r2145 - in glibc-package/trunk/debian: . patches patches/any
Author: madcoder
Date: 2007-04-28 09:22:03 +0000 (Sat, 28 Apr 2007)
New Revision: 2145
Added:
glibc-package/trunk/debian/nscd.NEWS.Debian
glibc-package/trunk/debian/patches/any/local-disable-nscd-host-caching.diff
Modified:
glibc-package/trunk/debian/changelog
glibc-package/trunk/debian/patches/series
Log:
Disable nscd hosts caching per default, as it is utterly broken.
Signed-off-by: Pierre Habouzit <madcoder@debian.org>
Modified: glibc-package/trunk/debian/changelog
===================================================================
--- glibc-package/trunk/debian/changelog 2007-04-27 22:54:32 UTC (rev 2144)
+++ glibc-package/trunk/debian/changelog 2007-04-28 09:22:03 UTC (rev 2145)
@@ -42,11 +42,15 @@
+ drop oldies (nscd_nischeck things, does not exists anymore).
* patches/any/cvs-scanf_hexfloat.diff: fix a bug when parsing a float in
hexadicimal form with no exponent. Closes: #166403.
+ * disable hosts caching in nscd by default as it breaks gethostby* calls
+ (does not respect DNS TTLs, see #335476):
+ + document it in nscd.NEWS.Debian.
+ + patches/any/local-disable-nscd-host-caching.diff: update nscd.conf.
[ Clint Adams ]
* Switch from linux-kernel-headers to linux-libc-dev.
- -- Pierre Habouzit <madcoder@debian.org> Sat, 28 Apr 2007 00:53:01 +0200
+ -- Pierre Habouzit <madcoder@debian.org> Sat, 28 Apr 2007 11:17:51 +0200
glibc (2.5-4) unstable; urgency=low
Added: glibc-package/trunk/debian/nscd.NEWS.Debian
===================================================================
--- glibc-package/trunk/debian/nscd.NEWS.Debian 2007-04-27 22:54:32 UTC (rev 2144)
+++ glibc-package/trunk/debian/nscd.NEWS.Debian 2007-04-28 09:22:03 UTC (rev 2145)
@@ -0,0 +1,12 @@
+glibc (2.5-5) unstable; urgency=low
+
+ Since this release, hosts caching in nscd is off by default: for some of
+ the libc calls (gethostby{name,addr}* calls) nscd does not respects the
+ DNS TTLs. It can lead to system lockups (e.g. if you are using
+ pam-ldap and that you change the IP of your authentication server) hence
+ is not considered safe.
+
+ See debian bug #335476 and how upstream answered to that in
+ http://sourceware.org/bugzilla/show_bug.cgi?id=4428.
+
+ -- Pierre Habouzit <madcoder@debian.org> Sat, 28 Apr 2007 11:10:56 +0200
Added: glibc-package/trunk/debian/patches/any/local-disable-nscd-host-caching.diff
===================================================================
--- glibc-package/trunk/debian/patches/any/local-disable-nscd-host-caching.diff 2007-04-27 22:54:32 UTC (rev 2144)
+++ glibc-package/trunk/debian/patches/any/local-disable-nscd-host-caching.diff 2007-04-28 09:22:03 UTC (rev 2145)
@@ -0,0 +1,15 @@
+Index: glibc-2.5/nscd/nscd.conf
+===================================================================
+--- glibc-2.5.orig/nscd/nscd.conf
++++ glibc-2.5/nscd/nscd.conf
+@@ -60,7 +60,9 @@
+ max-db-size group 33554432
+ auto-propagate group yes
+
+- enable-cache hosts yes
++ # hosts caching is broken with gethostby* calls, hence is now disabled
++ # per default. See /usr/share/doc/nscd/NEWS.Debian.
++ enable-cache hosts no
+ positive-time-to-live hosts 3600
+ negative-time-to-live hosts 20
+ suggested-size hosts 211
Modified: glibc-package/trunk/debian/patches/series
===================================================================
--- glibc-package/trunk/debian/patches/series 2007-04-27 22:54:32 UTC (rev 2144)
+++ glibc-package/trunk/debian/patches/series 2007-04-28 09:22:03 UTC (rev 2145)
@@ -149,3 +149,4 @@
any/submitted-unistd_XOPEN_VERSION.diff
any/cvs-glob-c.diff
any/cvs-scanf_hexfloat.diff
+any/local-disable-nscd-host-caching.diff
Reply to: