Bo YU [Thu, 28 Dec 2023 07:26:49 +0000 (15:26 +0800)]
Merge 389-ds-base (2.3.4+dfsg1-1.1) import into refs/heads/workingbranch
Peter Michael Green [Thu, 28 Dec 2023 07:26:49 +0000 (15:26 +0800)]
update for base64 0.21
Gbp-Pq: Name base64-0.21.diff
Debian FreeIPA Team [Thu, 28 Dec 2023 07:26:49 +0000 (15:26 +0800)]
allow-newer-crates
Gbp-Pq: Name allow-newer-crates.diff
Debian FreeIPA Team [Thu, 28 Dec 2023 07:26:49 +0000 (15:26 +0800)]
use-packaged-rust-registry
Gbp-Pq: Name use-packaged-rust-registry.diff
Debian FreeIPA Team [Thu, 28 Dec 2023 07:26:49 +0000 (15:26 +0800)]
fix-saslpath
Gbp-Pq: Name fix-saslpath.diff
Bo YU [Thu, 28 Dec 2023 07:26:49 +0000 (15:26 +0800)]
389-ds-base (2.3.4+dfsg1-1.1) unstable; urgency=medium
* Non-maintainer upload.
* Add librust-clap-3-dev on B-D. (Closes: #
1052626)
[dgit import unpatched 389-ds-base 2.3.4+dfsg1-1.1]
Bo YU [Thu, 28 Dec 2023 07:26:49 +0000 (15:26 +0800)]
Import 389-ds-base_2.3.4+dfsg1-1.1.debian.tar.xz
[dgit import tarball 389-ds-base 2.3.4+dfsg1-1.1 389-ds-base_2.3.4+dfsg1-1.1.debian.tar.xz]
Timo Aaltonen [Mon, 19 Jun 2023 16:13:30 +0000 (17:13 +0100)]
Merge 389-ds-base (2.3.4+dfsg1-1) import into refs/heads/workingbranch
Timo Aaltonen [Mon, 19 Jun 2023 16:13:30 +0000 (19:13 +0300)]
Import 389-ds-base_2.3.4+dfsg1.orig.tar.xz
[dgit import orig 389-ds-base_2.3.4+dfsg1.orig.tar.xz]
Peter Michael Green [Mon, 19 Jun 2023 16:13:30 +0000 (17:13 +0100)]
update for base64 0.21
Gbp-Pq: Name base64-0.21.diff
Debian FreeIPA Team [Mon, 19 Jun 2023 16:13:30 +0000 (17:13 +0100)]
allow-newer-crates
Gbp-Pq: Name allow-newer-crates.diff
Debian FreeIPA Team [Mon, 19 Jun 2023 16:13:30 +0000 (17:13 +0100)]
use-packaged-rust-registry
Gbp-Pq: Name use-packaged-rust-registry.diff
Debian FreeIPA Team [Mon, 19 Jun 2023 16:13:30 +0000 (17:13 +0100)]
fix-saslpath
Gbp-Pq: Name fix-saslpath.diff
Timo Aaltonen [Mon, 19 Jun 2023 16:13:30 +0000 (17:13 +0100)]
389-ds-base (2.3.4+dfsg1-1) unstable; urgency=medium
[ Timo Aaltonen ]
* New upstream release.
* patches: Drop upstreamed or obsolete patches.
* control: Add dependency on python3-cryptography.
[ Peter Michael Green ]
* Improve clean target.
* Use ln -fs instead of ln -s to allow resuming build after fixing errors.
* Fix build with base64 0.21. (Closes: #
1037345)
[dgit import unpatched 389-ds-base 2.3.4+dfsg1-1]
Timo Aaltonen [Mon, 19 Jun 2023 16:13:30 +0000 (17:13 +0100)]
Import 389-ds-base_2.3.4+dfsg1.orig.tar.xz
[dgit import orig 389-ds-base_2.3.4+dfsg1.orig.tar.xz]
Timo Aaltonen [Mon, 19 Jun 2023 16:13:30 +0000 (17:13 +0100)]
Import 389-ds-base_2.3.4+dfsg1-1.debian.tar.xz
[dgit import tarball 389-ds-base 2.3.4+dfsg1-1 389-ds-base_2.3.4+dfsg1-1.debian.tar.xz]
Timo Aaltonen [Tue, 24 Jan 2023 11:21:19 +0000 (11:21 +0000)]
Merge 389-ds-base (2.3.1+dfsg1-1) import into refs/heads/workingbranch
Debian FreeIPA Team [Tue, 24 Jan 2023 11:21:19 +0000 (11:21 +0000)]
allow-newer-crates
Gbp-Pq: Name allow-newer-crates.diff
Debian FreeIPA Team [Tue, 24 Jan 2023 11:21:19 +0000 (11:21 +0000)]
use-packaged-rust-registry
Gbp-Pq: Name use-packaged-rust-registry.diff
Debian FreeIPA Team [Tue, 24 Jan 2023 11:21:19 +0000 (11:21 +0000)]
dont-run-rpm
Gbp-Pq: Name dont-run-rpm.diff
Viktor Ashirov [Fri, 20 Jan 2023 14:46:53 +0000 (15:46 +0100)]
[PATCH] Issue #5610 - Build failure on Debian
Bug Description:
On Debian libslapd.so is not getting linked with libcrypto.so,
which results in `undefined reference` link errors.
Fix Description:
Move -lssl and -lcrypto for libslapd.so from LDFLAGS to LIBADD.
Fixes: https://github.com/389ds/389-ds-base/issues/5610
Reviewed by: ???
Gbp-Pq: Name 5610-fix-linking.diff
Debian FreeIPA Team [Tue, 24 Jan 2023 11:21:19 +0000 (11:21 +0000)]
fix-saslpath
Gbp-Pq: Name fix-saslpath.diff
Timo Aaltonen [Tue, 24 Jan 2023 11:21:19 +0000 (11:21 +0000)]
389-ds-base (2.3.1+dfsg1-1) unstable; urgency=medium
* Repackage the source, filter vendored crates and allow building with
packaged crates.
* d/vendor: Add concread 0.2.21 and uuid 0.8.
* allow-newer-crates.diff, control: Add a bunch of rust crates to
build-deps, and patch toml files to allow newer crates.
* concread: Mark tcache as non-default, fix checksums and ease a dep.
* Update copyright for vendored bits.
[dgit import unpatched 389-ds-base 2.3.1+dfsg1-1]
Timo Aaltonen [Tue, 24 Jan 2023 11:21:19 +0000 (11:21 +0000)]
Import 389-ds-base_2.3.1+dfsg1.orig.tar.xz
[dgit import orig 389-ds-base_2.3.1+dfsg1.orig.tar.xz]
Timo Aaltonen [Tue, 24 Jan 2023 11:21:19 +0000 (11:21 +0000)]
Import 389-ds-base_2.3.1+dfsg1-1.debian.tar.xz
[dgit import tarball 389-ds-base 2.3.1+dfsg1-1 389-ds-base_2.3.1+dfsg1-1.debian.tar.xz]
Timo Aaltonen [Wed, 13 Apr 2022 11:11:20 +0000 (12:11 +0100)]
Merge 389-ds-base (2.0.15-1) import into refs/heads/workingbranch
Timo Aaltonen [Wed, 15 Dec 2021 19:40:38 +0000 (21:40 +0200)]
[PATCH] Revert "Issue 3584 - Fix PBKDF2_SHA256 hashing in FIPS mode (#4949)"
This reverts commit
b0d06615e1117799ec156d51489cd49c92635cca.
Gbp-Pq: Name 0001-Revert-Issue-3584-Fix-PBKDF2_SHA256-hashing-in-FIPS-.patch
Debian FreeIPA Team [Wed, 13 Apr 2022 11:11:20 +0000 (12:11 +0100)]
fix-saslpath
Gbp-Pq: Name fix-saslpath.diff
Timo Aaltonen [Wed, 13 Apr 2022 11:11:20 +0000 (12:11 +0100)]
389-ds-base (2.0.15-1) unstable; urgency=medium
* New upstream release.
[dgit import unpatched 389-ds-base 2.0.15-1]
Timo Aaltonen [Wed, 13 Apr 2022 11:11:20 +0000 (12:11 +0100)]
Import 389-ds-base_2.0.15.orig.tar.gz
[dgit import orig 389-ds-base_2.0.15.orig.tar.gz]
Timo Aaltonen [Wed, 13 Apr 2022 11:11:20 +0000 (12:11 +0100)]
Import 389-ds-base_2.0.15-1.debian.tar.xz
[dgit import tarball 389-ds-base 2.0.15-1 389-ds-base_2.0.15-1.debian.tar.xz]
Timo Aaltonen [Thu, 10 Feb 2022 18:00:45 +0000 (18:00 +0000)]
Merge 389-ds-base (2.0.14-1) import into refs/heads/workingbranch
Timo Aaltonen [Wed, 15 Dec 2021 19:40:38 +0000 (21:40 +0200)]
[PATCH] Revert "Issue 3584 - Fix PBKDF2_SHA256 hashing in FIPS mode (#4949)"
This reverts commit
b0d06615e1117799ec156d51489cd49c92635cca.
Gbp-Pq: Name 0001-Revert-Issue-3584-Fix-PBKDF2_SHA256-hashing-in-FIPS-.patch
Debian FreeIPA Team [Thu, 10 Feb 2022 18:00:45 +0000 (18:00 +0000)]
fix-saslpath
Gbp-Pq: Name fix-saslpath.diff
Timo Aaltonen [Thu, 10 Feb 2022 18:00:45 +0000 (18:00 +0000)]
389-ds-base (2.0.14-1) unstable; urgency=medium
* New upstream release.
* install: Updated.
* control: Bump policy to 4.6.0.
[dgit import unpatched 389-ds-base 2.0.14-1]
Timo Aaltonen [Thu, 10 Feb 2022 18:00:45 +0000 (18:00 +0000)]
Import 389-ds-base_2.0.14.orig.tar.gz
[dgit import orig 389-ds-base_2.0.14.orig.tar.gz]
Timo Aaltonen [Thu, 10 Feb 2022 18:00:45 +0000 (18:00 +0000)]
Import 389-ds-base_2.0.14-1.debian.tar.xz
[dgit import tarball 389-ds-base 2.0.14-1 389-ds-base_2.0.14-1.debian.tar.xz]
Timo Aaltonen [Wed, 15 Dec 2021 21:23:15 +0000 (21:23 +0000)]
Merge 389-ds-base (2.0.11-2) import into refs/heads/workingbranch
Timo Aaltonen [Wed, 15 Dec 2021 19:40:38 +0000 (21:40 +0200)]
[PATCH] Revert "Issue 3584 - Fix PBKDF2_SHA256 hashing in FIPS mode (#4949)"
This reverts commit
b0d06615e1117799ec156d51489cd49c92635cca.
Gbp-Pq: Name 0001-Revert-Issue-3584-Fix-PBKDF2_SHA256-hashing-in-FIPS-.patch
Debian FreeIPA Team [Wed, 15 Dec 2021 21:23:15 +0000 (21:23 +0000)]
fix-saslpath
Gbp-Pq: Name fix-saslpath.diff
Timo Aaltonen [Wed, 15 Dec 2021 21:23:15 +0000 (21:23 +0000)]
389-ds-base (2.0.11-2) unstable; urgency=medium
* Revert a commit that makes dscreate to fail.
[dgit import unpatched 389-ds-base 2.0.11-2]
Timo Aaltonen [Wed, 15 Dec 2021 21:23:15 +0000 (21:23 +0000)]
Import 389-ds-base_2.0.11-2.debian.tar.xz
[dgit import tarball 389-ds-base 2.0.11-2 389-ds-base_2.0.11-2.debian.tar.xz]
Timo Aaltonen [Wed, 15 Dec 2021 19:03:20 +0000 (19:03 +0000)]
Import 389-ds-base_2.0.11.orig.tar.gz
[dgit import orig 389-ds-base_2.0.11.orig.tar.gz]
Timo Aaltonen [Mon, 18 Oct 2021 15:36:30 +0000 (16:36 +0100)]
Merge 389-ds-base (1.4.4.17-1) import into refs/heads/workingbranch
Debian FreeIPA Team [Mon, 18 Oct 2021 15:36:30 +0000 (16:36 +0100)]
fix-saslpath
Gbp-Pq: Name fix-saslpath.diff
Timo Aaltonen [Mon, 18 Oct 2021 15:36:30 +0000 (16:36 +0100)]
389-ds-base (1.4.4.17-1) unstable; urgency=medium
* New upstream release.
- CVE-2021-3652 (Closes: #991405)
* tests: Add isolation-container to restrictions.
* Add a dependency to libjemalloc2, and add a symlink to it so the
preload works. (Closes: #992696)
* CVE-2017-15135.patch: Dropped, fixed by upstream issue #4817.
[dgit import unpatched 389-ds-base 1.4.4.17-1]
Timo Aaltonen [Mon, 18 Oct 2021 15:36:30 +0000 (16:36 +0100)]
Import 389-ds-base_1.4.4.17.orig.tar.gz
[dgit import orig 389-ds-base_1.4.4.17.orig.tar.gz]
Timo Aaltonen [Mon, 18 Oct 2021 15:36:30 +0000 (16:36 +0100)]
Import 389-ds-base_1.4.4.17-1.debian.tar.xz
[dgit import tarball 389-ds-base 1.4.4.17-1 389-ds-base_1.4.4.17-1.debian.tar.xz]
Timo Aaltonen [Mon, 16 Aug 2021 06:54:52 +0000 (07:54 +0100)]
Merge 389-ds-base (1.4.4.16-1) import into refs/heads/workingbranch
William Brown [Thu, 18 Jan 2018 01:27:58 +0000 (11:27 +1000)]
[PATCH] Ticket bz1525628 - invalid password migration causes unauth bind
Bug Description: Slapi_ct_memcmp expects both inputs to be
at LEAST size n. If they are not, we only compared UP to n.
Invalid migrations of passwords (IE {CRYPT}XX) would create
a pw which is just salt and no hash. ct_memcmp would then
only verify the salt bits and would allow the authentication.
This relies on an administrative mistake both of allowing
password migration (nsslapd-allow-hashed-passwords) and then
subsequently migrating an INVALID password to the server.
Fix Description: slapi_ct_memcmp now access n1, n2 size
and will FAIL if they are not the same, but will still compare
n bytes, where n is the "longest" memory, to the first byte
of the other to prevent length disclosure of the shorter
value (generally the mis-migrated password)
https://bugzilla.redhat.com/show_bug.cgi?id=
1525628
Author: wibrown
Review by: ???
Gbp-Pq: Name CVE-2017-15135.patch
Debian FreeIPA Team [Mon, 16 Aug 2021 06:54:52 +0000 (07:54 +0100)]
fix-saslpath
Gbp-Pq: Name fix-saslpath.diff
Timo Aaltonen [Mon, 16 Aug 2021 06:54:52 +0000 (07:54 +0100)]
389-ds-base (1.4.4.16-1) unstable; urgency=medium
* New upstream release.
* fix-s390x-failure.diff: Dropped, upstream.
* watch: Updated to use github.
* copyright: Fix 'globbing-patterns-out-of-order'.
[dgit import unpatched 389-ds-base 1.4.4.16-1]
Timo Aaltonen [Mon, 16 Aug 2021 06:54:52 +0000 (07:54 +0100)]
Import 389-ds-base_1.4.4.16.orig.tar.gz
[dgit import orig 389-ds-base_1.4.4.16.orig.tar.gz]
Timo Aaltonen [Mon, 16 Aug 2021 06:54:52 +0000 (07:54 +0100)]
Import 389-ds-base_1.4.4.16-1.debian.tar.xz
[dgit import tarball 389-ds-base 1.4.4.16-1 389-ds-base_1.4.4.16-1.debian.tar.xz]
Timo Aaltonen [Thu, 28 Jan 2021 11:03:32 +0000 (11:03 +0000)]
Merge 389-ds-base (1.4.4.11-1) import into refs/heads/workingbranch
Debian FreeIPA Team [Thu, 28 Jan 2021 11:03:32 +0000 (11:03 +0000)]
fix-s390x-failure
commit
900e6fdcf152dd696b5ae189cb1d7c67ab143bae
Author: tbordaz <tbordaz@redhat.com>
Date: Thu Jan 28 10:39:31 2021 +0100
Issue 4563 - Failure on s390x: 'Fails to split RDN "o=pki-tomcat-CA" into components' (#4573)
Bug description:
SLAPI_OPERATION_TYPE is a stored/read as an int (slapi_pblock_get/set).
This although the storage field is an unsigned long.
Calling slapi_pblock_get with an long (8 btyes) destination creates
a problem on big-endian (s390x).
Fix description:
Define destination op_type as an int (4 bytes)
relates: https://github.com/389ds/389-ds-base/issues/4563
Reviewed by: Mark Reynolds, William Brown
Platforms tested: F31 (little endian), Debian (big endian)
Gbp-Pq: Name fix-s390x-failure.diff
William Brown [Thu, 18 Jan 2018 01:27:58 +0000 (11:27 +1000)]
[PATCH] Ticket bz1525628 - invalid password migration causes unauth bind
Bug Description: Slapi_ct_memcmp expects both inputs to be
at LEAST size n. If they are not, we only compared UP to n.
Invalid migrations of passwords (IE {CRYPT}XX) would create
a pw which is just salt and no hash. ct_memcmp would then
only verify the salt bits and would allow the authentication.
This relies on an administrative mistake both of allowing
password migration (nsslapd-allow-hashed-passwords) and then
subsequently migrating an INVALID password to the server.
Fix Description: slapi_ct_memcmp now access n1, n2 size
and will FAIL if they are not the same, but will still compare
n bytes, where n is the "longest" memory, to the first byte
of the other to prevent length disclosure of the shorter
value (generally the mis-migrated password)
https://bugzilla.redhat.com/show_bug.cgi?id=
1525628
Author: wibrown
Review by: ???
Gbp-Pq: Name CVE-2017-15135.patch
Debian FreeIPA Team [Thu, 28 Jan 2021 11:03:32 +0000 (11:03 +0000)]
fix-saslpath
Gbp-Pq: Name fix-saslpath.diff
Timo Aaltonen [Thu, 28 Jan 2021 11:03:32 +0000 (11:03 +0000)]
389-ds-base (1.4.4.11-1) unstable; urgency=medium
* New upstream release.
* fix-s390x-failure.diff: Fix a crash on big-endian architectures like
s390x.
[dgit import unpatched 389-ds-base 1.4.4.11-1]
Timo Aaltonen [Thu, 28 Jan 2021 11:03:32 +0000 (11:03 +0000)]
Import 389-ds-base_1.4.4.11.orig.tar.bz2
[dgit import orig 389-ds-base_1.4.4.11.orig.tar.bz2]
Timo Aaltonen [Thu, 28 Jan 2021 11:03:32 +0000 (11:03 +0000)]
Import 389-ds-base_1.4.4.11-1.debian.tar.xz
[dgit import tarball 389-ds-base 1.4.4.11-1 389-ds-base_1.4.4.11-1.debian.tar.xz]
Timo Aaltonen [Thu, 21 Jan 2021 20:16:28 +0000 (20:16 +0000)]
Merge 389-ds-base (1.4.4.10-1) import into refs/heads/workingbranch
William Brown [Thu, 18 Jan 2018 01:27:58 +0000 (11:27 +1000)]
[PATCH] Ticket bz1525628 - invalid password migration causes unauth bind
Bug Description: Slapi_ct_memcmp expects both inputs to be
at LEAST size n. If they are not, we only compared UP to n.
Invalid migrations of passwords (IE {CRYPT}XX) would create
a pw which is just salt and no hash. ct_memcmp would then
only verify the salt bits and would allow the authentication.
This relies on an administrative mistake both of allowing
password migration (nsslapd-allow-hashed-passwords) and then
subsequently migrating an INVALID password to the server.
Fix Description: slapi_ct_memcmp now access n1, n2 size
and will FAIL if they are not the same, but will still compare
n bytes, where n is the "longest" memory, to the first byte
of the other to prevent length disclosure of the shorter
value (generally the mis-migrated password)
https://bugzilla.redhat.com/show_bug.cgi?id=
1525628
Author: wibrown
Review by: ???
Gbp-Pq: Name CVE-2017-15135.patch
Debian FreeIPA Team [Thu, 21 Jan 2021 20:16:28 +0000 (20:16 +0000)]
fix-saslpath
Gbp-Pq: Name fix-saslpath.diff
Timo Aaltonen [Thu, 21 Jan 2021 20:16:28 +0000 (20:16 +0000)]
389-ds-base (1.4.4.10-1) unstable; urgency=medium
* New upstream release.
* CVE-2017-15135.patch: Refreshed.
* source: Update diff-ignore.
* install: Drop libsds which got removed.
* control: Add libnss3-tools to cockpit-389-ds Depends. (Closes:
#965004)
* control: Drop python3-six from depends.
[dgit import unpatched 389-ds-base 1.4.4.10-1]
Timo Aaltonen [Thu, 21 Jan 2021 20:16:28 +0000 (20:16 +0000)]
Import 389-ds-base_1.4.4.10.orig.tar.bz2
[dgit import orig 389-ds-base_1.4.4.10.orig.tar.bz2]
Timo Aaltonen [Thu, 21 Jan 2021 20:16:28 +0000 (20:16 +0000)]
Import 389-ds-base_1.4.4.10-1.debian.tar.xz
[dgit import tarball 389-ds-base 1.4.4.10-1 389-ds-base_1.4.4.10-1.debian.tar.xz]
Timo Aaltonen [Fri, 18 Dec 2020 13:29:20 +0000 (13:29 +0000)]
Merge 389-ds-base (1.4.4.9-1) import into refs/heads/workingbranch
William Brown [Thu, 18 Jan 2018 01:27:58 +0000 (11:27 +1000)]
[PATCH] Ticket bz1525628 - invalid password migration causes unauth bind
Bug Description: Slapi_ct_memcmp expects both inputs to be
at LEAST size n. If they are not, we only compared UP to n.
Invalid migrations of passwords (IE {CRYPT}XX) would create
a pw which is just salt and no hash. ct_memcmp would then
only verify the salt bits and would allow the authentication.
This relies on an administrative mistake both of allowing
password migration (nsslapd-allow-hashed-passwords) and then
subsequently migrating an INVALID password to the server.
Fix Description: slapi_ct_memcmp now access n1, n2 size
and will FAIL if they are not the same, but will still compare
n bytes, where n is the "longest" memory, to the first byte
of the other to prevent length disclosure of the shorter
value (generally the mis-migrated password)
https://bugzilla.redhat.com/show_bug.cgi?id=
1525628
Author: wibrown
Review by: ???
Gbp-Pq: Name CVE-2017-15135.patch
Debian FreeIPA Team [Fri, 18 Dec 2020 13:29:20 +0000 (13:29 +0000)]
fix-saslpath
Gbp-Pq: Name fix-saslpath.diff
Timo Aaltonen [Fri, 18 Dec 2020 13:29:20 +0000 (13:29 +0000)]
389-ds-base (1.4.4.9-1) unstable; urgency=medium
* New upstream release.
* fix-prlog-include.diff: Dropped, upstream.
[dgit import unpatched 389-ds-base 1.4.4.9-1]
Timo Aaltonen [Fri, 18 Dec 2020 13:29:20 +0000 (13:29 +0000)]
Import 389-ds-base_1.4.4.9.orig.tar.bz2
[dgit import orig 389-ds-base_1.4.4.9.orig.tar.bz2]
Timo Aaltonen [Fri, 18 Dec 2020 13:29:20 +0000 (13:29 +0000)]
Import 389-ds-base_1.4.4.9-1.debian.tar.xz
[dgit import tarball 389-ds-base 1.4.4.9-1 389-ds-base_1.4.4.9-1.debian.tar.xz]
Timo Aaltonen [Thu, 12 Nov 2020 13:57:11 +0000 (13:57 +0000)]
Merge 389-ds-base (1.4.4.8-1) import into refs/heads/workingbranch
Debian FreeIPA Team [Thu, 12 Nov 2020 13:57:11 +0000 (13:57 +0000)]
fix-prlog-include
Gbp-Pq: Name fix-prlog-include.diff
William Brown [Thu, 18 Jan 2018 01:27:58 +0000 (11:27 +1000)]
[PATCH] Ticket bz1525628 - invalid password migration causes unauth bind
Bug Description: Slapi_ct_memcmp expects both inputs to be
at LEAST size n. If they are not, we only compared UP to n.
Invalid migrations of passwords (IE {CRYPT}XX) would create
a pw which is just salt and no hash. ct_memcmp would then
only verify the salt bits and would allow the authentication.
This relies on an administrative mistake both of allowing
password migration (nsslapd-allow-hashed-passwords) and then
subsequently migrating an INVALID password to the server.
Fix Description: slapi_ct_memcmp now access n1, n2 size
and will FAIL if they are not the same, but will still compare
n bytes, where n is the "longest" memory, to the first byte
of the other to prevent length disclosure of the shorter
value (generally the mis-migrated password)
https://bugzilla.redhat.com/show_bug.cgi?id=
1525628
Author: wibrown
Review by: ???
Gbp-Pq: Name CVE-2017-15135.patch
Debian FreeIPA Team [Thu, 12 Nov 2020 13:57:11 +0000 (13:57 +0000)]
fix-saslpath
Gbp-Pq: Name fix-saslpath.diff
Timo Aaltonen [Thu, 12 Nov 2020 13:57:11 +0000 (13:57 +0000)]
389-ds-base (1.4.4.8-1) unstable; urgency=medium
* New upstream release.
* fix-systemctl-path.diff, drop-old-man.diff: Dropped, obsolete.
* fix-prlog-include.diff: Fix build by dropping nspr4/ prefix.
* install, rules: Clean up perl cruft that got removed upstream.
* install: Add openldap_to_ds.
* watch: Follow 1.4.4.x.
[dgit import unpatched 389-ds-base 1.4.4.8-1]
Timo Aaltonen [Thu, 12 Nov 2020 13:57:11 +0000 (13:57 +0000)]
Import 389-ds-base_1.4.4.8.orig.tar.bz2
[dgit import orig 389-ds-base_1.4.4.8.orig.tar.bz2]
Timo Aaltonen [Thu, 12 Nov 2020 13:57:11 +0000 (13:57 +0000)]
Import 389-ds-base_1.4.4.8-1.debian.tar.xz
[dgit import tarball 389-ds-base 1.4.4.8-1 389-ds-base_1.4.4.8-1.debian.tar.xz]
Timo Aaltonen [Tue, 22 Sep 2020 06:23:30 +0000 (07:23 +0100)]
Merge 389-ds-base (1.4.4.4-1) import into refs/heads/workingbranch
Debian FreeIPA Team [Tue, 22 Sep 2020 06:23:30 +0000 (07:23 +0100)]
drop-old-man
Gbp-Pq: Name drop-old-man.diff
William Brown [Thu, 18 Jan 2018 01:27:58 +0000 (11:27 +1000)]
[PATCH] Ticket bz1525628 - invalid password migration causes unauth bind
Bug Description: Slapi_ct_memcmp expects both inputs to be
at LEAST size n. If they are not, we only compared UP to n.
Invalid migrations of passwords (IE {CRYPT}XX) would create
a pw which is just salt and no hash. ct_memcmp would then
only verify the salt bits and would allow the authentication.
This relies on an administrative mistake both of allowing
password migration (nsslapd-allow-hashed-passwords) and then
subsequently migrating an INVALID password to the server.
Fix Description: slapi_ct_memcmp now access n1, n2 size
and will FAIL if they are not the same, but will still compare
n bytes, where n is the "longest" memory, to the first byte
of the other to prevent length disclosure of the shorter
value (generally the mis-migrated password)
https://bugzilla.redhat.com/show_bug.cgi?id=
1525628
Author: wibrown
Review by: ???
Gbp-Pq: Name CVE-2017-15135.patch
Timo Aaltonen [Tue, 22 Sep 2020 06:23:30 +0000 (07:23 +0100)]
Fix the path to systemctl binary
Gbp-Pq: Name fix-systemctl-path.diff
Debian FreeIPA Team [Tue, 22 Sep 2020 06:23:30 +0000 (07:23 +0100)]
fix-saslpath
Gbp-Pq: Name fix-saslpath.diff
Timo Aaltonen [Tue, 22 Sep 2020 06:23:30 +0000 (07:23 +0100)]
389-ds-base (1.4.4.4-1) unstable; urgency=medium
* New upstream release.
* watch: Update upstream git repo url.
* control: Add python3-dateutil to build-depends.
* copyright: Drop duplicate globbing patterns.
* lintian: Drop obsolete overrides.
* postinst: Drop obsolete rule to upgrade the instances.
* prerm: Use dsctl instead of remove-ds.
[dgit import unpatched 389-ds-base 1.4.4.4-1]
Timo Aaltonen [Tue, 22 Sep 2020 06:23:30 +0000 (07:23 +0100)]
Import 389-ds-base_1.4.4.4.orig.tar.bz2
[dgit import orig 389-ds-base_1.4.4.4.orig.tar.bz2]
Timo Aaltonen [Tue, 22 Sep 2020 06:23:30 +0000 (07:23 +0100)]
Import 389-ds-base_1.4.4.4-1.debian.tar.xz
[dgit import tarball 389-ds-base 1.4.4.4-1 389-ds-base_1.4.4.4-1.debian.tar.xz]
Timo Aaltonen [Tue, 2 Jun 2020 08:33:44 +0000 (09:33 +0100)]
Merge 389-ds-base (1.4.4.3-1) import into refs/heads/workingbranch
Debian FreeIPA Team [Tue, 2 Jun 2020 08:33:44 +0000 (09:33 +0100)]
drop-old-man
Gbp-Pq: Name drop-old-man.diff
William Brown [Thu, 18 Jan 2018 01:27:58 +0000 (11:27 +1000)]
[PATCH] Ticket bz1525628 - invalid password migration causes unauth bind
Bug Description: Slapi_ct_memcmp expects both inputs to be
at LEAST size n. If they are not, we only compared UP to n.
Invalid migrations of passwords (IE {CRYPT}XX) would create
a pw which is just salt and no hash. ct_memcmp would then
only verify the salt bits and would allow the authentication.
This relies on an administrative mistake both of allowing
password migration (nsslapd-allow-hashed-passwords) and then
subsequently migrating an INVALID password to the server.
Fix Description: slapi_ct_memcmp now access n1, n2 size
and will FAIL if they are not the same, but will still compare
n bytes, where n is the "longest" memory, to the first byte
of the other to prevent length disclosure of the shorter
value (generally the mis-migrated password)
https://bugzilla.redhat.com/show_bug.cgi?id=
1525628
Author: wibrown
Review by: ???
Gbp-Pq: Name CVE-2017-15135.patch
Timo Aaltonen [Tue, 2 Jun 2020 08:33:44 +0000 (09:33 +0100)]
Fix the path to systemctl binary
Gbp-Pq: Name fix-systemctl-path.diff
Debian FreeIPA Team [Tue, 2 Jun 2020 08:33:44 +0000 (09:33 +0100)]
fix-saslpath
Gbp-Pq: Name fix-saslpath.diff
Timo Aaltonen [Tue, 2 Jun 2020 08:33:44 +0000 (09:33 +0100)]
389-ds-base (1.4.4.3-1) unstable; urgency=medium
* New upstream release.
* fix-db-home-dir.diff: Dropped, upstream.
[dgit import unpatched 389-ds-base 1.4.4.3-1]
Timo Aaltonen [Tue, 2 Jun 2020 08:33:44 +0000 (09:33 +0100)]
Import 389-ds-base_1.4.4.3.orig.tar.bz2
[dgit import orig 389-ds-base_1.4.4.3.orig.tar.bz2]
Timo Aaltonen [Tue, 2 Jun 2020 08:33:44 +0000 (09:33 +0100)]
Import 389-ds-base_1.4.4.3-1.debian.tar.xz
[dgit import tarball 389-ds-base 1.4.4.3-1 389-ds-base_1.4.4.3-1.debian.tar.xz]
Timo Aaltonen [Tue, 21 Apr 2020 17:19:06 +0000 (18:19 +0100)]
Merge 389-ds-base (1.4.3.6-2) import into refs/heads/workingbranch
Debian FreeIPA Team [Tue, 21 Apr 2020 17:19:06 +0000 (18:19 +0100)]
fix-db-home-dir
Gbp-Pq: Name fix-db-home-dir.diff
Debian FreeIPA Team [Tue, 21 Apr 2020 17:19:06 +0000 (18:19 +0100)]
drop-old-man
Gbp-Pq: Name drop-old-man.diff
William Brown [Thu, 18 Jan 2018 01:27:58 +0000 (11:27 +1000)]
[PATCH] Ticket bz1525628 - invalid password migration causes unauth bind
Bug Description: Slapi_ct_memcmp expects both inputs to be
at LEAST size n. If they are not, we only compared UP to n.
Invalid migrations of passwords (IE {CRYPT}XX) would create
a pw which is just salt and no hash. ct_memcmp would then
only verify the salt bits and would allow the authentication.
This relies on an administrative mistake both of allowing
password migration (nsslapd-allow-hashed-passwords) and then
subsequently migrating an INVALID password to the server.
Fix Description: slapi_ct_memcmp now access n1, n2 size
and will FAIL if they are not the same, but will still compare
n bytes, where n is the "longest" memory, to the first byte
of the other to prevent length disclosure of the shorter
value (generally the mis-migrated password)
https://bugzilla.redhat.com/show_bug.cgi?id=
1525628
Author: wibrown
Review by: ???
Gbp-Pq: Name CVE-2017-15135.patch
projects / 389-ds-base.git / log