Ubuntu
gssproxy package

gssproxy crashes in libselinux.so.1 on Ubuntu 18.04 when called by rpc.gssd

Bug #1788459 reported by Robert Taylor
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
gssproxy (Ubuntu)
Invalid
Medium
Sergio Durigan Junior
Focal
Fix Released
Undecided
Sergio Durigan Junior
Hirsute
Fix Released
Undecided
Sergio Durigan Junior
libselinux (Ubuntu)
Invalid
Undecided
Unassigned
Focal
Invalid
Undecided
Unassigned
Hirsute
Invalid
Undecided
Unassigned

Bug Description

[ Impact ]

gssproxy users on Focal and Hiruste who configure the package to handle NFS mountpoints using Kerberos authentication will experience a segmentation fault when invoking the service either through systemd or by hand.

[ Test Case]

Inside a Focal LXD container:

$ lxc launch images:ubuntu/focal gssproxy-bug1788459-focal
$ lxc shell gssproxy-bug1788459-focal
# apt update
# apt install -y gssproxy nfs-kernel-server
# cat > /etc/gssproxy/gssproxy.conf << __EOF__
[gssproxy]
debug = true
debug_level = 3
__EOF__
# cat >> /etc/gssproxy/25-nfs-server.conf << __EOF__
[service/nfs-server]
mechs = krb5
socket = /run/gssproxy.sock
cred_store = keytab:/etc/krb5.keytab
trusted = yes
kernel_nfsd = yes
euid = 0
__EOF__
# /usr/sbin/gssproxy --interactive --debug --debug-level=3 --socket=/run/gssproxy.sock
[2021/06/30 14:34:14]: Debug Enabled (level: 3)
[2021/06/30 14:34:14]: Keytab /etc/krb5.keytab has no content (-1765328203)
[2021/06/30 14:34:14]: Service: nfs-server, Enckey: [ephemeral], Enctype: 18
[2021/06/30 14:34:14]: Client [2021/06/30 14:34:14]: (/usr/sbin/gssproxy) [2021/06/30 14:34:14]: connected (fd = 12)[2021/06/30 14:34:14]: (pid = 3428) (uid = 0) (gid = 0)Segmentation fau
lt (core dumped)

[ Where problems could occur ]

* The backported patch is simple and it is very unlikely that it will introduce a regression.
* As usual, it is always risky to rebuild a package that hasn't been touched for more than 1 year, albeit in this case the risk is very low because the package is not very complex.

[ Original Description ]

I have apache configured to perform a kerberized NFS4 mount using rpc.gssd and gssproxy.

If I request a web page that requires NFS4 access, then gssproxy crashes, reporting a segfault in libselinux.so.1 and the web request generates a 403 error.

gssproxy[6267]: segfault at 0 ip 00007f2f5bb1951a sp 00007ffe861da150 error 4 in libselinux.so.1[7f2f5bb0d000+25000]

If I run gssproxy at debug level = 3, and then load a web page, I can see the uid/principal request for www-data come in from rpc.gssd:

# gssproxy -d --debug-level=3 -i -C /etc/gssproxy

[2018/08/22 17:51:40]: Debug Enabled (level: 3)
[2018/08/22 17:52:06]: Client [2018/08/22 17:52:06]: (/usr/sbin/rpc.gssd) [2018/08/22 17:52:06]: connected (fd = 10)[2018/08/22 17:52:06]: (pid = 4548) (uid = 33) (gid = 33)Segmentation fault (core dumped)

Since gssproxy is required to initiate kerberos principals for any local application services - Ubuntu 18.04 does not currently support running application services with NFS4 kerberos dependencies. This has a fairly significant impact on anyone attempting to implement kerberos on Ubuntu 18.04

Ubuntu 18.04.1 LTS
gssproxy 0.8.0-1
libselinux1:amd64 2.7-2build2
libgssrpc4:amd64 1.16-2build1

See original description

Related branches

~sergiodj/ubuntu/+source/gssproxy:bug1788459-segfault-nfs-krb-hirsute
Bryce Harrington (community): Approve
Canonical Server Core Reviewers: Pending requested
Diff: 85 lines (+53/-1)
4 files modified
debian/changelog (+8/-0)
debian/control (+2/-1)
debian/patches/0001-Fix-handling-of-selinux-context-when-NULL.patch (+42/-0)
debian/patches/series (+1/-0)
~sergiodj/ubuntu/+source/gssproxy:bug1788459-segfault-nfs-krb-focal
Bryce Harrington (community): Approve
Canonical Server Core Reviewers: Pending requested
Diff: 85 lines (+53/-1)
4 files modified
debian/changelog (+8/-0)
debian/control (+2/-1)
debian/patches/0001-Fix-handling-of-selinux-context-when-NULL.patch (+42/-0)
debian/patches/series (+1/-0)
Robert Taylor (rgtaylor)
summary: - gssproxy in libselinux.so.1 on Ubuntu 18.04 when called by rpc.gssd
+ gssproxy crashes in libselinux.so.1 on Ubuntu 18.04 when called by
+ rpc.gssd
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Can you simplify the configuration needed to reproduce this bug? For example, does it happen when using gssapi authentication with apache, without the NFSv4 bit?

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Or can you elaborate a bit more how you have this setup?

And, before I forget, do you have a crash file somewhere in /var/crash?

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in gssproxy (Ubuntu):
status: New → Confirmed
Changed in krb5 (Ubuntu):
status: New → Confirmed
Changed in libselinux (Ubuntu):
status: New → Confirmed
Revision history for this message
Koen Dierckx (dierckxk) wrote :

Trying to get gssproxy working with NFS (rpc-gssd and rpc-svcgssd) on Ubuntu 20.04
Following https://github.com/gssapi/gssproxy/blob/main/docs/NFS.md

/etc/gssproxy/gssproxy.conf
      [gssproxy]
      debug = true
      debug_level = 3

/etc/gssproxy/25-nfs-server.conf
      [service/nfs-server]
        mechs = krb5
        socket = /run/gssproxy.sock
        cred_store = keytab:/etc/krb5.keytab
        trusted = yes
        kernel_nfsd = yes
        euid = 0

When I start the gssproxy service, either through systemd
or manually with: /usr/sbin/gssproxy --interactive --debug --debug-level=3 --socket=/run/gssproxy.sock

I get this result:
[2021/06/28 14:49:19]: Debug Enabled (level: 3)
[2021/06/28 14:49:19]: Service: nfs-client, Keytab: /etc/krb5.keytab, Enctype: 23
[2021/06/28 14:49:19]: Service: nfs-server, Keytab: /etc/krb5.keytab, Enctype: 23
[2021/06/28 14:49:19]: Client [2021/06/28 14:49:19]: (/usr/sbin/gssproxy) [2021/06/28 14:49:19]: connected (fd = 13)[2021/06/28 14:49:19]: (pid = 7821) (uid = 0) (gid = 0)Segmentation fault (core dumped)

It is the kernel_nfsd = yes config part that causes the segfault
What it does (from the docs linked above)
  ...
  The gssproxy client registers to the kernel by performing 2 actions in the following order:
  * creates a unix socket for kernel communication in /var/run/gssproxy.sock (this path is hardcoded in the kernel and cannot be changed at this time)
  * writes 1 byte in the proc file /proc/net/rpc/use-gss-proxy (the client must be ready to accept a connection from the kernel when this is done, as the kernel we check that the socket is available)
  ...
  It enables the kernel extensions to the protocol (the context is exported as a lucid context for example, and a list of resolved credentials is returned if authentication succeeds)

The proc files seems ok (it was -1 before)
cat /proc/net/rpc/use-gss-proxy
1

Revision history for this message
Koen Dierckx (dierckxk) wrote :

The reason we want gssproxy, and not the default rpc-gssd and rpc-svcgssd services is that we are using active directory, and most of our accounts are members of many groups, causing gssd to fail. This is a known issue and is one of the things that gssproxy solves.

>>The reason we did this was to allow the kernel NFS server to handle big tickets like those containing a MS-PAC payload that may be received by a Microsoft client.

Revision history for this message
Koen Dierckx (dierckxk) wrote :
Revision history for this message
Koen Dierckx (dierckxk) wrote :
Download full text (17.1 KiB)

I couldn't get it to generate a coredump. But I ran it with valgrind
Hope this helps

valgrind -v /usr/sbin/gssproxy --interactive --debug --debug-level=3 --socket=/run/gssproxy.sock
==29249== Memcheck, a memory error detector
==29249== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==29249== Using Valgrind-3.15.0-608cb11914-20190413 and LibVEX; rerun with -h for copyright info
==29249== Command: /usr/sbin/gssproxy --interactive --debug --debug-level=3 --socket=/run/gssproxy.sock
==29249==
--29249-- Valgrind options:
--29249-- -v
--29249-- Contents of /proc/version:
--29249-- Linux version 5.4.0-74-generic (buildd@lgw01-amd64-038) (gcc version 9.3.0 (Ubuntu 9.3.0-17ubuntu1~20.04)) #83-Ubuntu SMP Sat May 8 02:35:39 UTC 2021
--29249--
--29249-- Arch and hwcaps: AMD64, LittleEndian, amd64-cx16-lzcnt-rdtscp-sse3-ssse3-avx-avx2-rdrand
--29249-- Page sizes: currently 4096, max supported 4096
--29249-- Valgrind library directory: /usr/lib/x86_64-linux-gnu/valgrind
--29249-- Reading syms from /usr/sbin/gssproxy
--29249-- object doesn't have a symbol table
--29249-- Reading syms from /usr/lib/x86_64-linux-gnu/ld-2.31.so
--29249-- Considering /usr/lib/x86_64-linux-gnu/ld-2.31.so ..
--29249-- .. CRC mismatch (computed 975d0390 wanted 30bd717f)
--29249-- Considering /lib/x86_64-linux-gnu/ld-2.31.so ..
--29249-- .. CRC mismatch (computed 975d0390 wanted 30bd717f)
--29249-- Considering /usr/lib/debug/lib/x86_64-linux-gnu/ld-2.31.so ..
--29249-- .. CRC is valid
--29249-- Reading syms from /usr/lib/x86_64-linux-gnu/valgrind/memcheck-amd64-linux
--29249-- object doesn't have a symbol table
--29249-- object doesn't have a dynamic symbol table
--29249-- Scheduler: using generic scheduler lock implementation.
--29249-- Reading suppressions file: /usr/lib/x86_64-linux-gnu/valgrind/default.supp
==29249== embedded gdbserver: reading from /tmp/vgdb-pipe-from-vgdb-to-29249-by-root-on-???
==29249== embedded gdbserver: writing to /tmp/vgdb-pipe-to-vgdb-from-29249-by-root-on-???
==29249== embedded gdbserver: shared mem /tmp/vgdb-pipe-shared-mem-vgdb-29249-by-root-on-???
==29249==
==29249== TO CONTROL THIS PROCESS USING vgdb (which you probably
==29249== don't want to do, unless you know exactly what you're doing,
==29249== or are doing some strange experiment):
==29249== /usr/lib/x86_64-linux-gnu/valgrind/../../bin/vgdb --pid=29249 ...command...
==29249==
==29249== TO DEBUG THIS PROCESS USING GDB: start GDB like this
==29249== /path/to/gdb /usr/sbin/gssproxy
==29249== and then give GDB the following command
==29249== target remote | /usr/lib/x86_64-linux-gnu/valgrind/../../bin/vgdb --pid=29249
==29249== --pid is optional if only one valgrind process is running
==29249==
--29249-- REDIR: 0x4022e10 (ld-linux-x86-64.so.2:strlen) redirected to 0x580c9ce2 (???)
--29249-- REDIR: 0x4022be0 (ld-linux-x86-64.so.2:index) redirected to 0x580c9cfc (???)
--29249-- Reading syms from /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_core-amd64-linux.so
--29249-- object doesn't have a symbol table
--29249-- Reading syms from /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so
--29249-- object doesn't have a symbol t...

Revision history for this message
Koen Dierckx (dierckxk) wrote :

gssproxy/focal,now 0.8.2-2 amd64 [installed]
libselinux1/focal,now 3.0-1build2 amd64 [installed,automatic]

Sergio Durigan Junior (sergiodj)
Changed in gssproxy (Ubuntu):
status: Confirmed → In Progress
assignee: nobody → Sergio Durigan Junior (sergiodj)
importance: Undecided → Medium
Changed in krb5 (Ubuntu):
status: Confirmed → Invalid
no longer affects: krb5 (Ubuntu)
no longer affects: krb5 (Ubuntu Focal)
no longer affects: krb5 (Ubuntu Hirsute)
Changed in libselinux (Ubuntu):
status: Confirmed → Invalid
Changed in libselinux (Ubuntu Focal):
status: New → Invalid
Changed in libselinux (Ubuntu Hirsute):
status: New → Invalid
Changed in gssproxy (Ubuntu Focal):
status: New → In Progress
Changed in gssproxy (Ubuntu Hirsute):
status: New → In Progress
Changed in gssproxy (Ubuntu Focal):
assignee: nobody → Sergio Durigan Junior (sergiodj)
Changed in gssproxy (Ubuntu Hirsute):
assignee: nobody → Sergio Durigan Junior (sergiodj)
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

I am taking care of this one.

It is important to mention that this could arguably be considered to be a bug on libselinux, given that it shouldn't dereference pointers without checking first (especially pointers that were passed to the library by its clients). However, in this case it makes sense to fix this in gssproxy as well.

description: updated
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

The upstream bug is here: https://pagure.io/gssproxy/issue/256

The patch is here: https://github.com/gssapi/gssproxy/commit/3b77666d463105fc485c0f269feaf0ed1061a769

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

I removed the krb5 component because the bug is not in it.

Revision history for this message
Koen Dierckx (dierckxk) wrote :

I can confirm that manual build and install of gssproxy 0.8.4 works on my ubuntu 20.04 server.
(that version has the patch mentioned above)

gssproxy solves my original issue of rpc-svcgssd hanging on large kerberos tickets https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/1466654

Hopefully this patch find its way fast through the official ubuntu release channel

Revision history for this message
Timo Aaltonen (tjaalton) wrote : Please test proposed package

Hello Robert, or anyone else affected,

Accepted gssproxy into hirsute-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/gssproxy/0.8.2-2ubuntu0.21.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-hirsute to verification-done-hirsute. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-hirsute. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in gssproxy (Ubuntu Hirsute):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-hirsute
Changed in gssproxy (Ubuntu Focal):
status: In Progress → Fix Committed
tags: added: verification-needed-focal
Revision history for this message
Timo Aaltonen (tjaalton) wrote :

Hello Robert, or anyone else affected,

Accepted gssproxy into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/gssproxy/0.8.2-2ubuntu0.20.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Revision history for this message
Brian Murray (brian-murray) wrote : [gssproxy/focal] verification still needed

The fix for this bug has been awaiting testing feedback in the -proposed repository for focal for more than 90 days. Please test this fix and update the bug appropriately with the results. In the event that the fix for this bug is still not verified 15 days from now, the package will be removed from the -proposed repository.

tags: added: removal-candidate
Revision history for this message
Koen Dierckx (dierckxk) wrote :

Just tested the proposed gssproxy fix, and can confirm that it solved the issue
Tested on Ubuntu Focal (20.04)

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Performing the verification for Focal.

First, install the problematic package and reproduce the error:

# apt policy gssproxy
gssproxy:
  Installed: 0.8.2-2
  Candidate: 0.8.2-2
  Version table:
 *** 0.8.2-2 500
        500 http://archive.ubuntu.com/ubuntu focal/universe amd64 Packages
        100 /var/lib/dpkg/status
# /usr/sbin/gssproxy --interactive --debug --debug-level=3 --socket=/run/gssproxy.sock
[2021/10/04 18:30:15]: Debug Enabled (level: 3)
[2021/10/04 18:30:15]: Keytab /etc/krb5.keytab has no content (-1765328203)
[2021/10/04 18:30:15]: Service: nfs-server, Enckey: [ephemeral], Enctype: 18
[2021/10/04 18:30:15]: Client [2021/10/04 18:30:15]: (/usr/sbin/gssproxy) [2021/10/04 18:30:15]: connected (fd = 12)[2021/10/04 18:30:15]: (pid = 1877) (uid = 0) (gid = 0)Segmentation fault (core dumped)

Now, install the version from -proposed and verify that it works correctly:

# apt install gssproxy
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be upgraded:
  gssproxy
1 upgraded, 0 newly installed, 0 to remove and 13 not upgraded.
Need to get 88.4 kB of archives.
After this operation, 0 B of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu focal-proposed/universe amd64 gssproxy amd64 0.8.2-2ubuntu0.20.04.1 [88.4 kB]
Fetched 88.4 kB in 0s (224 kB/s)
(Reading database ... 15068 files and directories currently installed.)
Preparing to unpack .../gssproxy_0.8.2-2ubuntu0.20.04.1_amd64.deb ...
Unpacking gssproxy (0.8.2-2ubuntu0.20.04.1) over (0.8.2-2) ...
Setting up gssproxy (0.8.2-2ubuntu0.20.04.1) ...
# apt policy gssproxy
gssproxy:
  Installed: 0.8.2-2ubuntu0.20.04.1
  Candidate: 0.8.2-2ubuntu0.20.04.1
  Version table:
 *** 0.8.2-2ubuntu0.20.04.1 500
        500 http://archive.ubuntu.com/ubuntu focal-proposed/universe amd64 Packages
        100 /var/lib/dpkg/status
     0.8.2-2 500
        500 http://archive.ubuntu.com/ubuntu focal/universe amd64 Packages
# /usr/sbin/gssproxy --interactive --debug --debug-level=3 --socket=/run/gssproxy.sock
[2021/10/04 18:31:59]: Debug Enabled (level: 3)
[2021/10/04 18:31:59]: Keytab /etc/krb5.keytab has no content (-1765328203)
[2021/10/04 18:31:59]: Service: nfs-server, Enckey: [ephemeral], Enctype: 18
[2021/10/04 18:31:59]: Client [2021/10/04 18:31:59]: (/usr/sbin/gssproxy) [2021/10/04 18:31:59]: connected (fd = 12)[2021/10/04 18:31:59]: (pid = 2244) (uid = 0) (gid = 0)[2021/10/04 18:31:59]:
^C[2021/10/04 18:32:10]: Exiting after receiving a signal

Therefore, the new package indeed fixes the problem.

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Performing the verification for Hirsute.

First, install the problematic package and reproduce the error:

# apt policy gssproxy
gssproxy:
  Installed: 0.8.2-2
  Candidate: 0.8.2-2
  Version table:
 *** 0.8.2-2 500
        500 http://archive.ubuntu.com/ubuntu hirsute/universe amd64 Packages
        100 /var/lib/dpkg/status
# /usr/sbin/gssproxy --interactive --debug --debug-level=3 --socket=/run/gssproxy.sock
[2021/10/04 18:34:27]: Debug Enabled (level: 3)
[2021/10/04 18:34:27]: Keytab /etc/krb5.keytab has no content (-1765328203)
[2021/10/04 18:34:27]: Service: nfs-server, Enckey: [ephemeral], Enctype: 18
[2021/10/04 18:34:27]: Client [2021/10/04 18:34:27]: (/usr/sbin/gssproxy) [2021/10/04 18:34:27]: connected (fd = 12)[2021/10/04 18:34:27]: (pid = 1676) (uid = 0) (gid = 0)Segmentation fault (core dumped)

