Debian Bug report logs - #453241
libpam-heimdal: After recent NMU, my amd64 box is inaccessable (pam_session/account)

version graph

Package: heimdal; Maintainer for heimdal is Brian May <bam@debian.org>;

Reported by: Richard A Nelson <cowboy@debian.org>

Date: Tue, 27 Nov 2007 22:45:01 UTC

Severity: critical

Tags: confirmed

Merged with 492427

Found in version 1.2.dfsg.1-1

Fixed in versions heimdal/1.1-3, heimdal/1.2.dfsg.1-2

Done: Brian May <bam@snoopy.debian.net>

Bug is archived. No further changes may be made.

Forwarded to heimdal-bugs@h5l.se

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Matthijs Mohlmann <matthijs@cacholong.nl>:
Bug#453241; Package libpam-heimdal. Full text and rfc822 format available.

Acknowledgement sent to Richard A Nelson <cowboy@debian.org>:
New Bug report received and forwarded. Copy sent to Matthijs Mohlmann <matthijs@cacholong.nl>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Richard A Nelson <cowboy@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: libpam-heimdal: After recent NMU, my amd64 box is inaccessable (pam_session/account)
Date: Tue, 27 Nov 2007 22:29:30 +0000
Package: libpam-heimdal
Version: 2.6-1+b1
Severity: critical
Justification: breaks unrelated software

The amd64 box is also the KDC, i386 box running as slave KDC, and i386
client boxen all are working fine with the same pam configuration.

removing pam_krb5 from both the account and session stacks allows
further ssh/etc access (auth works, and I've not yet tried password).

The lines were:
...
account [success=done default=ignore] pam_krb5.so minimum_uid=999 debug
...
session optional    pam_krb5.so minimum_uid=999 debug
...

I note that ssh always fails, telnet succeeds (but is only on a few
of the boxes), I'm not sure about other remote access methods.

Dropping back to 2.6-1 makes things work...  Interestingly, there is an
unexplained difference in ldd output:

2.6-1:
        linux-vdso.so.1 =>  (0x00007fffc35fd000)
        libpam.so.0 => /lib/libpam.so.0 (0x00002b60e75f0000)
        libkrb5.so.17 => /usr/lib/libkrb5.so.17 (0x00002b60e77fa000)
        libcom_err.so.2 => /lib/libcom_err.so.2 (0x00002b60e7952000)
        libc.so.6 => /lib/libc.so.6 (0x00002b60e7b54000)
        libdl.so.2 => /lib/libdl.so.2 (0x00002b60e7eb2000)
        libcrypto.so.0.9.8 => /usr/lib/libcrypto.so.0.9.8 (0x00002b60e80b7000)
        libasn1.so.6 => /usr/lib/libasn1.so.6 (0x00002b60e8444000)
        libroken.so.16 => /usr/lib/libroken.so.16 (0x00002b60e8578000)
        libcrypt.so.1 => /lib/libcrypt.so.1 (0x00002b60e868c000)
        libresolv.so.2 => /lib/libresolv.so.2 (0x00002b60e88c4000)
        libpthread.so.0 => /lib/libpthread.so.0 (0x00002b60e8ad9000)
        /lib64/ld-linux-x86-64.so.2 (0x0000555555554000)
        libz.so.1 => /usr/lib/libz.so.1 (0x00002b60e8cf5000)
        libdb-4.2.so => /usr/lib/libdb-4.2.so (0x00002b60e8f0c000)

2.6-1+b1:
        linux-vdso.so.1 =>  (0x00007fff26ffd000)
        libpam.so.0 => /lib/libpam.so.0 (0x00002baa83d87000)
        libkrb5.so.22 => /usr/lib/libkrb5.so.22 (0x00002baa83f91000)
        libcom_err.so.2 => /lib/libcom_err.so.2 (0x00002baa84200000)
        libc.so.6 => /lib/libc.so.6 (0x00002baa84402000)
        libdl.so.2 => /lib/libdl.so.2 (0x00002baa84760000)
        libhx509.so.1 => /usr/lib/libhx509.so.1 (0x00002baa84965000)
        libcrypto.so.0.9.8 => /usr/lib/libcrypto.so.0.9.8 (0x00002baa84ba4000)
        libasn1.so.8 => /usr/lib/libasn1.so.8 (0x00002baa84f31000)
        libroken.so.18 => /usr/lib/libroken.so.18 (0x00002baa851b4000)
        libcrypt.so.1 => /lib/libcrypt.so.1 (0x00002baa853c8000)
        libresolv.so.2 => /lib/libresolv.so.2 (0x00002baa85600000)
        libpthread.so.0 => /lib/libpthread.so.0 (0x00002baa85816000)
        /lib64/ld-linux-x86-64.so.2 (0x0000555555554000)
        libz.so.1 => /usr/lib/libz.so.1 (0x00002baa85a31000)

Th differences in libkrb5, libasn1, libroken are explainable by building
against the newer heimdal-dev packages

The missing libdb-4.2, however seems odd.

-- System Information:
Debian Release: lenny/sid
  APT prefers testing-proposed-updates
  APT policy: (500, 'testing-proposed-updates'), (500, 'proposed-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.23 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libpam-heimdal depends on:
ii  libc6                         2.7-2      GNU C Library: Shared libraries
ii  libcomerr2                    1.40.2-1   common error description library
ii  libkrb5-22-heimdal            1.0.1-4    Heimdal Kerberos - libraries
ii  libpam0g                      0.99.7.1-5 Pluggable Authentication Modules l

libpam-heimdal recommends no packages.

-- no debconf information




Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#453241; Package libpam-heimdal. Full text and rfc822 format available.

Acknowledgement sent to Matthijs Mohlmann <matthijs@cacholong.nl>:
Extra info received and forwarded to list. Full text and rfc822 format available.

Message #10 received at 453241@bugs.debian.org (full text, mbox):

From: Matthijs Mohlmann <matthijs@cacholong.nl>
To: 453241@bugs.debian.org
Subject: Re: libpam-heimdal: After recent NMU, my amd64 box is inaccessable (pam_session/account)
Date: Sun, 09 Dec 2007 15:16:44 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I do not have a AMD64 box to test it. I have put packages for 3.9
online. Can you please test those ?

http://www.cacholong.nl/~matthijs/libpam-heimdal/

The missing libdb-4.2 is possible due to better dependency tracking.

Regards,

Matthijs Mohlmann

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHW/jL2n1ROIkXqbARAnmDAKCVtl2wW0Z3kaCFYo4qdNapZWzGSQCgm6m0
vR9H+GzCP+AU9Wd6ATxTSlU=
=NGq6
-----END PGP SIGNATURE-----




Information forwarded to debian-bugs-dist@lists.debian.org, Matthijs Mohlmann <matthijs@cacholong.nl>:
Bug#453241; Package libpam-heimdal. Full text and rfc822 format available.

Acknowledgement sent to Richard A Nelson <cowboy@debian.org>:
Extra info received and forwarded to list. Copy sent to Matthijs Mohlmann <matthijs@cacholong.nl>. Full text and rfc822 format available.

Message #15 received at 453241@bugs.debian.org (full text, mbox):

From: Richard A Nelson <cowboy@debian.org>
To: 453241@bugs.debian.org
Cc: Matthijs Mohlmann <matthijs@cacholong.nl>
Subject: After recent NMU, my amd64 box is inaccessable (pam_session/account)
Date: Mon, 24 Dec 2007 12:10:34 -0800 (PST)
Somehow, I didn't get a copy of your note, sorry it has taken so long :(

Anyway,  I downloaded and rebuilt for amd64 the package and ssh still
segfaults :(

libpam-krb, however works fine.

-- 
Rick Nelson
Oh, I've seen copies [of Linux Journal] around the terminal room at The Labs.
		-- Dennis Ritchie




Information forwarded to debian-bugs-dist@lists.debian.org, Matthijs Mohlmann <matthijs@cacholong.nl>:
Bug#453241; Package libpam-heimdal. Full text and rfc822 format available.

Acknowledgement sent to Richard A Nelson <cowboy@debian.org>:
Extra info received and forwarded to list. Copy sent to Matthijs Mohlmann <matthijs@cacholong.nl>. Full text and rfc822 format available.

Message #20 received at 453241@bugs.debian.org (full text, mbox):

From: Richard A Nelson <cowboy@debian.org>
To: 453241@bugs.debian.org
Cc: Matthijs Mohlmann <matthijs@cacholong.nl>
Subject: Re: After recent NMU, my amd64 box is inaccessable (pam_session/account)
Date: Mon, 24 Dec 2007 12:18:02 -0800 (PST)
On Mon, 24 Dec 2007, Richard A Nelson wrote:

> libpam-krb, however works fine.

For various (and poor) values of works fine - no segfault, but
it does not obtain tokens:

Dec 24 20:14:54 el-ghor sshd[27171]: (pam_krb5): none: bad time value
for renew_lifetime: Invalid format of Kerberos lifetime or clock skew
string
Dec 24 20:14:54 el-ghor sshd[27171]: (pam_krb5): none: bad time value
for ticket_lifetime: Invalid format of Kerberos lifetime or clock skew
string

-- 
Rick Nelson
Check it out, send me comments, and dance joyously in the streets,
		-- Linus Torvalds announcing 2.0.27




Information forwarded to debian-bugs-dist@lists.debian.org, Matthijs Mohlmann <matthijs@cacholong.nl>:
Bug#453241; Package libpam-heimdal. Full text and rfc822 format available.

Acknowledgement sent to Richard Nelson <cowboy@debian.org>:
Extra info received and forwarded to list. Copy sent to Matthijs Mohlmann <matthijs@cacholong.nl>. Full text and rfc822 format available.

Message #25 received at 453241@bugs.debian.org (full text, mbox):

From: Richard Nelson <cowboy@debian.org>
To: 453241@bugs.debian.org
Subject: still broken
Date: Sun, 13 Apr 2008 04:11:07 +0000
# /usr/sbin/sshd -Dddd >~/log 2>&1
Segmentation fault

The last lines of log:
debug3: mm_auth_password entering
debug3: mm_request_send entering: type 11
debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD
debug3: mm_request_receive_expect entering: type 12
debug3: mm_request_receive entering
debug3: monitor_read: checking request 11
debug1: do_cleanup
debug1: PAM: cleanup
debug3: PAM: sshpam_thread_cleanup entering

gdb isn't very helpful
Program received signal SIGSEGV, Segmentation fault.
0x00002acda6fe7af2 in ?? ()
(gdb) bt
#0  0x00002acda6fe7af2 in ?? ()
#1  0x00002acda692ad86 in ?? ()
#2  0x0000000000000050 in ?? ()
#3  0x0000000000000001 in ?? ()
#4  0x00007fff05c7cf10 in ?? ()
#5  0x0000000000000000 in ?? ()
(gdb) quit
The program is running.  Exit anyway? (y or n) y
debug1: do_cleanup
debug1: PAM: cleanup
debug3: PAM: sshpam_thread_cleanup entering

I installed libpam-dbg, but still didn't get any information

removing pam_krb5 from /etc/pam.d/common-auth fixes the problem




Information forwarded to debian-bugs-dist@lists.debian.org, Matthijs Mohlmann <matthijs@cacholong.nl>:
Bug#453241; Package libpam-heimdal. Full text and rfc822 format available.

Acknowledgement sent to Richard Nelson <cowboy@cavein.org>:
Extra info received and forwarded to list. Copy sent to Matthijs Mohlmann <matthijs@cacholong.nl>. Full text and rfc822 format available.

Message #30 received at 453241@bugs.debian.org (full text, mbox):

From: Richard Nelson <cowboy@cavein.org>
To: 453241@bugs.debian.org
Subject: Re: still broken
Date: Sun, 13 Apr 2008 04:33:04 +0000
Ah, a little more information - this segv only happens when using
password authentication (ssh keys work fine)

sshd_config has
UsePAM yes
PubkeyAuthentication yes
PasswordAuthentication yes
ChallengeResponseAuthentication no

Richard Nelson wrote:
> # /usr/sbin/sshd -Dddd >~/log 2>&1
> Segmentation fault
> 
> The last lines of log:
> debug3: mm_auth_password entering
> debug3: mm_request_send entering: type 11
> debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD
> debug3: mm_request_receive_expect entering: type 12
> debug3: mm_request_receive entering
> debug3: monitor_read: checking request 11
> debug1: do_cleanup
> debug1: PAM: cleanup
> debug3: PAM: sshpam_thread_cleanup entering
> 
> gdb isn't very helpful
> Program received signal SIGSEGV, Segmentation fault.
> 0x00002acda6fe7af2 in ?? ()
> (gdb) bt
> #0  0x00002acda6fe7af2 in ?? ()
> #1  0x00002acda692ad86 in ?? ()
> #2  0x0000000000000050 in ?? ()
> #3  0x0000000000000001 in ?? ()
> #4  0x00007fff05c7cf10 in ?? ()
> #5  0x0000000000000000 in ?? ()
> (gdb) quit
> The program is running.  Exit anyway? (y or n) y
> debug1: do_cleanup
> debug1: PAM: cleanup
> debug3: PAM: sshpam_thread_cleanup entering
> 
> I installed libpam-dbg, but still didn't get any information
> 
> removing pam_krb5 from /etc/pam.d/common-auth fixes the problem
> 





Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#453241; Package libpam-heimdal. Full text and rfc822 format available.

Acknowledgement sent to Matthijs Mohlmann <matthijs@cacholong.nl>:
Extra info received and forwarded to list. Full text and rfc822 format available.

Message #35 received at 453241@bugs.debian.org (full text, mbox):

From: Matthijs Mohlmann <matthijs@cacholong.nl>
To: Richard Nelson <cowboy@cavein.org>, 453241@bugs.debian.org, Russ Allbery <rra@debian.org>
Subject: Re: Bug#453241: still broken
Date: Sun, 13 Apr 2008 09:59:35 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Can you try with ssh and debugging symbols on ? Probably you get more
information with gdb then.

I'll ask also the upstream maintainer.

Russ: Can you take a look at this bug report. It seems that sshd is
segfaulting on AMD64 when using the libpam-heimdal module. I do not have
a AMD64 box, so it's almost impossible for me to test.

Regards,

Matthijs Mohlmann

Richard Nelson wrote:
> Ah, a little more information - this segv only happens when using
> password authentication (ssh keys work fine)
> 
> sshd_config has
> UsePAM yes
> PubkeyAuthentication yes
> PasswordAuthentication yes
> ChallengeResponseAuthentication no
> 
> Richard Nelson wrote:
>> # /usr/sbin/sshd -Dddd >~/log 2>&1
>> Segmentation fault
>>
>> The last lines of log:
>> debug3: mm_auth_password entering
>> debug3: mm_request_send entering: type 11
>> debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD
>> debug3: mm_request_receive_expect entering: type 12
>> debug3: mm_request_receive entering
>> debug3: monitor_read: checking request 11
>> debug1: do_cleanup
>> debug1: PAM: cleanup
>> debug3: PAM: sshpam_thread_cleanup entering
>>
>> gdb isn't very helpful
>> Program received signal SIGSEGV, Segmentation fault.
>> 0x00002acda6fe7af2 in ?? ()
>> (gdb) bt
>> #0  0x00002acda6fe7af2 in ?? ()
>> #1  0x00002acda692ad86 in ?? ()
>> #2  0x0000000000000050 in ?? ()
>> #3  0x0000000000000001 in ?? ()
>> #4  0x00007fff05c7cf10 in ?? ()
>> #5  0x0000000000000000 in ?? ()
>> (gdb) quit
>> The program is running.  Exit anyway? (y or n) y
>> debug1: do_cleanup
>> debug1: PAM: cleanup
>> debug3: PAM: sshpam_thread_cleanup entering
>>
>> I installed libpam-dbg, but still didn't get any information
>>
>> removing pam_krb5 from /etc/pam.d/common-auth fixes the problem
>>
> 
> 
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIAb1n2n1ROIkXqbARAuG7AJ9glEncS6jvQie2UhnY4ya5Tk91HACbBKEp
sgyobGhwwaO6vxCDg4TQb0U=
=9KMZ
-----END PGP SIGNATURE-----




Information forwarded to debian-bugs-dist@lists.debian.org, Matthijs Mohlmann <matthijs@cacholong.nl>:
Bug#453241; Package libpam-heimdal. Full text and rfc822 format available.

Acknowledgement sent to Russ Allbery <rra@debian.org>:
Extra info received and forwarded to list. Copy sent to Matthijs Mohlmann <matthijs@cacholong.nl>. Full text and rfc822 format available.

Message #40 received at 453241@bugs.debian.org (full text, mbox):

From: Russ Allbery <rra@debian.org>
To: Matthijs Mohlmann <matthijs@cacholong.nl>
Cc: Richard Nelson <cowboy@cavein.org>, 453241@bugs.debian.org
Subject: Re: Bug#453241: still broken
Date: Sun, 13 Apr 2008 01:17:03 -0700
Matthijs Mohlmann <matthijs@cacholong.nl> writes:

> Can you try with ssh and debugging symbols on ? Probably you get more
> information with gdb then.
>
> I'll ask also the upstream maintainer.
>
> Russ: Can you take a look at this bug report. It seems that sshd is
> segfaulting on AMD64 when using the libpam-heimdal module. I do not have
> a AMD64 box, so it's almost impossible for me to test.

If the Heimdal libraries have debugging symbols, that's what you'd need to
install in order to get a reasonable backtrace.  I'm not aware of any
current problems that would cause this and I'm fairly sure that the module
does work fine on AMD64 with MIT Kerberos.  There are no warnings in the
build logs that point to any obvious differences between Heimdal and MIT
Kerberos, so knowing where it's segfaulting would help at trying to track
down what's apparently different between the two.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>




Information forwarded to debian-bugs-dist@lists.debian.org, Matthijs Mohlmann <matthijs@cacholong.nl>:
Bug#453241; Package libpam-heimdal. Full text and rfc822 format available.

Acknowledgement sent to Richard A Nelson <cowboy@cavein.org>:
Extra info received and forwarded to list. Copy sent to Matthijs Mohlmann <matthijs@cacholong.nl>. Full text and rfc822 format available.

Message #45 received at 453241@bugs.debian.org (full text, mbox):

From: Richard A Nelson <cowboy@cavein.org>
To: Matthijs Mohlmann <matthijs@cacholong.nl>
Cc: 453241@bugs.debian.org, Russ Allbery <rra@debian.org>, debian-ssh@lists.debian.org
Subject: Re: Bug#453241: still broken (and partly openssh's fault)
Date: Fri, 18 Apr 2008 16:51:05 -0700 (PDT)
On Sun, 13 Apr 2008, Matthijs Mohlmann wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
>
> Can you try with ssh and debugging symbols on ? Probably you get more
> information with gdb then.

Being that there are no debug packages for openssh, I rebuilt it
on a current Sid machine (with debugging enabled).

> I'll ask also the upstream maintainer.
>
> Russ: Can you take a look at this bug report. It seems that sshd is
> segfaulting on AMD64 when using the libpam-heimdal module. I do not have
> a AMD64 box, so it's almost impossible for me to test.

I found some odd news!

