enterprise-support team mailing list archive

Thread
Date
[Bug 1875697] Re: drop fix-ldap-distribution.patch?

To: enterprise-support@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1875697@xxxxxxxxxxxxxxxxxx>
Date: Sat, 06 Jun 2020 06:16:49 -0000
Reply-to: Bug 1875697 <1875697@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
This bug was fixed in the package openldap - 2.4.50+dfsg-1ubuntu1

---------------
openldap (2.4.50+dfsg-1ubuntu1) groovy; urgency=medium

  * Merge with Debian unstable. Remaining changes:
    - Enable AppArmor support:
      + d/apparmor-profile: add AppArmor profile
      + d/rules: use dh_apparmor
      + d/control: Build-Depends on dh-apparmor
      + d/slapd.README.Debian: add note about AppArmor
    - Enable GSSAPI support (first added in 2.4.18-0ubuntu2):
      + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
        - Add --with-gssapi support
        - Make guess_service_principal() more robust when determining
          principal
      + d/configure.options: Configure with --with-gssapi
      + d/control: Added heimdal-dev as a build depend
      + d/rules:
        - Explicitly add -I/usr/include/heimdal to CFLAGS.
        - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
      + d/libldap-2.4-2.symbols: add symbols for GSSAPI support
      This should be dropped when the soname changes.
    - Enable ufw support:
      + d/control: suggest ufw.
      + d/rules: install ufw profile.
      + d/slapd.ufw.profile: add ufw profile.
    - Enable nss overlay:
      + d/rules:
        - add nssov to CONTRIB_MODULES
        - add sysconfdir to CONTRIB_MAKEVARS
      + d/slapd.install:
        - install nssov overlay
      + d/slapd.manpages:
        - install slapo-nssov(5) man page
      + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
        Debian bug #919136, we also have to patch the nssov makefile
        accordingly and thus update this patch.
    - d/{rules,slapd.py}: Add apport hook.
    - d/slapd.scripts-common:
      + add slapcat_opts to local variables.
      + Fix backup directory naming for multiple reconfiguration.
    - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
    - Add support for CLDAP (UDP) support, back then required by
      likewise-open (first enabled in 2.4.17-1ubuntu2):
      + d/rules: Enable -DLDAP_CONNECTIONLESS
      + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP)
      This should be dropped when the soname changes.
    - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because
      of test timing issue.
  * Dropped:
    - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
      either the default DIT nor via an Authn mapping.
      [Not worth keeping a delta for, as having olcRootDN doesn't hurt]
    - Show distribution in version:
      - d/control: added lsb-release
      - d/patches/fix-ldap-distribution.patch: show distribution in version
      [Debian now shows the full package version]
    - SECURITY UPDATE: denial of service via nested search filters
      + debian/patches/CVE-2020-12243.patch: limit depth of nested
        filters in servers/slapd/filter.c.
      [Fixed upstream]
  * Added:
    - d/rules, debian/patches/set-maintainer-name: Extract maintainer
      address dynamically from debian/control. Thanks to Ryan Tandy
      <ryan@xxxxxxxxx> (Closes: #960448, LP: #1875697)

openldap (2.4.50+dfsg-1) unstable; urgency=medium

  * New upstream release.
    - Fixed slapd to limit depth of nested filters
      (ITS#9202) (CVE-2020-12243)
    - Drop patches included upstream: argon2.patch, ITS#9171, ITS#8650.
  * Update Spanish debconf translation.
    Thanks to Camaleón. (Closes: #958869)

openldap (2.4.49+dfsg-4) unstable; urgency=medium

  * Annotate libsodium-dev dependency with <!pkg.openldap.noslapd>.
    Thanks to Helmut Grohne. (Closes: #955993)
  * Add the man page for the Argon2 password module.
    Thanks to Peter Marschall. (Closes: #955977)
  * Build the Argon2 password module with libargon2-dev instead of
    libsodium-dev. Rationale:
    - libargon2 contains the specific functionality needed; libsodium is a
      larger library and contains many features not used here
    - libsodium does not support configuring the p= (parallelism) parameter
  * Import upstream patch to properly retry gnutls_handshake() after it
    returns GNUTLS_E_AGAIN. (ITS#8650) (Closes: #861838)
  * Update the Argon2 password module to upstream commit feb6f21d2e.

openldap (2.4.49+dfsg-3) unstable; urgency=medium

  * Drop patch no-AM_INIT_AUTOMAKE. Instead, configure dh_autoreconf to skip
    automake by setting AUTOMAKE=/bin/true. (Closes: #864637)
  * debian/patches/debian-version: Show Debian version, instead of upstream
    version, in version strings.
  * Add ${perl:Depends} to slapd Depends to silence a dpkg-gencontrol warning.
    This is practically a no-op since slapd explicitly Depends on perl because
    of the maintainer scripts.
  * Import the Argon2 password module from upstream git and install it in
    slapd-contrib. New Build-Depends: libsodium-dev. (Closes: #920283)

 -- Andreas Hasenack <andreas@xxxxxxxxxxxxx>  Mon, 01 Jun 2020 09:19:58
-0300

** Changed in: openldap (Ubuntu)
       Status: In Progress => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-12243

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to openldap in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/1875697

Title:
  drop fix-ldap-distribution.patch?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1875697/+subscriptions
References

[Bug 1875697] [NEW] drop fix-ldap-distribution.patch?
From: Ryan Tandy, 2020-04-28