[Pkg-fedora-ds-maintainers] Bug#741600: 389-ds-base: diff for NMU version 1.3.2.9-1.1
tobi at coldtobi.de
tobi at coldtobi.de
Fri Apr 25 16:07:29 UTC 2014
tags 741600 + patch
tags 741600 + pending
thanks
Dear maintainer,
I've prepared an NMU for 389-ds-base (versioned as 1.3.2.9-1.1) and
uploaded it to DELAYED/5. Please feel free to tell me if I
should delay it longer.
Regards.
diff -Nru 389-ds-base-1.3.2.9/debian/changelog 389-ds-base-1.3.2.9/debian/changelog
--- 389-ds-base-1.3.2.9/debian/changelog 2014-02-03 10:09:07.000000000 +0100
+++ 389-ds-base-1.3.2.9/debian/changelog 2014-04-25 16:55:53.000000000 +0200
@@ -1,3 +1,12 @@
+389-ds-base (1.3.2.9-1.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Apply fix for CVE-2014-0132, see like named patch (Closes: 741600)
+ * Fix m4-macro for libsrvcore and add missing B-D on libpci-dev
+ (Closes: #745821)
+
+ -- Tobias Frost <tobi at coldtobi.de> Fri, 25 Apr 2014 15:11:16 +0200
+
389-ds-base (1.3.2.9-1) unstable; urgency=low
* New upstream release.
diff -Nru 389-ds-base-1.3.2.9/debian/control 389-ds-base-1.3.2.9/debian/control
--- 389-ds-base-1.3.2.9/debian/control 2014-01-11 11:40:42.000000000 +0100
+++ 389-ds-base-1.3.2.9/debian/control 2014-04-25 16:37:03.000000000 +0200
@@ -22,6 +22,7 @@
libperl-dev,
libkrb5-dev,
libpcre3-dev,
+ libpci-dev
Standards-Version: 3.9.5
Vcs-Git: git://git.debian.org/git/pkg-fedora-ds/389-ds-base.git
Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-fedora-ds/389-ds-base.git
diff -Nru 389-ds-base-1.3.2.9/debian/patches/CVE-2014-0132.patch 389-ds-base-1.3.2.9/debian/patches/CVE-2014-0132.patch
--- 389-ds-base-1.3.2.9/debian/patches/CVE-2014-0132.patch 1970-01-01 01:00:00.000000000 +0100
+++ 389-ds-base-1.3.2.9/debian/patches/CVE-2014-0132.patch 2014-04-25 15:11:13.000000000 +0200
@@ -0,0 +1,49 @@
+--- a/ldap/servers/slapd/saslbind.c
++++ b/ldap/servers/slapd/saslbind.c
+@@ -229,34 +229,6 @@
+ return SASL_OK;
+ }
+
+-static int ids_sasl_proxy_policy(
+- sasl_conn_t *conn,
+- void *context,
+- const char *requested_user, int rlen,
+- const char *auth_identity, int alen,
+- const char *def_realm, int urlen,
+- struct propctx *propctx
+-)
+-{
+- int retVal = SASL_OK;
+- /* do not permit sasl proxy authorization */
+- /* if the auth_identity is null or empty string, allow the sasl request to go thru */
+- if ( (auth_identity != NULL ) && ( strlen(auth_identity) > 0 ) ) {
+- Slapi_DN authId , reqUser;
+- slapi_sdn_init_dn_byref(&authId,auth_identity);
+- slapi_sdn_init_dn_byref(&reqUser,requested_user);
+- if (slapi_sdn_compare((const Slapi_DN *)&reqUser,(const Slapi_DN *) &authId) != 0) {
+- LDAPDebug(LDAP_DEBUG_TRACE,
+- "sasl proxy auth not permitted authid=%s user=%s\n",
+- auth_identity, requested_user, 0);
+- retVal = SASL_NOAUTHZ;
+- }
+- slapi_sdn_done(&authId);
+- slapi_sdn_done(&reqUser);
+- }
+- return retVal;
+-}
+-
+ static void ids_sasl_user_search(
+ char *basedn,
+ int scope,
+@@ -583,11 +555,6 @@
+ NULL
+ },
+ {
+- SASL_CB_PROXY_POLICY,
+- (IFP) ids_sasl_proxy_policy,
+- NULL
+- },
+- {
+ SASL_CB_CANON_USER,
+ (IFP) ids_sasl_canon_user,
+ NULL
diff -Nru 389-ds-base-1.3.2.9/debian/patches/ftbs_lsoftotkn3.patch 389-ds-base-1.3.2.9/debian/patches/ftbs_lsoftotkn3.patch
--- 389-ds-base-1.3.2.9/debian/patches/ftbs_lsoftotkn3.patch 1970-01-01 01:00:00.000000000 +0100
+++ 389-ds-base-1.3.2.9/debian/patches/ftbs_lsoftotkn3.patch 2014-04-25 16:17:53.000000000 +0200
@@ -0,0 +1,20 @@
+Description: Fix autoconf macro to detect svrcore properly
+ configure bails out with a linking error against libsoftokn, which is according
+ #473275 the correct behaviour. The patch modifies the m4 file to do not link
+ against this lib.
+Author: Tobias Frost <tobi at coldtobi.de>
+Forwarded: no
+Last-Update: 2014-04-25
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/m4/svrcore.m4
++++ b/m4/svrcore.m4
+@@ -96,7 +96,7 @@
+ if test -z "$svrcore_inc" -o -z "$svrcore_lib"; then
+ dnl just see if SVRCORE is already a system library
+ AC_CHECK_LIB([svrcore], [SVRCORE_GetRegisteredPinObj], [havesvrcore=1],
+- [], [$nss_inc $nspr_inc $nss_lib -lnss3 -lsoftokn3 $nspr_lib -lplds4 -lplc4 -lnspr4])
++ [], [$nss_inc $nspr_inc $nss_lib -lnss3 $nspr_lib -lplds4 -lplc4 -lnspr4])
+ if test -n "$havesvrcore" ; then
+ dnl just see if SVRCORE is already a system header file
+ save_cppflags="$CPPFLAGS"
diff -Nru 389-ds-base-1.3.2.9/debian/patches/rename-online-scripts.diff 389-ds-base-1.3.2.9/debian/patches/rename-online-scripts.diff
--- 389-ds-base-1.3.2.9/debian/patches/rename-online-scripts.diff 2014-01-11 11:39:16.000000000 +0100
+++ 389-ds-base-1.3.2.9/debian/patches/rename-online-scripts.diff 2014-04-25 15:11:03.000000000 +0200
@@ -1,8 +1,14 @@
-diff --git a/ldap/admin/src/scripts/template-bak2db.pl.in b/ldap/admin/src/scripts/template-bak2db.pl.in
-index 4c7bab8..a972878 100644
+Description: Cherrypick fix for CVE-2014-0132
+Author: Noriko Hosoi <nhosoi at redhat.com>
+Origin: https://fedorahosted.org/389/ticket/47739
+Forwarded: not
+Applied-Upstream: https://fedorahosted.org/389/changeset/9bc2b46b7c7ee4c975d04b041f73a5992906b07c/
+Last-Update: 2014-04-25
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/ldap/admin/src/scripts/template-bak2db.pl.in
+++ b/ldap/admin/src/scripts/template-bak2db.pl.in
-@@ -49,6 +49,6 @@ while ($i <= $#ARGV) {
+@@ -49,6 +49,6 @@
$i++;
}
@@ -10,11 +16,9 @@
+exec "{{SERVERBIN-DIR}}/bak2db-online @wrapperArgs -Z {{SERV-ID}}";
exit ($?);
-diff --git a/ldap/admin/src/scripts/template-db2bak.pl.in b/ldap/admin/src/scripts/template-db2bak.pl.in
-index 712f387..e5f44eb 100644
--- a/ldap/admin/src/scripts/template-db2bak.pl.in
+++ b/ldap/admin/src/scripts/template-db2bak.pl.in
-@@ -49,7 +49,7 @@ while ($i <= $#ARGV) {
+@@ -49,7 +49,7 @@
$i++;
}
@@ -23,11 +27,9 @@
exit ($?);
-diff --git a/ldap/admin/src/scripts/template-db2index.pl.in b/ldap/admin/src/scripts/template-db2index.pl.in
-index d2d6d87..7edb3c2 100644
--- a/ldap/admin/src/scripts/template-db2index.pl.in
+++ b/ldap/admin/src/scripts/template-db2index.pl.in
-@@ -49,6 +49,6 @@ while ($i <= $#ARGV) {
+@@ -49,6 +49,6 @@
$i++;
}
@@ -35,11 +37,9 @@
+exec "{{SERVERBIN-DIR}}/db2index-online @wrapperArgs -Z {{SERV-ID}}";
exit ($?);
-diff --git a/ldap/admin/src/scripts/template-db2ldif.pl.in b/ldap/admin/src/scripts/template-db2ldif.pl.in
-index feb8af9..10db293 100644
--- a/ldap/admin/src/scripts/template-db2ldif.pl.in
+++ b/ldap/admin/src/scripts/template-db2ldif.pl.in
-@@ -53,6 +53,6 @@ while ($i <= $#ARGV) {
+@@ -53,6 +53,6 @@
$cwd = cwd();
@@ -47,11 +47,9 @@
+exec "{{SERVERBIN-DIR}}/db2ldif-online -c $cwd @wrapperArgs -Z {{SERV-ID}}";
exit ($?);
-diff --git a/ldap/admin/src/scripts/template-ldif2db.pl.in b/ldap/admin/src/scripts/template-ldif2db.pl.in
-index 5211fd5..0bae57d 100644
--- a/ldap/admin/src/scripts/template-ldif2db.pl.in
+++ b/ldap/admin/src/scripts/template-ldif2db.pl.in
-@@ -49,6 +49,6 @@ while ($i <= $#ARGV) {
+@@ -49,6 +49,6 @@
$i++;
}
diff -Nru 389-ds-base-1.3.2.9/debian/patches/series 389-ds-base-1.3.2.9/debian/patches/series
--- 389-ds-base-1.3.2.9/debian/patches/series 2014-01-11 11:39:16.000000000 +0100
+++ 389-ds-base-1.3.2.9/debian/patches/series 2014-04-25 16:09:52.000000000 +0200
@@ -2,3 +2,5 @@
fix-sasl-path.diff
admin_scripts.diff
rename-online-scripts.diff
+CVE-2014-0132.patch
+ftbs_lsoftotkn3.patch
More information about the Pkg-fedora-ds-maintainers
mailing list