pam-encfs fails on upgrade to Hardy

Bug #205783 reported by Anton Blanchard on 2008-03-24
56
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libpam-encfs (Ubuntu)
Undecided
Unassigned
Nominated for Hardy by Anton Blanchard
Nominated for Intrepid by Kjetil Kjernsmo

Bug Description

Binary package hint: libpam-encfs

After upgrading to Hardy I was unable to log in. /var/log/auth.log contains:

PAM unable to dlopen(/lib/security/pam_encfs.so)
PAM [error: /lib/security/pam_encfs.so: undefined symbol: __stack_chk_fail_local]
PAM adding faulty module: /lib/security/pam_encfs.so

We need to use gcc for the final link to remove this undefined symbol. Patch is attached.

Related branches

Revision history for this message
Anton Blanchard (anton-samba) wrote :
Revision history for this message
Richard de Boer (rich-home-deactivatedaccount) wrote :

Thanks a lot!
I had the same problem, this patch fixed it.

Revision history for this message
Vorik (launchpad-gerapeldoorn) wrote :

Thanks, I've got the same problem....

Any idea when the fix will be in the official package?

Thanks,
Ger.

Revision history for this message
Andreu Escudero (lemon) wrote :

Same problem here, but only for 32 bits system. On my 64 bits system, libpam-encfs works right of the box...

Revision history for this message
vatazhka (vatazhka) wrote :

This bug is still in Hardy. I am on 32-bit x86 and installing package libpam-encfs-0.1.4.1-2 causes a major system breakage.

Big fat note: INSTALLING THIS PACKAGE AT THE MOMENT WILL BREAK YOUR SYSTEM, YOU WILL BE UNABLE TO LOG IN

Andreu Escudero (lemon) on 2008-04-21
Changed in libpam-encfs:
status: New → Confirmed
Revision history for this message
nahoo (nahoo82) wrote :

Does the following patch work for you instead of the proposed one?

Thanks.

--- Makefile 2005-12-16 16:28:40.000000000 +0100
+++ Makefile.new 2008-04-21 14:08:13.181781154 +0200
@@ -3,7 +3,7 @@
 LD = ld
 INSTALL = /usr/bin/install
 CFLAGS = -fPIC -O2 -c -g -Wall -Wformat-security -fno-strict-aliasing
-LDFLAGS = -x --shared
+LDFLAGS = --shared
 PAMLIB = -lpam
 CPPFLAGS =

Revision history for this message
Philipp Edelmann (tukss) wrote :

No, your patch gives me the following error in /var/log/auth.log:

Apr 21 22:18:38 host login[13468]: PAM unable to dlopen(/lib/security/pam_encfs.so)
Apr 21 22:18:38 host login[13468]: PAM [error: /lib/security/pam_encfs.so: undefined symbol: __stack_chk_fail_local]
Apr 21 22:18:38 host login[13468]: PAM adding faulty module: /lib/security/pam_encfs.so

The first patch worked for me.

Revision history for this message
Tom (slfkj92) wrote :

This is a CRITICAL bug: it causes people not to be able to log in after an upgrade. Fixing it requires tracking down the source of the problem by going through log files, and then disabling pam_encfs. After that, of course, people with encrypted home directories still can't log in.

Revision history for this message
Anton Blanchard (anton-samba) wrote :

A nasty bug with a simple fix already attached. Can someone explain what I have to do to get this patch merged???

Revision history for this message
nahoo (nahoo82) wrote :

A new package is alreay prepared for inclusion into Debian. However I cannot tell when are you going to see it in Ubuntu.

Revision history for this message
Rich Renomeron (rrenomeron) wrote :

I can also confirm that Anton Blanchard's patch worked for me, and nahoo's did not, FWIW.

As to getting it fixed officially, they have a process for that:
https://wiki.ubuntu.com/StableReleaseUpdates

If you scroll down long enough, the procedure says that the bug has to be fixed in the "current development release" before it gets considered. Since I think it's going to be a while (at least until after the UDS to plan for Hardy+1) before development starts up again, I'd expect it to be at least a few weeks before this gets some love, especially since I think this particular package simply gets auto-updated from Debian unstable.

In the meantime, since I've been able to build a package with the fix, I'll see if I can figure out how to set up a PPA to get this out there.

(MOTU people: if my understanding of the process is wrong, please let me know!)

Revision history for this message
Rich Renomeron (rrenomeron) wrote :

I've got the fix in my PPA now; go to https://launchpad.net/~rrenomeron/+archive for the apt source entries.

Revision history for this message
Philipp Edelmann (tukss) wrote :

There is a new version (0.1.4.1-3) from Debian unstable in Intrepid now. I just tried it on my Hardy system and it still failed.

Revision history for this message
joehill (joseph-hill) wrote :

I also vote for fixing this. It's a big problem when a package that people depend on to log in is broken out of the box, especially when the patch is so trivial. Thanks for the patch Anton.

Revision history for this message
vatazhka (vatazhka) wrote :

I rebuilt Debian source package (version 0.1.4.1-3) with Anton's patch extracted from Rich's source package. This bug is more than 2 months old now and the solution (a Makefile patch, doesn't touch sources) is available - why is it not included? Perhaps we should send it to Debian, where it will be hopefully pulled from later?

Revision history for this message
Andrea Ratto (andrearatto) wrote :
Revision history for this message
Vorik (launchpad-gerapeldoorn) wrote :

Can anyone tell if this fixed in Ibex???

Revision history for this message
hasi (whynot-nurfuerspam) wrote :

I tried it briefly and could not get it to work in Ibex. I tried the workaround I had used in Hardy, and that did not work as well. I did not have time to look into the details. However, /etc/pam.d/common-auth in Ibex looks different than in Hardy.

Revision history for this message
nahoo (nahoo82) wrote :

Hello Vorik,

your problem should be fixed on Debian (version 0.1.4.1-4), I use the patch suggested by Anton. You may get the source and compile it yourself.

If it works in Ibex or not, I cannot tell.

Revision history for this message
Kjetil Kjernsmo (kjetil) wrote :

I got my hardy system patched OK, but I would say that for this package, this is an extremely important bug. Can someone set the importance accordingly?

If this works in Debian, would it be possible at this point to import the Debian package?

Revision history for this message
Graham Bennett (graham33) wrote :

I've just tried with Intrepid (release candidate), and from a quick test it seems this problem is fixed. 8.10 has version 0.1.4.1-4, and from the changelog (http://changelogs.ubuntu.com/changelogs/pool/universe/libp/libpam-encfs/libpam-encfs_0.1.4.1-4/changelog):

" * Link using gcc instead calling ld directly. Hopefuly closes ubuntu bug
    number 205783."

Seems to fix it for me. Thanks all.

Revision history for this message
cybaix (cybaix) wrote :

Anton's patch worked for me on Hardy 32bit with all of the latest updates applied.

Revision history for this message
ClemensBier (clemensbier) wrote :

Hi,

Can someone provide a link to a fixed Hardy DEB file?

Thanks for helping out.

Revision history for this message
Philipp Edelmann (tukss) wrote :

You can try the version from my PPA.
https://launchpad.net/~tukss/+archive/ppa

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libpam-encfs - 0.1.4.4-3

---------------
libpam-encfs (0.1.4.4-3) unstable; urgency=low

  * debian/NEWS,README.Debian: Document possible behavior
    changes on session end after upgrade to pam-auth-update
    based files (Closes: #621018).

libpam-encfs (0.1.4.4-2) unstable; urgency=low

  * Build only for linux, Currently, fuse is not available
    outside it.
  * Keep a separate debian/pam_encfs.conf and ship upstream's
    at doc dir.
  * debian/copyright: Update years and origin.
  * debian/libpam-encfs.preinst: Fix 'Conffiles' for dpkg-query
    -f option.

libpam-encfs (0.1.4.4-1) unstable; urgency=low

  * New (temporary) maintainer.
  * New upstream release.
  * Integrate libpam-encfs with pam-auth-update (Closes: #605559).
    Original pam-config by Simon Mungewell (LP: #287904).
  * Update watch file. Thanks Yan Morin (Closes: #550802).
  * debian/README.source: Added. Package uses dpatch patch system.
  * debian/control:
    - Update Homepage.
    - Fix lintian debhelper-but-no-misc-depends.
    - Bump Standards-Version. No changes required.
  * debian/copyright. Fix unversioned GPL version.
  * {pre,post}inst: Fix lintian maintainer-script-ignores-errors.
  * Remove some patches for changes included by upstream in 0.1.4.2:
    - 04_possible_buffer_overflow.dpatch.
    - 05_wait_for_fusermount.dpatch.
    - 06_link_with_gcc.dpatch: Removed. Partially integrated in 0.1.4.2.
      For the rest, upstream prefers to stay with ld, so we use it
      consistently.
  * 03_Changelog.dpatch: Removed. Create a pseudo upstream Changelog
    under debian/ and make sure it is installed.
  * 02_pam_encfs.conf:
    - Update for new upstream releases.
    - Fix conflicting options in config. Thanks again Simon Mungewell
      (LP: #287929).
    - Do not set allow_root in global fuse options, as this implies that
      different choice cannot be used for any user.
    - Use allow_root as default in specific definitions.
    - Warn that allow_user and allow_root cannot be used simultaneously.
  * debian/rules: Pass LD_FLAGS from debian/rules, including -x and
    explicit -lc. This last should also close (LP: #205783), already
    closed differently in 0.1.4.1-4.
  * Really close (Closes: #465558). It was indeed closed in 0.1.4.1-4,
    but mistyped as #1465558, and fix is included in upstream 0.1.4.2.
 -- Ubuntu Archive Auto-Sync <email address hidden> Sat, 30 Apr 2011 13:09:02 +0000

Changed in libpam-encfs (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers