahoo IMAP (and POP) on claws 3.17.5 (and some older version)
for the last 1-2 days, on 18.1 Mint and 19.3 Mint.

Many thanks to Vincent Vermeulen for narrowing down the libs.

I don't think this is due to some new additions
to Ubuntu libraries as I tried on 18.1, 18.3, 19 & 19.3 Mint
(as i was updating the system remotely).

I managed to resolve this by installing from sources
gnutls-3.6.13 and its dependencies nettle-3.6 and libunistring
9.9 (via apt get this one).

The issue seems to be either with nettle or gnutls.

I then set $PGK_CONFIG_PATH and $LD_LIBRARY_PATH and then re-compiled claws-mail-3.17.5

Solved the imap problem for sure, haven't tested the POP protocol.

Regards,

NA

Matthew Colwell (mattcolwell) wrote :

Google email addresses worked fine for me, but not AT&T addresses from May 7th on with Evolution. Thanks for the recommendation to install a newer version from Flathub.org. Backed up Evolution, removed version 3.28.5, installed version 3.36.2, restored data from backup, and all is now good and right in the world --- or at least on my laptop for now. Using Linux Mint 19.3 Cinnamon 4.4.8 on ubuntu0.18.04.2

Rod Rivers (rrivers) wrote :

The issue appears to be in /usr/lib/x86_64-linux-gnu/libgnutls.so.30.14.10 with the function _gnutls_recv_new_session_ticket around line 758 of session_ticket.c. The code reads two bytes and assigns the result to the variable ticket_len. Unfortunately this value is zero. A few lines later when the variable is used in a memory allocation call, the call fails and the code returns GNUTLS_E_MEMORY_ERROR. I'm not sure what is causing the value to be zero. Attached is a copy of the gdb output, maybe someone who is familiar with GnuTLS can help.

Ted Clista (7cteddy) wrote :

Installed flathub as per instructions. Worked okay for about an hour, then reverted back to same problem. Used Unbuntu distro in instructions. I am operating Zorin Lite. Should I use a different distro in setup to solve this problem?

Ted Clista (7cteddy) wrote :

Evolution is a great email program. My problem isn't fixed. I hope that someone can step up and help.

flatlander (juggle) wrote :

I get the "Error performing TLS handshake: ..." message with Yahoo mail using IMAP or POP.
My partner reports the same issue with AoL.

richard (rm25) wrote :

This same problem started the first week of May with my IMAP+ AT&T. "Error performing TLS handshake: ..."
Ubuntu Mate 16.... Evolution 3.18.5.2-0ubuntu3.2

Sending SMTP still works.

Reading through the posts it's clear that it's a Yahoo issue since Yahoo manages AT&T, AOL, Verizon and Yahoo mail and those are the only ones affected.

Why has no fix-update been created yet?
It's not like people are so swamped with work they don't have time to.

Martin Althoff (hazymountain) wrote :

It is obviously related to yahoo for all of us, but that does not mean Yahoo caused it.

While it might be that Yahoo has done some changes, I have other mail clients (Thunderbird
on Ubuntu, K9 on Android, Mailmate on Mac) that have not been updated and have had no
problem with yahoo. We are very specifically looking at Evolution in relation to Yahoo.

Two mere suspicions, and I have no way to check due to lack of knowledge, a) there was an
update on Ubuntu that caused the issue. b) indeed, yahoo did some changes, but they were
no problem before. Whatever library in the background handles this, worked fine so far,
but could not cope with this hypothetical change. Then it must be that Thunderbird works
differently.

cheers, Martin

On Fri, 2020-05-15 at 14:17 +0000, richard wrote:
> This same problem started the first week of May with my IMAP+ AT&T. "Error performing TLS handshake: ..."
> Ubuntu Mate 16.... Evolution 3.18.5.2-0ubuntu3.2
>
> Sending SMTP still works.
>
> Reading through the posts it's clear that it's a Yahoo issue since Yahoo
> manages AT&T, AOL, Verizon and Yahoo mail and those are the only ones
> affected.
>
> Why has no fix-update been created yet?
> It's not like people are so swamped with work they don't have time to.
>

phl (m-phil) wrote :

BUMP.. I have the same issues with my yahoo based email accounts, Started around the same time as the others. The email accounts do work in Thunderbird.

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in claws-mail (Ubuntu):
status: New → Confirmed
Rod Rivers (rrivers) on 2020-05-25
Changed in gnutls28 (Ubuntu):
status: New → Confirmed
tags: added: rls-gg-incoming
description: updated
Changed in gnutls28 (Ubuntu):
importance: Undecided → High
Changed in evolution (Ubuntu):
status: Confirmed → Invalid
Changed in claws-mail (Ubuntu):
status: Confirmed → Invalid
Changed in gnutls28 (Ubuntu):
status: Confirmed → Triaged
no longer affects: claws-mail (Ubuntu Focal)
no longer affects: evolution (Ubuntu Focal)
no longer affects: gnutls28 (Ubuntu Focal)
Changed in claws-mail (Ubuntu Focal):
status: New → Invalid
Changed in evolution (Ubuntu Focal):
status: New → Invalid
Changed in gnutls28 (Ubuntu Focal):
importance: Undecided → High
status: New → Triaged
tags: removed: rls-gg-incoming
tags: added: id-5ed9108ac43eb08712857ef5
Changed in gnutls28 (Ubuntu Groovy):
status: Triaged → Fix Committed
Changed in gnutls28 (Ubuntu Groovy):
status: Fix Committed → Fix Released
Rod Rivers (rrivers) on 2020-06-13
description: updated
Changed in gnutls28 (Ubuntu Focal):
status: Triaged → Fix Committed
description: updated
Rod Rivers (rrivers) on 2020-06-18
description: updated
33 comments hidden view all 113 comments
James (magnum6) wrote :

Much thanx to Rod for writing a patch for Xenial! It is really appreciated.
Can you tell a noob how to apply it?

Sebastien Bacher (seb128) wrote :

@James, there is an official package update waiting for review, the bug is going to get a new comment with instructions once it's accepted so no need to do your own build

Hello Rod, or anyone else affected,

Accepted gnutls28 into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/gnutls28/3.6.13-2ubuntu1.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

tags: added: verification-needed verification-needed-focal
Łukasz Zemczak (sil2100) wrote :

Hello Rod, or anyone else affected,

Accepted gnutls28 into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/gnutls28/3.5.18-1ubuntu1.4 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in gnutls28 (Ubuntu Bionic):
status: New → Fix Committed
tags: added: verification-needed-bionic
Changed in gnutls28 (Ubuntu Xenial):
status: New → Fix Committed
tags: added: verification-needed-xenial
Łukasz Zemczak (sil2100) wrote :

Hello Rod, or anyone else affected,

Accepted gnutls28 into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/gnutls28/3.4.10-4ubuntu1.8 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Download full text (6.5 KiB)

I have installed on bionic and still have TLS memory error when trying to connect to my Rogers-Yahoo account.  No change.  Confirmed that new package is installed...Tried creating new Rogers-Yahoo account and it fails as well.
Dang.  Pls let me know what I can do to help diagnose further!
Appreciate the work to date.

Stephen Holden
Ontario, Canada

    On Monday, June 22, 2020, 11:20:55 a.m. EDT, Łukasz Zemczak <email address hidden> wrote:

 Hello Rod, or anyone else affected,

Accepted gnutls28 into bionic-proposed. The package will build now and
be available at
https://launchpad.net/ubuntu/+source/gnutls28/3.5.18-1ubuntu1.4 in a few
hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.  Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, what testing has been
performed on the package and change the tag from verification-needed-
bionic to verification-done-bionic. If it does not fix the bug for you,
please add a comment stating that, and change the tag to verification-
failed-bionic. In either case, without details of your testing we will
not be able to proceed.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance for helping!

N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.

** Changed in: gnutls28 (Ubuntu Bionic)
      Status: New => Fix Committed

** Tags added: verification-needed-bionic

** Changed in: gnutls28 (Ubuntu Xenial)
      Status: New => Fix Committed

** Tags added: verification-needed-xenial

--
You received this bug notification because you are subscribed to the bug
report.
https://bugs.launchpad.net/bugs/1876286

Title:
  Evolution reports "Error performing TLS handshake: Internal error in
  memory allocation."

Status in Gnutls:
  Unknown
Status in claws-mail package in Ubuntu:
  Invalid
Status in evolution package in Ubuntu:
  Invalid
Status in gnutls28 package in Ubuntu:
  Fix Released
Status in gnutls28 source package in Xenial:
  Fix Committed
Status in gnutls28 source package in Bionic:
  Fix Committed
Status in claws-mail source package in Focal:
  Invalid
Status in evolution source package in Focal:
  Invalid
Status in gnutls28 source package in Focal:
  Fix Committed
Status in claws-mail source package in Groovy:
  Invalid
Status in evolution source package in Groovy:
  Invalid
Status in gnutls28 source package in Groovy:
  Fix Released
Status in gnutls28 package in CentOS:
  Unknown

Bug description:
  [Impact]

  Evolution and Claws email clients stopped connecting to Yahoo, AOL,
  Verizon, AT&T, Bell South, etc email servers which are run by the same
  group. Users are unable to get to their email.

  The underlying problem is that GnuTLS does not support zero length
  session tickets.  The fix...

Read more...

Rod Rivers (rrivers) wrote :

@stephenholden could you provide:

1) details on your connection type (pop/imap), server and port (in my case this was pop to pop.verizon.net on port 995).

2) output of "dpkg -l | grep gnutls"

3) test my server using "gnutls-cli pop.verizon.net:995" (you may need to install the gnutls-bin package) and let me know if you see the error or a message that ends with "+OK Hello from jpop-0.1"

I just tried with the proposed repo and was able to connect, details in another comment.

All autopkgtests for the newly accepted gnutls28 (3.5.18-1ubuntu1.4) for bionic have finished running.
The following regressions have been reported in tests triggered by the package:

glib-networking/2.56.0-1 (amd64, s390x, ppc64el, arm64, i386, armhf)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/bionic/update_excuses.html#gnutls28

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Download full text (9.0 KiB)

Sure thing.  Pasted below and attached .txt with same content as well...
Regards,Stephen

Rogers Email Account:  address: <email address hidden>
  imap server: imap.broadband.rogers.com:993
  username: <email address hidden>
  password: <redacted>
  smtp:  similar as above, replace "imap." with "smtp.", port 465, same user/pass

$gnutls-cli pop.verizon.net:995
Processed 127 CA certificate(s).
Resolving 'pop.verizon.net:995'...
Connecting to '66.218.85.35:995'...
- Certificate type: X.509
- Got a certificate list of 3 certificates.
- Certificate[0] info:
 - subject `CN=pop.verizon.net,O=Verizon Data Services LLC,L=Temple Terrace,ST=Florida,C=US', issuer `CN=DigiCert Baltimore CA-2 G2,OU=www.digicert.com,O=DigiCert Inc,C=US', serial 0x0128e5987aac5428187b44269bcc4722, RSA key 2048 bits, signed using RSA-SHA256, activated `2020-01-17 00:00:00 UTC', expires `2021-12-07 12:00:00 UTC', pin-sha256="aNhhzcfwYqhSipKi6Wxk4Gs9+tKNo8L76OEHVxi9wxw="
    Public Key ID:
        sha1:4ebacc7c149d8ba94aaf0ce3909b6d695e19a625
        sha256:68d861cdc7f062a8528a92a2e96c64e06b3dfad28da3c2fbe8e1075718bdc31c
    Public Key PIN:
        pin-sha256:aNhhzcfwYqhSipKi6Wxk4Gs9+tKNo8L76OEHVxi9wxw=
    Public key's random art:
        +--[ RSA 2048]----+
        |                 |
        |                 |
        |         . .     |
        |        . o      |
        |  E +   S+ .     |
        | . = o ++ .      |
        |o +.+ .o.        |
        | *+* =...        |
        |o++ +o*.         |
        +-----------------+

- Certificate[1] info:
 - subject `CN=DigiCert Baltimore CA-2 G2,OU=www.digicert.com,O=DigiCert Inc,C=US', issuer `CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE', serial 0x0182f8098ea2e626b91a3b27841fb9af, RSA key 2048 bits, signed using RSA-SHA256, activated `2015-12-08 12:05:07 UTC', expires `2025-05-10 12:00:00 UTC', pin-sha256="56higu/MFWb/c2b0avLE5oN2ECS2C43RvzSUgx/2xIE="
- Certificate[2] info:
 - subject `CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE', issuer `CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE', serial 0x020000b9, RSA key 2048 bits, signed using RSA-SHA1 (broken!), activated `2000-05-12 18:46:00 UTC', expires `2025-05-12 23:59:00 UTC', pin-sha256="Y9mvm0exBk1JoQ57f9Vm28jKo5lFm/woKcVxrYxu80o="
- Status: The certificate is trusted.
*** Fatal error: Internal error in memory allocation.
*** handshake has failed: Internal error in memory allocation.

$dpkg -l | grep gnutls
ii  gnutls-bin                            3.5.18-1ubuntu1.4                                                           amd64        GNU TLS library - commandline utilities
ii  libcurl3-gnutls:amd64                 7.58.0-2ubuntu3.8                                                           amd64        easy-to-use client-side URL transfer library (GnuTLS flavour)
ii  libcurl4-gnutls-dev:amd64             7.58.0-2ubuntu3.8                                                           amd64        development files and documentation for libcurl (GnuTLS flavour)
ii  libgnutls-dane0:amd64                 3.5.18-1ubuntu1.3                                                           amd64        GNU TLS library - DANE security sup...

Read more...

Rod Rivers (rrivers) wrote :

@sil2100 - I'm able to confirm the bionic-proposed updates worked for pop connections to pop.verizon.net on port 995. I started with a fresh install of Ubuntu 18.04 and applied all updates except proposed. As expected gnutls-cli and evolution returned the error. After installing the proposed versions of libgnutls30 and gnutls-bin I was able to connect to the server with both programs.

I also used gnutls-cli to connect to imap.aol.com:993 as a second check to make sure the new code supports zero length tickets. I also tried www.yahoo.com:443 www.google.com:443 www.microsoft.com:443 and www.cnn.com:443 as regression tests. All tests connected to the server and started simple client mode. No errors were displayed.

Rod Rivers (rrivers) wrote :

@@stephenholden both of these have to be updated. This is where the code change was made:

ii libgnutls30:amd64 3.5.18-1ubuntu1.3 amd64 GNU TLS library - main runtime library
ii libgnutls30:i386 3.5.18-1ubuntu1.3 i386 GNU TLS library - main runtime library

All autopkgtests for the newly accepted gnutls28 (3.4.10-4ubuntu1.8) for xenial have finished running.
The following regressions have been reported in tests triggered by the package:

glib-networking/2.48.2-1~ubuntu16.04.1 (arm64, amd64, i386, s390x, ppc64el, armhf)
exim4/4.86.2-2ubuntu2.6 (armhf)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/xenial/update_excuses.html#gnutls28

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Download full text (5.5 KiB)

Thanks.  I thought just replacing gnutls-bin would be enough.  Now that I've updated all three .deb files, Evolution is once again pulling emails, etc from my ISP's rogers-yahoo server!
Thanks to all who worked on fixing the problem.  I know a few people on this mailing list will be very happy, myself included.
Regards,Stephen

Stephen Holden
Ontario, Canada

    On Monday, June 22, 2020, 3:11:05 p.m. EDT, Rod Rivers <email address hidden> wrote:

 @@stephenholden both of these have to be updated.  This is where the
code change was made:

ii  libgnutls30:amd64                    3.5.18-1ubuntu1.3                                                          amd64        GNU TLS library - main runtime library
ii  libgnutls30:i386                      3.5.18-1ubuntu1.3                                                          i386        GNU TLS library - main runtime library

--
You received this bug notification because you are subscribed to the bug
report.
https://bugs.launchpad.net/bugs/1876286

Title:
  Evolution reports "Error performing TLS handshake: Internal error in
  memory allocation."

Status in Gnutls:
  Unknown
Status in claws-mail package in Ubuntu:
  Invalid
Status in evolution package in Ubuntu:
  Invalid
Status in gnutls28 package in Ubuntu:
  Fix Released
Status in gnutls28 source package in Xenial:
  Fix Committed
Status in gnutls28 source package in Bionic:
  Fix Committed
Status in claws-mail source package in Focal:
  Invalid
Status in evolution source package in Focal:
  Invalid
Status in gnutls28 source package in Focal:
  Fix Committed
Status in claws-mail source package in Groovy:
  Invalid
Status in evolution source package in Groovy:
  Invalid
Status in gnutls28 source package in Groovy:
  Fix Released
Status in gnutls28 package in CentOS:
  Unknown

Bug description:
  [Impact]

  Evolution and Claws email clients stopped connecting to Yahoo, AOL,
  Verizon, AT&T, Bell South, etc email servers which are run by the same
  group. Users are unable to get to their email.

  The underlying problem is that GnuTLS does not support zero length
  session tickets.  The fix works by checking that that ticket_len > 0
  prior to calling gnutls_realloc_fast().

  Nominating for SRU, fulfills: "Updates that need to be applied to
  Ubuntu packages to adjust to changes in the environment, server
  protocols, web services, and similar, i. e. where the current version
  just ceases to work."

  [testcase]

  GnuTLS 3.6:
  $ gnutls-cli --priority=NORMAL:-VERS-TLS1.3 pop.verizon.net:995
  [...]
  - Status: The certificate is trusted.
  *** Fatal error: Internal error in memory allocation.

  the error should be fixed with the update

  GnuTLS 3.5:
  $ gnutls-cli pop.verizon.net:995

  GnuTLS 3.4:
  $ gnutls-cli -p 995 pop.verizon.net

  [regression potential]

  The fix works by checking that that ticket_len > 0 prior to calling
  gnutls_realloc_fast().  This creates two separate execution paths:

  1) If the session ticket length > 0, which is the primary use case,
  the original code block will be executed.

  2) If the session ticket len is 0, then the original code block will
  be skipped.

  Testing will need to include...

Read more...

Simon Baldwin (smnbldwn) wrote :

Is this issue going to be fixed in Ubuntu 16.04 powerpc as well as the other architectures?
I hope so, its great news that the fix is working.

Rod Rivers (rrivers) wrote :

@smnbldwn it looks like the Xenial fix was also built for powerpc and ppc64el

All autopkgtests for the newly accepted gnutls28 (3.6.13-2ubuntu1.2) for focal have finished running.
The following regressions have been reported in tests triggered by the package:

systemd/245.4-4ubuntu3.1 (ppc64el)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/focal/update_excuses.html#gnutls28

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Edorta (tecno-edorta) wrote :

I have installed the bionic-proposed updates and worked for imap connections to imap.mail.yahoo.com on port 993.

Updated the next packages with Synaptic:
libgnutls-openssl27 (3.5.18-1ubuntu1.3) to 3.5.18-1ubuntu1.4
libgnutls30 (3.5.18-1ubuntu1.3) to 3.5.18-1ubuntu1.4
libgnutls30:i386 (3.5.18-1ubuntu1.3) to 3.5.18-1ubuntu1.4

Thanks a lot for your work!

Sebastien Bacher (seb128) wrote :

The bionic autopkgtest failure isn't new from that version, retrying the version currently in updates has the same error
http://autopkgtest.ubuntu.com/packages/g/glib-networking/bionic/amd64

it seems like a regression introduced by the security updates but those seem to bypass the autopkgtest infrastructure so we don't have results for those uploads...

Sebastien Bacher (seb128) wrote :

(same for xenial)

Rod Rivers (rrivers) wrote :

@seb128 can you double check my thinking? It looks like the regressions on Bionic with glib-networking/2.56.0-1 are related to newer versions of GnuTLS reporting GNUTLS_CERT_INSECURE_ALGORITHM on the test certificates. Michael Catanzaro posted a patch on 2018-04-11 on comment 3 at:
https://bugzilla.gnome.org/show_bug.cgi?id=794286#c3

This fixed test 3/8 certificate after applying the patch, generating the certs (tls/tests/files/create-files.sh) and building the package. Test 4/8 file-database failed with the same error. It looks like tls/tests/files/ca-verisign-sha1.pem was signed with sha1 and also needs to be updated.

I believe this indicates the tests are no longer valid and is unrelated to the changes I made. How do you want to handle this?

Sebastien Bacher (seb128) wrote :

@Rod, right, if I understand things correctly it should be fixed in 2.56.1
https://gitlab.gnome.org/GNOME/glib-networking/-/blob/glib-2-56/NEWS

I've uploaded that version to a ppa now
https://launchpad.net/~ubuntu-desktop/+archive/ubuntu/transitions/+sourcepub/11384375/+listing-archive-extra

and I'm going to trigger autopkgtests now on that build to see if they are back to green, if that's the case I'm going to upload that as a SRU

Rod Rivers (rrivers) wrote :

@seb128 - Awesome! I will check back after work.

Sebastien Bacher (seb128) wrote :

bug #1884801 is the SRU for that update

Rod Rivers (rrivers) wrote :

I'm able to confirm the xenial-proposed updates/3.4.10-4ubuntu1.8 worked for pop connections to pop.verizon.net on port 995. I started with a fresh install of Ubuntu 16.04 and applied all updates except proposed. As expected gnutls-cli and evolution returned the error. After installing the proposed versions of libgnutls30 and gnutls-bin I was able to connect to the server with both programs.

I also used gnutls-cli to connect to imap.aol.com port 993 as a second check to make sure the new code supports zero length tickets. I also tried port 443 on www.yahoo.com, www.google.com, www.microsoft.com, and www.cnn.com as regression tests. All tests connected to the server and started simple client mode. No errors were displayed.

Rod Rivers (rrivers) wrote :

I'm able to confirm the focal-proposed updates/3.6.13-2ubuntu1.2 worked for pop connections to pop.verizon.net on port 995. I started with a fresh install of Ubuntu 20.04 and applied all updates except proposed. In order to make GnuTLS 3.6 use an older version of TLS I created the file /etc/gnutls/config with the following contents:
[overrides]
default-priority-string = NORMAL:-VERS-TLS1.3

As expected gnutls-cli and evolution returned the error. After installing the proposed versions of libgnutls30 and gnutls-bin I was able to connect to the server with both programs.

I also used gnutls-cli to connect to imap.aol.com port 993 as a second check to make sure the new code supports zero length tickets. I also tried port 443 on www.yahoo.com, www.google.com, www.microsoft.com, and www.cnn.com as regression tests. All tests connected to the server and started simple client mode. No errors were displayed. Wireshark confirmed that the connections were using TLS 1.2 and that the aol and verizon servers returned zero length tickets.

tamille1 (tamille1) wrote :

Linux Mint 18.3 (Ubuntu Xenial) and claws-mail

I did this procedure to test from xenial-proposed.

NOTE: I am not sure this procedure is correct and invite comments!

In: Update Manager | Edit | Software Sources | Additional repositories

Add: deb http://archive.ubuntu.com/ubuntu/ xenial-proposed restricted main multiverse universe

Refresh the cache -- get several updates, deselect all except gnutls28
Perform the update
Deselect the added -proposed repository, refresh the cache: all updates disappear from list.
Reboot to check if ok.

Test:

gnutls-cli imap.mail.yahoo.com:993

seemed to connect ok.

Test using claws-mail on yahoo imap account: worked.

Thank you all for your efforts in getting this to work!

James (magnum6) wrote :

Thankyou tamille1

I followed you instructions and added the repository to 16.04lts.

Evolution now downloads email from yahoo:993.

I had to deselect 'Pre-released updates' from the developer options in update manager to get rid of the extra updates, but it worked. I couldn't find the repository in my list to remove it. I know that I added it, but it just wasn't showing.

I am still having trouble downloading email from one of my ISP's: Bestweb.net. It might be a transient issue on their end. I'll give it a few days.

Rod Rivers (rrivers) wrote :

@magnum6 glad to hear yahoo is working. Did you try using gnutls-cli to connect to bestweb.net? You didn't specify the full name and port so I can't try it here. If you try on your end and see a message about simple client mode towards the end of the output then you have passed the handshake part of the connection and there is a different problem with that ISP.

Rod,

Congrats on the fix of bug 1876286. I am running Evolution on Debian
and on Ubuntu and have not yet seen any software updates posted on
these systems. Can you give me any directions as to how I can update
the relevant libraries and/or functions? If necessary, I "might" be
able to compile from source, but I have have a much better chance of
success, if you can direct me to software that has already been
compiled, that I can download and copy into the OS. E.g. dpkg -i
..deb,
or perhaps use synaptic or similar to install.

Any suggestions.

Again, thanks for your good work.

"Joe Buc"

Rod Rivers (rrivers) wrote :

Joe, It's still in the proposed repo and hasn't made it to updates yet. Did you try the instuctions here:
https://wiki.ubuntu.com/Testing/EnableProposed

James (magnum6) wrote :

@Rod Thanx again for your outstanding bug fix. I didn't try Bestweb via the cli. I used software updater. And the problem with the Bestweb ISP was on my end. My setup got mangled and was trying to connect to yahoo. I got it sorted out and it works perfectly, although the first time I connected, evolution reported that the SSL cert was not trusted. I've never seen that before. I have accepted it temporarily and when I feel comfortable with it, I'll accept it permanently.

Oh, and thanx for posting the wiki regarding enabling the proposed updates. There is a lot of good info there.

@Joe Buc, you might want to try using tamille1's instructions. It worked for me. Just remember to disable the proposed updates when you are done.

Rod Rivers (rrivers) wrote :

@seb128 just checking to make sure that your not waiting for something on my end. If I understand it correctly it looks like Focal is done since you re-ran the systemd test and now all tests have passed, and I verified that the fix worked. Should the tag be updated to verification-done-focal? I’m guessing that the Xenial and Bionic fixes are waiting on the glib-networking testing certificate updates we talked about a few days ago. It looks like Alex Murray accepted the changes on Monday and they are making their way through the system.

tags: added: verification-done-focal
removed: verification-needed-focal
tags: added: verification-done-bionic
removed: verification-needed-bionic
tags: added: verification-done-xenial
removed: verification-needed-xenial
tags: added: verification-done
removed: verification-needed
Sebastien Bacher (seb128) wrote :

@Rod, thanks for checking, nothing is needed there, it got tested on the different series according to your (and other) comments, just the tag were not updated, I did that now. Thanks also for pointing out the glib-networking security update from Alex, it indeed fixes the tests

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gnutls28 - 3.6.13-2ubuntu1.2

---------------
gnutls28 (3.6.13-2ubuntu1.2) focal; urgency=medium

  * d/p/50_Update-session_ticket.c-to-add-support-for-zero-leng.patch
    Handle zero length session tickets, fixing connection errors on
    TLS1.2 sessions to some big hosting providers. (LP: #1876286)

 -- Sebastien Bacher <email address hidden> Mon, 15 Jun 2020 17:10:12 +0200

Changed in gnutls28 (Ubuntu Focal):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for gnutls28 has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gnutls28 - 3.5.18-1ubuntu1.4

---------------
gnutls28 (3.5.18-1ubuntu1.4) bionic; urgency=medium

  * d/p/50_Update-session_ticket.c-to-add-support-for-zero-leng.patch:
    - add support for zero length session tickets returned from the server,
      thanks Rod for the backport and testing! (lp: #1876286)

 -- Sebastien Bacher <email address hidden> Wed, 17 Jun 2020 12:03:27 +0200

Changed in gnutls28 (Ubuntu Bionic):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gnutls28 - 3.4.10-4ubuntu1.8

---------------
gnutls28 (3.4.10-4ubuntu1.8) xenial; urgency=medium

  * d/p/50_Update-session_ticket.c-to-add-support-for-zero-leng.patch:
    - add support for zero length session tickets returned from the server,
      thanks Rod for the backport and testing! (lp: #1876286)

 -- Sebastien Bacher <email address hidden> Wed, 17 Jun 2020 23:06:13 +0200

Changed in gnutls28 (Ubuntu Xenial):
status: Fix Committed → Fix Released

Dear Rod,

I was unable to get Evolution working o.k. on Ubuntu, until the update,
itself was available. Still not quite sure how I finally got Evolution
 working okay on Ubuntu, but it not works just fine! Unfortunately, I
am still not able to use Evolution on Debian. Any guess when the
update will be available for fixing Evolution on Debian.

Again, thanks for your work fixing the bug, and thanks for your help to
me.

Joe Buc (Joe Buck)

I can confirm it working (yahoo). Thanks for the efforts!

After running apt upgrade and seeing amongst others, things were fine:

Get:10 http://de.archive.ubuntu.com/ubuntu bionic-updates/main amd64 libgnutlsxx28 amd64
3.5.18-1ubuntu1.4 [13,7 kB]
Get:11 http://de.archive.ubuntu.com/ubuntu bionic-updates/main amd64 libgnutls28-dev amd64
3.5.18-1ubuntu1.4 [660 kB]
Get:12 http://de.archive.ubuntu.com/ubuntu bionic-updates/main amd64 libgnutls-dane0 amd64
3.5.18-1ubuntu1.4 [21,0 kB]
Get:13 http://de.archive.ubuntu.com/ubuntu bionic-updates/main i386 libgnutls30 i386
3.5.18-1ubuntu1.4 [660 kB]
Get:14 http://de.archive.ubuntu.com/ubuntu bionic-updates/main amd64 libgnutls30 amd64
3.5.18-1ubuntu1.4 [645 kB]

On Thu, 2020-07-02 at 14:56 +0000, Launchpad Bug Tracker wrote:
> This bug was fixed in the package gnutls28 - 3.4.10-4ubuntu1.8
>
> ---------------
> gnutls28 (3.4.10-4ubuntu1.8) xenial; urgency=medium
>
> * d/p/50_Update-session_ticket.c-to-add-support-for-zero-leng.patch:
> - add support for zero length session tickets returned from the server,
> thanks Rod for the backport and testing! (lp: #1876286)
>
> -- Sebastien Bacher <email address hidden> Wed, 17 Jun 2020 23:06:13
> +0200
>
> ** Changed in: gnutls28 (Ubuntu Xenial)
> Status: Fix Committed => Fix Released
>

Displaying first 40 and last 40 comments. View all 113 comments or add a comment.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.