Your message dated Fri, 05 Apr 2024 01:49:14 +0000
with message-id <[email protected]>
and subject line Bug#1068311: fixed in tcp-wrappers 7.6.q-33
has caused the Debian Bug report #1068311,
regarding tcp-wrappers: Can anything be done to avoid the libnsl dependency?
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1068311: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068311
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: tcp-wrappers
Version: 7.6.q-32
Severity: wishlist
The main reason why libwrap is an issue in
https://lists.debian.org/debian-ssh/2024/04/msg00004.html is that it
links to libnsl, which links to libtirpc, which links to libgssapi_krb5.
That ends up being quite a heavyweight dependency chain. As far as I
can see, libwrap uses libnsl in exactly one place: host_match calls
yp_get_default_domain.
I wondered if anything could be done to avoid this or refactor it
somehow? If that dependency chain weren't there, I would find it much
easier to justify retaining libwrap support in Debian's openssh
packaging once its direct dependency on libgssapi_krb5 is gone as
planned in the above email.
The obvious approach seems to be to dlopen libnsl only when it's needed.
As far as I can see, libwrap only needs it when you use the user@host
syntax in hosts.{allow,deny}, and people only do that on systems that
actually use NIS; such people would very likely have libnsl2 installed
for other reasons anyway (e.g. libnss-nis). Everyone else could lose
the dependency. It would be a slight increase in the complexity of
libwrap, I realize, but since NIS is only used on a minority of systems
these days, it would do a lot to reduce the number of libraries in the
process spaces of quite a few daemons on typical systems.
If such an approach sounds reasonable to you, I don't mind working on a
patch.
-- System Information:
Debian Release: trixie/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 6.6.15-amd64 (SMP w/12 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8),
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Thanks,
--
Colin Watson (he/him) [[email protected]]
--- End Message ---
--- Begin Message ---
Source: tcp-wrappers
Source-Version: 7.6.q-33
Done: Marco d'Itri <[email protected]>
We believe that the bug you reported is fixed in the latest version of
tcp-wrappers, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Marco d'Itri <[email protected]> (supplier of updated tcp-wrappers package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 05 Apr 2024 03:22:50 +0200
Source: tcp-wrappers
Architecture: source
Version: 7.6.q-33
Distribution: unstable
Urgency: medium
Maintainer: Marco d'Itri <[email protected]>
Changed-By: Marco d'Itri <[email protected]>
Closes: 1068311
Changes:
tcp-wrappers (7.6.q-33) unstable; urgency=medium
.
* Disable support for NIS netgroups to stop linking the library with
libnsl and its many dependencies. (Closes: #1068311)
Checksums-Sha1:
343e9a9631ebab9e5fe3b1b6c2984f16d84200da 1354 tcp-wrappers_7.6.q-33.dsc
398e403706819834d897fb64a404ae4bbaa153db 38348
tcp-wrappers_7.6.q-33.debian.tar.xz
92ebb218805581dbfb5694036bb56dae171e7dfe 6481
tcp-wrappers_7.6.q-33_amd64.buildinfo
Checksums-Sha256:
2f50647c31584e04965ba4376c67766f744e33cc781a463d4fd825f28e41afb2 1354
tcp-wrappers_7.6.q-33.dsc
2f2923caee212834bf0ea43c2401612837df1eb6c9f56d608c128da5d68d45ec 38348
tcp-wrappers_7.6.q-33.debian.tar.xz
d818951a6e1da6418021c659e6ca0485d189abb31efd9738bb9391bbd1d7e6d1 6481
tcp-wrappers_7.6.q-33_amd64.buildinfo
Files:
13b1b007b2ce96c2322c114303abeb7a 1354 net optional tcp-wrappers_7.6.q-33.dsc
89f06f20df13eab3d5ab1bac3e505093 38348 net optional
tcp-wrappers_7.6.q-33.debian.tar.xz
60493c80d9797cfe09a2c22a36a82183 6481 net optional
tcp-wrappers_7.6.q-33_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iHUEARYIAB0WIQQnKUXNg20437dCfobLPsM64d7XgQUCZg9TlAAKCRDLPsM64d7X
gWeqAPwPU3lRnMAj9Y4wdQSSGC6j7S7a7NXVRs62mlHqrqviXQEA6BnHe8p0T5AC
2AfyaNz2AL4YuAfUY5WPu+bZHey1hgg=
=GH6T
-----END PGP SIGNATURE-----
pgpRLPm7odTko.pgp
Description: PGP signature
--- End Message ---
