Re: [Bug 1955009] Re: Freeradius 3.0.21+dfsg-3build1 fails test of moonshot-gss-eap

> "Christian" == Christian Ehrhardt  <1955...@bugs.launchpad.net> writes: Christian> Reproducible in local autopkgtest Let me make sure I'm understanding. You are saying that prior to penssl 3, the test works, but with openssl3, the test fails? What is the ssl version in the

Re: [Bug 1945795] [NEW] krb5: Fail to build against OpenSSL 3.0

> "Simon" == Simon Chopin <1945...@bugs.launchpad.net> writes: Simon> We're planning to transition to OpenSSL 3.0 for the 22.04 Simon> release, and consider this issue as blocking for this Simon> transition. I expect things to be fixed in Debian within the next couple of months.

[Bug 1885024] Re: systemd patch fixes: krb5kdc.log Read-only file system

This is possibly a duplicate of https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1874915 at least if you are using freeipa. As shipped, krb5-kdc does not log to /var/log, but instead logs to syslog My position is that since krb5's systemd configuration is correct for the shipped

Re: [Bug 1874915] Re: krb5kdc[27833]: Couldn't open log file /var/log/krb5kdc.log: Read-only file system

I'm going to push back on the reassignment to krb5. I think this is a freeipa bug. Kerberos's systemd service unit is correct for Kerberos. freeipa is the one that is deciding it wants to change the Kerberos logging configuration, and thus is the one that should adjust the permissions. Honestly

Re: [Bug 1817955] [NEW] Getting new "DN is out of the realm subtree" error on adding principal

Yes, it is because of that change. is the dn outside of the subtree? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1817955 Title: Getting new "DN is out of the realm subtree" error on adding

Re: [Bug 1817376] Re: krb5-admin-server postinst has broken debconf if RUN_KADMIND set in /etc/default/krb5-admin-server

Robie any chance I could get you to sync krb5 1.17-2 from Debian unstable to disco? It's probably not a big deal but there's no reason not to take the fix into Disco. > "Robie" == Robie Basak <1817...@bugs.launchpad.net> writes: Robie> Thanks Clark and Sam. Ubuntu doesn't support

[Bug 1817376] Re: krb5-admin-server postinst has broken debconf if RUN_KADMIND set in /etc/default/krb5-admin-server

I think this is basically only a problem on upgrade from older versions of krb5, in particular from prior to the 1.12 era to the current packaging. As part of adding support for systemd units, I decided to drop support for the run_kadmind variable, and bungled the upgrade path. This is an issue

[Bug 1817376] Re: krb5-admin-server postinst has broken debconf if RUN_KADMIND set in /etc/default/krb5-admin-server

** Changed in: krb5 (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1817376 Title: krb5-admin-server postinst has broken debconf if RUN_KADMIND set in

Re: [Bug 1793594] [NEW] IAKERB-HEADER "Realm" field incorrectly encoded as OCTET STRING

So, is this a spec bug or an implementation bug. Does the current behavior cause anything to break, or is it simply that implementations have diverged from the spec in tagging of the string. --Sam -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed

Re: [Bug 1791325] Re: freeipa server needs read access /var/lib/krb5kdc

*** This bug is a duplicate of bug 1772447 *** https://bugs.launchpad.net/bugs/1772447 I agree with Russ. On the Debian side, I would not support a change to krb5-kdc to make /var/lib/krb5kdc world readable. I think putting the public cert in /etc/krb5kdc is fine: I can make a case it's

Re: [Bug 1677881] Re: Missing dep8 tests

Hi. For whatever reason I'm not getting mail when an MP is opened in the krb5 gitlab. In general, i think Debian uses its BTS as the todo system of record moreso than gitlab MPs. I know for myself and I suspect a lot of other debian developers, a wishlist bug against a package would be the best

Re: [Bug 1683237] Re: krb5-user: kinit fails for OTP user when using kdc discovery via DNS

> "Joshua" == Joshua Powers writes: Joshua> If we want to fix this in zesty, then a release with only Joshua> the bug fixes would be desired. That could be SRU'ed Joshua> assuming it is not too big of a change such that it would Joshua> limit the

Re: [Bug 1683237] Re: krb5-user: kinit fails for OTP user when using kdc discovery via DNS

> "Joshua" == Joshua Powers writes: Joshua> If we want to fix this in zesty, then a release with only Joshua> the bug fixes would be desired. That could be SRU'ed Joshua> assuming it is not too big of a change such that it would Joshua> limit the

Re: [Bug 1683237] Re: krb5-user: kinit fails for OTP user when using kdc discovery via DNS

I can put something in debian experimental if that makes the sync easier. So, you'd prefer just the Debian 1.15-1 with bug fixes rather than a 1.15.1? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1683237] Re: krb5-user: kinit fails for OTP user when using kdc discovery via DNS

** Bug watch added: Debian Bug tracker #856307 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856307 ** Also affects: krb5 (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856307 Importance: Unknown Status: Unknown -- You received this bug notification because you

Re: [Bug 1643708] Re: Add SPNEGO special case for NTLMSSP+MechListMIC

> "Robie" == Robie Basak <1643...@bugs.launchpad.net> writes: Robie> @Bruce Thank you for detailing your testing. In your test Robie> suite, do you cover any interoperability with SPNEGO but Robie> not-Windows, whether in integration or code path coverage? Robie> That's the

Re: [Bug 1644595] Re: krb5-1.13.2+dfsg-5 source contains source subject to the aladdin license

As a FYI, upstream has relicensed the file under their standard license with permission from the author. Coming to Debian soon. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1644595 Title:

[Bug 1629370] Re: PKINIT fails with PKCS#11 middlware that implements PKCS#1 V2.1

I've forwarded this to upstream krbdev.mit.edu #8506 I don't know if this is pkcs 11 2.10 specific or specific to the backend in question, but it's worth having upstream take a look. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1623036] [NEW] Sync krb5 1.14.3+dfsg-2 (main) from Debian unstable (main)

Langasek, Closes: #833798 * Fix kdb5_util create on 32-bit platforms, thanks Greg Hudson, Closes: #834035 -- Sam Hartman <hartm...@debian.org> Mon, 05 Sep 2016 21:03:14 -0400 ** Affects: krb5 (Ubuntu) Importance: Undecided Status: New -- You received this bug notifi

Re: [Bug 1592841] Re: FTBFS on ppc64el, blocks updates of all packages depending on krb5, for example CUPS

> "Till" == Till Kamppeter <1592...@bugs.launchpad.net> writes: Till> Build the package on the system which you have at hand (amd64, Till> i386, ...), directing the build output into a file. Search Till> through the output to see whther there are any compiler Till> warnings

[Bug 1592841] Re: FTBFS on ppc64el, blocks updates of all packages depending on krb5, for example CUPS

Try this. I've fixed the new instance of the error as well. Incremented the version number so the patch has a different name, but you may not want to do that if you end up uploading -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1592841] Re: FTBFS on ppc64el, blocks updates of all packages depending on krb5, for example CUPS

** Patch added: "krb5_1.14.2+dfsg-1ubuntu2.debdiff" https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1592841/+attachment/4684544/+files/krb5_1.14.2+dfsg-1ubuntu2.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1592841] Re: FTBFS on ppc64el, blocks updates of all packages depending on krb5, for example CUPS

I've replaced the debdiff with one that hopefully works. I'm sorry for spacing at the controls there. Perhaps yearning for a simpler time:-) ** Patch added: "revised patch take 2"

Re: [Bug 1592841] Re: FTBFS on ppc64el, blocks updates of all packages depending on krb5, for example CUPS

O, sorry. I knew that seemed simpler than it should have been:-) Yeah, you could stick single-debian-patch in debian/source/options and it would work, but I'll do it right. ** Patch removed: "krb5_1.14.2+dfsg-1ubuntu1.debdiff"

[Bug 1592841] Re: FTBFS on ppc64el, blocks updates of all packages depending on krb5, for example CUPS

/krb5/+bug/1592841/+attachment/4684512/+files/krb5_1.14.2+dfsg-1ubuntu1.debdiff ** Changed in: krb5 (Ubuntu) Assignee: Sam Hartman (hartmans) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launc

[Bug 1592841] Re: FTBFS on ppc64el, blocks updates of all packages depending on krb5, for example CUPS

Looks simple; preparing fix ** Changed in: krb5 (Ubuntu) Assignee: (unassigned) => Sam Hartman (hartmans) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1592841 Title: FTBFS on ppc64el, blo

Re: [Bug 1592841] [NEW] FTBFS on ppc64el, blocks updates of all packages depending on krb5, for example CUPS

Include a link to the buildlog and i'll take a look. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1592841 Title: FTBFS on ppc64el, blocks updates of all packages depending on krb5, for example

[Bug 1590489] Re: Feature request: To allow Moonshot UI to also manage SAML ECP identities

** Also affects: moonshot-ui Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1590489 Title: Feature request: To allow Moonshot UI to also manage SAML ECP

Re: [Bug 1581584] [NEW] Provide log file for krb5kdc by default

I think it logs to syslog. Are you seeing logging configuration that is failing because of the systemd configuration, or are you saying that if the systemd configuration is updated *and* a logging stanza is added it would log to this file? I would e xpect the kdc to log to /var/log/auth.log out

[Bug 1550470] [NEW] Sync krb5 1.13.2+dfsg-5 (main) from Debian unstable (main)

kadmind to exhaust all available memory. (Closes: #813126) -- Sam Hartman <hartm...@debian.org> Tue, 23 Feb 2016 08:54:09 -0500 ** Affects: krb5 (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Serve

[Bug 1550470] [NEW] Sync krb5 1.13.2+dfsg-5 (main) from Debian unstable (main)

kadmind to exhaust all available memory. (Closes: #813126) -- Sam Hartman <hartm...@debian.org> Tue, 23 Feb 2016 08:54:09 -0500 ** Affects: krb5 (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs,

[Bug 1438483] [NEW] Sync moonshot-gss-eap 0.9.2-3+deb8u1 (universe) from Debian unstable (main)

0.9.2-3: moonshot-gss-eap (0.9.2-3+deb8u1) unstable; urgency=medium * Incorporate upstream deltas: - 6dbf073: Allow white space in CA certificates, Closes: #781312 - 90f04c98: Don't shut down openssl on last context deletion, Closes: #781311 -- Sam Hartman hartm...@debian.org

Re: [Bug 1334052] Re: package libkadm5srv-mit8 1.10.1+dfsg-6.1ubuntu1 failed to install/upgrade: libkadm5srv-mit8:all 1.12+dfsg-2ubuntu4 (Multi-Arch: no) kann nicht zusammen mit libkadm5srv-mit8 insta

To test: Install precise. On precise, enable multiple architectures (say amd64 and i386) install libkadm5srv-mit8. Update your sources.list to trusty, try installing libkadm5srv-mit8. I'd expect that to fail. Update your sources.list to also include trusty-proposed. Upgrade libkadm5srv-mit8;

Re: [Bug 1334052] Re: package libkadm5srv-mit8 1.10.1+dfsg-6.1ubuntu1 failed to install/upgrade: libkadm5srv-mit8:all 1.12+dfsg-2ubuntu4 (Multi-Arch: no) kann nicht zusammen mit libkadm5srv-mit8 insta

To test: Install precise. On precise, enable multiple architectures (say amd64 and i386) install libkadm5srv-mit8. Update your sources.list to trusty, try installing libkadm5srv-mit8. I'd expect that to fail. Update your sources.list to also include trusty-proposed. Upgrade libkadm5srv-mit8;

[Bug 1326500] Re: libgssapi-krb5-2: segfault when mechglue loops endlessly on call to gss_add_cred_from

I enabled proposed, confirmed that as I described in the initial test case gss-server segfaults with 1.12+dfsg-2ubuntu4. Then I installed libgssapi-krb5-2 from trusty-proposed. That pulled in most of the other krb5 packages as I'd expect all version 1.12+dfsg-2ubuntu5. I ran gss-server and it

[Bug 1326500] Re: libgssapi-krb5-2: segfault when mechglue loops endlessly on call to gss_add_cred_from

** Tags removed: verification-needed ** Tags added: verification-done -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to krb5 in Ubuntu. https://bugs.launchpad.net/bugs/1326500 Title: libgssapi-krb5-2: segfault when mechglue loops

[Bug 1326500] Re: libgssapi-krb5-2: segfault when mechglue loops endlessly on call to gss_add_cred_from

I enabled proposed, confirmed that as I described in the initial test case gss-server segfaults with 1.12+dfsg-2ubuntu4. Then I installed libgssapi-krb5-2 from trusty-proposed. That pulled in most of the other krb5 packages as I'd expect all version 1.12+dfsg-2ubuntu5. I ran gss-server and it

[Bug 1326500] Re: libgssapi-krb5-2: segfault when mechglue loops endlessly on call to gss_add_cred_from

** Tags removed: verification-needed ** Tags added: verification-done -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1326500 Title: libgssapi-krb5-2: segfault when mechglue loops endlessly on call

Re: [Bug 1347147] Re: krb5 database operations enter infinite loop

Iain == Iain Lane i...@orangesquash.org.uk writes: Iain Thanks Sam, I've uploaded krb5. ** Changed in: krb5 (Ubuntu Iain Trusty) Status: Triaged = In Progress Hi. I haven't seen this hit proposed yet. Is that expected? What is the next step? -- You received this bug notification

Re: [Bug 1347147] Re: krb5 database operations enter infinite loop

Iain == Iain Lane i...@orangesquash.org.uk writes: Iain Thanks Sam, I've uploaded krb5. ** Changed in: krb5 (Ubuntu Iain Trusty) Status: Triaged = In Progress Hi. I haven't seen this hit proposed yet. Is that expected? What is the next step? -- You received this bug notification

[Bug 1363980] Re: kadmin.local in wrong package

Hi. Here's the rationale behind the krb5-kdc krb5-kadmin-server split. The krb5-kdc package includes the things you'd need on a traditional slave KDC. One of the key things about a slave KDC is that the database is read-only. The slave is not making any changes to the database, locally or

[Bug 1363980] Re: kadmin.local in wrong package

Hi. Here's the rationale behind the krb5-kdc krb5-kadmin-server split. The krb5-kdc package includes the things you'd need on a traditional slave KDC. One of the key things about a slave KDC is that the database is read-only. The slave is not making any changes to the database, locally or

[Bug 1347147] Re: krb5 database operations enter infinite loop

Here's an ubdated debdiff that includes the security update applied to trusty. I'm still waiting for a sponsor for this. ** Patch removed: debdiff between current trusty and linked branch

Re: [Bug 1347147] Re: krb5 database operations enter infinite loop

Robie == Robie Basak 1347...@bugs.launchpad.net writes: Robie Thanks Sam. I'm sorry I can't sponsor krb5, only triage the Robie bug and guide it through to sponsorship. It looks like you Robie know what you're doing here, so I guess we'll just need to Robie wait for a sponsor to

[Bug 1347147] Re: krb5 database operations enter infinite loop

Here's an ubdated debdiff that includes the security update applied to trusty. I'm still waiting for a sponsor for this. ** Patch removed: debdiff between current trusty and linked branch

Re: [Bug 1347147] Re: krb5 database operations enter infinite loop

Robie == Robie Basak 1347...@bugs.launchpad.net writes: Robie Thanks Sam. I'm sorry I can't sponsor krb5, only triage the Robie bug and guide it through to sponsorship. It looks like you Robie know what you're doing here, so I guess we'll just need to Robie wait for a sponsor to

[Bug 1354714] Re: buffer overrun in kadmind with ldap backend

This is fixed in Debian in 1.12.1+dfsg-87, currently in unstable. The only change between -6 (utopic) and -7 is the fix to this bug. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to krb5 in Ubuntu.

[Bug 1354714] [NEW] buffer overrun in kadmind with ldap backend

*** This bug is a security vulnerability *** Public security bug reported: Fix LDAP key data segmentation [CVE-2014-4345] For principal entries having keys with multiple kvnos (due to use of -keepold), the LDAP KDB module makes an attempt to store all the keys having the

[Bug 1354714] [NEW] buffer overrun in kadmind with ldap backend

*** This bug is a security vulnerability *** Public security bug reported: Fix LDAP key data segmentation [CVE-2014-4345] For principal entries having keys with multiple kvnos (due to use of -keepold), the LDAP KDB module makes an attempt to store all the keys having the

[Bug 1354714] Re: buffer overrun in kadmind with ldap backend

This is fixed in Debian in 1.12.1+dfsg-87, currently in unstable. The only change between -6 (utopic) and -7 is the fix to this bug. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1354714 Title:

[Bug 1352438] [NEW] Sync krb5 1.12.1+dfsg-6 (main) from Debian unstable (main)

to TAILQ macros instead of CIRCLEQ macros, to work around an issue with certain gcc versions. This is expected to resolve Ubuntu bug (LP: #1347147). [ Sam Hartman ] * Include a quick and dirty patch so we build cleanly with -O3 fixing incorrect may be uninitialized warnings

[Bug 1347147] Re: krb5 database operations enter infinite loop

I've request a krb5 sync from debian unstable in https://bugs.launchpad.net/bugs/1352438 that should fix this issue and include some needed security fixes in utopic. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to krb5 in Ubuntu.

