Merge lp:~nutznboltz-deactivatedaccount/ubuntu/precise/gnutls26/fix-lp926350 into lp:ubuntu/precise/gnutls26
Proposed by
nutznboltz
Status: | Needs review |
---|---|
Proposed branch: | lp:~nutznboltz-deactivatedaccount/ubuntu/precise/gnutls26/fix-lp926350 |
Merge into: | lp:ubuntu/precise/gnutls26 |
Diff against target: |
48 lines (+9/-3) 3 files modified
debian/changelog (+6/-0) debian/control (+2/-2) debian/rules (+1/-1) |
To merge this branch: | bzr merge lp:~nutznboltz-deactivatedaccount/ubuntu/precise/gnutls26/fix-lp926350 |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Colin Watson | Needs Information | ||
Review via email: mp+91510@code.launchpad.net |
Description of the change
If your account is an LDAP one and your LDAP client connects to its LDAP server via SSL then running setuid programs from your account fail since libgcrypt11 is horribly broken and upstream GnuTLS no longer recommends using it as the backend crypto library:
http://
In the past it was possible to work around this by using nscd but that work around no longer has any effect.
When I rebuild gnutls26 with nettle I am able to use setuid binaries from my LDAP account which connects via SSL to its LDAP server.
To post a comment you must log in.
Unmerged revisions
- 35. By nutznboltz
-
Fix LDAP+SSL client use of setuid binaries. (LP: #926350)
I understand that this is a problem, but I'm reluctant to accept this particular change unless either libgmp's licensing is relaxed or somebody verifies exhaustively that there is no LGPLv2-only software linked against gnutls26, as per the subthread here:
http:// lists.debian. org/debian- legal/2011/ 02/msg00013. html
We reluctantly backed off from the idea of switching precise to gnutls28 for similar reasons.