Re: Bug#453241: still broken (and partly openssh's fault)

[Richard A Nelson <cowboy@debian.org>]

On Mon, 21 Apr 2008, Russ Allbery wrote:

> I spent an hour this evening tracking this down.  The problem is that
> Heimdal isn't using symbol versioning in its shared libraries.
> libpam-heimdal therefore binds to unversioned symbols, which works fine if
> the calling program doesn't load any other Kerberos library.  However,
> OpenSSH is linked with MIT Kerberos, and therefore at run time the
> unversioned libpam-heimdal symbols are bound to the MIT Kerberos version
> of libkrb5 which is already loaded in memory and chaos ensues.  valgrind
> was the debugging tool that finally gave me the necessary clue.  The
> segfault kept showing up with backtraces inside libkrb5.3.3 instead of
> libkrb5.24.0.0.

Thanks for the effort - and the education,  I've used valgrind, but
never for something like this

> This is a bug in the Debian Heimdal packages, I believe.  They used to use
> symbol versioning precisely because of this problem; see Bug#205592 which
> was closed in 0.6-4.  It looks like that was lost or dropped somewhere
> along the way.

Most likely with the recent bump to the 1.x series - looks like a big
source and packaging change; I ran into another fallout of the packaging
change (already fixed)

> I'm copying Brian May on this.  I think the bug should probably be
> reassigned to the heimdal source package.

Reassigned...   Fortunately, there aren't that many packages that depend
upon Heimdal, as they'll all need rebuilding after Heimdal is updated.

--
Rick Nelson
Life'll kill ya                         -- Warren Zevon
Then you'll be dead                     -- Life'll kill ya