Author: madcoder Date: 2007-04-28 09:22:03 +0000 (Sat, 28 Apr 2007) New Revision: 2145
Added: glibc-package/trunk/debian/nscd.NEWS.Debian glibc-package/trunk/debian/patches/any/local-disable-nscd-host-caching.diff Modified: glibc-package/trunk/debian/changelog glibc-package/trunk/debian/patches/series Log: Disable nscd hosts caching per default, as it is utterly broken. Signed-off-by: Pierre Habouzit <[EMAIL PROTECTED]> Modified: glibc-package/trunk/debian/changelog =================================================================== --- glibc-package/trunk/debian/changelog 2007-04-27 22:54:32 UTC (rev 2144) +++ glibc-package/trunk/debian/changelog 2007-04-28 09:22:03 UTC (rev 2145) @@ -42,11 +42,15 @@ + drop oldies (nscd_nischeck things, does not exists anymore). * patches/any/cvs-scanf_hexfloat.diff: fix a bug when parsing a float in hexadicimal form with no exponent. Closes: #166403. + * disable hosts caching in nscd by default as it breaks gethostby* calls + (does not respect DNS TTLs, see #335476): + + document it in nscd.NEWS.Debian. + + patches/any/local-disable-nscd-host-caching.diff: update nscd.conf. [ Clint Adams ] * Switch from linux-kernel-headers to linux-libc-dev. - -- Pierre Habouzit <[EMAIL PROTECTED]> Sat, 28 Apr 2007 00:53:01 +0200 + -- Pierre Habouzit <[EMAIL PROTECTED]> Sat, 28 Apr 2007 11:17:51 +0200 glibc (2.5-4) unstable; urgency=low Added: glibc-package/trunk/debian/nscd.NEWS.Debian =================================================================== --- glibc-package/trunk/debian/nscd.NEWS.Debian 2007-04-27 22:54:32 UTC (rev 2144) +++ glibc-package/trunk/debian/nscd.NEWS.Debian 2007-04-28 09:22:03 UTC (rev 2145) @@ -0,0 +1,12 @@ +glibc (2.5-5) unstable; urgency=low + + Since this release, hosts caching in nscd is off by default: for some of + the libc calls (gethostby{name,addr}* calls) nscd does not respects the + DNS TTLs. It can lead to system lockups (e.g. if you are using + pam-ldap and that you change the IP of your authentication server) hence + is not considered safe. + + See debian bug #335476 and how upstream answered to that in + http://sourceware.org/bugzilla/show_bug.cgi?id=4428. + + -- Pierre Habouzit <[EMAIL PROTECTED]> Sat, 28 Apr 2007 11:10:56 +0200 Added: glibc-package/trunk/debian/patches/any/local-disable-nscd-host-caching.diff =================================================================== --- glibc-package/trunk/debian/patches/any/local-disable-nscd-host-caching.diff 2007-04-27 22:54:32 UTC (rev 2144) +++ glibc-package/trunk/debian/patches/any/local-disable-nscd-host-caching.diff 2007-04-28 09:22:03 UTC (rev 2145) @@ -0,0 +1,15 @@ +Index: glibc-2.5/nscd/nscd.conf +=================================================================== +--- glibc-2.5.orig/nscd/nscd.conf ++++ glibc-2.5/nscd/nscd.conf +@@ -60,7 +60,9 @@ + max-db-size group 33554432 + auto-propagate group yes + +- enable-cache hosts yes ++ # hosts caching is broken with gethostby* calls, hence is now disabled ++ # per default. See /usr/share/doc/nscd/NEWS.Debian. ++ enable-cache hosts no + positive-time-to-live hosts 3600 + negative-time-to-live hosts 20 + suggested-size hosts 211 Modified: glibc-package/trunk/debian/patches/series =================================================================== --- glibc-package/trunk/debian/patches/series 2007-04-27 22:54:32 UTC (rev 2144) +++ glibc-package/trunk/debian/patches/series 2007-04-28 09:22:03 UTC (rev 2145) @@ -149,3 +149,4 @@ any/submitted-unistd_XOPEN_VERSION.diff any/cvs-glob-c.diff any/cvs-scanf_hexfloat.diff +any/local-disable-nscd-host-caching.diff -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]