[Pkg-fedora-ds-maintainers] Bug#741600: 389-ds-base: diff for NMU version 1.3.2.9-1.1

tobi at coldtobi.de tobi at coldtobi.de
Fri Apr 25 16:07:29 UTC 2014 

tags 741600 + patch
tags 741600 + pending
thanks

Dear maintainer,

I've prepared an NMU for 389-ds-base (versioned as 1.3.2.9-1.1) and
uploaded it to DELAYED/5. Please feel free to tell me if I
should delay it longer.

Regards.
diff -Nru 389-ds-base-1.3.2.9/debian/changelog 389-ds-base-1.3.2.9/debian/changelog
--- 389-ds-base-1.3.2.9/debian/changelog	2014-02-03 10:09:07.000000000 +0100
+++ 389-ds-base-1.3.2.9/debian/changelog	2014-04-25 16:55:53.000000000 +0200
@@ -1,3 +1,12 @@
+389-ds-base (1.3.2.9-1.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Apply fix for CVE-2014-0132, see like named patch (Closes: 741600)
+  * Fix m4-macro for libsrvcore and add missing B-D on libpci-dev
+    (Closes: #745821)
+
+ -- Tobias Frost <tobi at coldtobi.de>  Fri, 25 Apr 2014 15:11:16 +0200
+
 389-ds-base (1.3.2.9-1) unstable; urgency=low
 
   * New upstream release.
diff -Nru 389-ds-base-1.3.2.9/debian/control 389-ds-base-1.3.2.9/debian/control
--- 389-ds-base-1.3.2.9/debian/control	2014-01-11 11:40:42.000000000 +0100
+++ 389-ds-base-1.3.2.9/debian/control	2014-04-25 16:37:03.000000000 +0200
@@ -22,6 +22,7 @@
  libperl-dev,
  libkrb5-dev,
  libpcre3-dev,
+ libpci-dev
 Standards-Version: 3.9.5
 Vcs-Git: git://git.debian.org/git/pkg-fedora-ds/389-ds-base.git
 Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-fedora-ds/389-ds-base.git
diff -Nru 389-ds-base-1.3.2.9/debian/patches/CVE-2014-0132.patch 389-ds-base-1.3.2.9/debian/patches/CVE-2014-0132.patch
--- 389-ds-base-1.3.2.9/debian/patches/CVE-2014-0132.patch	1970-01-01 01:00:00.000000000 +0100
+++ 389-ds-base-1.3.2.9/debian/patches/CVE-2014-0132.patch	2014-04-25 15:11:13.000000000 +0200
@@ -0,0 +1,49 @@
+--- a/ldap/servers/slapd/saslbind.c
++++ b/ldap/servers/slapd/saslbind.c
+@@ -229,34 +229,6 @@
+     return SASL_OK;
+ }
+ 
+-static int ids_sasl_proxy_policy(
+-    sasl_conn_t *conn,
+-    void *context,
+-    const char *requested_user, int rlen,
+-    const char *auth_identity, int alen,
+-    const char *def_realm, int urlen,
+-    struct propctx *propctx
+-)
+-{
+-    int retVal = SASL_OK;
+-    /* do not permit sasl proxy authorization */
+-    /* if the auth_identity is null or empty string, allow the sasl request to go thru */    
+-    if ( (auth_identity != NULL ) && ( strlen(auth_identity) > 0 ) ) {
+-        Slapi_DN authId , reqUser;
+-        slapi_sdn_init_dn_byref(&authId,auth_identity);
+-        slapi_sdn_init_dn_byref(&reqUser,requested_user);
+-        if (slapi_sdn_compare((const Slapi_DN *)&reqUser,(const Slapi_DN *) &authId) != 0) {
+-            LDAPDebug(LDAP_DEBUG_TRACE, 
+-                  "sasl proxy auth not permitted authid=%s user=%s\n",
+-                  auth_identity, requested_user, 0);
+-            retVal =  SASL_NOAUTHZ;
+-        }
+-        slapi_sdn_done(&authId);
+-        slapi_sdn_done(&reqUser); 
+-    }
+-    return retVal;
+-}
+-
+ static void ids_sasl_user_search(
+     char *basedn,
+     int scope,
+@@ -583,11 +555,6 @@
+       NULL
+     },
+     {
+-      SASL_CB_PROXY_POLICY,
+-      (IFP) ids_sasl_proxy_policy,
+-      NULL
+-    },
+-    {
+       SASL_CB_CANON_USER,
+       (IFP) ids_sasl_canon_user,
+       NULL
diff -Nru 389-ds-base-1.3.2.9/debian/patches/ftbs_lsoftotkn3.patch 389-ds-base-1.3.2.9/debian/patches/ftbs_lsoftotkn3.patch
--- 389-ds-base-1.3.2.9/debian/patches/ftbs_lsoftotkn3.patch	1970-01-01 01:00:00.000000000 +0100
+++ 389-ds-base-1.3.2.9/debian/patches/ftbs_lsoftotkn3.patch	2014-04-25 16:17:53.000000000 +0200
@@ -0,0 +1,20 @@
+Description: Fix autoconf macro to detect svrcore properly
+ configure bails out with a linking error against libsoftokn, which is according
+ #473275 the correct behaviour. The patch modifies the m4 file to do not link
+ against this lib.
+Author: Tobias Frost <tobi at coldtobi.de>
+Forwarded: no
+Last-Update: 2014-04-25
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/m4/svrcore.m4
++++ b/m4/svrcore.m4
+@@ -96,7 +96,7 @@
+ if test -z "$svrcore_inc" -o -z "$svrcore_lib"; then
+ dnl just see if SVRCORE is already a system library
+   AC_CHECK_LIB([svrcore], [SVRCORE_GetRegisteredPinObj], [havesvrcore=1],
+-	       [], [$nss_inc $nspr_inc $nss_lib -lnss3 -lsoftokn3 $nspr_lib -lplds4 -lplc4 -lnspr4])
++	       [], [$nss_inc $nspr_inc $nss_lib -lnss3 $nspr_lib -lplds4 -lplc4 -lnspr4])
+   if test -n "$havesvrcore" ; then
+ dnl just see if SVRCORE is already a system header file
+     save_cppflags="$CPPFLAGS"
diff -Nru 389-ds-base-1.3.2.9/debian/patches/rename-online-scripts.diff 389-ds-base-1.3.2.9/debian/patches/rename-online-scripts.diff
--- 389-ds-base-1.3.2.9/debian/patches/rename-online-scripts.diff	2014-01-11 11:39:16.000000000 +0100
+++ 389-ds-base-1.3.2.9/debian/patches/rename-online-scripts.diff	2014-04-25 15:11:03.000000000 +0200
@@ -1,8 +1,14 @@
-diff --git a/ldap/admin/src/scripts/template-bak2db.pl.in b/ldap/admin/src/scripts/template-bak2db.pl.in
-index 4c7bab8..a972878 100644
+Description: Cherrypick fix for CVE-2014-0132
+Author: Noriko Hosoi <nhosoi at redhat.com>
+Origin: https://fedorahosted.org/389/ticket/47739
+Forwarded: not
+Applied-Upstream: https://fedorahosted.org/389/changeset/9bc2b46b7c7ee4c975d04b041f73a5992906b07c/
+Last-Update: 2014-04-25
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
 --- a/ldap/admin/src/scripts/template-bak2db.pl.in
 +++ b/ldap/admin/src/scripts/template-bak2db.pl.in
-@@ -49,6 +49,6 @@ while ($i <= $#ARGV) {
+@@ -49,6 +49,6 @@
          $i++;
  }
  
