Bug#880393: libsasl2-modules-gssapi-heimdal seems built against MIT
Ondřej Surý
ondrej at sury.org
Mon Nov 13 09:07:11 UTC 2017
Hi Johan,
you are the first one to notice :).
There was a time shortly before stable freeze when Heimdal team
requested removal of heimdal from Debian (#837724), but instead this
activity woke up the upstream, so they released new upstream version
(#849706). Somewhere in between something went awry and the full Heimdal
support wasn't properly reinstated into cyrus-sasl2.
I am not sure whether this could be fixed in Debian stable as things
might break with sudden change. Ccing debian-release for advice.
Ondrej
--
Ondřej Surý <ondrej at sury.org>
On Tue, Oct 31, 2017, at 08:33, Johan Wassberg wrote:
> Package: libsasl2-modules-gssapi-heimdal
> Version: 2.1.27~101-g0780600+dfsg-3
> Severity: important
>
> Dear Maintainer,
>
> I think something is fishy with the package
> "libsasl2-modules-gssapi-heimdal".
> I suspect that the package is built against MIT instead of Heimdal.
>
> Trying to migrate a Xenial machine to Stretch I noticed a difference in
> behavior when using `saslauthd` in a Postfix chroot - configs that
> haven't been required before was now required and `saslauthd` is
> complaing about settings that I have never seen with our previous setup.
> We
> have always used the Heimdal Kerberos libraries and therefore always
> used "libsasl2-modules-gssapi-heimdal" for `saslauthd`.
>
> Couldn't find any upstream changes in either Heimdal or Cyrus SASL which
> would explain my issuses so I went digging in the Debian package
> instead.
> Found that Heimdal was ripped out from the package(s) in October 24
> 2016:
> * 004977091b89363daa04301e89a045e7e2ffbad8
> * b9158ab7d2bc71a026d417982fee61bc854935f4
> * b334c34bce70f20d85ef0e86e79c6310b69f7345
> And added again on Dec 31:
> * f382638d18a1e1e75560076d0cb1482e0b4dc613
>
> Unfortunately the package(s) has moved a lot between removal and
> reinstatement
> so I can't get a clean diff over the changes. But I suspect that the
> reinstatement didn't go as planned.
>
> From Jessie:
> ```
> # dpkg -S /usr/lib/x86_64-linux-gnu/sasl2/libgssapiv2.so.2.0.25
> libsasl2-modules-gssapi-heimdal:amd64:
> /usr/lib/x86_64-linux-gnu/sasl2/libgssapiv2.so.2.0.25
>
> # ldd /usr/lib/x86_64-linux-gnu/sasl2/libgssapiv2.so.2.0.25
> linux-vdso.so.1 (0x00007fffc877e000)
> libgssapi.so.3 => /usr/lib/x86_64-linux-gnu/libgssapi.so.3
> (0x00007fd5b206a000)
> libkrb5.so.26 => /usr/lib/x86_64-linux-gnu/libkrb5.so.26
> (0x00007fd5b1ddb000)
> libasn1.so.8 => /usr/lib/x86_64-linux-gnu/libasn1.so.8
> (0x00007fd5b1b2b000)
> libroken.so.18 => /usr/lib/x86_64-linux-gnu/libroken.so.18
> (0x00007fd5b1915000)
> libcrypt.so.1 => /lib/x86_64-linux-gnu/libcrypt.so.1
> (0x00007fd5b16de000)
> libcrypto.so.1.0.0 =>
> /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0 (0x00007fd5b12e1000)
> libcom_err.so.2 => /lib/x86_64-linux-gnu/libcom_err.so.2
> (0x00007fd5b10dd000)
> libresolv.so.2 => /lib/x86_64-linux-gnu/libresolv.so.2
> (0x00007fd5b0ec6000)
> libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fd5b0b1a000)
> libheimntlm.so.0 => /usr/lib/x86_64-linux-gnu/libheimntlm.so.0
> (0x00007fd5b0911000)
> libhcrypto.so.4 => /usr/lib/x86_64-linux-gnu/libhcrypto.so.4
> (0x00007fd5b06dc000)
> libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0
> (0x00007fd5b04be000)
> libwind.so.0 => /usr/lib/x86_64-linux-gnu/libwind.so.0
> (0x00007fd5b0295000)
> libheimbase.so.1 => /usr/lib/x86_64-linux-gnu/libheimbase.so.1
> (0x00007fd5b0086000)
> libhx509.so.5 => /usr/lib/x86_64-linux-gnu/libhx509.so.5
> (0x00007fd5afe39000)
> libsqlite3.so.0 => /usr/lib/x86_64-linux-gnu/libsqlite3.so.0
> (0x00007fd5afb70000)
> libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2
> (0x00007fd5af96c000)
> /lib64/ld-linux-x86-64.so.2 (0x00007fd5b24ba000)
>
> # strings /usr/lib/x86_64-linux-gnu/sasl2/libgssapiv2.so.2.0.25 | egrep
> "MIT|HEIM"
> HEIMDAL_GSS_2.0
> ```
>
> From Ubuntu Xenial:
> ```
> # dpkg -S /usr/lib/x86_64-linux-gnu/sasl2/libgssapiv2.so.2.0.25
> libsasl2-modules-gssapi-heimdal:amd64:
> /usr/lib/x86_64-linux-gnu/sasl2/libgssapiv2.so.2.0.25
>
> # ldd /usr/lib/x86_64-linux-gnu/sasl2/libgssapiv2.so.2.0.25
> linux-vdso.so.1 => (0x00007ffd967d4000)
> libgssapi.so.3 => /usr/lib/x86_64-linux-gnu/libgssapi.so.3
> (0x00007f818c61c000)
> libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f818c252000)
> libheimntlm.so.0 => /usr/lib/x86_64-linux-gnu/libheimntlm.so.0
> (0x00007f818c048000)
> libkrb5.so.26 => /usr/lib/x86_64-linux-gnu/libkrb5.so.26
> (0x00007f818bdbe000)
> libasn1.so.8 => /usr/lib/x86_64-linux-gnu/libasn1.so.8
> (0x00007f818bb1c000)
> libcom_err.so.2 => /lib/x86_64-linux-gnu/libcom_err.so.2
> (0x00007f818b917000)
> libhcrypto.so.4 => /usr/lib/x86_64-linux-gnu/libhcrypto.so.4
> (0x00007f818b6e4000)
> libroken.so.18 => /usr/lib/x86_64-linux-gnu/libroken.so.18
> (0x00007f818b4ce000)
> libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0
> (0x00007f818b2b0000)
> /lib64/ld-linux-x86-64.so.2 (0x0000559426341000)
> libwind.so.0 => /usr/lib/x86_64-linux-gnu/libwind.so.0
> (0x00007f818b087000)
> libheimbase.so.1 => /usr/lib/x86_64-linux-gnu/libheimbase.so.1
> (0x00007f818ae78000)
> libhx509.so.5 => /usr/lib/x86_64-linux-gnu/libhx509.so.5
> (0x00007f818ac2c000)
> libsqlite3.so.0 => /usr/lib/x86_64-linux-gnu/libsqlite3.so.0
> (0x00007f818a957000)
> libcrypt.so.1 => /lib/x86_64-linux-gnu/libcrypt.so.1
> (0x00007f818a71f000)
> libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2
> (0x00007f818a51a000)
> libresolv.so.2 => /lib/x86_64-linux-gnu/libresolv.so.2
> (0x00007f818a2ff000)
>
> # strings /usr/lib/x86_64-linux-gnu/sasl2/libgssapiv2.so.2.0.25 | egrep
> "MIT|HEIM"
> HEIMDAL_GSS_2.0
> ```
>
> From Stretch:
> ```
> # dpkg -S /usr/lib/x86_64-linux-gnu/sasl2/libgssapiv2.so.2.0.25
> libsasl2-modules-gssapi-heimdal:amd64:
> /usr/lib/x86_64-linux-gnu/sasl2/libgssapiv2.so.2.0.25
>
> # ldd /usr/lib/x86_64-linux-gnu/sasl2/libgssapiv2.so.2.0.25
> linux-vdso.so.1 (0x00007ffd97762000)
> libgssapi_krb5.so.2 =>
> /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2
> (0x00007f218ad06000)
> libkrb5.so.3 => /usr/lib/x86_64-linux-gnu/libkrb5.so.3
> (0x00007f218aa2c000)
> libk5crypto.so.3 => /usr/lib/x86_64-linux-gnu/libk5crypto.so.3
> (0x00007f218a7f9000)
> libcom_err.so.2 => /lib/x86_64-linux-gnu/libcom_err.so.2
> (0x00007f218a5f5000)
> libresolv.so.2 => /lib/x86_64-linux-gnu/libresolv.so.2
> (0x00007f218a3de000)
> libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f218a03f000)
> libkrb5support.so.0 =>
> /usr/lib/x86_64-linux-gnu/libkrb5support.so.0
> (0x00007f2189e33000)
> libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2
> (0x00007f2189c2f000)
> libkeyutils.so.1 => /lib/x86_64-linux-gnu/libkeyutils.so.1
> (0x00007f2189a2b000)
> libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0
> (0x00007f218980e000)
> /lib64/ld-linux-x86-64.so.2 (0x00007f218b15a000)
>
> # strings /usr/lib/x86_64-linux-gnu/sasl2/libgssapiv2.so.2.0.25 | egrep
> "MIT|HEIM"
> gssapi_krb5_2_MIT
> ```
>
> As you can see from my examples all the older dists seems to be built
> against
> Heimdal and contains HEIMDAL in the SO file but in Stretch the file now
> contains
> MIT and `ldd` gives no hint of any Heimdal libraries. This makes me think
> that
> "libsasl2-modules-gssapi-heimdal" is built again the wrong Kerberos
> library.
>
> Let me know if there is any additional data I can provide in order to
> straighten this issue.
>
> --
> jocar
>
> -- System Information:
> Debian Release: 9.1
> APT prefers stable
> APT policy: (500, 'stable')
> Architecture: amd64 (x86_64)
>
> Kernel: Linux 4.9.0-4-amd64 (SMP w/2 CPU cores)
> Locale: LANG=en_GB.UTF-8, LC_CTYPE=UTF-8 (charmap=UTF-8) (ignored: LC_ALL
> set to en_US.UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8) (ignored: LC_ALL
> set to en_US.UTF-8)
> Shell: /bin/sh linked to /bin/dash
> Init: systemd (via /run/systemd/system)
>
> Versions of packages libsasl2-modules-gssapi-heimdal depends on:
> ii libc6 2.24-11+deb9u1
> ii libcomerr2 1.43.4-2
> ii libgssapi-krb5-2 1.15-1+deb9u1
> ii libk5crypto3 1.15-1+deb9u1
> ii libkrb5-3 1.15-1+deb9u1
> ii libsasl2-modules 2.1.27~101-g0780600+dfsg-3
>
> libsasl2-modules-gssapi-heimdal recommends no packages.
>
> libsasl2-modules-gssapi-heimdal suggests no packages.
>
> -- no debconf information
>
> _______________________________________________
> Pkg-cyrus-sasl2-debian-devel mailing list
> Pkg-cyrus-sasl2-debian-devel at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-cyrus-sasl2-debian-devel
More information about the Pkg-cyrus-sasl2-debian-devel
mailing list