Package: glibc Version: 2.42-14 Severity: wishlist Debian currently skips building the libnss-db library from the glibc codebase. Instead, it provides a separate libnss-db package based on an older standalone codebase.
That standalone codebase was split out of glibc around 2012, when Oracle acquired BerkeleyDB and glibc moved its nss-db backend to a BerkeleyDB-free implementation with an incompatible on-disk format. The Debian libnss-db package is therefore based on an old, now largely unmaintained implementation, which has a number of bugs. In particular: - it performs poorly during enumeration because of redundant openat() calls; - it can occasionally cause initgroups() to set incorrect group membership at login, because getgrouplist() is not thread-safe. I can provide reproducers for those bugs if useful, but those are separate issues; I mention them here only as context and motivation for this request. The glibc implementation is of better quality and would be a worthwhile alternative. I am preparing an MR in Salsa to make a new libc6-libnss-db package as part of glibc to address this issue. This package is functionally identical to the current libnss-db package and can replace it, although both packages cannot be installed at the same time.
