[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

system/3810: 3.5-stable: gssapi.h missing after installing 009 security patch

To: gnats@openbsd.org
Subject: system/3810: 3.5-stable: gssapi.h missing after installing 009 security patch
From: ewen@naos.co.nz
Date: Sat, 5 Jun 2004 21:49:00 +1200 (NZST)
Cc: ewen@naos.co.nz
Resent-Date: Sat, 5 Jun 2004 04:00:03 -0600 (MDT)
Resent-From: gnats@cvs.openbsd.org (GNATS Filer)
Resent-Message-Id: <200406051000.i55A03JJ005483@cvs.openbsd.org>
Resent-Reply-To: gnats@cvs.openbsd.org, ewen@naos.co.nz
Resent-To: bugs@cvs.openbsd.org

>Number:         3810
>Category:       system
>Synopsis:       3.5-stable: gssapi.h missing after installing 009 security patch
>Confidential:   yes
>Severity:       non-critical
>Priority:       medium
>Responsible:    bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Jun 05 10:00:02 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator:     Ewen McNeill
>Release:        3.5 Stable
>Organization:
Naos Limited
>Environment:
	System      : OpenBSD 3.5
	Architecture: OpenBSD.sparc
	Machine     : sparc

>Description:

After installing erata 009 for OpenBSD 3.5, obtained from here:

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/009_kerberos.patch

several kerberosV related include files are missing, including:

/usr/include/kerberosV/gssapi.h

This means that certain packages which try to build against kerberosV
such as ssh (/usr/src/usr.bin/ssh) will not compile because they cannot
include the header file they require, and thus some source files (eg, 
gss-serv.c in the case of ssh) do not make sense.

The /usr/include/kerberosV/gssapi.h header file is removed by the 
"make includes" in /usr/src/lib/libkrb5 (which removes all of the
/usr/include/kerberosV tree recursively but doesn't reinstall everything
that is installed in that directory).

As far as I can see this will affect all 3.5-stable platforms, and
also -current (CVS appears to have HEAD and OPENBSD_3_5 on the same
version).

>How-To-Repeat:

Follow the first four instructions to rebuild the Kerberos V library
from the patch (URL above), viz:

	cd /usr/src/lib/libkrb5
	make obj
	make depend
	make includes

Then try to build ssh:
	cd /usr/src/usr.bin/ssh
	make obj
	make depend
	make

Observe that the compile fails due to a missing gssapi.h (and also that
warnings are emitted during the make depend stage for the same reason).

>Fix:
As a work around:

	cd /usr/src
	make includes

will reinstall all includes and get the system back to a state where
things relying on the the kerberosV libraries (such as ssh) can be 
built. 

A better fix would be to make the second step of the "includes"
target in /usr/src/lib/libkrb5/Makefile less brutal so that it doesn't
remove things that it isn't going to reinstall (and/or to ensure that
other related "make includes" are automatically run at the same stage
and/or to relocate the other includes somewhere else).

(It is not just gssapi.h that is affected; all of 
/usr/include/kerberosV/kadm5 also disappears at the same time.)


>Release-Note:
>Audit-Trail:
>Unformatted:

Prev by Date: Re: Can not access www.rootsweb.com, all others work
Next by Date: didn't go to college - that's ok we'll give you a diploma
Prev by thread: back pain, orthopaedic, accident,
Next by thread: didn't go to college - that's ok we'll give you a diploma
Index(es):
- Date
- Thread