After building openssh on a recent Sid box, the pam account module
now works as expected - no segv :)  This, along with the fact that
there's a new openssh version (with supposed changes in this area),
makes it seem like getting ssh rebuilt soon is a good idea !

However, the session module still blows chunks, and since it is called
by the subordinate (unpriviledged) thread, I don't know how to trap it:

Accepted publickey for renegade from 9.30.102.134 port 53147 ssh2
debug1: monitor_child_preauth: renegade has been authenticated by
privileged process
debug3: mm_get_keystate: Waiting for new keys
debug3: mm_request_receive_expect entering: type 25
debug3: mm_request_receive entering
debug3: mm_newkeys_from_blob: 0x7fee6df93ed0(128)
debug2: mac_setup: found hmac-md5
debug3: mm_get_keystate: Waiting for second key
debug3: mm_newkeys_from_blob: 0x7fee6df93ed0(128)
debug2: mac_setup: found hmac-md5
debug3: mm_get_keystate: Getting compression state
debug3: mm_get_keystate: Getting Network I/O buffers
debug3: mm_share_sync: Share sync
debug3: mm_share_sync: Share sync end
debug1: temporarily_use_uid: 2007/2000 (e=0/2000)
debug1: ssh_gssapi_storecreds: Not a GSSAPI mechanism
debug1: restore_uid: 0/2000
debug3: PAM: opening session
debug2: User child is on pid 30175
debug3: mm_request_receive entering
debug1: do_cleanup
debug1: PAM: cleanup
debug3: PAM: sshpam_thread_cleanup entering

Program exited with code 0377.

Note that it also fails if I do use GSSAPI (instead of ssh key, like
the example shown above).

>
> Regards,
>
> Matthijs Mohlmann
>
> Richard Nelson wrote:
>> Ah, a little more information - this segv only happens when using
>> password authentication (ssh keys work fine)
>>
>> sshd_config has
>> UsePAM yes
>> PubkeyAuthentication yes
>> PasswordAuthentication yes
>> ChallengeResponseAuthentication no
>>
>> Richard Nelson wrote:
>>> # /usr/sbin/sshd -Dddd >~/log 2>&1
>>> Segmentation fault
>>>
>>> The last lines of log:
>>> debug3: mm_auth_password entering
>>> debug3: mm_request_send entering: type 11
>>> debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD
>>> debug3: mm_request_receive_expect entering: type 12
>>> debug3: mm_request_receive entering
>>> debug3: monitor_read: checking request 11
>>> debug1: do_cleanup
>>> debug1: PAM: cleanup
>>> debug3: PAM: sshpam_thread_cleanup entering
>>>
>>> gdb isn't very helpful
>>> Program received signal SIGSEGV, Segmentation fault.
>>> 0x00002acda6fe7af2 in ?? ()
>>> (gdb) bt
>>> #0  0x00002acda6fe7af2 in ?? ()
>>> #1  0x00002acda692ad86 in ?? ()
>>> #2  0x0000000000000050 in ?? ()
>>> #3  0x0000000000000001 in ?? ()
>>> #4  0x00007fff05c7cf10 in ?? ()
>>> #5  0x0000000000000000 in ?? ()
>>> (gdb) quit
>>> The program is running.  Exit anyway? (y or n) y
>>> debug1: do_cleanup
>>> debug1: PAM: cleanup
>>> debug3: PAM: sshpam_thread_cleanup entering
>>>
>>> I installed libpam-dbg, but still didn't get any information
>>>
>>> removing pam_krb5 from /etc/pam.d/common-auth fixes the problem
>>>
>>
>>
>>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFIAb1n2n1ROIkXqbARAuG7AJ9glEncS6jvQie2UhnY4ya5Tk91HACbBKEp
> sgyobGhwwaO6vxCDg4TQb0U=
> =9KMZ
> -----END PGP SIGNATURE-----
>

-- 
Rick Nelson
Life'll kill ya                         -- Warren Zevon
Then you'll be dead                     -- Life'll kill ya




Information forwarded to debian-bugs-dist@lists.debian.org, Matthijs Mohlmann <matthijs@cacholong.nl>:
Bug#453241; Package libpam-heimdal. Full text and rfc822 format available.

Acknowledgement sent to Russ Allbery <rra@debian.org>:
Extra info received and forwarded to list. Copy sent to Matthijs Mohlmann <matthijs@cacholong.nl>. Full text and rfc822 format available.

Message #50 received at 453241@bugs.debian.org (full text, mbox):

From: Russ Allbery <rra@debian.org>
To: Richard A Nelson <cowboy@cavein.org>
Cc: Matthijs Mohlmann <matthijs@cacholong.nl>, 453241@bugs.debian.org, debian-ssh@lists.debian.org, Brian May <bam@snoopy.debian.net>
Subject: Re: Bug#453241: still broken (and partly openssh's fault)
Date: Mon, 21 Apr 2008 19:39:02 -0700
Richard A Nelson <cowboy@cavein.org> writes:

> I found some odd news!
>
> After building openssh on a recent Sid box, the pam account module
> now works as expected - no segv :)  This, along with the fact that
> there's a new openssh version (with supposed changes in this area),
> makes it seem like getting ssh rebuilt soon is a good idea !
>
> However, the session module still blows chunks, and since it is called
> by the subordinate (unpriviledged) thread, I don't know how to trap it:

I spent an hour this evening tracking this down.  The problem is that
Heimdal isn't using symbol versioning in its shared libraries.
libpam-heimdal therefore binds to unversioned symbols, which works fine if
the calling program doesn't load any other Kerberos library.  However,
OpenSSH is linked with MIT Kerberos, and therefore at run time the
unversioned libpam-heimdal symbols are bound to the MIT Kerberos version
of libkrb5 which is already loaded in memory and chaos ensues.  valgrind
was the debugging tool that finally gave me the necessary clue.  The
segfault kept showing up with backtraces inside libkrb5.3.3 instead of
libkrb5.24.0.0.

The specific crashes that you're seeing are inside the profile library
calls, but that's just because that's the first significant Kerberos
library code that the PAM module calls that differs between MIT Kerberos
and Heimdal.

This is a bug in the Debian Heimdal packages, I believe.  They used to use
symbol versioning precisely because of this problem; see Bug#205592 which
was closed in 0.6-4.  It looks like that was lost or dropped somewhere
along the way.

I'm copying Brian May on this.  I think the bug should probably be
reassigned to the heimdal source package.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>




Bug reassigned from package `libpam-heimdal' to `heimdal'. Request was from Richard A Nelson <cowboy@debian.org> to control@bugs.debian.org. (Sat, 26 Apr 2008 18:12:04 GMT) Full text and rfc822 format available.

Severity set to `serious' from `critical' Request was from Richard A Nelson <cowboy@debian.org> to control@bugs.debian.org. (Sat, 26 Apr 2008 18:12:05 GMT) Full text and rfc822 format available.

Tags added: confirmed Request was from Richard A Nelson <cowboy@debian.org> to control@bugs.debian.org. (Sat, 26 Apr 2008 18:12:06 GMT) Full text and rfc822 format available.

Severity set to `critical' from `serious' Request was from Richard A Nelson <cowboy@debian.org> to control@bugs.debian.org. (Sat, 26 Apr 2008 18:30:05 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Brian May <bam@snoopy.debian.net>:
Bug#453241; Package heimdal. Full text and rfc822 format available.

Acknowledgement sent to Richard A Nelson <cowboy@debian.org>:
Extra info received and forwarded to list. Copy sent to Brian May <bam@snoopy.debian.net>. Full text and rfc822 format available.

Message #63 received at 453241@bugs.debian.org (full text, mbox):

From: Richard A Nelson <cowboy@debian.org>
To: Russ Allbery <rra@debian.org>
Cc: Matthijs Mohlmann <matthijs@cacholong.nl>, 453241@bugs.debian.org, debian-ssh@lists.debian.org, Brian May <bam@snoopy.debian.net>
Subject: Re: Bug#453241: still broken (and partly openssh's fault)
Date: Sat, 26 Apr 2008 11:35:00 -0700 (PDT)
On Mon, 21 Apr 2008, Russ Allbery wrote:

> I spent an hour this evening tracking this down.  The problem is that
> Heimdal isn't using symbol versioning in its shared libraries.
> libpam-heimdal therefore binds to unversioned symbols, which works fine if
> the calling program doesn't load any other Kerberos library.  However,
> OpenSSH is linked with MIT Kerberos, and therefore at run time the
> unversioned libpam-heimdal symbols are bound to the MIT Kerberos version
> of libkrb5 which is already loaded in memory and chaos ensues.  valgrind
> was the debugging tool that finally gave me the necessary clue.  The
> segfault kept showing up with backtraces inside libkrb5.3.3 instead of
> libkrb5.24.0.0.

Thanks for the effort - and the education,  I've used valgrind, but
never for something like this

> This is a bug in the Debian Heimdal packages, I believe.  They used to use
> symbol versioning precisely because of this problem; see Bug#205592 which
> was closed in 0.6-4.  It looks like that was lost or dropped somewhere
> along the way.

Most likely with the recent bump to the 1.x series - looks like a big
source and packaging change; I ran into another fallout of the packaging
change (already fixed)

> I'm copying Brian May on this.  I think the bug should probably be
> reassigned to the heimdal source package.

Reassigned...   Fortunately, there aren't that many packages that depend
upon Heimdal, as they'll all need rebuilding after Heimdal is updated.

-- 
Rick Nelson
Life'll kill ya                         -- Warren Zevon
Then you'll be dead                     -- Life'll kill ya




Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#453241; Package heimdal. Full text and rfc822 format available.

Acknowledgement sent to Brian May <bam@snoopy.debian.net>:
Extra info received and forwarded to list. Full text and rfc822 format available.

Message #68 received at 453241@bugs.debian.org (full text, mbox):

From: Brian May <bam@snoopy.debian.net>
To: Russ Allbery <rra@debian.org>
Cc: Richard A Nelson <cowboy@cavein.org>, Matthijs Mohlmann <matthijs@cacholong.nl>, 453241@bugs.debian.org, debian-ssh@lists.debian.org
Subject: Re: Bug#453241: still broken (and partly openssh's fault)
Date: Tue, 29 Apr 2008 09:20:58 +1000
Russ Allbery wrote:
> I spent an hour this evening tracking this down.  The problem is that
> Heimdal isn't using symbol versioning in its shared libraries.
> libpam-heimdal therefore binds to unversioned symbols, which works fine if
> the calling program doesn't load any other Kerberos library.  However,
> OpenSSH is linked with MIT Kerberos, and therefore at run time the
> unversioned libpam-heimdal symbols are bound to the MIT Kerberos version
> of libkrb5 which is already loaded in memory and chaos ensues.  valgrind
> was the debugging tool that finally gave me the necessary clue.  The
> segfault kept showing up with backtraces inside libkrb5.3.3 instead of
> libkrb5.24.0.0.
>   
Can I please confirm what version of Heimdal you are using? The initial
bug report seemed to quote the old version in testing, but here you seem
to indicate the latest version in unstable. I just want to make sure.

As far as I can tell, all exported symbols from libkrb5.24.0.0 use
HEIMDAL_KRB5_1.0 for the versioned symbol name.

objdump -T libkrb5.so.24.0.0

...

0001d180 g    DF .text  0000003e  HEIMDAL_KRB5_1.0 krb5_config_vget_string_default

00047140 g    DF .text  00000034  HEIMDAL_KRB5_1.0 krb5_rd_req_out_get_ticket

00028130 g    DF .text  00000074  HEIMDAL_KRB5_1.0 krb5_digest_free

0004cc30 g    DF .text  000000c6  HEIMDAL_KRB5_1.0 krb5_storage_emem

0004b100 g    DF .text  00000037  HEIMDAL_KRB5_1.0 _krb5_get_int

0002c5b0 g    DF .text  0000022e  HEIMDAL_KRB5_1.0 krb5_get_credentials_with_flags

0001ca10 g    DF .text  00000038  HEIMDAL_KRB5_1.0 krb5_encode_EncTGSRepPart

0001eba0 g    DF .text  0000007e  HEIMDAL_KRB5_1.0 krb5_prepend_config_files_default

0001a530 g    DF .text  000000f5  HEIMDAL_KRB5_1.0 krb5_cc_retrieve_cred

0001cfe0 g    DF .text  00000034  HEIMDAL_KRB5_1.0 krb5_config_get_time

0002dfa0 g    DF .text  00000208  HEIMDAL_KRB5_1.0 _krb5_get_host_realm_int

0004b9c0 g    DF .text  0000009f  HEIMDAL_KRB5_1.0 krb5_ret_times

000165c0 g    DF .text  00000033  HEIMDAL_KRB5_1.0 krb5_sockaddr_uninteresting

0002fd00 g    DF .text  00000080  HEIMDAL_KRB5_1.0 krb5_get_in_tkt_with_keytab

00017d30 g    DF .text  00000039  HEIMDAL_KRB5_1.0 krb5_address_compare

0003d950 g    DF .text  00000038  HEIMDAL_KRB5_1.0 krb5_c_enctype_compare

0001e7d0 g    DF .text  00000139  HEIMDAL_KRB5_1.0 krb5_get_default_in_tkt_etypes

000450d0 g    DF .text  00000021  HEIMDAL_KRB5_1.0 krb5_unparse_name_fixed_short


If OpenSSH is linked against MIT Kerberos, like you say, then simply
proving that the segfault occurs inside MIT Kerberos is insufficient,
unfortunately, because we have to expect OpenSSH may call MIT Kerberos
functions at some point.
> This is a bug in the Debian Heimdal packages, I believe.  They used to use
> symbol versioning precisely because of this problem; see Bug#205592 which
> was closed in 0.6-4.  It looks like that was lost or dropped somewhere
> along the way.
>   
The symbol versioning was moved to the upstream code; I don't guarantee
that they got it right, but I want some evidence before I forward this
upstream.

It occurred to me that the stack trace is probably in the Debian bug
report, I will check that now.

Brian May




Information forwarded to debian-bugs-dist@lists.debian.org, Brian May <bam@snoopy.debian.net>:
Bug#453241; Package heimdal. Full text and rfc822 format available.

Acknowledgement sent to Brian May <brian@microcomaustralia.com.au>:
Extra info received and forwarded to list. Copy sent to Brian May <bam@snoopy.debian.net>. Full text and rfc822 format available.

Message #73 received at 453241@bugs.debian.org (full text, mbox):

From: Brian May <brian@microcomaustralia.com.au>
To: Russ Allbery <rra@debian.org>
Cc: Richard A Nelson <cowboy@cavein.org>, Matthijs Mohlmann <matthijs@cacholong.nl>, 453241@bugs.debian.org, debian-ssh@lists.debian.org
Subject: Re: Bug#453241: still broken (and partly openssh's fault)
Date: Tue, 29 Apr 2008 09:32:21 +1000
Brian May wrote:
> It occurred to me that the stack trace is probably in the Debian bug
> report, I will check that now.
>   
I can't seem to find the stack trace with debugging information, if you
still have a copy can you please send it to the BTS?

Thanks.




Information forwarded to debian-bugs-dist@lists.debian.org, Brian May <bam@snoopy.debian.net>:
Bug#453241; Package heimdal. Full text and rfc822 format available.

Acknowledgement sent to Russ Allbery <rra@debian.org>:
Extra info received and forwarded to list. Copy sent to Brian May <bam@snoopy.debian.net>. Full text and rfc822 format available.

Message #78 received at 453241@bugs.debian.org (full text, mbox):

From: Russ Allbery <rra@debian.org>
To: Brian May <bam@snoopy.debian.net>
Cc: Richard A Nelson <cowboy@cavein.org>, Matthijs Mohlmann <matthijs@cacholong.nl>, 453241@bugs.debian.org, debian-ssh@lists.debian.org
Subject: Re: Bug#453241: still broken (and partly openssh's fault)
Date: Mon, 28 Apr 2008 16:42:01 -0700
Brian May <bam@snoopy.debian.net> writes:

> Can I please confirm what version of Heimdal you are using? The initial
> bug report seemed to quote the old version in testing, but here you seem
> to indicate the latest version in unstable. I just want to make sure.
>
> As far as I can tell, all exported symbols from libkrb5.24.0.0 use
> HEIMDAL_KRB5_1.0 for the versioned symbol name.

I'll check again tonight on amd64.  The problem is specifically on amd64;
if you're checking on i386, you may not see it.  I wasn't seeing any
symbol versioning in readelf.

> If OpenSSH is linked against MIT Kerberos, like you say, then simply
> proving that the segfault occurs inside MIT Kerberos is insufficient,
> unfortunately, because we have to expect OpenSSH may call MIT Kerberos
> functions at some point.

According to valgrind, the backtrace showed the segfaults definitely in
functions called by libpam-heimdal, not by openssh itself.  I'll include
the backtrace when I get home and can reproduce it.

gdb doesn't produce a usable backtrace (probably because of the library
confusion).  Only valgrind would work for me, and only with a rebuilt
libpam-heimdal with debugging information.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>




Information forwarded to debian-bugs-dist@lists.debian.org, Brian May <bam@snoopy.debian.net>:
Bug#453241; Package heimdal. Full text and rfc822 format available.

Acknowledgement sent to Richard A Nelson <cowboy@cavein.org>:
Extra info received and forwarded to list. Copy sent to Brian May <bam@snoopy.debian.net>. Full text and rfc822 format available.

Message #83 received at 453241@bugs.debian.org (full text, mbox):

From: Richard A Nelson <cowboy@cavein.org>
To: Russ Allbery <rra@debian.org>
Cc: Brian May <bam@snoopy.debian.net>, Matthijs Mohlmann <matthijs@cacholong.nl>, 453241@bugs.debian.org, debian-ssh@lists.debian.org
Subject: Re: Bug#453241: still broken (and partly openssh's fault)
Date: Mon, 28 Apr 2008 17:02:50 -0700 (PDT)
On Mon, 28 Apr 2008, Russ Allbery wrote:

> Brian May <bam@snoopy.debian.net> writes:
>
>> Can I please confirm what version of Heimdal you are using? The initial
>> bug report seemed to quote the old version in testing, but here you seem
>> to indicate the latest version in unstable. I just want to make sure.
>>
>> As far as I can tell, all exported symbols from libkrb5.24.0.0 use
>> HEIMDAL_KRB5_1.0 for the versioned symbol name.

ii  heimdal-client 1.1-2

> I'll check again tonight on amd64.  The problem is specifically on amd64;
> if you're checking on i386, you may not see it.  I wasn't seeing any
> symbol versioning in readelf.

Indeed, I have no issues on i368, only amd64... though even on i386,
I see a few @HEIMDAL_X509_1.0,

$readelf -s /usr/lib/libkrb5.so.24  | grep HEIMDAL_
$readelf -s /usr/lib/libheimntlm.so.0 | grep HEIMDAL_
$readelf -s /usr/lib/libhx509.so.3 | grepp HEIMDAL_

Whereas on i386, I see HEIMDAL_KRB5_1.0, and HEIMDAL_X509_1.0

>> If OpenSSH is linked against MIT Kerberos, like you say, then simply
>> proving that the segfault occurs inside MIT Kerberos is insufficient,
>> unfortunately, because we have to expect OpenSSH may call MIT Kerberos
>> functions at some point.

