summary |
shortlog | log |
commit |
commitdiff |
tree
first ⋅ prev ⋅ next
Timo Aaltonen [Tue, 12 Feb 2019 14:28:15 +0000 (14:28 +0000)]
Merge 389-ds-base (1.4.0.21-1) import into refs/heads/workingbranch
Debian FreeIPA Team [Tue, 12 Feb 2019 14:28:15 +0000 (14:28 +0000)]
fix-nss-path
Gbp-Pq: Name fix-nss-path.diff
Debian FreeIPA Team [Tue, 12 Feb 2019 14:28:15 +0000 (14:28 +0000)]
icu_pkg-config
Gbp-Pq: Name icu_pkg-config.patch
Debian FreeIPA Team [Tue, 12 Feb 2019 14:28:15 +0000 (14:28 +0000)]
perl-use-move-instead-of-rename
Gbp-Pq: Name perl-use-move-instead-of-rename.diff
William Brown [Thu, 18 Jan 2018 01:27:58 +0000 (11:27 +1000)]
Ticket bz1525628 - invalid password migration causes unauth bind
Bug Description: Slapi_ct_memcmp expects both inputs to be
at LEAST size n. If they are not, we only compared UP to n.
Invalid migrations of passwords (IE {CRYPT}XX) would create
a pw which is just salt and no hash. ct_memcmp would then
only verify the salt bits and would allow the authentication.
This relies on an administrative mistake both of allowing
password migration (nsslapd-allow-hashed-passwords) and then
subsequently migrating an INVALID password to the server.
Fix Description: slapi_ct_memcmp now access n1, n2 size
and will FAIL if they are not the same, but will still compare
n bytes, where n is the "longest" memory, to the first byte
of the other to prevent length disclosure of the shorter
value (generally the mis-migrated password)
https://bugzilla.redhat.com/show_bug.cgi?id=
1525628
Author: wibrown
Review by: ???
Gbp-Pq: Name CVE-2017-15135.patch
Debian FreeIPA Team [Tue, 12 Feb 2019 14:28:15 +0000 (14:28 +0000)]
fix-systemctl-path
Gbp-Pq: Name fix-systemctl-path.diff
Debian FreeIPA Team [Tue, 12 Feb 2019 14:28:15 +0000 (14:28 +0000)]
fix-saslpath
Gbp-Pq: Name fix-saslpath.diff
Debian FreeIPA Team [Tue, 12 Feb 2019 14:28:15 +0000 (14:28 +0000)]
fix-obsolete-target
Gbp-Pq: Name fix-obsolete-target.diff
Debian FreeIPA Team [Tue, 12 Feb 2019 14:28:15 +0000 (14:28 +0000)]
rename-online-scripts
Gbp-Pq: Name rename-online-scripts.diff
Debian FreeIPA Team [Tue, 12 Feb 2019 14:28:15 +0000 (14:28 +0000)]
use-bash-instead-of-sh
Gbp-Pq: Name use-bash-instead-of-sh.diff
Timo Aaltonen [Tue, 12 Feb 2019 14:28:15 +0000 (14:28 +0000)]
389-ds-base (1.4.0.21-1) unstable; urgency=medium
* New upstream release.
* Run offline upgrade only when upgrading from versions below 1.4.0.9,
ns-slapd itself handles upgrades in newer versions.
* rules: Actually install the minified javascript files. (Closes:
#913820)
[dgit import unpatched 389-ds-base 1.4.0.21-1]
Timo Aaltonen [Tue, 12 Feb 2019 14:28:15 +0000 (14:28 +0000)]
Import 389-ds-base_1.4.0.21.orig.tar.bz2
[dgit import orig 389-ds-base_1.4.0.21.orig.tar.bz2]
Timo Aaltonen [Tue, 12 Feb 2019 14:28:15 +0000 (14:28 +0000)]
Import 389-ds-base_1.4.0.21-1.debian.tar.xz
[dgit import tarball 389-ds-base 1.4.0.21-1 389-ds-base_1.4.0.21-1.debian.tar.xz]
Timo Aaltonen [Wed, 16 Jan 2019 09:30:51 +0000 (09:30 +0000)]
Merge 389-ds-base (1.4.0.20-3) import into refs/heads/workingbranch
Debian FreeIPA Team [Wed, 16 Jan 2019 09:30:51 +0000 (09:30 +0000)]
fix-nss-path
Gbp-Pq: Name fix-nss-path.diff
Debian FreeIPA Team [Wed, 16 Jan 2019 09:30:51 +0000 (09:30 +0000)]
icu_pkg-config
Gbp-Pq: Name icu_pkg-config.patch
Debian FreeIPA Team [Wed, 16 Jan 2019 09:30:51 +0000 (09:30 +0000)]
perl-use-move-instead-of-rename
Gbp-Pq: Name perl-use-move-instead-of-rename.diff
William Brown [Thu, 18 Jan 2018 01:27:58 +0000 (11:27 +1000)]
Ticket bz1525628 - invalid password migration causes unauth bind
Bug Description: Slapi_ct_memcmp expects both inputs to be
at LEAST size n. If they are not, we only compared UP to n.
Invalid migrations of passwords (IE {CRYPT}XX) would create
a pw which is just salt and no hash. ct_memcmp would then
only verify the salt bits and would allow the authentication.
This relies on an administrative mistake both of allowing
password migration (nsslapd-allow-hashed-passwords) and then
subsequently migrating an INVALID password to the server.
Fix Description: slapi_ct_memcmp now access n1, n2 size
and will FAIL if they are not the same, but will still compare
n bytes, where n is the "longest" memory, to the first byte
of the other to prevent length disclosure of the shorter
value (generally the mis-migrated password)
https://bugzilla.redhat.com/show_bug.cgi?id=
1525628
Author: wibrown
Review by: ???
Gbp-Pq: Name CVE-2017-15135.patch
Debian FreeIPA Team [Wed, 16 Jan 2019 09:30:51 +0000 (09:30 +0000)]
fix-systemctl-path
Gbp-Pq: Name fix-systemctl-path.diff
Debian FreeIPA Team [Wed, 16 Jan 2019 09:30:51 +0000 (09:30 +0000)]
fix-saslpath
Gbp-Pq: Name fix-saslpath.diff
Debian FreeIPA Team [Wed, 16 Jan 2019 09:30:51 +0000 (09:30 +0000)]
fix-obsolete-target
Gbp-Pq: Name fix-obsolete-target.diff
Debian FreeIPA Team [Wed, 16 Jan 2019 09:30:51 +0000 (09:30 +0000)]
rename-online-scripts
Gbp-Pq: Name rename-online-scripts.diff
Debian FreeIPA Team [Wed, 16 Jan 2019 09:30:51 +0000 (09:30 +0000)]
use-bash-instead-of-sh
Gbp-Pq: Name use-bash-instead-of-sh.diff
Timo Aaltonen [Wed, 16 Jan 2019 09:30:51 +0000 (09:30 +0000)]
389-ds-base (1.4.0.20-3) unstable; urgency=medium
* control: 389-ds-base should depend on the legacy tools for now.
(Closes: #919420)
[dgit import unpatched 389-ds-base 1.4.0.20-3]
Timo Aaltonen [Wed, 16 Jan 2019 09:30:51 +0000 (09:30 +0000)]
Import 389-ds-base_1.4.0.20-3.debian.tar.xz
[dgit import tarball 389-ds-base 1.4.0.20-3 389-ds-base_1.4.0.20-3.debian.tar.xz]
Timo Aaltonen [Sun, 13 Jan 2019 19:13:22 +0000 (19:13 +0000)]
Import 389-ds-base_1.4.0.20.orig.tar.bz2
[dgit import orig 389-ds-base_1.4.0.20.orig.tar.bz2]
Timo Aaltonen [Wed, 2 Jan 2019 10:43:23 +0000 (10:43 +0000)]
Merge 389-ds-base (1.4.0.19-3) import into refs/heads/workingbranch
Debian FreeIPA Team [Wed, 2 Jan 2019 10:43:23 +0000 (10:43 +0000)]
icu_pkg-config
Gbp-Pq: Name icu_pkg-config.patch
Debian FreeIPA Team [Wed, 2 Jan 2019 10:43:23 +0000 (10:43 +0000)]
perl-use-move-instead-of-rename
Gbp-Pq: Name perl-use-move-instead-of-rename.diff
Debian FreeIPA Team [Wed, 2 Jan 2019 10:43:23 +0000 (10:43 +0000)]
dont-build-new-manpages
Gbp-Pq: Name dont-build-new-manpages.diff
William Brown [Thu, 18 Jan 2018 01:27:58 +0000 (11:27 +1000)]
Ticket bz1525628 - invalid password migration causes unauth bind
Bug Description: Slapi_ct_memcmp expects both inputs to be
at LEAST size n. If they are not, we only compared UP to n.
Invalid migrations of passwords (IE {CRYPT}XX) would create
a pw which is just salt and no hash. ct_memcmp would then
only verify the salt bits and would allow the authentication.
This relies on an administrative mistake both of allowing
password migration (nsslapd-allow-hashed-passwords) and then
subsequently migrating an INVALID password to the server.
Fix Description: slapi_ct_memcmp now access n1, n2 size
and will FAIL if they are not the same, but will still compare
n bytes, where n is the "longest" memory, to the first byte
of the other to prevent length disclosure of the shorter
value (generally the mis-migrated password)
https://bugzilla.redhat.com/show_bug.cgi?id=
1525628
Author: wibrown
Review by: ???
Gbp-Pq: Name CVE-2017-15135.patch
Debian FreeIPA Team [Wed, 2 Jan 2019 10:43:23 +0000 (10:43 +0000)]
fix-systemctl-path
Gbp-Pq: Name fix-systemctl-path.diff
Debian FreeIPA Team [Wed, 2 Jan 2019 10:43:23 +0000 (10:43 +0000)]
fix-saslpath
Gbp-Pq: Name fix-saslpath.diff
Debian FreeIPA Team [Wed, 2 Jan 2019 10:43:23 +0000 (10:43 +0000)]
fix-obsolete-target
Gbp-Pq: Name fix-obsolete-target.diff
Debian FreeIPA Team [Wed, 2 Jan 2019 10:43:23 +0000 (10:43 +0000)]
rename-online-scripts
Gbp-Pq: Name rename-online-scripts.diff
Debian FreeIPA Team [Wed, 2 Jan 2019 10:43:23 +0000 (10:43 +0000)]
use-bash-instead-of-sh
Gbp-Pq: Name use-bash-instead-of-sh.diff
Timo Aaltonen [Wed, 2 Jan 2019 10:43:23 +0000 (10:43 +0000)]
389-ds-base (1.4.0.19-3) unstable; urgency=medium
[ Jelmer Vernooij ]
* Use secure copyright file specification URI.
* Trim trailing whitespace.
* Use secure URI in Vcs control header.
[ Hugh McMaster ]
* control: Mark 389-ds-base-libs{,-dev} M-A: same, cockpit-389-ds M-A:
foreign and arch:all. (Closes: #916118)
* Use pkg-config to detect icu. (Closes: #916115)
[dgit import unpatched 389-ds-base 1.4.0.19-3]
Timo Aaltonen [Wed, 2 Jan 2019 10:43:23 +0000 (10:43 +0000)]
Import 389-ds-base_1.4.0.19-3.debian.tar.xz
[dgit import tarball 389-ds-base 1.4.0.19-3 389-ds-base_1.4.0.19-3.debian.tar.xz]
Timo Aaltonen [Wed, 5 Dec 2018 23:06:37 +0000 (23:06 +0000)]
Merge 389-ds-base (1.4.0.19-2) import into refs/heads/workingbranch
Debian FreeIPA Team [Wed, 5 Dec 2018 23:06:37 +0000 (23:06 +0000)]
perl-use-move-instead-of-rename
Gbp-Pq: Name perl-use-move-instead-of-rename.diff
Debian FreeIPA Team [Wed, 5 Dec 2018 23:06:37 +0000 (23:06 +0000)]
dont-build-new-manpages
Gbp-Pq: Name dont-build-new-manpages.diff
William Brown [Thu, 18 Jan 2018 01:27:58 +0000 (11:27 +1000)]
Ticket bz1525628 - invalid password migration causes unauth bind
Bug Description: Slapi_ct_memcmp expects both inputs to be
at LEAST size n. If they are not, we only compared UP to n.
Invalid migrations of passwords (IE {CRYPT}XX) would create
a pw which is just salt and no hash. ct_memcmp would then
only verify the salt bits and would allow the authentication.
This relies on an administrative mistake both of allowing
password migration (nsslapd-allow-hashed-passwords) and then
subsequently migrating an INVALID password to the server.
Fix Description: slapi_ct_memcmp now access n1, n2 size
and will FAIL if they are not the same, but will still compare
n bytes, where n is the "longest" memory, to the first byte
of the other to prevent length disclosure of the shorter
value (generally the mis-migrated password)
https://bugzilla.redhat.com/show_bug.cgi?id=
1525628
Author: wibrown
Review by: ???
Gbp-Pq: Name CVE-2017-15135.patch
Debian FreeIPA Team [Wed, 5 Dec 2018 23:06:37 +0000 (23:06 +0000)]
fix-systemctl-path
Gbp-Pq: Name fix-systemctl-path.diff
Debian FreeIPA Team [Wed, 5 Dec 2018 23:06:37 +0000 (23:06 +0000)]
fix-saslpath
Gbp-Pq: Name fix-saslpath.diff
Debian FreeIPA Team [Wed, 5 Dec 2018 23:06:37 +0000 (23:06 +0000)]
fix-obsolete-target
Gbp-Pq: Name fix-obsolete-target.diff
Debian FreeIPA Team [Wed, 5 Dec 2018 23:06:37 +0000 (23:06 +0000)]
rename-online-scripts
Gbp-Pq: Name rename-online-scripts.diff
Debian FreeIPA Team [Wed, 5 Dec 2018 23:06:37 +0000 (23:06 +0000)]
use-bash-instead-of-sh
Gbp-Pq: Name use-bash-instead-of-sh.diff
Timo Aaltonen [Wed, 5 Dec 2018 23:06:37 +0000 (23:06 +0000)]
389-ds-base (1.4.0.19-2) unstable; urgency=medium
* rules: Add -latomic to LDFLAGS on archs failing to build. (Closes:
#910982)
[dgit import unpatched 389-ds-base 1.4.0.19-2]
Timo Aaltonen [Wed, 5 Dec 2018 23:06:37 +0000 (23:06 +0000)]
Import 389-ds-base_1.4.0.19-2.debian.tar.xz
[dgit import tarball 389-ds-base 1.4.0.19-2 389-ds-base_1.4.0.19-2.debian.tar.xz]
Timo Aaltonen [Mon, 3 Dec 2018 13:56:40 +0000 (13:56 +0000)]
Import 389-ds-base_1.4.0.19.orig.tar.bz2
[dgit import orig 389-ds-base_1.4.0.19.orig.tar.bz2]
Debian 389ds Team [Wed, 10 May 2017 06:25:03 +0000 (07:25 +0100)]
fix-upstream-49245
Gbp-Pq: Name fix-upstream-49245.diff
Debian 389ds Team [Wed, 10 May 2017 06:25:03 +0000 (07:25 +0100)]
fix-48986-cve-2017-2591
commit
ffda694dd622b31277da07be76d3469fad86150f
Author: William Brown <william@blackhats.net.au>
Date: Wed Sep 28 10:46:21 2016 +1000
Ticket 48986 - 47808 triggers overflow in uiduniq.c
Bug Description: Certain configurations of uiduniq.c would cause an overflow
when running with Address Sanitiser
Fix Description: Increase the size of the allocation to tmp_config->attrs.
https://fedorahosted.org/389/ticket/48986
Author: nhosoi
Reviewed by: wibrown
Gbp-Pq: Name fix-48986-cve-2017-2591.diff
Debian 389ds Team [Wed, 10 May 2017 06:25:03 +0000 (07:25 +0100)]
fix-systemctl-path
Gbp-Pq: Name fix-systemctl-path.diff
Debian 389ds Team [Wed, 10 May 2017 06:25:03 +0000 (07:25 +0100)]
reproducible-build
Gbp-Pq: Name reproducible-build.diff
Debian 389ds Team [Wed, 10 May 2017 06:25:03 +0000 (07:25 +0100)]
fix-saslpath
Gbp-Pq: Name fix-saslpath.diff
Debian 389ds Team [Wed, 10 May 2017 06:25:03 +0000 (07:25 +0100)]
fix-obsolete-target
Gbp-Pq: Name fix-obsolete-target.diff
Debian 389ds Team [Wed, 10 May 2017 06:25:03 +0000 (07:25 +0100)]
support-kfreebsd
Gbp-Pq: Name support-kfreebsd.patch
Debian 389ds Team [Wed, 10 May 2017 06:25:03 +0000 (07:25 +0100)]
fix-bsd
Gbp-Pq: Name fix-bsd.patch
Debian 389ds Team [Wed, 10 May 2017 06:25:03 +0000 (07:25 +0100)]
ftbs_lsoftotkn3
Gbp-Pq: Name ftbs_lsoftotkn3.diff
Debian 389ds Team [Wed, 10 May 2017 06:25:03 +0000 (07:25 +0100)]
rename-online-scripts
Gbp-Pq: Name rename-online-scripts.diff
Debian 389ds Team [Wed, 10 May 2017 06:25:03 +0000 (07:25 +0100)]
use-bash-instead-of-sh
Gbp-Pq: Name use-bash-instead-of-sh.diff
Timo Aaltonen [Wed, 10 May 2017 06:25:03 +0000 (07:25 +0100)]
389-ds-base (1.3.5.17-2) unstable; urgency=medium
* fix-upstream-49245.diff: Pull commits from upstream 1.3.5.x, which
remove rest of the asm code. (Closes: #862194)
[dgit import unpatched 389-ds-base 1.3.5.17-2]
Timo Aaltonen [Wed, 10 May 2017 06:25:03 +0000 (07:25 +0100)]
Import 389-ds-base_1.3.5.17-2.debian.tar.xz
[dgit import tarball 389-ds-base 1.3.5.17-2 389-ds-base_1.3.5.17-2.debian.tar.xz]
Timo Aaltonen [Tue, 9 May 2017 08:06:14 +0000 (09:06 +0100)]
Import 389-ds-base_1.3.5.17.orig.tar.bz2
[dgit import orig 389-ds-base_1.3.5.17.orig.tar.bz2]
projects / 389-ds-base.git / log