Fix regression for kfreebsd-{i386,amd64} builds (#690319/CVE-2013-0288)
Hi Steven, hi Arthur
On Thu, May 02, 2013 at 11:55:22PM +0200, Arthur de Jong wrote:
> On Wed, 2013-05-01 at 23:05 +0100, Steven Chamberlain wrote:
> > I noticed (by chance) there is a problem with the squeeze-security
> > patch for #690319; it introduces a regression on kfreebsd and has not
> > built. I'm not sure where to find build logs of this, or if they are
> > public, but I think it is due to using a non-standard EBADFD errno
> > ("file descriptor in bad state").
>
> I don't think the security build logs are public (even after the
> advisory is released) and I hadn't noticed the buil failure before.
>
> > Perhaps EBADF ("is not a valid file descriptor" / "bad file number")
> > would be suitable instead and is more portable; please consider
> > attached bug690319-amend-1.diff
>
> This looks like the right approach. The exact value of errno doesn't
> make that much of a difference in this case.
>
> I've applied this change upstream and am willing to prepare a
> 0.7.15+squeeze4 package. I think it's up to the security team to decide
> whether this should go to stable or stable-security.
>
> One thing to consider is that I'd also like to fix RC bug #700971 (the
> bug report contains the patch that would be applied). People run into
> this bug when installing a security update for nss-pam-ldapd.
Thanks for notifying. Yes, indeed nss-pam-ldapd did not build for
kfreebsd-amd64 and kfreebsd-i386. As the FTBFS is a regression for the
kfreebsd builds when appliying the initial fix for CVE-2013-0288 I
think we should release an updated version targetting squeeze-security
to include the fix for it and send an updated DSA.
But I'm cc'ing also Moritz explicitly, who released this DSA, to get
an opinion from him.
Regards,
Salvatore
Reply to: