Merge ~sergiodj/ubuntu/+source/gssproxy:bug1788459-segfault-nfs-krb-focal into ubuntu/+source/gssproxy:ubuntu/focal-devel

Proposed by Sergio Durigan Junior
Status: Approved
Approved by: Sergio Durigan Junior
Approved revision: b8abcaf3c6c0e870fb35346a5d3b3ad236c12ab7
Proposed branch: ~sergiodj/ubuntu/+source/gssproxy:bug1788459-segfault-nfs-krb-focal
Merge into: ubuntu/+source/gssproxy:ubuntu/focal-devel
Diff against target: 85 lines (+53/-1)
4 files modified
debian/changelog (+8/-0)
debian/control (+2/-1)
debian/patches/0001-Fix-handling-of-selinux-context-when-NULL.patch (+42/-0)
debian/patches/series (+1/-0)
Reviewer Review Type Date Requested Status
Bryce Harrington (community) Approve
Canonical Server Core Reviewers Pending
Review via email: mp+404982@code.staging.launchpad.net

Description of the change

This is the backport of the upstream fix for bug #1788459. This MP addresses the Focal bug.

The problem happens when using gssproxy along with NFS and krb5 for authentication. In this scenario, a segmentation fault will happen when gssproxy interacts with libselinux and passes a NULL context to it.

As I wrote in the bug, arguably this is also a bug with libselinux because it naively attempts to dereference a pointer that is coming from one of its clients without checking if it's NULL first. However, it is also a bug with gssproxy and as such should be fixed.

There is an upstream bug here: https://pagure.io/gssproxy/issue/256

And the corresponding patch here: https://github.com/gssapi/gssproxy/commit/3b77666d463105fc485c0f269feaf0ed1061a769

This will be an SRU for Focal and Hirsute. The SRU template should provide more info if needed. There is also a PPA with the proposed packages here:

https://launchpad.net/~sergiodj/+archive/ubuntu/gssproxy-bug/+packages

The package doesn't have dep8 tests, but I tested the fix by running the "Test Case" section of the SRU template.

To post a comment you must log in.
Revision history for this message
Bryce Harrington (bryce) wrote :

Same patch, and same review as for hirsute. LGTM, +1

review: Approve
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Thanks for the review, Bryce.

Uploaded:

$ dput gssproxy_0.8.2-2ubuntu0.21.04.1_source.changes
Trying to upload package to ubuntu
Checking signature on .changes
gpg: /home/sergio/work/gssproxy/gssproxy_0.8.2-2ubuntu0.21.04.1_source.changes: Valid signature from 106DA1C8C3CBBF14
Checking signature on .dsc
gpg: /home/sergio/work/gssproxy/gssproxy_0.8.2-2ubuntu0.21.04.1.dsc: Valid signature from 106DA1C8C3CBBF14
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading gssproxy_0.8.2-2ubuntu0.21.04.1.dsc: done.
  Uploading gssproxy_0.8.2-2ubuntu0.21.04.1.debian.tar.xz: done.
  Uploading gssproxy_0.8.2-2ubuntu0.21.04.1_source.buildinfo: done.
  Uploading gssproxy_0.8.2-2ubuntu0.21.04.1_source.changes: done.
Successfully uploaded packages.

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Actually, this is the right dput output:

$ dput gssproxy_0.8.2-2ubuntu0.20.04.1_source.changes
Trying to upload package to ubuntu
Checking signature on .changes
gpg: /home/sergio/work/gssproxy/gssproxy_0.8.2-2ubuntu0.20.04.1_source.changes: Valid signature from 106DA1C8C3CBBF14
Checking signature on .dsc
gpg: /home/sergio/work/gssproxy/gssproxy_0.8.2-2ubuntu0.20.04.1.dsc: Valid signature from 106DA1C8C3CBBF14
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading gssproxy_0.8.2-2ubuntu0.20.04.1.dsc: done.
  Uploading gssproxy_0.8.2-2ubuntu0.20.04.1.debian.tar.xz: done.
  Uploading gssproxy_0.8.2-2ubuntu0.20.04.1_source.buildinfo: done.
  Uploading gssproxy_0.8.2-2ubuntu0.20.04.1_source.changes: done.
Successfully uploaded packages.

There was an error fetching revisions from git servers. Please try again in a few minutes. If the problem persists, contact Launchpad support.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
The diff is not available at this time. You can reload the page or download it.

Subscribers

People subscribed via source and target branches