pam-encfs fails on upgrade to Hardy

Thanks a lot!
I had the same problem, this patch fixed it.

Thanks, I've got the same problem....

Any idea when the fix will be in the official package?

Thanks,
Ger.

Same problem here, but only for 32 bits system. On my 64 bits system, libpam-encfs works right of the box...

This bug is still in Hardy. I am on 32-bit x86 and installing package libpam-encfs-0.1.4.1-2 causes a major system breakage.

Big fat note: INSTALLING THIS PACKAGE AT THE MOMENT WILL BREAK YOUR SYSTEM, YOU WILL BE UNABLE TO LOG IN

Does the following patch work for you instead of the proposed one?

Thanks.

--- Makefile 2005-12-16 16:28:40.000000000 +0100
+++ Makefile.new 2008-04-21 14:08:13.181781154 +0200
@@ -3,7 +3,7 @@
 LD = ld
 INSTALL = /usr/bin/install
 CFLAGS = -fPIC -O2 -c -g -Wall -Wformat-security -fno-strict-aliasing
-LDFLAGS = -x --shared
+LDFLAGS = --shared
 PAMLIB = -lpam
 CPPFLAGS =

No, your patch gives me the following error in /var/log/auth.log:

Apr 21 22:18:38 host login[13468]: PAM unable to dlopen(/lib/security/pam_encfs.so)
Apr 21 22:18:38 host login[13468]: PAM [error: /lib/security/pam_encfs.so: undefined symbol: __stack_chk_fail_local]
Apr 21 22:18:38 host login[13468]: PAM adding faulty module: /lib/security/pam_encfs.so

The first patch worked for me.

This is a CRITICAL bug: it causes people not to be able to log in after an upgrade. Fixing it requires tracking down the source of the problem by going through log files, and then disabling pam_encfs. After that, of course, people with encrypted home directories still can't log in.

A nasty bug with a simple fix already attached. Can someone explain what I have to do to get this patch merged???

A new package is alreay prepared for inclusion into Debian. However I cannot tell when are you going to see it in Ubuntu.

I can also confirm that Anton Blanchard's patch worked for me, and nahoo's did not, FWIW.

As to getting it fixed officially, they have a process for that:
https://wiki.ubuntu.com/StableReleaseUpdates

If you scroll down long enough, the procedure says that the bug has to be fixed in the "current development release" before it gets considered. Since I think it's going to be a while (at least until after the UDS to plan for Hardy+1) before development starts up again, I'd expect it to be at least a few weeks before this gets some love, especially since I think this particular package simply gets auto-updated from Debian unstable.

In the meantime, since I've been able to build a package with the fix, I'll see if I can figure out how to set up a PPA to get this out there.

(MOTU people: if my understanding of the process is wrong, please let me know!)

I've got the fix in my PPA now; go to https://launchpad.net/~rrenomeron/+archive for the apt source entries.

There is a new version (0.1.4.1-3) from Debian unstable in Intrepid now. I just tried it on my Hardy system and it still failed.

I also vote for fixing this. It's a big problem when a package that people depend on to log in is broken out of the box, especially when the patch is so trivial. Thanks for the patch Anton.

I rebuilt Debian source package (version 0.1.4.1-3) with Anton's patch extracted from Rich's source package. This bug is more than 2 months old now and the solution (a Makefile patch, doesn't touch sources) is available - why is it not included? Perhaps we should send it to Debian, where it will be hopefully pulled from later?

Fixed in my PPA: https://launchpad.net/~andrearatto/+archive

Can anyone tell if this fixed in Ibex???

I tried it briefly and could not get it to work in Ibex. I tried the workaround I had used in Hardy, and that did not work as well. I did not have time to look into the details. However, /etc/pam.d/common-auth in Ibex looks different than in Hardy.

Hello Vorik,

your problem should be fixed on Debian (version 0.1.4.1-4), I use the patch suggested by Anton. You may get the source and compile it yourself.

If it works in Ibex or not, I cannot tell.

I got my hardy system patched OK, but I would say that for this package, this is an extremely important bug. Can someone set the importance accordingly?

If this works in Debian, would it be possible at this point to import the Debian package?

I've just tried with Intrepid (release candidate), and from a quick test it seems this problem is fixed. 8.10 has version 0.1.4.1-4, and from the changelog (http://changelogs.ubuntu.com/changelogs/pool/universe/libp/libpam-encfs/libpam-encfs_0.1.4.1-4/changelog):

" * Link using gcc instead calling ld directly. Hopefuly closes ubuntu bug
    number 205783."

Seems to fix it for me. Thanks all.

Anton's patch worked for me on Hardy 32bit with all of the latest updates applied.

Hi,

Can someone provide a link to a fixed Hardy DEB file?

Thanks for helping out.

You can try the version from my PPA.
https://launchpad.net/~tukss/+archive/ppa

This bug was fixed in the package libpam-encfs - 0.1.4.4-3

---------------
libpam-encfs (0.1.4.4-3) unstable; urgency=low

  * debian/NEWS,README.Debian: Document possible behavior
    changes on session end after upgrade to pam-auth-update
    based files (Closes: #621018).

libpam-encfs (0.1.4.4-2) unstable; urgency=low

  * Build only for linux, Currently, fuse is not available
    outside it.
  * Keep a separate debian/pam_encfs.conf and ship upstream's
    at doc dir.
  * debian/copyright: Update years and origin.
  * debian/libpam-encfs.preinst: Fix 'Conffiles' for dpkg-query
    -f option.

libpam-encfs (0.1.4.4-1) unstable; urgency=low

  * New (temporary) maintainer.
  * New upstream release.
  * Integrate libpam-encfs with pam-auth-update (Closes: #605559).
    Original pam-config by Simon Mungewell (LP: #287904).
  * Update watch file. Thanks Yan Morin (Closes: #550802).
  * debian/README.source: Added. Package uses dpatch patch system.
  * debian/control:
    - Update Homepage.
    - Fix lintian debhelper-but-no-misc-depends.
    - Bump Standards-Version. No changes required.
  * debian/copyright. Fix unversioned GPL version.
  * {pre,post}inst: Fix lintian maintainer-script-ignores-errors.
  * Remove some patches for changes included by upstream in 0.1.4.2:
    - 04_possible_buffer_overflow.dpatch.
    - 05_wait_for_fusermount.dpatch.
    - 06_link_with_gcc.dpatch: Removed. Partially integrated in 0.1.4.2.
      For the rest, upstream prefers to stay with ld, so we use it
      consistently.
  * 03_Changelog.dpatch: Removed. Create a pseudo upstream Changelog
    under debian/ and make sure it is installed.
  * 02_pam_encfs.conf:
    - Update for new upstream releases.
    - Fix conflicting options in config. Thanks again Simon Mungewell
      (LP: #287929).
    - Do not set allow_root in global fuse options, as this implies that
      different choice cannot be used for any user.
    - Use allow_root as default in specific definitions.
    - Warn that allow_user and allow_root cannot be used simultaneously.
  * debian/rules: Pass LD_FLAGS from debian/rules, including -x and
    explicit -lc. This last should also close (LP: #205783), already
    closed differently in 0.1.4.1-4.
  * Really close (Closes: #465558). It was indeed closed in 0.1.4.1-4,
    but mistyped as #1465558, and fix is included in upstream 0.1.4.2.
 -- Ubuntu Archive Auto-Sync <email address hidden> Sat, 30 Apr 2011 13:09:02 +0000