From unknown Tue Jun 17 20:11:23 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#34632 <34632@debbugs.gnu.org> To: bug#34632 <34632@debbugs.gnu.org> Subject: Status: [PATCH 0/2] Change from GSS to MIT-KRB5. Reply-To: bug#34632 <34632@debbugs.gnu.org> Date: Wed, 18 Jun 2025 03:11:23 +0000 retitle 34632 [PATCH 0/2] Change from GSS to MIT-KRB5. reassign 34632 guix-patches submitter 34632 Marius Bakke severity 34632 normal tag 34632 patch thanks From debbugs-submit-bounces@debbugs.gnu.org Sat Feb 23 11:21:12 2019 Received: (at submit) by debbugs.gnu.org; 23 Feb 2019 16:21:12 +0000 Received: from localhost ([127.0.0.1]:49530 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gxa35-0000gJ-O9 for submit@debbugs.gnu.org; Sat, 23 Feb 2019 11:21:11 -0500 Received: from eggs.gnu.org ([209.51.188.92]:34525) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gxa33-0000g7-V2 for submit@debbugs.gnu.org; Sat, 23 Feb 2019 11:21:10 -0500 Received: from lists.gnu.org ([209.51.188.17]:44321) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gxa2y-0005zd-PD for submit@debbugs.gnu.org; Sat, 23 Feb 2019 11:21:04 -0500 Received: from eggs.gnu.org ([209.51.188.92]:48905) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gxa2x-0004r6-Um for guix-patches@gnu.org; Sat, 23 Feb 2019 11:21:04 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,URIBL_BLOCKED autolearn=disabled version=3.3.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gxa2x-0005yr-7j for guix-patches@gnu.org; Sat, 23 Feb 2019 11:21:03 -0500 Received: from wout2-smtp.messagingengine.com ([64.147.123.25]:46233) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gxa2w-0005o7-Fw for guix-patches@gnu.org; Sat, 23 Feb 2019 11:21:03 -0500 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.west.internal (Postfix) with ESMTP id C633D3249 for ; Sat, 23 Feb 2019 11:20:44 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute5.internal (MEProxy); Sat, 23 Feb 2019 11:20:44 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h= from:to:subject:date:message-id:mime-version :content-transfer-encoding; s=fm2; bh=dxVPDvsNqWV+py8Ph2Pr2AM17m D3Yg8WD5Bwy2X+9yk=; b=p+XVE1pPg0N20IOpEqbNX0i+CKfm7ykXZO7oboPMkK xIQ7VzePPG5jNFcGZYI8EsL+4X5CrgKwkADuplzYweTMUrcn6C6bWUPbYRn4BEUJ D4olc2sQdo/jafzYxd+GH15HnRCXn9tNbuCKeB+l10bkUrmAKvJ4cZlO+toCg4i/ A9q5dL22Lg0fsbngzmLLRjJsCNcrxkPcQrCOw8jUT6oJyljLji1xC7fxhYoNuFub d2NqwdxKVS5ObkKyFUVvjzN6CiYCHuPI5on9zTTeWKqioMobB011ebFwTBTerhok anMZ+yR2RsrU9CmGwNy/ONYjwfUZHPIvW449r8KHz/2g== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:date:from :message-id:mime-version:subject:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=dxVPDvsNqWV+py8Ph 2Pr2AM17mD3Yg8WD5Bwy2X+9yk=; b=F3nJU0NgvK+IZ0qkTmCHVxgSDaJDS0w0I rqJZnsCDZ1eGHx84ZIeaAxccdPmFLsxSFJ3M8kC6P3+VPZeYNkSvMKsYThvH5YZC I+i+Vb4qW5KL8fByVhWSp0mLdctAoyn5SsEItuZIX1CjiR4XCSt7qwhfdoEBrnLL AqG8DKC8OQkZkT+zc/cx0ZSPrTy7cCF2okADxt1VaJz9X8yUBoylvy0GbkZYbSI9 p6qs9yRIcNRBsuWYjZdXbRrTUbB907vSFK1iM41pxC7Y3gE2Db1VFO/j/PAPKBQG t+SfsaJ7nDvZLi3v8jMZG1+eZU7BKrEs0X7KLNPp5bGBaz/JieD1w== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedutddruddvgdekkeculddtuddrgedtledrtddtmd cutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfhuthen uceurghilhhouhhtmecufedttdenucenucfjughrpefhvffufffkofgggfestdekredtre dttdenucfhrhhomhepofgrrhhiuhhsuceurghkkhgvuceomhgsrghkkhgvsehfrghsthhm rghilhdrtghomheqnecuffhomhgrihhnpehgnhhurdhorhhgnecukfhppeeivddrudeird dvvdeirddugedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehmsggrkhhkvgesfhgrshht mhgrihhlrdgtohhmnecuvehluhhsthgvrhfuihiivgeptd X-ME-Proxy: Received: from localhost (140.226.16.62.customer.cdi.no [62.16.226.140]) by mail.messagingengine.com (Postfix) with ESMTPA id B169810318 for ; Sat, 23 Feb 2019 11:20:43 -0500 (EST) From: Marius Bakke To: guix-patches@gnu.org Subject: [PATCH 0/2] Change from GSS to MIT-KRB5. Date: Sat, 23 Feb 2019 17:20:42 +0100 Message-Id: <20190223162042.18168-1-mbakke@fastmail.com> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 64.147.123.25 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Spam-Score: 0.7 (/) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.3 (/) The GNU Generic Security Service and friends have been unmaintained for many years now: . Since these libraries are security-critical, it would be good to switch to maintained implementations. WDYT? Marius Bakke (2): gnu: gsasl: Use the MIT Kerberos implementation instead of GSS. gnu: curl: Build against MIT Kerberos instead of GSS. gnu/packages/curl.scm | 10 ++++++---- gnu/packages/gsasl.scm | 4 +++- 2 files changed, 9 insertions(+), 5 deletions(-) -- 2.20.1 From debbugs-submit-bounces@debbugs.gnu.org Sat Feb 23 11:23:48 2019 Received: (at 34632) by debbugs.gnu.org; 23 Feb 2019 16:23:48 +0000 Received: from localhost ([127.0.0.1]:49540 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gxa5c-0000kc-AT for submit@debbugs.gnu.org; Sat, 23 Feb 2019 11:23:48 -0500 Received: from wout2-smtp.messagingengine.com ([64.147.123.25]:52495) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gxa5a-0000kJ-IM for 34632@debbugs.gnu.org; Sat, 23 Feb 2019 11:23:47 -0500 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.west.internal (Postfix) with ESMTP id CB46C34E0 for <34632@debbugs.gnu.org>; Sat, 23 Feb 2019 11:23:40 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute5.internal (MEProxy); Sat, 23 Feb 2019 11:23:40 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h= from:to:subject:date:message-id:mime-version :content-transfer-encoding; s=fm2; bh=W2cpdPWB9OLjCB/lbGon+uXBk0 R5S+DxE+ZWXKIPaN8=; b=q0I+iO2YySvZzmzZzsXDtf6WDxDtIsd6fBSbAeWjjP 8SuIL8jZYtYgQSqWvHnT1ZFamOuCR1IFqZbNTSEn45OWkYMH/36op7gbUKjh1ggr obrC6pYBk8pyo5KW1VagHh6RA1+y4/L6tAaJLuFXlqcDg18z49hHjzUG2zvQtjqJ NnImQUy7kvEjU5lviXbP0+Itt/+2A2QmM5XGJ+Z6nkq8U4hc2SjIzHQpAfCaIl1C SQRyV+O1PXk666o9WFg8fd+75wdTa2+6M0bzNM/lmEzZJcydtoUr3gouu0QzCTVC /CC4zMKEx6GCoVWfv8s87Xuf1jm6jN8Gf++aQd5TkMVw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:date:from :message-id:mime-version:subject:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=W2cpdPWB9OLjCB/lb Gon+uXBk0R5S+DxE+ZWXKIPaN8=; b=uGXIxLa5g7M00Vph2Z9i0WNCN4XnH5eia JJrT14UoePYGXkFJ0p0nCdT3I4tNf+TZwCnB4Flo/QNVZ39dLH196bRkbMBraS3j K7FbExHghGXVFobFFeizTgXvk7v2Chl0gx4NVR/1zKDGWHE55jACBglSMPLLpwHx mlyh25oVOYl0kijgTTLG9Ebi2vasSSJeiyLLKO28Uq1E3LhlOyqyl+R9plwBADLK 9WFaO19TYCB/XSfM0NdbM19eJiQzNE9mq24cmpxWfR4PP5zXN1Ug7/SNh9ZG07PJ 1IU08mDeYFZdhwljpWFTKGbUQHz8CwOmib3UC/H3imjWglji6JoSQ== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedutddruddvgdekkeculddtuddrgedtledrtddtmd cutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfhuthen uceurghilhhouhhtmecufedttdenucenucfjughrpefhvffufffkofgggfestdekredtre dttdenucfhrhhomhepofgrrhhiuhhsuceurghkkhgvuceomhgsrghkkhgvsehfrghsthhm rghilhdrtghomheqnecukfhppeeivddrudeirddvvdeirddugedtnecurfgrrhgrmhepmh grihhlfhhrohhmpehmsggrkhhkvgesfhgrshhtmhgrihhlrdgtohhmnecuvehluhhsthgv rhfuihiivgeptd X-ME-Proxy: Received: from localhost (140.226.16.62.customer.cdi.no [62.16.226.140]) by mail.messagingengine.com (Postfix) with ESMTPA id 9ED80100E5 for <34632@debbugs.gnu.org>; Sat, 23 Feb 2019 11:23:39 -0500 (EST) From: Marius Bakke To: 34632@debbugs.gnu.org Subject: [PATCH 1/2] gnu: gsasl: Use the MIT Kerberos implementation instead of GSS. Date: Sat, 23 Feb 2019 17:23:37 +0100 Message-Id: <20190223162338.18429-1-mbakke@fastmail.com> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 34632 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) * gnu/packages/gsasl.scm (gsasl)[inputs]: Change from GSS to MIT-KRB5. [arguments]: New field. --- gnu/packages/gsasl.scm | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/gnu/packages/gsasl.scm b/gnu/packages/gsasl.scm index 127b476ef3..9296f3d80f 100644 --- a/gnu/packages/gsasl.scm +++ b/gnu/packages/gsasl.scm @@ -95,9 +95,11 @@ the underlying security implementation.") (("test-lock\\$\\(EXEEXT\\) ") "")) #t)))) (build-system gnu-build-system) + (arguments + `(#:configure-flags '("--with-gssapi-impl=mit"))) (inputs `(("libidn" ,libidn) ("libntlm" ,libntlm) - ("gss" ,gss) + ("mit-krb5" ,mit-krb5) ("zlib" ,zlib))) (propagated-inputs ;; Propagate GnuTLS because libgnutls.la reads `-lnettle', and Nettle is a -- 2.20.1 From debbugs-submit-bounces@debbugs.gnu.org Sat Feb 23 11:23:51 2019 Received: (at 34632) by debbugs.gnu.org; 23 Feb 2019 16:23:51 +0000 Received: from localhost ([127.0.0.1]:49542 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gxa5f-0000km-Ip for submit@debbugs.gnu.org; Sat, 23 Feb 2019 11:23:51 -0500 Received: from wout2-smtp.messagingengine.com ([64.147.123.25]:56135) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gxa5b-0000kL-KW for 34632@debbugs.gnu.org; Sat, 23 Feb 2019 11:23:48 -0500 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.west.internal (Postfix) with ESMTP id 24C3834F5 for <34632@debbugs.gnu.org>; Sat, 23 Feb 2019 11:23:42 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute5.internal (MEProxy); Sat, 23 Feb 2019 11:23:42 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h= from:to:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; s=fm2; bh=iAxPCQXz63O5u XhY6EwrUUQ1gWtskfjC4kBCn+e5YPM=; b=fNZK/cqaPaquut68p6AH20zABe8Vl jBgpp0fJjkyjpMgZDCkAPNWELeVM0hxwyo0BVZSHPexsQgmWQ1k6cTnwA3wPKO1K xSG4ZC2c19q19MyM6jT+LOS1B6xguKQ5GKYdb5EwZ7cRb2NxJvNrZDBqN8BP4U3v 1oSbEqaqmeBZdjxENhAWL7tRnuY8eiV84kuro6ct81w5EesMLn1ZtdLfVOW2vGau s3BOi8ciapYcJK79RGG/q7zT+bCC2IY/VxlR+4eBo+1BX6wBd+BPTGXWjKylwHo/ AwK5tIfCaUYIqDnVAGdIAsEwcDC+n6gP5kVQBou1gRUcel2JhZnKWdzeA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm2; bh=iAxPCQXz63O5uXhY6EwrUUQ1gWtskfjC4kBCn+e5YPM=; b=GMQwqbJO rltJ3FlaGFofCaqtEzlhvC98YerXJJ9hTFEL6HKA8zt0FX6fU62FpxMAsgoRLgB7 L31hDFBfce4EDFeDDA8vFIfmnaHKD8NM+jrhK+LtQhFrVuKPAkQZoWsqFvYi+JVO huCKXKWR4Svvb8oM92gMCzW71JJQE1IC9dd6MDelkilXXtoGmeTylUVCjMM3jZ8K +TJ66Iu97vxWUyi54gwu0tsS+O55yzGcDJX/cXhSeiMbDtRlrt0+lUjo2PqHScIU 3DZyBpynbfuQGAwR3Ij02TMOQWmoJnvrbEufiT+sGtCFrHkGTDdrrnIOHzTxZNTj LXveed4NULhhGg== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedutddruddvgdekkeculddtuddrgedtledrtddtmd cutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfhuthen uceurghilhhouhhtmecufedttdenucenucfjughrpefhvffufffkofgjfhgggfestdekre dtredttdenucfhrhhomhepofgrrhhiuhhsuceurghkkhgvuceomhgsrghkkhgvsehfrghs thhmrghilhdrtghomheqnecukfhppeeivddrudeirddvvdeirddugedtnecurfgrrhgrmh epmhgrihhlfhhrohhmpehmsggrkhhkvgesfhgrshhtmhgrihhlrdgtohhmnecuvehluhhs thgvrhfuihiivgeptd X-ME-Proxy: Received: from localhost (140.226.16.62.customer.cdi.no [62.16.226.140]) by mail.messagingengine.com (Postfix) with ESMTPA id 3C6A5100E5 for <34632@debbugs.gnu.org>; Sat, 23 Feb 2019 11:23:41 -0500 (EST) From: Marius Bakke To: 34632@debbugs.gnu.org Subject: [PATCH core-updates 2/2] gnu: curl: Build against MIT Kerberos instead of GSS. Date: Sat, 23 Feb 2019 17:23:38 +0100 Message-Id: <20190223162338.18429-2-mbakke@fastmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190223162338.18429-1-mbakke@fastmail.com> References: <20190223162338.18429-1-mbakke@fastmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 34632 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) * gnu/packages/curl.scm (curl)[inputs]: Change from GSS to MIT-KRB5. [arguments]: Adjust accordingly. --- gnu/packages/curl.scm | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm index b1b2b999a2..88abc6aabd 100644 --- a/gnu/packages/curl.scm +++ b/gnu/packages/curl.scm @@ -37,8 +37,8 @@ #:use-module (gnu packages compression) #:use-module (gnu packages golang) #:use-module (gnu packages groff) - #:use-module (gnu packages gsasl) #:use-module (gnu packages guile) + #:use-module (gnu packages kerberos) #:use-module (gnu packages libidn) #:use-module (gnu packages openldap) #:use-module (gnu packages perl) @@ -63,10 +63,10 @@ (outputs '("out" "doc")) ;1.2 MiB of man3 pages (inputs `(("gnutls" ,gnutls) - ("gss" ,gss) ("libidn" ,libidn) ("libssh2" ,libssh2) ("openldap" ,openldap) + ("mit-krb5" ,mit-krb5) ("nghttp2" ,nghttp2 "lib") ("zlib" ,zlib))) (native-inputs @@ -85,8 +85,10 @@ (separator #f) ;single entry (files '("etc/ssl/certs/ca-certificates.crt"))))) (arguments - `(#:configure-flags '("--with-gnutls" "--with-gssapi" - "--disable-static") + `(#:configure-flags (list "--with-gnutls" + (string-append "--with-gssapi=" + (assoc-ref %build-inputs "mit-krb5")) + "--disable-static") ;; Add a phase to patch '/bin/sh' occurances in tests/runtests.pl #:phases (modify-phases %standard-phases -- 2.20.1 From debbugs-submit-bounces@debbugs.gnu.org Mon Feb 25 23:58:23 2019 Received: (at 34632) by debbugs.gnu.org; 26 Feb 2019 04:58:23 +0000 Received: from localhost ([127.0.0.1]:52157 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gyUow-0002zY-2i for submit@debbugs.gnu.org; Mon, 25 Feb 2019 23:58:23 -0500 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:33113) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gyUou-0002zM-Q2 for 34632@debbugs.gnu.org; Mon, 25 Feb 2019 23:58:21 -0500 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 5DA2421F58; Mon, 25 Feb 2019 23:58:15 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute4.internal (MEProxy); Mon, 25 Feb 2019 23:58:15 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=mesmtp; bh=iCNY+KDZYOzHBedeGMm4bwLu C9jYPdEtDjAW8DcmzSU=; b=Rfg58B85oxaWK+ctdNos4K6/wuyTb6zcaBZlVEd5 3+Ev7d7nvWpknUcHSPo/OkgmQzM+8P9rVazm6sPYXq5OuGS3mzv1TFkBE38rSw0W ch7Fb+muBJbETR1quJo1dcNH5H43FJsNx6FuC2X0EBNxcgCnCeaSBOhSR78y+DNS NwY= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=iCNY+K DZYOzHBedeGMm4bwLuC9jYPdEtDjAW8DcmzSU=; b=5le1+h0m58+IWakmUakIQn 63GppxQh6HF18B9O3GajXrsLxUX6aF/TSYEgXSzzdyayx/2Mr3ec/HvqhBGRlfX6 Bu8w4uuV3H6OQBrLtbjB8RihVqo+ZX4ObBzyHoTxoLvhF0GxoDKRsVBgMCMnA1nl 49SXIAeZ1wWytvy2/JmEO+7y+3kouWhjrxM57B3bNynoDjdK1U2paVOBkUw9dkmP ITB/DYS+YzVYRHpKIDorfFuvTeoJBQ3+HfPBAcceckFhOcfHj13RY8ZyjXr00Pbq hQVcWSTCydUH0LWsL+FbnSEgyg+s/TGmFpCJJK7n9WuTTvrBIpT58qIbeyZcajcQ == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedutddrudekgdejkecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpeffhffvuffkfhggtggujggfsehgtderredtredvnecuhfhrohhmpefnvghoucfh rghmuhhlrghrihcuoehlvghosehfrghmuhhlrghrihdrnhgrmhgvqeenucffohhmrghinh epghhnuhdrohhrghenucfkphepjeeirdduvdegrddvtddvrddufeejnecurfgrrhgrmhep mhgrihhlfhhrohhmpehlvghosehfrghmuhhlrghrihdrnhgrmhgvnecuvehluhhsthgvrh fuihiivgeptd X-ME-Proxy: Received: from localhost (c-76-124-202-137.hsd1.pa.comcast.net [76.124.202.137]) by mail.messagingengine.com (Postfix) with ESMTPA id DC8BBE40C2; Mon, 25 Feb 2019 23:58:14 -0500 (EST) Date: Mon, 25 Feb 2019 23:58:13 -0500 From: Leo Famulari To: Marius Bakke Subject: Re: [bug#34632] [PATCH 0/2] Change from GSS to MIT-KRB5. Message-ID: <20190226045813.GA29580@jasmine.lan> References: <20190223162042.18168-1-mbakke@fastmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="J/dobhs11T7y2rNN" Content-Disposition: inline In-Reply-To: <20190223162042.18168-1-mbakke@fastmail.com> User-Agent: Mutt/1.11.3 (2019-02-01) X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 34632 Cc: 34632@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --J/dobhs11T7y2rNN Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Feb 23, 2019 at 05:20:42PM +0100, Marius Bakke wrote: > The GNU Generic Security Service and friends have been unmaintained for > many years now: . >=20 > Since these libraries are security-critical, it would be good to switch > to maintained implementations. WDYT? I think it's the right choice. --J/dobhs11T7y2rNN Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlx0x2UACgkQJkb6MLrK fwhOZw//Z1Mr5oeLPV3bFbkQ0KPKptAi6JnfLoaw+O666oJ88sWhClsmXP/2Oj/u tshYq9i5tizm++liNmHmb8R93GyU+Ri529klE1Gnr+dDJLQskA4dLdjV/zFLxjJ7 6cmfo3KhdjL+eQNnD7YowLbn/xTZOYvDeRo+9GH4+/3u7cU+7n9I7joeut4qB1n9 bX18dB3C2CzUFIqcTytLROjG2SRTAn2P0UB4IfEgagHKVm/uZ5Nbmh7gVVtXwz7U s39LOevBpVJ/7p0V3qm3rd81r99pJRW7di+lIKKCjWgl+Eh/zeTYmiHMKjqresaK PkAEY7Ouo/vjHmFIddfubaEz2k4smJFwZAzqXVHM523jtrSR/sXINVObOG/YhEql be3tWGUzkKUvvxocYcJDICgYomk87s+UPGxS7FpeQlOJTTY4ckIzwgMsAIUONFnA pv3vWYO/jLhKK3sszJk8/YG8sPUrPmHYhL8QLFeH0vS3QSToqGK/87eMGe5Dw4Yj ZaFuzQO7ff13AG9zrGG+GQOckJlECCLUvEvbhpra5v0XXiTCGQpNpsSOuVJGR9Uw U9rjpBEjXwoOfWl1Wtb2iJqC+ZtKrpPijAR5ZBz0aJYavw4kz2MS4iB7+zTLto5+ L6UPnJrjlgoTxXmwJKNAaPfMUkGeb6knKWosBnhZsJcYoZiQ6og= =beXR -----END PGP SIGNATURE----- --J/dobhs11T7y2rNN-- From debbugs-submit-bounces@debbugs.gnu.org Fri Mar 15 18:14:54 2019 Received: (at 34632) by debbugs.gnu.org; 15 Mar 2019 22:14:54 +0000 Received: from localhost ([127.0.0.1]:45577 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1h4v6M-0004kR-7I for submit@debbugs.gnu.org; Fri, 15 Mar 2019 18:14:54 -0400 Received: from eggs.gnu.org ([209.51.188.92]:50651) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1h4v6K-0004kD-Me for 34632@debbugs.gnu.org; Fri, 15 Mar 2019 18:14:53 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:50664) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h4v6D-0006Xm-Jw; Fri, 15 Mar 2019 18:14:46 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=59450 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1h4v6D-0005hG-3y; Fri, 15 Mar 2019 18:14:45 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Leo Famulari Subject: Re: [bug#34632] [PATCH 0/2] Change from GSS to MIT-KRB5. References: <20190223162042.18168-1-mbakke@fastmail.com> <20190226045813.GA29580@jasmine.lan> Date: Fri, 15 Mar 2019 23:14:43 +0100 In-Reply-To: <20190226045813.GA29580@jasmine.lan> (Leo Famulari's message of "Mon, 25 Feb 2019 23:58:13 -0500") Message-ID: <87tvg323ak.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 34632 Cc: Marius Bakke , 34632@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hello, Leo Famulari skribis: > On Sat, Feb 23, 2019 at 05:20:42PM +0100, Marius Bakke wrote: >> The GNU Generic Security Service and friends have been unmaintained for >> many years now: . >>=20 >> Since these libraries are security-critical, it would be good to switch >> to maintained implementations. WDYT? > > I think it's the right choice. Yeah, it=E2=80=99s a bit sad IMO, but so be it. Note that =E2=80=9Cguix refresh -l gss=E2=80=9D says 4K packages depend on = it, not sure why. Thanks, Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Fri Mar 15 23:43:38 2019 Received: (at 34632) by debbugs.gnu.org; 16 Mar 2019 03:43:38 +0000 Received: from localhost ([127.0.0.1]:45722 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1h50ET-0006af-To for submit@debbugs.gnu.org; Fri, 15 Mar 2019 23:43:38 -0400 Received: from mail-it1-f196.google.com ([209.85.166.196]:40747) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1h50ES-0006aS-U6 for 34632@debbugs.gnu.org; Fri, 15 Mar 2019 23:43:37 -0400 Received: by mail-it1-f196.google.com with SMTP id l139so14036340ita.5 for <34632@debbugs.gnu.org>; Fri, 15 Mar 2019 20:43:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version; bh=6yjUzQJTquedwD1VMZMOp3QtA5spAttjAiCWSvbZArg=; b=QbFTBU9N6YqaMjynA9qcdmuf/JGAw5Cns9jHLqud2ufzbWq94mJiPT0jiMt/ZV0Ip0 /5RJERqx+6NZ/XFn/aJjlEXQjN0IwdQFMyy5vmGuScBrHe1prHKO3HURZM/aDGWJdboy ZEudDcy8KzcOeD9lFKop6C1/1ZzvA5g4uYyAr+Hp9mcZIfX842I7fUOVCp9eBGtr01Oy Id1We4TyC0HnWP1MjCbNjEypkp1a0IP5ZyB5/imv61izOVI0I//dYmF124P2fEYzaxzD B98P692JWKQVQQIwheHxH8w2v5hOzeUP/8lpXXe55zjlEYvAAC8TL2Yx8fyz1fM5Hgl+ l3BQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to :message-id:user-agent:mime-version; bh=6yjUzQJTquedwD1VMZMOp3QtA5spAttjAiCWSvbZArg=; b=M113SoI8gyOXgOzPwqTU55Twck7VaJ/ZajGCqfXJblB0051CFY8mcZAyEYCPtSP2Gk y7p04F97bkaJ4SA1RWod5n3zvILVf0MmxytR2EU3KIShVTu3LCAkAQzy+aEPOkdiXFv0 WCv51j630TgYuiKlvGmS6/PlsSOGEd4C0jOCmWkkunTDWaJcDDJl3ggQ9A9OaD5y33HL uXoeVyH2F+55iH8Du0o6wR6xhhnAVo+f2N/K+ROiqvs6aB2g+lmgJkHnjz8nJ0Wz7psP naDgBQDE2fkNky+6iWaMujqcHK74WKPKaQg0wemVVHXvB+5AsylXbzYZ+im9W88oDjJd 5iDA== X-Gm-Message-State: APjAAAUvoF4RfPCcFNpijx7Z44P7Ok8AK9w0wRYdwHFCROmXAHoIwK1w YRTgmNqsQfpXLwt/5OsF63sgplEp X-Google-Smtp-Source: APXvYqy6ysPRwEf21b/tepsUEqytr+qUaHuUxjyKlUj6w1syVGwIDyoM3C/sNEuIPe/Kz6jhzmxFlQ== X-Received: by 2002:a24:6910:: with SMTP id e16mr4642713itc.116.1552707810622; Fri, 15 Mar 2019 20:43:30 -0700 (PDT) Received: from kwak ([216.154.27.64]) by smtp.gmail.com with ESMTPSA id q1sm2021060itb.22.2019.03.15.20.43.29 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Fri, 15 Mar 2019 20:43:29 -0700 (PDT) From: Maxim Cournoyer To: mbakke@fastmail.com Subject: Re: [bug#34632] [PATCH 0/2] Change from GSS to MIT-KRB5. References: <20190223162042.18168-1-mbakke@fastmail.com> <20190226045813.GA29580@jasmine.lan> <87tvg323ak.fsf@gnu.org> Date: Fri, 15 Mar 2019 23:43:26 -0400 In-Reply-To: <87tvg323ak.fsf@gnu.org> ("Ludovic \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\= \=\?utf-8\?Q\?s\?\= message of "Fri, 15 Mar 2019 23:14:43 +0100") Message-ID: <87o96bqyap.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 34632 Cc: Ludovic =?utf-8?Q?Court=C3=A8s?= , 34632@debbugs.gnu.org, leo@famulari.name X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hello! On Sat, Feb 23, 2019 at 05:20:42PM +0100, Marius Bakke wrote: > The GNU Generic Security Service and friends have been unmaintained for > many years now: . > > Since these libraries are security-critical, it would be good to switch > to maintained implementations. WDYT? Unmaintained on what ground? The website doesn't list fresh news, but the latest release was made in 2014 [1], and the maintainer has made changes to the Debian package last time in 2017 [2]. I wouldn't say it's unmaintained until the maintainer says so or CVEs pile up unfixed (which there aren't). So, my position would be to not do anything, as there doesn't seem to be an issue. Maxim [1] ftp://ftp.gnu.org/gnu/gss/ [2] https://sources.debian.org/src/gss/1.0.3-3/debian/changelog/ From debbugs-submit-bounces@debbugs.gnu.org Sun Mar 17 14:27:15 2019 Received: (at 34632) by debbugs.gnu.org; 17 Mar 2019 18:27:15 +0000 Received: from localhost ([127.0.0.1]:47750 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1h5aV8-0007s3-KF for submit@debbugs.gnu.org; Sun, 17 Mar 2019 14:27:15 -0400 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:54353) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1h5aV6-0007rp-Qn for 34632@debbugs.gnu.org; Sun, 17 Mar 2019 14:27:13 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id A33A5212C8; Sun, 17 Mar 2019 14:27:07 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute4.internal (MEProxy); Sun, 17 Mar 2019 14:27:07 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=mesmtp; bh=QWsjJWk0xgFoFWG41pthpQOP 5h2PeBMrt+CQw97xvSU=; b=siEjNin7OKup8rU+V8vUt2UubKobi+x1helzGLM0 Xjk1gnUlCfD6cbqeXfjJakI4we2Yn5v9NeMAmVdHLmw0sgbY/yipI8GfDP1kVSE2 qAB79udv7js0q8yINs1rRUJVbP63EZmKCUefrzamb11x/V+4517yZki92dZXHKOS NsQ= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=QWsjJW k0xgFoFWG41pthpQOP5h2PeBMrt+CQw97xvSU=; b=j4pQIWi5UhIhalhVNTZuXn 7sDP43y48qnY7W/1/02r1pBnWuaVIUgrXqiftls67HR3Nb35J75dJxxYrkiOcUCq 8yxpxOIaDdt4TVsdKw2wqrIen0cGrOZ8tvV6jJ9Rx0j6tuRQPJGUY6hYfjb/13nu VtyCzc8YtdI1OwZaYtSaL7nsiHqfItJHxCRXH6gzZzbJD74si7LQzM5siT774K/x uam/aleRID/g29xM7u1vVhc5kddbZsDrvWYDkq9e/1Cm7wLyg4biNyxaEqek1Nf9 u9tBZ8TG9fOY6FJuqipDdHAKVcfYGoQZze5CrHXHWeprwpoPGMPMyFLe/ry6woDQ == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedutddrheelgdduudeiucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepfffhvffukfhfgggtuggjfgesghdtreertdervdenucfhrhhomhepnfgvohcu hfgrmhhulhgrrhhiuceolhgvohesfhgrmhhulhgrrhhirdhnrghmvgeqnecuffhomhgrih hnpehmihhtrhgvrdhorhhgnecukfhppeejiedruddvgedrvddtvddrudefjeenucfrrghr rghmpehmrghilhhfrhhomheplhgvohesfhgrmhhulhgrrhhirdhnrghmvgenucevlhhush htvghrufhiiigvpedt X-ME-Proxy: Received: from localhost (c-76-124-202-137.hsd1.pa.comcast.net [76.124.202.137]) by mail.messagingengine.com (Postfix) with ESMTPA id A234110310; Sun, 17 Mar 2019 14:27:06 -0400 (EDT) Date: Sun, 17 Mar 2019 14:27:05 -0400 From: Leo Famulari To: Maxim Cournoyer Subject: Re: [bug#34632] [PATCH 0/2] Change from GSS to MIT-KRB5. Message-ID: <20190317182705.GD1410@jasmine.lan> References: <20190223162042.18168-1-mbakke@fastmail.com> <20190226045813.GA29580@jasmine.lan> <87tvg323ak.fsf@gnu.org> <87o96bqyap.fsf@gmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="bjuZg6miEcdLYP6q" Content-Disposition: inline In-Reply-To: <87o96bqyap.fsf@gmail.com> User-Agent: Mutt/1.11.3 (2019-02-01) X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 34632 Cc: mbakke@fastmail.com, Ludovic =?iso-8859-1?Q?Court=E8s?= , 34632@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --bjuZg6miEcdLYP6q Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Fri, Mar 15, 2019 at 11:43:26PM -0400, Maxim Cournoyer wrote: > Unmaintained on what ground? The website doesn't list fresh news, > but the latest release was made in 2014 [1], and the maintainer has made > changes to the Debian package last time in 2017 [2]. I wouldn't say it's > unmaintained until the maintainer says so or CVEs pile up unfixed (which > there aren't). Considering the rate of vulnerability discovery in MIT Kerberos [0] I think that, if GSS was being examined to the same degree, we would learn of many serious bugs. Any significant C codebase of this age will have such bugs. But unfortunately GSS hasn't received as much scrutiny. [0] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=krb5 --bjuZg6miEcdLYP6q Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlyOkXkACgkQJkb6MLrK fwgJQBAAjXTRfMC9wD71dSlYDE1r8SfMYqMGxIX0tyie7Cg6Q4bnCzzvsXMItM/i jXD24Vb3c7gaIqjGWbf2PMQfsDesq/l5ZQkzM8CGFfknirxa/DbC3/PhnOKaoRok zkKMRd3RIMzyf83gjQahETXB9TISPKVObeCm5m4WQGvqWnRVkh8HSyr+v9UyI/Ty BB+Vc6aapCZlu1cQoOt6gvUw34L3pqgDeklgZLEJ2ecnr2gAH0qEOaOXFyQFHMyP /xGQvRsUHCnhXx8SwSbcevcxIM01zjFhZXg1LXOkvsHZCvssp2tiQxe2r525fX0o B0jZaY3AwkOMh+hhIKeNSh0ICkFOnOM1Yc9bopHKorIfEGbnvuaHRd/pFUjWzHtW wq47b/m3ISu6Mmdy/qBgksE3ucsVyqatOYGSNbaqwTPcUNo1DDg6AwPJW1KdMHAI dCb+AJWZprrwTcH2zo3/gFFYJB4VKD26sKIYYifhw02TQUaCorU5lMsRGMt2sk8q lAaNr0Ky41HtoM09nLAVnc6MCZn6fUkgPRJx2HM5uDoRkJSFQ9uQqimC4FIjzVmH //K7ErLsjZyyZv+33/YwjrYP3vsDANhrt0ZcoEDlYyNo1uzVGCQXPEp1FU33MOTu UH20nlpNLv0+mxarh+xWe4ym/nc9QhGT75682ugBRxL9QsFp9xY= =ToYO -----END PGP SIGNATURE----- --bjuZg6miEcdLYP6q-- From debbugs-submit-bounces@debbugs.gnu.org Mon May 13 23:17:26 2019 Received: (at 34632) by debbugs.gnu.org; 14 May 2019 03:17:27 +0000 Received: from localhost ([127.0.0.1]:46835 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hQNwU-0007e3-Jm for submit@debbugs.gnu.org; Mon, 13 May 2019 23:17:26 -0400 Received: from mail-qk1-f196.google.com ([209.85.222.196]:45663) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hQNwT-0007do-F7 for 34632@debbugs.gnu.org; Mon, 13 May 2019 23:17:25 -0400 Received: by mail-qk1-f196.google.com with SMTP id j1so9392802qkk.12 for <34632@debbugs.gnu.org>; Mon, 13 May 2019 20:17:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version; bh=btwBGEr5q88PYlVUhwoWKSbAFiEppFwKEAhEFDJK7pM=; b=qZ2K21O6GW4ZyvF02b6Lic1u+ZEqAwFN7hCF6/NlspZjwjTSVHvtGKwQPDHo9crEkI QN2LiLnjBxMHBR7thBfBm4gvC6fQUlC5+B2qK9SIBfRBzHVtmDYkTwSfBao3DySfvLPe OWUe3BLMC/d5KLMHsVIlK0fxtExq5VwRNsyiigEqDCiZOXHUVj9IcVRFrnHQuPodtx5J w7ZffKOCpDhGYH3LCYDscaum1d1/2yZkctccG/+FXULMsIYSL4PHDY+R2yWHGVc7RiVt 3lXf1d6EyHqufEi5+Do1rN/pUV9YE9Rsb1em/fM/Cns8qhlqv7oXREw/leple15G2rN3 