Now, install the version from -proposed and verify that it works correctly:

# apt install gssproxy
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following packages will be upgraded:
  gssproxy
1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 88.0 kB of archives.
After this operation, 13.3 kB disk space will be freed.
Get:1 http://archive.ubuntu.com/ubuntu hirsute-proposed/universe amd64 gssproxy amd64 0.8.2-2ubuntu0.21.04.1 [88.0 kB]
Fetched 88.0 kB in 0s (236 kB/s)
(Reading database ... 15225 files and directories currently installed.)
Preparing to unpack .../gssproxy_0.8.2-2ubuntu0.21.04.1_amd64.deb ...
Unpacking gssproxy (0.8.2-2ubuntu0.21.04.1) over (0.8.2-2) ...
Setting up gssproxy (0.8.2-2ubuntu0.21.04.1) ...
# apt policy gssproxy
gssproxy:
  Installed: 0.8.2-2ubuntu0.21.04.1
  Candidate: 0.8.2-2ubuntu0.21.04.1
  Version table:
 *** 0.8.2-2ubuntu0.21.04.1 500
        500 http://archive.ubuntu.com/ubuntu hirsute-proposed/universe amd64 Packages
        100 /var/lib/dpkg/status
     0.8.2-2 500
        500 http://archive.ubuntu.com/ubuntu hirsute/universe amd64 Packages
# /usr/sbin/gssproxy --interactive --debug --debug-level=3 --socket=/run/gssproxy.sock
[2021/10/04 18:35:20]: Debug Enabled (level: 3)
[2021/10/04 18:35:20]: Keytab /etc/krb5.keytab has no content (-1765328203)
[2021/10/04 18:35:20]: Service: nfs-server, Enckey: [ephemeral], Enctype: 18
[2021/10/04 18:35:20]: Client [2021/10/04 18:35:20]: (/usr/sbin/gssproxy) [2021/10/04 18:35:20]: connected (fd = 12)[2021/10/04 18:35:20]: (pid = 2029) (uid = 0) (gid = 0)[2021/10/04 18:35:20]:
^C[2021/10/04 18:35:24]: Exiting after receiving a signal

Therefore, the new package indeed fixes the problem.

tags: added: verification-done-focal verification-done-hirsute
removed: verification-needed verification-needed-focal verification-needed-hirsute
tags: removed: removal-candidate
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gssproxy - 0.8.2-2ubuntu0.21.04.1

---------------
gssproxy (0.8.2-2ubuntu0.21.04.1) hirsute; urgency=medium

  * d/p/0001-Fix-handling-of-selinux-context-when-NULL.patch:
    Fix handling of SELinux context when NULL. Do not segfault
    when gssproxy is called by rpc.gssd. (LP: #1788459)

 -- Sergio Durigan Junior <email address hidden> Wed, 30 Jun 2021 14:44:13 -0400

Changed in gssproxy (Ubuntu Hirsute):
status: Fix Committed → Fix Released
Revision history for this message
Brian Murray (brian-murray) wrote : Update Released

The verification of the Stable Release Update for gssproxy has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gssproxy - 0.8.2-2ubuntu0.20.04.1

---------------
gssproxy (0.8.2-2ubuntu0.20.04.1) focal; urgency=medium

  * d/p/0001-Fix-handling-of-selinux-context-when-NULL.patch:
    Fix handling of SELinux context when NULL. Do not segfault
    when gssproxy is called by rpc.gssd. (LP: #1788459)

 -- Sergio Durigan Junior <email address hidden> Wed, 30 Jun 2021 13:33:56 -0400

Changed in gssproxy (Ubuntu Focal):
status: Fix Committed → Fix Released
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

This bug doesn't apply to Impish.

Changed in gssproxy (Ubuntu):
status: In Progress → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.