Ubuntu
gnutls28 package

autopkgtest fails due to an expired certificate

Bug #1910255 reported by Balint Reczey
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
gnutls28 (Debian)
Fix Released
Unknown
gnutls28 (Ubuntu)
Fix Released
Undecided
Unassigned
Focal
Fix Released
Low
Brian Murray
Groovy
Won't Fix
Low
Brian Murray
Hirsute
Fix Released
Undecided
Unassigned

Bug Description

Everywhere:
https://autopkgtest.ubuntu.com/packages/gnutls28

It used to pass, but now it regressed in stable releases, too:
https://autopkgtest.ubuntu.com/packages/g/gnutls28/focal/s390x

https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-focal/focal/s390x/g/gnutls28/20210105_140534_0cd7d@/log.gz
...
* Using PKCS #11 with gnutls-cli (full URLs)... FAIL [122]../../tests/testpkcs11.sh
Failure: Connection (with files) should have succeeded!
autopkgtest [14:05:17]: test run-upstream-testsuite: -----------------------]
run-upstream-testsuite FAIL non-zero exit status 1
autopkgtest [14:05:18]: test run-upstream-testsuite: - - - - - - - - - - results - - - - - - - - - -
autopkgtest [14:05:18]: @@@@@@@@@@@@@@@@@@@@ summary
run-upstream-testsuite FAIL non-zero exit status 1

Revision history for this message
Balint Reczey (rbalint) wrote :

The test passes in sid, with a newer version.

Brian Murray (brian-murray)
summary: - autopkgtest fails
+ autopkgtest fails due to an expired certificate
tags: added: rls-hh-incoming
Revision history for this message
Balint Reczey (rbalint) wrote :

This is just a test failure. The fix should not be SRUd by itself but the next upload should include it.

Changed in gnutls28 (Ubuntu Focal):
importance: Undecided → Low
Changed in gnutls28 (Ubuntu Groovy):
importance: Undecided → Low
Brian Murray (brian-murray)
tags: removed: rls-hh-incoming
tags: added: fr-1044
Revision history for this message
Julian Andres Klode (juliank) wrote :

This is fixed in gnutls28 3.7.0-5ubuntu1 which is in hirsute-proposed.

Changed in gnutls28 (Ubuntu Hirsute):
status: New → Fix Committed
Dimitri John Ledkov (xnox)
Changed in gnutls28 (Ubuntu Hirsute):
status: Fix Committed → Fix Released
Revision history for this message
Brian Murray (brian-murray) wrote :

This seems to be the targeted fix for the test failure.

https://gitlab.com/gnutls/gnutls/-/merge_requests/1371/diffs?commit_id=2b0f6f3a2ff13153aaa70c764ba7a8b90aef794d

Bug Watch Updater (bug-watch-updater)
Changed in gnutls28 (Debian):
status: Unknown → Fix Released
Brian Murray (brian-murray)
Changed in gnutls28 (Ubuntu Groovy):
status: New → In Progress
assignee: nobody → Brian Murray (brian-murray)
Brian Murray (brian-murray)
Changed in gnutls28 (Ubuntu Focal):
status: New → In Progress
assignee: nobody → Brian Murray (brian-murray)
Revision history for this message
Łukasz Zemczak (sil2100) wrote : Please test proposed package

Hello Balint, or anyone else affected,

Accepted gnutls28 into groovy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/gnutls28/3.6.15-4ubuntu2.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-groovy to verification-done-groovy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-groovy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in gnutls28 (Ubuntu Groovy):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-groovy
Changed in gnutls28 (Ubuntu Focal):
status: In Progress → Fix Committed
tags: added: verification-needed-focal
Revision history for this message
Łukasz Zemczak (sil2100) wrote :

Hello Balint, or anyone else affected,

Accepted gnutls28 into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/gnutls28/3.6.13-2ubuntu1.4 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

tags: added: block-proposed-focal block-proposed-groovy
Revision history for this message
Łukasz Zemczak (sil2100) wrote :

Setting the block-proposed tags for focal and groovy as this is an autopkgtest-only fix.

Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (gnutls28/3.6.15-4ubuntu2.1)

All autopkgtests for the newly accepted gnutls28 (3.6.15-4ubuntu2.1) for groovy have finished running.
The following regressions have been reported in tests triggered by the package:

network-manager/1.26.2-1ubuntu1 (amd64)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/groovy/update_excuses.html#gnutls28

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message
Łukasz Zemczak (sil2100) wrote : Proposed package upload rejected

An upload of gnutls28 to focal-proposed has been rejected from the upload queue for the following reason: "Please include a DEP-3 header for the newly added patch! Since I think it's good practice when patches have some explaination and information about where it comes from. Other than that, it's fine to go in.".

Revision history for this message
Robie Basak (racb) wrote : Please test proposed package

Hello Balint, or anyone else affected,

Accepted gnutls28 into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/gnutls28/3.6.13-2ubuntu1.5 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Revision history for this message
Brian Murray (brian-murray) wrote :

The groovy autopkgtests have passed with the new version so setting to v-done for groovy.

tags: added: verification-done-groovy
removed: verification-needed-groovy
Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (gnutls28/3.6.13-2ubuntu1.5)

All autopkgtests for the newly accepted gnutls28 (3.6.13-2ubuntu1.5) for focal have finished running.
The following regressions have been reported in tests triggered by the package:

systemd/245.4-4ubuntu3.4 (amd64)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/focal/update_excuses.html#gnutls28

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message
Brian Murray (brian-murray) wrote : [gnutls28/focal] verification still needed

The fix for this bug has been awaiting testing feedback in the -proposed repository for focal for more than 90 days. Please test this fix and update the bug appropriately with the results. In the event that the fix for this bug is still not verified 15 days from now, the package will be removed from the -proposed repository.

tags: added: removal-candidate
Revision history for this message
Steve Langasek (vorlon) wrote : Proposed package removed from archive

The version of gnutls28 in the proposed pocket of Groovy that was purported to fix this bug report has been removed because the bugs that were to be fixed by the upload were not verified in a timely (105 days) fashion.

Changed in gnutls28 (Ubuntu Groovy):
status: Fix Committed → Won't Fix
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gnutls28 - 3.6.13-2ubuntu1.6

---------------
gnutls28 (3.6.13-2ubuntu1.6) focal-security; urgency=medium

  * SECURITY UPDATE: use after free issue in key_share extension
    - debian/patches/CVE-2021-20231.patch: avoid use-after-free around
      realloc in lib/ext/key_share.c.
    - CVE-2021-20231
  * SECURITY UPDATE: use after free issue in client_send_params
    - debian/patches/CVE-2021-20232.patch: avoid use-after-free around
      realloc in lib/ext/pre_shared_key.c.
    - CVE-2021-20232

 -- Marc Deslauriers <email address hidden> Mon, 02 Aug 2021 09:56:04 -0400

Changed in gnutls28 (Ubuntu Focal):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.