Your message dated Sat, 27 Jul 2019 18:25:41 +0000 with message-id <[email protected]> and subject line Bug#932144: Removed package(s) from unstable has caused the Debian Bug report #644157, regarding racoon: kerberos authentication when responder to windows causes segfault at end of phase 1 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 644157: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=644157 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: racoon Version: 1:0.8.0-8 Severity: normal Tags: upstream Dear Maintainer, Configured for kerberos authentication with Windows 2008R2. When sending traffic from windows to linux a segfault is raised. Windows is configured with an additional setting of ESP and AH with AES-128 and SHA-1 first. 2011-10-04 00:46:53: DEBUG: begin. 2011-10-04 00:46:53: DEBUG: seen nptype=2(prop) 2011-10-04 00:46:53: DEBUG: succeed. 2011-10-04 00:46:53: DEBUG: proposal #1 len=108 2011-10-04 00:46:53: DEBUG: begin. 2011-10-04 00:46:53: DEBUG: seen nptype=3(trns) 2011-10-04 00:46:53: DEBUG: seen nptype=3(trns) 2011-10-04 00:46:53: DEBUG: succeed. 2011-10-04 00:46:53: DEBUG: transform #1 len=52 2011-10-04 00:46:53: DEBUG: type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC 2011-10-04 00:46:53: DEBUG: encryption(aes) 2011-10-04 00:46:53: DEBUG: type=Key Length, flag=0x8000, lorv=128 2011-10-04 00:46:53: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=SHA 2011-10-04 00:46:53: DEBUG: hash(sha1) 2011-10-04 00:46:53: DEBUG: type=Group Description, flag=0x8000, lorv=1024-bit MODP group 2011-10-04 00:46:53: DEBUG: hmac(modp1024) 2011-10-04 00:46:53: DEBUG: type=Authentication Method, flag=0x8000, lorv=XAuth pskey client 2011-10-04 00:46:53: DEBUG: type=Life Type, flag=0x8000, lorv=seconds 2011-10-04 00:46:53: DEBUG: type=Life Duration, flag=0x0000, lorv=4 2011-10-04 00:46:53: DEBUG: type=GSS-API endpoint name, flag=0x0000, lorv=8 2011-10-04 00:46:53: DEBUG: transform #2 len=48 2011-10-04 00:46:53: DEBUG: type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC 2011-10-04 00:46:53: DEBUG: encryption(3des) 2011-10-04 00:46:53: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=SHA 2011-10-04 00:46:53: DEBUG: hash(sha1) 2011-10-04 00:46:53: DEBUG: type=Group Description, flag=0x8000, lorv=1024-bit MODP group 2011-10-04 00:46:53: DEBUG: hmac(modp1024) 2011-10-04 00:46:53: DEBUG: type=Authentication Method, flag=0x8000, lorv=XAuth pskey client 2011-10-04 00:46:53: DEBUG: type=Life Type, flag=0x8000, lorv=seconds 2011-10-04 00:46:53: DEBUG: type=Life Duration, flag=0x0000, lorv=4 2011-10-04 00:46:53: DEBUG: type=GSS-API endpoint name, flag=0x0000, lorv=8 2011-10-04 00:46:53: DEBUG: pair 1: 2011-10-04 00:46:53: DEBUG: 0x7f9d34e071b0: next=(nil) tnext=0x7f9d34e071e0 2011-10-04 00:46:53: DEBUG: 0x7f9d34e071e0: next=(nil) tnext=(nil) 2011-10-04 00:46:53: DEBUG: proposal #1: 2 transform 2011-10-04 00:46:53: DEBUG: type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC 2011-10-04 00:46:53: DEBUG: type=Key Length, flag=0x8000, lorv=128 2011-10-04 00:46:53: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=SHA 2011-10-04 00:46:53: DEBUG: type=Group Description, flag=0x8000, lorv=1024-bit MODP group 2011-10-04 00:46:53: DEBUG: type=Authentication Method, flag=0x8000, lorv=XAuth pskey client 2011-10-04 00:46:53: DEBUG: type=Life Type, flag=0x8000, lorv=seconds 2011-10-04 00:46:53: DEBUG: type=Life Duration, flag=0x0000, lorv=4 2011-10-04 00:46:53: DEBUG: type=GSS-API endpoint name, flag=0x0000, lorv=8 2011-10-04 00:46:53: DEBUG: received gss id 'IKE' (len 4) 2011-10-04 00:46:53: DEBUG: prop#=1, prot-id=ISAKMP, spi-size=0, #trns=2 2011-10-04 00:46:53: DEBUG: trns#=1, trns-id=IKE 2011-10-04 00:46:53: DEBUG: lifetime = 28800 2011-10-04 00:46:53: DEBUG: lifebyte = 0 2011-10-04 00:46:53: DEBUG: enctype = AES-CBC 2011-10-04 00:46:53: DEBUG: encklen = 128 2011-10-04 00:46:53: DEBUG: hashtype = SHA 2011-10-04 00:46:53: DEBUG: authmethod = GSS-API on Kerberos 5 2011-10-04 00:46:53: DEBUG: dh_group = 1024-bit MODP group 2011-10-04 00:46:53: [172.22.22.111] DEBUG2: Checking remote conf "anonymous" anonymous. 2011-10-04 00:46:53: DEBUG2: enumrmconf: "anonymous" matches. 2011-10-04 00:46:53: DEBUG2: checkisakmpsa: authmethod: 130537 / 130537 2011-10-04 00:46:53: DEBUG: an acceptable proposal found. 2011-10-04 00:46:53: DEBUG: hmac(modp1024) 2011-10-04 00:46:53: DEBUG: gss id in new sa 'wheezy1$@XXXXXX' line 692 from src/racoon/gssapi.c has a null value for iph1->rmconf vchar_t * gssapi_get_id(struct ph1handle *iph1) { gss_buffer_desc id_buffer; gss_buffer_t id = &id_buffer; gss_name_t defname, canon_name; OM_uint32 min_stat, maj_stat; vchar_t *vmbuf; if (iph1->rmconf->proposal->gssid != NULL) return (vdup(iph1->rmconf->proposal->gssid)); from src/racoon/ipsec_doi.c I think check for iph1->rmconf doesn't account for being the responder. 276 if (iph1->rmconf != NULL) { 277 if (get_ph1approvalx(iph1->rmconf, &ctx)) 278 goto found; 279 } else { 280 if (enumrmconf(&rmsel, get_ph1approvalx, &ctx)) 281 goto found; 282 } which causes a later call to gssapi_get_id() with a null rmconf at line 327. 315 #ifdef HAVE_GSSAPI 316 if (sa->gssid != NULL) 317 plog(LLV_DEBUG, LOCATION, NULL, "gss id in new sa '%.*s'\n", 318 (int)sa->gssid->l, sa->gssid->v); 319 if (iph1->side == INITIATOR) { 320 if (iph1->rmconf->proposal->gssid != NULL) 321 iph1->gi_i = vdup(iph1->rmconf->proposal->gssid); 322 if (sa->gssid != NULL) 323 iph1->gi_r = vdup(sa->gssid); 324 } else { 325 if (sa->gssid != NULL) { 326 iph1->gi_r = vdup(sa->gssid); 327 iph1->gi_i = gssapi_get_id(iph1); 328 } 329 } -- System Information: Debian Release: wheezy/sid Architecture: amd64 (x86_64) Kernel: Linux 2.6.39-2-amd64 (SMP w/1 CPU core) Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages racoon depends on: ii debconf [debconf-2.0] 1.5.40 ii ipsec-tools 1:0.8.0-8 ii libc6 2.13-21 ii libcomerr2 1.42~WIP-2011-07-02-1 ii libgssapi-krb5-2 1.9.1+dfsg-1+b1 ii libk5crypto3 1.9.1+dfsg-1+b1 ii libkrb5-3 1.9.1+dfsg-1+b1 ii libldap-2.4-2 2.4.25-3 ii libpam0g 1.1.3-2 ii libssl1.0.0 1.0.0e-2 ii perl 5.12.4-4 racoon recommends no packages. racoon suggests no packages. -- Configuration Files: /etc/racoon/psk.txt [Errno 13] Permission denied: u'/etc/racoon/psk.txt' /etc/racoon/racoon.conf changed: log info; remote anonymous { exchange_mode main; lifetime time 480 minute; proposal { encryption_algorithm aes; hash_algorithm sha1; authentication_method gssapi_krb; gss_id "wheezy1$@XXXX"; dh_group 2; } } sainfo anonymous { lifetime time 60 minute; encryption_algorithm aes; authentication_algorithm hmac_sha1; compression_algorithm deflate; } /etc/ipsec-tools.conf changed: #!/usr/sbin/setkey -f flush; spdflush; ## security policy spdadd 172.22.22.111 172.22.22.123 any -P in ipsec esp/transport//require ah/transport//require; spdadd 172.22.22.123 172.22.22.111 any -P out ipsec esp/transport//require ah/transport//require; -- debconf information: * racoon/config_mode: direct
--- End Message ---
--- Begin Message ---Version: 1:0.8.2+20140711-12+rm Dear submitter, as the package ipsec-tools has just been removed from the Debian archive unstable we hereby close the associated bug reports. We are sorry that we couldn't deal with your issue properly. For details on the removal, please see https://bugs.debian.org/932144 The version of this package that was in Debian prior to this removal can still be found using http://snapshot.debian.org/. This message was generated automatically; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]. Debian distribution maintenance software pp. Scott Kitterman (the ftpmaster behind the curtain)
--- End Message ---
