Control: found -1 nss-pam-ldapd/0.9.4-2 Control: tags -1 + pending On Mon, 2017-01-16 at 12:55 +0100, Thomas Wallrafen wrote: > See the attached ncslcd.conf file (the version before the > upgrade).
Thanks for providing the info. I tracked the bug down to a problem in the parsing of the configuration file. The bug itself was present in nss-pam-ldapd at least since 0.7.13 but it could only be triggerred since 0.9.4-2 if you have a tls_cacertdir option specified. This option will most likely be ignored on Debian because I understand that GnuTLS does not use it. It is also not configured by default which probably explained why this was not found earlier. You can probbaly safely remove or comment out the tls_cacertdir option in nslcd.conf without any ill effects. This fix is pretty simple and a patch is attached for reference. I will prepare a fix for unstable and try to get a fix into jessie soon. Thanks, -- -- arthur - adej...@debian.org - https://people.debian.org/~adejong --
Index: debian/changelog
===================================================================
--- debian/changelog (revision 2159)
+++ debian/changelog (working copy)
@@ -3,8 +3,10 @@
* recommend ca-certificate which is needed due to adding tls_cacertfile by
default (see #750949) and the checking of tls_cacertfile in 0.9.7
(closes: #836720)
+ * fix parsing of nslcd.conf tls_cacert option in package configuration
+ (closes: #851564)
- -- Arthur de Jong <adej...@debian.org> Wed, 07 Sep 2016 23:10:45 +0200
+ -- Arthur de Jong <adej...@debian.org> Tue, 17 Jan 2017 14:42:28 +0100
nss-pam-ldapd (0.9.7-1) unstable; urgency=medium
Index: debian/nslcd.config
===================================================================
--- debian/nslcd.config (revision 2157)
+++ debian/nslcd.config (working copy)
@@ -27,7 +27,7 @@
if [ -z "$RET" ] || [ "$force" = "force" ]
then
# the first part avoids getting options that have an optional MAP parameter
- cfgfile_value=`sed -n '/^'"$cfg_param"'[[:space:]]\(aliases\|ethers\|group\|hosts\|netgroup\|networks\|passwd\|protocols\|rpc\|services\|shadow\)[[:space:]]/!s/^'"$cfg_param"'[[:space:]]*\([^[:space:]].*[^[:space:]]\)[[:space:]]*$/\1/ip' "$cfgfile" | head -n 1`
+ cfgfile_value=`sed -n '/^'"$cfg_param"'[[:space:]][[:space:]]*\(aliases\|ethers\|group\|hosts\|netgroup\|networks\|passwd\|protocols\|rpc\|services\|shadow\)[[:space:]]/!s/^'"$cfg_param"'[[:space:]][[:space:]]*\([^[:space:]].*[^[:space:]]\)[[:space:]]*$/\1/ip' "$cfgfile" | head -n 1`
[ -n "$cfgfile_value" ] && db_set "$debconf_param" "$cfgfile_value"
fi
# we're done
signature.asc
Description: This is a digitally signed message part
