Raspbian automatic forward porter [Fri, 18 Feb 2022 05:17:14 +0000 (05:17 +0000)]
Merge version 2.0.11-2+rpi1 and 2.0.14-1 to produce 2.0.14-1+rpi1
Timo Aaltonen [Thu, 10 Feb 2022 18:00:45 +0000 (18:00 +0000)]
Merge 389-ds-base (2.0.14-1) import into refs/heads/workingbranch
Timo Aaltonen [Wed, 15 Dec 2021 19:40:38 +0000 (21:40 +0200)]
[PATCH] Revert "Issue 3584 - Fix PBKDF2_SHA256 hashing in FIPS mode (#4949)"
This reverts commit
b0d06615e1117799ec156d51489cd49c92635cca.
Gbp-Pq: Name 0001-Revert-Issue-3584-Fix-PBKDF2_SHA256-hashing-in-FIPS-.patch
Debian FreeIPA Team [Thu, 10 Feb 2022 18:00:45 +0000 (18:00 +0000)]
fix-saslpath
Gbp-Pq: Name fix-saslpath.diff
Timo Aaltonen [Thu, 10 Feb 2022 18:00:45 +0000 (18:00 +0000)]
389-ds-base (2.0.14-1) unstable; urgency=medium
* New upstream release.
* install: Updated.
* control: Bump policy to 4.6.0.
[dgit import unpatched 389-ds-base 2.0.14-1]
Timo Aaltonen [Thu, 10 Feb 2022 18:00:45 +0000 (18:00 +0000)]
Import 389-ds-base_2.0.14.orig.tar.gz
[dgit import orig 389-ds-base_2.0.14.orig.tar.gz]
Timo Aaltonen [Thu, 10 Feb 2022 18:00:45 +0000 (18:00 +0000)]
Import 389-ds-base_2.0.14-1.debian.tar.xz
[dgit import tarball 389-ds-base 2.0.14-1 389-ds-base_2.0.14-1.debian.tar.xz]
Raspbian automatic forward porter [Tue, 21 Dec 2021 18:59:59 +0000 (18:59 +0000)]
Merge version 1.4.4.17-1+rpi1 and 2.0.11-2 to produce 2.0.11-2+rpi1
Timo Aaltonen [Wed, 15 Dec 2021 21:23:15 +0000 (21:23 +0000)]
Merge 389-ds-base (2.0.11-2) import into refs/heads/workingbranch
Timo Aaltonen [Wed, 15 Dec 2021 19:40:38 +0000 (21:40 +0200)]
[PATCH] Revert "Issue 3584 - Fix PBKDF2_SHA256 hashing in FIPS mode (#4949)"
This reverts commit
b0d06615e1117799ec156d51489cd49c92635cca.
Gbp-Pq: Name 0001-Revert-Issue-3584-Fix-PBKDF2_SHA256-hashing-in-FIPS-.patch
Debian FreeIPA Team [Wed, 15 Dec 2021 21:23:15 +0000 (21:23 +0000)]
fix-saslpath
Gbp-Pq: Name fix-saslpath.diff
Timo Aaltonen [Wed, 15 Dec 2021 21:23:15 +0000 (21:23 +0000)]
389-ds-base (2.0.11-2) unstable; urgency=medium
* Revert a commit that makes dscreate to fail.
[dgit import unpatched 389-ds-base 2.0.11-2]
Timo Aaltonen [Wed, 15 Dec 2021 21:23:15 +0000 (21:23 +0000)]
Import 389-ds-base_2.0.11-2.debian.tar.xz
[dgit import tarball 389-ds-base 2.0.11-2 389-ds-base_2.0.11-2.debian.tar.xz]
Timo Aaltonen [Wed, 15 Dec 2021 19:03:20 +0000 (19:03 +0000)]
Import 389-ds-base_2.0.11.orig.tar.gz
[dgit import orig 389-ds-base_2.0.11.orig.tar.gz]
Raspbian automatic forward porter [Tue, 26 Oct 2021 22:55:10 +0000 (23:55 +0100)]
Merge version 1.4.4.16-1+rpi1 and 1.4.4.17-1 to produce 1.4.4.17-1+rpi1
Timo Aaltonen [Mon, 18 Oct 2021 15:36:30 +0000 (16:36 +0100)]
Merge 389-ds-base (1.4.4.17-1) import into refs/heads/workingbranch
Debian FreeIPA Team [Mon, 18 Oct 2021 15:36:30 +0000 (16:36 +0100)]
fix-saslpath
Gbp-Pq: Name fix-saslpath.diff
Timo Aaltonen [Mon, 18 Oct 2021 15:36:30 +0000 (16:36 +0100)]
389-ds-base (1.4.4.17-1) unstable; urgency=medium
* New upstream release.
