Debian Bug report logs - #600458
unblock: nss-pam-ldapd/0.7.12

Package: release.debian.org; Maintainer for release.debian.org is Debian Release Team <debian-release@lists.debian.org>;

Reported by: Arthur de Jong <adejong@debian.org>

Date: Sun, 17 Oct 2010 10:57:05 UTC

Severity: normal

Done: Julien Cristau <jcristau@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#600458; Package release.debian.org. (Sun, 17 Oct 2010 10:57:08 GMT) Full text and rfc822 format available.

Acknowledgement sent to Arthur de Jong <adejong@debian.org>:
New Bug report received and forwarded. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Sun, 17 Oct 2010 10:57:08 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Arthur de Jong <adejong@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: unblock: nss-pam-ldapd/0.7.11
Date: Sun, 17 Oct 2010 12:54:05 +0200
[Message part 1 (text/plain, inline)]
Subject: unblock: nss-pam-ldapd/0.7.11
Package: release.debian.org
User: release.debian.org@packages.debian.org
Usertags: freeze-exception
Severity: normal

Please unblock version 0.7.11 of nss-pam-ldapd. It has the following
changes:

  * updated Vietnamese debconf translation by Clytie Siddall (closes: #598500)
  * grow the buffer for the PAM ruser to not reject logins for users with
    a ruser including a domain part (closes: #600065)

It is debatable whether the second one is really RC but it prevents
certain users from logging in and is a very minor change (one line in
nslcd/pam.c).


I have another pending change that fixes a problem when nslcd would hang
under certain  circumstances (using TLS and seeing a certain type of
network problem during a search). This change is a little larger and was
the result of missing a last part of #596983.

It involves setting a timeout on the socket when closing the connection
and ensuring that in all places that the connection is closed the same
function is executed. It is a workaround for a bug in OpenLDAP when used
with GnuTLS. The relevant change can be seen here:
  http://arthurdejong.org/viewvc/nss-pam-ldapd/nss-pam-ldapd/nslcd/myldap.c?r1=1276&r2=1275&pathrev=1276
(except the changes from line 690 onwards because they are specific to
changes in the trunk)

Do you want me to prepare an upload to unstable with the above change?

Thanks for considering.

-- 
-- arthur - adejong@debian.org - http://people.debian.org/~adejong --
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#600458; Package release.debian.org. (Sun, 17 Oct 2010 11:15:03 GMT) Full text and rfc822 format available.

Message #8 received at 600458@bugs.debian.org (full text, mbox):

From: Philipp Kern <pkern@debian.org>
To: 600458@bugs.debian.org
Subject: Re: Bug#600458: unblock: nss-pam-ldapd/0.7.11
Date: Sun, 17 Oct 2010 13:11:55 +0200
[Message part 1 (text/plain, inline)]
On Sun, Oct 17, 2010 at 12:54:05PM +0200, Arthur de Jong wrote:
> Please unblock version 0.7.11 of nss-pam-ldapd. It has the following
> changes:
> 
>   * updated Vietnamese debconf translation by Clytie Siddall (closes: #598500)
>   * grow the buffer for the PAM ruser to not reject logins for users with
>     a ruser including a domain part (closes: #600065)
> 
> It is debatable whether the second one is really RC but it prevents
> certain users from logging in and is a very minor change (one line in
> nslcd/pam.c).

Unblocked.

> I have another pending change that fixes a problem when nslcd would hang
> under certain  circumstances (using TLS and seeing a certain type of
> network problem during a search). This change is a little larger and was
> the result of missing a last part of #596983.
> 
> It involves setting a timeout on the socket when closing the connection
> and ensuring that in all places that the connection is closed the same
> function is executed. It is a workaround for a bug in OpenLDAP when used
> with GnuTLS. The relevant change can be seen here:
>   http://arthurdejong.org/viewvc/nss-pam-ldapd/nss-pam-ldapd/nslcd/myldap.c?r1=1276&r2=1275&pathrev=1276
> (except the changes from line 690 onwards because they are specific to
> changes in the trunk)
> 
> Do you want me to prepare an upload to unstable with the above change?

Two issues in one bug report is a bit annoying.  Please let the above
version migrate first.

Workarounds like these are really hard to judge IMHO.  But as the line 690+
changes are irrelevant you can go ahead.

Kind regards,
Philipp Kern

[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#600458; Package release.debian.org. (Fri, 29 Oct 2010 21:57:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Arthur de Jong <adejong@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Fri, 29 Oct 2010 21:57:07 GMT) Full text and rfc822 format available.

Message #13 received at 600458@bugs.debian.org (full text, mbox):

From: Arthur de Jong <adejong@debian.org>
To: Philipp Kern <pkern@debian.org>, 600458@bugs.debian.org
Subject: Re: Bug#600458: unblock: nss-pam-ldapd/0.7.11
Date: Fri, 29 Oct 2010 23:48:05 +0200
[Message part 1 (text/plain, inline)]
On Sun, 2010-10-17 at 13:11 +0200, Philipp Kern wrote:
> On Sun, Oct 17, 2010 at 12:54:05PM +0200, Arthur de Jong wrote:
> > I have another pending change that fixes a problem when nslcd would hang
> > under certain  circumstances (using TLS and seeing a certain type of
> > network problem during a search). This change is a little larger and was
> > the result of missing a last part of #596983.
> > 
> > It involves setting a timeout on the socket when closing the connection
> > and ensuring that in all places that the connection is closed the same
> > function is executed. It is a workaround for a bug in OpenLDAP when used
> > with GnuTLS. The relevant change can be seen here:
> >   http://arthurdejong.org/viewvc/nss-pam-ldapd/nss-pam-ldapd/nslcd/myldap.c?r1=1276&r2=1275&pathrev=1276
> > (except the changes from line 690 onwards because they are specific to
> > changes in the trunk)
> > 
> > Do you want me to prepare an upload to unstable with the above change?
> 
> Two issues in one bug report is a bit annoying.  Please let the above
> version migrate first.

Since 0.7.11 migrated to testing I've uploaded a version 0.7.12 to
unstable that fixes the remaining disconnect problems.

> Workarounds like these are really hard to judge IMHO.  But as the line 690+
> changes are irrelevant you can go ahead.

The diff should be minimal. Only the first part of the diff (to nslcd.c)
applies the actual timeout setting and only just before closing the
connection. When that code hits no useful data should be sent over the
connection anyway.

The other changes just replace the call to ldap_unbind() with a call to
do_close() which ensures that unbinds are done the same way in every
case.

If you need more background feel free to ask.

Thanks for your work.

-- 
-- arthur - adejong@debian.org - http://people.debian.org/~adejong --
[signature.asc (application/pgp-signature, inline)]

Changed Bug title to 'unblock: nss-pam-ldapd/0.7.12' from 'unblock: nss-pam-ldapd/0.7.11' Request was from Arthur de Jong <adejong@debian.org> to control@bugs.debian.org. (Sun, 31 Oct 2010 10:51:09 GMT) Full text and rfc822 format available.

Reply sent to Julien Cristau <jcristau@debian.org>:
You have taken responsibility. (Mon, 01 Nov 2010 13:15:07 GMT) Full text and rfc822 format available.

Notification sent to Arthur de Jong <adejong@debian.org>:
Bug acknowledged by developer. (Mon, 01 Nov 2010 13:15:07 GMT) Full text and rfc822 format available.

Message #20 received at 600458-done@bugs.debian.org (full text, mbox):

From: Julien Cristau <jcristau@debian.org>
To: Arthur de Jong <adejong@debian.org>, 600458-done@bugs.debian.org
Cc: Philipp Kern <pkern@debian.org>
Subject: Re: Bug#600458: unblock: nss-pam-ldapd/0.7.11
Date: Mon, 1 Nov 2010 14:10:47 +0100
[Message part 1 (text/plain, inline)]
On Fri, Oct 29, 2010 at 23:48:05 +0200, Arthur de Jong wrote:

> Since 0.7.11 migrated to testing I've uploaded a version 0.7.12 to
> unstable that fixes the remaining disconnect problems.
> 
Unblocked.

Cheers,
Julien
[signature.asc (application/pgp-signature, inline)]

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 30 Nov 2010 07:33:55 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 18 13:54:53 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.