** Bug watch added: Debian Bug tracker #1011249 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011249
** Also affects: cyrus-sasl2 (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011249 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu. https://bugs.launchpad.net/bugs/1973760 Title: Crash when using DIGEST-MD5 with SSF>=128 Status in cyrus-sasl2 package in Ubuntu: In Progress Status in cyrus-sasl2 package in Debian: Unknown Bug description: I'm still troubleshooting this, but at the moment apps negotiating a DIGEST-MD5 authentication and requesting some form of transport encryption (ssf != 0) are crashing. The only example I have so far is the openldap client tools (so just one app really). ssf=0 works: $ ldapwhoami -U ubuntu@lxd -w ubuntusecret -O maxssf=0 SASL/DIGEST-MD5 authentication started SASL username: ubuntu@lxd SASL SSF: 0 dn:uid=ubuntu@lxd,cn=vms,cn=digest-md5,cn=auth ssf=128 crashes: $ ldapwhoami -U ubuntu@lxd -w ubuntusecret -O maxssf=128 SASL/DIGEST-MD5 authentication started SASL username: ubuntu@lxd SASL SSF: 128 SASL data security layer installed. Segmentation fault (core dumped) The crash seems to be inside openssl. I'll get a proper stack trace. 2.1.27, also built with openssl3, does not crash. So far only 2.1.28 (in kinetic-proposed). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/1973760/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