- CVE-2021-3652 (Closes: #991405)
* tests: Add isolation-container to restrictions.
* Add a dependency to libjemalloc2, and add a symlink to it so the
preload works. (Closes: #992696)
* CVE-2017-15135.patch: Dropped, fixed by upstream issue #4817.
[dgit import unpatched 389-ds-base 1.4.4.17-1]
Timo Aaltonen [Mon, 18 Oct 2021 15:36:30 +0000 (16:36 +0100)]
Import 389-ds-base_1.4.4.17.orig.tar.gz
[dgit import orig 389-ds-base_1.4.4.17.orig.tar.gz]
Timo Aaltonen [Mon, 18 Oct 2021 15:36:30 +0000 (16:36 +0100)]
Import 389-ds-base_1.4.4.17-1.debian.tar.xz
[dgit import tarball 389-ds-base 1.4.4.17-1 389-ds-base_1.4.4.17-1.debian.tar.xz]
Raspbian automatic forward porter [Tue, 14 Sep 2021 23:57:58 +0000 (00:57 +0100)]
Merge version 1.4.4.11-2+rpi1 and 1.4.4.16-1 to produce 1.4.4.16-1+rpi1
Timo Aaltonen [Mon, 16 Aug 2021 06:54:52 +0000 (07:54 +0100)]
Merge 389-ds-base (1.4.4.16-1) import into refs/heads/workingbranch
William Brown [Thu, 18 Jan 2018 01:27:58 +0000 (11:27 +1000)]
[PATCH] Ticket bz1525628 - invalid password migration causes unauth bind
Bug Description: Slapi_ct_memcmp expects both inputs to be
at LEAST size n. If they are not, we only compared UP to n.
Invalid migrations of passwords (IE {CRYPT}XX) would create
a pw which is just salt and no hash. ct_memcmp would then
only verify the salt bits and would allow the authentication.
This relies on an administrative mistake both of allowing
password migration (nsslapd-allow-hashed-passwords) and then
subsequently migrating an INVALID password to the server.
Fix Description: slapi_ct_memcmp now access n1, n2 size
and will FAIL if they are not the same, but will still compare
n bytes, where n is the "longest" memory, to the first byte
of the other to prevent length disclosure of the shorter
value (generally the mis-migrated password)
https://bugzilla.redhat.com/show_bug.cgi?id=
1525628
Author: wibrown
Review by: ???
Gbp-Pq: Name CVE-2017-15135.patch
Debian FreeIPA Team [Mon, 16 Aug 2021 06:54:52 +0000 (07:54 +0100)]
fix-saslpath
Gbp-Pq: Name fix-saslpath.diff
Timo Aaltonen [Mon, 16 Aug 2021 06:54:52 +0000 (07:54 +0100)]
389-ds-base (1.4.4.16-1) unstable; urgency=medium
* New upstream release.
* fix-s390x-failure.diff: Dropped, upstream.
* watch: Updated to use github.
* copyright: Fix 'globbing-patterns-out-of-order'.
[dgit import unpatched 389-ds-base 1.4.4.16-1]
Timo Aaltonen [Mon, 16 Aug 2021 06:54:52 +0000 (07:54 +0100)]
Import 389-ds-base_1.4.4.16.orig.tar.gz
[dgit import orig 389-ds-base_1.4.4.16.orig.tar.gz]
Timo Aaltonen [Mon, 16 Aug 2021 06:54:52 +0000 (07:54 +0100)]
Import 389-ds-base_1.4.4.16-1.debian.tar.xz
[dgit import tarball 389-ds-base 1.4.4.16-1 389-ds-base_1.4.4.16-1.debian.tar.xz]
Raspbian automatic forward porter [Fri, 28 May 2021 06:17:09 +0000 (07:17 +0100)]
Merge version 1.4.4.11-1+rpi1 and 1.4.4.11-2 to produce 1.4.4.11-2+rpi1
Timo Aaltonen [Wed, 19 May 2021 11:22:15 +0000 (12:22 +0100)]
Merge 389-ds-base (1.4.4.11-2) import into refs/heads/workingbranch
tbordaz [Tue, 27 Apr 2021 07:29:32 +0000 (09:29 +0200)]
[PATCH] Issue 4711 - SIGSEV with sync_repl (#4738)
Bug description:
sync_repl sends back entries identified with a unique
identifier that is 'nsuniqueid'. If 'nsuniqueid' is
missing, then it may crash
Fix description:
Check a nsuniqueid is available else returns OP_ERR
relates: https://github.com/389ds/389-ds-base/issues/4711
Reviewed by: Pierre Rogier, James Chapman, William Brown (Thanks!)
