Your message dated Sat, 01 Jun 2013 01:18:00 +0000
with message-id <e1uiasg-00016h...@franck.debian.org>
and subject line Bug#707960: fixed in nfs-utils 1:1.2.8-3
has caused the Debian Bug report #707960,
regarding nfs-common: After upgrade to 1.2.8-2, rpc.gssd segfaults on startup
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
707960: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=707960
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: nfs-common
Version: 1:1.2.8-2
Severity: important
Dear Maintainer,
After upgrading to 1.2.8-2 as part of normal Jessie upkeep, rpc.gssd started
segfaulting immediately on startup, and I'm not really able to wrap my head
around just why. The crash happens in libgssglue, in __gss_get_mechanism_cred,
called by gss_init_sec_context, at g_init_sec_context.c:153 (still in
libgssglue).
It is rather clear that the crash happens because the copy of mglueP.h that is
shipped with the source of libgssglue does not match that which is shipped with
libkrb5. In the latter, the struct `gss_union_cred_t' has gained a new field
called `loopback', and lost its `auxinfo' field, and when inspecting the
gss_union_cred_t that has been passed to __gss_get_mechanism_cred, it clearly
matched the definition from libkrb5.
However, the fault does not seem to be lying with libgssglue, since the segafult
only happens when nfs-common is upgraded, and downgrading nfs-common back to
1.2.6-3
makes it start working again. A simple guess from my side is that nfs-common has
(erroneously?) been compiled against libkrb5 in some place where it should be
compiled
against libgssglue, perhaps? The structure and dependencies between the various
packages involved is, however, far from obvious to me. (At the face of it, it
seems like a hack, to begin with, that libgssglue has a local copy of a private
header file from MIT Kerberos.)
Whatever the problem is, it makes rpc.gssd, and therefore Kerberized NFS mounts,
entirely unusable. Fix pl0x. :)
-- Package-specific info:
-- rpcinfo --
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
100021 1 udp 33453 nlockmgr
100021 3 udp 33453 nlockmgr
100021 4 udp 33453 nlockmgr
100021 1 tcp 54248 nlockmgr
100021 3 tcp 54248 nlockmgr
100021 4 tcp 54248 nlockmgr
100007 2 udp 708 ypbind
100007 1 udp 708 ypbind
100007 2 tcp 709 ypbind
100007 1 tcp 709 ypbind
100024 1 udp 38590 status
100024 1 tcp 43595 status
-- /etc/default/nfs-common --
NEED_STATD=
STATDOPTS=
NEED_IDMAPD=yes
NEED_GSSD=yes
-- /etc/idmapd.conf --
[General]
Verbosity = 0
Pipefs-Directory = /var/lib/nfs/rpc_pipefs
Domain = dolda2000.com
[Mapping]
Nobody-User = nobody
Nobody-Group = nogroup
-- /etc/fstab --
home.nfs:/home /home nfs4 sec=krb5i
0 0
home.nfs:/usr/site /usr/site nfs hard,intr,tcp
0 0
home.nfs:/video /home/pub/video nfs4 sec=krb5i
0 0
-- /proc/mounts --
home.nfs:/home /home nfs4
rw,relatime,vers=4,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=krb5i,clientaddr=192.168.1.181,minorversion=0,local_lock=none,addr=192.168.1.1
0 0
home.nfs:/usr/site /usr/site nfs
rw,relatime,vers=3,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=192.168.1.1,mountvers=3,mountport=50152,mountproto=tcp,local_lock=none,addr=192.168.1.1
0 0
home.nfs:/video /home/pub/video nfs4
rw,relatime,vers=4,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=krb5i,clientaddr=192.168.1.181,minorversion=0,local_lock=none,addr=192.168.1.1
0 0
rpc_pipefs /var/lib/nfs/rpc_pipefs rpc_pipefs rw,relatime 0 0
-- System Information:
Debian Release: jessie/sid
APT prefers testing
APT policy: (500, 'testing'), (99, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages nfs-common depends on:
ii adduser 3.113+nmu3
ii initscripts 2.88dsf-41
ii libc6 2.17-3
ii libcap2 1:2.22-1.2
ii libcomerr2 1.42.5-1.1
ii libdevmapper1.02.1 2:1.02.74-7
ii libevent-2.0-5 2.0.19-stable-3
ii libgssglue1 0.4-2
ii libk5crypto3 1.10.1+dfsg-5
ii libkeyutils1 1.5.5-7
ii libkrb5-3 1.10.1+dfsg-5
ii libmount1 2.20.1-5.4
ii libnfsidmap2 0.25-4
ii libtirpc1 0.2.2-5
ii libwrap0 7.6.q-24
ii lsb-base 4.1+Debian9
ii rpcbind 0.2.0-8
ii ucf 3.0025+nmu3
Versions of packages nfs-common recommends:
ii python 2.7.3-5
Versions of packages nfs-common suggests:
pn open-iscsi <none>
pn watchdog <none>
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: nfs-utils
Source-Version: 1:1.2.8-3
We believe that the bug you reported is fixed in the latest version of
nfs-utils, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 707...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Steve Langasek <vor...@debian.org> (supplier of updated nfs-utils package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 31 May 2013 17:59:53 -0700
Source: nfs-utils
Binary: nfs-kernel-server nfs-common
Architecture: source amd64
Version: 1:1.2.8-3
Distribution: unstable
Urgency: low
Maintainer: Debian kernel team <debian-ker...@lists.debian.org>
Changed-By: Steve Langasek <vor...@debian.org>
Description:
nfs-common - NFS support files common to client and server
nfs-kernel-server - support for NFS kernel server
Closes: 707960
Changes:
nfs-utils (1:1.2.8-3) unstable; urgency=low
.
* Add myself as comaintainer, per <518fcece.7050...@debian.org>.
* Build --with-libgssglue, which was the default prior to 1.2.8; this
fixes a regression that makes rpc.gssd (and hence, all
Kerberos-authenticated mounts) completely useless, because objects are
being incorrectly passed between multiple gss implementations (by way of
libtirpc). Closes: #707960.
Checksums-Sha1:
a5e816978271e8017e3a0686d9dc1d62d36193e8 2299 nfs-utils_1.2.8-3.dsc
2f3061ea5113f629356e5380305cf7a7f4b9594a 38222 nfs-utils_1.2.8-3.debian.tar.bz2
d4ab41f87745802c95fcf7211e0d78bfa770c14b 144894
nfs-kernel-server_1.2.8-3_amd64.deb
9e8bad1822d988d3b61109bc9b1cfe38e337f1a6 273982 nfs-common_1.2.8-3_amd64.deb
Checksums-Sha256:
054a091d404cef6af5bc2ac80f30870817e960ec1c2533984cc1b39333441c49 2299
nfs-utils_1.2.8-3.dsc
c7292742c21800a5522b5e265cc988046df29758d8314b79038bd3076b95cd97 38222
nfs-utils_1.2.8-3.debian.tar.bz2
508c876da8b3b324bdaf0c3b32d287c42ddb7f6af93e3cab0eb37b97136f6444 144894
nfs-kernel-server_1.2.8-3_amd64.deb
215824d11cc2f3e8b62ce73e806fa70d76df31591f19998fd1e90d8fee5235bb 273982
nfs-common_1.2.8-3_amd64.deb
Files:
6a81888253ea763f929907e32c27d1a6 2299 net standard nfs-utils_1.2.8-3.dsc
4cc152a8f11870c017c0edf07aacd8d4 38222 net standard
nfs-utils_1.2.8-3.debian.tar.bz2
c40a7b71ccb96589a489dbc724edcd58 144894 net optional
nfs-kernel-server_1.2.8-3_amd64.deb
2fb343f5d8dcc4ad8d741da403a8470f 273982 net standard
nfs-common_1.2.8-3_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJRqUoWAAoJEFaNMPMhshM97NsP/1qrtNqFNwkLYlIRHmUrTB0L
lzw2GDFQB+c/rYqny+i2k9osgIIOLAz7JO2nhyCpYUtKpTR+e52Gq9LxrS++5nBW
RZTLp1m6wQgA21Ndd7d8YzmF0gTWtOsVnJAYACN/4ptY/9thPTehLyroNwrjFO9G
RNvIK3g2vfVVEGYMRHpAbpZAinJohRmTMp3wWtKN20b6LMPGyp3QfsoGDeOfTClK
WaDYII6r4CIt7PLKbbAaId7SS4oisegNnyjGdlhYbA60MXce4H9rBQ/1nVQkOOlk
raRWd/o6eHQdAg8KxcSQWLGPMc70+TNJmbLEh46weh2mEXRNYBTSRnneOM+sBSAN
mw/Kj0meKrYfJRh86AFMO7aQQyUbdtEljTfU/WfmM83dn3ITYiyH4nG9uTRKVlz6
/TWsOGXAHV5IO6kS2RS3beoNVqYaoLfvjXCa+Yvdz7Ox3X/qxpxtXHwEzBrau5tF
HaSip/NpsryooSrdQyNQqvOsAc3JziLKfbbu3uAwAdyxLnCupjkz/mCLCIyQU96B
8Su8RRZ4hWlq38CKoUUPCq4NX7MHqyDID2PVe0MJdSTzy8DdLoiWiPTRNYNbRGp3
EI4+V8DXz0At+vICzgjnUBQ+Ik/mzgKT8wVZSWoppz3oXr7QMfHAkMBXQQj9WhAu
CHfue4BuZA2karc/2H26
=VpjM
-----END PGP SIGNATURE-----
--- End Message ---
