SPNEGO crash on mechanism failure

Status changed to 'Confirmed' because the bug affects multiple users.

Hi andrew, dwmw2 et al,

If I build a test package on Monday, will you be amenable to install/test it and then provide feedbacks before I start the SRU ?

Addtionnaly, can you provide the detailed steps on how to reproduce the problem ?

Sure, I can attempt to test. It needs Kerberos to fail, while another mechanism is possible. So fix up the packaging errors noted in bug 1648898 so that GSS-NTLMSSP is actually registered properly, then just

KRB5CCNAME=/dev/null google-chrome $SOME_URL_WHICH_USES_NEGOTIATE_AUTH

Dwmw2,

On which ubuntu release are you experiencing the situation ?

On 16.04. Apologies, I looked but couldn't see where Launchpad expects me to enter that information.

Ok tks that all I need for now. Will provide a test pkg on Monday for Xenial.

I reviewed the src code of X/Y/Z and only X is affected.

Y/Z already have the patch.

Eric

dwmw2,

Can you please give a try at this test package ?

--
$ sudo add-apt-repository ppa:slashd/fix1648901
$ sudo apt-get update

Install the necessary krb5 packages and then test your reproducer.
--

Eric

Yes, that fixes the crash. Thanks.

Great will then start the sru on monday.

Thanks for the quick feedback.

DEBDIFF for Xenial [1.13.2+dfsg-5ubuntu2]

As per a irc conversation with the SRU team (apw),

The existing krb5 (1.13.2+dfsg-5ubuntu1) has a regressing ADT test so it stuck in -proposed.
Thus, preventing krb5 (1.13.2+dfsg-5ubuntu2) to land in -proposed.

SRU team are looking at this as we speak.

- Eric

Hello dwmw2, or anyone else affected,

Accepted krb5 into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/krb5/1.13.2+dfsg-5ubuntu2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

@dwmw2,
@Andrew Jorgensen,
or anyone else affected by this bug.

As you may have notice, there is currently a call for testing a proposed version of the source package "krb5".

This is the last step before the package make its way into xenial-updates (final destination)

Could you please try the package and provide feedbacks so I can complete the SRU ?

- Eric

Tested w/ libkrb5-3=1.13.2+dfsg-5ubuntu2 from xenial-proposed. It was tricky to prepare an environment I could safely test in, but I verified that chrome crashed with previous version, but does not crash after update to the proposed version.

Great thanks Andrew !

The verification of the Stable Release Update for krb5 has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

This bug was fixed in the package krb5 - 1.13.2+dfsg-5ubuntu2

---------------
krb5 (1.13.2+dfsg-5ubuntu2) xenial; urgency=medium

  * Fix segfault in context_handle (LP: #1648901).
    - d/p/check_internal_context_on_init_context_errors.patch:
    Cherry picked patch from upstream VCS.

 -- Eric Desrochers <email address hidden> Mon, 16 Jan 2017 15:06:57 +0100

This is also an issue on trusty.

@mp26+launch, can you easily reproduce this on trusty? Or did you just check the code?