Debian Bug report logs - #560333
libc6: getpwnam shows shadow passwords of NIS users

version graph

Package: libc6; Maintainer for libc6 is GNU Libc Maintainers <debian-glibc@lists.debian.org>; Source for libc6 is src:eglibc.

Reported by: Christoph Pleger <Christoph.Pleger@cs.tu-dortmund.de>

Date: Thu, 10 Dec 2009 14:30:01 UTC

Severity: serious

Tags: pending

Found in version glibc/2.7-18

Fixed in version eglibc/2.10.2-4

Done: Aurelien Jarno <aurel32@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>:
Bug#560333; Package libc6. (Thu, 10 Dec 2009 14:30:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Christoph Pleger <Christoph.Pleger@cs.tu-dortmund.de>:
New Bug report received and forwarded. Copy sent to GNU Libc Maintainers <debian-glibc@lists.debian.org>. (Thu, 10 Dec 2009 14:30:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Christoph Pleger <Christoph.Pleger@cs.tu-dortmund.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: libc6: getpwnam shows shadow passwords of NIS users
Date: Thu, 10 Dec 2009 15:18:27 +0100
Package: libc6
Version: 2.7-18
Severity: normal

Hello,

I have several machines where almost all user accounts come by NIS. The NIS
server is running on a Solaris machine. As usual, the Solaris NIS server
exports the passwd data in the map "passwd" and the shadow data in the map
"passwd.adjunct.byname". These two maps are mangled together in some calls
of libc6, for example in getpwnam. This makes it possible for every user who
has an account on the NIS client machine to see the encrypted passwords of
all NIS users. This is a grave security bug.

Furthermore, getspnam returns a NULL pointer for all NIS users, even if
getspnam is called by root.

Regards
  Christoph 


-- System Information:
Debian Release: 5.0.3
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-2-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libc6 depends on:
ii  libgcc1                      1:4.3.2-1.1 GCC support library

libc6 recommends no packages.

Versions of packages libc6 suggests:
pn  glibc-doc                     <none>     (no description available)
ii  libc6-i686                    2.7-18     GNU C Library: Shared libraries [i
ii  locales                       2.7-18     GNU C Library: National Language (

-- debconf information:
  glibc/upgrade: true
  glibc/restart-failed:
* glibc/restart-services: ssh openbsd-inetd cron




Information forwarded to debian-bugs-dist@lists.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>:
Bug#560333; Package libc6. (Mon, 14 Dec 2009 10:33:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Christoph Pleger <Christoph.Pleger@cs.tu-dortmund.de>:
Extra info received and forwarded to list. Copy sent to GNU Libc Maintainers <debian-glibc@lists.debian.org>. (Mon, 14 Dec 2009 10:33:03 GMT) Full text and rfc822 format available.

Message #10 received at 560333@bugs.debian.org (full text, mbox):

From: Christoph Pleger <Christoph.Pleger@cs.tu-dortmund.de>
To: 560333@bugs.debian.org
Subject: Re: libc6: getpwnam shows shadow passwords of NIS users
Date: Mon, 14 Dec 2009 11:24:14 +0100
Hello,

the problem is somehow caused by nscd. When I disable passwd caching
in /etc/nscd.conf and then restart nscd, the shadow passwords can only
be seen by root.

Because of the security risk, I recommend to set the severity of this
bug to "critical".

Regards
  Christoph




Information forwarded to debian-bugs-dist@lists.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>:
Bug#560333; Package libc6. (Mon, 14 Dec 2009 11:27:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Aurelien Jarno <aurelien@aurel32.net>:
Extra info received and forwarded to list. Copy sent to GNU Libc Maintainers <debian-glibc@lists.debian.org>. (Mon, 14 Dec 2009 11:27:04 GMT) Full text and rfc822 format available.

Message #15 received at 560333@bugs.debian.org (full text, mbox):

From: Aurelien Jarno <aurelien@aurel32.net>
To: Christoph Pleger <Christoph.Pleger@cs.tu-dortmund.de>, 560333@bugs.debian.org
Subject: Re: Bug#560333: libc6: getpwnam shows shadow passwords of NIS users
Date: Mon, 14 Dec 2009 12:25:41 +0100
Christoph Pleger a écrit :
> Hello,
> 
> the problem is somehow caused by nscd. When I disable passwd caching
> in /etc/nscd.conf and then restart nscd, the shadow passwords can only
> be seen by root.
> 

Unfortunately I don't have a NIS setup to debug that. Can you try with
libc6 / nscd from testing or unstable on a machine or even in a chroot?

If it is fixed in newer versions, we will try to find the commit fixing
this and then backport the fix. If it is not, I'll have to create a NIS
setup to debug it ;(

-- 
Aurelien Jarno                          GPG: 1024D/F1BCDB73
aurelien@aurel32.net                 http://www.aurel32.net




Information forwarded to debian-bugs-dist@lists.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>:
Bug#560333; Package libc6. (Mon, 14 Dec 2009 12:00:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Christoph Pleger <Christoph.Pleger@cs.tu-dortmund.de>:
Extra info received and forwarded to list. Copy sent to GNU Libc Maintainers <debian-glibc@lists.debian.org>. (Mon, 14 Dec 2009 12:00:06 GMT) Full text and rfc822 format available.

Message #20 received at 560333@bugs.debian.org (full text, mbox):

From: Christoph Pleger <Christoph.Pleger@cs.tu-dortmund.de>
To: 560333@bugs.debian.org
Subject: libc6: getpwnam shows shadow passwords of NIS users
Date: Mon, 14 Dec 2009 12:56:59 +0100
Hello,

the mangling of passwd and passwd.adjunct.byname happens in
glibc-2.7/nis/nss_nis/nis-pwd.c. Before I found out that nscd is part
of the problem, I tried to let the mangling happen only if the calling
user to getpwnam is root (by checking for geteuid() == 0), but that
did not solve the problem, maybe because nscd is running as root and
so the euid is always 0? After replacing the condition (geteuid() == 0)
with (1 == 0), no NIS shadow passwords are shown, not even for root.

Regards
  Christoph




Information forwarded to debian-bugs-dist@lists.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>:
Bug#560333; Package libc6. (Mon, 14 Dec 2009 12:57:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Christoph Pleger <Christoph.Pleger@cs.tu-dortmund.de>:
Extra info received and forwarded to list. Copy sent to GNU Libc Maintainers <debian-glibc@lists.debian.org>. (Mon, 14 Dec 2009 12:57:06 GMT) Full text and rfc822 format available.

Message #25 received at 560333@bugs.debian.org (full text, mbox):

From: Christoph Pleger <Christoph.Pleger@cs.tu-dortmund.de>
To: 560333@bugs.debian.org
Subject: Re: Bug#560333: libc6: getpwnam shows shadow passwords of NIS users
Date: Mon, 14 Dec 2009 13:54:23 +0100
> Unfortunately I don't have a NIS setup to debug that. Can you try with
> libc6 / nscd from testing or unstable on a machine or even in a
> chroot?
> 
> If it is fixed in newer versions, we will try to find the commit
> fixing this and then backport the fix. If it is not, I'll have to
> create a NIS setup to debug it ;(

Installation of libc6 from squeeze did not solve the problem. 




Information forwarded to debian-bugs-dist@lists.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>:
Bug#560333; Package libc6. (Wed, 16 Dec 2009 10:24:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Christoph Pleger <Christoph.Pleger@cs.tu-dortmund.de>:
Extra info received and forwarded to list. Copy sent to GNU Libc Maintainers <debian-glibc@lists.debian.org>. (Wed, 16 Dec 2009 10:24:03 GMT) Full text and rfc822 format available.

Message #30 received at 560333@bugs.debian.org (full text, mbox):

From: Christoph Pleger <Christoph.Pleger@cs.tu-dortmund.de>
To: 560333@bugs.debian.org
Subject: Re: libc6: getpwnam shows shadow passwords of NIS users
Date: Wed, 16 Dec 2009 11:21:55 +0100
[Message part 1 (text/plain, inline)]
I created the attached patch, which completely disables mangling of passwd and 
passwd.adjunct.byname maps. Additionally, the encrypted password is looked 
for in the map passwd.adjunct.byname if the map shadow.byname does not exist.

This make getpwnam and getspnam work like I think is correct (that is, 
getpwnam does not show encrypted passwords for anyone and getspnam shows 
encrypted passwords only if called by root).

But now, NIS users cannot authenticate any more. The error message 
in /var/log/auth.log is:

 FAILED LOGIN (1) on 'tty2' FOR `pleger', Authentication service cannot 
retrieve authentication info

Regards
  Christoph
[irb-nis.diff (text/x-diff, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>:
Bug#560333; Package libc6. (Tue, 22 Dec 2009 11:57:11 GMT) Full text and rfc822 format available.

Acknowledgement sent to Christoph Pleger <Christoph.Pleger@cs.tu-dortmund.de>:
Extra info received and forwarded to list. Copy sent to GNU Libc Maintainers <debian-glibc@lists.debian.org>. (Tue, 22 Dec 2009 11:57:11 GMT) Full text and rfc822 format available.

Message #35 received at 560333@bugs.debian.org (full text, mbox):

From: Christoph Pleger <Christoph.Pleger@cs.tu-dortmund.de>
To: 560333@bugs.debian.org
Subject: Re: libc6: getpwnam shows shadow passwords of NIS users
Date: Tue, 22 Dec 2009 12:51:30 +0100
[Message part 1 (text/plain, inline)]
The attached patch seems to solve the problems. It works with nscd as well as 
without nscd. Authentication works fine now.

It makes the following changes:

* In nis-pwd.c, do not mangle encrypted password from 
   passwd.adjunct.byname map  into the password field
   of passwd map, instead mangle an 'x' into the field

* In nis-spwd.c, look for key in passwd.adjunct.byname if shadow.byname
   does not exist and add the two missing fields (passwd.adjunct.byname
   has two fields less than shadow)

Maybe some people can have a look over my patch to see if I missed anything. 
[nis_shadow.diff (text/x-diff, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>:
Bug#560333; Package libc6. (Tue, 05 Jan 2010 20:51:09 GMT) Full text and rfc822 format available.

Acknowledgement sent to Aurelien Jarno <aurelien@aurel32.net>:
Extra info received and forwarded to list. Copy sent to GNU Libc Maintainers <debian-glibc@lists.debian.org>. (Tue, 05 Jan 2010 20:51:09 GMT) Full text and rfc822 format available.

Message #40 received at 560333@bugs.debian.org (full text, mbox):

From: Aurelien Jarno <aurelien@aurel32.net>
To: Christoph Pleger <Christoph.Pleger@cs.tu-dortmund.de>, 560333@bugs.debian.org
Subject: Re: Bug#560333: libc6: getpwnam shows shadow passwords of NIS users
Date: Tue, 5 Jan 2010 21:50:34 +0100
On Tue, Dec 22, 2009 at 12:51:30PM +0100, Christoph Pleger wrote:
> The attached patch seems to solve the problems. It works with nscd as well as 
> without nscd. Authentication works fine now.
> 
> It makes the following changes:
> 
> * In nis-pwd.c, do not mangle encrypted password from 
>    passwd.adjunct.byname map  into the password field
>    of passwd map, instead mangle an 'x' into the field
> 
> * In nis-spwd.c, look for key in passwd.adjunct.byname if shadow.byname
>    does not exist and add the two missing fields (passwd.adjunct.byname
>    has two fields less than shadow)
> 
> Maybe some people can have a look over my patch to see if I missed anything. 

Thanks for the patch. I don't know a lot neither about NIS nor about the
NIS API, but it basically looks ok. Some minor changes and code indentation
will probably be need before it can be accepted upstream. See my comments
inline.

In the meanwhile, I'll include it in the next glibc upload to unstable.
If no bug reports are reported after a few days, we'll also fix stable.


> diff -Naurp glibc-2.7.original/nis/nss_nis/nis-pwd.c glibc-2.7/nis/nss_nis/nis-pwd.c
> --- glibc-2.7.original/nis/nss_nis/nis-pwd.c	2006-05-02 00:31:15.000000000 +0200
> +++ glibc-2.7/nis/nss_nis/nis-pwd.c	2009-12-22 09:04:46.000000000 +0100
> @@ -275,8 +275,8 @@ internal_nis_getpwent_r (struct passwd *
>  	      yp_match (domain, "passwd.adjunct.byname", result, namelen,
>  			&result2, &len2)) == YPERR_SUCCESS)
>  	{
> -	  /* We found a passwd.adjunct entry.  Merge encrypted
> -	     password therein into original result.  */
> +	  /* We found a passwd.adjunct entry.  Merge "x"
> +	     into original result.  */
>  	  char *encrypted = strchr (result2, ':');
>  	  char *endp;
>  	  size_t restlen;
> @@ -304,7 +304,7 @@ internal_nis_getpwent_r (struct passwd *
>  
>  	  mempcpy (mempcpy (mempcpy (mempcpy (buffer, result, namelen),
>  				     ":", 1),
> -			    encrypted, endp - encrypted),
> +			    "x", 1),

I guess the test above including (endp - encrypted) and that doesn't 
appear in this patch should also be updated. Not doing so does not break
anything though.

Same issues on the similar portion of code below.

>  		   p, restlen + 1);
>  	  p = buffer;
>  
> @@ -408,8 +408,8 @@ _nss_nis_getpwnam_r (const char *name, s
>        && yp_match (domain, "passwd.adjunct.byname", name, namelen,
>  		   &result2, &len2) == YPERR_SUCCESS)
>      {
> -      /* We found a passwd.adjunct entry.  Merge encrypted password
> -	 therein into original result.  */
> +      /* We found a passwd.adjunct entry.  Merge "x"
> +	 into original result.  */
>        char *encrypted = strchr (result2, ':');
>        char *endp;
>  
> @@ -436,7 +436,7 @@ _nss_nis_getpwnam_r (const char *name, s
>  
>        __mempcpy (__mempcpy (__mempcpy (__mempcpy (buffer, name, namelen),
>  				       ":", 1),
> -			    encrypted, endp - encrypted),
> +			    "x", 1),
>  		 p, restlen + 1);
>        p = buffer;
>  
> @@ -509,8 +509,8 @@ _nss_nis_getpwuid_r (uid_t uid, struct p
>  	  yp_match (domain, "passwd.adjunct.byname", result, namelen,
>  		    &result2, &len2)) == YPERR_SUCCESS)
>      {
> -      /* We found a passwd.adjunct entry.  Merge encrypted password
> -	 therein into original result.  */
> +      /* We found a passwd.adjunct entry.  Merge "x"
> +	 into original result.  */
>        char *encrypted = strchr (result2, ':');
>        char *endp;
>        size_t restlen;
> @@ -538,7 +538,7 @@ _nss_nis_getpwuid_r (uid_t uid, struct p
>  
>        __mempcpy (__mempcpy (__mempcpy (__mempcpy (buffer, result, namelen),
>  				       ":", 1),
> -			    encrypted, endp - encrypted),
> +			    "x", 1),
>  		 p, restlen + 1);
>        p = buffer;
>  
> diff -Naurp glibc-2.7.original/nis/nss_nis/nis-spwd.c glibc-2.7/nis/nss_nis/nis-spwd.c
> --- glibc-2.7.original/nis/nss_nis/nis-spwd.c	2006-04-29 03:09:49.000000000 +0200
> +++ glibc-2.7/nis/nss_nis/nis-spwd.c	2009-12-22 10:02:25.000000000 +0100
> @@ -78,17 +78,42 @@ internal_nis_getspent_r (struct spwd *sp
>      {
>        char *result;
>        char *outkey;
> +      char *p;
>        int len;
>        int keylen;
>        int yperr;
> +      int adjunct_used = 0;
>  
> -      if (new_start)
> +      if (new_start) {
>          yperr = yp_first (domain, "shadow.byname", &outkey, &keylen, &result,
>  			  &len);
> -      else
> +        
> +        if (yperr == YPERR_MAP) {
> +	  if (result != NULL)
> +	    free result;

This should probably be free(result). Also there is indentation issues.

Same issues on the similar portion of code below.

> +
> +	  yperr = yp_first (domain, "passwd.adjunct.byname", &outkey, &keylen, &result,
> +			    &len);
> +
> +	  adjunct_used = 1;
> +	}
> +      }
> +          
> +      else {
>          yperr = yp_next (domain, "shadow.byname", oldkey, oldkeylen, &outkey,
>  			 &keylen, &result, &len);
>  
> +        if (yperr == YPERR_MAP) {
> +	  if (result != NULL)
> +	    free result;
> +
> +	  yperr = yp_next (domain, "passwd.adjunct.byname", oldkey, oldkeylen, &outkey,
> +			   &keylen, &result, &len);
> +	  
> +	  adjunct_used = 1;
> +	}
> +      }
> +
>        if (__builtin_expect (yperr != YPERR_SUCCESS, 0))
>          {
>  	  enum nss_status retval = yperr2nss (yperr);
> @@ -98,15 +123,32 @@ internal_nis_getspent_r (struct spwd *sp
>            return retval;
>          }
>  
> -      if (__builtin_expect ((size_t) (len + 1) > buflen, 0))
> -        {
> -          free (result);
> -	  *errnop = ERANGE;
> -          return NSS_STATUS_TRYAGAIN;
> -        }
> +      if (! adjunct_used)
> +	{
> +	  if (__builtin_expect ((size_t) (len + 1) > buflen, 0))
> +	    {
> +	      free (result);
> +	      *errnop = ERANGE;
> +	      return NSS_STATUS_TRYAGAIN;
> +	    }
> +
> +	  p = strncpy (buffer, result, len);
> +	  buffer[len] = '\0';  
> +	}
> +      else
> +	{
> +	  if (__builtin_expect ((size_t) (len + 3) > buflen, 0))
> +	    {
> +	      free (result);
> +	      *errnop = ERANGE;
> +	      return NSS_STATUS_TRYAGAIN;
> +	    }
> +
> +	  p = strncpy (buffer, result, len);
> +	  buffer[len] = '\0';  
> +	  p = strcat (buffer, "::");

Upstream will probably say there is more optimised code to do that, but
I am fine with it.

> +	}
>  
> -      char *p = strncpy (buffer, result, len);
> -      buffer[len] = '\0';
>        while (isspace (*p))
>          ++p;
>        free (result);
> @@ -149,6 +191,9 @@ enum nss_status
>  _nss_nis_getspnam_r (const char *name, struct spwd *sp,
>  		     char *buffer, size_t buflen, int *errnop)
>  {
> +  int adjunct_used = 0;
> +  char *p;
> +
>    if (name == NULL)
>      {
>        *errnop = EINVAL;
> @@ -164,6 +209,15 @@ _nss_nis_getspnam_r (const char *name, s
>    int yperr = yp_match (domain, "shadow.byname", name, strlen (name), &result,
>  			&len);
>  
> +  if (yperr == YPERR_MAP) {
> +    if (result != NULL)
> +      free result;
> +
> +    yperr = yp_match (domain, "passwd.adjunct.byname", name, strlen (name), &result,
> +		      &len);
> +    adjunct_used = 1;
> +  }
> +
>    if (__builtin_expect (yperr != YPERR_SUCCESS, 0))
>      {
>        enum nss_status retval = yperr2nss (yperr);
> @@ -173,15 +227,32 @@ _nss_nis_getspnam_r (const char *name, s
>        return retval;
>      }
>  
> -  if (__builtin_expect ((size_t) (len + 1) > buflen, 0))
> +  if (! adjunct_used)
>      {
> -      free (result);
> -      *errnop = ERANGE;
> -      return NSS_STATUS_TRYAGAIN;
> +      if (__builtin_expect ((size_t) (len + 1) > buflen, 0))
> +	{
> +	  free (result);
> +	  *errnop = ERANGE;
> +	  return NSS_STATUS_TRYAGAIN;
> +	}
> +
> +      p = strncpy (buffer, result, len);
> +      buffer[len] = '\0';  
>      }
> +  else
> +    {
> +      if (__builtin_expect ((size_t) (len + 3) > buflen, 0))
> +	{
> +	  free (result);
> +	  *errnop = ERANGE;
> +	  return NSS_STATUS_TRYAGAIN;
> +	}
>  
> -  char *p = strncpy (buffer, result, len);
> -  buffer[len] = '\0';
> +      p = strncpy (buffer, result, len);
> +      buffer[len] = '\0';  
> +      p = strcat (buffer, "::");
> +    }
> +  
>    while (isspace (*p))
>      ++p;
>    free (result);


-- 
Aurelien Jarno	                        GPG: 1024D/F1BCDB73
aurelien@aurel32.net                 http://www.aurel32.net




Information forwarded to debian-bugs-dist@lists.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>:
Bug#560333; Package libc6. (Wed, 06 Jan 2010 07:51:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Christoph Pleger <Christoph.Pleger@cs.tu-dortmund.de>:
Extra info received and forwarded to list. Copy sent to GNU Libc Maintainers <debian-glibc@lists.debian.org>. (Wed, 06 Jan 2010 07:51:05 GMT) Full text and rfc822 format available.

Message #45 received at 560333@bugs.debian.org (full text, mbox):

From: Christoph Pleger <Christoph.Pleger@cs.tu-dortmund.de>
To: Aurelien Jarno <aurelien@aurel32.net>, 560333@bugs.debian.org
Subject: Re: Bug#560333: libc6: getpwnam shows shadow passwords of NIS users
Date: Wed, 6 Jan 2010 08:49:48 +0100
[Message part 1 (text/plain, inline)]
Hello,

On Tue, 5 Jan 2010 21:50:34 +0100
Aurelien Jarno <aurelien@aurel32.net> wrote:

> This should probably be free(result). Also there is indentation
> issues.

Oops, my mistake, obviously I sent an obsolete version of the patch. I
remember that I got a compilation error because of the missing
parantheses.

Now, I have attached the version of the patch that I really used to
compile the package successfully.
 
Regards
  Christoph
[nis_shadow.diff (application/octet-stream, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>:
Bug#560333; Package libc6. (Wed, 06 Jan 2010 08:12:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Christoph Pleger <Christoph.Pleger@cs.tu-dortmund.de>:
Extra info received and forwarded to list. Copy sent to GNU Libc Maintainers <debian-glibc@lists.debian.org>. (Wed, 06 Jan 2010 08:12:03 GMT) Full text and rfc822 format available.

Message #50 received at 560333@bugs.debian.org (full text, mbox):

From: Christoph Pleger <Christoph.Pleger@cs.tu-dortmund.de>
To: Aurelien Jarno <aurelien@aurel32.net>
Cc: 560333@bugs.debian.org
Subject: Re: Bug#560333: libc6: getpwnam shows shadow passwords of NIS users
Date: Wed, 6 Jan 2010 09:10:17 +0100
Hello,

On Tue, 5 Jan 2010 21:50:34 +0100
Aurelien Jarno <aurelien@aurel32.net> wrote:

> Thanks for the patch. I don't know a lot neither about NIS nor about
> the NIS API, but it basically looks ok. Some minor changes and code
> indentation will probably be need before it can be accepted upstream.
> See my comments inline.

In the previous message, I forgot to mention that I sent the patch
upstream yesterday.

Regards
  Christoph




Added tag(s) pending. Request was from Aurelien Jarno <aurel32@alioth.debian.org> to control@bugs.debian.org. (Wed, 06 Jan 2010 21:21:06 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>:
Bug#560333; Package libc6. (Wed, 06 Jan 2010 22:03:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Aurelien Jarno <aurelien@aurel32.net>:
Extra info received and forwarded to list. Copy sent to GNU Libc Maintainers <debian-glibc@lists.debian.org>. (Wed, 06 Jan 2010 22:03:06 GMT) Full text and rfc822 format available.

Message #57 received at 560333@bugs.debian.org (full text, mbox):

From: Aurelien Jarno <aurelien@aurel32.net>
To: Christoph Pleger <Christoph.Pleger@cs.tu-dortmund.de>
Cc: 560333@bugs.debian.org
Subject: Re: Bug#560333: libc6: getpwnam shows shadow passwords of NIS users
Date: Wed, 6 Jan 2010 23:00:25 +0100
[Message part 1 (text/plain, inline)]
On Wed, Jan 06, 2010 at 08:49:48AM +0100, Christoph Pleger wrote:
> Hello,
> 
> On Tue, 5 Jan 2010 21:50:34 +0100
> Aurelien Jarno <aurelien@aurel32.net> wrote:
> 
> > This should probably be free(result). Also there is indentation
> > issues.
> 
> Oops, my mistake, obviously I sent an obsolete version of the patch. I
> remember that I got a compilation error because of the missing
> parantheses.
> 
> Now, I have attached the version of the patch that I really used to
> compile the package successfully.

Thanks, it's better. I have fixed the others comments of your patch, and
included it in eglibc 2.10.1-4. Please find it attached.

If nobody reports problem with this patch in a few days, I'll do the
necessary to get a security upload for lenny.

-- 
Aurelien Jarno                          GPG: 1024D/F1BCDB73
aurelien@aurel32.net                 http://www.aurel32.net
[nis_shadow.diff (text/x-diff, attachment)]

Severity set to 'serious' from 'normal' Request was from Aurelien Jarno <aurel32@debian.org> to control@bugs.debian.org. (Wed, 06 Jan 2010 22:12:13 GMT) Full text and rfc822 format available.

Reply sent to Aurelien Jarno <aurel32@debian.org>:
You have taken responsibility. (Thu, 07 Jan 2010 00:21:05 GMT) Full text and rfc822 format available.

Notification sent to Christoph Pleger <Christoph.Pleger@cs.tu-dortmund.de>:
Bug acknowledged by developer. (Thu, 07 Jan 2010 00:21:05 GMT) Full text and rfc822 format available.

Message #64 received at 560333-close@bugs.debian.org (full text, mbox):

From: Aurelien Jarno <aurel32@debian.org>
To: 560333-close@bugs.debian.org
Subject: Bug#560333: fixed in eglibc 2.10.2-4
Date: Thu, 07 Jan 2010 00:19:04 +0000
Source: eglibc
Source-Version: 2.10.2-4

We believe that the bug you reported is fixed in the latest version of
eglibc, which is due to be installed in the Debian FTP archive:

eglibc-source_2.10.2-4_all.deb
  to main/e/eglibc/eglibc-source_2.10.2-4_all.deb
eglibc_2.10.2-4.diff.gz
  to main/e/eglibc/eglibc_2.10.2-4.diff.gz
eglibc_2.10.2-4.dsc
  to main/e/eglibc/eglibc_2.10.2-4.dsc
glibc-doc_2.10.2-4_all.deb
  to main/e/eglibc/glibc-doc_2.10.2-4_all.deb
libc-bin_2.10.2-4_amd64.deb
  to main/e/eglibc/libc-bin_2.10.2-4_amd64.deb
libc-dev-bin_2.10.2-4_amd64.deb
  to main/e/eglibc/libc-dev-bin_2.10.2-4_amd64.deb
libc6-dbg_2.10.2-4_amd64.deb
  to main/e/eglibc/libc6-dbg_2.10.2-4_amd64.deb
libc6-dev-i386_2.10.2-4_amd64.deb
  to main/e/eglibc/libc6-dev-i386_2.10.2-4_amd64.deb
libc6-dev_2.10.2-4_amd64.deb
  to main/e/eglibc/libc6-dev_2.10.2-4_amd64.deb
libc6-i386_2.10.2-4_amd64.deb
  to main/e/eglibc/libc6-i386_2.10.2-4_amd64.deb
libc6-pic_2.10.2-4_amd64.deb
  to main/e/eglibc/libc6-pic_2.10.2-4_amd64.deb
libc6-prof_2.10.2-4_amd64.deb
  to main/e/eglibc/libc6-prof_2.10.2-4_amd64.deb
libc6-udeb_2.10.2-4_amd64.udeb
  to main/e/eglibc/libc6-udeb_2.10.2-4_amd64.udeb
libc6_2.10.2-4_amd64.deb
  to main/e/eglibc/libc6_2.10.2-4_amd64.deb
libnss-dns-udeb_2.10.2-4_amd64.udeb
  to main/e/eglibc/libnss-dns-udeb_2.10.2-4_amd64.udeb
libnss-files-udeb_2.10.2-4_amd64.udeb
  to main/e/eglibc/libnss-files-udeb_2.10.2-4_amd64.udeb
locales-all_2.10.2-4_amd64.deb
  to main/e/eglibc/locales-all_2.10.2-4_amd64.deb
locales_2.10.2-4_all.deb
  to main/e/eglibc/locales_2.10.2-4_all.deb
nscd_2.10.2-4_amd64.deb
  to main/e/eglibc/nscd_2.10.2-4_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 560333@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Aurelien Jarno <aurel32@debian.org> (supplier of updated eglibc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 06 Jan 2010 22:18:19 +0100
Source: eglibc
Binary: libc-bin libc-dev-bin glibc-doc eglibc-source locales locales-all nscd libc6 libc6-dev libc6-dbg libc6-prof libc6-pic libc6-udeb libc6.1 libc6.1-dev libc6.1-dbg libc6.1-prof libc6.1-pic libc6.1-udeb libc0.3 libc0.3-dev libc0.3-dbg libc0.3-prof libc0.3-pic libc0.3-udeb libc0.1 libc0.1-dev libc0.1-dbg libc0.1-prof libc0.1-pic libc0.1-udeb libc6-i386 libc6-dev-i386 libc6-sparc64 libc6-dev-sparc64 libc6-s390x libc6-dev-s390x libc6-amd64 libc6-dev-amd64 libc6-powerpc libc6-dev-powerpc libc6-ppc64 libc6-dev-ppc64 libc6-mipsn32 libc6-dev-mipsn32 libc6-mips64 libc6-dev-mips64 libc0.1-i386 libc0.1-dev-i386 libc6-sparcv9b libc6-i686 libc6-xen libc0.1-i686 libc6.1-alphaev67 libnss-dns-udeb libnss-files-udeb
Architecture: all amd64 source
Version: 2.10.2-4
Distribution: unstable
Urgency: low
Maintainer: GNU Libc Maintainers <debian-glibc@lists.debian.org>
Changed-By: Aurelien Jarno <aurel32@debian.org>
Closes: 558984 560333 563552 563636
Description: 
 eglibc-source - Embedded GNU C Library: sources
 glibc-doc  - Embedded GNU C Library: Documentation
 libc-bin   - Embedded GNU C Library: Binaries
 libc-dev-bin - Embedded GNU C Library: Development binaries
 libc0.1    - Embedded GNU C Library: Shared libraries
 libc0.1-dbg - Embedded GNU C Library: detached debugging symbols
 libc0.1-dev - Embedded GNU C Library: Development Libraries and Header Files
 libc0.1-dev-i386 - GNU C Library: 32bit development libraries for AMD64
 libc0.1-i386 - GNU C Library: 32bit shared libraries for AMD64
 libc0.1-i686 - GNU C Library: Shared libraries [i686 optimized]
 libc0.1-pic - Embedded GNU C Library: PIC archive library
 libc0.1-prof - Embedded GNU C Library: Profiling Libraries
 libc0.1-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libc0.3    - Embedded GNU C Library: Shared libraries
 libc0.3-dbg - Embedded GNU C Library: detached debugging symbols
 libc0.3-dev - Embedded GNU C Library: Development Libraries and Header Files
 libc0.3-pic - Embedded GNU C Library: PIC archive library
 libc0.3-prof - Embedded GNU C Library: Profiling Libraries
 libc0.3-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libc6      - Embedded GNU C Library: Shared libraries
 libc6-amd64 - GNU C Library: 64bit Shared libraries for AMD64
 libc6-dbg  - Embedded GNU C Library: detached debugging symbols
 libc6-dev  - Embedded GNU C Library: Development Libraries and Header Files
 libc6-dev-amd64 - GNU C Library: 64bit Development Libraries for AMD64
 libc6-dev-i386 - GNU C Library: 32-bit development libraries for AMD64
 libc6-dev-mips64 - GNU C Library: 64bit Development Libraries for MIPS64
 libc6-dev-mipsn32 - GNU C Library: n32 Development Libraries for MIPS64
 libc6-dev-powerpc - GNU C Library: 32bit powerpc development libraries for ppc64
 libc6-dev-ppc64 - GNU C Library: 64bit Development Libraries for PowerPC64
 libc6-dev-s390x - GNU C Library: 64bit Development Libraries for IBM zSeries
 libc6-dev-sparc64 - GNU C Library: 64bit Development Libraries for UltraSPARC
 libc6-i386 - GNU C Library: 32-bit shared libraries for AMD64
 libc6-i686 - GNU C Library: Shared libraries [i686 optimized]
 libc6-mips64 - GNU C Library: 64bit Shared libraries for MIPS64
 libc6-mipsn32 - GNU C Library: n32 Shared libraries for MIPS64
 libc6-pic  - Embedded GNU C Library: PIC archive library
 libc6-powerpc - GNU C Library: 32bit powerpc shared libraries for ppc64
 libc6-ppc64 - GNU C Library: 64bit Shared libraries for PowerPC64
 libc6-prof - Embedded GNU C Library: Profiling Libraries
 libc6-s390x - GNU C Library: 64bit Shared libraries for IBM zSeries
 libc6-sparc64 - GNU C Library: 64bit Shared libraries for UltraSPARC
 libc6-sparcv9b - GNU C Library: Shared libraries [v9b optimized]
 libc6-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libc6-xen  - GNU C Library: Shared libraries [Xen version]
 libc6.1    - Embedded GNU C Library: Shared libraries
 libc6.1-alphaev67 - GNU C Library: Shared libraries (EV67 optimized)
 libc6.1-dbg - Embedded GNU C Library: detached debugging symbols
 libc6.1-dev - Embedded GNU C Library: Development Libraries and Header Files
 libc6.1-pic - Embedded GNU C Library: PIC archive library
 libc6.1-prof - Embedded GNU C Library: Profiling Libraries
 libc6.1-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libnss-dns-udeb - GNU C Library: NSS helper for DNS - udeb (udeb)
 libnss-files-udeb - GNU C Library: NSS helper for files - udeb (udeb)
 locales    - Embedded GNU C Library: National Language (locale) data [support]
 locales-all - Embedded GNU C Library: Precompiled locale data
 nscd       - Embedded GNU C Library: Name Service Cache Daemon
Changes: 
 eglibc (2.10.2-4) unstable; urgency=low
 .
   [ Samuel Thibault ]
   * testsuite-checking/expected-results-i486-linux-gnu-libc: Add
