[proftpd-dfsg] 01/01: Patch for not_read_whole_passwd_db (#717235)

[Hilmar Preuße]

This is an automated email from the git hooks/post-receive script.

hilmar-guest pushed a commit to branch master
in repository proftpd-dfsg.

commit c4f244fc1c494e9e72206c69fbbdc96d8bb8af31
Author: Hilmar Preuße <hille42 at web.de>
Date:   Mon Sep 26 09:50:56 2016 +0200

    Patch for not_read_whole_passwd_db (#717235)
---
 debian/changelog                             |  7 ++++++
 debian/patches/not_read_whole_passwd_db.diff | 37 ++++++++++++++++++++++++++++
 debian/patches/series                        |  1 +
 3 files changed, 45 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index fd8b659..08723ce 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -16,6 +16,13 @@ proftpd-dfsg (1.3.5a-2) UNRELEASED; urgency=medium
   * Use common-session-noninteractive PAM configuration fragment,
     (instead of common-session) in pam config of proftpd-basic
     (Closes: #804322).
+  * Apply patch to not request the whole passwd DB at each login. Thanks
+    to Arthur de Jong <adejong at debian.org>. (Closes: #717235).
+    <quote src=AdJ>
+    I still question the usefulness of setpwent()/getpwent() in the first
+    place as there is no guarantee that any resources opened for setpwent()
+    are used for other getpw{nam,uid}() calls.
+    </quote>
   * Some files created during build were not removed during clean.
 
  -- Mahyuddin Susanto <udienz at gmail.com>  Wed, 24 Aug 2016 15:23:38 -0700
diff --git a/debian/patches/not_read_whole_passwd_db.diff b/debian/patches/not_read_whole_passwd_db.diff
new file mode 100644
index 0000000..b968194
--- /dev/null
+++ b/debian/patches/not_read_whole_passwd_db.diff
@@ -0,0 +1,37 @@
+Author: Arthur de Jong <adejong at debian.org>
+Last-Update: 2013-08-14
+Forwarded: <unknown>. Fixed in 1.3.6rc1
+Bug-Debian: http://bugs.debian.org/717235
+Description: not request the whole passwd DB at each login.
+
+Index: proftpd-dfsg-1.3.5a/modules/mod_auth.c
+===================================================================
+--- proftpd-dfsg-1.3.5a.orig/modules/mod_auth.c	2015-05-28 02:25:54.000000000 +0200
++++ proftpd-dfsg-1.3.5a/modules/mod_auth.c	2016-09-19 09:58:15.000000000 +0200
+@@ -838,16 +838,23 @@
+ }
+ 
+ static void ensure_open_passwd(pool *p) {
+-  /* Make sure pass/group is open.
+-   */
++  /* Make sure pass/group is open. */
+   pr_auth_setpwent(p);
+   pr_auth_setgrent(p);
+ 
+   /* On some unices the following is necessary to ensure the files
+-   * are open.  (BSDI 3.1)
++   * are open (BSDI 3.1)
+    */
+   pr_auth_getpwent(p);
+   pr_auth_getgrent(p);
++
++  /* Per Debian bug report:
++   *   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717235
++   * we might want to do another set{pw,gr}ent(), to play better with
++   * some NSS modules.
++   */
++  pr_auth_setpwent(p);
++  pr_auth_setgrent(p);
+ }
+ 
+ /* Next function (the biggie) handles all authentication, setting
diff --git a/debian/patches/series b/debian/patches/series
index 5f78814..838d6ce 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -14,3 +14,4 @@ contrib_hardening_flags
 FTBS_on_Hurd
 large_files_SFTP.diff
 reproducible_build
+not_read_whole_passwd_db.diff

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-proftpd/proftpd-dfsg.git