pkg/56347: security/p5-GSSAPI does not identfy Kerberos implementation tn Darwin

To: pkg-manager%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,pkgsrc-bugs%netbsd.org@localhost
Subject: pkg/56347: security/p5-GSSAPI does not identfy Kerberos implementation tn Darwin
From: kovert%omniscient.com@localhost
Date: Wed, 4 Aug 2021 17:25:00 +0000 (UTC)

>Number:         56347
>Category:       pkg
>Synopsis:       security/p5-GSSAPI does not identfy Kerberos implementation on Darwin
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Aug 04 17:25:00 +0000 2021
>Originator:     Todd Kover
>Release:        Darwin 20.6.0
>Organization:
Omniscient Technologies
>Environment:
	Big Sur, pretty vanilla pkgsrc build of www/p5-LWP-Authen-Negotiate
Architecture: x86_64
Machine: amd64
>Description:
	p5-GSSAPI fails to identify that the underlying Kerberos implementation
	is heimdal because krb5-config does not include the string "heimdal"
	on Darwin, and ultimately causes pain upwards in things that use the
	module, typically with several layers of indirection.

	This is likely the root of an (unanswered) bug reported in 2013: https://sourceforge.net/p/perlgssapi/mailman/perlgssapi-developer/thread/CAMoQMJqFVYWR7pprT-dauNcXAoBpAykWYs%3DNW9kT0a%3DCQM03WA%40mail.gmail.com/#msg31410373

	There hasn't been a release since 2010, so I didn't bother reporting
	this upstream or digging deeper to see if there were other bugs.

>How-To-Repeat:
	Setup a webserver that uses negotiate for authentication

	cat  >negotiate-dance.pl <<EOF
	#!/usr/bin/env perl

	use LWP::UserAgent;
	my $ua = LWP::UserAgent->new;
	my $res = $ua->get('https:://example.com/negotiate');
	printf "%s\n", ($res->is_success) ? $res->content : $res->status_line;
	EOF
	chmod +x negotiate-dance.pl

	run on darwin.  Watch it crash on the $ua->get:

	[transient:549 ~] ./negotiate-dance.pl
	perl(51402,0x105ae7e00) malloc: *** error for object 0x7fff2d7c022c: pointer being freed was not allocated
	perl(51402,0x105ae7e00) malloc: *** set a breakpoint in malloc_error_break to debug
	Abort trap: 6

>Fix:
        This fix is a hack but it is good enough considering the upstream
        state.
Index: Makefile
===================================================================
RCS file: /cvsroot/pkgsrc/security/p5-GSSAPI/Makefile,v
retrieving revision 1.22
diff -u -r1.22 Makefile
--- Makefile	24 May 2021 19:54:03 -0000	1.22
+++ Makefile	4 Aug 2021 17:00:37 -0000
@@ -15,6 +15,11 @@
 PERL5_PACKLIST=	auto/GSSAPI/.packlist
 MAKE_PARAMS+=	--gssapiimpl=${KRB5BASE}
 
+.include "../../mk/bsd.prefs.mk"
+.if ${OPSYS} == "Darwin"
+CFLAGS += -DHEIMDAL
+.endif
+
 .include "../../lang/perl5/module.mk"
 .include "../../mk/krb5.buildlink3.mk"
 .include "../../mk/pthread.buildlink3.mk"

Prev by Date: PR/56337 CVS commit: pkgsrc/mk/compiler
Next by Date: Re: pkg/56347 (security/p5-GSSAPI does not identfy Kerberos implementation on Darwin)
Previous by Thread: PR/56337 CVS commit: pkgsrc/mk/compiler
Next by Thread: Re: pkg/56347 (security/p5-GSSAPI does not identfy Kerberos implementation on Darwin)
Indexes:

Home | Main Index | Thread Index | Old Index