     tst-atime.out failure.
 .
   [ Aurelien Jarno ]
   * Also build a libc6-sparcv9b package on sparc64.
   * Disable debian/patches/any/cvs-futimens.diff. Addresses: #563726,
     #563754.
   * Add debian/patches/localedata/locale-et_EE.diff to change weekday
     and workday to Monday.  Closes: #563636.
   * Add debian/patches/any/cvs-resolv-init.diff to fix mixing IPv4 and
     IPv6 name server in resolv.conf.
   * Add debian/patches/any/cvs-resolv-uninitialized.diff to fix an
     uninitialized variable in resolv code.
   * Add debian/patches/any/cvs-resolv-bindv6only.diff to not use
     IPV4-mapped addresses in the resolver code.  Closes: #563552.
   * Add debian/patches/any/cvs-resolv-edns0.diff to handle overly large
     answer buffers in resolver.
   * Add debian/patches/any/cvs-resolv-v6mapped.diff to fix lookup failure
     with IPv6 mapping enabled and big answers.  Closes: #558984.
   * Add debian/patches/any/submitted-nis-shadow.diff to remove encrypted
     passwords from passwd entries, and add them in shadow entries.
     Closes: #560333.
 .
   [ Petr Salinger]
   * kfreebsd/local-sysdeps.diff: update to revision 2907 (from glibc-bsd).
Checksums-Sha1: 
 052761468d4d86fa4fdd9ba08157def6eb9bf279 1816194 glibc-doc_2.10.2-4_all.deb
 5a9cad26b5dab23b431a6d82650ded0d1c0faf0f 10932664 eglibc-source_2.10.2-4_all.deb
 3e2f12a6d3e6c8be9a28ffc458fe836ec0edd6c9 4751354 locales_2.10.2-4_all.deb
 4194c976a0b5298c5bc75514cb52a9c139bbcbaa 4247006 libc6_2.10.2-4_amd64.deb
 a00fc905c506b4dc8363982d265a7cf7435d491d 2547860 libc6-dev_2.10.2-4_amd64.deb
 1469a027a8d2e45907f2b4002ba98d53ab1f287b 1994288 libc6-prof_2.10.2-4_amd64.deb
 0ccf12114d7fcdd2f03db333b94bb8030756b065 1517960 libc6-pic_2.10.2-4_amd64.deb
 c8c6d7224a18ee1fed98d2ef929c1ed1c9e3cdfc 728798 libc-bin_2.10.2-4_amd64.deb
 eb2fdff824340bdd14963eb3559f3d951b7abb39 201832 libc-dev-bin_2.10.2-4_amd64.deb
 ccecb01c4f43cfc02b4977f7e11ceaf5f76285f9 3064406 locales-all_2.10.2-4_amd64.deb
 2e76592232a4c9ac9e41c3cdf9bbfda25a5c2d34 3793578 libc6-i386_2.10.2-4_amd64.deb
 f3738464705320671d15f22b2041576528badf46 1499146 libc6-dev-i386_2.10.2-4_amd64.deb
 b07505a762a73a06423c981a4a212bfe38ebbf8d 190438 nscd_2.10.2-4_amd64.deb
 37554451ea421453f83f1adaf83cbeee4572b21d 10277258 libc6-dbg_2.10.2-4_amd64.deb
 94437fe88e21c1e3c0fc7dc284c2791f00fe964f 1133922 libc6-udeb_2.10.2-4_amd64.udeb
 bdf165710e659d8284597f7ca4ed4360d069dc7c 11232 libnss-dns-udeb_2.10.2-4_amd64.udeb
 9f105210555ac8f85e89aae0e0a6e45aa7a603fc 19498 libnss-files-udeb_2.10.2-4_amd64.udeb
 329110be0d3a6d3918ee8d6e2b1d717a518e26fc 2777 eglibc_2.10.2-4.dsc
 e5c08982eec8f1be821f1c6a943c8a8a92bad1f3 788632 eglibc_2.10.2-4.diff.gz
Checksums-Sha256: 
 769adaf34ded2b841cbe1c1ffe23cdf6a1dfc97b312a919f7218a232bdcbd2ec 1816194 glibc-doc_2.10.2-4_all.deb
 91da64e65aa4ec88a936fb14ff9eae55d2e8c51461e63d0e552ee8bf302f9a5a 10932664 eglibc-source_2.10.2-4_all.deb
 bbc08198bda16d2585800c588b19294645b0aa3c464155bcd84c89ebc1828d56 4751354 locales_2.10.2-4_all.deb
 8fa4922bdf4ed3eb2f3cb895bd6cc46be11a1e9e4c23fa632a7faf3147325b10 4247006 libc6_2.10.2-4_amd64.deb
 49a1b52d9a41f02ca5ade876f483dd4f4918ee6e9cb3b385c2d10563903fbecf 2547860 libc6-dev_2.10.2-4_amd64.deb
 8c06820674fceb76d8c04b19ad4001fc194780144766bf2d9700455c8f21dc8a 1994288 libc6-prof_2.10.2-4_amd64.deb
 72cd83efb65d3f4f6e1e005ffb646fd0604aad86aa8ca2a3037d8b081fb6c313 1517960 libc6-pic_2.10.2-4_amd64.deb
 fdaf6b7ef44660dac795bd35bbc41a4b7676580f1038959112d7a5c113abd4c9 728798 libc-bin_2.10.2-4_amd64.deb
 3a70479ba2655e334ad6c62b9f0a9bf41ac7ef47163c84ec1ae9d7640f7fc871 201832 libc-dev-bin_2.10.2-4_amd64.deb
 7923b0cea8d16d0d813565b857c0cc24fe3b00fd6ed9ada17ce9f2620e0de15e 3064406 locales-all_2.10.2-4_amd64.deb
 9fb99ab84133b7839bf650ff7144a768f74625c0e4dec7779487ae3b9fe5fbf9 3793578 libc6-i386_2.10.2-4_amd64.deb
 199e775a6107c6c8a76030d5766abf97198ff1891bd6a471a278f906e8a137a9 1499146 libc6-dev-i386_2.10.2-4_amd64.deb
 e4cdca881073711cacb57404e267f72e8a2cab9657c233dcfa23d87a5a589c64 190438 nscd_2.10.2-4_amd64.deb
 b1c976df0c3467cc84691de677fb362a90e906aa253b302e848afefa835e10db 10277258 libc6-dbg_2.10.2-4_amd64.deb
 aa48558d19fd89254b8a2772bf51e62c247a70b516a6e6f7dc467707d0914411 1133922 libc6-udeb_2.10.2-4_amd64.udeb
 272aaa35025c53c213f90269b81e911d047ce0c3cba7e9787611814c4fdd84fa 11232 libnss-dns-udeb_2.10.2-4_amd64.udeb
 c4bb081611fed737d143a37525d40a44d565d11cec2171b522555de5a0addece 19498 libnss-files-udeb_2.10.2-4_amd64.udeb
 ee28950661e63278ed663950f2c6672bd8a2772e1597bb464627033c93830088 2777 eglibc_2.10.2-4.dsc
 d7d93cc8cd621861e54292593a6f9d62df080c7402ce7c6b6205802414b94d7b 788632 eglibc_2.10.2-4.diff.gz
Files: 
 7ccab70fbfe3769f76acb6862c9f1af3 1816194 doc optional glibc-doc_2.10.2-4_all.deb
 b77eb297f334ea1e011d6e7a901a8ed1 10932664 devel optional eglibc-source_2.10.2-4_all.deb
 23c59ae986b24083b0bf08cd8cb592bf 4751354 libs standard locales_2.10.2-4_all.deb
 90e5cdbdf138bcbf095e86f9b5111c5b 4247006 libs required libc6_2.10.2-4_amd64.deb
 3875eee2c22dfb2b729c7b629863a8db 2547860 libdevel optional libc6-dev_2.10.2-4_amd64.deb
 d3783576a307ff80c6d24bc89014073a 1994288 libdevel extra libc6-prof_2.10.2-4_amd64.deb
 56e48d9f82fe9e70ffdc63d0f56cbd73 1517960 libdevel optional libc6-pic_2.10.2-4_amd64.deb
 d34441e8dc14442a6af404d89de1e07a 728798 libs required libc-bin_2.10.2-4_amd64.deb
 caba48ec13c264f59ec59a34bc0b9fc5 201832 libdevel optional libc-dev-bin_2.10.2-4_amd64.deb
 1c37b9a6f2554a1c8589a062eca8a568 3064406 libs extra locales-all_2.10.2-4_amd64.deb
 7cc0c563857f581abbcf414954c9ceae 3793578 libs optional libc6-i386_2.10.2-4_amd64.deb
 fb97b8723301c27acc5de0033cf2166e 1499146 libdevel optional libc6-dev-i386_2.10.2-4_amd64.deb
 5ea77267d56dfdff809ef16f0c41a1ea 190438 admin optional nscd_2.10.2-4_amd64.deb
 57ae480e1192f5a1fc70c392ddeae7c9 10277258 debug extra libc6-dbg_2.10.2-4_amd64.deb
 3a8e7121da5b8ec1d60e0a14da82d695 1133922 debian-installer extra libc6-udeb_2.10.2-4_amd64.udeb
 759be2f12f50c9aab8f7985fce2677c8 11232 debian-installer extra libnss-dns-udeb_2.10.2-4_amd64.udeb
 67d53cdf053333f5be4cc82633c893b4 19498 debian-installer extra libnss-files-udeb_2.10.2-4_amd64.udeb
 ef23b3332cf867ae7a5e8a62534b17f7 2777 libs required eglibc_2.10.2-4.dsc
 04f4cc2fd73845bd628b3b770fe494c8 788632 libs required eglibc_2.10.2-4.diff.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iD8DBQFLRR+Ww3ao2vG823MRAh5DAKCBKHY8KHHzl1B9/RJ+nkNQ0LQmxQCePfMg
IcQrk0JgXFJl5bx0Mm+2YJE=
=JTTU
-----END PGP SIGNATURE-----





