Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian....@packages.debian.org
Usertags: pu
X-Debbugs-Cc: aut...@packages.debian.org
Control: affects -1 + src:autofs
[ Reason ]
Fix hang on kerberos authenticated ldap. (See #1039967).
[ Impact ]
Autofs mounts hang autofs obtains its mounting rules from
kerberos-authenticated LDAP.
[ Tests ]
Tested by bug submitter, patch also applied in Ubuntu, no local instance
for fully testing this change, unfortunately. Patch sanctioned by upstream.
Ubuntu maintainer has also provided an autopkgtest rule to check this
issue in CI.
https://salsa.debian.org/debian/autofs/-/merge_requests/4
[ Risks ]
Users with autofs using kerberos-authenticated LDAP might observe regressions.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
+ * debian/patches:
+ + Add fix-missing-unlock-in-sasl-do-kinit-ext-cc.patch. Fix missing unlock
+ in sasl_do_kinit_ext_cc(). (Closes: #1039967).
[ Other info ]
None.
diff -Nru autofs-5.1.8/debian/changelog autofs-5.1.8/debian/changelog
--- autofs-5.1.8/debian/changelog 2023-05-19 10:25:31.000000000 +0200
+++ autofs-5.1.8/debian/changelog 2023-07-05 11:56:29.000000000 +0200
@@ -1,3 +1,11 @@
+autofs (5.1.8-2+deb12u1) bookworm; urgency=medium
+
+ * debian/patches:
+ + Add fix-missing-unlock-in-sasl-do-kinit-ext-cc.patch. Fix missing unlock
+ in sasl_do_kinit_ext_cc(). (Closes: #1039967).
+
+ -- Mike Gabriel <sunwea...@debian.org> Wed, 05 Jul 2023 11:56:29 +0200
+
autofs (5.1.8-2) unstable; urgency=medium
[ Mike Gabriel ]
diff -Nru
autofs-5.1.8/debian/patches/fix-missing-unlock-in-sasl-do-kinit-ext-cc.patch
autofs-5.1.8/debian/patches/fix-missing-unlock-in-sasl-do-kinit-ext-cc.patch
---
autofs-5.1.8/debian/patches/fix-missing-unlock-in-sasl-do-kinit-ext-cc.patch
1970-01-01 01:00:00.000000000 +0100
+++
autofs-5.1.8/debian/patches/fix-missing-unlock-in-sasl-do-kinit-ext-cc.patch
2023-07-05 11:56:18.000000000 +0200
@@ -0,0 +1,45 @@
+From b2571ed0df973a6dc6a8e661874655fa7cecdc37 Mon Sep 17 00:00:00 2001
+From: James Dingwall <james-aut...@dingwall.me.uk>
+Date: Wed, 20 Jul 2022 13:22:38 +0800
+Subject: autofs-5.1.8 - fix missing unlock in sasl_do_kinit_ext_cc()
+
+There is a missing mutex unlock in function sasl_do_kinit_ext_cc(),
+fix it.
+
+Signed-off-by: James Dingwall <james-aut...@dingwall.me.uk>
+Signed-off-by: Ian Kent <ra...@themaw.net>
+---
+# CHANGELOG | 1 +
+ modules/cyrus-sasl.c | 4 ++++
+ 2 files changed, 5 insertions(+)
+
+#diff --git a/CHANGELOG b/CHANGELOG
+#index 1f7c93a..e0b285d 100644
+#--- a/CHANGELOG
+#+++ b/CHANGELOG
+#@@ -27,6 +27,7 @@
+# - add autofs_strerror_r() helper for musl.
+# - update configure.
+# - handle innetgr() not present in musl.
+#+- fix missing unlock in sasl_do_kinit_ext_cc().
+#
+# 19/10/2021 autofs-5.1.8
+# - add xdr_exports().
+diff --git a/modules/cyrus-sasl.c b/modules/cyrus-sasl.c
+index ae046e0..738e363 100644
+--- a/modules/cyrus-sasl.c
++++ b/modules/cyrus-sasl.c
+@@ -721,6 +721,10 @@ sasl_do_kinit_ext_cc(unsigned logopt, struct
lookup_context *ctxt)
+
+ debug(logopt, "Kerberos authentication was successful!");
+
++ status = pthread_mutex_unlock(&krb5cc_mutex);
++ if (status)
++ fatal(status);
++
+ return 0;
+
+ out_cleanup_def_princ:
+--
+cgit
+
diff -Nru autofs-5.1.8/debian/patches/series autofs-5.1.8/debian/patches/series
--- autofs-5.1.8/debian/patches/series 2023-05-19 10:20:51.000000000 +0200
+++ autofs-5.1.8/debian/patches/series 2023-07-05 11:56:18.000000000 +0200
@@ -10,3 +10,4 @@
fix-lookup-ldap-crash.patch
fix-nfs4-mounts-in-auto-net.patch
fix-nfs4-only-mounts-should-not-use-rpcbind.patch
+fix-missing-unlock-in-sasl-do-kinit-ext-cc.patch
