tags 741600 + patch tags 741600 + pending thanks Dear maintainer,
I've prepared an NMU for 389-ds-base (versioned as 1.3.2.9-1.1) and uploaded it to DELAYED/5. Please feel free to tell me if I should delay it longer. Regards. diff -Nru 389-ds-base-1.3.2.9/debian/changelog 389-ds-base-1.3.2.9/debian/changelog --- 389-ds-base-1.3.2.9/debian/changelog 2014-02-03 10:09:07.000000000 +0100 +++ 389-ds-base-1.3.2.9/debian/changelog 2014-04-25 16:55:53.000000000 +0200 @@ -1,3 +1,12 @@ +389-ds-base (1.3.2.9-1.1) unstable; urgency=medium + + * Non-maintainer upload. + * Apply fix for CVE-2014-0132, see like named patch (Closes: 741600) + * Fix m4-macro for libsrvcore and add missing B-D on libpci-dev + (Closes: #745821) + + -- Tobias Frost <t...@coldtobi.de> Fri, 25 Apr 2014 15:11:16 +0200 + 389-ds-base (1.3.2.9-1) unstable; urgency=low * New upstream release. diff -Nru 389-ds-base-1.3.2.9/debian/control 389-ds-base-1.3.2.9/debian/control --- 389-ds-base-1.3.2.9/debian/control 2014-01-11 11:40:42.000000000 +0100 +++ 389-ds-base-1.3.2.9/debian/control 2014-04-25 16:37:03.000000000 +0200 @@ -22,6 +22,7 @@ libperl-dev, libkrb5-dev, libpcre3-dev, + libpci-dev Standards-Version: 3.9.5 Vcs-Git: git://git.debian.org/git/pkg-fedora-ds/389-ds-base.git Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-fedora-ds/389-ds-base.git diff -Nru 389-ds-base-1.3.2.9/debian/patches/CVE-2014-0132.patch 389-ds-base-1.3.2.9/debian/patches/CVE-2014-0132.patch --- 389-ds-base-1.3.2.9/debian/patches/CVE-2014-0132.patch 1970-01-01 01:00:00.000000000 +0100 +++ 389-ds-base-1.3.2.9/debian/patches/CVE-2014-0132.patch 2014-04-25 15:11:13.000000000 +0200 @@ -0,0 +1,49 @@ +--- a/ldap/servers/slapd/saslbind.c ++++ b/ldap/servers/slapd/saslbind.c +@@ -229,34 +229,6 @@ + return SASL_OK; + } + +-static int ids_sasl_proxy_policy( +- sasl_conn_t *conn, +- void *context, +- const char *requested_user, int rlen, +- const char *auth_identity, int alen, +- const char *def_realm, int urlen, +- struct propctx *propctx +-) +-{ +- int retVal = SASL_OK; +- /* do not permit sasl proxy authorization */ +- /* if the auth_identity is null or empty string, allow the sasl request to go thru */ +- if ( (auth_identity != NULL ) && ( strlen(auth_identity) > 0 ) ) { +- Slapi_DN authId , reqUser; +- slapi_sdn_init_dn_byref(&authId,auth_identity); +- slapi_sdn_init_dn_byref(&reqUser,requested_user); +- if (slapi_sdn_compare((const Slapi_DN *)&reqUser,(const Slapi_DN *) &authId) != 0) { +- LDAPDebug(LDAP_DEBUG_TRACE, +- "sasl proxy auth not permitted authid=%s user=%s\n", +- auth_identity, requested_user, 0); +- retVal = SASL_NOAUTHZ; +- } +- slapi_sdn_done(&authId); +- slapi_sdn_done(&reqUser); +- } +- return retVal; +-} +- + static void ids_sasl_user_search( + char *basedn, + int scope, +@@ -583,11 +555,6 @@ + NULL + }, + { +- SASL_CB_PROXY_POLICY, +- (IFP) ids_sasl_proxy_policy, +- NULL +- }, +- { + SASL_CB_CANON_USER, + (IFP) ids_sasl_canon_user, + NULL diff -Nru 389-ds-base-1.3.2.9/debian/patches/ftbs_lsoftotkn3.patch 389-ds-base-1.3.2.9/debian/patches/ftbs_lsoftotkn3.patch --- 389-ds-base-1.3.2.9/debian/patches/ftbs_lsoftotkn3.patch 1970-01-01 01:00:00.000000000 +0100 +++ 389-ds-base-1.3.2.9/debian/patches/ftbs_lsoftotkn3.patch 2014-04-25 16:17:53.000000000 +0200 @@ -0,0 +1,20 @@ +Description: Fix autoconf macro to detect svrcore properly + configure bails out with a linking error against libsoftokn, which is according + #473275 the correct behaviour. The patch modifies the m4 file to do not link + against this lib. +Author: Tobias Frost <t...@coldtobi.de> +Forwarded: no +Last-Update: 2014-04-25 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/m4/svrcore.m4 ++++ b/m4/svrcore.m4 +@@ -96,7 +96,7 @@ + if test -z "$svrcore_inc" -o -z "$svrcore_lib"; then + dnl just see if SVRCORE is already a system library + AC_CHECK_LIB([svrcore], [SVRCORE_GetRegisteredPinObj], [havesvrcore=1], +- [], [$nss_inc $nspr_inc $nss_lib -lnss3 -lsoftokn3 $nspr_lib -lplds4 -lplc4 -lnspr4]) ++ [], [$nss_inc $nspr_inc $nss_lib -lnss3 $nspr_lib -lplds4 -lplc4 -lnspr4]) + if test -n "$havesvrcore" ; then + dnl just see if SVRCORE is already a system header file + save_cppflags="$CPPFLAGS" diff -Nru 389-ds-base-1.3.2.9/debian/patches/rename-online-scripts.diff 389-ds-base-1.3.2.9/debian/patches/rename-online-scripts.diff --- 389-ds-base-1.3.2.9/debian/patches/rename-online-scripts.diff 2014-01-11 11:39:16.000000000 +0100 +++ 389-ds-base-1.3.2.9/debian/patches/rename-online-scripts.diff 2014-04-25 15:11:03.000000000 +0200 @@ -1,8 +1,14 @@ -diff --git a/ldap/admin/src/scripts/template-bak2db.pl.in b/ldap/admin/src/scripts/template-bak2db.pl.in -index 4c7bab8..a972878 100644 +Description: Cherrypick fix for CVE-2014-0132 +Author: Noriko Hosoi <nho...@redhat.com> +Origin: https://fedorahosted.org/389/ticket/47739 +Forwarded: not +Applied-Upstream: https://fedorahosted.org/389/changeset/9bc2b46b7c7ee4c975d04b041f73a5992906b07c/ +Last-Update: 2014-04-25 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ --- a/ldap/admin/src/scripts/template-bak2db.pl.in +++ b/ldap/admin/src/scripts/template-bak2db.pl.in -@@ -49,6 +49,6 @@ while ($i <= $#ARGV) { +@@ -49,6 +49,6 @@ $i++; } @@ -10,11 +16,9 @@ +exec "{{SERVERBIN-DIR}}/bak2db-online @wrapperArgs -Z {{SERV-ID}}"; exit ($?); -diff --git a/ldap/admin/src/scripts/template-db2bak.pl.in b/ldap/admin/src/scripts/template-db2bak.pl.in -index 712f387..e5f44eb 100644 --- a/ldap/admin/src/scripts/template-db2bak.pl.in +++ b/ldap/admin/src/scripts/template-db2bak.pl.in -@@ -49,7 +49,7 @@ while ($i <= $#ARGV) { +@@ -49,7 +49,7 @@ $i++; } @@ -23,11 +27,9 @@ exit ($?); -diff --git a/ldap/admin/src/scripts/template-db2index.pl.in b/ldap/admin/src/scripts/template-db2index.pl.in -index d2d6d87..7edb3c2 100644 --- a/ldap/admin/src/scripts/template-db2index.pl.in +++ b/ldap/admin/src/scripts/template-db2index.pl.in -@@ -49,6 +49,6 @@ while ($i <= $#ARGV) { +@@ -49,6 +49,6 @@ $i++; } @@ -35,11 +37,9 @@ +exec "{{SERVERBIN-DIR}}/db2index-online @wrapperArgs -Z {{SERV-ID}}"; exit ($?); -diff --git a/ldap/admin/src/scripts/template-db2ldif.pl.in b/ldap/admin/src/scripts/template-db2ldif.pl.in -index feb8af9..10db293 100644 --- a/ldap/admin/src/scripts/template-db2ldif.pl.in +++ b/ldap/admin/src/scripts/template-db2ldif.pl.in -@@ -53,6 +53,6 @@ while ($i <= $#ARGV) { +@@ -53,6 +53,6 @@ $cwd = cwd(); @@ -47,11 +47,9 @@ +exec "{{SERVERBIN-DIR}}/db2ldif-online -c $cwd @wrapperArgs -Z {{SERV-ID}}"; exit ($?); -diff --git a/ldap/admin/src/scripts/template-ldif2db.pl.in b/ldap/admin/src/scripts/template-ldif2db.pl.in -index 5211fd5..0bae57d 100644 --- a/ldap/admin/src/scripts/template-ldif2db.pl.in +++ b/ldap/admin/src/scripts/template-ldif2db.pl.in -@@ -49,6 +49,6 @@ while ($i <= $#ARGV) { +@@ -49,6 +49,6 @@ $i++; } diff -Nru 389-ds-base-1.3.2.9/debian/patches/series 389-ds-base-1.3.2.9/debian/patches/series --- 389-ds-base-1.3.2.9/debian/patches/series 2014-01-11 11:39:16.000000000 +0100 +++ 389-ds-base-1.3.2.9/debian/patches/series 2014-04-25 16:09:52.000000000 +0200 @@ -2,3 +2,5 @@ fix-sasl-path.diff admin_scripts.diff rename-online-scripts.diff +CVE-2014-0132.patch +ftbs_lsoftotkn3.patch -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
