95283 – libcom_err.so.2 from e2fsprogs 1.37 breaks mit-krb5-1.4

Bug 95283 - libcom_err.so.2 from e2fsprogs 1.37 breaks mit-krb5-1.4

Summary: libcom_err.so.2 from e2fsprogs 1.37 breaks mit-krb5-1.4

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Core system (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo's Team for Core System packages

URL:
Whiteboard:
Keywords:

Duplicates (1):	98303 (view as bug list)
Depends on:
Blocks:

Reported:	2005-06-06 17:35 UTC by Christophe Saout
Modified:	2005-07-19 04:34 UTC (History)
CC List:	4 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
ebuild patch, adds epatch command for the next patch (com_err-1.37.ebuild.patch,512 bytes, patch) 2005-06-06 17:36 UTC, Christophe Saout	Details \| Diff
goes into the ${FILESDIR} (com_err-1.37-et_c_awk.patch,1.26 KB, patch) 2005-06-06 17:37 UTC, Christophe Saout	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Christophe Saout 2005-06-06 17:35:48 UTC

mit-krb-1.4 is using the system libcom_err.so.2 (and the provided compile_et).

The compile_et has a broken awk script that makes applications fiddle directly
with _et_list so that calls to unregister their error table later makes the
program abort with an invalid free (glibc detected invalid pointer in free, blabla).

Since libcom_err is already providing a clean handler to add an error table, why
does its awk script for client code generation not use it?

The attached patches to the com_err ebuild and to /usr/share/et/et_c.awk fix the
problem.

The problem showed up, for example with
- app-crypt/mit_krb5-1.4
- app-crypt/pam_krb5-20030601-r1

with the following system-auth
#%PAM-1.0

auth       required     /lib64/security/pam_env.so
auth       sufficient   /lib64/security/pam_unix.so likeauth nullok broken_shadow
auth       sufficient   /lib64/security/pam_krb5.so use_first_pass
auth       required     /lib64/security/pam_deny.so

account    sufficient   /lib64/security/pam_krb5.so
account    required     /lib64/security/pam_unix.so broken_shadow
account    required     /lib64/security/pam_tally.so deny=5 reset

password   required     /lib64/security/pam_cracklib.so retry=3
password   sufficient   /lib64/security/pam_krb5.so use_authtok
password   sufficient   /lib64/security/pam_unix.so nullok md5 shadow use_authtok
password   required     /lib64/security/pam_deny.so

session    required     /lib64/security/pam_limits.so
session    optional     /lib64/security/pam_krb5.so
session    required     /lib64/security/pam_unix.so broken_shadow

--

After that "su" stops working with the metioned glibc failed assertion abort.


Reproducible: Always
Steps to Reproduce:

Comment 1 Christophe Saout 2005-06-06 17:36:33 UTC

Created attachment 60750 [details, diff]
ebuild patch, adds epatch command for the next patch

Comment 2 Christophe Saout 2005-06-06 17:37:03 UTC

Created attachment 60751 [details, diff]
goes into the ${FILESDIR}

Comment 3 Christophe Saout 2005-06-06 17:46:06 UTC

The filename for the second patch for /usr/portage/sys-libs/com_err/files/
should be: com_err-1.37-et_c_awk.patch

Comment 4 Christophe Saout 2005-06-10 06:08:43 UTC

Analogous bug report in e2fsprogs bug tracker:

http://sourceforge.net/tracker/index.php?func=detail&aid=1150146&group_id=2406&atid=102406

Comment 5 Seemant Kulleen (RETIRED) gentoo-dev

2005-06-24 06:47:07 UTC

Christophe, what's the latest on this then?

Comment 6 Christophe Saout 2005-06-24 11:29:57 UTC

Upstream has acknowledged the problem.
My fix is okay in theory, but practically it might introduce other problems
(they are worried about binary compatibility with other libcom_err
implementations that don't have the dynamic table allocation functions at all).
I don't know what's going on exactly at the moment, I'll ask again.

Comment 7 Martin Klaffenboeck 2005-07-03 10:01:40 UTC

why do we have a stable e2fsprogs port which doesn't compile (without our
patch).  Can you make a stable e2fsprogs ebuild for that?

Thanks,
Martin

PS.  I hope to see a stable one the next days...

Comment 8 Christophe Saout 2005-07-10 04:58:34 UTC

Upstream has resolved the problems in e2fsprogs-1.38.

A workaround for programs compiled with the old compile_et as well as an
improved compile_et.

Comment 9 SpanKY gentoo-dev

2005-07-10 08:52:07 UTC

great, thanks

i added 1.38 yesterday so ... :)

Comment 10 Seemant Kulleen (RETIRED) gentoo-dev

2005-07-18 07:53:43 UTC

*** Bug 98303 has been marked as a duplicate of this bug. ***

Comment 11 Wolf Giesen (RETIRED) gentoo-dev

2005-07-19 04:34:01 UTC

Any chance to change from "~alpha" to "alpha"?

I just built it and there are no obvious problems.