Ubuntu
openldap package

Merge ~ahasenack/ubuntu/+source/openldap:xenial-openldap-crash-1866303 into ubuntu/+source/openldap:ubuntu/xenial-devel

  1. Git
  2. lp:~ahasenack/ubuntu/+source/openldap
  3. xenial-openldap-crash-1866303
  4. Merge into ubuntu/xenial-devel
Proposed by Andreas Hasenack
Status: Merged
Approved by: Andreas Hasenack
Approved revision: 9986d3484c9b95f346fe3ac36d600145b7dfe97b
Merged at revision: b52b467778f3279db765bd8c63c4d8cfb3429995
Proposed branch: ~ahasenack/ubuntu/+source/openldap:xenial-openldap-crash-1866303
Merge into: ubuntu/+source/openldap:ubuntu/xenial-devel
Diff against target: 93 lines (+54/-1)
4 files modified
debian/apparmor-profile (+2/-1)
debian/changelog (+13/-0)
debian/patches/ITS-9171-Insert-callback-in-the-right-place.patch (+38/-0)
debian/patches/series (+1/-0)
Reviewer Review Type Date Requested Status
Christian Ehrhardt  (community) Approve
Canonical Server Pending
Review via email: mp+386701@code.launchpad.net

Description of the change

Previously applied to focal, now it's time to SRU the fix to the other ubuntu releases.

The bug contains the SRU template, and testing instructions. The patch is the same one used for focal.

PPA for testing: https://launchpad.net/~ahasenack/+archive/ubuntu/openldap-crash-1866303

To post a comment you must log in.
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Reviewed in more detail in the Eoan MP, same change here and CL difference is ok.
+1

review: Approve
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Thanks, tagging and uploading 9986d3484c9b95f346fe3ac36d600145b7dfe97b

$ git push pkg upload/2.4.42+dfsg-2ubuntu3.9
Enumerating objects: 16, done.
Counting objects: 100% (16/16), done.
Delta compression using up to 4 threads
Compressing objects: 100% (11/11), done.
Writing objects: 100% (11/11), 2.00 KiB | 93.00 KiB/s, done.
Total 11 (delta 7), reused 1 (delta 0)
To ssh://git.launchpad.net/~usd-import-team/ubuntu/+source/openldap
 * [new tag] upload/2.4.42+dfsg-2ubuntu3.9 -> upload/2.4.42+dfsg-2ubuntu3.9

$ dput ubuntu ../openldap_2.4.42+dfsg-2ubuntu3.9_source.changes
Checking signature on .changes
gpg: ../openldap_2.4.42+dfsg-2ubuntu3.9_source.changes: Valid signature from AC983EB5BF6BCBA9
Checking signature on .dsc
gpg: ../openldap_2.4.42+dfsg-2ubuntu3.9.dsc: Valid signature from AC983EB5BF6BCBA9
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading openldap_2.4.42+dfsg-2ubuntu3.9.dsc: done.
  Uploading openldap_2.4.42+dfsg-2ubuntu3.9.debian.tar.xz: done.
  Uploading openldap_2.4.42+dfsg-2ubuntu3.9_source.buildinfo: done.
  Uploading openldap_2.4.42+dfsg-2ubuntu3.9_source.changes: done.
Successfully uploaded packages.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

This wasn't accepted in -unapproved yet.
There also are accepted but not yet sponsored MPs for bug 1557157.
Could you combine the SRU cycle for this with an upload combining the two?

