Debian Bug report logs - #658739
gnutls26: LDAP+SSL account cannot use setuid binaries until gnutls26 is rebuilt with nettle not libgcrypt11

Package: libgcrypt11; Maintainer for libgcrypt11 is Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>; Source for libgcrypt11 is src:libgcrypt11.

Reported by: Ken Stailey <kstailey@yahoo.com>

Date: Sun, 5 Feb 2012 17:36:02 UTC

Severity: serious

Tags: help, patch, squeeze-ignore, wheezy-ignore

Merged with 368297, 545414, 566351, 579647, 601667, 628671, 658896

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>:
Bug#658739; Package gnutls26. (Sun, 05 Feb 2012 17:36:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Ken Stailey <kstailey@yahoo.com>:
New Bug report received and forwarded. Copy sent to Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>. (Sun, 05 Feb 2012 17:36:05 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Ken Stailey <kstailey@yahoo.com>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: gnutls26: LDAP+SSL account cannot use setuid binaries until gnutls26 is rebuilt with nettle not libgcrypt11
Date: Sun, 05 Feb 2012 12:32:35 -0500
Package: gnutls26
Version: libgnutls26
Severity: important

Dear Maintainer,

If your account is an LDAP one and your LDAP client connects to its
 LDAP server via SSL then running setuid programs from your account
 fail since libgcrypt11 is horribly broken and upstream GnuTLS
 no longer recommends using it as the backend crypto library:
http://lists.debian.org/debian-legal/2011/02/msg00006.html

In the past it was possible to work around this by using nscd
 but that work around no longer has any effect.

When I rebuild gnutls26 with nettle I am able to use setuid binaries
 from my LDAP account which connects via SSL to its LDAP server.

Reproducing:

1. Install an OpenLDAP server that speaks LDAP over SSL.

2. Install Debian Testing or Unstable and configure it to be an LDAP
 client that connects via to its LDAP server via SSL.

3. Log into the Debian system created in step using an LDAP account
 not an account in /etc/passwd.

4. Attempt to use sudo. You will see unexpected results:

$ sudo id
[sudo] password for user:
sudo: setresuid(ROOT_UID, ROOT_UID, ROOT_UID): Operation not permitted
sudo: unable to open /var/lib/sudo/user/1: Operation not permitted
sudo: unable to set gid to runas gid 0: Operation not permitted
sudo: unable to execute /usr/bin/id: Operation not permitted
$

5. Attempt to use sudo. You will see expected results:

$ sudo id
[sudo] password for user:
uid=0(root) gid=0(root) groups=0(root)

See also:
https://bugs.launchpad.net/bugs/926350

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-1-amd64 (SMP w/3 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash




Information forwarded to debian-bugs-dist@lists.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>:
Bug#658739; Package gnutls26. (Sun, 05 Feb 2012 17:39:09 GMT) Full text and rfc822 format available.

Acknowledgement sent to Ken Stailey <kstailey@yahoo.com>:
Extra info received and forwarded to list. Copy sent to Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>. (Sun, 05 Feb 2012 17:39:09 GMT) Full text and rfc822 format available.

Message #10 received at 658739@bugs.debian.org (full text, mbox):

From: Ken Stailey <kstailey@yahoo.com>
To: "658739@bugs.debian.org" <658739@bugs.debian.org>
Subject: Left out a step
Date: Sun, 5 Feb 2012 09:37:52 -0800 (PST)
Reproducing:

1. Install an OpenLDAP server that speaks LDAP over SSL.

2. Install Debian Testing or Unstable and configure it to be an LDAP
client that connects via to its LDAP server via SSL.

3. Log into the Debian system created in step using an LDAP account
not an account in /etc/passwd.

4. Attempt to use sudo. You will see unexpected results:

$ sudo id
[sudo] password for user:
sudo: setresuid(ROOT_UID, ROOT_UID, ROOT_UID): Operation not permitted
sudo: unable to open /var/lib/sudo/user/1: Operation not permitted
sudo: unable to set gid to runas gid 0: Operation not permitted
sudo: unable to execute /usr/bin/id: Operation not permitted
$


5. Patch system:

apt-get build-dep libgnutls26

apt-get source gnutls26
to fetch the source for gnutls26-2.12.14
then chop out
--with-libgcrypt
from the debian/rules file

and rebuild gnutls26
debuild -i -uc -us -b
and install the resulting .deb files.

6. Attempt to use sudo. You will see expected results:

$ sudo id
[sudo] password for user:
uid=0(root) gid=0(root) groups=0(root)





Information forwarded to debian-bugs-dist@lists.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>:
Bug#658739; Package gnutls26. (Tue, 24 Apr 2012 15:27:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Thorsten Glaser <tg@mirbsd.de>:
Extra info received and forwarded to list. Copy sent to Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>. (Tue, 24 Apr 2012 15:27:03 GMT) Full text and rfc822 format available.

Message #15 received at 658739@bugs.debian.org (full text, mbox):

From: Thorsten Glaser <tg@mirbsd.de>
To: Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>, "Richard A Nelson (Rick) as libnss-ldap maintainer" <cowboy@debian.org>, 658739@bugs.debian.org, 423252@bugs.launchpad.net, 926350@bugs.launchpad.net, Ubuntu Core Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Subject: nss-ldap, SUID executables, gcrypt
Date: Tue, 24 Apr 2012 17:25:07 +0200 (CEST)
Hi all,

this bug has been brought to my attention by my boss today.
If I understand the situation correctly, the problem is:

• OpenLDAP links against GnuTLS (gnutls26)
• gnutls26 links against gcrypt, which has the bug
• gnutls28 links against nettle, but also gmp which is LGPLv3+
• OpenLDAP thus can’t link against gnutls28, as it has reverse
  dependencies that are not LGPLv3-/GPLv3-compatible
• the package affected is libnss-ldap though

For some reason, neither nscd nor unscd seem to be able to
work around this bug, so it has become rather critical (e.g.
for use in company networks).

Why not do a readline and provide *two* versions of the
OpenLDAP client libraries, keep libldap-2.4-2 linked
against gnutls26 and add another shared library plus
development package (with at least the two shared library
packages coïnstallable) to link against gnutls28 and build
these BOTH from the SAME source package at the SAME time,
so an upload of OpenLDAP will not need another package to
be (re-)built to stay in sync.

Did anyone think of it already and will shoot this idea
down immediately? Or could it work?

bye,
//mirabilos • tg@debian.org
-- 
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-314
HRB AG Bonn 5168 • USt-ID (VAT): DE122264941
Geschäftsführer: Boris Esser, Elmar Geese




Information forwarded to debian-bugs-dist@lists.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>:
Bug#658739; Package gnutls26. (Wed, 19 Sep 2012 20:36:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Pete Hicks <pete@monkeyinferno.com>:
Extra info received and forwarded to list. Copy sent to Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>. (Wed, 19 Sep 2012 20:36:06 GMT) Full text and rfc822 format available.

Message #20 received at 658739@bugs.debian.org (full text, mbox):

From: Pete Hicks <pete@monkeyinferno.com>
To: 658739@bugs.debian.org
Subject: RE: gnutls26: LDAP+SSL account cannot use setuid binaries until gnutls26 is rebuilt with nettle not libgcrypt11
Date: Wed, 19 Sep 2012 13:31:24 -0700
Can we *please* get a fix for this before Wheezy is released? I have
encountered this bug in Ubuntu Lucid years ago and had to rebuild the
package without libgcrypt to get around it. It would a shame if wheezy
was moved to stable and this bug was not fixed, especially since the
fix seems so trivial.



Information forwarded to debian-bugs-dist@lists.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>:
Bug#658739; Package gnutls26. (Mon, 01 Oct 2012 19:27:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Felix Palmen <felix@palmen-it.de>:
Extra info received and forwarded to list. Copy sent to Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>. (Mon, 01 Oct 2012 19:27:03 GMT) Full text and rfc822 format available.

Message #25 received at 658739@bugs.debian.org (full text, mbox):

From: Felix Palmen <felix@palmen-it.de>
To: 658739@bugs.debian.org
Subject: RE: gnutls26: LDAP+SSL account cannot use setuid binaries until gnutls26 is rebuilt with nettle not libgcrypt11
Date: Mon, 1 Oct 2012 20:37:59 +0200
Thanks for providing the workaround, works now for me.

Just wanted to share I had to add the configure-option
--disable-valgrind-tests
in order to successfully rebuild the package without libgcrypt, because the 
valgrind tests found some lost bytes.

-- 
 Dipl.-Inform. Felix Palmen  <felix@palmen-it.de>   ,.//..........
 {web}  http://palmen-it.de  {jabber} [see email]   ,//palmen-it.de
 {pgp public key}     http://palmen-it.de/pub.txt   //   """""""""""
 {pgp fingerprint} ED9B 62D0 BE39 32F9 2488 5D0C 8177 9D80 5ECF F683



Information forwarded to debian-bugs-dist@lists.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>:
Bug#658739; Package gnutls26. (Wed, 17 Oct 2012 12:57:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Markus Spanner <markus.spanner@physik.fau.de>:
Extra info received and forwarded to list. Copy sent to Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>. (Wed, 17 Oct 2012 12:57:06 GMT) Full text and rfc822 format available.

Message #30 received at 658739@bugs.debian.org (full text, mbox):

From: Markus Spanner <markus.spanner@physik.fau.de>
To: 658739@bugs.debian.org
Subject: Re: gnutls26: LDAP+SSL account cannot use setuid binaries until, gnutls26 is rebuilt with nettle not libgcrypt11
Date: Wed, 17 Oct 2012 14:46:51 +0200
Buildung libgnutls26 without '--with-libgcrypt' makes sudo working for 
ldap-accounts here as well.
So please consider applying this fix in wheezy.



Information forwarded to debian-bugs-dist@lists.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>:
Bug#658739; Package gnutls26. (Wed, 24 Oct 2012 12:45:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Joerg Jaspert <joerg@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>. (Wed, 24 Oct 2012 12:45:03 GMT) Full text and rfc822 format available.

Message #35 received at 658739@bugs.debian.org (full text, mbox):

From: Joerg Jaspert <joerg@debian.org>
To: <658739@bugs.debian.org>
Cc: <control@bugs.debian.org>
Subject: Broken su/sudo/whatever - breaks systems - up goes the severity
Date: Wed, 24 Oct 2012 14:43:08 +0200
severity 658739 grave
thanks

Hi

The bug log is a bit long and contains some things not really useful, 
so let me
give another summary here please.

Have ldap servers somewhere, serving you your users and groups.

Setup your libnss and pam access like this:
--------------
base dc=whatever
uri ldap://serverb.../ ldap://servera.../
ldap_version 3
rootbinddn cn=admin,dc=whatever
ssl start_tls
tls_checkpeer yes
tls_cacertfile /etc/ssl/ca.cert
--------------

In other words, access your ldap server using ssl.

getent passwd/group all works.
Login works.

Try su to another user.

You will see, in auth.log:

Oct 24 12:25:23 AAAAA su[12964]: pam_unix(su:auth): authentication 
failure; logname=user uid=1011 euid=1011 tty=/dev/pts/10 ruser=user 
rhost=  user=targetuser
Oct 24 12:25:23 AAAAA su[12964]: Successful su for targetuser by user
Oct 24 12:25:23 AAAAA su[12964]: + /dev/pts/10 user:targetuser
Oct 24 12:25:23 AAAAA su[12964]: bad group ID `53' for user 
`targetuser': Operation not permitted

And the su you started errors out and you are back as your normal user.

Now, go and change the above nss/pam config to NOT have the "ssl 
start_tls" line. No other change.
and su again.

You will end up, no trouble, as the targetuser.


Maybe the rebuild without gcrypt is a solution. I don't know, I have no 
idea what other functionality
then might be missing. Ignoring this sure is not. It might also be that 
the bug originates elsewhere, though
don't ask me where. But I know that not having this fixed in wheezy 
(and if possible in squeeze too) would
be a real shame. SSL secured ldap servers are not really uncommon, 
after all there are accounts and passwords
in there...

-- 
bye Joerg



Severity set to 'grave' from 'important' Request was from Joerg Jaspert <joerg@debian.org> to control@bugs.debian.org. (Wed, 24 Oct 2012 12:45:07 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>:
Bug#658739; Package gnutls26. (Sat, 03 Nov 2012 16:51:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Andreas Metzler <ametzler@downhill.at.eu.org>:
Extra info received and forwarded to list. Copy sent to Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>. (Sat, 03 Nov 2012 16:51:03 GMT) Full text and rfc822 format available.

Message #42 received at 658739@bugs.debian.org (full text, mbox):

From: Andreas Metzler <ametzler@downhill.at.eu.org>
To: 658739@bugs.debian.org
Subject: Re: Bug#658739: Broken su/sudo/whatever - breaks systems - up goes the severity
Date: Sat, 3 Nov 2012 17:46:41 +0100
On 2012-10-24 Joerg Jaspert <joerg@debian.org> wrote:
[...]
> Maybe the rebuild without gcrypt is a solution. I don't know, I have
> no idea what other functionality then might be missing.

Hello,
It is not possible currently for Debian to use nettle instead of
gcrypt for license reasons. Nettle links against gmp which is LGPLv3+,
but some of the gnutls-using applications in Debian have an LGPLv3
incompatible license like GPLv2, e.g. cups.

The actual issue has its proper bug-report here
<http://bugs.debian.org/368297> and here
<https://bugs.launchpad.net/debian/+source/sudo/+bug/423252>, I am
keeping this one assigned to gnutls as a pointer.

cu Andreas



Information forwarded to debian-bugs-dist@lists.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>:
Bug#658739; Package gnutls26. (Fri, 16 Nov 2012 07:24:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Martijn van Brummelen" <martijn@brumit.nl>:
Extra info received and forwarded to list. Copy sent to Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>. (Fri, 16 Nov 2012 07:24:03 GMT) Full text and rfc822 format available.

Message #47 received at 658739@bugs.debian.org (full text, mbox):

From: "Martijn van Brummelen" <martijn@brumit.nl>
To: 658739@bugs.debian.org
Subject: Patch from Ubuntu
Date: Fri, 16 Nov 2012 08:11:16 +0100
[Message part 1 (text/plain, inline)]
I rebuild Wheezy's version of libgcrypt11_1.5.0-3 with the
patch(no_global_init_during_thread_callbacks.diff)  from Ubuntu.
I can confirm the new patched version of libgcrypt solves this problem,
and I am able to use sudo again.

Can someone review this patch and see if it would be a suitable solution
to fix this problem?

If needed I can prepare a NMU.

Regards,
Martijn van Brummelen
[no_global_init_during_thread_callbacks.diff (text/x-diff, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>:
Bug#658739; Package gnutls26. (Fri, 16 Nov 2012 18:27:08 GMT) Full text and rfc822 format available.

Acknowledgement sent to Andreas Metzler <ametzler@downhill.at.eu.org>:
Extra info received and forwarded to list. Copy sent to Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>. (Fri, 16 Nov 2012 18:27:08 GMT) Full text and rfc822 format available.

Message #52 received at 658739@bugs.debian.org (full text, mbox):

From: Andreas Metzler <ametzler@downhill.at.eu.org>
To: Martijn van Brummelen <martijn@brumit.nl>, 658739@bugs.debian.org
Cc: 368297@bugs.debian.org
Subject: Re: Bug#658739: Patch from Ubuntu
Date: Fri, 16 Nov 2012 19:24:05 +0100
On 2012-11-16 Martijn van Brummelen <martijn@brumit.nl> wrote:
> I rebuild Wheezy's version of libgcrypt11_1.5.0-3 with the
> patch(no_global_init_during_thread_callbacks.diff)  from Ubuntu.
> I can confirm the new patched version of libgcrypt solves this problem,
> and I am able to use sudo again.

> Can someone review this patch and see if it would be a suitable solution
> to fix this problem?

> If needed I can prepare a NMU.

Hello,
The patch from Ubuntu breaks other stuff. See
<https://bugs.launchpad.net/ubuntu/+source/libgcrypt11/+bug/1013798>
and duplicates. Note that although this (LP 1013798) was fixed in
1.5.0-3ubuntu2 the patch had to be pulled again in 1.5.0-3ubuntu2.1
because of
<https://bugs.launchpad.net/ubuntu/+source/libgcrypt11/+bug/1076906>

cu andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'



Information forwarded to debian-bugs-dist@lists.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>:
Bug#658739; Package gnutls26. (Fri, 16 Nov 2012 19:06:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Andreas Metzler <ametzler@downhill.at.eu.org>:
Extra info received and forwarded to list. Copy sent to Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>. (Fri, 16 Nov 2012 19:06:05 GMT) Full text and rfc822 format available.

Message #57 received at 658739@bugs.debian.org (full text, mbox):

From: Andreas Metzler <ametzler@downhill.at.eu.org>
To: Martijn van Brummelen <martijn@brumit.nl>, 658739@bugs.debian.org
Subject: Re: Bug#658739: Patch from Ubuntu
Date: Fri, 16 Nov 2012 20:03:11 +0100
On 2012-11-16 Martijn van Brummelen <martijn@brumit.nl> wrote:
[...]
> How about contacting upstream? I can try
> that, or perhaps you already had contact with Werner Koch?

Hello Martijn,

I have hasked Werner about it.
http://permalink.gmane.org/gmane.comp.encryption.gpg.libgcrypt.devel/2623

Werner said this about the patch:
| Okay, if that works, fine.  It might break other things; I don't know.
| There are enough selftests to hopefully detect such a break (in
| particular in FIPS mode).

The issue should be solved in 1.6:
| Although we can't solve all the problems we will be able to solve the
| thread initialization problem.  Libgcrypt 1.6 will ignore the thread
| callbacks and assume pthread.  Semaphores are then used for locking
| and provide a way to do thread-safe initialization.  The hopefully minor
| drawback is that one needs to link against librt.

> I tried the 1.5.0-beta1 but that did not solve the problem.

I think 1.5.0-beta1 << 1.5.0.

cu andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'



Information forwarded to debian-bugs-dist@lists.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>:
Bug#658739; Package gnutls26. (Fri, 30 Nov 2012 13:51:09 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Martijn van Brummelen" <martijn@brumit.nl>:
Extra info received and forwarded to list. Copy sent to Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>. (Fri, 30 Nov 2012 13:51:09 GMT) Full text and rfc822 format available.

Message #62 received at 658739@bugs.debian.org (full text, mbox):

From: "Martijn van Brummelen" <martijn@brumit.nl>
To: "Andreas Metzler" <ametzler@downhill.at.eu.org>
Cc: 658739@bugs.debian.org, 368297@bugs.debian.org
Subject: Re: Bug#658739: Patch from Ubuntu
Date: Fri, 30 Nov 2012 14:50:02 +0100
> Hello,
> The patch from Ubuntu breaks other stuff. See
> <https://bugs.launchpad.net/ubuntu/+source/libgcrypt11/+bug/1013798>
> and duplicates. Note that although this (LP 1013798) was fixed in
> 1.5.0-3ubuntu2 the patch had to be pulled again in 1.5.0-3ubuntu2.1
> because of
> <https://bugs.launchpad.net/ubuntu/+source/libgcrypt11/+bug/1076906>
How about suggestion nr 22 suggested on
https://bugs.launchpad.net/ubuntu/+source/gnutls26/+bug/926350
Will that do any harm? I can confirm it makes sudo work again. Will test
some more to see if it breaks anything else.

Regards,
martijn van brummelen




Information forwarded to debian-bugs-dist@lists.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>:
Bug#658739; Package gnutls26. (Sun, 02 Dec 2012 09:45:14 GMT) Full text and rfc822 format available.

Acknowledgement sent to Andreas Metzler <ametzler@downhill.at.eu.org>:
Extra info received and forwarded to list. Copy sent to Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>. (Sun, 02 Dec 2012 09:45:14 GMT) Full text and rfc822 format available.

Message #67 received at 658739@bugs.debian.org (full text, mbox):

From: Andreas Metzler <ametzler@downhill.at.eu.org>
To: Martijn van Brummelen <martijn@brumit.nl>, 658739@bugs.debian.org, 368297@bugs.debian.org
Subject: Re: Bug#658739: Patch from Ubuntu
Date: Sun, 2 Dec 2012 09:11:18 +0100
On 2012-11-30 Martijn van Brummelen <martijn@brumit.nl> wrote:
> > Hello,
> > The patch from Ubuntu breaks other stuff. See
> > <https://bugs.launchpad.net/ubuntu/+source/libgcrypt11/+bug/1013798>
> > and duplicates. Note that although this (LP 1013798) was fixed in
> > 1.5.0-3ubuntu2 the patch had to be pulled again in 1.5.0-3ubuntu2.1
> > because of
> > <https://bugs.launchpad.net/ubuntu/+source/libgcrypt11/+bug/1076906>
> How about suggestion nr 22 suggested on
> https://bugs.launchpad.net/ubuntu/+source/gnutls26/+bug/926350

We cannot switch to a GPLv2-incompatible gnutls stack on Debian
currently.[1]

cu andreas

[1] We will need to do this for wheezy + 1, because Debian
does not have the manpower to fork GnuTLS 2.x. But that is a different
discussion.



Information forwarded to debian-bugs-dist@lists.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>:
Bug#658739; Package gnutls26. (Wed, 09 Jan 2013 15:51:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Brian Kroth <bpkroth@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>. (Wed, 09 Jan 2013 15:51:06 GMT) Full text and rfc822 format available.

Message #72 received at 658739@bugs.debian.org (full text, mbox):

From: Brian Kroth <bpkroth@gmail.com>
To: 658739@bugs.debian.org
Subject: status?
Date: Wed, 9 Jan 2013 09:47:48 -0600
[Message part 1 (text/plain, inline)]
> On 2012-11-30 Martijn van Brummelen <martijn@brumit.nl> wrote:
>>> Hello,
>>> The patch from Ubuntu breaks other stuff. See
>>> <https://bugs.launchpad.net/ubuntu/+source/libgcrypt11/+bug/1013798>
>>> and duplicates. Note that although this (LP 1013798) was fixed in
>>> 1.5.0-3ubuntu2 the patch had to be pulled again in 1.5.0-3ubuntu2.1
>>> because of
>>> <https://bugs.launchpad.net/ubuntu/+source/libgcrypt11/+bug/1076906>
>> How about suggestion nr 22 suggested on
>> https://bugs.launchpad.net/ubuntu/+source/gnutls26/+bug/926350
>
> We cannot switch to a GPLv2-incompatible gnutls stack on Debian
> currently.[1]
>
> cu andreas
>
> [1] We will need to do this for wheezy + 1, because Debian
> does not have the manpower to fork GnuTLS 2.x. But that is a different
> discussion.

May I ask what the proposed/potential solutions for this is then?  This 
is a major problem holding us up from serious wheezy consideration where 
I work.

Please let me know if you'd like help testing something.

Thanks,
Brian
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>:
Bug#658739; Package gnutls26. (Wed, 09 Jan 2013 18:21:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Andreas Metzler <ametzler@downhill.at.eu.org>:
Extra info received and forwarded to list. Copy sent to Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>. (Wed, 09 Jan 2013 18:21:06 GMT) Full text and rfc822 format available.

Message #77 received at 658739@bugs.debian.org (full text, mbox):

From: Andreas Metzler <ametzler@downhill.at.eu.org>
To: Brian Kroth <bpkroth@gmail.com>, 658739@bugs.debian.org
Subject: Re: Bug#658739: status?
Date: Wed, 9 Jan 2013 19:17:28 +0100
On 2013-01-09 Brian Kroth <bpkroth@gmail.com> wrote:
[...]
> May I ask what the proposed/potential solutions for this is then?
> This is a major problem holding us up from serious wheezy
> consideration where I work.

> Please let me know if you'd like help testing something.

Hello,

sadly I have not got a plan. The Ubuntu change did not work out, it
fixed one issue but opened others. The only obvious workaround is to
use libnss-ldapd instead of libnss-ldap.

cu andreas


-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'



Information forwarded to debian-bugs-dist@lists.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>:
Bug#658739; Package gnutls26. (Wed, 09 Jan 2013 18:36:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Brian Kroth <bpkroth@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>. (Wed, 09 Jan 2013 18:36:03 GMT) Full text and rfc822 format available.

Message #82 received at 658739@bugs.debian.org (full text, mbox):

From: Brian Kroth <bpkroth@gmail.com>
To: Andreas Metzler <ametzler@downhill.at.eu.org>
Cc: 658739@bugs.debian.org
Subject: Re: Bug#658739: status?
Date: Wed, 9 Jan 2013 12:32:01 -0600
[Message part 1 (text/plain, inline)]
Andreas Metzler <ametzler@downhill.at.eu.org> 2013-01-09 19:17:
> On 2013-01-09 Brian Kroth <bpkroth@gmail.com> wrote:
> [...]
>> May I ask what the proposed/potential solutions for this is then?
>> This is a major problem holding us up from serious wheezy
>> consideration where I work.
>
>> Please let me know if you'd like help testing something.
>
> Hello,
>
> sadly I have not got a plan. The Ubuntu change did not work out, it
> fixed one issue but opened others. The only obvious workaround is to
> use libnss-ldapd instead of libnss-ldap.
>
> cu andreas

Hi, unfortunately, as I outlined here:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=658896
libnss-ldapd (or rather libpam-ldapd) is not an option for us, nor does 
it solve the problem (I've tested it).

Thanks,
Brian
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>:
Bug#658739; Package gnutls26. (Wed, 09 Jan 2013 18:45:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Brian Kroth <bpkroth@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>. (Wed, 09 Jan 2013 18:45:03 GMT) Full text and rfc822 format available.

Message #87 received at 658739@bugs.debian.org (full text, mbox):

From: Brian Kroth <bpkroth@gmail.com>
To: Andreas Metzler <ametzler@downhill.at.eu.org>
Cc: 658739@bugs.debian.org
Subject: Re: Bug#658739: status?
Date: Wed, 9 Jan 2013 12:42:09 -0600
[Message part 1 (text/plain, inline)]
Brian Paul Kroth <bpkroth@gmail.com> 2013-01-09 12:32:
> Andreas Metzler <ametzler@downhill.at.eu.org> 2013-01-09 19:17:
>> On 2013-01-09 Brian Kroth <bpkroth@gmail.com> wrote:
>> [...]
>>> May I ask what the proposed/potential solutions for this is then?
>>> This is a major problem holding us up from serious wheezy
>>> consideration where I work.
>>
>>> Please let me know if you'd like help testing something.
>>
>> Hello,
>>
>> sadly I have not got a plan. The Ubuntu change did not work out, it
>> fixed one issue but opened others. The only obvious workaround is to
>> use libnss-ldapd instead of libnss-ldap.
>>
>> cu andreas
>
> Hi, unfortunately, as I outlined here:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=658896
> libnss-ldapd (or rather libpam-ldapd) is not an option for us, nor 
> does it solve the problem (I've tested it).
>
> Thanks,
> Brian

Sorry, that should have been here:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=658896#23

We use that pam_ldap config= trick for all sorts of things/services.

Thanks,
Brian
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>:
Bug#658739; Package gnutls26. (Mon, 21 Jan 2013 06:21:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Trek <trek00@inbox.ru>:
Extra info received and forwarded to list. Copy sent to Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>. (Mon, 21 Jan 2013 06:21:06 GMT) Full text and rfc822 format available.

Message #92 received at 658739@bugs.debian.org (full text, mbox):

From: Trek <trek00@inbox.ru>
To: 658739@bugs.debian.org, Brian Kroth <bpkroth@gmail.com>
Subject: please try to downgrade libgcrypt11 to 1.4.6
Date: Mon, 21 Jan 2013 07:13:58 +0100
Hi,

can you try to downgrade libgcrypt11 to the version 1.4.6-9?
You can download it from:

http://snapshot.debian.org/archive/debian/20110807T212024Z/pool/main/libg/libgcrypt11/


this resolved a bug using claws-mail and midori with libgcrypt 1.5,
that seems to have problems with its memory management:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640123


If this is the case, may be that libgcrypt11 should be downgraded
before wheezy is released.


Ciao!



Information forwarded to debian-bugs-dist@lists.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>:
Bug#658739; Package gnutls26. (Mon, 21 Jan 2013 23:12:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Brian Kroth <bpkroth@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>. (Mon, 21 Jan 2013 23:12:04 GMT) Full text and rfc822 format available.

Message #97 received at 658739@bugs.debian.org (full text, mbox):

From: Brian Kroth <bpkroth@gmail.com>
To: Trek <trek00@inbox.ru>, 658739@bugs.debian.org
Subject: Re: Bug#658739: please try to downgrade libgcrypt11 to 1.4.6
Date: Mon, 21 Jan 2013 17:10:01 -0600
[Message part 1 (text/plain, inline)]
Trek <trek00@inbox.ru> 2013-01-21 07:13:
> Hi,
>
> can you try to downgrade libgcrypt11 to the version 1.4.6-9?
> You can download it from:
>
> http://snapshot.debian.org/archive/debian/20110807T212024Z/pool/main/libg/libgcrypt11/
>
>
> this resolved a bug using claws-mail and midori with libgcrypt 1.5,
> that seems to have problems with its memory management:
>
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640123
>
>
> If this is the case, may be that libgcrypt11 should be downgraded
> before wheezy is released.
>
>
> Ciao!

Hello, here's what I tried (for amd64 and i386):

# wget http://snapshot.debian.org/archive/debian/20110807T212024Z/pool/main/libg/libgcrypt11/libgcrypt11_1.4.6-9_amd64.deb
# /bin/su -
# dpkg -i libgcrypt11_1.4.6-9_amd64.deb
# reboot (just for good measure in case /etc/init.d/nscd restart didn't do the trick)

# sudo -s
sudo: PERM_ROOT: setresuid(0, -1, -1): Operation not permitted
sudo: unable to open /var/lib/sudo/bpkroth/2: Operation not permitted
sudo: unable to set supplementary group IDs: Operation not permitted
sudo: unable to execute /bin/bash: Operation not permitted

So, still no luck.  Let me know if you need anything else (eg: various 
packages rebuilt against that version?).

Thanks,
Brian
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>:
Bug#658739; Package gnutls26. (Wed, 23 Jan 2013 14:27:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Carlos Alberto Lopez Perez <clopez@igalia.com>:
Extra info received and forwarded to list. Copy sent to Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>. (Wed, 23 Jan 2013 14:27:03 GMT) Full text and rfc822 format available.

