Bug#693060: unblock: openvpn-auth-ldap/2.0.3-4

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#693060: unblock: openvpn-auth-ldap/2.0.3-4
From: Antoine Beaupré <anarcat@debian.org>
Date: Mon, 12 Nov 2012 10:04:38 -0500
Message-id: <[🔎] 20121112150438.7389.35054.reportbug@marcos.anarcat.ath.cx>
Reply-to: Antoine BeauprÃ© <anarcat@debian.org>, 693060@bugs.debian.org

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package openvpn-auth-ldap

The version in squeeze and wheezy has a critical bug that makes the
package inoperable after some time. The bug is:

#692936: "No remote address supplied" after a while

... and the 2.0.3-4 upload was performed only for that purpose.

Here's the magic stanza:

unblock openvpn-auth-ldap/2.0.3-4

Here's the debdiff:

diff -Nru openvpn-auth-ldap-2.0.3/debian/changelog openvpn-auth-ldap-2.0.3/debian/changelog
--- openvpn-auth-ldap-2.0.3/debian/changelog	2012-06-05 09:59:11.000000000 -0400
+++ openvpn-auth-ldap-2.0.3/debian/changelog	2012-11-12 05:36:50.000000000 -0500
@@ -1,3 +1,10 @@
+openvpn-auth-ldap (2.0.3-4) unstable; urgency=low
+
+  * Add patch from Antoine Beaupré to fix "No remote address
+    supplied" error. (Closes: #692936)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org>  Mon, 12 Nov 2012 11:35:43 +0100
+
 openvpn-auth-ldap (2.0.3-3) unstable; urgency=low
 
   * Acknowledge Matthias Klose's NMU. Thanks!
diff -Nru openvpn-auth-ldap-2.0.3/debian/patches/openvpn_ldap_simpler_add_handler_4 openvpn-auth-ldap-2.0.3/debian/patches/openvpn_ldap_simpler_add_handler_4
--- openvpn-auth-ldap-2.0.3/debian/patches/openvpn_ldap_simpler_add_handler_4	1969-12-31 19:00:00.000000000 -0500
+++ openvpn-auth-ldap-2.0.3/debian/patches/openvpn_ldap_simpler_add_handler_4	2012-11-12 04:40:39.000000000 -0500
@@ -0,0 +1,50 @@
+Description: move address checks further down to avoid certain failures
+ this tries to avoid certain failures with the LDAP plugin where it
+ doesn't get passed the remoteAddress in certain cases. since we do
+ may not care about this address, we fail only when really necessary.
+
+Author: Antoine Beaupr�anarcat@debian.org>
+
+Origin: vendor
+Bug: https://code.google.com/p/openvpn-auth-ldap/issues/detail?id=4
+Bug-Debian: http://bugs.debian.org/692936
+Forwarded: yes
+Last-Update: 2012-11-10
+
+--- openvpn-auth-ldap-2.0.3.orig/src/auth-ldap.m
++++ openvpn-auth-ldap-2.0.3/src/auth-ldap.m
+@@ -533,7 +533,10 @@ static int handle_client_connect_disconn
+ 	}
+ 
+ 	if (tableName)
+-		if (!pf_client_connect_disconnect(ctx, tableName, remoteAddress, connecting))
++        	if (!remoteAddress) {
++			[TRLog debug: "No remote address supplied to OpenVPN LDAP Plugin (OPENVPN_PLUGIN_CLIENT_CONNECT)."];
++			ret = OPENVPN_PLUGIN_FUNC_ERROR;
++		} else if (!pf_client_connect_disconnect(ctx, tableName, remoteAddress, connecting))
+ 			return OPENVPN_PLUGIN_FUNC_ERROR;
+ #endif /* HAVE_PF */
+ 
+@@ -587,20 +590,10 @@ openvpn_plugin_func_v1(openvpn_plugin_ha
+ 			break;
+ 		/* New connection established */
+ 		case OPENVPN_PLUGIN_CLIENT_CONNECT:
+-			if (!remoteAddress) {
+-				[TRLog debug: "No remote address supplied to OpenVPN LDAP Plugin (OPENVPN_PLUGIN_CLIENT_CONNECT)."];
+-				ret = OPENVPN_PLUGIN_FUNC_ERROR;
+-			} else {
+-				ret = handle_client_connect_disconnect(ctx, ldap, ldapUser, remoteAddress, YES);
+-			}
++			ret = handle_client_connect_disconnect(ctx, ldap, ldapUser, remoteAddress, YES);
+ 			break;
+ 		case OPENVPN_PLUGIN_CLIENT_DISCONNECT:
+-			if (!remoteAddress) {
+-				[TRLog debug: "No remote address supplied to OpenVPN LDAP Plugin (OPENVPN_PLUGIN_CLIENT_DISCONNECT)."];
+-				ret = OPENVPN_PLUGIN_FUNC_ERROR;
+-			} else {
+-				ret = handle_client_connect_disconnect(ctx, ldap, ldapUser, remoteAddress, NO);
+-			}
++			ret = handle_client_connect_disconnect(ctx, ldap, ldapUser, remoteAddress, NO);
+ 			break;
+ 		default:
+ 			[TRLog debug: "Unhandled plugin type in OpenVPN LDAP Plugin (type=%d)", type];
diff -Nru openvpn-auth-ldap-2.0.3/debian/patches/series openvpn-auth-ldap-2.0.3/debian/patches/series
--- openvpn-auth-ldap-2.0.3/debian/patches/series	2012-06-05 07:31:33.000000000 -0400
+++ openvpn-auth-ldap-2.0.3/debian/patches/series	2012-11-12 04:43:28.000000000 -0500
@@ -1,2 +1,3 @@
 STARTTLS_before_auth.patch
 gobjc_4.7_runtime.patch
+openvpn_ldap_simpler_add_handler_4

Thanks,

A.

PS: maybe this could be considered for a squeeze update too?

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-3-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to fr_CA.UTF-8)
Shell: /bin/sh linked to /bin/dash

Reply to:

Follow-Ups:
- Bug#693060: unblock: openvpn-auth-ldap/2.0.3-4
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Bug#693060: marked as done (unblock: openvpn-auth-ldap/2.0.3-4)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)
- Bug#693060: marked as done (unblock: openvpn-auth-ldap/2.0.3-4)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#688791: unblock: elfutils/0.153-2
Next by Date: Bug#692145: marked as done (unblock: maradns/1.4.12-5)
Previous by thread: Bug#688791: unblock: elfutils/0.153-2
Next by thread: Bug#693060: unblock: openvpn-auth-ldap/2.0.3-4
Index(es):
- Date
- Thread