Platforms tested: F33
Gbp-Pq: Name 4711-SIGSEV-with-sync_repl-4738.patch
Debian FreeIPA Team [Wed, 19 May 2021 11:22:15 +0000 (12:22 +0100)]
fix-s390x-failure
commit
900e6fdcf152dd696b5ae189cb1d7c67ab143bae
Author: tbordaz <tbordaz@redhat.com>
Date: Thu Jan 28 10:39:31 2021 +0100
Issue 4563 - Failure on s390x: 'Fails to split RDN "o=pki-tomcat-CA" into components' (#4573)
Bug description:
SLAPI_OPERATION_TYPE is a stored/read as an int (slapi_pblock_get/set).
This although the storage field is an unsigned long.
Calling slapi_pblock_get with an long (8 btyes) destination creates
a problem on big-endian (s390x).
Fix description:
Define destination op_type as an int (4 bytes)
relates: https://github.com/389ds/389-ds-base/issues/4563
Reviewed by: Mark Reynolds, William Brown
Platforms tested: F31 (little endian), Debian (big endian)
Gbp-Pq: Name fix-s390x-failure.diff
William Brown [Thu, 18 Jan 2018 01:27:58 +0000 (11:27 +1000)]
[PATCH] Ticket bz1525628 - invalid password migration causes unauth bind
Bug Description: Slapi_ct_memcmp expects both inputs to be
at LEAST size n. If they are not, we only compared UP to n.
Invalid migrations of passwords (IE {CRYPT}XX) would create
a pw which is just salt and no hash. ct_memcmp would then
only verify the salt bits and would allow the authentication.
This relies on an administrative mistake both of allowing
password migration (nsslapd-allow-hashed-passwords) and then
subsequently migrating an INVALID password to the server.
Fix Description: slapi_ct_memcmp now access n1, n2 size
and will FAIL if they are not the same, but will still compare
n bytes, where n is the "longest" memory, to the first byte
of the other to prevent length disclosure of the shorter
value (generally the mis-migrated password)
https://bugzilla.redhat.com/show_bug.cgi?id=
1525628
Author: wibrown
Review by: ???
Gbp-Pq: Name CVE-2017-15135.patch
Debian FreeIPA Team [Wed, 19 May 2021 11:22:15 +0000 (12:22 +0100)]
fix-saslpath
Gbp-Pq: Name fix-saslpath.diff
Timo Aaltonen [Wed, 19 May 2021 11:22:15 +0000 (12:22 +0100)]
389-ds-base (1.4.4.11-2) unstable; urgency=medium
* 4711-SIGSEV-with-sync_repl-4738.patch: Fix CVE-2021-3514. (Closes:
#988727)
[dgit import unpatched 389-ds-base 1.4.4.11-2]
Timo Aaltonen [Wed, 19 May 2021 11:22:15 +0000 (12:22 +0100)]
Import 389-ds-base_1.4.4.11-2.debian.tar.xz
[dgit import tarball 389-ds-base 1.4.4.11-2 389-ds-base_1.4.4.11-2.debian.tar.xz]
Raspbian automatic forward porter [Fri, 5 Feb 2021 14:07:18 +0000 (14:07 +0000)]
Merge version 1.4.4.10-1+rpi1 and 1.4.4.11-1 to produce 1.4.4.11-1+rpi1
Timo Aaltonen [Thu, 28 Jan 2021 11:03:32 +0000 (11:03 +0000)]
Merge 389-ds-base (1.4.4.11-1) import into refs/heads/workingbranch
Timo Aaltonen [Thu, 28 Jan 2021 11:03:32 +0000 (11:03 +0000)]
Import 389-ds-base_1.4.4.11.orig.tar.bz2
[dgit import orig 389-ds-base_1.4.4.11.orig.tar.bz2]
Debian FreeIPA Team [Thu, 28 Jan 2021 11:03:32 +0000 (11:03 +0000)]
fix-s390x-failure
commit
900e6fdcf152dd696b5ae189cb1d7c67ab143bae
Author: tbordaz <tbordaz@redhat.com>
Date: Thu Jan 28 10:39:31 2021 +0100
Issue 4563 - Failure on s390x: 'Fails to split RDN "o=pki-tomcat-CA" into components' (#4573)
Bug description:
SLAPI_OPERATION_TYPE is a stored/read as an int (slapi_pblock_get/set).
This although the storage field is an unsigned long.
Calling slapi_pblock_get with an long (8 btyes) destination creates
a problem on big-endian (s390x).
Fix description:
Define destination op_type as an int (4 bytes)
relates: https://github.com/389ds/389-ds-base/issues/4563
Reviewed by: Mark Reynolds, William Brown
Platforms tested: F31 (little endian), Debian (big endian)
Gbp-Pq: Name fix-s390x-failure.diff
William Brown [Thu, 18 Jan 2018 01:27:58 +0000 (11:27 +1000)]
[PATCH] Ticket bz1525628 - invalid password migration causes unauth bind
Bug Description: Slapi_ct_memcmp expects both inputs to be
at LEAST size n. If they are not, we only compared UP to n.
Invalid migrations of passwords (IE {CRYPT}XX) would create
a pw which is just salt and no hash. ct_memcmp would then
only verify the salt bits and would allow the authentication.
This relies on an administrative mistake both of allowing
password migration (nsslapd-allow-hashed-passwords) and then
subsequently migrating an INVALID password to the server.
Fix Description: slapi_ct_memcmp now access n1, n2 size
and will FAIL if they are not the same, but will still compare
n bytes, where n is the "longest" memory, to the first byte
of the other to prevent length disclosure of the shorter
value (generally the mis-migrated password)
https://bugzilla.redhat.com/show_bug.cgi?id=
1525628
Author: wibrown
Review by: ???
Gbp-Pq: Name CVE-2017-15135.patch
Debian FreeIPA Team [Thu, 28 Jan 2021 11:03:32 +0000 (11:03 +0000)]
fix-saslpath
Gbp-Pq: Name fix-saslpath.diff
Timo Aaltonen [Thu, 28 Jan 2021 11:03:32 +0000 (11:03 +0000)]
389-ds-base (1.4.4.11-1) unstable; urgency=medium
* New upstream release.
* fix-s390x-failure.diff: Fix a crash on big-endian architectures like
s390x.
[dgit import unpatched 389-ds-base 1.4.4.11-1]
Timo Aaltonen [Thu, 28 Jan 2021 11:03:32 +0000 (11:03 +0000)]
Import 389-ds-base_1.4.4.11-1.debian.tar.xz
[dgit import tarball 389-ds-base 1.4.4.11-1 389-ds-base_1.4.4.11-1.debian.tar.xz]
Raspbian automatic forward porter [Mon, 25 Jan 2021 03:45:08 +0000 (03:45 +0000)]
Merge version 1.4.4.9-1+rpi1 and 1.4.4.10-1 to produce 1.4.4.10-1+rpi1
Timo Aaltonen [Thu, 21 Jan 2021 20:16:28 +0000 (20:16 +0000)]
Merge 389-ds-base (1.4.4.10-1) import into refs/heads/workingbranch
William Brown [Thu, 18 Jan 2018 01:27:58 +0000 (11:27 +1000)]
[PATCH] Ticket bz1525628 - invalid password migration causes unauth bind
Bug Description: Slapi_ct_memcmp expects both inputs to be
at LEAST size n. If they are not, we only compared UP to n.
Invalid migrations of passwords (IE {CRYPT}XX) would create
a pw which is just salt and no hash. ct_memcmp would then
only verify the salt bits and would allow the authentication.
This relies on an administrative mistake both of allowing
password migration (nsslapd-allow-hashed-passwords) and then
subsequently migrating an INVALID password to the server.
Fix Description: slapi_ct_memcmp now access n1, n2 size
and will FAIL if they are not the same, but will still compare
n bytes, where n is the "longest" memory, to the first byte
of the other to prevent length disclosure of the shorter
value (generally the mis-migrated password)
https://bugzilla.redhat.com/show_bug.cgi?id=
1525628
Author: wibrown
Review by: ???
Gbp-Pq: Name CVE-2017-15135.patch
Debian FreeIPA Team [Thu, 21 Jan 2021 20:16:28 +0000 (20:16 +0000)]
fix-saslpath
Gbp-Pq: Name fix-saslpath.diff
Timo Aaltonen [Thu, 21 Jan 2021 20:16:28 +0000 (20:16 +0000)]
389-ds-base (1.4.4.10-1) unstable; urgency=medium
* New upstream release.
* CVE-2017-15135.patch: Refreshed.
* source: Update diff-ignore.
* install: Drop libsds which got removed.
* control: Add libnss3-tools to cockpit-389-ds Depends. (Closes:
#965004)
* control: Drop python3-six from depends.
[dgit import unpatched 389-ds-base 1.4.4.10-1]
Timo Aaltonen [Thu, 21 Jan 2021 20:16:28 +0000 (20:16 +0000)]
Import 389-ds-base_1.4.4.10.orig.tar.bz2
[dgit import orig 389-ds-base_1.4.4.10.orig.tar.bz2]
Timo Aaltonen [Thu, 21 Jan 2021 20:16:28 +0000 (20:16 +0000)]
Import 389-ds-base_1.4.4.10-1.debian.tar.xz
[dgit import tarball 389-ds-base 1.4.4.10-1 389-ds-base_1.4.4.10-1.debian.tar.xz]
Raspbian automatic forward porter [Sun, 20 Dec 2020 11:52:37 +0000 (11:52 +0000)]
Merge version 1.4.4.8-1+rpi1 and 1.4.4.9-1 to produce 1.4.4.9-1+rpi1
Timo Aaltonen [Fri, 18 Dec 2020 13:29:20 +0000 (13:29 +0000)]
Merge 389-ds-base (1.4.4.9-1) import into refs/heads/workingbranch
William Brown [Thu, 18 Jan 2018 01:27:58 +0000 (11:27 +1000)]
[PATCH] Ticket bz1525628 - invalid password migration causes unauth bind
Bug Description: Slapi_ct_memcmp expects both inputs to be
at LEAST size n. If they are not, we only compared UP to n.
Invalid migrations of passwords (IE {CRYPT}XX) would create
a pw which is just salt and no hash. ct_memcmp would then
only verify the salt bits and would allow the authentication.
This relies on an administrative mistake both of allowing
password migration (nsslapd-allow-hashed-passwords) and then
subsequently migrating an INVALID password to the server.
Fix Description: slapi_ct_memcmp now access n1, n2 size
and will FAIL if they are not the same, but will still compare
n bytes, where n is the "longest" memory, to the first byte
of the other to prevent length disclosure of the shorter
value (generally the mis-migrated password)
https://bugzilla.redhat.com/show_bug.cgi?id=
1525628
Author: wibrown
Review by: ???
Gbp-Pq: Name CVE-2017-15135.patch
Debian FreeIPA Team [Fri, 18 Dec 2020 13:29:20 +0000 (13:29 +0000)]
fix-saslpath
Gbp-Pq: Name fix-saslpath.diff
Timo Aaltonen [Fri, 18 Dec 2020 13:29:20 +0000 (13:29 +0000)]
389-ds-base (1.4.4.9-1) unstable; urgency=medium
* New upstream release.
* fix-prlog-include.diff: Dropped, upstream.
[dgit import unpatched 389-ds-base 1.4.4.9-1]
Timo Aaltonen [Fri, 18 Dec 2020 13:29:20 +0000 (13:29 +0000)]
Import 389-ds-base_1.4.4.9.orig.tar.bz2
[dgit import orig 389-ds-base_1.4.4.9.orig.tar.bz2]
Timo Aaltonen [Fri, 18 Dec 2020 13:29:20 +0000 (13:29 +0000)]
Import 389-ds-base_1.4.4.9-1.debian.tar.xz
[dgit import tarball 389-ds-base 1.4.4.9-1 389-ds-base_1.4.4.9-1.debian.tar.xz]
Raspbian automatic forward porter [Tue, 17 Nov 2020 15:23:47 +0000 (15:23 +0000)]
Merge version 1.4.4.4-1+rpi1 and 1.4.4.8-1 to produce 1.4.4.8-1+rpi1
Timo Aaltonen [Thu, 12 Nov 2020 13:57:11 +0000 (13:57 +0000)]
Merge 389-ds-base (1.4.4.8-1) import into refs/heads/workingbranch
Debian FreeIPA Team [Thu, 12 Nov 2020 13:57:11 +0000 (13:57 +0000)]
fix-prlog-include
Gbp-Pq: Name fix-prlog-include.diff
William Brown [Thu, 18 Jan 2018 01:27:58 +0000 (11:27 +1000)]
[PATCH] Ticket bz1525628 - invalid password migration causes unauth bind
Bug Description: Slapi_ct_memcmp expects both inputs to be
at LEAST size n. If they are not, we only compared UP to n.
Invalid migrations of passwords (IE {CRYPT}XX) would create
a pw which is just salt and no hash. ct_memcmp would then
only verify the salt bits and would allow the authentication.
This relies on an administrative mistake both of allowing
password migration (nsslapd-allow-hashed-passwords) and then
subsequently migrating an INVALID password to the server.
Fix Description: slapi_ct_memcmp now access n1, n2 size
and will FAIL if they are not the same, but will still compare
n bytes, where n is the "longest" memory, to the first byte
of the other to prevent length disclosure of the shorter
value (generally the mis-migrated password)
https://bugzilla.redhat.com/show_bug.cgi?id=
1525628
Author: wibrown
Review by: ???
Gbp-Pq: Name CVE-2017-15135.patch
Debian FreeIPA Team [Thu, 12 Nov 2020 13:57:11 +0000 (13:57 +0000)]
fix-saslpath
Gbp-Pq: Name fix-saslpath.diff
Timo Aaltonen [Thu, 12 Nov 2020 13:57:11 +0000 (13:57 +0000)]
389-ds-base (1.4.4.8-1) unstable; urgency=medium
* New upstream release.
* fix-systemctl-path.diff, drop-old-man.diff: Dropped, obsolete.
* fix-prlog-include.diff: Fix build by dropping nspr4/ prefix.
* install, rules: Clean up perl cruft that got removed upstream.
* install: Add openldap_to_ds.
* watch: Follow 1.4.4.x.
[dgit import unpatched 389-ds-base 1.4.4.8-1]
Timo Aaltonen [Thu, 12 Nov 2020 13:57:11 +0000 (13:57 +0000)]
Import 389-ds-base_1.4.4.8.orig.tar.bz2
[dgit import orig 389-ds-base_1.4.4.8.orig.tar.bz2]
Timo Aaltonen [Thu, 12 Nov 2020 13:57:11 +0000 (13:57 +0000)]
Import 389-ds-base_1.4.4.8-1.debian.tar.xz
[dgit import tarball 389-ds-base 1.4.4.8-1 389-ds-base_1.4.4.8-1.debian.tar.xz]
Raspbian automatic forward porter [Sat, 31 Oct 2020 14:12:44 +0000 (14:12 +0000)]
Merge version 1.4.4.3-1+rpi1 and 1.4.4.4-1 to produce 1.4.4.4-1+rpi1
Timo Aaltonen [Tue, 22 Sep 2020 06:23:30 +0000 (07:23 +0100)]
Merge 389-ds-base (1.4.4.4-1) import into refs/heads/workingbranch
Debian FreeIPA Team [Tue, 22 Sep 2020 06:23:30 +0000 (07:23 +0100)]
drop-old-man
Gbp-Pq: Name drop-old-man.diff
William Brown [Thu, 18 Jan 2018 01:27:58 +0000 (11:27 +1000)]
[PATCH] Ticket bz1525628 - invalid password migration causes unauth bind
Bug Description: Slapi_ct_memcmp expects both inputs to be
at LEAST size n. If they are not, we only compared UP to n.
Invalid migrations of passwords (IE {CRYPT}XX) would create
a pw which is just salt and no hash. ct_memcmp would then
only verify the salt bits and would allow the authentication.
This relies on an administrative mistake both of allowing
password migration (nsslapd-allow-hashed-passwords) and then
subsequently migrating an INVALID password to the server.
Fix Description: slapi_ct_memcmp now access n1, n2 size
and will FAIL if they are not the same, but will still compare
n bytes, where n is the "longest" memory, to the first byte
of the other to prevent length disclosure of the shorter
value (generally the mis-migrated password)
https://bugzilla.redhat.com/show_bug.cgi?id=
1525628
Author: wibrown
Review by: ???
Gbp-Pq: Name CVE-2017-15135.patch
Timo Aaltonen [Tue, 22 Sep 2020 06:23:30 +0000 (07:23 +0100)]
Fix the path to systemctl binary
Gbp-Pq: Name fix-systemctl-path.diff
Debian FreeIPA Team [Tue, 22 Sep 2020 06:23:30 +0000 (07:23 +0100)]
fix-saslpath
Gbp-Pq: Name fix-saslpath.diff
Timo Aaltonen [Tue, 22 Sep 2020 06:23:30 +0000 (07:23 +0100)]
389-ds-base (1.4.4.4-1) unstable; urgency=medium
* New upstream release.
* watch: Update upstream git repo url.
* control: Add python3-dateutil to build-depends.
* copyright: Drop duplicate globbing patterns.
* lintian: Drop obsolete overrides.
* postinst: Drop obsolete rule to upgrade the instances.
* prerm: Use dsctl instead of remove-ds.
[dgit import unpatched 389-ds-base 1.4.4.4-1]
Timo Aaltonen [Tue, 22 Sep 2020 06:23:30 +0000 (07:23 +0100)]
Import 389-ds-base_1.4.4.4.orig.tar.bz2
[dgit import orig 389-ds-base_1.4.4.4.orig.tar.bz2]
Timo Aaltonen [Tue, 22 Sep 2020 06:23:30 +0000 (07:23 +0100)]
Import 389-ds-base_1.4.4.4-1.debian.tar.xz
[dgit import tarball 389-ds-base 1.4.4.4-1 389-ds-base_1.4.4.4-1.debian.tar.xz]
Raspbian automatic forward porter [Sat, 6 Jun 2020 18:08:41 +0000 (19:08 +0100)]
Merge version 1.4.3.6-2+rpi1 and 1.4.4.3-1 to produce 1.4.4.3-1+rpi1
Timo Aaltonen [Tue, 2 Jun 2020 08:33:44 +0000 (09:33 +0100)]
Merge 389-ds-base (1.4.4.3-1) import into refs/heads/workingbranch
Debian FreeIPA Team [Tue, 2 Jun 2020 08:33:44 +0000 (09:33 +0100)]
drop-old-man
Gbp-Pq: Name drop-old-man.diff
William Brown [Thu, 18 Jan 2018 01:27:58 +0000 (11:27 +1000)]
[PATCH] Ticket bz1525628 - invalid password migration causes unauth bind
Bug Description: Slapi_ct_memcmp expects both inputs to be
at LEAST size n. If they are not, we only compared UP to n.
Invalid migrations of passwords (IE {CRYPT}XX) would create
a pw which is just salt and no hash. ct_memcmp would then
only verify the salt bits and would allow the authentication.
This relies on an administrative mistake both of allowing
password migration (nsslapd-allow-hashed-passwords) and then
subsequently migrating an INVALID password to the server.
Fix Description: slapi_ct_memcmp now access n1, n2 size
and will FAIL if they are not the same, but will still compare
n bytes, where n is the "longest" memory, to the first byte
of the other to prevent length disclosure of the shorter
value (generally the mis-migrated password)
https://bugzilla.redhat.com/show_bug.cgi?id=
1525628
Author: wibrown
Review by: ???
Gbp-Pq: Name CVE-2017-15135.patch
Timo Aaltonen [Tue, 2 Jun 2020 08:33:44 +0000 (09:33 +0100)]
Fix the path to systemctl binary
Gbp-Pq: Name fix-systemctl-path.diff
Debian FreeIPA Team [Tue, 2 Jun 2020 08:33:44 +0000 (09:33 +0100)]
fix-saslpath
Gbp-Pq: Name fix-saslpath.diff
Timo Aaltonen [Tue, 2 Jun 2020 08:33:44 +0000 (09:33 +0100)]
389-ds-base (1.4.4.3-1) unstable; urgency=medium
* New upstream release.
* fix-db-home-dir.diff: Dropped, upstream.
[dgit import unpatched 389-ds-base 1.4.4.3-1]
Timo Aaltonen [Tue, 2 Jun 2020 08:33:44 +0000 (09:33 +0100)]
Import 389-ds-base_1.4.4.3.orig.tar.bz2
[dgit import orig 389-ds-base_1.4.4.3.orig.tar.bz2]
Timo Aaltonen [Tue, 2 Jun 2020 08:33:44 +0000 (09:33 +0100)]
Import 389-ds-base_1.4.4.3-1.debian.tar.xz
[dgit import tarball 389-ds-base 1.4.4.3-1 389-ds-base_1.4.4.3-1.debian.tar.xz]
Raspbian automatic forward porter [Fri, 24 Apr 2020 21:25:12 +0000 (22:25 +0100)]
Merge version 1.4.3.4-1+rpi1 and 1.4.3.6-2 to produce 1.4.3.6-2+rpi1
Timo Aaltonen [Tue, 21 Apr 2020 17:19:06 +0000 (18:19 +0100)]
Merge 389-ds-base (1.4.3.6-2) import into refs/heads/workingbranch
Debian FreeIPA Team [Tue, 21 Apr 2020 17:19:06 +0000 (18:19 +0100)]
fix-db-home-dir
Gbp-Pq: Name fix-db-home-dir.diff
Debian FreeIPA Team [Tue, 21 Apr 2020 17:19:06 +0000 (18:19 +0100)]
drop-old-man
Gbp-Pq: Name drop-old-man.diff
William Brown [Thu, 18 Jan 2018 01:27:58 +0000 (11:27 +1000)]
[PATCH] Ticket bz1525628 - invalid password migration causes unauth bind
Bug Description: Slapi_ct_memcmp expects both inputs to be
at LEAST size n. If they are not, we only compared UP to n.
Invalid migrations of passwords (IE {CRYPT}XX) would create
a pw which is just salt and no hash. ct_memcmp would then
only verify the salt bits and would allow the authentication.
This relies on an administrative mistake both of allowing
password migration (nsslapd-allow-hashed-passwords) and then
subsequently migrating an INVALID password to the server.
Fix Description: slapi_ct_memcmp now access n1, n2 size
and will FAIL if they are not the same, but will still compare
n bytes, where n is the "longest" memory, to the first byte
of the other to prevent length disclosure of the shorter
value (generally the mis-migrated password)
https://bugzilla.redhat.com/show_bug.cgi?id=
1525628
Author: wibrown
Review by: ???
Gbp-Pq: Name CVE-2017-15135.patch
Timo Aaltonen [Tue, 21 Apr 2020 17:19:06 +0000 (18:19 +0100)]
Fix the path to systemctl binary
Gbp-Pq: Name fix-systemctl-path.diff
Debian FreeIPA Team [Tue, 21 Apr 2020 17:19:06 +0000 (18:19 +0100)]
fix-saslpath
Gbp-Pq: Name fix-saslpath.diff
Timo Aaltonen [Tue, 21 Apr 2020 17:19:06 +0000 (18:19 +0100)]
389-ds-base (1.4.3.6-2) unstable; urgency=medium
* fix-db-home-dir.diff: Set db_home_dir same as db_dir to fix an issue
starting a newly created instance.
[dgit import unpatched 389-ds-base 1.4.3.6-2]
Timo Aaltonen [Tue, 21 Apr 2020 17:19:06 +0000 (18:19 +0100)]
Import 389-ds-base_1.4.3.6-2.debian.tar.xz
[dgit import tarball 389-ds-base 1.4.3.6-2 389-ds-base_1.4.3.6-2.debian.tar.xz]
Timo Aaltonen [Mon, 20 Apr 2020 12:01:35 +0000 (13:01 +0100)]
Import 389-ds-base_1.4.3.6.orig.tar.bz2
[dgit import orig 389-ds-base_1.4.3.6.orig.tar.bz2]
Raspbian automatic forward porter [Fri, 20 Mar 2020 21:07:47 +0000 (21:07 +0000)]
Merge version 1.4.3.2-1+rpi1 and 1.4.3.4-1 to produce 1.4.3.4-1+rpi1
Timo Aaltonen [Wed, 18 Mar 2020 06:47:32 +0000 (06:47 +0000)]
Merge 389-ds-base (1.4.3.4-1) import into refs/heads/workingbranch
Debian FreeIPA Team [Wed, 18 Mar 2020 06:47:32 +0000 (06:47 +0000)]
drop-old-man
Gbp-Pq: Name drop-old-man.diff
William Brown [Thu, 18 Jan 2018 01:27:58 +0000 (11:27 +1000)]
[PATCH] Ticket bz1525628 - invalid password migration causes unauth bind
Bug Description: Slapi_ct_memcmp expects both inputs to be
at LEAST size n. If they are not, we only compared UP to n.
Invalid migrations of passwords (IE {CRYPT}XX) would create
a pw which is just salt and no hash. ct_memcmp would then
only verify the salt bits and would allow the authentication.
This relies on an administrative mistake both of allowing
password migration (nsslapd-allow-hashed-passwords) and then
subsequently migrating an INVALID password to the server.
Fix Description: slapi_ct_memcmp now access n1, n2 size
and will FAIL if they are not the same, but will still compare
n bytes, where n is the "longest" memory, to the first byte
of the other to prevent length disclosure of the shorter
value (generally the mis-migrated password)
https://bugzilla.redhat.com/show_bug.cgi?id=
1525628
Author: wibrown
Review by: ???
Gbp-Pq: Name CVE-2017-15135.patch
Timo Aaltonen [Wed, 18 Mar 2020 06:47:32 +0000 (06:47 +0000)]
Fix the path to systemctl binary
Gbp-Pq: Name fix-systemctl-path.diff
Debian FreeIPA Team [Wed, 18 Mar 2020 06:47:32 +0000 (06:47 +0000)]
fix-saslpath
Gbp-Pq: Name fix-saslpath.diff
Timo Aaltonen [Wed, 18 Mar 2020 06:47:32 +0000 (06:47 +0000)]
389-ds-base (1.4.3.4-1) unstable; urgency=medium
* New upstream release.
* Add debian/gitlab-ci.yml.
- allow blhc to fail
* control: Bump policy to 4.5.0.
* control: Use https url for upstream.
* control: Use canonical URL in Vcs-Browser.
* copyright: Use spaces rather than tabs to start continuation lines.
* Add lintian-overrides for the source, cockpit index.js has long lines.
[dgit import unpatched 389-ds-base 1.4.3.4-1]
projects / 389-ds-base.git / log