[Pkg-openldap-devel] 2.4.7-5 away

[Quanah Gibson-Mount]

--On Monday, February 18, 2008 1:17 AM -0800 Steve Langasek 
<vorlon at debian.org> wrote:

> On Mon, Feb 11, 2008 at 11:45:49PM -0800, Russ Allbery wrote:
>> Quanah Gibson-Mount <quanah at zimbra.com> writes:
>
>> > 2.4.8 is now ready for testing (not released, of course).  I assume
>> > that you'll be removing the patch to OpenLDAP for the bug in GnuTLS,
>> > and fixing GnuTLS instead?
>
>> Sure, eventually.  Immediately right now for the next release, no,
>> probably not, as at the very least Simon should get a say in how GnuTLS
>> is modified.  :)
>
>> > I expect that'd be good for a -6, at least.  2.4.8 obviously won't
>> > include patching 2.4.8 for a bug in GnuTLS. ;)
>
>> Right, but we can carry the patch until GnuTLS is fixed.  It's not like
>> it causes any significant harm (as I understand it) even after GnuTLS is
>> fixed.
>
> GnuTLS and OpenLDAP need to agree on the meaning of the "length" returned,
> so our patched libldap will again fail to validate alternate subject names
> when GnuTLS gets fixed.  Dunno whether you're counting that as
> "significant" harm. :)
>
> I would like to see the GnuTLS API fix reach Debian ASAP, so we can
> sidestep any concerns about partial upgrades to the fixed libgnutls.

I don't really get this comment, and neither does Howard.  Nikos already 
agreed his original patch was wrong, and he's committed the fix back to 
GnuTLS to use the original length parameter.  I'd assume that's what should 
be used.  It would be nice to get a confirmation back from Simon, but no 
one is saying the fix is incorrect:

<http://lists.gnu.org/archive/html/gnutls-devel/2008-02/msg00018.html>


--Quanah


--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration