Evolution reports "Error performing TLS handshake: Internal error in memory allocation."
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Gnutls |
Fix Released
|
Unknown
|
|||
claws-mail (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Focal |
Invalid
|
Undecided
|
Unassigned | ||
Groovy |
Invalid
|
Undecided
|
Unassigned | ||
evolution (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Focal |
Invalid
|
Undecided
|
Unassigned | ||
Groovy |
Invalid
|
Undecided
|
Unassigned | ||
gnutls28 (CentOS) |
Unknown
|
Unknown
|
|||
gnutls28 (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Xenial |
Fix Released
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
High
|
Unassigned | ||
Groovy |
Fix Released
|
High
|
Unassigned |
Bug Description
[Impact]
Evolution and Claws email clients stopped connecting to Yahoo, AOL, Verizon, AT&T, Bell South, etc email servers which are run by the same group. Users are unable to get to their email.
The underlying problem is that GnuTLS does not support zero length session tickets. The fix works by checking that that ticket_len > 0 prior to calling gnutls_
Nominating for SRU, fulfills: "Updates that need to be applied to Ubuntu packages to adjust to changes in the environment, server protocols, web services, and similar, i. e. where the current version just ceases to work."
[testcase]
GnuTLS 3.6:
$ gnutls-cli --priority=
[...]
- Status: The certificate is trusted.
*** Fatal error: Internal error in memory allocation.
the error should be fixed with the update
GnuTLS 3.5:
$ gnutls-cli pop.verizon.net:995
GnuTLS 3.4:
$ gnutls-cli -p 995 pop.verizon.net
[regression potential]
The fix works by checking that that ticket_len > 0 prior to calling gnutls_
1) If the session ticket length > 0, which is the primary use case, the original code block will be executed.
2) If the session ticket len is 0, then the original code block will be skipped.
Testing will need to include connections to servers that return session ticket length > 0 as well as ones that return session ticket length of 0. Wireshark can be used to look at the NewSessionTicket handshake message to confirm the session ticket length.
[Other Info]
The GnuTLS project's merge request 1260 fixes this bug. It was reviewed and approved by Daiki Ueno:
https:/
According to the GnuTLS project: "We utilize two continuous integration systems, the gitlab-ci and travis. Gitlab-CI is used to test most of the Linux systems (see .gitlab-ci.yml), and is split in two phases, build image creation and compilation/test. The build image creation is done at the gnutls/build-images subproject and uploads the image at the gitlab.com container registry. The compilation/test phase is on every commit to gnutls project."
Here are the results of the gitlab-ci pipeline showing all 19 tests passed for merge request 1260:
https:/
Page 8, section 3.3 of RFC5077 describes the NewSessionTicket handshake message and indicates that a zero length session ticket is a legitimate value:
https:/
-------
When GnuTLS connects to servers that return zero length session tickets using older TLS versions it returns the error code GNUTLS_
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: libgnutls30 3.5.18-1ubuntu1.3
ProcVersionSign
Uname: Linux 5.3.0-51-generic x86_64
ApportVersion: 2.20.9-0ubuntu7.14
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Fri May 1 07:03:51 2020
InstallationDate: Installed on 2017-12-12 (870 days ago)
InstallationMedia: Ubuntu 16.04.3 LTS "Xenial Xerus" - Release amd64 (20170801)
ProcEnviron:
PATH=(custom, no username)
XDG_RUNTIME_
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: gnutls28
UpgradeStatus: Upgraded to bionic on 2018-12-28 (489 days ago)
Changed in gnutls28 (Ubuntu): | |
status: | New → Confirmed |
tags: | added: rls-gg-incoming |
description: | updated |
Changed in gnutls28 (Ubuntu): | |
importance: | Undecided → High |
Changed in evolution (Ubuntu): | |
status: | Confirmed → Invalid |
Changed in claws-mail (Ubuntu): | |
status: | Confirmed → Invalid |
Changed in gnutls28 (Ubuntu): | |
status: | Confirmed → Triaged |
no longer affects: | claws-mail (Ubuntu Focal) |
no longer affects: | evolution (Ubuntu Focal) |
no longer affects: | gnutls28 (Ubuntu Focal) |
Changed in claws-mail (Ubuntu Focal): | |
status: | New → Invalid |
Changed in evolution (Ubuntu Focal): | |
status: | New → Invalid |
Changed in gnutls28 (Ubuntu Focal): | |
importance: | Undecided → High |
status: | New → Triaged |
tags: | removed: rls-gg-incoming |
tags: | added: id-5ed9108ac43eb08712857ef5 |
Changed in gnutls28 (Ubuntu Groovy): | |
status: | Triaged → Fix Committed |
Changed in gnutls28 (Ubuntu Groovy): | |
status: | Fix Committed → Fix Released |
description: | updated |
Changed in gnutls28 (Ubuntu Focal): | |
status: | Triaged → Fix Committed |
description: | updated |
description: | updated |
tags: | added: verification-needed verification-needed-focal |
Changed in gnutls28 (Ubuntu Bionic): | |
status: | New → Fix Committed |
tags: | added: verification-needed-bionic |
Changed in gnutls28 (Ubuntu Xenial): | |
status: | New → Fix Committed |
tags: | added: verification-needed-xenial |
tags: |
added: verification-done-focal removed: verification-needed-focal |
tags: |
added: verification-done-bionic removed: verification-needed-bionic |
tags: |
added: verification-done-xenial removed: verification-needed-xenial |
tags: |
added: verification-done removed: verification-needed |
Changed in gnutls: | |
status: | Unknown → Fix Released |
Status changed to 'Confirmed' because the bug affects multiple users.