** Description changed: + == SRU JUSTIFICATION == + + [Impact] + + Chrome (and other things) crash when Kerberos fails to authenticate: + https://bugs.chromium.org/p/chromium/issues/detail?id=554905 + + Thread 22 "Chrome_IOThread" received signal SIGSEGV, Segmentation fault. + [Switching to Thread 0x7fffdd687700 (LWP 14851)] + spnego_gss_inquire_context (minor_status=0x7fffdd68573c, context_handle=0x0, src_name=0x7fffdd685670, targ_name=0x7fffdd685668, + lifetime_rec=0x7fffdd685738, mech_type=0x7fffdd685660, ctx_flags=0x7fffdd685734, locally_initiated=0x7fffdd685730, opened=0x7fffdd68572c) + at ../../../../src/lib/gssapi/spnego/spnego_mech.c:2315 + 2315 ../../../../src/lib/gssapi/spnego/spnego_mech.c: No such file or directory. + (gdb) bt + #0 spnego_gss_inquire_context (minor_status=0x7fffdd68573c, context_handle=0x0, src_name=0x7fffdd685670, targ_name=0x7fffdd685668, + lifetime_rec=0x7fffdd685738, mech_type=0x7fffdd685660, ctx_flags=0x7fffdd685734, locally_initiated=0x7fffdd685730, opened=0x7fffdd68572c) + at ../../../../src/lib/gssapi/spnego/spnego_mech.c:2315 + #1 0x00007fffef72be54 in gss_inquire_context (minor_status=0x7fffdd68573c, context_handle=<optimized out>, src_name=0x7fffdd685788, + targ_name=0x7fffdd685750, lifetime_rec=0x7fffdd685738, mech_type=0x7fffdd685780, ctx_flags=0x7fffdd685734, locally_initiated=0x7fffdd685730, + opened=0x7fffdd68572c) at ../../../../src/lib/gssapi/mechglue/g_inq_context.c:114 + + [Test Case] + + * Reproducer + + It needs Kerberos to fail, while another mechanism is possible. + So fix up the packaging errors noted in bug 1648898 so that GSS-NTLMSSP is actually registered properly, then just KRB5CCNAME=/dev/null google-chrome $SOME_URL_WHICH_USES_NEGOTIATE_AUTH + + [Regression Potential] + + * none expected Y and Z release already has the krb5 upstream patch. + * This was fixed in MIT krb5 in January: + https://github.com/krb5/krb5/pull/385 + + [Other Info] + + [Original Description] + Chrome (and other things) crash when Kerberos fails to authenticate: https://bugs.chromium.org/p/chromium/issues/detail?id=554905 This was fixed in MIT krb5 in January: https://github.com/krb5/krb5/pull/385 Thread 22 "Chrome_IOThread" received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fffdd687700 (LWP 14851)] - spnego_gss_inquire_context (minor_status=0x7fffdd68573c, context_handle=0x0, src_name=0x7fffdd685670, targ_name=0x7fffdd685668, - lifetime_rec=0x7fffdd685738, mech_type=0x7fffdd685660, ctx_flags=0x7fffdd685734, locally_initiated=0x7fffdd685730, opened=0x7fffdd68572c) - at ../../../../src/lib/gssapi/spnego/spnego_mech.c:2315 + spnego_gss_inquire_context (minor_status=0x7fffdd68573c, context_handle=0x0, src_name=0x7fffdd685670, targ_name=0x7fffdd685668, + lifetime_rec=0x7fffdd685738, mech_type=0x7fffdd685660, ctx_flags=0x7fffdd685734, locally_initiated=0x7fffdd685730, opened=0x7fffdd68572c) + at ../../../../src/lib/gssapi/spnego/spnego_mech.c:2315 2315 ../../../../src/lib/gssapi/spnego/spnego_mech.c: No such file or directory. (gdb) bt - #0 spnego_gss_inquire_context (minor_status=0x7fffdd68573c, context_handle=0x0, src_name=0x7fffdd685670, targ_name=0x7fffdd685668, - lifetime_rec=0x7fffdd685738, mech_type=0x7fffdd685660, ctx_flags=0x7fffdd685734, locally_initiated=0x7fffdd685730, opened=0x7fffdd68572c) - at ../../../../src/lib/gssapi/spnego/spnego_mech.c:2315 - #1 0x00007fffef72be54 in gss_inquire_context (minor_status=0x7fffdd68573c, context_handle=<optimized out>, src_name=0x7fffdd685788, - targ_name=0x7fffdd685750, lifetime_rec=0x7fffdd685738, mech_type=0x7fffdd685780, ctx_flags=0x7fffdd685734, locally_initiated=0x7fffdd685730, - opened=0x7fffdd68572c) at ../../../../src/lib/gssapi/mechglue/g_inq_context.c:114 + #0 spnego_gss_inquire_context (minor_status=0x7fffdd68573c, context_handle=0x0, src_name=0x7fffdd685670, targ_name=0x7fffdd685668, + lifetime_rec=0x7fffdd685738, mech_type=0x7fffdd685660, ctx_flags=0x7fffdd685734, locally_initiated=0x7fffdd685730, opened=0x7fffdd68572c) + at ../../../../src/lib/gssapi/spnego/spnego_mech.c:2315 + #1 0x00007fffef72be54 in gss_inquire_context (minor_status=0x7fffdd68573c, context_handle=<optimized out>, src_name=0x7fffdd685788, + targ_name=0x7fffdd685750, lifetime_rec=0x7fffdd685738, mech_type=0x7fffdd685780, ctx_flags=0x7fffdd685734, locally_initiated=0x7fffdd685730, + opened=0x7fffdd68572c) at ../../../../src/lib/gssapi/mechglue/g_inq_context.c:114
** Changed in: krb5 (Ubuntu) Importance: Low => Medium -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to krb5 in Ubuntu. https://bugs.launchpad.net/bugs/1648901 Title: SPNEGO crash on mechanism failure Status in krb5 package in Ubuntu: In Progress Bug description: == SRU JUSTIFICATION == [Impact] Chrome (and other things) crash when Kerberos fails to authenticate: https://bugs.chromium.org/p/chromium/issues/detail?id=554905 Thread 22 "Chrome_IOThread" received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fffdd687700 (LWP 14851)] spnego_gss_inquire_context (minor_status=0x7fffdd68573c, context_handle=0x0, src_name=0x7fffdd685670, targ_name=0x7fffdd685668, lifetime_rec=0x7fffdd685738, mech_type=0x7fffdd685660, ctx_flags=0x7fffdd685734, locally_initiated=0x7fffdd685730, opened=0x7fffdd68572c) at ../../../../src/lib/gssapi/spnego/spnego_mech.c:2315 2315 ../../../../src/lib/gssapi/spnego/spnego_mech.c: No such file or directory. (gdb) bt #0 spnego_gss_inquire_context (minor_status=0x7fffdd68573c, context_handle=0x0, src_name=0x7fffdd685670, targ_name=0x7fffdd685668, lifetime_rec=0x7fffdd685738, mech_type=0x7fffdd685660, ctx_flags=0x7fffdd685734, locally_initiated=0x7fffdd685730, opened=0x7fffdd68572c) at ../../../../src/lib/gssapi/spnego/spnego_mech.c:2315 #1 0x00007fffef72be54 in gss_inquire_context (minor_status=0x7fffdd68573c, context_handle=<optimized out>, src_name=0x7fffdd685788, targ_name=0x7fffdd685750, lifetime_rec=0x7fffdd685738, mech_type=0x7fffdd685780, ctx_flags=0x7fffdd685734, locally_initiated=0x7fffdd685730, opened=0x7fffdd68572c) at ../../../../src/lib/gssapi/mechglue/g_inq_context.c:114 [Test Case] * Reproducer It needs Kerberos to fail, while another mechanism is possible. So fix up the packaging errors noted in bug 1648898 so that GSS-NTLMSSP is actually registered properly, then just KRB5CCNAME=/dev/null google-chrome $SOME_URL_WHICH_USES_NEGOTIATE_AUTH [Regression Potential] * none expected Y and Z release already has the krb5 upstream patch. * This was fixed in MIT krb5 in January: https://github.com/krb5/krb5/pull/385 [Other Info] [Original Description] Chrome (and other things) crash when Kerberos fails to authenticate: https://bugs.chromium.org/p/chromium/issues/detail?id=554905 This was fixed in MIT krb5 in January: https://github.com/krb5/krb5/pull/385 Thread 22 "Chrome_IOThread" received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fffdd687700 (LWP 14851)] spnego_gss_inquire_context (minor_status=0x7fffdd68573c, context_handle=0x0, src_name=0x7fffdd685670, targ_name=0x7fffdd685668, lifetime_rec=0x7fffdd685738, mech_type=0x7fffdd685660, ctx_flags=0x7fffdd685734, locally_initiated=0x7fffdd685730, opened=0x7fffdd68572c) at ../../../../src/lib/gssapi/spnego/spnego_mech.c:2315 2315 ../../../../src/lib/gssapi/spnego/spnego_mech.c: No such file or directory. (gdb) bt #0 spnego_gss_inquire_context (minor_status=0x7fffdd68573c, context_handle=0x0, src_name=0x7fffdd685670, targ_name=0x7fffdd685668, lifetime_rec=0x7fffdd685738, mech_type=0x7fffdd685660, ctx_flags=0x7fffdd685734, locally_initiated=0x7fffdd685730, opened=0x7fffdd68572c) at ../../../../src/lib/gssapi/spnego/spnego_mech.c:2315 #1 0x00007fffef72be54 in gss_inquire_context (minor_status=0x7fffdd68573c, context_handle=<optimized out>, src_name=0x7fffdd685788, targ_name=0x7fffdd685750, lifetime_rec=0x7fffdd685738, mech_type=0x7fffdd685780, ctx_flags=0x7fffdd685734, locally_initiated=0x7fffdd685730, opened=0x7fffdd68572c) at ../../../../src/lib/gssapi/mechglue/g_inq_context.c:114 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1648901/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