Information forwarded to debian-bugs-dist@lists.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>:
Bug#560333; Package libc6. (Sun, 17 Jan 2010 19:03:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Aurelien Jarno <aurelien@aurel32.net>:
Extra info received and forwarded to list. Copy sent to GNU Libc Maintainers <debian-glibc@lists.debian.org>. (Sun, 17 Jan 2010 19:03:03 GMT) Full text and rfc822 format available.

Message #69 received at 560333@bugs.debian.org (full text, mbox):

From: Aurelien Jarno <aurelien@aurel32.net>
To: Christoph Pleger <Christoph.Pleger@cs.tu-dortmund.de>
Cc: 560333@bugs.debian.org
Subject: Re: Bug#560333: libc6: getpwnam shows shadow passwords of NIS users
Date: Sun, 17 Jan 2010 19:58:20 +0100
[Message part 1 (text/plain, inline)]
Hi,

For your information, security uploads for etch and lenny have been
done, so we are close to release a Debian Security Announce (DSA)
with a fix (we are only missing a few builds for etch).

I have also build the lenny package for i386 and uploaded it here:
http://temp.aurel32.net/glibc-nis/ . Would it be possible that you test
that everything is still working as expected before releasing the DSA?
Thanks in advance.

Aurelien

-- 
Aurelien Jarno                          GPG: 1024D/F1BCDB73
aurelien@aurel32.net                 http://www.aurel32.net
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>:
Bug#560333; Package libc6. (Mon, 18 Jan 2010 11:36:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Christoph Pleger <Christoph.Pleger@cs.tu-dortmund.de>:
Extra info received and forwarded to list. Copy sent to GNU Libc Maintainers <debian-glibc@lists.debian.org>. (Mon, 18 Jan 2010 11:36:04 GMT) Full text and rfc822 format available.

Message #74 received at 560333@bugs.debian.org (full text, mbox):

From: Christoph Pleger <Christoph.Pleger@cs.tu-dortmund.de>
To: Aurelien Jarno <aurelien@aurel32.net>
Cc: 560333@bugs.debian.org
Subject: Re: Bug#560333: libc6: getpwnam shows shadow passwords of NIS users
Date: Mon, 18 Jan 2010 12:32:08 +0100
Hello,

> For your information, security uploads for etch and lenny have been
> done, so we are close to release a Debian Security Announce (DSA)
> with a fix (we are only missing a few builds for etch).
> 
> I have also build the lenny package for i386 and uploaded it here:
> http://temp.aurel32.net/glibc-nis/ . Would it be possible that you
> test that everything is still working as expected before releasing
> the DSA? Thanks in advance.

I tested your packages and everything worked as expected.

Regards
  Christoph




Added tag(s) pending. Request was from Clint Adams <schizo@alioth.debian.org> to control@bugs.debian.org. (Sat, 30 Jan 2010 18:12:28 GMT) Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 20 Feb 2011 07:32:21 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 00:16:51 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.