@@ -10,11 +16,9 @@
 +exec "{{SERVERBIN-DIR}}/bak2db-online @wrapperArgs -Z {{SERV-ID}}";
  
  exit ($?);
-diff --git a/ldap/admin/src/scripts/template-db2bak.pl.in b/ldap/admin/src/scripts/template-db2bak.pl.in
-index 712f387..e5f44eb 100644
 --- a/ldap/admin/src/scripts/template-db2bak.pl.in
 +++ b/ldap/admin/src/scripts/template-db2bak.pl.in
-@@ -49,7 +49,7 @@ while ($i <= $#ARGV) {
+@@ -49,7 +49,7 @@
          $i++;
  }
  
@@ -23,11 +27,9 @@
  
  exit ($?);
  
-diff --git a/ldap/admin/src/scripts/template-db2index.pl.in b/ldap/admin/src/scripts/template-db2index.pl.in
-index d2d6d87..7edb3c2 100644
 --- a/ldap/admin/src/scripts/template-db2index.pl.in
 +++ b/ldap/admin/src/scripts/template-db2index.pl.in
-@@ -49,6 +49,6 @@ while ($i <= $#ARGV) {
+@@ -49,6 +49,6 @@
          $i++;
  }
  
@@ -35,11 +37,9 @@
 +exec "{{SERVERBIN-DIR}}/db2index-online @wrapperArgs -Z {{SERV-ID}}";
  
  exit ($?);
-diff --git a/ldap/admin/src/scripts/template-db2ldif.pl.in b/ldap/admin/src/scripts/template-db2ldif.pl.in
-index feb8af9..10db293 100644
 --- a/ldap/admin/src/scripts/template-db2ldif.pl.in
 +++ b/ldap/admin/src/scripts/template-db2ldif.pl.in
-@@ -53,6 +53,6 @@ while ($i <= $#ARGV) {
+@@ -53,6 +53,6 @@
  
  $cwd = cwd();
  
@@ -47,11 +47,9 @@
 +exec "{{SERVERBIN-DIR}}/db2ldif-online -c $cwd @wrapperArgs -Z {{SERV-ID}}";
  
  exit ($?);
-diff --git a/ldap/admin/src/scripts/template-ldif2db.pl.in b/ldap/admin/src/scripts/template-ldif2db.pl.in
-index 5211fd5..0bae57d 100644
 --- a/ldap/admin/src/scripts/template-ldif2db.pl.in
 +++ b/ldap/admin/src/scripts/template-ldif2db.pl.in
-@@ -49,6 +49,6 @@ while ($i <= $#ARGV) {
+@@ -49,6 +49,6 @@
          $i++;
  }
  
diff -Nru 389-ds-base-1.3.2.9/debian/patches/series 389-ds-base-1.3.2.9/debian/patches/series
--- 389-ds-base-1.3.2.9/debian/patches/series	2014-01-11 11:39:16.000000000 +0100
+++ 389-ds-base-1.3.2.9/debian/patches/series	2014-04-25 16:09:52.000000000 +0200
@@ -2,3 +2,5 @@
 fix-sasl-path.diff
 admin_scripts.diff
 rename-online-scripts.diff
+CVE-2014-0132.patch
+ftbs_lsoftotkn3.patch

More information about the Pkg-fedora-ds-maintainers mailing list