Raspbian automatic forward porter [Fri, 24 Apr 2020 21:25:12 +0000 (22:25 +0100)]
Merge version 1.4.3.4-1+rpi1 and 1.4.3.6-2 to produce 1.4.3.6-2+rpi1
Timo Aaltonen [Tue, 21 Apr 2020 17:19:06 +0000 (18:19 +0100)]
Merge 389-ds-base (1.4.3.6-2) import into refs/heads/workingbranch
Debian FreeIPA Team [Tue, 21 Apr 2020 17:19:06 +0000 (18:19 +0100)]
fix-db-home-dir
Gbp-Pq: Name fix-db-home-dir.diff
Debian FreeIPA Team [Tue, 21 Apr 2020 17:19:06 +0000 (18:19 +0100)]
drop-old-man
Gbp-Pq: Name drop-old-man.diff
William Brown [Thu, 18 Jan 2018 01:27:58 +0000 (11:27 +1000)]
[PATCH] Ticket bz1525628 - invalid password migration causes unauth bind
Bug Description: Slapi_ct_memcmp expects both inputs to be
at LEAST size n. If they are not, we only compared UP to n.
Invalid migrations of passwords (IE {CRYPT}XX) would create
a pw which is just salt and no hash. ct_memcmp would then
only verify the salt bits and would allow the authentication.
This relies on an administrative mistake both of allowing
password migration (nsslapd-allow-hashed-passwords) and then
subsequently migrating an INVALID password to the server.
Fix Description: slapi_ct_memcmp now access n1, n2 size
and will FAIL if they are not the same, but will still compare
n bytes, where n is the "longest" memory, to the first byte
of the other to prevent length disclosure of the shorter
value (generally the mis-migrated password)
https://bugzilla.redhat.com/show_bug.cgi?id=
1525628
Author: wibrown
Review by: ???
Gbp-Pq: Name CVE-2017-15135.patch
Timo Aaltonen [Tue, 21 Apr 2020 17:19:06 +0000 (18:19 +0100)]
Fix the path to systemctl binary
Gbp-Pq: Name fix-systemctl-path.diff
Debian FreeIPA Team [Tue, 21 Apr 2020 17:19:06 +0000 (18:19 +0100)]
fix-saslpath
Gbp-Pq: Name fix-saslpath.diff
Timo Aaltonen [Tue, 21 Apr 2020 17:19:06 +0000 (18:19 +0100)]
389-ds-base (1.4.3.6-2) unstable; urgency=medium
* fix-db-home-dir.diff: Set db_home_dir same as db_dir to fix an issue
starting a newly created instance.
[dgit import unpatched 389-ds-base 1.4.3.6-2]
Timo Aaltonen [Tue, 21 Apr 2020 17:19:06 +0000 (18:19 +0100)]
Import 389-ds-base_1.4.3.6-2.debian.tar.xz
[dgit import tarball 389-ds-base 1.4.3.6-2 389-ds-base_1.4.3.6-2.debian.tar.xz]
Timo Aaltonen [Mon, 20 Apr 2020 12:01:35 +0000 (13:01 +0100)]
Import 389-ds-base_1.4.3.6.orig.tar.bz2
[dgit import orig 389-ds-base_1.4.3.6.orig.tar.bz2]
Raspbian automatic forward porter [Fri, 20 Mar 2020 21:07:47 +0000 (21:07 +0000)]
Merge version 1.4.3.2-1+rpi1 and 1.4.3.4-1 to produce 1.4.3.4-1+rpi1
Timo Aaltonen [Wed, 18 Mar 2020 06:47:32 +0000 (06:47 +0000)]
Merge 389-ds-base (1.4.3.4-1) import into refs/heads/workingbranch
Debian FreeIPA Team [Wed, 18 Mar 2020 06:47:32 +0000 (06:47 +0000)]
drop-old-man
Gbp-Pq: Name drop-old-man.diff
William Brown [Thu, 18 Jan 2018 01:27:58 +0000 (11:27 +1000)]
[PATCH] Ticket bz1525628 - invalid password migration causes unauth bind
Bug Description: Slapi_ct_memcmp expects both inputs to be
at LEAST size n. If they are not, we only compared UP to n.
Invalid migrations of passwords (IE {CRYPT}XX) would create
a pw which is just salt and no hash. ct_memcmp would then
only verify the salt bits and would allow the authentication.
This relies on an administrative mistake both of allowing
password migration (nsslapd-allow-hashed-passwords) and then
subsequently migrating an INVALID password to the server.
Fix Description: slapi_ct_memcmp now access n1, n2 size
and will FAIL if they are not the same, but will still compare
n bytes, where n is the "longest" memory, to the first byte
of the other to prevent length disclosure of the shorter
value (generally the mis-migrated password)
https://bugzilla.redhat.com/show_bug.cgi?id=
1525628
Author: wibrown
Review by: ???
Gbp-Pq: Name CVE-2017-15135.patch
Timo Aaltonen [Wed, 18 Mar 2020 06:47:32 +0000 (06:47 +0000)]
Fix the path to systemctl binary
Gbp-Pq: Name fix-systemctl-path.diff
Debian FreeIPA Team [Wed, 18 Mar 2020 06:47:32 +0000 (06:47 +0000)]
fix-saslpath
Gbp-Pq: Name fix-saslpath.diff
Timo Aaltonen [Wed, 18 Mar 2020 06:47:32 +0000 (06:47 +0000)]
389-ds-base (1.4.3.4-1) unstable; urgency=medium
* New upstream release.
* Add debian/gitlab-ci.yml.
- allow blhc to fail
* control: Bump policy to 4.5.0.
* control: Use https url for upstream.
* control: Use canonical URL in Vcs-Browser.
* copyright: Use spaces rather than tabs to start continuation lines.
* Add lintian-overrides for the source, cockpit index.js has long lines.
[dgit import unpatched 389-ds-base 1.4.3.4-1]
Timo Aaltonen [Wed, 18 Mar 2020 06:47:32 +0000 (06:47 +0000)]
Import 389-ds-base_1.4.3.4.orig.tar.bz2
[dgit import orig 389-ds-base_1.4.3.4.orig.tar.bz2]
Timo Aaltonen [Wed, 18 Mar 2020 06:47:32 +0000 (06:47 +0000)]
Import 389-ds-base_1.4.3.4-1.debian.tar.xz
[dgit import tarball 389-ds-base 1.4.3.4-1 389-ds-base_1.4.3.4-1.debian.tar.xz]
Raspbian automatic forward porter [Tue, 18 Feb 2020 10:54:09 +0000 (10:54 +0000)]
Merge version 1.4.2.4-1+rpi1 and 1.4.3.2-1 to produce 1.4.3.2-1+rpi1
Timo Aaltonen [Wed, 12 Feb 2020 17:39:22 +0000 (17:39 +0000)]
Merge 389-ds-base (1.4.3.2-1) import into refs/heads/workingbranch
Debian FreeIPA Team [Wed, 12 Feb 2020 17:39:22 +0000 (17:39 +0000)]
drop-old-man
Gbp-Pq: Name drop-old-man.diff
William Brown [Thu, 18 Jan 2018 01:27:58 +0000 (11:27 +1000)]
[PATCH] Ticket bz1525628 - invalid password migration causes unauth bind
Bug Description: Slapi_ct_memcmp expects both inputs to be
at LEAST size n. If they are not, we only compared UP to n.
Invalid migrations of passwords (IE {CRYPT}XX) would create
a pw which is just salt and no hash. ct_memcmp would then
only verify the salt bits and would allow the authentication.
This relies on an administrative mistake both of allowing
password migration (nsslapd-allow-hashed-passwords) and then
subsequently migrating an INVALID password to the server.
Fix Description: slapi_ct_memcmp now access n1, n2 size
and will FAIL if they are not the same, but will still compare
n bytes, where n is the "longest" memory, to the first byte
of the other to prevent length disclosure of the shorter
value (generally the mis-migrated password)
https://bugzilla.redhat.com/show_bug.cgi?id=
1525628
Author: wibrown
Review by: ???
Gbp-Pq: Name CVE-2017-15135.patch
Timo Aaltonen [Wed, 12 Feb 2020 17:39:22 +0000 (17:39 +0000)]
Fix the path to systemctl binary
Gbp-Pq: Name fix-systemctl-path.diff
Debian FreeIPA Team [Wed, 12 Feb 2020 17:39:22 +0000 (17:39 +0000)]
fix-saslpath
Gbp-Pq: Name fix-saslpath.diff
Timo Aaltonen [Wed, 12 Feb 2020 17:39:22 +0000 (17:39 +0000)]
389-ds-base (1.4.3.2-1) unstable; urgency=medium
* New upstream release.
* prerm: Fix slapd install path. (Closes: #945583)
* install: Updated.
* control: Use debhelper-compat.
[dgit import unpatched 389-ds-base 1.4.3.2-1]
Timo Aaltonen [Wed, 12 Feb 2020 17:39:22 +0000 (17:39 +0000)]
Import 389-ds-base_1.4.3.2.orig.tar.bz2
[dgit import orig 389-ds-base_1.4.3.2.orig.tar.bz2]
Timo Aaltonen [Wed, 12 Feb 2020 17:39:22 +0000 (17:39 +0000)]
Import 389-ds-base_1.4.3.2-1.debian.tar.xz
[dgit import tarball 389-ds-base 1.4.3.2-1 389-ds-base_1.4.3.2-1.debian.tar.xz]
Raspbian automatic forward porter [Sat, 30 Nov 2019 14:27:57 +0000 (14:27 +0000)]
Merge version 1.4.1.6-4+rpi1 and 1.4.2.4-1 to produce 1.4.2.4-1+rpi1
Timo Aaltonen [Tue, 26 Nov 2019 22:00:59 +0000 (22:00 +0000)]
Merge 389-ds-base (1.4.2.4-1) import into refs/heads/workingbranch
Debian FreeIPA Team [Tue, 26 Nov 2019 22:00:59 +0000 (22:00 +0000)]
drop-old-man
Gbp-Pq: Name drop-old-man.diff
William Brown [Thu, 18 Jan 2018 01:27:58 +0000 (11:27 +1000)]
Ticket bz1525628 - invalid password migration causes unauth bind
Bug Description: Slapi_ct_memcmp expects both inputs to be
at LEAST size n. If they are not, we only compared UP to n.
Invalid migrations of passwords (IE {CRYPT}XX) would create
a pw which is just salt and no hash. ct_memcmp would then
only verify the salt bits and would allow the authentication.
This relies on an administrative mistake both of allowing
password migration (nsslapd-allow-hashed-passwords) and then
subsequently migrating an INVALID password to the server.
Fix Description: slapi_ct_memcmp now access n1, n2 size
and will FAIL if they are not the same, but will still compare
n bytes, where n is the "longest" memory, to the first byte
of the other to prevent length disclosure of the shorter
value (generally the mis-migrated password)
https://bugzilla.redhat.com/show_bug.cgi?id=
1525628
Author: wibrown
Review by: ???
Gbp-Pq: Name CVE-2017-15135.patch
Debian FreeIPA Team [Tue, 26 Nov 2019 22:00:59 +0000 (22:00 +0000)]
fix-systemctl-path
Gbp-Pq: Name fix-systemctl-path.diff
Debian FreeIPA Team [Tue, 26 Nov 2019 22:00:59 +0000 (22:00 +0000)]
fix-saslpath
Gbp-Pq: Name fix-saslpath.diff
Timo Aaltonen [Tue, 26 Nov 2019 22:00:59 +0000 (22:00 +0000)]
389-ds-base (1.4.2.4-1) unstable; urgency=medium
* New upstream release.
- CVE-2019-14824 deref plugin displays restricted attributes
(Closes: #944150)
* fix-obsolete-target.diff: Dropped, obsolete
drop-old-man.diff: Refreshed
* control: Add python3-packaging to build-depends and python3-lib389 depends.
* dev,libs.install: Nunc-stans got dropped.
* source/local-options: Add some files to diff-ignore.
* rules: Refresh list of files to purge.
* rules: Update dh_auto_clean override.
[dgit import unpatched 389-ds-base 1.4.2.4-1]
Timo Aaltonen [Tue, 26 Nov 2019 22:00:59 +0000 (22:00 +0000)]
Import 389-ds-base_1.4.2.4.orig.tar.bz2
[dgit import orig 389-ds-base_1.4.2.4.orig.tar.bz2]
Timo Aaltonen [Tue, 26 Nov 2019 22:00:59 +0000 (22:00 +0000)]
Import 389-ds-base_1.4.2.4-1.debian.tar.xz
[dgit import tarball 389-ds-base 1.4.2.4-1 389-ds-base_1.4.2.4-1.debian.tar.xz]
Raspbian automatic forward porter [Fri, 27 Sep 2019 22:11:58 +0000 (23:11 +0100)]
Merge version 1.4.1.5-1+rpi1 and 1.4.1.6-4 to produce 1.4.1.6-4+rpi1
Timo Aaltonen [Mon, 16 Sep 2019 22:37:39 +0000 (23:37 +0100)]
Merge 389-ds-base (1.4.1.6-4) import into refs/heads/workingbranch
Debian FreeIPA Team [Mon, 16 Sep 2019 22:37:39 +0000 (23:37 +0100)]
drop-old-man
Gbp-Pq: Name drop-old-man.diff
William Brown [Thu, 18 Jan 2018 01:27:58 +0000 (11:27 +1000)]
Ticket bz1525628 - invalid password migration causes unauth bind
Bug Description: Slapi_ct_memcmp expects both inputs to be
at LEAST size n. If they are not, we only compared UP to n.
Invalid migrations of passwords (IE {CRYPT}XX) would create
a pw which is just salt and no hash. ct_memcmp would then
only verify the salt bits and would allow the authentication.
This relies on an administrative mistake both of allowing
password migration (nsslapd-allow-hashed-passwords) and then
subsequently migrating an INVALID password to the server.
Fix Description: slapi_ct_memcmp now access n1, n2 size
and will FAIL if they are not the same, but will still compare
n bytes, where n is the "longest" memory, to the first byte
of the other to prevent length disclosure of the shorter
value (generally the mis-migrated password)
https://bugzilla.redhat.com/show_bug.cgi?id=
1525628
Author: wibrown
Review by: ???
Gbp-Pq: Name CVE-2017-15135.patch
Debian FreeIPA Team [Mon, 16 Sep 2019 22:37:39 +0000 (23:37 +0100)]
fix-systemctl-path
Gbp-Pq: Name fix-systemctl-path.diff
Debian FreeIPA Team [Mon, 16 Sep 2019 22:37:39 +0000 (23:37 +0100)]
fix-saslpath
Gbp-Pq: Name fix-saslpath.diff
Debian FreeIPA Team [Mon, 16 Sep 2019 22:37:39 +0000 (23:37 +0100)]
fix-obsolete-target
Gbp-Pq: Name fix-obsolete-target.diff
Timo Aaltonen [Mon, 16 Sep 2019 22:37:39 +0000 (23:37 +0100)]
389-ds-base (1.4.1.6-4) unstable; urgency=medium
* tests: Redirect stderr to stdout.
[dgit import unpatched 389-ds-base 1.4.1.6-4]
Timo Aaltonen [Mon, 16 Sep 2019 22:37:39 +0000 (23:37 +0100)]
Import 389-ds-base_1.4.1.6-4.debian.tar.xz
[dgit import tarball 389-ds-base 1.4.1.6-4 389-ds-base_1.4.1.6-4.debian.tar.xz]
Timo Aaltonen [Wed, 11 Sep 2019 14:01:03 +0000 (15:01 +0100)]
Import 389-ds-base_1.4.1.6.orig.tar.bz2
[dgit import orig 389-ds-base_1.4.1.6.orig.tar.bz2]
Raspbian automatic forward porter [Sat, 7 Sep 2019 02:11:31 +0000 (03:11 +0100)]
Merge version 1.4.0.22-1+rpi1 and 1.4.1.5-1 to produce 1.4.1.5-1+rpi1
Raspbian forward porter [Thu, 11 Jul 2019 17:33:27 +0000 (18:33 +0100)]
Merge 389-ds-base (1.4.0.22-1+rpi1) import into refs/heads/workingbranch
Debian FreeIPA Team [Thu, 11 Jul 2019 17:33:27 +0000 (18:33 +0100)]
fix-dsctl-remove
Gbp-Pq: Name fix-dsctl-remove.diff
Debian FreeIPA Team [Thu, 11 Jul 2019 17:33:27 +0000 (18:33 +0100)]
fix-nss-path
Gbp-Pq: Name fix-nss-path.diff
Debian FreeIPA Team [Thu, 11 Jul 2019 17:33:27 +0000 (18:33 +0100)]
icu_pkg-config
Gbp-Pq: Name icu_pkg-config.patch
Debian FreeIPA Team [Thu, 11 Jul 2019 17:33:27 +0000 (18:33 +0100)]
perl-use-move-instead-of-rename
Gbp-Pq: Name perl-use-move-instead-of-rename.diff
William Brown [Thu, 18 Jan 2018 01:27:58 +0000 (11:27 +1000)]
Ticket bz1525628 - invalid password migration causes unauth bind
Bug Description: Slapi_ct_memcmp expects both inputs to be
at LEAST size n. If they are not, we only compared UP to n.
Invalid migrations of passwords (IE {CRYPT}XX) would create
a pw which is just salt and no hash. ct_memcmp would then
only verify the salt bits and would allow the authentication.
This relies on an administrative mistake both of allowing
password migration (nsslapd-allow-hashed-passwords) and then
subsequently migrating an INVALID password to the server.
Fix Description: slapi_ct_memcmp now access n1, n2 size
and will FAIL if they are not the same, but will still compare
n bytes, where n is the "longest" memory, to the first byte
of the other to prevent length disclosure of the shorter
value (generally the mis-migrated password)
https://bugzilla.redhat.com/show_bug.cgi?id=
1525628
Author: wibrown
Review by: ???
Gbp-Pq: Name CVE-2017-15135.patch
Debian FreeIPA Team [Thu, 11 Jul 2019 17:33:27 +0000 (18:33 +0100)]
fix-systemctl-path
Gbp-Pq: Name fix-systemctl-path.diff
Debian FreeIPA Team [Thu, 11 Jul 2019 17:33:27 +0000 (18:33 +0100)]
fix-saslpath
Gbp-Pq: Name fix-saslpath.diff
Debian FreeIPA Team [Thu, 11 Jul 2019 17:33:27 +0000 (18:33 +0100)]
fix-obsolete-target
Gbp-Pq: Name fix-obsolete-target.diff
Debian FreeIPA Team [Thu, 11 Jul 2019 17:33:27 +0000 (18:33 +0100)]
rename-online-scripts
Gbp-Pq: Name rename-online-scripts.diff
Debian FreeIPA Team [Thu, 11 Jul 2019 17:33:27 +0000 (18:33 +0100)]
use-bash-instead-of-sh
Gbp-Pq: Name use-bash-instead-of-sh.diff
Raspbian forward porter [Thu, 11 Jul 2019 17:33:27 +0000 (18:33 +0100)]
389-ds-base (1.4.0.22-1+rpi1) bullseye-staging; urgency=medium
[changes brought forward from 1.4.0.19-2+rpi1 by Peter Michael Green <plugwash@raspbian.org> at Thu, 27 Dec 2018 01:27:25 +0000]
* Add -latomic to LDFLAGS on armhf too.
[dgit import unpatched 389-ds-base 1.4.0.22-1+rpi1]
Raspbian forward porter [Thu, 11 Jul 2019 17:33:27 +0000 (18:33 +0100)]
Import 389-ds-base_1.4.0.22-1+rpi1.debian.tar.xz
[dgit import tarball 389-ds-base 1.4.0.22-1+rpi1 389-ds-base_1.4.0.22-1+rpi1.debian.tar.xz]
Timo Aaltonen [Wed, 10 Jul 2019 07:05:31 +0000 (08:05 +0100)]
Merge 389-ds-base (1.4.1.5-1) import into refs/heads/workingbranch
Debian FreeIPA Team [Wed, 10 Jul 2019 07:05:31 +0000 (08:05 +0100)]
perl-use-move-instead-of-rename
Gbp-Pq: Name perl-use-move-instead-of-rename.diff
William Brown [Thu, 18 Jan 2018 01:27:58 +0000 (11:27 +1000)]
Ticket bz1525628 - invalid password migration causes unauth bind
Bug Description: Slapi_ct_memcmp expects both inputs to be
at LEAST size n. If they are not, we only compared UP to n.
Invalid migrations of passwords (IE {CRYPT}XX) would create
a pw which is just salt and no hash. ct_memcmp would then
only verify the salt bits and would allow the authentication.
This relies on an administrative mistake both of allowing
password migration (nsslapd-allow-hashed-passwords) and then
subsequently migrating an INVALID password to the server.
Fix Description: slapi_ct_memcmp now access n1, n2 size
and will FAIL if they are not the same, but will still compare
n bytes, where n is the "longest" memory, to the first byte
of the other to prevent length disclosure of the shorter
value (generally the mis-migrated password)
https://bugzilla.redhat.com/show_bug.cgi?id=
1525628
Author: wibrown
Review by: ???
Gbp-Pq: Name CVE-2017-15135.patch
Debian FreeIPA Team [Wed, 10 Jul 2019 07:05:31 +0000 (08:05 +0100)]
fix-systemctl-path
Gbp-Pq: Name fix-systemctl-path.diff
Debian FreeIPA Team [Wed, 10 Jul 2019 07:05:31 +0000 (08:05 +0100)]
fix-saslpath
Gbp-Pq: Name fix-saslpath.diff
Debian FreeIPA Team [Wed, 10 Jul 2019 07:05:31 +0000 (08:05 +0100)]
fix-obsolete-target
Gbp-Pq: Name fix-obsolete-target.diff
Debian FreeIPA Team [Wed, 10 Jul 2019 07:05:31 +0000 (08:05 +0100)]
rename-online-scripts
Gbp-Pq: Name rename-online-scripts.diff
Debian FreeIPA Team [Wed, 10 Jul 2019 07:05:31 +0000 (08:05 +0100)]
use-bash-instead-of-sh
Gbp-Pq: Name use-bash-instead-of-sh.diff
Timo Aaltonen [Wed, 10 Jul 2019 07:05:31 +0000 (08:05 +0100)]
389-ds-base (1.4.1.5-1) unstable; urgency=medium
* New upstream release.
* watch: Use https.
* control: Bump policy to 4.4.0.
* Bump debhelper to 12.
* patches: fix-dsctl-remove.diff, fix-nss-path.diff, icu_pkg-config.patch
removed, upstream. Others refreshed.
* rules: Pass --enable-perl, we still need the perl tools.
* *.install: Updated.
[dgit import unpatched 389-ds-base 1.4.1.5-1]
Timo Aaltonen [Wed, 10 Jul 2019 07:05:31 +0000 (08:05 +0100)]
Import 389-ds-base_1.4.1.5.orig.tar.bz2
[dgit import orig 389-ds-base_1.4.1.5.orig.tar.bz2]
Timo Aaltonen [Wed, 10 Jul 2019 07:05:31 +0000 (08:05 +0100)]
Import 389-ds-base_1.4.1.5-1.debian.tar.xz
[dgit import tarball 389-ds-base 1.4.1.5-1 389-ds-base_1.4.1.5-1.debian.tar.xz]
Timo Aaltonen [Fri, 5 Apr 2019 21:32:06 +0000 (22:32 +0100)]
Merge 389-ds-base (1.4.0.22-1) import into refs/heads/workingbranch
Timo Aaltonen [Fri, 5 Apr 2019 21:32:06 +0000 (22:32 +0100)]
Import 389-ds-base_1.4.0.22.orig.tar.bz2
[dgit import orig 389-ds-base_1.4.0.22.orig.tar.bz2]
Debian FreeIPA Team [Fri, 5 Apr 2019 21:32:06 +0000 (22:32 +0100)]
fix-dsctl-remove
Gbp-Pq: Name fix-dsctl-remove.diff
Debian FreeIPA Team [Fri, 5 Apr 2019 21:32:06 +0000 (22:32 +0100)]
fix-nss-path
Gbp-Pq: Name fix-nss-path.diff
Debian FreeIPA Team [Fri, 5 Apr 2019 21:32:06 +0000 (22:32 +0100)]
icu_pkg-config
Gbp-Pq: Name icu_pkg-config.patch
Debian FreeIPA Team [Fri, 5 Apr 2019 21:32:06 +0000 (22:32 +0100)]
perl-use-move-instead-of-rename
Gbp-Pq: Name perl-use-move-instead-of-rename.diff
William Brown [Thu, 18 Jan 2018 01:27:58 +0000 (11:27 +1000)]
Ticket bz1525628 - invalid password migration causes unauth bind
Bug Description: Slapi_ct_memcmp expects both inputs to be
at LEAST size n. If they are not, we only compared UP to n.
Invalid migrations of passwords (IE {CRYPT}XX) would create
a pw which is just salt and no hash. ct_memcmp would then
only verify the salt bits and would allow the authentication.
This relies on an administrative mistake both of allowing
password migration (nsslapd-allow-hashed-passwords) and then
subsequently migrating an INVALID password to the server.
Fix Description: slapi_ct_memcmp now access n1, n2 size
and will FAIL if they are not the same, but will still compare
n bytes, where n is the "longest" memory, to the first byte
of the other to prevent length disclosure of the shorter
value (generally the mis-migrated password)
https://bugzilla.redhat.com/show_bug.cgi?id=
1525628
Author: wibrown
Review by: ???
Gbp-Pq: Name CVE-2017-15135.patch
Debian FreeIPA Team [Fri, 5 Apr 2019 21:32:06 +0000 (22:32 +0100)]
fix-systemctl-path
Gbp-Pq: Name fix-systemctl-path.diff
Debian FreeIPA Team [Fri, 5 Apr 2019 21:32:06 +0000 (22:32 +0100)]
fix-saslpath
Gbp-Pq: Name fix-saslpath.diff
Debian FreeIPA Team [Fri, 5 Apr 2019 21:32:06 +0000 (22:32 +0100)]
fix-obsolete-target
Gbp-Pq: Name fix-obsolete-target.diff
Debian FreeIPA Team [Fri, 5 Apr 2019 21:32:06 +0000 (22:32 +0100)]
rename-online-scripts
Gbp-Pq: Name rename-online-scripts.diff
Debian FreeIPA Team [Fri, 5 Apr 2019 21:32:06 +0000 (22:32 +0100)]
use-bash-instead-of-sh
Gbp-Pq: Name use-bash-instead-of-sh.diff
Timo Aaltonen [Fri, 5 Apr 2019 21:32:06 +0000 (22:32 +0100)]
389-ds-base (1.4.0.22-1) unstable; urgency=medium
* New upstream bugfix release.
* control: Drop 389-ds-base from -legacy-tools Depends. (Closes:
#924265)
* fix-dsctl-remove.diff: Don't hardcode sysconfig. (Closes: #925221)
[dgit import unpatched 389-ds-base 1.4.0.22-1]
Timo Aaltonen [Fri, 5 Apr 2019 21:32:06 +0000 (22:32 +0100)]
Import 389-ds-base_1.4.0.22-1.debian.tar.xz
[dgit import tarball 389-ds-base 1.4.0.22-1 389-ds-base_1.4.0.22-1.debian.tar.xz]
Timo Aaltonen [Tue, 12 Feb 2019 14:28:15 +0000 (14:28 +0000)]
Merge 389-ds-base (1.4.0.21-1) import into refs/heads/workingbranch
Debian FreeIPA Team [Tue, 12 Feb 2019 14:28:15 +0000 (14:28 +0000)]
fix-nss-path
Gbp-Pq: Name fix-nss-path.diff
Debian FreeIPA Team [Tue, 12 Feb 2019 14:28:15 +0000 (14:28 +0000)]
icu_pkg-config
Gbp-Pq: Name icu_pkg-config.patch
Debian FreeIPA Team [Tue, 12 Feb 2019 14:28:15 +0000 (14:28 +0000)]
perl-use-move-instead-of-rename
Gbp-Pq: Name perl-use-move-instead-of-rename.diff
William Brown [Thu, 18 Jan 2018 01:27:58 +0000 (11:27 +1000)]
Ticket bz1525628 - invalid password migration causes unauth bind
Bug Description: Slapi_ct_memcmp expects both inputs to be
at LEAST size n. If they are not, we only compared UP to n.
Invalid migrations of passwords (IE {CRYPT}XX) would create
a pw which is just salt and no hash. ct_memcmp would then
only verify the salt bits and would allow the authentication.
This relies on an administrative mistake both of allowing
password migration (nsslapd-allow-hashed-passwords) and then
subsequently migrating an INVALID password to the server.
Fix Description: slapi_ct_memcmp now access n1, n2 size
and will FAIL if they are not the same, but will still compare
n bytes, where n is the "longest" memory, to the first byte
of the other to prevent length disclosure of the shorter
value (generally the mis-migrated password)
https://bugzilla.redhat.com/show_bug.cgi?id=
1525628
Author: wibrown
Review by: ???
Gbp-Pq: Name CVE-2017-15135.patch
Debian FreeIPA Team [Tue, 12 Feb 2019 14:28:15 +0000 (14:28 +0000)]
fix-systemctl-path
Gbp-Pq: Name fix-systemctl-path.diff
Debian FreeIPA Team [Tue, 12 Feb 2019 14:28:15 +0000 (14:28 +0000)]
fix-saslpath
Gbp-Pq: Name fix-saslpath.diff
Debian FreeIPA Team [Tue, 12 Feb 2019 14:28:15 +0000 (14:28 +0000)]
fix-obsolete-target
Gbp-Pq: Name fix-obsolete-target.diff
Debian FreeIPA Team [Tue, 12 Feb 2019 14:28:15 +0000 (14:28 +0000)]
rename-online-scripts
Gbp-Pq: Name rename-online-scripts.diff
Debian FreeIPA Team [Tue, 12 Feb 2019 14:28:15 +0000 (14:28 +0000)]
use-bash-instead-of-sh
Gbp-Pq: Name use-bash-instead-of-sh.diff
Timo Aaltonen [Tue, 12 Feb 2019 14:28:15 +0000 (14:28 +0000)]
389-ds-base (1.4.0.21-1) unstable; urgency=medium
* New upstream release.
* Run offline upgrade only when upgrading from versions below 1.4.0.9,
ns-slapd itself handles upgrades in newer versions.
* rules: Actually install the minified javascript files. (Closes:
#913820)
[dgit import unpatched 389-ds-base 1.4.0.21-1]
Timo Aaltonen [Tue, 12 Feb 2019 14:28:15 +0000 (14:28 +0000)]
Import 389-ds-base_1.4.0.21.orig.tar.bz2
[dgit import orig 389-ds-base_1.4.0.21.orig.tar.bz2]
Timo Aaltonen [Tue, 12 Feb 2019 14:28:15 +0000 (14:28 +0000)]
Import 389-ds-base_1.4.0.21-1.debian.tar.xz
[dgit import tarball 389-ds-base 1.4.0.21-1 389-ds-base_1.4.0.21-1.debian.tar.xz]
Timo Aaltonen [Wed, 16 Jan 2019 09:30:51 +0000 (09:30 +0000)]
Merge 389-ds-base (1.4.0.20-3) import into refs/heads/workingbranch
projects / 389-ds-base.git / log