DaXg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to :message-id:user-agent:mime-version; bh=btwBGEr5q88PYlVUhwoWKSbAFiEppFwKEAhEFDJK7pM=; b=V50Gx4Q55Yc+wQiO08d7voI6QJs2qq1oSdeH28opvW5AMoSE/KGtGQJJXRGnnG0DgX d5lVtMFNN4hZVUzdAAjApujeykU8Bx2Sg9tc+zqfJAFat2I+lwOWxTKDCGrCFWyIsD7H hUGZiimaJ5ZF4S0ydB148B9FQbgOm2kdupcrjpLCdBwaCMIz7tnYqe1BfPckS+loXkoe KpiFhnFeAKOXREUfdYPg4vIXtpXdUFLnRyKzP5lJXCYl3MFeAiKmGXokpUzbWuwqzUAy gbEm/ESJ5mUufBozchKzlPfVTaEuwRQeiC0yNFa3zaHIIlI12w/eAozT5yV8L7NXYCq/ kfHg== X-Gm-Message-State: APjAAAXiv7hGbXl87CY0caTL2Mq6e0IvavkRCKbEv4x4CWkqg9VBshOr asYD83r8orjHRApbSYIWCMBE5Fdg X-Google-Smtp-Source: APXvYqwwbDI7U/XUlnofHW9o6nvxeeli2W4q62pKCIkAhRPD7F3g4jjwP/PvBjePfxXabFZz9SlQVA== X-Received: by 2002:a37:b441:: with SMTP id d62mr21024491qkf.259.1557803839709; Mon, 13 May 2019 20:17:19 -0700 (PDT) Received: from kwak (dsl-150-248.b2b2c.ca. [66.158.150.248]) by smtp.gmail.com with ESMTPSA id z63sm6228459qkb.7.2019.05.13.20.17.18 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 13 May 2019 20:17:18 -0700 (PDT) From: Maxim Cournoyer To: Leo Famulari Subject: Re: [bug#34632] [PATCH 0/2] Change from GSS to MIT-KRB5. References: <20190223162042.18168-1-mbakke@fastmail.com> <20190226045813.GA29580@jasmine.lan> <87tvg323ak.fsf@gnu.org> <87o96bqyap.fsf@gmail.com> <20190317182705.GD1410@jasmine.lan> Date: Mon, 13 May 2019 23:17:17 -0400 In-Reply-To: <20190317182705.GD1410@jasmine.lan> (Leo Famulari's message of "Sun, 17 Mar 2019 14:27:05 -0400") Message-ID: <87o9457miq.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 34632 Cc: mbakke@fastmail.com, Ludovic =?utf-8?Q?Court=C3=A8s?= , 34632@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hello, Leo Famulari writes: > On Fri, Mar 15, 2019 at 11:43:26PM -0400, Maxim Cournoyer wrote: >> Unmaintained on what ground? The website doesn't list fresh news, >> but the latest release was made in 2014 [1], and the maintainer has made >> changes to the Debian package last time in 2017 [2]. I wouldn't say it's >> unmaintained until the maintainer says so or CVEs pile up unfixed (which >> there aren't). > > Considering the rate of vulnerability discovery in MIT Kerberos [0] I > think that, if GSS was being examined to the same degree, we would learn > of many serious bugs. Any significant C codebase of this age will have > such bugs. But unfortunately GSS hasn't received as much scrutiny. > > [0] > https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=krb5 Just FYI, I had ping'd the GSS mailing list with this message: http://lists.gnu.org/archive/html/help-gss/2019-03/msg00001.html, but there haven't been a reply (yet). So it looks like it was a wise decision to make the switch! Sorry for doubting, eh! Maxim From debbugs-submit-bounces@debbugs.gnu.org Tue May 14 14:15:51 2019 Received: (at 34632-done) by debbugs.gnu.org; 14 May 2019 18:15:51 +0000 Received: from localhost ([127.0.0.1]:49810 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hQbxr-0001KN-Al for submit@debbugs.gnu.org; Tue, 14 May 2019 14:15:51 -0400 Received: from wout4-smtp.messagingengine.com ([64.147.123.20]:58243) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hQbxp-0001KB-Iu for 34632-done@debbugs.gnu.org; Tue, 14 May 2019 14:15:46 -0400 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.west.internal (Postfix) with ESMTP id 91C832D2; Tue, 14 May 2019 14:15:39 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute5.internal (MEProxy); Tue, 14 May 2019 14:15:39 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h= from:to:cc:subject:in-reply-to:references:date:message-id :mime-version:content-type; s=fm2; bh=dAhvjm4E9tc8VjH8zAshk6iwpO MZiYA34UAJ1HIlug0=; b=fBfyS1tVGZ1ZYMyS5FypI0Db5RSZtqrq4ss0DA6TIT Z76B9ijKeBMs1o6RZop9oaDuajABquZm2CoIBHqE+IYZhGZVtKq5HqxNe7C3zePW BnpLtkuLITU+ZEiysK1ukJ1NeWpNrpZENywAB1vuwcnBooXOiEIyAkCgbWo1GQtz 5ed1A/hiJHXzEVZ02Q2e48EvpKiaimPXhvFsXr2xh6IhXb/R8jqaXm8yTg5wei9Y Ft5PgmJpE54hRLVqSywd/5wCryrYID4Hrv0KckubPyoruYsbH/5PN9oN4IylG6Hj eD1rPwD8LaWRjdXB4rmYdR0rPpS4hnIU5nZR82UPmVqw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=dAhvjm 4E9tc8VjH8zAshk6iwpOMZiYA34UAJ1HIlug0=; b=2/IxKHtyTDq9YxSy89vJ29 3Vkx79gdwXX+zuVlY7a/vCdNDEyCHOQj1QWTODnKuPXpiemM3mPPOCVz+GgoeM3i 7oga0Ek1wSSy5p3GVDnDUb47r1Wj3OeGxgJD/sOK7NDdgL+l6jNPkh6mBDQRlsNu aZ0dvm0G2GkFxHWpMYB7LCEoWvAUFSl0wvxFrHVk/yBaoeMkCOFLiqY5s5aEzxZe 3xuDQrjAFUhM76Sy6p44AGH1Eg83vwgim5DMzqfC+ensk6xwv+wUmaokl2MiwiED mYend2wxCHIAx1KKTrIHFREAUD1Znm73T3dCIOOLWyEgMdvKcPMl8yeUTlq+PPzg == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduuddrleeigdduvddvucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhephffvufgjfhgffffkgggtsehgtderredtredtnecuhfhrohhmpeforghrihhu shcuuegrkhhkvgcuoehmsggrkhhkvgesfhgrshhtmhgrihhlrdgtohhmqeenucffohhmrg hinhepmhhithhrvgdrohhrghdpghhnuhdrohhrghenucfkphepiedvrdduiedrvddviedr udegtdenucfrrghrrghmpehmrghilhhfrhhomhepmhgsrghkkhgvsehfrghsthhmrghilh drtghomhenucevlhhushhtvghrufhiiigvpedt X-ME-Proxy: Received: from localhost (140.226.16.62.customer.cdi.no [62.16.226.140]) by mail.messagingengine.com (Postfix) with ESMTPA id 5C0FD10378; Tue, 14 May 2019 14:15:38 -0400 (EDT) From: Marius Bakke To: Maxim Cournoyer , Leo Famulari Subject: Re: [bug#34632] [PATCH 0/2] Change from GSS to MIT-KRB5. In-Reply-To: <87o9457miq.fsf@gmail.com> References: <20190223162042.18168-1-mbakke@fastmail.com> <20190226045813.GA29580@jasmine.lan> <87tvg323ak.fsf@gnu.org> <87o96bqyap.fsf@gmail.com> <20190317182705.GD1410@jasmine.lan> <87o9457miq.fsf@gmail.com> User-Agent: Notmuch/0.28.3 (https://notmuchmail.org) Emacs/26.2 (x86_64-pc-linux-gnu) Date: Tue, 14 May 2019 20:15:36 +0200 Message-ID: <87v9ycaomv.fsf@fastmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 34632-done Cc: Ludovic =?utf-8?Q?Court=C3=A8s?= , 34632-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --=-=-= Content-Type: text/plain Hi Maxim, Maxim Cournoyer writes: > Hello, > > Leo Famulari writes: > >> On Fri, Mar 15, 2019 at 11:43:26PM -0400, Maxim Cournoyer wrote: >>> Unmaintained on what ground? The website doesn't list fresh news, >>> but the latest release was made in 2014 [1], and the maintainer has made >>> changes to the Debian package last time in 2017 [2]. I wouldn't say it's >>> unmaintained until the maintainer says so or CVEs pile up unfixed (which >>> there aren't). >> >> Considering the rate of vulnerability discovery in MIT Kerberos [0] I >> think that, if GSS was being examined to the same degree, we would learn >> of many serious bugs. Any significant C codebase of this age will have >> such bugs. But unfortunately GSS hasn't received as much scrutiny. >> >> [0] >> https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=krb5 > > Just FYI, > > I had ping'd the GSS mailing list with this message: > http://lists.gnu.org/archive/html/help-gss/2019-03/msg00001.html, but > there haven't been a reply (yet). > > So it looks like it was a wise decision to make the switch! Sorry for > doubting, eh! Thank you very much for checking with upstream :-) I was on the fence about this switch myself, and submitted this patch hoping for feedback along these lines. It would be great to get Shishi and GSS into Googles OSS-Fuzz and similar so that we can be more confident in the implementation. For now I've pushed these patches in 996186b..828d376. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAlzbBcgACgkQoqBt8qM6 VPrZswgAmQ/D5OL5NBfttuDRer5swlVL0IGEwnpPqS5sDlabe6m7mPd9VU9JeLLD h4OnkAU1tLKc3iPI5H02Uqi1noOKO71KItMI5nQqGsotaaBqVzxEQ9LqIBElLUA9 DdHwgkKTmmHJHJgzUBeHVj1lGQKKsXmGhaCeZi+H7I+5WfyaMfvDOL9kgRmda/x/ 4RhbrQcTTr7cdgDfWaORN+loTBfHRF/u0SZtTfCTD40g0JeqhT0fA6FmRbg6ydLy zWfb1caaco76lW5oaOKQ7s9j0wAEl6kItXE91+4QGndlADgtWEjg858DNJHOQ6xH Qe8WbFKwV3v8XS1rCH2j8dq/2PMx1w== =rP86 -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Wed May 15 19:06:57 2019 Received: (at 34632-done) by debbugs.gnu.org; 15 May 2019 23:06:57 +0000 Received: from localhost ([127.0.0.1]:53623 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hR2zA-0004sD-Uc for submit@debbugs.gnu.org; Wed, 15 May 2019 19:06:57 -0400 Received: from mail-qt1-f193.google.com ([209.85.160.193]:33183) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hR2z9-0004rz-Pd for 34632-done@debbugs.gnu.org; Wed, 15 May 2019 19:06:56 -0400 Received: by mail-qt1-f193.google.com with SMTP id m32so1811149qtf.0 for <34632-done@debbugs.gnu.org>; Wed, 15 May 2019 16:06:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version; bh=gx7dc09C50ESbfO5wzuulgLYeI5A6kixG/4MZBPxr7c=; b=OuV3sQUwByG1uv1VkP8yanD6hZ/oMc8MV+PNM56NgCnRqNzjD864IdB00eHQ4oe/NE Pgxo08rFPrnvyQ7xGKjKJ/POzN1eza+hCI5WyeVk2fiC2v2CVITBc0kpU0sz26fkooEf D8Kc5kgmKTC73fAdAvvCaxHxIQnMhzSK8chBbb3pUiGMMIpUS+hKi7Bpt6sGanXME5PD f25ipl65vhVleqBfd//H9N7ZqqsW6/g/Nk5tWkBJelxdsUtHxGV8HqqIG7SWUW/c7rsY 6EIjPry9y9nPYuolJx6+dpbLu3E3aeLoknpuinUIA/cpW2iuhA+miPuwkRNKUFPeqsnW lHAw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to :message-id:user-agent:mime-version; bh=gx7dc09C50ESbfO5wzuulgLYeI5A6kixG/4MZBPxr7c=; b=GOWRV9BSna7Dag5ByTwYYBQgIYR+/aLip0+9Fy/7Vonbm21KhQn7MAZRsbdNCQ8oZp f/HN09f1MYHmttS2AtCW0mYj581VTq2X0Mj0YAdsp6Lk//Et5plcwCCzALV37+S5ELsJ y0rAqn4FVdEiQQ4WXi1zX4cQMqer8/teNJc4xxP54ANlMLqi0Gfvdn4U4WmOp3nFKudN QKF5ebdrZu//DoKmlh/qlRdXTA8lAxri93BhDPfn1agrYrQ43bgf+2mqKz7Xzvb8SxbH pCgI88HaOYUFDtJ6HnsQ53B55HaJUW/Gh1RAYryQYgUweguJUgkQgL6tQviSIC4a2k3t cLGg== X-Gm-Message-State: APjAAAXWQKN8S3WsdZlEnfD0bgIw0zfEFvxXPg1p+ohKAIBzbJt+id+z GmCSEx17I8AiF0Nx/CWp4eNn+6E8 X-Google-Smtp-Source: APXvYqxnUbUvvnjjCJdOlHWHlq1a7/DnugCOHijeeA+Xxkb3iQWlFLLtneri0Jt3UYg3fDSl1VJZwg== X-Received: by 2002:ac8:23d0:: with SMTP id r16mr28227108qtr.247.1557961609732; Wed, 15 May 2019 16:06:49 -0700 (PDT) Received: from kwak (dsl-10-130-17.b2b2c.ca. [72.10.130.17]) by smtp.gmail.com with ESMTPSA id o37sm2516417qta.86.2019.05.15.16.06.48 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 15 May 2019 16:06:48 -0700 (PDT) From: Maxim Cournoyer To: Marius Bakke Subject: Re: [bug#34632] [PATCH 0/2] Change from GSS to MIT-KRB5. References: <20190223162042.18168-1-mbakke@fastmail.com> <20190226045813.GA29580@jasmine.lan> <87tvg323ak.fsf@gnu.org> <87o96bqyap.fsf@gmail.com> <20190317182705.GD1410@jasmine.lan> <87o9457miq.fsf@gmail.com> <87v9ycaomv.fsf@fastmail.com> Date: Wed, 15 May 2019 19:06:47 -0400 In-Reply-To: <87v9ycaomv.fsf@fastmail.com> (Marius Bakke's message of "Tue, 14 May 2019 20:15:36 +0200") Message-ID: <8736lftj08.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 34632-done Cc: Ludovic =?utf-8?Q?Court=C3=A8s?= , 34632-done@debbugs.gnu.org, Leo Famulari X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hello Marius, Marius Bakke writes: [...] >>> Considering the rate of vulnerability discovery in MIT Kerberos [0] I >>> think that, if GSS was being examined to the same degree, we would learn >>> of many serious bugs. Any significant C codebase of this age will have >>> such bugs. But unfortunately GSS hasn't received as much scrutiny. >>> >>> [0] >>> https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=krb5 >> >> Just FYI, >> >> I had ping'd the GSS mailing list with this message: >> http://lists.gnu.org/archive/html/help-gss/2019-03/msg00001.html, but >> there haven't been a reply (yet). >> >> So it looks like it was a wise decision to make the switch! Sorry for >> doubting, eh! > > Thank you very much for checking with upstream :-) > > I was on the fence about this switch myself, and submitted this patch > hoping for feedback along these lines. > > It would be great to get Shishi and GSS into Googles OSS-Fuzz and > similar so that we can be more confident in the implementation. Would it be possible to add a fuzz phase to our GNU build system? If it's not too expensive to run, it could be a security enhancer for the Guix System! AFL (which is one of the two fuzzers used by Google's OSS-fuzz service, and which we already have in Guix). Food for thoughts! > For now I've pushed these patches in 996186b..828d376. Thank you, Maxim From unknown Tue Jun 17 20:11:23 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Thu, 13 Jun 2019 11:24:04 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator From debbugs-submit-bounces@debbugs.gnu.org Sat Aug 06 10:04:13 2022 Received: (at control) by debbugs.gnu.org; 6 Aug 2022 14:04:14 +0000 Received: from localhost ([127.0.0.1]:35166 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oKKPV-0001NJ-MW for submit@debbugs.gnu.org; Sat, 06 Aug 2022 10:04:13 -0400 Received: from uggla.sjd.se ([178.174.241.107]:42324) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oKKPU-0001NC-MA for control@debbugs.gnu.org; Sat, 06 Aug 2022 10:04:13 -0400 DKIM-Signature: v=1; a=ed25519-sha256; q=dns/txt; c=relaxed/relaxed; d=josefsson.org; s=ed2110; h=Content-Type:MIME-Version:Message-ID:In-Reply-To :Date:References:Subject:To:From:Sender:Reply-To:Cc:Content-Transfer-Encoding :Content-ID:Content-Description; bh=daLqIVTMHbVQnlKqYBANXR2qyRfKL2tr1l4Cyx7JNPw=; t=1659794652; x=1661004252; b=EDqoHCOVGQYoG/AtbVZKcupXmaWsBfG+xoPjLpEXQR2hVRjiWZ9uQsjEV0GSjrDx54VWSaDB9RN 9qXixyhWgCg==; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=josefsson.org; s=rsa2110; h=Content-Type:MIME-Version:Message-ID: In-Reply-To:Date:References:Subject:To:From:Sender:Reply-To:Cc: Content-Transfer-Encoding:Content-ID:Content-Description; bh=daLqIVTMHbVQnlKqYBANXR2qyRfKL2tr1l4Cyx7JNPw=; t=1659794652; x=1661004252; b=msRZFcJ5gatsilnWMD/VWajlEAUvI6B+9wS58YNK9mXX7UJnPHZ3kI0/q3rWsSGhYklc0DnDzdh yj7jenG7APkew2M0/BPDQmr4Z8MFEqsp7uaPmJw2PTtMYngHqVmKFEZ2tJnhbzR11xtgr2tRjkm6c