[Bug 1352438] [NEW] Sync krb5 1.12.1+dfsg-6 (main) from Debian unstable (main)

to TAILQ macros instead of CIRCLEQ macros, to work around an issue with certain gcc versions. This is expected to resolve Ubuntu bug (LP: #1347147). [ Sam Hartman ] * Include a quick and dirty patch so we build cleanly with -O3 fixing incorrect may be uninitialized warnings

[Bug 1347147] Re: krb5 database operations enter infinite loop

I've request a krb5 sync from debian unstable in https://bugs.launchpad.net/bugs/1352438 that should fix this issue and include some needed security fixes in utopic. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1347147] Re: krb5 database operations enter infinite loop

** Description changed: - In some conditions, propagating a kerberos database to a slave KDC server can stall. + In some conditions, propagating a kerberos database to a slave KDC server or performing other database operations can stall. As we've investigated the issue, it looks like a

[Bug 1347147] Review of Bug 1347147 for nomination for a fix for trusty krb5

hi. If I'm understanding the SRU procedure correctly, I think we need to get someone to review the referenced bug for inclusion in trusty. https://bugs.launchpad.net/gcc/+bug/1347147 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to

Re: [Bug 1347147] Review of Bug 1347147 for nomination for a fix for trusty krb5

Sam == Sam Hartman hartm...@debian.org writes: Sam hi. If I'm understanding the SRU procedure correctly, I think Sam we need to get someone to review the referenced bug for Sam inclusion in trusty. Sorry, launchpad strips more mail headers than I thought it did. That was sent

[Bug 1347147] Re: krb5 database operations enter infinite loop

debdiff included ** Patch added: debdiff between current trusty and linked branch https://bugs.launchpad.net/gcc/+bug/1347147/+attachment/4166949/+files/krb5-trusty-stable.debdiff -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to

[Bug 1347147] Re: krb5 database operations enter infinite loop

** Description changed: - In some conditions, propagating a kerberos database to a slave KDC server can stall. + In some conditions, propagating a kerberos database to a slave KDC server or performing other database operations can stall. As we've investigated the issue, it looks like a

[Bug 1347147] Review of Bug 1347147 for nomination for a fix for trusty krb5

hi. If I'm understanding the SRU procedure correctly, I think we need to get someone to review the referenced bug for inclusion in trusty. https://bugs.launchpad.net/gcc/+bug/1347147 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

Re: [Bug 1347147] Review of Bug 1347147 for nomination for a fix for trusty krb5

Sam == Sam Hartman hartm...@debian.org writes: Sam hi. If I'm understanding the SRU procedure correctly, I think Sam we need to get someone to review the referenced bug for Sam inclusion in trusty. Sorry, launchpad strips more mail headers than I thought it did. That was sent

[Bug 1347147] Re: krb5 database operations enter infinite loop

debdiff included ** Patch added: debdiff between current trusty and linked branch https://bugs.launchpad.net/gcc/+bug/1347147/+attachment/4166949/+files/krb5-trusty-stable.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

Re: [Bug 1347147] Re: krb5 database propagation enters infinite loop

I'm happy to upload a new krb5 to debian so you can sync it if you want that approach. I'm also happy if Ubuntu wants to go with a binary rebuild of krb5. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to krb5 in Ubuntu.

Re: [Bug 1347147] Re: krb5 database propagation enters infinite loop

Please see https://launchpad.net/~hartmans/+archive/ubuntu/krb5 for trusty packages that should fix the problem. Can I get confirmation from Tom or someone else that without these packages trusty fails the reproduce test in comment #1 and with them, it succeeds the test proposed in comment #1?

Re: [Bug 1347147] Re: krb5 database propagation enters infinite loop

I'm sorry, can I get someone to test the packages at https://launchpad.net/~hartmans/+archive/ubuntu/ubuntu-fixes not the URI I gave in the previous message. I pulled the wrong PPA off my home page. -- You received this bug notification because you are a member of Ubuntu Server Team, which is

Re: [Bug 1347147] Re: krb5 database propagation enters infinite loop

I'm happy to upload a new krb5 to debian so you can sync it if you want that approach. I'm also happy if Ubuntu wants to go with a binary rebuild of krb5. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

Re: [Bug 1347147] Re: krb5 database propagation enters infinite loop

Please see https://launchpad.net/~hartmans/+archive/ubuntu/krb5 for trusty packages that should fix the problem. Can I get confirmation from Tom or someone else that without these packages trusty fails the reproduce test in comment #1 and with them, it succeeds the test proposed in comment #1?

Re: [Bug 1347147] Re: krb5 database propagation enters infinite loop

I'm sorry, can I get someone to test the packages at https://launchpad.net/~hartmans/+archive/ubuntu/ubuntu-fixes not the URI I gave in the previous message. I pulled the wrong PPA off my home page. -- You received this bug notification because you are a member of Ubuntu Bugs, which is

[Bug 1326500] Re: libgssapi-krb5-2: segfault when mechglue loops endlessly on call to gss_add_cred_from

With the upload of krb5 1.12.1+dfsg-3ubuntu1 to utopic, this is fixed in utopic. Any additional help I can provide getting this into trusty? ** Changed in: krb5 (Ubuntu) Status: Triaged = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team,

[Bug 1326500] Re: libgssapi-krb5-2: segfault when mechglue loops endlessly on call to gss_add_cred_from

With the upload of krb5 1.12.1+dfsg-3ubuntu1 to utopic, this is fixed in utopic. Any additional help I can provide getting this into trusty? ** Changed in: krb5 (Ubuntu) Status: Triaged = Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which

Re: [Bug 1334052] Re: package libkadm5srv-mit8 1.10.1+dfsg-6.1ubuntu1 failed to install/upgrade: libkadm5srv-mit8:all 1.12+dfsg-2ubuntu4 (Multi-Arch: no) kann nicht zusammen mit libkadm5srv-mit8 insta

Since I'd really like to see the gss infinite loop patch into trusty I'm going to update the branch for that to also include this fix and build packages. Expect a branch link in a few minutes. -- You received this bug notification because you are a member of Ubuntu Server Team, which is

[Bug 1334052] Re: package libkadm5srv-mit8 1.10.1+dfsg-6.1ubuntu1 failed to install/upgrade: libkadm5srv-mit8:all 1.12+dfsg-2ubuntu4 (Multi-Arch: no) kann nicht zusammen mit libkadm5srv-mit8 installie

See https://launchpad.net/~hartmans/+archive/ubuntu-fixes packages building. I had to upload with a different version number on the branch because that ppa already had a krb5 build. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to

Re: [Bug 1334052] Re: package libkadm5srv-mit8 1.10.1+dfsg-6.1ubuntu1 failed to install/upgrade: libkadm5srv-mit8:all 1.12+dfsg-2ubuntu4 (Multi-Arch: no) kann nicht zusammen mit libkadm5srv-mit8 insta

Since I'd really like to see the gss infinite loop patch into trusty I'm going to update the branch for that to also include this fix and build packages. Expect a branch link in a few minutes. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to

[Bug 1334052] Re: package libkadm5srv-mit8 1.10.1+dfsg-6.1ubuntu1 failed to install/upgrade: libkadm5srv-mit8:all 1.12+dfsg-2ubuntu4 (Multi-Arch: no) kann nicht zusammen mit libkadm5srv-mit8 installie

See https://launchpad.net/~hartmans/+archive/ubuntu-fixes packages building. I had to upload with a different version number on the branch because that ppa already had a krb5 build. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1332985] Re: Add the krb5-send-pr command to the ubuntu package

** Changed in: krb5 (Ubuntu) Status: New = Invalid -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to krb5 in Ubuntu. https://bugs.launchpad.net/bugs/1332985 Title: Add the krb5-send-pr command to the ubuntu package To manage

[Bug 1332985] Re: Add the krb5-send-pr command to the ubuntu package

** Changed in: krb5 (Ubuntu) Status: New = Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1332985 Title: Add the krb5-send-pr command to the ubuntu package To manage notifications

[Bug 1326500] [NEW] libgssapi-krb5-2: segfault when mechglue loops endlessly on call to gss_add_cred_from

Public bug reported: There's a bug fixed in krb5 1.12.1+dfsg-2 (just uploaded to Debian) where if a gss-api mechanism is dynamically loaded, and that mechanism uses symbols from libgssapi_krb5, and doesn't provide certain optional entry points added in krb5 1.12, then calling one of those

[Bug 1326500] Re: libgssapi-krb5-2: segfault when mechglue loops endlessly on call to gss_add_cred_from

Marking confirmed because I started tracking this down based on a report to the Moonshot project from Rhys Smith which ended up being this issue. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to krb5 in Ubuntu.

Re: [Bug 1326500] libgssapi-krb5-2: segfault when mechglue loops endlessly on call to gss_add_cred_from

Luke == Luke Howard lu...@padl.com writes: Luke How about grabbing this commit from browserid: commit Luke e51f544e6c0b92c88163d1b0f4ae110869abf070 Author: Luke Howard Luke lu...@padl.com Date: Thu Oct 24 18:10:24 2013 -0700 That's something to consider for the specific case of

[Bug 1326500] Re: libgssapi-krb5-2: segfault when mechglue loops endlessly on call to gss_add_cred_from

I've built the linked branch in ppa:hartmans/ubuntu-fixes for trusty. With these packages installed and the attached radsec.conf installed as /usr/local/etc/radsec.conf, then gss-server starts correctly as expected. Without radsec.conf installed it prints an error about being unable to acquire

[Bug 1326500] Re: libgssapi-krb5-2: segfault when mechglue loops endlessly on call to gss_add_cred_from

Here's the patch from debian krb5 1.12.1+dfsg-2 ** Patch added: 0014-Do-not-loop-on-add_cred_from-and-other-new-methods.patch https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1326500/+attachment/4125522/+files/0014-Do-not-loop-on-add_cred_from-and-other-new-methods.patch -- You received

[Bug 1326500] Re: libgssapi-krb5-2: segfault when mechglue loops endlessly on call to gss_add_cred_from

Marking confirmed because I started tracking this down based on a report to the Moonshot project from Rhys Smith which ended up being this issue. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1326500

[Bug 1326500] [NEW] libgssapi-krb5-2: segfault when mechglue loops endlessly on call to gss_add_cred_from

Public bug reported: There's a bug fixed in krb5 1.12.1+dfsg-2 (just uploaded to Debian) where if a gss-api mechanism is dynamically loaded, and that mechanism uses symbols from libgssapi_krb5, and doesn't provide certain optional entry points added in krb5 1.12, then calling one of those

Re: [Bug 1326500] libgssapi-krb5-2: segfault when mechglue loops endlessly on call to gss_add_cred_from

Luke == Luke Howard lu...@padl.com writes: Luke How about grabbing this commit from browserid: commit Luke e51f544e6c0b92c88163d1b0f4ae110869abf070 Author: Luke Howard Luke lu...@padl.com Date: Thu Oct 24 18:10:24 2013 -0700 That's something to consider for the specific case of

[Bug 1326500] Re: libgssapi-krb5-2: segfault when mechglue loops endlessly on call to gss_add_cred_from

Here's the patch from debian krb5 1.12.1+dfsg-2 ** Patch added: 0014-Do-not-loop-on-add_cred_from-and-other-new-methods.patch https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1326500/+attachment/4125522/+files/0014-Do-not-loop-on-add_cred_from-and-other-new-methods.patch -- You received

[Bug 1326500] Re: libgssapi-krb5-2: segfault when mechglue loops endlessly on call to gss_add_cred_from

I've built the linked branch in ppa:hartmans/ubuntu-fixes for trusty. With these packages installed and the attached radsec.conf installed as /usr/local/etc/radsec.conf, then gss-server starts correctly as expected. Without radsec.conf installed it prints an error about being unable to acquire

Re: [Bug 1304403] Re: Precise to Trusty - all of main - fails: Broken transition from libkadm5srv-mit8 to libkadm5srv-mit9

Martin == Martin Pitt martin.p...@ubuntu.com writes: No complains at all. I was just hoping to learn from you guys. I actually probably want this delta for wheezy-jessie. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to krb5 in

Re: [Bug 1304403] Re: Precise to Trusty - all of main - fails: Broken transition from libkadm5srv-mit8 to libkadm5srv-mit9

Martin == Martin Pitt martin.p...@ubuntu.com writes: No complains at all. I was just hoping to learn from you guys. I actually probably want this delta for wheezy-jessie. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

Re: [Bug 1304403] Re: Precise to Trusty - all of main - fails: Broken transition from libkadm5srv-mit8 to libkadm5srv-mit9

Not criticising here, but asking. At a level deeper than it causes apt to work correctly, why is adding replaces a reasonable fix? Nothing in libkdb5-7 actually replases libkadm5-mit8 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to

Re: [Bug 1304403] Re: Precise to Trusty - all of main - fails: Broken transition from libkadm5srv-mit8 to libkadm5srv-mit9

Not criticising here, but asking. At a level deeper than it causes apt to work correctly, why is adding replaces a reasonable fix? Nothing in libkdb5-7 actually replases libkadm5-mit8 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

Re: [Bug 1231459] Re: Inconsistency detected by ld.so: dl-close.c: 759: _dl_close: Assertion `map-l_init_called' failed!

Stefan == Stefan Paetow stefan.pae...@diamond.ac.uk writes: Stefan Ok, I've reinstalled the moonshot libraries, the error has Stefan gone away and there are no more segfaults. OK. So, if I'm understanding correctly the libgssapi-krb5-2 from my PPA did fix the problem. There was a

Re: [Bug 1231459] Re: Inconsistency detected by ld.so: dl-close.c: 759: _dl_close: Assertion `map-l_init_called' failed!

Stefan == Stefan Paetow stefan.pae...@diamond.ac.uk writes: Stefan Ok, I've reinstalled the moonshot libraries, the error has Stefan gone away and there are no more segfaults. OK. So, if I'm understanding correctly the libgssapi-krb5-2 from my PPA did fix the problem. There was a

Re: [Bug 1231459] Re: Inconsistency detected by ld.so: dl-close.c: 759: _dl_close: Assertion `map-l_init_called' failed!

Did you update moonshot-gs-eap?, There's a bad version the produce is that Stefan Paetow stefan.pae...@diamond.ac.uk wrote: Sam, I now get a segfault in gss-server: Reading symbols from /usr/bin/gss-server...(no debugging symbols found)...done. (gdb) set args -verbose host@localhost (gdb) run

Re: [Bug 1231459] Re: Inconsistency detected by ld.so: dl-close.c: 759: _dl_close: Assertion `map-l_init_called' failed!

OK, that's probably the cause of the segfault. I've deleted the broken packages from our debian and ubuntu archives. Unfortunately getting fixed packages to reappear is a bit annoying at the moment. The packages in http://repository.project-moonshot.org/debian-moonshot/pool/main/m/moonshot-gss-eap

Re: [Bug 1231459] Re: Inconsistency detected by ld.so: dl-close.c: 759: _dl_close: Assertion `map-l_init_called' failed!

Did you update moonshot-gs-eap?, There's a bad version the produce is that Stefan Paetow stefan.pae...@diamond.ac.uk wrote: Sam, I now get a segfault in gss-server: Reading symbols from /usr/bin/gss-server...(no debugging symbols found)...done. (gdb) set args -verbose host@localhost (gdb) run

Re: [Bug 1231459] Re: Inconsistency detected by ld.so: dl-close.c: 759: _dl_close: Assertion `map-l_init_called' failed!

OK, that's probably the cause of the segfault. I've deleted the broken packages from our debian and ubuntu archives. Unfortunately getting fixed packages to reappear is a bit annoying at the moment. The packages in http://repository.project-moonshot.org/debian-moonshot/pool/main/m/moonshot-gss-eap

[Bug 1231459] Re: Inconsistency detected by ld.so: dl-close.c: 759: _dl_close: Assertion `map-l_init_called' failed!

Stefan, I've prepared packages that should fix the problem available at https://launchpad.net/~hartmans/+archive/ubuntu-fixes that page includes instructions on how to add the archive to your system. After you do that please update at least libgssapi-krb5-2 and let us know whether it fixes

[Bug 1231459] Re: Inconsistency detected by ld.so: dl-close.c: 759: _dl_close: Assertion `map-l_init_called' failed!

Stefan, I've prepared packages that should fix the problem available at https://launchpad.net/~hartmans/+archive/ubuntu-fixes that page includes instructions on how to add the archive to your system. After you do that please update at least libgssapi-krb5-2 and let us know whether it fixes

[Bug 1231459] Re: Inconsistency detected by ld.so: dl-close.c: 759: _dl_close: Assertion `map-l_init_called' failed!

Hi. What's going on here is that it seems there are cases where on process exit, ld.so will destruct the plugins before it destructs the dlopening library. So it sets m_inited to 0. But as part of its finalizer the library tries to clean up its resources, and dlcloses the plugins. Getting you

[Bug 1231459] Re: Inconsistency detected by ld.so: dl-close.c: 759: _dl_close: Assertion `map-l_init_called' failed!

Hi. What's going on here is that it seems there are cases where on process exit, ld.so will destruct the plugins before it destructs the dlopening library. So it sets m_inited to 0. But as part of its finalizer the library tries to clean up its resources, and dlcloses the plugins. Getting you

  1   2   3   >