Bug 816123

Summary: samba's use of (private) krb5_locate_kdc() broken by krb5-1.10
Product: Red Hat Enterprise Linux 6 Reporter: Guenther Deschner <gdeschner>
Component: sambaAssignee: Guenther Deschner <gdeschner>
Status: CLOSED ERRATA QA Contact: Martin Cermak <mcermak>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.3CC: ajax, asn, azelinka, gdeschner, jlayton, kevin, mcermak, prc, rdieter, sbose, ssorce
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: samba-3.5.10-124.el6 Doc Type: Bug Fix
Doc Text:
Cause: An update of the system Kerberos library to a recent version can make Samba binaries and libraries suddenly unusable because Samba was using a private library symbol. Consequence: Samba was no longer usable after an Kerberos update. Fix: Samba has been fixed to no longer use that private symbol. Result: Samba continues to operate when the Kerberos library has been updated.
 Story Points: ---
Clone Of: 754783 Environment:
Last Closed: 2012-06-20 13:50:19 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 754783    
Bug Blocks:    

Description Guenther Deschner 2012-04-25 10:13:32 UTC 
+++ This bug was initially created as a clone of Bug #754783 +++

Description of problem:

	/lib/libpthread.so.0
[ajax@f17 ~]$ ldd -r -u /usr/lib/libsmbclient.so.0 
     26483:	/usr/lib/libsmbclient.so.0: error: relocation error: symbol krb5_locate_kdc, version krb5_3_MIT not defined in file libkrb5.so.3 with link time reference (continued)
symbol krb5_locate_kdc, version krb5_3_MIT not defined in file libkrb5.so.3 with link time reference	(/usr/lib/libsmbclient.so.0)
Unused direct dependencies:
	linux-gate.so.1
[ajax@f17 ~]$ rpm -q libsmbclient krb5-libs
libsmbclient-3.6.1-75.fc17.i686
krb5-libs-1.10-0.fc17.alpha1.0.i686

Consequently, F17 builds that link against libsmbclient will fail because not all symbols resolve.

--- Additional comment from kevin.org on 2011-11-19 23:12:17 EST ---

… or they'll succeed, but without SMB support. :-/

xine-lib fails to detect libsmbclient because of this and just proceeds to build without it, though the file list in the RPM is strict enough so the missing plugin will fail the build.

Either way, this is going to break a lot of things.

--- Additional comment from ajax on 2011-11-21 12:38:31 EST ---

samba-3.6.1-76.fc17 is a rebuild without this symbol:

http://koji.fedoraproject.org/koji/taskinfo?taskID=3530245

samba's configure magic checks for this symbol and compiles without it if it's not present, but that's probably a loss of functionality.  Simo assures me it's being investigated, but I'm leaving this bug open in the meantime until a proper fix is found.

--- Additional comment from asn on 2011-11-22 07:12:05 EST ---

Without it, the 'net lookup kdc <realm>' will not work. This gives the IP address of a KDC for the specified REALM.

There is no other use of this function.

--- Additional comment from updates on 2012-04-22 19:17:02 EDT ---

samba-3.6.4-83.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/samba-3.6.4-83.fc16

--- Additional comment from updates on 2012-04-24 10:56:23 EDT ---

Package samba-3.6.4-83.fc16:
* should fix your issue,
* was pushed to the Fedora 16 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing samba-3.6.4-83.fc16'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-6537/samba-3.6.4-83.fc16
then log in and leave karma (feedback).
Comment 1 RHEL Program Management 2012-04-25 13:50:57 UTC 
This request was evaluated by Red Hat Product Management for inclusion
in a Red Hat Enterprise Linux maintenance release. Product Management has 
requested further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed 
products. This request is not yet committed for inclusion in an Update release.
Comment 6 Martin Cermak 2012-05-03 14:56:46 UTC 
Comment#5 => VERIFIED
Comment 7 Guenther Deschner 2012-05-22 16:12:51 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Cause:
An update of the system Kerberos library to a recent version can make Samba
binaries and libraries suddenly unusable because Samba was using a private
library symbol.

Consequence:
Samba was no longer usable after an Kerberos update.

Fix:
Samba has been fixed to no longer use that private symbol.

Result:
Samba continues to operate when the Kerberos library has been updated.
Comment 9 errata-xmlrpc 2012-06-20 13:50:19 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0850.html