SuKgAUrXtzDcFXn3+mpuEVlk8qYGyf7tM8daWszHCyyyn4hBClNFNQHlbqJLQzV6xkN2qMZzpsV/p oWtVd9TOQTUj5F1muTvPQl8Vf1p4pDtLzO/QjcPJt+7i3cgxHY+G7vSpw2tLVvYjiJ51ROZVemqpE zXA6hgyKf009CEUs5bS634GaS3cO1NK9ujgEMETydBzlVu6+LwTQpYAn601NpOz5BR2yIxwGrffTF Rl/tn2JwJMHdtL1Bpb7sbD0liyuAStwFHkjqrR1ayJ2ZclT/aWq7iZxm7djBzxoiXaOl1ZdPi; Received: from [2001:9b1:41ac:ff00:e0bc:1189:b201:8631] (port=52648 helo=latte) by uggla.sjd.se with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1oKKPU-00BWiJ-VL for control@debbugs.gnu.org; Sat, 06 Aug 2022 16:04:11 +0200 X-Hashcash: 1:22:220806:control@debbugs.gnu.org::KAAEjzeCJzGoWF7h:5+2q From: Simon Josefsson To: control@debbugs.gnu.org Subject: Re: Archived problem report bug#34632 (GSS development status) References: <87r11ttqq0.fsf@latte.josefsson.org> <20190223162042.18168-1-mbakke@fastmail.com> OpenPGP: id=B1D2BD1375BECB784CF4F8C4D73CF638C53C06BE; url=https://josefsson.org/key-20190320.txt X-Hashcash: 1:22:220806:help-debbugs@gnu.org::iVWwzrJQCzGM/umo:HSBM Date: Sat, 06 Aug 2022 16:04:11 +0200 In-Reply-To: (GNU bug Tracking System's message of "Sat, 06 Aug 2022 14:03:02 +0000") Message-ID: <87mtchtqn8.fsf@latte.josefsson.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) --=-=-= Content-Type: text/plain unarchive 34632 --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iIoEARYIADIWIQSjzJyHC50xCrrUzy9RcisI/kdFogUCYu502xQcc2ltb25Aam9z ZWZzc29uLm9yZwAKCRBRcisI/kdFohjbAQCXgwUtf+c67vr480ptD1M/kJ1qKLM7 J4I0Jp2FLRgGHwEAmtvi0XDbgfk3DtjlBV5h4H6JTxU3jNK61YHIqnb3MgE= =p9jG -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Sat Aug 06 12:07:42 2022 Received: (at 34632) by debbugs.gnu.org; 6 Aug 2022 16:07:42 +0000 Received: from localhost ([127.0.0.1]:35301 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oKMKz-0006f9-RK for submit@debbugs.gnu.org; Sat, 06 Aug 2022 12:07:42 -0400 Received: from uggla.sjd.se ([178.174.241.107]:59760) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oKKQf-0001PO-HH for 34632@debbugs.gnu.org; Sat, 06 Aug 2022 10:05:26 -0400 Received: from [2001:9b1:41ac:ff00:e0bc:1189:b201:8631] (port=39532 helo=latte) by uggla.sjd.se with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1oKKQf-00BX4n-QC for 34632@debbugs.gnu.org; Sat, 06 Aug 2022 16:05:24 +0200 Resent-To: 34632@debbugs.gnu.org Resent-From: Simon Josefsson Resent-Date: Sat, 06 Aug 2022 16:05:24 +0200 Resent-Message-ID: <87fsi9tql7.fsf@latte.josefsson.org> Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Simon Josefsson via Discussion list for GNU Generic Security Service Newsgroups: gmane.comp.gnu.gss.general Subject: Re: GSS development status Date: Sat, 06 Aug 2022 16:02:31 +0200 Message-ID: <87r11ttqq0.fsf@latte.josefsson.org> References: <87o968i9gh.fsf@gmail.com> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="20602"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) To: Maxim Cournoyer Original-X-From: help-gss-bounces+gcggg-help-gss=m.gmane-mx.org@gnu.org Sat Aug 06 16:02:51 2022 Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1oKKO9-00055K-3I for gcggg-help-gss@m.gmane-mx.org; Sat, 06 Aug 2022 16:02:49 +0200 Original-Received: from localhost ([::1]:36500 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oKKO7-0007vC-QM for gcggg-help-gss@m.gmane-mx.org; Sat, 06 Aug 2022 10:02:47 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:37712) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oKKNy-0007sL-A7 for help-gss@gnu.org; Sat, 06 Aug 2022 10:02:41 -0400 Original-Received: from uggla.sjd.se ([2001:9b1:8633::107]:52062) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oKKNw-0005Qf-Br for help-gss@gnu.org; Sat, 06 Aug 2022 10:02:38 -0400 DKIM-Signature: v=1; a=ed25519-sha256; q=dns/txt; c=relaxed/relaxed; d=josefsson.org; s=ed2110; h=Content-Type:MIME-Version:Message-ID:In-Reply-To :Date:References:Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding :Content-ID:Content-Description; bh=UmJqs+bsNB7ImQQZ/rtifd0L5BD0b2CRmzvAkACVGds=; t=1659794555; x=1661004155; b=yJfttqBlL5dago7E0IytOQ5omzV9LqIbH5cdSfj0Wd23ayRSgMkpqL5eBMJsPSjQmj7FMjMlMh+ 6OItVDCdvCw==; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=josefsson.org; s=rsa2110; h=Content-Type:MIME-Version:Message-ID: In-Reply-To:Date:References:Subject:Cc:To:From:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=UmJqs+bsNB7ImQQZ/rtifd0L5BD0b2CRmzvAkACVGds=; t=1659794555; x=1661004155; b=lXzMQ+WUaV5z5tzUwbc7ss72fyHLpvCNbOYnuLovct78XmwOofkCmLimTZ6lVZmi4EyhwbYBj6n 7henmR0UKfMuJWcFZlvZV2t5IryTeyP6sTzpQjjzWwo+9nI3wmbfIxkOLcuof9hQzZVHSB9GtzsaJ nLBya22HDaPcfGdiTheD0jSeNh641NaX8JVsC8zsHagJvWIYmUl3H1FOkyls6fcTzX2DsQ1ziGw1u erEaHtPdbCIOCxopymkKJjg26C4VN/j9eH1aoM6JVt/O9bATiuUHtdrcURKjHqOWXv6PUSuLh2nLj 9XXXY6JuhGnJ+/4Dd8fvwtRlyYtyX0WReaF8DFkSD/Ikss+pEN6fjzkNpdG0Fv3uTAlMijXBi80R8 yzEdYx9I7+VqpcI9SbwI5GZcB6eIEgVskverCNHqOizxpgMa/BmW+bbGAoFtM+s3wAGJLg6y7; Original-Received: from [2001:9b1:41ac:ff00:e0bc:1189:b201:8631] (port=38218 helo=latte) by uggla.sjd.se with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1oKKNt-00BWgw-AD; Sat, 06 Aug 2022 16:02:32 +0200 X-Hashcash: 1:22:220806:34632@debbugs.gnu.org::hZgP96F2r8nM9R48:0jmv OpenPGP: id=B1D2BD1375BECB784CF4F8C4D73CF638C53C06BE; url=https://josefsson.org/key-20190320.txt X-Hashcash: 1:22:220806:help-gss@gnu.org::8NlVXKUYFwEUfy/y:i2o X-Hashcash: 1:22:220806:maxim.cournoyer@gmail.com::GPd6S43WndGIKxzn:9mcu In-Reply-To: <87o968i9gh.fsf@gmail.com> (Maxim Cournoyer's message of "Mon, 18 Mar 2019 09:43:58 -0400") Received-SPF: pass client-ip=2001:9b1:8633::107; envelope-from=simon@josefsson.org; helo=uggla.sjd.se X-Spam_score_int: -43 X-Spam_score: -4.4 X-Spam_bar: ---- X-Spam_report: (-4.4 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: help-gss@gnu.org X-Mailman-Version: 2.1.29 Precedence: list Original-Sender: "Help-gss" Archived-At: X-Spam-Score: 0.2 (/) X-Debbugs-Envelope-To: 34632 X-Mailman-Approved-At: Sat, 06 Aug 2022 12:07:40 -0400 Cc: 34632@debbugs.gnu.org, help-gss@gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Simon Josefsson Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) --=-=-= Content-Type: text/plain Maxim Cournoyer writes: > Hello, > > I'd like to inquire about the development status of GSS? Has it left the > beta status? Are bugs still being fixed? Is there any known or presumed > security issues when using GSS rather than its more mainstream > implementation in MIT Kerberos? > > I'm asking because the GNU Guix project is considering a switch from GNU > GSS to MIT krb5 for security reasons [0], given that no new releases have > been made since 2014. > > Thank you, > > Maxim Cournoyer > > [0] http://issues.guix.info/issue/34632 Hi Maxim, Sorry for the slow response, which may in part be an answer to your question. However I have just released GNU GSS version 1.0.4 to refresh the project, and have setup CI/CD checking of it to pave the road for future improvements. To my knowledge there are only two major missing features: 1) Missing gss_wrap() AES functionality. This prevents SASL GSS-API to complete on modern machines. Shishi supports AES and GSSLib supports it for GSS_Init_sec_context etc but not GSS_wrap. 2) Shishi doesn't use the same ccache/keytab files as MIT Kerberos and Heimdal. I hope to complete 1) in the future. For 2), fixing it would be a GNU Shishi feature that should be simple to resolve -- it ships with tools ccache2shishi and keytab2shishi to convert the files, but that should be done automatically internally by the library instead. Indeed getting these enrolled in the OSS Fuzz project would be a great contribution. My primary goal is to do a new release of GNU Shishi and improve the CI/CD integration checks to have good confidence in future changes. Regarding what 'gsasl' and 'curl' should be linked against in GNU Guix, I believe it would be much nicer if you would use the 'Libgssglue' package instead! Then the user can change GSS-API library at run-time. Read about this work here: https://blog.josefsson.org/2022/07/14/towards-pluggable-gss-api-modules/ /Simon --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iIoEARYIADIWIQSjzJyHC50xCrrUzy9RcisI/kdFogUCYu50dxQcc2ltb25Aam9z ZWZzc29uLm9yZwAKCRBRcisI/kdForNnAP9MOtpwjj4+yezNeoabfkd/kXE++9WI +aPryFiQpET3OwEAzO+EtEVv+T2X62Sr2ltW7gIWjLwMYwr7fN0SIwFa1wo= =oLO3 -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Tue Aug 09 20:48:13 2022 Received: (at 34632) by debbugs.gnu.org; 10 Aug 2022 00:48:13 +0000 Received: from localhost ([127.0.0.1]:45534 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oLZtN-0008G1-Ay for submit@debbugs.gnu.org; Tue, 09 Aug 2022 20:48:13 -0400 Received: from mail-qv1-f42.google.com ([209.85.219.42]:38792) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oLZtK-0008FF-Jj for 34632@debbugs.gnu.org; Tue, 09 Aug 2022 20:48:11 -0400 Received: by mail-qv1-f42.google.com with SMTP id l8so5183871qvr.5 for <34632@debbugs.gnu.org>; Tue, 09 Aug 2022 17:48:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:user-agent:message-id:in-reply-to:date:references :subject:cc:to:from:from:to:cc; bh=KOqpbvaKjjbFsITqGBcvJADxzM5RBzTKsY6ZDo4qT90=; b=Z0nq2DeYODCGCQfYd6UTvlSuRS9YsIcx5AMrXN9jZaRYl+TI+eyEExc+n4/IH32CnV IOFspvKill/A/E/HV2VAhZ1L3aM+UQ3YuhCpWQO5VUBR+lncn3yCVrwmG3/Cws1s9m+u 4bAd16mYRi9MJdIxlcdZBJwY/RdAHIX5uvBJxsI9dBz2OY1Ix3HuELv7WmZEWmxnx9fs TBfkSnKTUxt5PV15dbeBL2xQmK8HS30RjnjsJIxM4Wqb2O1EAY4mLFedSjpPUySTRcCr DVtd7MRtWQ+wEmDZLvxyYtW2zA1qapPo/VdnJQW5QbXAtoK16/c3Obtn3ajMeg462mLQ SZFw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=mime-version:user-agent:message-id:in-reply-to:date:references :subject:cc:to:from:x-gm-message-state:from:to:cc; bh=KOqpbvaKjjbFsITqGBcvJADxzM5RBzTKsY6ZDo4qT90=; b=MvI7e34rCSlSx3l1QA7fuAZ0g+u9OEdRC1mfFLzvSGX+AXmiG96CbqTge9gygT2otY oHYDMr88F3M10vXV076OttvKVkpmqL1zuXHGpJy8kh6qDttc2Vt2QJ6r5xxaTvOOT6PO V45u0O2u4afdC+Ql+BbOnsuIlkwZRk4/QXEWkz/2NvjiP9+Uce78mBeuw+EbPoVcFmie s/edHuS//HJpUBH81Bd0aA9gHpwMS9fCtJbELHy/DI77KOPCTPr0bOr1q4opng7ezoKk zbfFB6vTP0CIg5KeyBvE40SlgIToa8BCZOFOdmPuV6fsiPdPdIKfP9AwyxDEaAnlT6Of Lq9g== X-Gm-Message-State: ACgBeo3kW1FHBeR2wSwf9Wh5hw+j6cZGROcNk94rJIVUcBmKO1jBBK/Q TGSNHNuApmLn4Jb7f3kyi7fJIC/wYes= X-Google-Smtp-Source: AA6agR6DOuXW6LGWADX1776ga6DOW9IeG1wyNHc5esCTHp5rmnIMNrOk2kTHwKfK3MtwFXPEZQdimg== X-Received: by 2002:a05:6214:2aae:b0:476:b97e:1c1e with SMTP id js14-20020a0562142aae00b00476b97e1c1emr21954577qvb.126.1660092484950; Tue, 09 Aug 2022 17:48:04 -0700 (PDT) Received: from hurd (dsl-10-135-11.b2b2c.ca. [72.10.135.11]) by smtp.gmail.com with ESMTPSA id e8-20020ac86708000000b0031ee01443b4sm10716874qtp.74.2022.08.09.17.48.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Aug 2022 17:48:04 -0700 (PDT) From: Maxim Cournoyer To: Simon Josefsson Subject: Re: GSS development status References: <87o968i9gh.fsf@gmail.com> <87r11ttqq0.fsf@latte.josefsson.org> Date: Tue, 09 Aug 2022 20:48:03 -0400 In-Reply-To: <87r11ttqq0.fsf@latte.josefsson.org> (Simon Josefsson's message of "Sat, 06 Aug 2022 16:02:31 +0200") Message-ID: <877d3gorek.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 34632 Cc: 34632@debbugs.gnu.org, help-gss@gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi Simon, Simon Josefsson writes: > Maxim Cournoyer writes: > >> Hello, >> >> I'd like to inquire about the development status of GSS? Has it left the >> beta status? Are bugs still being fixed? Is there any known or presumed >> security issues when using GSS rather than its more mainstream >> implementation in MIT Kerberos? >> >> I'm asking because the GNU Guix project is considering a switch from GNU >> GSS to MIT krb5 for security reasons [0], given that no new releases have >> been made since 2014. >> >> Thank you, >> >> Maxim Cournoyer >> >> [0] http://issues.guix.info/issue/34632 > > Hi Maxim, > > Sorry for the slow response, which may in part be an answer to your > question. However I have just released GNU GSS version 1.0.4 to refresh > the project, and have setup CI/CD checking of it to pave the road for > future improvements. To my knowledge there are only two major missing > features: > > 1) Missing gss_wrap() AES functionality. This prevents SASL GSS-API > to complete on modern machines. Shishi supports AES and GSSLib > supports it for GSS_Init_sec_context etc but not GSS_wrap. > > 2) Shishi doesn't use the same ccache/keytab files as MIT Kerberos and > Heimdal. > > I hope to complete 1) in the future. For 2), fixing it would be a GNU > Shishi feature that should be simple to resolve -- it ships with tools > ccache2shishi and keytab2shishi to convert the files, but that should be > done automatically internally by the library instead. > > Indeed getting these enrolled in the OSS Fuzz project would be a great > contribution. My primary goal is to do a new release of GNU Shishi and > improve the CI/CD integration checks to have good confidence in future > changes. > > Regarding what 'gsasl' and 'curl' should be linked against in GNU Guix, > I believe it would be much nicer if you would use the 'Libgssglue' > package instead! Then the user can change GSS-API library at run-time. > Read about this work here: > > https://blog.josefsson.org/2022/07/14/towards-pluggable-gss-api-modules/ Thank you for this update! I'm happy to read you are picking up maintenance of GSS. The libgssglue is interesting... I'll have to read about it to know how it's intended to be used. Thanks, and long live GNU GSS! Maxim From unknown Tue Jun 17 20:11:23 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Wed, 07 Sep 2022 11:24:05 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator