** Description changed: + == SRU JUSTIFICATION == + + [Impact] + + Chrome (and other things) crash when Kerberos fails to authenticate: + https://bugs.chromium.org/p/chromium/issues/detail?id=554905 + + Thread 22 "Chrome_IOThread" received signal SIGSEGV, Segmentation fault. + [Switching to Thread 0x7fffdd687700 (LWP 14851)] + spnego_gss_inquire_context (minor_status=0x7fffdd68573c, context_handle=0x0, src_name=0x7fffdd685670, targ_name=0x7fffdd685668, + lifetime_rec=0x7fffdd685738, mech_type=0x7fffdd685660, ctx_flags=0x7fffdd685734, locally_initiated=0x7fffdd685730, opened=0x7fffdd68572c) + at ../../../../src/lib/gssapi/spnego/spnego_mech.c:2315 + 2315 ../../../../src/lib/gssapi/spnego/spnego_mech.c: No such file or directory. + (gdb) bt + #0 spnego_gss_inquire_context (minor_status=0x7fffdd68573c, context_handle=0x0, src_name=0x7fffdd685670, targ_name=0x7fffdd685668, + lifetime_rec=0x7fffdd685738, mech_type=0x7fffdd685660, ctx_flags=0x7fffdd685734, locally_initiated=0x7fffdd685730, opened=0x7fffdd68572c) + at ../../../../src/lib/gssapi/spnego/spnego_mech.c:2315 + #1 0x00007fffef72be54 in gss_inquire_context (minor_status=0x7fffdd68573c, context_handle=<optimized out>, src_name=0x7fffdd685788, + targ_name=0x7fffdd685750, lifetime_rec=0x7fffdd685738, mech_type=0x7fffdd685780, ctx_flags=0x7fffdd685734, locally_initiated=0x7fffdd685730, + opened=0x7fffdd68572c) at ../../../../src/lib/gssapi/mechglue/g_inq_context.c:114 + + + [Test Case] + + * Reproducer + + It needs Kerberos to fail, while another mechanism is possible. + So fix up the packaging errors noted in bug 1648898 so that GSS-NTLMSSP is actually registered properly, then just KRB5CCNAME=/dev/null google-chrome $SOME_URL_WHICH_USES_NEGOTIATE_AUTH + + [Regression Potential] + + * none expected Y and Z release already has the krb5 upstream patch. + * This was fixed in MIT krb5 in January: + https://github.com/krb5/krb5/pull/385 + + [Other Info] + + + [Original Description] + The gss-ntlmssp package installs a file in /etc/gss/mech.d which is supposed to make it get loaded. It doesn't work for two reason. Firstly, it gets completely ignored because its filename doesn't end in ".conf". Secondly, it contains an incorrect entry for the shared library path. So we end up doing this: - stat("/usr/lib/x86_64-linux-gnu/gss/${prefix}/lib/x86_64-linux-gnu/gssntlmssp/gssntlmssp.so", 0x7ffca5870a90) = -1 ENOENT (No such file or directory) + stat("/usr/lib/x86_64-linux-gnu/gss/${prefix}/lib/x86_64-linux-gnu/gssntlmssp/gssntlmssp.so", 0x7ffca5870a90) = -1 ENOENT (No such file or directory)
** Description changed: - == SRU JUSTIFICATION == - - [Impact] - - Chrome (and other things) crash when Kerberos fails to authenticate: - https://bugs.chromium.org/p/chromium/issues/detail?id=554905 - - Thread 22 "Chrome_IOThread" received signal SIGSEGV, Segmentation fault. - [Switching to Thread 0x7fffdd687700 (LWP 14851)] - spnego_gss_inquire_context (minor_status=0x7fffdd68573c, context_handle=0x0, src_name=0x7fffdd685670, targ_name=0x7fffdd685668, - lifetime_rec=0x7fffdd685738, mech_type=0x7fffdd685660, ctx_flags=0x7fffdd685734, locally_initiated=0x7fffdd685730, opened=0x7fffdd68572c) - at ../../../../src/lib/gssapi/spnego/spnego_mech.c:2315 - 2315 ../../../../src/lib/gssapi/spnego/spnego_mech.c: No such file or directory. - (gdb) bt - #0 spnego_gss_inquire_context (minor_status=0x7fffdd68573c, context_handle=0x0, src_name=0x7fffdd685670, targ_name=0x7fffdd685668, - lifetime_rec=0x7fffdd685738, mech_type=0x7fffdd685660, ctx_flags=0x7fffdd685734, locally_initiated=0x7fffdd685730, opened=0x7fffdd68572c) - at ../../../../src/lib/gssapi/spnego/spnego_mech.c:2315 - #1 0x00007fffef72be54 in gss_inquire_context (minor_status=0x7fffdd68573c, context_handle=<optimized out>, src_name=0x7fffdd685788, - targ_name=0x7fffdd685750, lifetime_rec=0x7fffdd685738, mech_type=0x7fffdd685780, ctx_flags=0x7fffdd685734, locally_initiated=0x7fffdd685730, - opened=0x7fffdd68572c) at ../../../../src/lib/gssapi/mechglue/g_inq_context.c:114 - - - [Test Case] - - * Reproducer - - It needs Kerberos to fail, while another mechanism is possible. - So fix up the packaging errors noted in bug 1648898 so that GSS-NTLMSSP is actually registered properly, then just KRB5CCNAME=/dev/null google-chrome $SOME_URL_WHICH_USES_NEGOTIATE_AUTH - - [Regression Potential] - - * none expected Y and Z release already has the krb5 upstream patch. - * This was fixed in MIT krb5 in January: - https://github.com/krb5/krb5/pull/385 - - [Other Info] - - - [Original Description] - The gss-ntlmssp package installs a file in /etc/gss/mech.d which is supposed to make it get loaded. It doesn't work for two reason. Firstly, it gets completely ignored because its filename doesn't end in ".conf". Secondly, it contains an incorrect entry for the shared library path. So we end up doing this: stat("/usr/lib/x86_64-linux-gnu/gss/${prefix}/lib/x86_64-linux-gnu/gssntlmssp/gssntlmssp.so", 0x7ffca5870a90) = -1 ENOENT (No such file or directory) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1648898 Title: Installed package does not work To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gss-ntlmssp/+bug/1648898/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
