Raspbian automatic forward porter [Sat, 6 Jan 2024 19:53:45 +0000 (19:53 +0000)]
Merge version 2.3.1+dfsg1-1+rpi1 and 2.3.4+dfsg1-1.1 to produce 2.3.4+dfsg1-1.1+rpi1
Bo YU [Thu, 28 Dec 2023 07:26:49 +0000 (15:26 +0800)]
Merge 389-ds-base (2.3.4+dfsg1-1.1) import into refs/heads/workingbranch
Peter Michael Green [Thu, 28 Dec 2023 07:26:49 +0000 (15:26 +0800)]
update for base64 0.21
Gbp-Pq: Name base64-0.21.diff
Debian FreeIPA Team [Thu, 28 Dec 2023 07:26:49 +0000 (15:26 +0800)]
allow-newer-crates
Gbp-Pq: Name allow-newer-crates.diff
Debian FreeIPA Team [Thu, 28 Dec 2023 07:26:49 +0000 (15:26 +0800)]
use-packaged-rust-registry
Gbp-Pq: Name use-packaged-rust-registry.diff
Debian FreeIPA Team [Thu, 28 Dec 2023 07:26:49 +0000 (15:26 +0800)]
fix-saslpath
Gbp-Pq: Name fix-saslpath.diff
Bo YU [Thu, 28 Dec 2023 07:26:49 +0000 (15:26 +0800)]
389-ds-base (2.3.4+dfsg1-1.1) unstable; urgency=medium
* Non-maintainer upload.
* Add librust-clap-3-dev on B-D. (Closes: #
1052626)
[dgit import unpatched 389-ds-base 2.3.4+dfsg1-1.1]
Bo YU [Thu, 28 Dec 2023 07:26:49 +0000 (15:26 +0800)]
Import 389-ds-base_2.3.4+dfsg1-1.1.debian.tar.xz
[dgit import tarball 389-ds-base 2.3.4+dfsg1-1.1 389-ds-base_2.3.4+dfsg1-1.1.debian.tar.xz]
Timo Aaltonen [Mon, 19 Jun 2023 16:13:30 +0000 (17:13 +0100)]
Merge 389-ds-base (2.3.4+dfsg1-1) import into refs/heads/workingbranch
Timo Aaltonen [Mon, 19 Jun 2023 16:13:30 +0000 (19:13 +0300)]
Import 389-ds-base_2.3.4+dfsg1.orig.tar.xz
[dgit import orig 389-ds-base_2.3.4+dfsg1.orig.tar.xz]
Peter Michael Green [Mon, 19 Jun 2023 16:13:30 +0000 (17:13 +0100)]
update for base64 0.21
Gbp-Pq: Name base64-0.21.diff
Debian FreeIPA Team [Mon, 19 Jun 2023 16:13:30 +0000 (17:13 +0100)]
allow-newer-crates
Gbp-Pq: Name allow-newer-crates.diff
Debian FreeIPA Team [Mon, 19 Jun 2023 16:13:30 +0000 (17:13 +0100)]
use-packaged-rust-registry
Gbp-Pq: Name use-packaged-rust-registry.diff
Debian FreeIPA Team [Mon, 19 Jun 2023 16:13:30 +0000 (17:13 +0100)]
fix-saslpath
Gbp-Pq: Name fix-saslpath.diff
Timo Aaltonen [Mon, 19 Jun 2023 16:13:30 +0000 (17:13 +0100)]
389-ds-base (2.3.4+dfsg1-1) unstable; urgency=medium
[ Timo Aaltonen ]
* New upstream release.
* patches: Drop upstreamed or obsolete patches.
* control: Add dependency on python3-cryptography.
[ Peter Michael Green ]
* Improve clean target.
* Use ln -fs instead of ln -s to allow resuming build after fixing errors.
* Fix build with base64 0.21. (Closes: #
1037345)
[dgit import unpatched 389-ds-base 2.3.4+dfsg1-1]
Timo Aaltonen [Mon, 19 Jun 2023 16:13:30 +0000 (17:13 +0100)]
Import 389-ds-base_2.3.4+dfsg1.orig.tar.xz
[dgit import orig 389-ds-base_2.3.4+dfsg1.orig.tar.xz]
Timo Aaltonen [Mon, 19 Jun 2023 16:13:30 +0000 (17:13 +0100)]
Import 389-ds-base_2.3.4+dfsg1-1.debian.tar.xz
[dgit import tarball 389-ds-base 2.3.4+dfsg1-1 389-ds-base_2.3.4+dfsg1-1.debian.tar.xz]
Raspbian automatic forward porter [Thu, 26 Jan 2023 03:00:32 +0000 (03:00 +0000)]
Merge version 2.0.15-1.1+rpi1 and 2.3.1+dfsg1-1 to produce 2.3.1+dfsg1-1+rpi1
Timo Aaltonen [Tue, 24 Jan 2023 11:21:19 +0000 (11:21 +0000)]
Merge 389-ds-base (2.3.1+dfsg1-1) import into refs/heads/workingbranch
Debian FreeIPA Team [Tue, 24 Jan 2023 11:21:19 +0000 (11:21 +0000)]
allow-newer-crates
Gbp-Pq: Name allow-newer-crates.diff
Debian FreeIPA Team [Tue, 24 Jan 2023 11:21:19 +0000 (11:21 +0000)]
use-packaged-rust-registry
Gbp-Pq: Name use-packaged-rust-registry.diff
Debian FreeIPA Team [Tue, 24 Jan 2023 11:21:19 +0000 (11:21 +0000)]
dont-run-rpm
Gbp-Pq: Name dont-run-rpm.diff
Viktor Ashirov [Fri, 20 Jan 2023 14:46:53 +0000 (15:46 +0100)]
[PATCH] Issue #5610 - Build failure on Debian
Bug Description:
On Debian libslapd.so is not getting linked with libcrypto.so,
which results in `undefined reference` link errors.
Fix Description:
Move -lssl and -lcrypto for libslapd.so from LDFLAGS to LIBADD.
Fixes: https://github.com/389ds/389-ds-base/issues/5610
Reviewed by: ???
Gbp-Pq: Name 5610-fix-linking.diff
Debian FreeIPA Team [Tue, 24 Jan 2023 11:21:19 +0000 (11:21 +0000)]
fix-saslpath
Gbp-Pq: Name fix-saslpath.diff
Timo Aaltonen [Tue, 24 Jan 2023 11:21:19 +0000 (11:21 +0000)]
389-ds-base (2.3.1+dfsg1-1) unstable; urgency=medium
* Repackage the source, filter vendored crates and allow building with
packaged crates.
* d/vendor: Add concread 0.2.21 and uuid 0.8.
* allow-newer-crates.diff, control: Add a bunch of rust crates to
build-deps, and patch toml files to allow newer crates.
* concread: Mark tcache as non-default, fix checksums and ease a dep.
* Update copyright for vendored bits.
[dgit import unpatched 389-ds-base 2.3.1+dfsg1-1]
Timo Aaltonen [Tue, 24 Jan 2023 11:21:19 +0000 (11:21 +0000)]
Import 389-ds-base_2.3.1+dfsg1.orig.tar.xz
[dgit import orig 389-ds-base_2.3.1+dfsg1.orig.tar.xz]
Timo Aaltonen [Tue, 24 Jan 2023 11:21:19 +0000 (11:21 +0000)]
Import 389-ds-base_2.3.1+dfsg1-1.debian.tar.xz
[dgit import tarball 389-ds-base 2.3.1+dfsg1-1 389-ds-base_2.3.1+dfsg1-1.debian.tar.xz]
Raspbian automatic forward porter [Sat, 1 Oct 2022 12:34:45 +0000 (13:34 +0100)]
Merge version 2.0.15-1+rpi1 and 2.0.15-1.1 to produce 2.0.15-1.1+rpi1
Adrian Bunk [Tue, 13 Sep 2022 19:10:45 +0000 (20:10 +0100)]
Merge 389-ds-base (2.0.15-1.1) import into refs/heads/workingbranch
tbordaz [Wed, 30 Mar 2022 16:07:23 +0000 (18:07 +0200)]
Issue 5242- Craft message may crash the server (#5243)
Bug description:
A craft request can result in DoS
Fix description:
If the server fails to decode the ber value
then return an Error
relates: 5242
Reviewed by: Pierre Rogier, Mark Reynolds (thanks !)
Platforms tested: F34
Gbp-Pq: Name 0001-Issue-5242-Craft-message-may-crash-the-server-5243.patch
Timo Aaltonen [Wed, 15 Dec 2021 19:40:38 +0000 (21:40 +0200)]
[PATCH] Revert "Issue 3584 - Fix PBKDF2_SHA256 hashing in FIPS mode (#4949)"
This reverts commit
b0d06615e1117799ec156d51489cd49c92635cca.
Gbp-Pq: Name 0001-Revert-Issue-3584-Fix-PBKDF2_SHA256-hashing-in-FIPS-.patch
Debian FreeIPA Team [Tue, 13 Sep 2022 19:10:45 +0000 (20:10 +0100)]
fix-saslpath
Gbp-Pq: Name fix-saslpath.diff
Adrian Bunk [Tue, 13 Sep 2022 19:10:45 +0000 (20:10 +0100)]
389-ds-base (2.0.15-1.1) unstable; urgency=medium
* Non-maintainer upload.
* CVE-2022-0918: unauthenticated attacker with network access to
the LDAP port could cause a denial of service (Closes: #
1016445)
[dgit import unpatched 389-ds-base 2.0.15-1.1]
Adrian Bunk [Tue, 13 Sep 2022 19:10:45 +0000 (20:10 +0100)]
Import 389-ds-base_2.0.15-1.1.debian.tar.xz
[dgit import tarball 389-ds-base 2.0.15-1.1 389-ds-base_2.0.15-1.1.debian.tar.xz]
Raspbian automatic forward porter [Mon, 18 Apr 2022 16:02:48 +0000 (17:02 +0100)]
Merge version 2.0.14-1+rpi1 and 2.0.15-1 to produce 2.0.15-1+rpi1
Timo Aaltonen [Wed, 13 Apr 2022 11:11:20 +0000 (12:11 +0100)]
Merge 389-ds-base (2.0.15-1) import into refs/heads/workingbranch
Timo Aaltonen [Wed, 13 Apr 2022 11:11:20 +0000 (12:11 +0100)]
Import 389-ds-base_2.0.15.orig.tar.gz
[dgit import orig 389-ds-base_2.0.15.orig.tar.gz]
Timo Aaltonen [Wed, 15 Dec 2021 19:40:38 +0000 (21:40 +0200)]
[PATCH] Revert "Issue 3584 - Fix PBKDF2_SHA256 hashing in FIPS mode (#4949)"
This reverts commit
b0d06615e1117799ec156d51489cd49c92635cca.
Gbp-Pq: Name 0001-Revert-Issue-3584-Fix-PBKDF2_SHA256-hashing-in-FIPS-.patch
Debian FreeIPA Team [Wed, 13 Apr 2022 11:11:20 +0000 (12:11 +0100)]
fix-saslpath
Gbp-Pq: Name fix-saslpath.diff
Timo Aaltonen [Wed, 13 Apr 2022 11:11:20 +0000 (12:11 +0100)]
389-ds-base (2.0.15-1) unstable; urgency=medium
* New upstream release.
[dgit import unpatched 389-ds-base 2.0.15-1]
Timo Aaltonen [Wed, 13 Apr 2022 11:11:20 +0000 (12:11 +0100)]
Import 389-ds-base_2.0.15-1.debian.tar.xz
[dgit import tarball 389-ds-base 2.0.15-1 389-ds-base_2.0.15-1.debian.tar.xz]
Raspbian automatic forward porter [Fri, 18 Feb 2022 05:17:14 +0000 (05:17 +0000)]
Merge version 2.0.11-2+rpi1 and 2.0.14-1 to produce 2.0.14-1+rpi1
Timo Aaltonen [Thu, 10 Feb 2022 18:00:45 +0000 (18:00 +0000)]
Merge 389-ds-base (2.0.14-1) import into refs/heads/workingbranch
Timo Aaltonen [Wed, 15 Dec 2021 19:40:38 +0000 (21:40 +0200)]
[PATCH] Revert "Issue 3584 - Fix PBKDF2_SHA256 hashing in FIPS mode (#4949)"
This reverts commit
b0d06615e1117799ec156d51489cd49c92635cca.
Gbp-Pq: Name 0001-Revert-Issue-3584-Fix-PBKDF2_SHA256-hashing-in-FIPS-.patch
Debian FreeIPA Team [Thu, 10 Feb 2022 18:00:45 +0000 (18:00 +0000)]
fix-saslpath
Gbp-Pq: Name fix-saslpath.diff
Timo Aaltonen [Thu, 10 Feb 2022 18:00:45 +0000 (18:00 +0000)]
389-ds-base (2.0.14-1) unstable; urgency=medium
* New upstream release.
* install: Updated.
* control: Bump policy to 4.6.0.
[dgit import unpatched 389-ds-base 2.0.14-1]
Timo Aaltonen [Thu, 10 Feb 2022 18:00:45 +0000 (18:00 +0000)]
Import 389-ds-base_2.0.14.orig.tar.gz
[dgit import orig 389-ds-base_2.0.14.orig.tar.gz]
Timo Aaltonen [Thu, 10 Feb 2022 18:00:45 +0000 (18:00 +0000)]
Import 389-ds-base_2.0.14-1.debian.tar.xz
[dgit import tarball 389-ds-base 2.0.14-1 389-ds-base_2.0.14-1.debian.tar.xz]
Raspbian automatic forward porter [Tue, 21 Dec 2021 18:59:59 +0000 (18:59 +0000)]
Merge version 1.4.4.17-1+rpi1 and 2.0.11-2 to produce 2.0.11-2+rpi1
Timo Aaltonen [Wed, 15 Dec 2021 21:23:15 +0000 (21:23 +0000)]
Merge 389-ds-base (2.0.11-2) import into refs/heads/workingbranch
Timo Aaltonen [Wed, 15 Dec 2021 19:40:38 +0000 (21:40 +0200)]
[PATCH] Revert "Issue 3584 - Fix PBKDF2_SHA256 hashing in FIPS mode (#4949)"
This reverts commit
b0d06615e1117799ec156d51489cd49c92635cca.
Gbp-Pq: Name 0001-Revert-Issue-3584-Fix-PBKDF2_SHA256-hashing-in-FIPS-.patch
Debian FreeIPA Team [Wed, 15 Dec 2021 21:23:15 +0000 (21:23 +0000)]
fix-saslpath
Gbp-Pq: Name fix-saslpath.diff
Timo Aaltonen [Wed, 15 Dec 2021 21:23:15 +0000 (21:23 +0000)]
389-ds-base (2.0.11-2) unstable; urgency=medium
* Revert a commit that makes dscreate to fail.
[dgit import unpatched 389-ds-base 2.0.11-2]
Timo Aaltonen [Wed, 15 Dec 2021 21:23:15 +0000 (21:23 +0000)]
Import 389-ds-base_2.0.11-2.debian.tar.xz
[dgit import tarball 389-ds-base 2.0.11-2 389-ds-base_2.0.11-2.debian.tar.xz]
Timo Aaltonen [Wed, 15 Dec 2021 19:03:20 +0000 (19:03 +0000)]
Import 389-ds-base_2.0.11.orig.tar.gz
[dgit import orig 389-ds-base_2.0.11.orig.tar.gz]
Raspbian automatic forward porter [Tue, 26 Oct 2021 22:55:10 +0000 (23:55 +0100)]
Merge version 1.4.4.16-1+rpi1 and 1.4.4.17-1 to produce 1.4.4.17-1+rpi1
Timo Aaltonen [Mon, 18 Oct 2021 15:36:30 +0000 (16:36 +0100)]
Merge 389-ds-base (1.4.4.17-1) import into refs/heads/workingbranch
Debian FreeIPA Team [Mon, 18 Oct 2021 15:36:30 +0000 (16:36 +0100)]
fix-saslpath
Gbp-Pq: Name fix-saslpath.diff
Timo Aaltonen [Mon, 18 Oct 2021 15:36:30 +0000 (16:36 +0100)]
389-ds-base (1.4.4.17-1) unstable; urgency=medium
* New upstream release.
- CVE-2021-3652 (Closes: #991405)
* tests: Add isolation-container to restrictions.
* Add a dependency to libjemalloc2, and add a symlink to it so the
preload works. (Closes: #992696)
* CVE-2017-15135.patch: Dropped, fixed by upstream issue #4817.
[dgit import unpatched 389-ds-base 1.4.4.17-1]
Timo Aaltonen [Mon, 18 Oct 2021 15:36:30 +0000 (16:36 +0100)]
Import 389-ds-base_1.4.4.17.orig.tar.gz
[dgit import orig 389-ds-base_1.4.4.17.orig.tar.gz]
Timo Aaltonen [Mon, 18 Oct 2021 15:36:30 +0000 (16:36 +0100)]
Import 389-ds-base_1.4.4.17-1.debian.tar.xz
[dgit import tarball 389-ds-base 1.4.4.17-1 389-ds-base_1.4.4.17-1.debian.tar.xz]
Raspbian automatic forward porter [Tue, 14 Sep 2021 23:57:58 +0000 (00:57 +0100)]
Merge version 1.4.4.11-2+rpi1 and 1.4.4.16-1 to produce 1.4.4.16-1+rpi1
Timo Aaltonen [Mon, 16 Aug 2021 06:54:52 +0000 (07:54 +0100)]
Merge 389-ds-base (1.4.4.16-1) import into refs/heads/workingbranch
William Brown [Thu, 18 Jan 2018 01:27:58 +0000 (11:27 +1000)]
[PATCH] Ticket bz1525628 - invalid password migration causes unauth bind
Bug Description: Slapi_ct_memcmp expects both inputs to be
at LEAST size n. If they are not, we only compared UP to n.
Invalid migrations of passwords (IE {CRYPT}XX) would create
a pw which is just salt and no hash. ct_memcmp would then
only verify the salt bits and would allow the authentication.
This relies on an administrative mistake both of allowing
password migration (nsslapd-allow-hashed-passwords) and then
subsequently migrating an INVALID password to the server.
Fix Description: slapi_ct_memcmp now access n1, n2 size
and will FAIL if they are not the same, but will still compare
n bytes, where n is the "longest" memory, to the first byte
of the other to prevent length disclosure of the shorter
value (generally the mis-migrated password)
https://bugzilla.redhat.com/show_bug.cgi?id=
1525628
Author: wibrown
Review by: ???
Gbp-Pq: Name CVE-2017-15135.patch
Debian FreeIPA Team [Mon, 16 Aug 2021 06:54:52 +0000 (07:54 +0100)]
fix-saslpath
Gbp-Pq: Name fix-saslpath.diff
Timo Aaltonen [Mon, 16 Aug 2021 06:54:52 +0000 (07:54 +0100)]
389-ds-base (1.4.4.16-1) unstable; urgency=medium
* New upstream release.
* fix-s390x-failure.diff: Dropped, upstream.
* watch: Updated to use github.
* copyright: Fix 'globbing-patterns-out-of-order'.
[dgit import unpatched 389-ds-base 1.4.4.16-1]
Timo Aaltonen [Mon, 16 Aug 2021 06:54:52 +0000 (07:54 +0100)]
Import 389-ds-base_1.4.4.16.orig.tar.gz
[dgit import orig 389-ds-base_1.4.4.16.orig.tar.gz]
Timo Aaltonen [Mon, 16 Aug 2021 06:54:52 +0000 (07:54 +0100)]
Import 389-ds-base_1.4.4.16-1.debian.tar.xz
[dgit import tarball 389-ds-base 1.4.4.16-1 389-ds-base_1.4.4.16-1.debian.tar.xz]
Raspbian automatic forward porter [Fri, 28 May 2021 06:17:09 +0000 (07:17 +0100)]
Merge version 1.4.4.11-1+rpi1 and 1.4.4.11-2 to produce 1.4.4.11-2+rpi1
Timo Aaltonen [Wed, 19 May 2021 11:22:15 +0000 (12:22 +0100)]
Merge 389-ds-base (1.4.4.11-2) import into refs/heads/workingbranch
tbordaz [Tue, 27 Apr 2021 07:29:32 +0000 (09:29 +0200)]
[PATCH] Issue 4711 - SIGSEV with sync_repl (#4738)
Bug description:
sync_repl sends back entries identified with a unique
identifier that is 'nsuniqueid'. If 'nsuniqueid' is
missing, then it may crash
Fix description:
Check a nsuniqueid is available else returns OP_ERR
relates: https://github.com/389ds/389-ds-base/issues/4711
Reviewed by: Pierre Rogier, James Chapman, William Brown (Thanks!)
Platforms tested: F33
Gbp-Pq: Name 4711-SIGSEV-with-sync_repl-4738.patch
Debian FreeIPA Team [Wed, 19 May 2021 11:22:15 +0000 (12:22 +0100)]
fix-s390x-failure
commit
900e6fdcf152dd696b5ae189cb1d7c67ab143bae
Author: tbordaz <tbordaz@redhat.com>
Date: Thu Jan 28 10:39:31 2021 +0100
Issue 4563 - Failure on s390x: 'Fails to split RDN "o=pki-tomcat-CA" into components' (#4573)
Bug description:
SLAPI_OPERATION_TYPE is a stored/read as an int (slapi_pblock_get/set).
This although the storage field is an unsigned long.
Calling slapi_pblock_get with an long (8 btyes) destination creates
a problem on big-endian (s390x).
Fix description:
Define destination op_type as an int (4 bytes)
relates: https://github.com/389ds/389-ds-base/issues/4563
Reviewed by: Mark Reynolds, William Brown
Platforms tested: F31 (little endian), Debian (big endian)
Gbp-Pq: Name fix-s390x-failure.diff
William Brown [Thu, 18 Jan 2018 01:27:58 +0000 (11:27 +1000)]
[PATCH] Ticket bz1525628 - invalid password migration causes unauth bind
Bug Description: Slapi_ct_memcmp expects both inputs to be
at LEAST size n. If they are not, we only compared UP to n.
Invalid migrations of passwords (IE {CRYPT}XX) would create
a pw which is just salt and no hash. ct_memcmp would then
only verify the salt bits and would allow the authentication.
This relies on an administrative mistake both of allowing
password migration (nsslapd-allow-hashed-passwords) and then
subsequently migrating an INVALID password to the server.
Fix Description: slapi_ct_memcmp now access n1, n2 size
and will FAIL if they are not the same, but will still compare
n bytes, where n is the "longest" memory, to the first byte
of the other to prevent length disclosure of the shorter
value (generally the mis-migrated password)
https://bugzilla.redhat.com/show_bug.cgi?id=
1525628
Author: wibrown
Review by: ???
Gbp-Pq: Name CVE-2017-15135.patch
Debian FreeIPA Team [Wed, 19 May 2021 11:22:15 +0000 (12:22 +0100)]
fix-saslpath
Gbp-Pq: Name fix-saslpath.diff
Timo Aaltonen [Wed, 19 May 2021 11:22:15 +0000 (12:22 +0100)]
389-ds-base (1.4.4.11-2) unstable; urgency=medium
* 4711-SIGSEV-with-sync_repl-4738.patch: Fix CVE-2021-3514. (Closes:
#988727)
[dgit import unpatched 389-ds-base 1.4.4.11-2]
Timo Aaltonen [Wed, 19 May 2021 11:22:15 +0000 (12:22 +0100)]
Import 389-ds-base_1.4.4.11-2.debian.tar.xz
[dgit import tarball 389-ds-base 1.4.4.11-2 389-ds-base_1.4.4.11-2.debian.tar.xz]
Raspbian automatic forward porter [Fri, 5 Feb 2021 14:07:18 +0000 (14:07 +0000)]
Merge version 1.4.4.10-1+rpi1 and 1.4.4.11-1 to produce 1.4.4.11-1+rpi1
Timo Aaltonen [Thu, 28 Jan 2021 11:03:32 +0000 (11:03 +0000)]
Merge 389-ds-base (1.4.4.11-1) import into refs/heads/workingbranch
Timo Aaltonen [Thu, 28 Jan 2021 11:03:32 +0000 (11:03 +0000)]
Import 389-ds-base_1.4.4.11.orig.tar.bz2
[dgit import orig 389-ds-base_1.4.4.11.orig.tar.bz2]
Debian FreeIPA Team [Thu, 28 Jan 2021 11:03:32 +0000 (11:03 +0000)]
fix-s390x-failure
commit
900e6fdcf152dd696b5ae189cb1d7c67ab143bae
Author: tbordaz <tbordaz@redhat.com>
Date: Thu Jan 28 10:39:31 2021 +0100
Issue 4563 - Failure on s390x: 'Fails to split RDN "o=pki-tomcat-CA" into components' (#4573)
Bug description:
SLAPI_OPERATION_TYPE is a stored/read as an int (slapi_pblock_get/set).
This although the storage field is an unsigned long.
Calling slapi_pblock_get with an long (8 btyes) destination creates
a problem on big-endian (s390x).
Fix description:
Define destination op_type as an int (4 bytes)
relates: https://github.com/389ds/389-ds-base/issues/4563
Reviewed by: Mark Reynolds, William Brown
Platforms tested: F31 (little endian), Debian (big endian)
Gbp-Pq: Name fix-s390x-failure.diff
William Brown [Thu, 18 Jan 2018 01:27:58 +0000 (11:27 +1000)]
[PATCH] Ticket bz1525628 - invalid password migration causes unauth bind
Bug Description: Slapi_ct_memcmp expects both inputs to be
at LEAST size n. If they are not, we only compared UP to n.
Invalid migrations of passwords (IE {CRYPT}XX) would create
a pw which is just salt and no hash. ct_memcmp would then
only verify the salt bits and would allow the authentication.
This relies on an administrative mistake both of allowing
password migration (nsslapd-allow-hashed-passwords) and then
subsequently migrating an INVALID password to the server.
Fix Description: slapi_ct_memcmp now access n1, n2 size
and will FAIL if they are not the same, but will still compare
n bytes, where n is the "longest" memory, to the first byte
of the other to prevent length disclosure of the shorter
value (generally the mis-migrated password)
https://bugzilla.redhat.com/show_bug.cgi?id=
1525628
Author: wibrown
Review by: ???
Gbp-Pq: Name CVE-2017-15135.patch
Debian FreeIPA Team [Thu, 28 Jan 2021 11:03:32 +0000 (11:03 +0000)]
fix-saslpath
Gbp-Pq: Name fix-saslpath.diff
Timo Aaltonen [Thu, 28 Jan 2021 11:03:32 +0000 (11:03 +0000)]
389-ds-base (1.4.4.11-1) unstable; urgency=medium
* New upstream release.
* fix-s390x-failure.diff: Fix a crash on big-endian architectures like
s390x.
[dgit import unpatched 389-ds-base 1.4.4.11-1]
Timo Aaltonen [Thu, 28 Jan 2021 11:03:32 +0000 (11:03 +0000)]
Import 389-ds-base_1.4.4.11-1.debian.tar.xz
[dgit import tarball 389-ds-base 1.4.4.11-1 389-ds-base_1.4.4.11-1.debian.tar.xz]
Raspbian automatic forward porter [Mon, 25 Jan 2021 03:45:08 +0000 (03:45 +0000)]
Merge version 1.4.4.9-1+rpi1 and 1.4.4.10-1 to produce 1.4.4.10-1+rpi1
Timo Aaltonen [Thu, 21 Jan 2021 20:16:28 +0000 (20:16 +0000)]
Merge 389-ds-base (1.4.4.10-1) import into refs/heads/workingbranch
William Brown [Thu, 18 Jan 2018 01:27:58 +0000 (11:27 +1000)]
[PATCH] Ticket bz1525628 - invalid password migration causes unauth bind
Bug Description: Slapi_ct_memcmp expects both inputs to be
at LEAST size n. If they are not, we only compared UP to n.
Invalid migrations of passwords (IE {CRYPT}XX) would create
a pw which is just salt and no hash. ct_memcmp would then
only verify the salt bits and would allow the authentication.
This relies on an administrative mistake both of allowing
password migration (nsslapd-allow-hashed-passwords) and then
subsequently migrating an INVALID password to the server.
Fix Description: slapi_ct_memcmp now access n1, n2 size
and will FAIL if they are not the same, but will still compare
n bytes, where n is the "longest" memory, to the first byte
of the other to prevent length disclosure of the shorter
value (generally the mis-migrated password)
https://bugzilla.redhat.com/show_bug.cgi?id=
1525628
Author: wibrown
Review by: ???
Gbp-Pq: Name CVE-2017-15135.patch
Debian FreeIPA Team [Thu, 21 Jan 2021 20:16:28 +0000 (20:16 +0000)]
fix-saslpath
Gbp-Pq: Name fix-saslpath.diff
Timo Aaltonen [Thu, 21 Jan 2021 20:16:28 +0000 (20:16 +0000)]
389-ds-base (1.4.4.10-1) unstable; urgency=medium
* New upstream release.
* CVE-2017-15135.patch: Refreshed.
* source: Update diff-ignore.
* install: Drop libsds which got removed.
* control: Add libnss3-tools to cockpit-389-ds Depends. (Closes:
#965004)
* control: Drop python3-six from depends.
[dgit import unpatched 389-ds-base 1.4.4.10-1]
Timo Aaltonen [Thu, 21 Jan 2021 20:16:28 +0000 (20:16 +0000)]
Import 389-ds-base_1.4.4.10.orig.tar.bz2
[dgit import orig 389-ds-base_1.4.4.10.orig.tar.bz2]
Timo Aaltonen [Thu, 21 Jan 2021 20:16:28 +0000 (20:16 +0000)]
Import 389-ds-base_1.4.4.10-1.debian.tar.xz
[dgit import tarball 389-ds-base 1.4.4.10-1 389-ds-base_1.4.4.10-1.debian.tar.xz]
Raspbian automatic forward porter [Sun, 20 Dec 2020 11:52:37 +0000 (11:52 +0000)]
Merge version 1.4.4.8-1+rpi1 and 1.4.4.9-1 to produce 1.4.4.9-1+rpi1
Timo Aaltonen [Fri, 18 Dec 2020 13:29:20 +0000 (13:29 +0000)]
Merge 389-ds-base (1.4.4.9-1) import into refs/heads/workingbranch
William Brown [Thu, 18 Jan 2018 01:27:58 +0000 (11:27 +1000)]
[PATCH] Ticket bz1525628 - invalid password migration causes unauth bind
Bug Description: Slapi_ct_memcmp expects both inputs to be
at LEAST size n. If they are not, we only compared UP to n.
Invalid migrations of passwords (IE {CRYPT}XX) would create
a pw which is just salt and no hash. ct_memcmp would then
only verify the salt bits and would allow the authentication.
This relies on an administrative mistake both of allowing
password migration (nsslapd-allow-hashed-passwords) and then
subsequently migrating an INVALID password to the server.
Fix Description: slapi_ct_memcmp now access n1, n2 size
and will FAIL if they are not the same, but will still compare
n bytes, where n is the "longest" memory, to the first byte
of the other to prevent length disclosure of the shorter
value (generally the mis-migrated password)
https://bugzilla.redhat.com/show_bug.cgi?id=
1525628
Author: wibrown
Review by: ???
Gbp-Pq: Name CVE-2017-15135.patch
Debian FreeIPA Team [Fri, 18 Dec 2020 13:29:20 +0000 (13:29 +0000)]
fix-saslpath
Gbp-Pq: Name fix-saslpath.diff
Timo Aaltonen [Fri, 18 Dec 2020 13:29:20 +0000 (13:29 +0000)]
389-ds-base (1.4.4.9-1) unstable; urgency=medium
* New upstream release.
* fix-prlog-include.diff: Dropped, upstream.
[dgit import unpatched 389-ds-base 1.4.4.9-1]
Timo Aaltonen [Fri, 18 Dec 2020 13:29:20 +0000 (13:29 +0000)]
Import 389-ds-base_1.4.4.9.orig.tar.bz2
[dgit import orig 389-ds-base_1.4.4.9.orig.tar.bz2]
Timo Aaltonen [Fri, 18 Dec 2020 13:29:20 +0000 (13:29 +0000)]
Import 389-ds-base_1.4.4.9-1.debian.tar.xz
[dgit import tarball 389-ds-base 1.4.4.9-1 389-ds-base_1.4.4.9-1.debian.tar.xz]
Raspbian automatic forward porter [Tue, 17 Nov 2020 15:23:47 +0000 (15:23 +0000)]
Merge version 1.4.4.4-1+rpi1 and 1.4.4.8-1 to produce 1.4.4.8-1+rpi1
Timo Aaltonen [Thu, 12 Nov 2020 13:57:11 +0000 (13:57 +0000)]
Merge 389-ds-base (1.4.4.8-1) import into refs/heads/workingbranch
projects / 389-ds-base.git / log