gnutls28 OOM's on arm64, ppc64el and s390x with lto
Bug #1922004 reported by
Matthias Klose
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gnutls28 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
seen in
https:/
barely succeeds on amd64 with 8G RAM + 4G swap
arm64 and ppc64el only have 8G RAM, no swap.
s390x has 8G RAM + 4G swap, but still runs out of memory. likely because of the heavier inlining from the the baseline.
This bug was fixed in the package gnutls28 - 3.7.1-3ubuntu1
---------------
gnutls28 (3.7.1-3ubuntu1) hirsute; urgency=medium
* Merge from Debian unstable. Remaining changes:
- Enable CET.
- Set default priority string to only allow TLS1.2, DTLS1.2, and
TLS1.3 with medium security profile (2048 RSA keys minimum, and
similar).
* Fix FTBFS with lto - reduce parallelism to 2. LP: #1922004
* Merge CVE fixes CVE-2021-20231 CVE-2021-20232
gnutls28 (3.7.1-3) unstable; urgency=low
* Rename/refetch doc-install- missing- image-file- gnutls- crypto- l.patch, it is has
*build-
been merged into upstream GIT.
* Upload to unstable.
gnutls28 (3.7.1-2) experimental; urgency=medium
* Also run ocsptool tests in autopkgtest. gnutls_ buffer_ resize- account- for-unused- area-if- AGG.patch suppress- Wunused- function- if-AGGRESSIVE_ REALLOC- .patch avoid-FILE- pointer- leak-on- error.patch cli-debug- avoid-resource- leak-in- saving- DHE-p.patch avoid-file- descriptor- leak-in- socket_ open2.patch avoid-memory- leak-in- tlsproxy. patch avoid-memory- leak-in- ex-verify. patch doc-install- missing- image-file- gnutls- crypto- l.patch
* Add CVE numbers to previous changelog entry.
* Pull selected fixes from upstream GIT:
+ 55_01-_
+ 55_02-str-
+ 56_01-srptool-
+ 56_02-gnutls-
+ 56_03-src-
+ 56_04-examples-
+ 56_05-examples-
* 60_build-
Ship missing image file. (Thanks, lintian)
gnutls28 (3.7.1-1) unstable; urgency=medium
* New upstream version SA-2021- 03-10. CVE-2021-20231 CVE-2021-20232
Fixes potential use-after-free in sending "key_share" and "pre_shared_key"
extensions. GNUTLS-
* Upload to unstable.
gnutls28 (3.7.0+ git20210306- 2) experimental; urgency=medium
* Fix autopkgtest skiplist.
gnutls28 (3.7.0+ git20210306- 1) experimental; urgency=low
* Update to GIT ba6e4b17bf74e58 a8101f825011434 b497eacbaa
+ Drop cherry-picked patches {48,49,50}_*.
+ Update copyright file.
gnutls28 (3.7.0-7) unstable; urgency=medium
* Pull 50_01-gnutls_ session_ is_resumed- don-t-check- session- ID-in-. patch 02-handshake- TLS-1.3- don-t-generate- session- ID-in-resum. patch 04-tests- close-unused- fd-opened- by-socketpair. patch from upstream
50_
50_
master, fixing session resumption in non-TLS1.3 mode, which broke ftp-ssl.
(Thanks to Tim Kosse for the pointer) Closes: #980119
gnutls28 (3.7.0-6) unstable; urgency=medium
* Update 49_0001- gnutls_ x509_trust_ list_verify_ crt2-ignore- duplicate- .patch
with merged version from upstream GIT master. Features a fix for an assert
on connection to servers which send a duplicate chain including the
self-signed CA. Closes: #980513
-- Dimitri John Ledkov <email address hidden> Wed, 14 Apr 2021 15:44:37 +0100