Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 244707 - Stabilize app-crypt/heimdal-1.2.1-r1
Summary: Stabilize app-crypt/heimdal-1.2.1-r1
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Kerberos Maintainers
URL:
Whiteboard:
Keywords: STABLEREQ
Depends on: 245067
Blocks: CVE-2007-5939 244511
  Show dependency tree
 
Reported: 2008-10-28 06:53 UTC by Michael Hammer (RETIRED)
Modified: 2009-03-15 13:56 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
app-crypt:heimdal-1.2.1-r1:20090110-100251.log (app-crypt:heimdal-1.2.1-r1:20090110-100251.log,1.71 MB, text/plain)
2009-01-10 10:22 UTC, Markus Meier
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Hammer (RETIRED) gentoo-dev 2008-10-28 06:53:37 UTC
Please stabalize heimdal-1.2.1-r1. Thx in advance
Comment 1 Jeroen Roovers (RETIRED) gentoo-dev 2008-10-28 07:10:35 UTC
This requires a currently ~arch version of sys-devel/autoconf to go stable.
Comment 2 Michael Hammer (RETIRED) gentoo-dev 2008-10-28 07:17:14 UTC
bug #217647 is closed and therefore autoconf-2.62 is going to be stable soon. It would be nice to stabalize heimdal with it because the actual stable is really old and there are a lot of issues with it.

thx, mueli
Comment 3 Torsten Veller (RETIRED) gentoo-dev 2008-10-29 10:53:40 UTC
So we have to change the dependency in the stable ebuild 0.7.2-r3 to:
|| ( ( >sys-libs/e2fsprogs-libs-1.40.11 ) ( sys-libs/com_err sys-libs/ss ) )
until we can stabilize -1.2.1-r1.
Comment 4 Michael Hammer (RETIRED) gentoo-dev 2008-10-29 11:34:03 UTC
I can change this - but I have to test first if heimdal-0.7.2 compiles with stable e2fsprogs-libs.

one moment ...
Comment 5 Björn 2008-10-30 01:11:04 UTC
heimdal 1.2 compiles fine with e2fsprogs-libs.

are you sure, that it is necessary to let 0.7 depend on e2fsprogs-libs? i assume that most people have already replaced their ss/com-err installation with e2fsprogs-libs without any problems. a stabilized heimdal 1.2 can introduce the dependency on e2fsprogs-libs.
Comment 6 Michael Hammer (RETIRED) gentoo-dev 2008-10-30 07:48:01 UTC
See bug #244511 and bug #234907 to get a feeling for all the noise produced atm because of stable packages depending on com_err and ss.
Comment 7 Jeremy Olexa (darkside) (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2008-10-31 14:16:08 UTC
(In reply to comment #6)
> See bug #244511 and bug #234907 to get a feeling for all the noise produced atm
> because of stable packages depending on com_err and ss.
> 

So, what is the status *currently* ? thx =)
Comment 8 Michael Hammer (RETIRED) gentoo-dev 2008-10-31 14:48:57 UTC
See dependency - I've now opened a STABLEREQ for autoconf-2.62 to continue this stabalization.

g, mueli
Comment 9 Jeremy Olexa (darkside) (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2008-12-08 00:04:56 UTC
Well, I guess there is nothing to do here until autoconf-2.62 is stabled. Removing arches for now, please add them back when ready. Thanks.
Comment 10 Michael Hammer (RETIRED) gentoo-dev 2009-01-09 07:39:25 UTC
Please stabalize

greets, mueli
Comment 11 Brent Baude (RETIRED) gentoo-dev 2009-01-09 14:42:37 UTC
I'm getting a test failure with this.  Anyone similar?

Load database for mit-pkinit-20070607
Doing database check
kdc replay
processing request from IPv4:141.211.133.26, 192 bytes
processing request from IPv4:141.211.133.26, 2100 bytes
2009-01-09T08:19:17 label: default
2009-01-09T08:19:17     dbname: ../../tests/can/current-db
2009-01-09T08:19:17     mkey_file: ../../tests/can/mkey.file
2009-01-09T08:19:17     acl_file: /var/heimdal/kadmind.acl
2009-01-09T08:19:17 AS-REQ aglo@HEIMDAL.CITI.UMICH.EDU from IPv4:141.211.133.26 
for krbtgt/HEIMDAL.CITI.UMICH.EDU@HEIMDAL.CITI.UMICH.EDU
2009-01-09T08:19:17 No preauth found, returning PREAUTH-REQUIRED -- aglo@HEIMDAL
.CITI.UMICH.EDU
2009-01-09T08:19:17 AS-REQ aglo@HEIMDAL.CITI.UMICH.EDU from IPv4:141.211.133.26 for krbtgt/HEIMDAL.CITI.UMICH.EDU@HEIMDAL.CITI.UMICH.EDU
2009-01-09T08:19:17 Client sent patypes: PK-INIT(win2k), 132
2009-01-09T08:19:17 Looking for ENC-TS pa-data -- aglo@HEIMDAL.CITI.UMICH.EDU
2009-01-09T08:19:17 No preauth found, returning PREAUTH-REQUIRED -- aglo@HEIMDAL.CITI.UMICH.EDU
2009-01-09T08:19:17 tag mismatch
FAIL: check-can
=====================================
1 of 1 test failed
Please report to heimdal-bugs@h5l.org
=====================================
Comment 12 Markus Meier gentoo-dev 2009-01-10 10:22:53 UTC
Created attachment 177949 [details]
app-crypt:heimdal-1.2.1-r1:20090110-100251.log

fails here on amd64/x86, attaching x86 log.

Have waited 2 seconds
Getting client initial tickets user1
Getting client initial tickets user2
starting uu server (using user1)
trying to contact server with client (using user2)
checking if server got the right message
killing kdc uu_server (16121 )
PASS: check-uu
=====================================
3 of 9 tests failed
(1 test was not run)
Please report to heimdal-bugs@h5l.org
=====================================
make[3]: *** [check-TESTS] Error 1
make[3]: Leaving directory `/var/tmp/portage/app-crypt/heimdal-1.2.1-r1/work/heimdal-1.2.1/tests/kdc'
make[2]: *** [check-am] Error 2
make[2]: Leaving directory `/var/tmp/portage/app-crypt/heimdal-1.2.1-r1/work/heimdal-1.2.1/tests/kdc'
make[1]: *** [check-recursive] Error 1
make[1]: Leaving directory `/var/tmp/portage/app-crypt/heimdal-1.2.1-r1/work/heimdal-1.2.1/tests'
make: *** [check-recursive] Error 1
 * 
 * ERROR: app-crypt/heimdal-1.2.1-r1 failed.
 * Call stack:
 *               ebuild.sh, line   49:  Called src_test
 *             environment, line 2912:  Called die
 * The specific snippet of code:
 *           KRB5_CONFIG="${S}"/krb5.conf Xmake check || die;
 *  The die message:
 *   (no error message)

app-crypt/heimdal-1.2.1-r1  USE="X berkdb ipv6 ssl -afs -hdb-ldap -otp -pkinit -threads"

Portage 2.1.6.4 (default/linux/x86/2008.0/desktop, gcc-4.1.2, glibc-2.6.1-r0, 2.6.27.10 i686)
=================================================================
System uname: Linux-2.6.27.10-i686-Intel-R-_Core-TM-2_Duo_CPU_T8300_@_2.40GHz-with-glibc2.0
Timestamp of tree: Sat, 10 Jan 2009 08:05:01 +0000
app-shells/bash:     3.2_p39
dev-java/java-config: 1.3.7-r1, 2.1.6-r1
dev-lang/python:     2.4.4-r14, 2.5.2-r7
dev-python/pycrypto: 2.0.1-r6
dev-util/cmake:      2.4.6-r1
sys-apps/baselayout: 1.12.11.1
sys-apps/sandbox:    1.2.18.1-r2
sys-devel/autoconf:  2.13, 2.63
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.2
sys-devel/binutils:  2.18-r3
sys-devel/gcc-config: 1.4.0-r4
sys-devel/libtool:   1.5.26
virtual/os-headers:  2.6.27-r2
ACCEPT_KEYWORDS="x86"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=i686 -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /opt/openfire/resources/security/ /opt/openjms/config /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/lib/fax /usr/share/config /var/bind /var/lib/hsqldb /var/qmail/alias /var/qmail/control /var/spool/fax/etc /var/spool/torque"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/splash /etc/terminfo /etc/texmf/web2c /etc/udev/rules.d"
CXXFLAGS="-O2 -march=i686 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="collision-protect distlocks fixpackages parallel-fetch protect-owned sandbox sfperms strict test unmerge-orphans userfetch userpriv usersandbox"
GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo"
LDFLAGS="-Wl,-O1"
LINGUAS="en en_GB de"
MAKEOPTS="-j2"
PKGDIR="/mnt/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="X acl acpi alsa apache2 avahi berkdb bluetooth branding bzip2 cairo cdr cli cracklib crypt cups dbus dri dvd dvdr dvdread eds emboss encode esd evo examples fam firefox fortran gdbm gif gnome gpm gstreamer gtk hal iconv ipv6 isdnlog jpeg kde ldap libnotify mad midi mikmod mp3 mpeg mudflap ncurses nls nptl nptlonly ogg opengl openmp pam pcre pdf perl png ppds pppd python qt3 qt3support qt4 quicktime readline reflection sdl session source spell spl ssl startup-notification svg sysfs tcpd test tiff truetype unicode usb vorbis win32codecs x86 xml xorg xulrunner xv zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en en_GB de" USERLAND="GNU" VIDEO_CARDS="fbdev glint i810 intel mach64 mga neomagic nv r128 radeon savage sis tdfx trident vesa vga via vmware voodoo"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LANG, LC_ALL, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Comment 13 Jeroen Roovers (RETIRED) gentoo-dev 2009-01-11 16:05:02 UTC
Stable for HPPA.

I'm getting test failures for test_ca and test_windows:

make[4]: Entering directory `/dev/shm/portage/app-crypt/heimdal-1.2.1-r1/work/heimdal-1.2.1/lib/hx50
9'
create certificate request
issue certificate
./test_ca: line 62:  9349 Terminated              ${hxtool} issue-certificate --ca-certificate=FILE:
$srcdir/data/ca.crt,$srcdir/data/ca.key --subject="cn=foo" --req="PKCS10:pkcs10-request.der" --certi
ficate="FILE:cert-ee.pem"
FAIL: test_ca


Create trust anchor
./test_windows: line 58: 11898 Terminated              ${hxtool} issue-certificate --self-signed --i
ssue-ca --generate-key=rsa --subject="CN=Windows-CA,DC=heimdal,DC=pki" --lifetime=10years --certific
ate="FILE:wca.pem"
FAIL: test_windows

This is mainly because either I or the kernel kills a runaway `hxtool' process which uses up all RAM, which is kind of odd - it probably hasn't been ported.
Comment 14 Michael Hammer (RETIRED) gentoo-dev 2009-01-12 08:54:52 UTC
hmm - ok test does not work. Should I disable it? The problem is that the actual stable heimdal release has a lot of security issues and it would be advisable to get a newer version stable. If heimdal-1.2.1-r1 is compiling without tests I'd consider that's better to go stable with a package which doesn't fit all unit tests but has (probably) less security related bugs.

greets, mueli

p.S.: On the other hand it's strange why I was able to run the tests on my machine ... I've to admit that I've done the tests a longer time ago.
Comment 15 Markus Meier gentoo-dev 2009-01-15 21:54:45 UTC
(In reply to comment #14)
> hmm - ok test does not work. Should I disable it? The problem is that the
> actual stable heimdal release has a lot of security issues and it would be
> advisable to get a newer version stable. If heimdal-1.2.1-r1 is compiling
> without tests I'd consider that's better to go stable with a package which
> doesn't fit all unit tests but has (probably) less security related bugs.
> 
> greets, mueli
> 
> p.S.: On the other hand it's strange why I was able to run the tests on my
> machine ... I've to admit that I've done the tests a longer time ago.

IMHO if possible, disable known failing tests. if this is not possible, and the tests are known to fail, it's better to RESTRICT them. (or you could tell us to stabilize it as it is...)
Comment 16 Michael Hammer (RETIRED) gentoo-dev 2009-01-16 14:56:46 UTC
I've restricted the test - I'd say you can go stable.

Thx in advance, greets

mueli
Comment 17 Tobias Klausmann (RETIRED) gentoo-dev 2009-01-18 11:51:10 UTC
Stable on alpha.
Comment 18 Markus Meier gentoo-dev 2009-01-18 14:56:23 UTC
amd64/x86 stable
Comment 19 nixnut (RETIRED) gentoo-dev 2009-01-24 12:18:35 UTC
ppc stable
Comment 20 Robert Buchholz (RETIRED) gentoo-dev 2009-02-12 18:53:15 UTC
sparc, ppc64, please stabilize.
Comment 21 Raúl Porcel (RETIRED) gentoo-dev 2009-02-20 08:56:28 UTC
arm/ia64/s390/sh/sparc stable
Comment 22 Pierre-Yves Rofes (RETIRED) gentoo-dev 2009-03-07 21:51:12 UTC
(In reply to comment #20)
> sparc, ppc64, please stabilize.
> 

this should read "It's a bump to fix security bug #199207", so ppc64, please stabilise.
Comment 23 Brent Baude (RETIRED) gentoo-dev 2009-03-15 13:56:21 UTC
ppc64 stable, closing