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

I asked for it to be rejected from unapproved, and I included sergio's fix in a new upload.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/apparmor-profile b/debian/apparmor-profile
index 793fa7b..9e1070f 100644
--- a/debian/apparmor-profile
+++ b/debian/apparmor-profile
@@ -1,5 +1,5 @@
1# vim:syntax=apparmor1# vim:syntax=apparmor
2# Last Modified: Fri Jan 4 15:18:13 20082# Last Modified: Fri Jun 6 13:51:00 2020
3# Author: Jamie Strandboge <jamie@ubuntu.com>3# Author: Jamie Strandboge <jamie@ubuntu.com>
44
5#include <tunables/global>5#include <tunables/global>
@@ -49,6 +49,7 @@
49 /{,var/}run/slapd/* w,49 /{,var/}run/slapd/* w,
50 /{,var/}run/slapd/ldapi rw,50 /{,var/}run/slapd/ldapi rw,
51 /{,var/}run/nslcd/socket rw,51 /{,var/}run/nslcd/socket rw,
52 /{,var/}run/saslauthd/mux rw,
5253
53 /usr/lib/ldap/ r,54 /usr/lib/ldap/ r,
54 /usr/lib/ldap/* mr,55 /usr/lib/ldap/* mr,
diff --git a/debian/changelog b/debian/changelog
index 3cbc80b..0c4ab3c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,16 @@
1openldap (2.4.42+dfsg-2ubuntu3.9) xenial; urgency=medium
2
3 [ Andreas Hasenack ]
4 * d/p/ITS-9171-Insert-callback-in-the-right-place.patch: Import upstream
5 patch to fix slapd crashing in certain configurations when a client
6 attempts a login to a locked account. (LP: #1866303)
7
8 [ Sergio Durigan Junior]
9 * d/apparmor-profile: Update apparmor profile to grant access to
10 the saslauthd socket, so that SASL authentication works. (LP: #1557157)
11
12 -- Andreas Hasenack <andreas@canonical.com> Wed, 01 Jul 2020 16:33:08 -0300
13
1openldap (2.4.42+dfsg-2ubuntu3.8) xenial-security; urgency=medium14openldap (2.4.42+dfsg-2ubuntu3.8) xenial-security; urgency=medium
215
3 * SECURITY UPDATE: denial of service via nested search filters16 * SECURITY UPDATE: denial of service via nested search filters
diff --git a/debian/patches/ITS-9171-Insert-callback-in-the-right-place.patch b/debian/patches/ITS-9171-Insert-callback-in-the-right-place.patch
4new file mode 10064417new file mode 100644
index 0000000..deb5418
--- /dev/null
+++ b/debian/patches/ITS-9171-Insert-callback-in-the-right-place.patch
@@ -0,0 +1,38 @@
1From 0f106b550ebc226f788ea1c1a87bc27a84f98e90 Mon Sep 17 00:00:00 2001
2From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= <ondra@mistotebe.net>
3Date: Fri, 21 Feb 2020 10:26:53 +0000
4Subject: [PATCH] ITS#9171 Insert callback in the right place
5
6---
7 servers/slapd/overlays/ppolicy.c | 6 ++----
8 1 file changed, 2 insertions(+), 4 deletions(-)
9
10diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c
11index a8f8f3073..3c12024bd 100644
12--- a/servers/slapd/overlays/ppolicy.c
13+++ b/servers/slapd/overlays/ppolicy.c
14@@ -1323,9 +1323,8 @@ ppolicy_bind( Operation *op, SlapReply *rs )
15 /* Setup a callback so we can munge the result */
16
17 cb->sc_response = ppolicy_bind_response;
18- cb->sc_next = op->o_callback->sc_next;
19 cb->sc_private = ppb;
20- op->o_callback->sc_next = cb;
21+ overlay_callback_after_backover( op, cb, 1 );
22
23 /* Did we receive a password policy request control? */
24 if ( op->o_ctrlflag[ppolicy_cid] ) {
25@@ -1469,9 +1468,8 @@ ppolicy_compare(
26 /* Setup a callback so we can munge the result */
27
28 cb->sc_response = ppolicy_compare_response;
29- cb->sc_next = op->o_callback->sc_next;
30 cb->sc_private = ppb;
31- op->o_callback->sc_next = cb;
32+ overlay_callback_after_backover( op, cb, 1 );
33
34 op->o_bd->bd_info = (BackendInfo *)on;
35 ppolicy_get( op, e, &ppb->pp );
36--
372.20.1
38
diff --git a/debian/patches/series b/debian/patches/series
index 1284351..7692451 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -38,3 +38,4 @@ CVE-2019-13057-4.patch
38CVE-2019-13565.patch38CVE-2019-13565.patch
39rwm-do-not-free-original-filter.patch39rwm-do-not-free-original-filter.patch
40CVE-2020-12243.patch40CVE-2020-12243.patch
41ITS-9171-Insert-callback-in-the-right-place.patch

Subscribers

People subscribed via source and target branches