From owner-freebsd-security@FreeBSD.ORG Thu Mar 5 16:11:18 2015 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 9BFD5FE3 for ; Thu, 5 Mar 2015 16:11:18 +0000 (UTC) Received: from dmz-mailsec-scanner-8.mit.edu (dmz-mailsec-scanner-8.mit.edu [18.7.68.37]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 41F8BECA for ; Thu, 5 Mar 2015 16:11:17 +0000 (UTC) X-AuditID: 12074425-f79846d0000054e1-5a-54f8801e0d7b Received: from mailhub-auth-1.mit.edu ( [18.9.21.35]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-8.mit.edu (Symantec Messaging Gateway) with SMTP id 10.F5.21729.E1088F45; Thu, 5 Mar 2015 11:11:10 -0500 (EST) Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id t25GAnQV011874; Thu, 5 Mar 2015 11:10:49 -0500 Received: from multics.mit.edu (system-low-sipb.mit.edu [18.187.2.37]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id t25GAlUW028606 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 5 Mar 2015 11:10:49 -0500 Received: (from kaduk@localhost) by multics.mit.edu (8.12.9.20060308) id t25GAlss007715; Thu, 5 Mar 2015 11:10:47 -0500 (EST) Date: Thu, 5 Mar 2015 11:10:47 -0500 (EST) From: Benjamin Kaduk To: Erik Cederstrand Subject: Re: Missind #defines in /usr/include/gssapi/gssapi.h? In-Reply-To: <30A05DC2-951F-46E6-924B-207E5F32A949@cederstrand.dk> Message-ID: References: <30A05DC2-951F-46E6-924B-207E5F32A949@cederstrand.dk> User-Agent: Alpine 1.10 (GSO 962 2008-03-14) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrGIsWRmVeSWpSXmKPExsUixCmqrCvX8CPE4N1kDYunb+0tejY9YXNg 8mhevpjdY8an+SwBTFFcNimpOZllqUX6dglcGV/fbWMtuMZZ8fjlHbYGxiaOLkZODgkBE4kn B78zQthiEhfurWcDsYUEFjNJnDoW3MXIBWRvYJT4sPsFVOIgk8StXii7XuLV4k2sIDaLgJbE t10nweJsAioSM99sBLNFBAwkTnx8zwxiMws4Sty58BpsmbCAncSS9kfsIDangJPEgitTwebw CjhIzFtzjh1ivqPEzaVHWEBsUQEdidX7p7BA1AhKnJz5hAVippbE8unbWCYwCs5CkpqFJLWA kWkVo2xKbpVubmJmTnFqsm5xcmJeXmqRroVebmaJXmpK6SZGUJCyu6juYJxwSOkQowAHoxIP 74yN30OEWBPLiitzDzFKcjApifL+qPoRIsSXlJ9SmZFYnBFfVJqTWnyIUYKDWUmE93I9UI43 JbGyKrUoHyYlzcGiJM676QdfiJBAemJJanZqakFqEUxWhoNDSYJXB6RRsCg1PbUiLTOnBCHN xMEJMpwHaPihOpDhxQWJucWZ6RD5U4y6HG9O757JJMSSl5+XKiXOOxukSACkKKM0D24OLLm8 YhQHekuYdz1IFQ8wMcFNegW0hAloiZYY2JKSRISUVANj4VyRFM+G8igWJa+bvpZHrBN0F+su aHW4vm7ztaMbrl6J6Qw92G/V8GGFe8gWY5vvGj+jO+asLUrqmveb0yfhwUf9zZuXXTtgO6l5 /ZP8LfZv2VhyXxQob9gd/FjDQVOweJmVs/YuB4ng96biX3Pbfyac3l8smjF5Sm7au7Wn7tyf 9+XX/f3TlViKMxINtZiLihMBHRNObwkDAAA= Cc: "freebsd-security@freebsd.org" X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Mar 2015 16:11:18 -0000 On Thu, 5 Mar 2015, Erik Cederstrand wrote: > Hello list, > > Currently, installing the Python gssapi module (sudo pip install python-gssapi) fails (on FreeBSD 10.1, at least) because a lot of #defines are missing from /usr/include/gssapi/gssapi.h (installed from /usr/src/include/gssapi/gssapi.h) compared to /usr/src/crypto/heimdal/lib/gssapi/gssapi/gssapi.h, e.g.: > > #define GSS_C_AF_INET6 24 > > Is there any reason these #defines are not present? Adding the missing ones let the python-gssapi installation complete. No value has been assigned to the symbol GSS_C_AF_INET6 in a standards-track IETF document, so one might argue that its absence is the correct behavior, as unfortunate as that may be. Apparently it has been in the Heimdal tree since 1999, though (!). Since FreeBSD is basically stuck with the Heimdal implementation for POLA reasons, it would probably be okay to synchronize the installed version with Heimdal's version. My understanding was that python-gssapi was intended to support both Heimdal and MIT implementations, so given that MIT (correctly) does not provide a GSS_C_AF_INET6 symbol, I am somewhat surprised that python-gssapi cannot cope with its absence. -Ben Kaduk