In which case, the issue should show up on i386 as well, no?

> According to valgrind, the backtrace showed the segfaults definitely in
> functions called by libpam-heimdal, not by openssh itself.  I'll include
> the backtrace when I get home and can reproduce it.
>
> gdb doesn't produce a usable backtrace (probably because of the library
> confusion).  Only valgrind would work for me, and only with a rebuilt
> libpam-heimdal with debugging information.

yes, I recompiled libpam-heimdal and ssh with debugging - gdb gave no
helpful information at all, and I never thought to try valgrind

-- 
Rick Nelson
Life'll kill ya                         -- Warren Zevon
Then you'll be dead                     -- Life'll kill ya




Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#453241; Package heimdal. Full text and rfc822 format available.

Acknowledgement sent to Brian May <bam@snoopy.debian.net>:
Extra info received and forwarded to list. Full text and rfc822 format available.

Message #88 received at 453241@bugs.debian.org (full text, mbox):

From: Brian May <bam@snoopy.debian.net>
To: Richard A Nelson <cowboy@cavein.org>, 453241@bugs.debian.org
Cc: Russ Allbery <rra@debian.org>, Matthijs Mohlmann <matthijs@cacholong.nl>, debian-ssh@lists.debian.org
Subject: Re: Bug#453241: still broken (and partly openssh's fault)
Date: Tue, 29 Apr 2008 11:51:47 +1000
Richard A Nelson wrote:
> Indeed, I have no issues on i368, only amd64... though even on i386,
> I see a few @HEIMDAL_X509_1.0,
>
> $readelf -s /usr/lib/libkrb5.so.24  | grep HEIMDAL_
> $readelf -s /usr/lib/libheimntlm.so.0 | grep HEIMDAL_
> $readelf -s /usr/lib/libhx509.so.3 | grepp HEIMDAL_
This was on amd64, right?

In which case maybe the build system in Heimdal is broken somehow on
AMD64 and not including the versioned symbols correctly.

Brian May




Information forwarded to debian-bugs-dist@lists.debian.org, Brian May <bam@snoopy.debian.net>:
Bug#453241; Package heimdal. Full text and rfc822 format available.

Acknowledgement sent to Russ Allbery <rra@debian.org>:
Extra info received and forwarded to list. Copy sent to Brian May <bam@snoopy.debian.net>. Full text and rfc822 format available.

Message #93 received at 453241@bugs.debian.org (full text, mbox):

From: Russ Allbery <rra@debian.org>
To: Brian May <bam@snoopy.debian.net>
Cc: Richard A Nelson <cowboy@cavein.org>, Matthijs Mohlmann <matthijs@cacholong.nl>, 453241@bugs.debian.org, debian-ssh@lists.debian.org
Subject: Re: Bug#453241: still broken (and partly openssh's fault)
Date: Mon, 28 Apr 2008 20:47:22 -0700
[Message part 1 (text/plain, inline)]
Russ Allbery <rra@debian.org> writes:
> Brian May <bam@snoopy.debian.net> writes:

>> Can I please confirm what version of Heimdal you are using? The initial
>> bug report seemed to quote the old version in testing, but here you
>> seem to indicate the latest version in unstable. I just want to make
>> sure.
>>
>> As far as I can tell, all exported symbols from libkrb5.24.0.0 use
>> HEIMDAL_KRB5_1.0 for the versioned symbol name.

> I'll check again tonight on amd64.  The problem is specifically on
> amd64; if you're checking on i386, you may not see it.  I wasn't seeing
> any symbol versioning in readelf.

Now I can't get valgrind to give me a backtrace.  :/  It looks like it's
losing its file descriptor just before it would, and the report is
truncated.  I'm not sure what would have changed to cause that; I remember
having to fiddle with it to get it to work the first time, but now I can't
reproduce the environment.

I can confirm that there's no symbol versioning, though; objdump -T shows
no versions on any of the symbols.  And I know that causes problems, so
I'm pretty sure that's the issue still.

Checking the amd64 build logs, I see:

    checking for ld --version-script... no

which is doubtless the problem.  Here's a patch that looks like it should
work.  After building Heimdal with this patch, I get symbol versions on
amd64.

[005_symbol-versioning (text/plain, attachment)]
[Message part 3 (text/plain, inline)]
-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply sent to Brian May <bam@snoopy.debian.net>:
You have marked Bug as forwarded. Full text and rfc822 format available.

Message #96 received at 453241-forwarded@bugs.debian.org (full text, mbox):

From: Brian May <bam@snoopy.debian.net>
To: heimdal-bugs@h5l.se
Cc: Russ Allbery <rra@debian.org>, 453241-forwarded@bugs.debian.org, Richard A Nelson <cowboy@cavein.org>, Matthijs Mohlmann <matthijs@cacholong.nl>
Subject: Re: Bug#453241: still broken (and partly openssh's fault)
Date: Tue, 29 Apr 2008 14:17:00 +1000
Hello,

Apparently versioned symbols are broken in amd64.

There is a patch in the bug report, see <http://bugs.debian.org/453241>

Brian May

Russ Allbery wrote:
> I can confirm that there's no symbol versioning, though; objdump -T shows
> no versions on any of the symbols.  And I know that causes problems, so
> I'm pretty sure that's the issue still.
>
> Checking the amd64 build logs, I see:
>
>     checking for ld --version-script... no
>
> which is doubtless the problem.  Here's a patch that looks like it should
> work.  After building Heimdal with this patch, I get symbol versions on
> amd64





Message #97 received at 453241-forwarded@bugs.debian.org (full text, mbox):

From: Russ Allbery <rra@debian.org>
To: Brian May <bam@snoopy.debian.net>
Cc: heimdal-bugs@h5l.se, 453241-forwarded@bugs.debian.org, Richard A Nelson <cowboy@cavein.org>, Matthijs Mohlmann <matthijs@cacholong.nl>
Subject: Re: Bug#453241: still broken (and partly openssh's fault)
Date: Mon, 28 Apr 2008 21:29:31 -0700
Brian May <bam@snoopy.debian.net> writes:

> Apparently versioned symbols are broken in amd64.
>
> There is a patch in the bug report, see <http://bugs.debian.org/453241>

To provide a bit of additional information (I should have pasted in the
config.log output as well), the existing check fails on x86_64 because it
uses -shared to link the test object but doesn't use -fPIC.  This works on
x86, but other platforms, such as x86_64, require all objects that go into
a shared object be built PIC and the link dies with relocation errors.

There's probably something better to do here than just blindly add -fPIC,
based on what the correct PIC flag is for the compiler used, but I wasn't
sure how to get at that.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>




Information forwarded to debian-bugs-dist@lists.debian.org, Brian May <bam@snoopy.debian.net>:
Bug#453241; Package heimdal. Full text and rfc822 format available.

Acknowledgement sent to Love Hörnquist Åstrand <lha@it.su.se>:
Extra info received and forwarded to list. Copy sent to Brian May <bam@snoopy.debian.net>. Full text and rfc822 format available.

Message #102 received at 453241@bugs.debian.org (full text, mbox):

From: Love Hörnquist Åstrand <lha@it.su.se>
To: rra@debian.org, 453241@bugs.debian.org
Cc: heimdal-bugs@h5l.org
Subject: Re: [JIRA] Created: (HEIMDAL-117) Re: [Heimdal-bugs] Bug#453241: still broken (and partly openssh's fault)
Date: Tue, 29 Apr 2008 07:49:25 +0200
[Message part 1 (text/plain, inline)]
>
> To provide a bit of additional information (I should have pasted in  
> the
> config.log output as well), the existing check fails on x86_64  
> because it
> uses -shared to link the test object but doesn't use -fPIC.  This  
> works on
> x86, but other platforms, such as x86_64, require all objects that  
> go into
> a shared object be built PIC and the link dies with relocation errors.
>
> There's probably something better to do here than just blindly add - 
> fPIC,
> based on what the correct PIC flag is for the compiler used, but I  
> wasn't
> sure how to get at that.

How about using libtool ? Can you test this patch ?

http://www.h5l.org/fisheye/changelog/heimdal/?cs=23146

Love


[Message part 2 (text/html, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Brian May <bam@snoopy.debian.net>:
Bug#453241; Package heimdal. Full text and rfc822 format available.

Acknowledgement sent to Russ Allbery <rra@debian.org>:
Extra info received and forwarded to list. Copy sent to Brian May <bam@snoopy.debian.net>. Full text and rfc822 format available.

Message #107 received at 453241@bugs.debian.org (full text, mbox):

From: Russ Allbery <rra@debian.org>
To: Love Hörnquist Åstrand <lha@it.su.se>
Cc: 453241@bugs.debian.org, heimdal-bugs@h5l.org
Subject: Re: [JIRA] Created: (HEIMDAL-117) Re: [Heimdal-bugs] Bug#453241: still broken (and partly openssh's fault)
Date: Mon, 28 Apr 2008 23:07:00 -0700
Love Hörnquist Åstrand <lha@it.su.se> writes:

> How about using libtool ? Can you test this patch ?
>
> http://www.h5l.org/fisheye/changelog/heimdal/?cs=23146

Oh, yeah, that's a good idea.  I'll be able to test this tomorrow evening.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>




Information forwarded to debian-bugs-dist@lists.debian.org, Brian May <bam@snoopy.debian.net>:
Bug#453241; Package heimdal. Full text and rfc822 format available.

Acknowledgement sent to Russ Allbery <rra@stanford.edu>:
Extra info received and forwarded to list. Copy sent to Brian May <bam@snoopy.debian.net>. Full text and rfc822 format available.

Message #112 received at 453241@bugs.debian.org (full text, mbox):

From: Russ Allbery <rra@stanford.edu>
To: Love Hörnquist Åstrand <lha@it.su.se>
Cc: 453241@bugs.debian.org, heimdal-bugs@h5l.org
Subject: Re: [JIRA] Created: (HEIMDAL-117) Re: [Heimdal-bugs] Bug#453241: still broken (and partly openssh's fault)
Date: Wed, 30 Apr 2008 14:39:48 -0700
Love Hörnquist Åstrand <lha@it.su.se> writes:

> How about using libtool ? Can you test this patch ?
>
> http://www.h5l.org/fisheye/changelog/heimdal/?cs=23146

Yup, this works, although it produces a bunch of spurious output in the
middle of the configure run (I think because libtool is trying to be a bit
too smart and report what it's doing).

Thanks!

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>




Information forwarded to debian-bugs-dist@lists.debian.org, Brian May <bam@snoopy.debian.net>:
Bug#453241; Package heimdal. Full text and rfc822 format available.

Acknowledgement sent to Love Hörnquist Åstrand <lha@kth.se>:
Extra info received and forwarded to list. Copy sent to Brian May <bam@snoopy.debian.net>. Full text and rfc822 format available.

Message #117 received at 453241@bugs.debian.org (full text, mbox):

From: Love Hörnquist Åstrand <lha@kth.se>
To: Russ Allbery <rra@stanford.edu>
Cc: 453241@bugs.debian.org, heimdal-bugs@h5l.org
Subject: Re: [JIRA] Created: (HEIMDAL-117) Re: [Heimdal-bugs] Bug#453241: still broken (and partly openssh's fault)
Date: Fri, 2 May 2008 10:23:16 +0200
30 apr 2008 kl. 23.39 skrev Russ Allbery:

> Love Hörnquist Åstrand <lha@it.su.se> writes:
>
>> How about using libtool ? Can you test this patch ?
>>
>> http://www.h5l.org/fisheye/changelog/heimdal/?cs=23146
>
> Yup, this works, although it produces a bunch of spurious output in  
> the
> middle of the configure run (I think because libtool is trying to be  
> a bit
> too smart and report what it's doing).

Great, thanks for the confirmation.

Love





Message #118 received at 453241-forwarded@bugs.debian.org (full text, mbox):

From: Richard A Nelson <cowboy@cavein.org>
To: Brian May <bam@snoopy.debian.net>
Cc: heimdal-bugs@h5l.se, Russ Allbery <rra@debian.org>, 453241-forwarded@bugs.debian.org, Matthijs Mohlmann <matthijs@cacholong.nl>
Subject: Re: Bug#453241: still broken (and partly openssh's fault)
Date: Sun, 11 May 2008 21:31:16 -0700 (PDT)
On Tue, 29 Apr 2008, Brian May wrote:

> Apparently versioned symbols are broken in amd64.
>
> There is a patch in the bug report, see <http://bugs.debian.org/453241>

Is anything happening on this front?  As my main servers are being
migrated to the amd64 platform, this is becomming more and more of
an issue (mostly wrt ssh, but this failure could be affecting more
that I've not yet isolated - like apache, etc)

I'm really hoping this can be fixed, and the relevant packages
rebuilt in time for Debian's next release...  Not to mention
that it is giving me serious grief now - I'd rather not patch
and build locally, but will have to if there isn't an update
soon

-- 
Rick Nelson
Life'll kill ya                         -- Warren Zevon
Then you'll be dead                     -- Life'll kill ya




Message #119 received at 453241-forwarded@bugs.debian.org (full text, mbox):

From: Russ Allbery <rra@debian.org>
To: Richard A Nelson <cowboy@cavein.org>
Cc: Brian May <bam@snoopy.debian.net>, heimdal-bugs@h5l.se, 453241-forwarded@bugs.debian.org, Matthijs Mohlmann <matthijs@cacholong.nl>
Subject: Re: Bug#453241: still broken (and partly openssh's fault)
Date: Sun, 11 May 2008 21:34:22 -0700
Richard A Nelson <cowboy@cavein.org> writes:
> On Tue, 29 Apr 2008, Brian May wrote:

>> Apparently versioned symbols are broken in amd64.

>> There is a patch in the bug report, see <http://bugs.debian.org/453241>

> Is anything happening on this front?  As my main servers are being
> migrated to the amd64 platform, this is becomming more and more of an
> issue (mostly wrt ssh, but this failure could be affecting more that
> I've not yet isolated - like apache, etc)

> I'm really hoping this can be fixed, and the relevant packages rebuilt
> in time for Debian's next release...  Not to mention that it is giving
> me serious grief now - I'd rather not patch and build locally, but will
> have to if there isn't an update soon

Love committed an improved version of my patch to the Heimdal repository,
so I assume that it will be in the next upstream release.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>




Message #120 received at 453241-forwarded@bugs.debian.org (full text, mbox):

From: Brian May <bam@snoopy.debian.net>
To: Richard A Nelson <cowboy@cavein.org>
Cc: Russ Allbery <rra@debian.org>, 453241-forwarded@bugs.debian.org
Subject: Re: Bug#453241: still broken (and partly openssh's fault)
Date: Mon, 12 May 2008 14:36:55 +1000
Richard A Nelson wrote:
> Is anything happening on this front?  As my main servers are being
> migrated to the amd64 platform, this is becomming more and more of
> an issue (mostly wrt ssh, but this failure could be affecting more
> that I've not yet isolated - like apache, etc)
> 
> I'm really hoping this can be fixed, and the relevant packages
> rebuilt in time for Debian's next release...  Not to mention
> that it is giving me serious grief now - I'd rather not patch
> and build locally, but will have to if there isn't an update
> soon
> 

I can't test this problem myself (I only have i386 and powerpc), but I 
just uploaded 1.1-3 to unstable with the patch that hopefully fixes it.

Brian May




Reply sent to Brian May <bam@snoopy.debian.net>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Richard A Nelson <cowboy@debian.org>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #125 received at 453241-close@bugs.debian.org (full text, mbox):

From: Brian May <bam@snoopy.debian.net>
To: 453241-close@bugs.debian.org
Subject: Bug#453241: fixed in heimdal 1.1-3
Date: Mon, 12 May 2008 04:47:04 +0000
Source: heimdal
Source-Version: 1.1-3

We believe that the bug you reported is fixed in the latest version of
heimdal, which is due to be installed in the Debian FTP archive:

heimdal-clients-x_1.1-3_i386.deb
  to pool/main/h/heimdal/heimdal-clients-x_1.1-3_i386.deb
heimdal-clients_1.1-3_i386.deb
  to pool/main/h/heimdal/heimdal-clients_1.1-3_i386.deb
heimdal-dev_1.1-3_i386.deb
  to pool/main/h/heimdal/heimdal-dev_1.1-3_i386.deb
heimdal-docs_1.1-3_all.deb
  to pool/main/h/heimdal/heimdal-docs_1.1-3_all.deb
heimdal-kcm_1.1-3_i386.deb
  to pool/main/h/heimdal/heimdal-kcm_1.1-3_i386.deb
heimdal-kdc_1.1-3_i386.deb
  to pool/main/h/heimdal/heimdal-kdc_1.1-3_i386.deb
heimdal-servers-x_1.1-3_i386.deb
  to pool/main/h/heimdal/heimdal-servers-x_1.1-3_i386.deb
heimdal-servers_1.1-3_i386.deb
  to pool/main/h/heimdal/heimdal-servers_1.1-3_i386.deb
heimdal_1.1-3.diff.gz
  to pool/main/h/heimdal/heimdal_1.1-3.diff.gz
heimdal_1.1-3.dsc
  to pool/main/h/heimdal/heimdal_1.1-3.dsc
libasn1-8-heimdal_1.1-3_i386.deb
  to pool/main/h/heimdal/libasn1-8-heimdal_1.1-3_i386.deb
libgssapi2-heimdal_1.1-3_i386.deb
  to pool/main/h/heimdal/libgssapi2-heimdal_1.1-3_i386.deb
libhdb9-heimdal_1.1-3_i386.deb
  to pool/main/h/heimdal/libhdb9-heimdal_1.1-3_i386.deb
libheimntlm0-heimdal_1.1-3_i386.deb
  to pool/main/h/heimdal/libheimntlm0-heimdal_1.1-3_i386.deb
libhx509-3-heimdal_1.1-3_i386.deb
  to pool/main/h/heimdal/libhx509-3-heimdal_1.1-3_i386.deb
libkadm5clnt7-heimdal_1.1-3_i386.deb
  to pool/main/h/heimdal/libkadm5clnt7-heimdal_1.1-3_i386.deb
libkadm5srv8-heimdal_1.1-3_i386.deb
  to pool/main/h/heimdal/libkadm5srv8-heimdal_1.1-3_i386.deb
libkafs0-heimdal_1.1-3_i386.deb
  to pool/main/h/heimdal/libkafs0-heimdal_1.1-3_i386.deb
libkdc2-heimdal_1.1-3_i386.deb
  to pool/main/h/heimdal/libkdc2-heimdal_1.1-3_i386.deb
libkrb5-24-heimdal_1.1-3_i386.deb
  to pool/main/h/heimdal/libkrb5-24-heimdal_1.1-3_i386.deb
libotp0-heimdal_1.1-3_i386.deb
  to pool/main/h/heimdal/libotp0-heimdal_1.1-3_i386.deb
libroken18-heimdal_1.1-3_i386.deb
  to pool/main/h/heimdal/libroken18-heimdal_1.1-3_i386.deb
libsl0-heimdal_1.1-3_i386.deb
  to pool/main/h/heimdal/libsl0-heimdal_1.1-3_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 453241@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Brian May <bam@snoopy.debian.net> (supplier of updated heimdal package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 12 May 2008 12:47:15 +1000
Source: heimdal
Binary: heimdal-docs heimdal-kdc heimdal-dev heimdal-clients-x heimdal-clients heimdal-kcm heimdal-servers-x heimdal-servers libasn1-8-heimdal libkrb5-24-heimdal libhdb9-heimdal libkadm5srv8-heimdal libkadm5clnt7-heimdal libgssapi2-heimdal libkafs0-heimdal libroken18-heimdal libotp0-heimdal libsl0-heimdal libkdc2-heimdal libhx509-3-heimdal libheimntlm0-heimdal
Architecture: source all i386
Version: 1.1-3
Distribution: unstable
Urgency: low
Maintainer: Brian May <bam@snoopy.debian.net>
Changed-By: Brian May <bam@snoopy.debian.net>
Description: 
 heimdal-clients - Heimdal Kerberos - clients
 heimdal-clients-x - Heimdal Kerberos - X11 client programs
 heimdal-dev - Heimdal Kerberos - development files
 heimdal-docs - Heimdal Kerberos - documentation
 heimdal-kcm - Heimdal Kerberos - KCM daemon
 heimdal-kdc - Heimdal Kerberos - key distribution center (KDC)
 heimdal-servers - Heimdal Kerberos - server programs
 heimdal-servers-x - Heimdal Kerberos - X11 server programs
 libasn1-8-heimdal - Heimdal Kerberos - ASN.1 library
 libgssapi2-heimdal - Heimdal Kerberos - GSSAPI support library
 libhdb9-heimdal - Heimdal Kerberos - kadmin server library
 libheimntlm0-heimdal - Heimdal Kerberos - NTLM support library
 libhx509-3-heimdal - Heimdal Kerberos - X509 support library
 libkadm5clnt7-heimdal - Heimdal Kerberos - kadmin client library
 libkadm5srv8-heimdal - Libraries for Heimdal Kerberos
 libkafs0-heimdal - Heimdal Kerberos - KAFS support library
 libkdc2-heimdal - Heimdal Kerberos - KDC support library
 libkrb5-24-heimdal - Heimdal Kerberos - libraries
 libotp0-heimdal - Heimdal Kerberos - OTP support library
 libroken18-heimdal - Heimdal Kerberos - roken support library
 libsl0-heimdal - Heimdal Kerberos - SL support library
Closes: 453241
Changes: 
 heimdal (1.1-3) unstable; urgency=low
 .
   * Fix versioned symbols on x86_64. Closes: #453241.
Checksums-Sha1: 
 d79d308c9d20d5d713f0173f4214c9c778d9407c 1532 heimdal_1.1-3.dsc
 d6cce0321dfe5d5ecaff587aa4a4a2c85b559ce5 143345 heimdal_1.1-3.diff.gz
 e3e9c2223f5b59b35b1207022f055c26978fb563 91286 heimdal-docs_1.1-3_all.deb
 c8b90fdb470f28f433a91e36e5d53b2677545c7b 109264 heimdal-kdc_1.1-3_i386.deb
 0c137d27287ad1a58ad7cbafaf0a2caf135d3412 1079946 heimdal-dev_1.1-3_i386.deb
 096cfe949c10570af06edf731f2907ba4801396a 61426 heimdal-clients-x_1.1-3_i386.deb
 333a4def0eaa9e11238a68ed12880c149980a62f 271018 heimdal-clients_1.1-3_i386.deb
 8fadb6461bdccaaff505d9d37b84dcd842f95617 51488 heimdal-kcm_1.1-3_i386.deb
 c4fc14b67160eac236b6277bd781862a54e205a7 42888 heimdal-servers-x_1.1-3_i386.deb
 1299606e16ab4b24cfa7ea23bae7cd693524d453 157186 heimdal-servers_1.1-3_i386.deb
 844cbff3fb0a9f0c8e40c0fb74ebacb13e3dbe08 200460 libasn1-8-heimdal_1.1-3_i386.deb
 e2d02af3565d53b9de67132a9fa3deb576118b3a 195692 libkrb5-24-heimdal_1.1-3_i386.deb
 d626cd9b4f4ebff431967ccde847b7dcb047de24 74000 libhdb9-heimdal_1.1-3_i386.deb
 8a9a2d69d9ee0a446200a20e80845ba9dc12765a 51532 libkadm5srv8-heimdal_1.1-3_i386.deb
 56411e5ece9250138545370b8cb0a329bece46de 42210 libkadm5clnt7-heimdal_1.1-3_i386.deb
 5d3cc6f05782dabb5f078aada36191d7b9f27b48 101862 libgssapi2-heimdal_1.1-3_i386.deb
 bd82331bf41c924f3eceaa1205ef65996b9056a5 40558 libkafs0-heimdal_1.1-3_i386.deb
 626369d8e83203c03442f8953bd8ef15117593b0 63510 libroken18-heimdal_1.1-3_i386.deb
 21f0120ce0cdd6c1e4ecda6210552a72e9998c29 64148 libotp0-heimdal_1.1-3_i386.deb
 fad0b951acf59d08b64846210867ea9848d2c132 36320 libsl0-heimdal_1.1-3_i386.deb
 5348b5d3f62e5cbea6b5bc9373c59b6f613a6656 87244 libkdc2-heimdal_1.1-3_i386.deb
 33a138557468d69f60ba2e98840ab8c4f35aa722 123742 libhx509-3-heimdal_1.1-3_i386.deb
 477bfd2de84bc85b22800fd5b526f5a585e2ab2a 36374 libheimntlm0-heimdal_1.1-3_i386.deb
Checksums-Sha256: 
 65b22311dc1c513cb8d17cc032d868e72b70df8ac91eca9d20a9caefb1acbfbc 1532 heimdal_1.1-3.dsc
 ba4b390f3a4b82714b468792587d520e7a3996ddace27d13afee2275eb00b5c2 143345 heimdal_1.1-3.diff.gz
 703e7310de7e228f261bbab5cb320edbf3a4c0c3c687504c98e3a5e822681ed4 91286 heimdal-docs_1.1-3_all.deb
 98b8d4cd3c1d77cde07d20f5e6b996d2864984ccd0d1859ff00dc9782223435a 109264 heimdal-kdc_1.1-3_i386.deb
 265811c8cc23623dbc9baa9a9ef534f51fc5563a88f139bc6b86cb0abe1c80ff 1079946 heimdal-dev_1.1-3_i386.deb
 9990a79d52653b30e27cc3af9482613d8e7bccbfd902a5b0c24bb13956fff30a 61426 heimdal-clients-x_1.1-3_i386.deb
 0877b3d354eaa01b88bd1972fd0bf7ef0bb6d4f3d4563ead2a316a28f9b41b4f 271018 heimdal-clients_1.1-3_i386.deb
 5b6dbcf592fa0f6a2351ef0caafb8606b4b0367a58af3e86743a6dff72cb7b87 51488 heimdal-kcm_1.1-3_i386.deb
 78b6ea3a3da012c5b622178dac13b41d3eaa185dd82e235ad33d8989cb090cd3 42888 heimdal-servers-x_1.1-3_i386.deb
 16f4edbc39e5a3a4eab2dea58d4c2a9e8853b501cdcadfb906380d2894059feb 157186 heimdal-servers_1.1-3_i386.deb
 172243dd5fc5debc01ba3c14a6ab9500d3fad7a5aeb9af3907e25d999438f365 200460 libasn1-8-heimdal_1.1-3_i386.deb
 70e49cd63ffb0ad899f89eb6c48a539f602b0f764b90eae31da12ba5b64fc367 195692 libkrb5-24-heimdal_1.1-3_i386.deb
 2890bfc9763fcdf0e912986c21c549cc3a65dc77df3e076ebedef9917b532d40 74000 libhdb9-heimdal_1.1-3_i386.deb
 071f259210c46a6b5ceb618d5e0a786b6be4ce032d286143dd8b1196c9beaf97 51532 libkadm5srv8-heimdal_1.1-3_i386.deb
 422701022035db023366d2eaf9250c16ce321dfa296e0d6f2c548f33db439909 42210 libkadm5clnt7-heimdal_1.1-3_i386.deb
 3c0c538ef1f6fb3399927c2a9d83917d8d5651447011d74cd0d5eeaf392d3658 101862 libgssapi2-heimdal_1.1-3_i386.deb
 df48f123cce6ab6111bbdefe9f29334b67ca40295d48af18a5ed8e1f72ab7555 40558 libkafs0-heimdal_1.1-3_i386.deb
 b5fd14e4e3d7daa33366fc507662a66075663d457c94aad769dfffe934e0fe02 63510 libroken18-heimdal_1.1-3_i386.deb
 abb0458e0880a6b9156abec12987515273dae736f2df8c1b5b5ec99dd37f43fe 64148 libotp0-heimdal_1.1-3_i386.deb
 4b1c9d0e2d25b8db3b6c10538cc5841debf796d05f35ec4b22b88b0a4ba5fea4 36320 libsl0-heimdal_1.1-3_i386.deb
 2010a73f8a3dcae4713f46beb48bd201bd424ca2468abf75c7c8e20f5bf01cd3 87244 libkdc2-heimdal_1.1-3_i386.deb
 1e82aad96c4b6379bd496f75659e7ef2e5bca05dd22b4093d2caac2ecdd56290 123742 libhx509-3-heimdal_1.1-3_i386.deb
 f5aad997274b5b52f0f2288f25aedb657c9b429bae958dcf3c9da767e555e580 36374 libheimntlm0-heimdal_1.1-3_i386.deb
Files: 
 d9678421adaaa2dbd7766f7cbb24442c 1532 net optional heimdal_1.1-3.dsc
 e0a00ba4abc6749638524e0058edbb5c 143345 net optional heimdal_1.1-3.diff.gz
 a0b8d0e2a7905d282ccf3708a37ed8bc 91286 doc extra heimdal-docs_1.1-3_all.deb
 43bd419586f73147a23a922ffb8f6f1a 109264 net extra heimdal-kdc_1.1-3_i386.deb
 3722634ccbd3fb0f9a3b39fc275916d0 1079946 devel extra heimdal-dev_1.1-3_i386.deb
 60b72f0c5c50522123cd1455a95817f6 61426 net extra heimdal-clients-x_1.1-3_i386.deb
 44c84515c61a9d6461db75076768cc91 271018 net extra heimdal-clients_1.1-3_i386.deb
 decec12318d9206ac15ea9df1e147b5d 51488 net extra heimdal-kcm_1.1-3_i386.deb
 9dbcd18d397d959525a94ad0601575f4 42888 net extra heimdal-servers-x_1.1-3_i386.deb
 a6ccdabeee41c66632f82709db410350 157186 net extra heimdal-servers_1.1-3_i386.deb
 3ff1f3a66c9ea73354605bbee16ed5e8 200460 libs optional libasn1-8-heimdal_1.1-3_i386.deb
 211d0d55a50b84c08e50a71a0b6a6455 195692 libs optional libkrb5-24-heimdal_1.1-3_i386.deb
 08f56f41187ec8f152f9c2c4b1df43bc 74000 libs optional libhdb9-heimdal_1.1-3_i386.deb
 67d745d111c83a1a60651b0c51942619 51532 libs optional libkadm5srv8-heimdal_1.1-3_i386.deb
 48d11a82c6b74e0a01af16f23e6e0b4f 42210 libs optional libkadm5clnt7-heimdal_1.1-3_i386.deb
 5ef10c4c7d7426bea40fe9d6e2b998fe 101862 libs optional libgssapi2-heimdal_1.1-3_i386.deb
 0f4e87bcf7a80222e3993675b678eb1a 40558 libs extra libkafs0-heimdal_1.1-3_i386.deb
 1db06ec3c0878161d5f45dec145a6f56 63510 libs extra libroken18-heimdal_1.1-3_i386.deb
 4ee06058c2e26c17b0c67f4d953d13da 64148 libs extra libotp0-heimdal_1.1-3_i386.deb
 295c95b8511fabba44b8fb0f40bef2a2 36320 libs extra libsl0-heimdal_1.1-3_i386.deb
 c2c4f5e614d6a5ba85fdb80693df069c 87244 libs extra libkdc2-heimdal_1.1-3_i386.deb
 fc913400177e75edefcfc38c0decc08c 123742 libs extra libhx509-3-heimdal_1.1-3_i386.deb
 0474d00b9d92569e5ffe8d0fb9f19521 36374 libs extra libheimntlm0-heimdal_1.1-3_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFIJ8fwuCinHABTDCQRApcRAJ9/tiCuVTo3qSeBvXMh+LbUkkEMkQCeOxA/
i7NXJbe1Ge2bBGEFPTpZ3oM=
=dH88
-----END PGP SIGNATURE-----





Message #126 received at 453241-forwarded@bugs.debian.org (full text, mbox):

From: Richard A Nelson <cowboy@cavein.org>
To: Brian May <bam@snoopy.debian.net>
Cc: Russ Allbery <rra@debian.org>, 453241-forwarded@bugs.debian.org
Subject: Re: Bug#453241: still broken (and partly openssh's fault)
Date: Sun, 11 May 2008 22:06:44 -0700 (PDT)
On Mon, 12 May 2008, Brian May wrote:

> Richard A Nelson wrote:
>> 
>> I'm really hoping this can be fixed, and the relevant packages
>> rebuilt in time for Debian's next release...  Not to mention
>> that it is giving me serious grief now - I'd rather not patch
>> and build locally, but will have to if there isn't an update
>> soon
>
> I can't test this problem myself (I only have i386 and powerpc), but I just 
> uploaded 1.1-3 to unstable with the patch that hopefully fixes it.

Cool, I'll see if I can dig out the NEW url, or pull after the next
pulse and let you y'all know

Thanks,
-- 
Rick Nelson
Life'll kill ya                         -- Warren Zevon
Then you'll be dead                     -- Life'll kill ya




Message #127 received at 453241-forwarded@bugs.debian.org (full text, mbox):

From: Richard A Nelson <cowboy@cavein.org>
To: Brian May <bam@snoopy.debian.net>
Cc: Russ Allbery <rra@debian.org>, 453241-forwarded@bugs.debian.org
Subject: Re: Bug#453241: still broken (and partly openssh's fault)
Date: Mon, 12 May 2008 07:47:27 -0700 (PDT)
On Mon, 12 May 2008, Brian May wrote:

> I can't test this problem myself (I only have i386 and powerpc), but I just 
> uploaded 1.1-3 to unstable with the patch that hopefully fixes it.

It was a round-about (I use ldap compiled with openssl), but used the
home machine to build the new Heimdal (twice - once with the right 
version - then I couldn't scp due to this issue...  but I got it
there finally...

It got further (into pam_session), and having learned from Russ, I
fired up valgrind and found it failing in another MIT routine, but
after rebuilding libpam_heimdal, it looks like things are once again
golden :)

Thanks... I'm back in operation, and don't have to move the
infrastructure back to 32bit machines !

It looks like Heimdal was already in the process of some kind of
transition - so I'm assuming I don't need to find & file bugs
on all the packages built against heimdal (only using pam and apache)

Thanks again, to both of you :)
-- 
Rick Nelson
Life'll kill ya                         -- Warren Zevon
Then you'll be dead                     -- Life'll kill ya




Information forwarded to debian-bugs-dist@lists.debian.org, Brian May <bam@snoopy.debian.net>:
Bug#453241; Package heimdal. Full text and rfc822 format available.

Acknowledgement sent to Russ Allbery <rra@debian.org>:
Extra info received and forwarded to list. Copy sent to Brian May <bam@snoopy.debian.net>. Full text and rfc822 format available.

Message #132 received at 453241@bugs.debian.org (full text, mbox):

From: Russ Allbery <rra@debian.org>
To: Richard A Nelson <cowboy@cavein.org>
Cc: Brian May <bam@snoopy.debian.net>, 453241@bugs.debian.org
Subject: Re: Bug#453241: still broken (and partly openssh's fault)
Date: Mon, 12 May 2008 10:20:16 -0700
Richard A Nelson <cowboy@cavein.org> writes:

> It got further (into pam_session), and having learned from Russ, I fired
> up valgrind and found it failing in another MIT routine, but after
> rebuilding libpam_heimdal, it looks like things are once again golden :)

Brian, you may want to request binNMUs from the release team for every
package that depends on Heimdal on all platforms other than i386 (I don't
think any of the other platforms in Debian allow shared objects with
non-PIC code, but I could be wrong).  Rebuilds are needed to pick up the
new library versioning.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>




Message #133 received at 453241-forwarded@bugs.debian.org (full text, mbox):

From: Love Hörnquist Åstrand <lha@kth.se>
To: "Love Hörnquist Åstrand (JIRA)" <heimdal-bugs@h5l.org>, Brian May <bam@snoopy.debian.net>
Cc: 453241-forwarded@bugs.debian.org
Subject: [HEIMDAL-172] Re: [Heimdal-bugs] Bug#492427: heimdal: Library symbol version information is missing again
Date: Tue, 29 Jul 2008 10:21:13 +0100
29 jul 2008 kl. 04.50 skrev Love Hörnquist Åstrand (JIRA):

> (.text+0x18): undefined reference to `main'

Please try trunk, just fixed that and tried it on a linux system.

Love






Merged 453241 492427. Request was from Brian May <bam@snoopy.debian.net> to control@bugs.debian.org. (Sat, 16 Aug 2008 06:45:02 GMT) Full text and rfc822 format available.

Message #136 received at 453241-forwarded@bugs.debian.org (full text, mbox):

From: Brian May <bam@snoopy.debian.net>
To: Love Hörnquist Åstrand <lha@kth.se>
Cc: "Love Hörnquist Åstrand (JIRA)" <heimdal-bugs@h5l.org>, 453241-forwarded@bugs.debian.org
Subject: Re: [HEIMDAL-172] Re: [Heimdal-bugs] Bug#492427: heimdal: Library symbol version information is missing again
Date: Sat, 16 Aug 2008 16:42:12 +1000
Love Hörnquist Åstrand wrote:
> Please try trunk, just fixed that and tried it on a linux system.
Now we seem to be back where we started from:

configure:12358: checking for ld --version-script
configure:12379: cc  -c -g -O2 -g -Wall -O2 conftest.c
configure:12382: $? = 0
configure:12385: cc  -shared -Wl,--version-script,conftest.map -g -O2 -g 
-Wall -O2 -Wl,-Bsymbolic-functions -o libconftestlib.so conftest.o
/usr/bin/ld: conftest.o: relocation R_X86_64_32 against `a local symbol' 
can not be used when making a shared object; recompile with -fPIC
conftest.o: could not read symbols: Bad value
collect2: ld returned 1 exit status

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453241>

To quote Russ Allbery again:

   To provide a bit of additional information (I should have pasted in the
   config.log output as well), the existing check fails on x86_64
   because it
   uses -shared to link the test object but doesn't use -fPIC. This
   works on
   x86, but other platforms, such as x86_64, require all objects that
   go into
   a shared object be built PIC and the link dies with relocation errors.

Brian May




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 13 Sep 2008 07:27:22 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 18:10:14 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.