Performing verification for focal. I installed cifs-utils 2:6.9-1ubuntu0.3 from focal -updates.
Now, we can't run the full testcase for focal, as the kernel has a bug where setns() fails due to getting a null / corrupted kerberos credential cache, cifs-utils never takes the error paths, and valgrind finds nothing. So in this case, I am just running through the testcase of bug 2099917: root@focal-dc:/home/ubuntu# kinit [email protected] Password for [email protected]: Warning: Your password will expire in 41 days on Mon Jul 28 02:14:31 2025 root@focal-dc:/home/ubuntu# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [email protected] Valid starting Expires Service principal 06/16/25 02:45:29 06/16/25 12:45:29 krbtgt/[email protected] renew until 06/17/25 02:45:26 root@focal-dc:/home/ubuntu# mount -t cifs -o cruid=root,user=root,sec=krb5i,uid=0,gid=0,cred=/tmp/krb5cc_0 //samba-dc.example.com/demo /mnt/testshare1 root@focal-dc:/home/ubuntu# umount /mnt/testshare1 root@focal-dc:/home/ubuntu# git clone https://git.nullroute.lt/hacks/python-krb5ccparse.git Cloning into 'python-krb5ccparse'... remote: Enumerating objects: 59, done. remote: Counting objects: 100% (59/59), done. remote: Compressing objects: 100% (59/59), done. remote: Total 59 (delta 28), reused 0 (delta 0), pack-reused 0 (from 0) Unpacking objects: 100% (59/59), 11.53 KiB | 472.00 KiB/s, done. root@focal-dc:/home/ubuntu# cd python-krb5ccparse/ root@focal-dc:/home/ubuntu/python-krb5ccparse# ./kremovetkt -c /tmp/krb5cc_0 -o /tmp/removed -p krbtgt/[email protected] Skipping ticket for krbtgt/[email protected] Keeping ticket for krb5_ccache_conf_data/pa_type/krbtgt/[email protected]@X-CACHECONF: Keeping ticket for cifs/samba-dc.example.com@ Keeping ticket for cifs/[email protected] root@focal-dc:/home/ubuntu/python-krb5ccparse# kdestroy root@focal-dc:/home/ubuntu/python-krb5ccparse# klist klist: No credentials cache found (filename: /tmp/krb5cc_0) root@focal-dc:/home/ubuntu/python-krb5ccparse# mv /tmp/removed /tmp/krb5cc_0 root@focal-dc:/home/ubuntu/python-krb5ccparse# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [email protected] Valid starting Expires Service principal 06/16/25 02:45:49 06/16/25 12:45:29 cifs/samba-dc.example.com@ renew until 06/17/25 02:45:26 06/16/25 02:45:49 06/16/25 12:45:29 cifs/[email protected] renew until 06/17/25 02:45:26 root@focal-dc:/home/ubuntu/python-krb5ccparse# mount -t cifs -o cruid=root,user=root,sec=krb5i,uid=0,gid=0,cred=/tmp/krb5cc_0 //samba-dc.example.com/demo /mnt/testshare1 root@focal-dc:/home/ubuntu/python-krb5ccparse# mount -l ... //samba-dc.example.com/demo on /mnt/testshare1 type cifs (rw,relatime,vers=3.1.1,sec=krb5i,cruid=0,cache=strict,username=root,uid=0,forceuid,gid=0,forcegid,addr=192.168.122.230,file_mode=0755,dir_mode=0755,soft,nounix,serverino,mapposix,rsize=4194304,wsize=4194304,bsize=1048576,echo_interval=60,actimeo=1,user=root) I then enabled -security-proposed from https://launchpad.net/~ubuntu-security- proposed/+archive/ubuntu/ppa/+packages?field.name_filter=cifs- utils&field.status_filter=published&field.series_filter= I then installed cifs-utils 2:6.9-1ubuntu0.4 root@focal-dc:/home/ubuntu/python-krb5ccparse# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [email protected] Valid starting Expires Service principal 06/16/25 02:45:49 06/16/25 12:45:29 cifs/samba-dc.example.com@ renew until 06/17/25 02:45:26 06/16/25 02:45:49 06/16/25 12:45:29 cifs/[email protected] renew until 06/17/25 02:45:26 root@focal-dc:/home/ubuntu/python-krb5ccparse# mount -t cifs -o cruid=root,user=root,sec=krb5i,uid=0,gid=0,cred=/tmp/krb5cc_0 //samba-dc.example.com/demo /mnt/testshare1 root@focal-dc:/home/ubuntu/python-krb5ccparse# mount -l ... //samba-dc.example.com/demo on /mnt/testshare1 type cifs (rw,relatime,vers=3.1.1,sec=krb5i,cruid=0,cache=strict,username=root,uid=0,forceuid,gid=0,forcegid,addr=192.168.122.230,file_mode=0755,dir_mode=0755,soft,nounix,serverino,mapposix,rsize=4194304,wsize=4194304,bsize=1048576,echo_interval=60,actimeo=1,user=root) The testcase still holds, and the new package doesn't introduce any regressions. The package in -security-proposed fixes the issue. Happy to mark verified for focal. ** Tags added: verification-done-jammy ** Tags added: verification-done-focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2113906 Title: Regression: After LP2099917 cifs.upcall leaks memory on error message if service ticket doesn't exist To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cifs-utils/+bug/2113906/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
