NetBSD Problem Report #56347

From  Wed Aug  4 17:22:40 2021
Return-Path: <>
Received: from ( [])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	(Client CN "", Issuer " CA" (not verified))
	by (Postfix) with ESMTPS id 8379F1A921F
	for <>; Wed,  4 Aug 2021 17:22:40 +0000 (UTC)
Message-Id: <>
Date: Wed, 4 Aug 2021 13:22:30 -0400 (EDT)
Subject: security/p5-GSSAPI does not identfy Kerberos implementation tn Darwin
X-Send-Pr-Version: 3.95

>Number:         56347
>Category:       pkg
>Synopsis:       security/p5-GSSAPI does not identfy Kerberos implementation on Darwin
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    markd
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Aug 04 17:25:00 +0000 2021
>Last-Modified:  Wed Aug 04 19:39:58 +0000 2021
>Originator:     Todd Kover
>Release:        Darwin 20.6.0
Omniscient Technologies
	Big Sur, pretty vanilla pkgsrc build of www/p5-LWP-Authen-Negotiate
Architecture: x86_64
Machine: amd64
	p5-GSSAPI fails to identify that the underlying Kerberos implementation
	is heimdal because krb5-config does not include the string "heimdal"
	on Darwin, and ultimately causes pain upwards in things that use the
	module, typically with several layers of indirection.

	This is likely the root of an (unanswered) bug reported in 2013:

	There hasn't been a release since 2010, so I didn't bother reporting
	this upstream or digging deeper to see if there were other bugs.

	Setup a webserver that uses negotiate for authentication

	cat  > <<EOF
	#!/usr/bin/env perl

	use LWP::UserAgent;
	my $ua = LWP::UserAgent->new;
	my $res = $ua->get('https:://');
	printf "%s\n", ($res->is_success) ? $res->content : $res->status_line;
	chmod +x

	run on darwin.  Watch it crash on the $ua->get:

	[transient:549 ~] ./
	perl(51402,0x105ae7e00) malloc: *** error for object 0x7fff2d7c022c: pointer being freed was not allocated
	perl(51402,0x105ae7e00) malloc: *** set a breakpoint in malloc_error_break to debug
	Abort trap: 6

        This fix is a hack but it is good enough considering the upstream
Index: Makefile
RCS file: /cvsroot/pkgsrc/security/p5-GSSAPI/Makefile,v
retrieving revision 1.22
diff -u -r1.22 Makefile
--- Makefile	24 May 2021 19:54:03 -0000	1.22
+++ Makefile	4 Aug 2021 17:00:37 -0000
@@ -15,6 +15,11 @@
 PERL5_PACKLIST=	auto/GSSAPI/.packlist
 MAKE_PARAMS+=	--gssapiimpl=${KRB5BASE}

+.include "../../mk/"
+.if ${OPSYS} == "Darwin"
 .include "../../lang/perl5/"
 .include "../../mk/"
 .include "../../mk/"



Responsible-Changed-From-To: pkg-manager->markd
Responsible-Changed-When: Wed, 04 Aug 2021 19:39:58 +0000
Over to maintainer.


NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD:,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.