Message #102 received at 658739@bugs.debian.org (full text, mbox):

From: Carlos Alberto Lopez Perez <clopez@igalia.com>
To: Andreas Metzler <ametzler@downhill.at.eu.org>
Cc: 658739@bugs.debian.org
Subject: Re: Re: Bug#658739: Broken su/sudo/whatever - breaks systems - up goes the severity
Date: Wed, 23 Jan 2013 15:25:47 +0100
[Message part 1 (text/plain, inline)]
On 03/11/12 17:46, Andreas Metzler wrote:
> On 2012-10-24 Joerg Jaspert <joerg@debian.org> wrote:
> [...]
>> Maybe the rebuild without gcrypt is a solution. I don't know, I have
>> no idea what other functionality then might be missing.
> 
> Hello,
> It is not possible currently for Debian to use nettle instead of
> gcrypt for license reasons. Nettle links against gmp which is LGPLv3+,
> but some of the gnutls-using applications in Debian have an LGPLv3
> incompatible license like GPLv2, e.g. cups.
> 

On 02/12/12 09:11, Andreas Metzler wrote:
> We cannot switch to a GPLv2-incompatible gnutls stack on Debian
> currently.[1]
>
> cu andreas
>
> [1] We will need to do this for wheezy + 1, because Debian
> does not have the manpower to fork GnuTLS 2.x. But that is a different
> discussion.
>

And how this "legal" issue will be solved in Wheezy+1? I fail to see how
this will change in the future other than compiling cups with OpenSSL.

I found this old discussion about dual-licensing GMP:
http://gmplib.org/list-archives/gmp-devel/2011-May/001946.html

But after reading it, I know the same than before...


Cheers.

[signature.asc (application/pgp-signature, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>:
Bug#658739; Package gnutls26. (Wed, 23 Jan 2013 18:18:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Andreas Metzler <ametzler@downhill.at.eu.org>:
Extra info received and forwarded to list. Copy sent to Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>. (Wed, 23 Jan 2013 18:18:03 GMT) Full text and rfc822 format available.

Message #107 received at 658739@bugs.debian.org (full text, mbox):

From: Andreas Metzler <ametzler@downhill.at.eu.org>
To: Carlos Alberto Lopez Perez <clopez@igalia.com>, 658739@bugs.debian.org
Subject: Re: Bug#658739: Broken su/sudo/whatever - breaks systems - up goes the severity
Date: Wed, 23 Jan 2013 19:16:19 +0100
On 2013-01-23 Carlos Alberto Lopez Perez <clopez@igalia.com> wrote:
> On 03/11/12 17:46, Andreas Metzler wrote:
[...]
> > We cannot switch to a GPLv2-incompatible gnutls stack on Debian
> > currently.[1]

> > cu andreas

> > [1] We will need to do this for wheezy + 1, because Debian
> > does not have the manpower to fork GnuTLS 2.x. But that is a different
> > discussion.

> And how this "legal" issue will be solved in Wheezy+1? I fail to see how
> this will change in the future other than compiling cups with OpenSSL.

Hello,
I guess basically the only option is to drop SSL support from the
respective incompatible packages or get them relicensed or write some
code to use a different SSL toolkit.

> I found this old discussion about dual-licensing GMP:
> http://gmplib.org/list-archives/gmp-devel/2011-May/001946.html

> But after reading it, I know the same than before...

I have tried multiple times in vain to get a response from GMP
maintainers with respect to a license change. Either my efforts were
too badly worded or upstream simply does not want to even discuss
switching to a GPLv2 compatible licensing. :-(
cu andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'



Information forwarded to debian-bugs-dist@lists.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>:
Bug#658739; Package gnutls26. (Thu, 24 Jan 2013 14:27:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Martijn van Brummelen" <martijn@brumit.nl>:
Extra info received and forwarded to list. Copy sent to Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>. (Thu, 24 Jan 2013 14:27:06 GMT) Full text and rfc822 format available.

Message #112 received at 658739@bugs.debian.org (full text, mbox):

From: "Martijn van Brummelen" <martijn@brumit.nl>
To: 658739@bugs.debian.org
Subject: libnss-ldapd/libpam-ldapd not a solution
Date: Thu, 24 Jan 2013 15:20:22 +0100
The suggested solution of using libnss-ldap/libpam-ldapd is not a solution
for this problem, since libnss-ldap/libpam-ldapd does not provide nested
groups.

Regards,
Martijn van Brummelen




Information forwarded to debian-bugs-dist@lists.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>:
Bug#658739; Package gnutls26. (Tue, 05 Feb 2013 03:24:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Carlos Alberto Lopez Perez <clopez@igalia.com>:
Extra info received and forwarded to list. Copy sent to Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>. (Tue, 05 Feb 2013 03:24:03 GMT) Full text and rfc822 format available.

Message #117 received at 658739@bugs.debian.org (full text, mbox):

From: Carlos Alberto Lopez Perez <clopez@igalia.com>
To: 658739@bugs.debian.org
Cc: control@bugs.debian.org
Subject: merging with 368297 and re-assigning to openldap
Date: Tue, 05 Feb 2013 04:20:04 +0100
[Message part 1 (text/plain, inline)]
reassign 658739 libldap-2.4-2 2.4.31-1
forcemerge 368297 658739
thanks

This bug is the same than #368297 and others.


I have attached a very small patch for openldap that solves the issue
for Wheezy.


It's here: http://bugs.debian.org/658896#104

[signature.asc (application/pgp-signature, attachment)]

Bug reassigned from package 'gnutls26' to 'libldap-2.4-2'. Request was from Carlos Alberto Lopez Perez <clopez@igalia.com> to control@bugs.debian.org. (Tue, 05 Feb 2013 03:24:11 GMT) Full text and rfc822 format available.

No longer marked as found in versions libgnutls26. Request was from Carlos Alberto Lopez Perez <clopez@igalia.com> to control@bugs.debian.org. (Tue, 05 Feb 2013 03:24:12 GMT) Full text and rfc822 format available.

Marked as found in versions openldap/2.4.31-1. Request was from Carlos Alberto Lopez Perez <clopez@igalia.com> to control@bugs.debian.org. (Tue, 05 Feb 2013 03:24:12 GMT) Full text and rfc822 format available.

Severity set to 'serious' from 'grave' Request was from Carlos Alberto Lopez Perez <clopez@igalia.com> to control@bugs.debian.org. (Tue, 05 Feb 2013 03:24:13 GMT) Full text and rfc822 format available.

Added indication that 658739 affects libnss-ldap Request was from Carlos Alberto Lopez Perez <clopez@igalia.com> to control@bugs.debian.org. (Tue, 05 Feb 2013 03:24:13 GMT) Full text and rfc822 format available.

Added tag(s) d-i, help, and patch. Request was from Carlos Alberto Lopez Perez <clopez@igalia.com> to control@bugs.debian.org. (Tue, 05 Feb 2013 03:24:14 GMT) Full text and rfc822 format available.

Merged 368297 545414 566351 579647 601667 628671 658739 658896 Request was from Carlos Alberto Lopez Perez <clopez@igalia.com> to control@bugs.debian.org. (Tue, 05 Feb 2013 03:24:14 GMT) Full text and rfc822 format available.

Removed tag(s) d-i. Request was from Adam D. Barratt <adam@adam-barratt.org.uk> to control@bugs.debian.org. (Wed, 20 Feb 2013 11:33:04 GMT) Full text and rfc822 format available.

Bug reassigned from package 'libldap-2.4-2' to 'libgcrypt11'. Request was from Michael Gilbert <mgilbert@debian.org> to control@bugs.debian.org. (Sun, 14 Apr 2013 18:39:07 GMT) Full text and rfc822 format available.

No longer marked as found in versions openldap/2.4.31-1. Request was from Michael Gilbert <mgilbert@debian.org> to control@bugs.debian.org. (Sun, 14 Apr 2013 18:39:12 GMT) Full text and rfc822 format available.

Added tag(s) wheezy-ignore. Request was from Julien Cristau <jcristau@debian.org> to control@bugs.debian.org. (Mon, 22 Apr 2013 16:33:40 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>:
Bug#658739; Package libgcrypt11. (Tue, 05 Nov 2013 14:48:08 GMT) Full text and rfc822 format available.

Acknowledgement sent to Carlos Alberto Lopez Perez <clopez@igalia.com>:
Extra info received and forwarded to list. Copy sent to Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>. (Tue, 05 Nov 2013 14:48:08 GMT) Full text and rfc822 format available.

Message #144 received at 658739@bugs.debian.org (full text, mbox):

From: Carlos Alberto Lopez Perez <clopez@igalia.com>
To: Thorsten Glaser <tg@mirbsd.de>
Cc: 658739@bugs.debian.org, 368297@bugs.debian.org, Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>
Subject: Does OpenLDAP has any GPLv2 dependency?
Date: Tue, 05 Nov 2013 15:45:07 +0100
[Message part 1 (text/plain, inline)]
On 24/04/12 17:25, Thorsten Glaser wrote:
> Hi all,
> 
> this bug has been brought to my attention by my boss today.
> If I understand the situation correctly, the problem is:
> 
> • OpenLDAP links against GnuTLS (gnutls26)
> • gnutls26 links against gcrypt, which has the bug
> • gnutls28 links against nettle, but also gmp which is LGPLv3+
> • OpenLDAP thus can’t link against gnutls28, as it has reverse
>   dependencies that are not LGPLv3-/GPLv3-compatible
> • the package affected is libnss-ldap though
> 

Which ones are the reverse dependencies of libnss-ldap or OpenLDAP that
are LGPLv3+ incompatibles?

According to [1], the only combination forbidden is GPLv2 (LGPLv2 and
LGPLv2.1 is allowed per point 3. of the license, explained also on [1] ).

Looking at the recursive reverse dependencies of libnss-ldap [2] I fail
to find any package that is GPLv2 only.

If there isn't any GPLv2 reverse dependency, then OpenLDAP can be just
recompiled to link against gnutls28 and this long standing bug will be
fixed.

Thoughts?


Regards!
--------

[1] https://bugzilla.redhat.com/show_bug.cgi?id=986347
[2] $ apt-rdepends libnss-ldap



[signature.asc (application/pgp-signature, attachment)]

Added tag(s) squeeze-ignore. Request was from Andreas Beckmann <anbe@debian.org> to control@bugs.debian.org. (Wed, 06 Nov 2013 02:33:20 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Mon Apr 21 03:19:15 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.