[Pkg-gnutls-maint] Bug#471354: libgnutls13: gnutls13=1.4.4-3 causes pam_ldap failures based on transfer size

Chris Adams chris at improbable.org
Mon Mar 17 12:39:30 UTC 2008

Package: libgnutls13
Version: 1.4.4-3
Severity: normal

#470509 turns out to be caused by the version of libgnutls13 - if the
version from stable (1.4.4-3) is in use pam_ldap will return an
incorrect authentication error because the ldap_search_s() call will
fail when gnutls_read() returns an internal error while reading a large
record (e.g. an LDAP record which contains a jpegPhoto attribute): 

Mar 14 09:30:47 etch-dev su[17362]: SSL_read() failed: gnutls_read()  returned -59: GnuTLS internal error.

I have submitted a pam_ldap patch which does not retrieve the entire
record since it's unnecessary to transfer that much data but I suspect
that the same internal error could affect other programs. Upgrading to
the version in testing solves the problem.


-- System Information:
Debian Release: 4.0
 APT prefers stable
 APT policy: (990, 'stable'), (500, 'testing')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-6-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages libgnutls13 depends on:
ii  libc6                  2.7-6             GNU C Library: Shared libraries
ii  libgcrypt11            1.4.0-3           LGPL Crypto library - runtime libr
ii  libgpg-error0          1.4-2             library for common error values an
ii  liblzo1                1.08-3            data compression library (old vers
ii  libopencdk8            0.5.9-2           Open Crypto Development Kit (OpenC
ii  libtasn1-3             0.3.6-2           Manage ASN.1 structures (runtime)
ii  zlib1g                 1: compression library - runtime

libgnutls13 recommends no packages.

-- no debconf information

More information about the Pkg-gnutls-maint mailing list