gnutls28 OOM's on arm64, ppc64el and s390x with lto

Bug #1922004 reported by Matthias Klose
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
gnutls28 (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

seen in
https://people.canonical.com/~doko/ftbfs-report/test-rebuild-20210325-hirsute-hirsute.html

https://launchpad.net/ubuntu/+archive/test-rebuild-20210325-hirsute/+sourcepub/12224570/+listing-archive-extra

barely succeeds on amd64 with 8G RAM + 4G swap

arm64 and ppc64el only have 8G RAM, no swap.

s390x has 8G RAM + 4G swap, but still runs out of memory. likely because of the heavier inlining from the the baseline.

Tags: lto

CVE References

Matthias Klose (doko)
tags: added: lto
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gnutls28 - 3.7.1-3ubuntu1

---------------
gnutls28 (3.7.1-3ubuntu1) hirsute; urgency=medium

  * Merge from Debian unstable. Remaining changes:
    - Enable CET.
    - Set default priority string to only allow TLS1.2, DTLS1.2, and
    TLS1.3 with medium security profile (2048 RSA keys minimum, and
    similar).
  * Fix FTBFS with lto - reduce parallelism to 2. LP: #1922004
  * Merge CVE fixes CVE-2021-20231 CVE-2021-20232

gnutls28 (3.7.1-3) unstable; urgency=low

  * Rename/refetch
    *build-doc-install-missing-image-file-gnutls-crypto-l.patch, it is has
    been merged into upstream GIT.
  * Upload to unstable.

gnutls28 (3.7.1-2) experimental; urgency=medium

  * Also run ocsptool tests in autopkgtest.
  * Add CVE numbers to previous changelog entry.
  * Pull selected fixes from upstream GIT:
    + 55_01-_gnutls_buffer_resize-account-for-unused-area-if-AGG.patch
    + 55_02-str-suppress-Wunused-function-if-AGGRESSIVE_REALLOC-.patch
    + 56_01-srptool-avoid-FILE-pointer-leak-on-error.patch
    + 56_02-gnutls-cli-debug-avoid-resource-leak-in-saving-DHE-p.patch
    + 56_03-src-avoid-file-descriptor-leak-in-socket_open2.patch
    + 56_04-examples-avoid-memory-leak-in-tlsproxy.patch
    + 56_05-examples-avoid-memory-leak-in-ex-verify.patch
  * 60_build-doc-install-missing-image-file-gnutls-crypto-l.patch
    Ship missing image file. (Thanks, lintian)

gnutls28 (3.7.1-1) unstable; urgency=medium

  * New upstream version
    Fixes potential use-after-free in sending "key_share" and "pre_shared_key"
    extensions. GNUTLS-SA-2021-03-10. CVE-2021-20231 CVE-2021-20232
  * Upload to unstable.

gnutls28 (3.7.0+git20210306-2) experimental; urgency=medium

  * Fix autopkgtest skiplist.

gnutls28 (3.7.0+git20210306-1) experimental; urgency=low

  * Update to GIT ba6e4b17bf74e58a8101f825011434b497eacbaa
    + Drop cherry-picked patches {48,49,50}_*.
    + Update copyright file.

gnutls28 (3.7.0-7) unstable; urgency=medium

  * Pull 50_01-gnutls_session_is_resumed-don-t-check-session-ID-in-.patch
    50_02-handshake-TLS-1.3-don-t-generate-session-ID-in-resum.patch
    50_04-tests-close-unused-fd-opened-by-socketpair.patch from upstream
    master, fixing session resumption in non-TLS1.3 mode, which broke ftp-ssl.
    (Thanks to Tim Kosse for the pointer) Closes: #980119

gnutls28 (3.7.0-6) unstable; urgency=medium

  * Update 49_0001-gnutls_x509_trust_list_verify_crt2-ignore-duplicate-.patch
    with merged version from upstream GIT master. Features a fix for an assert
    on connection to servers which send a duplicate chain including the
    self-signed CA. Closes: #980513

 -- Dimitri John Ledkov <email address hidden> Wed, 14 Apr 2021 15:44:37 +0100

Changed in gnutls28 (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.