Ubuntu
gnutls26 package

Merge lp:~nutznboltz-deactivatedaccount/ubuntu/precise/gnutls26/fix-lp926350 into lp:ubuntu/precise/gnutls26

  1. Precise (12.04)
  2. fix-lp926350
  3. Merge into precise
Proposed by nutznboltz
Status: Needs review
Proposed branch: lp:~nutznboltz-deactivatedaccount/ubuntu/precise/gnutls26/fix-lp926350
Merge into: lp:ubuntu/precise/gnutls26
Diff against target: 48 lines (+9/-3)
3 files modified
debian/changelog (+6/-0)
debian/control (+2/-2)
debian/rules (+1/-1)
To merge this branch: bzr merge lp:~nutznboltz-deactivatedaccount/ubuntu/precise/gnutls26/fix-lp926350
Reviewer Review Type Date Requested Status
Colin Watson Needs Information
Review via email: mp+91510@code.launchpad.net

Description of the change

If your account is an LDAP one and your LDAP client connects to its LDAP server via SSL then running setuid programs from your account fail since libgcrypt11 is horribly broken and upstream GnuTLS no longer recommends using it as the backend crypto library:
http://lists.debian.org/debian-legal/2011/02/msg00006.html

In the past it was possible to work around this by using nscd but that work around no longer has any effect.

When I rebuild gnutls26 with nettle I am able to use setuid binaries from my LDAP account which connects via SSL to its LDAP server.

To post a comment you must log in.
Revision history for this message
Colin Watson (cjwatson) wrote :

I understand that this is a problem, but I'm reluctant to accept this particular change unless either libgmp's licensing is relaxed or somebody verifies exhaustively that there is no LGPLv2-only software linked against gnutls26, as per the subthread here:

  http://lists.debian.org/debian-legal/2011/02/msg00013.html

We reluctantly backed off from the idea of switching precise to gnutls28 for similar reasons.

review: Needs Information
Reply

Unmerged revisions

35. By nutznboltz

Fix LDAP+SSL client use of setuid binaries. (LP: #926350)

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'debian/changelog'
2--- debian/changelog 2012-01-24 20:05:00 +0000
3+++ debian/changelog 2012-02-03 21:55:23 +0000
4@@ -1,3 +1,9 @@
5+gnutls26 (2.12.14-5ubuntu3) precise; urgency=low
6+
7+ * Fix LDAP+SSL client use of setuid binaries. (LP: #926350)
8+
9+ -- Ken Stailey <ksta@oneiric-32> Fri, 03 Feb 2012 16:44:49 -0500
10+
11 gnutls26 (2.12.14-5ubuntu2) precise; urgency=low
12
13 * Bump the version of gnutls-doc too, for the same reason as gnutls-bin.
14
15=== modified file 'debian/control'
16--- debian/control 2012-01-24 18:18:46 +0000
17+++ debian/control 2012-02-03 21:55:23 +0000
18@@ -7,7 +7,7 @@
19 Eric Dorland <eric@debian.org>,
20 James Westby <jw+debian@jameswestby.net>,
21 Simon Josefsson <simon@josefsson.org>
22-Build-Depends: debhelper (>= 8.1.3), libgcrypt11-dev (>= 1.4.0), zlib1g-dev,
23+Build-Depends: debhelper (>= 8.1.3), nettle-dev (>= 2.4), zlib1g-dev,
24 cdbs (>= 0.4.93), gtk-doc-tools, texinfo (>= 4.8),
25 libtasn1-3-dev (>= 0.3.4-0), autotools-dev, datefudge,
26 libp11-kit-dev (>= 0.4), pkg-config, chrpath
27@@ -23,7 +23,7 @@
28 Provides: gnutls-dev
29 Depends: libgnutls26 (= ${binary:Version}),
30 libgnutlsxx27 (= ${binary:Version}),libgnutls-openssl27 (= ${binary:Version}),
31- libgcrypt11-dev (>= 1.4.0), libc6-dev | libc-dev, zlib1g-dev,
32+ nettle-dev (>= 2.4), libc6-dev | libc-dev, zlib1g-dev,
33 libtasn1-3-dev (>= 0.3.4), libp11-kit-dev (>= 0.4), ${misc:Depends}
34 Suggests: gnutls-doc, gnutls-bin
35 Conflicts: gnutls-dev
36
37=== modified file 'debian/rules'
38--- debian/rules 2012-01-24 20:05:00 +0000
39+++ debian/rules 2012-02-03 21:55:23 +0000
40@@ -6,7 +6,7 @@
41
42 DEB_CONFIGURE_EXTRA_FLAGS = --enable-ld-version-script --enable-cxx \
43 --without-lzo --disable-guile \
44- --cache-file=$(CURDIR)/config.cache --with-libgcrypt \
45+ --cache-file=$(CURDIR)/config.cache \
46 --with-packager=Debian \
47 --with-packager-bug-reports=http://bugs.debian.org/ \
48 --with-packager-version="$(DEB_VERSION)" \

Subscribers

People subscribed via source and target branches

to all changes: