Ubuntu
ldb package

Merge ~sergiodj/ubuntu/+source/ldb:merge-2.2.0-3.1-impish into ubuntu/+source/ldb:debian/sid

  1. Git
  2. lp:~sergiodj/ubuntu/+source/ldb
  3. merge-2.2.0-3.1-impish
  4. Merge into debian/sid
Proposed by Sergio Durigan Junior
Status: Merged
Merge reported by: Sergio Durigan Junior
Merged at revision: 20b553574c779975141d989d0422f7ff91615542
Proposed branch: ~sergiodj/ubuntu/+source/ldb:merge-2.2.0-3.1-impish
Merge into: ubuntu/+source/ldb:debian/sid
Diff against target: 102 lines (+75/-1)
2 files modified
debian/changelog (+73/-0)
debian/control (+2/-1)
Reviewer Review Type Date Requested Status
Bryce Harrington (community) Approve
Canonical Server Pending
Canonical Server packageset reviewers Pending
Review via email: mp+406331@code.launchpad.net

Description of the change

This is the merge of ldb 2:2.2.0-3.1ubuntu1 from Debian unstable.

It's a relatively simple merge, whose purpose is to consolidate the CVE fixes that have been added as a delta to the Ubuntu package but are now available in the Debian package as well.

When we remove these patches from our delta, the only thing that is left is the one-liner change on d/rules related to bug 1920825. This change was made because dh-exec on hirsute showed different behaviours depending on the value of DEB_BUILD_PROFILES, which was causing a FTBFS on ldb (and other packages). I was able to verify that the build now passes without this modification.

Considering what I wrote above, this means that the package is actually going to become a sync against Debian. But, in the interest of keeping the merge process transparent and following our conventions, I'm filing this MP and requesting a review before pulling the trigger on requestsync.

There's a PPA with the proposed package here:

https://launchpad.net/~sergiodj/+archive/ubuntu/ldb-merge

ldb doesn't have dep8 tests, but I verified that the package still installs OK. Samba depends on ldb, but we won't need to rebuild it because this is a minor update that doesn't involve soname bumps.

To post a comment you must log in.
Revision history for this message
Bryce Harrington (bryce) wrote :

Yep, LGTM, +1 to syncpackage this.

I had looked at ldb yesterday in doing the merge board review and noticed it looked likely to be a small merge. Glad to hear it can return to sync.

review: Approve
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote (last edit ):

Thanks for the review, Bryce. (And yeah, s/requestsync/syncpackage/ in the Description).

I'm double checking with doko if it's OK to drop the dh-exec-related changes; I'll wait for his reply tomorrow and then (likely) proceed with the sync.

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

I didn't get a reply from doko, so I'm proceeding with the sync. I verified that the package builds fine without the patch in all architectures.

$ syncpackage --force ldb
Loading KWallet
Loading SecretService
Loading Windows
Loading chainer
Loading macOS
Source ldb -> impish/Proposed: current version 2:2.2.0-3ubuntu3, new version 2:2.2.0-3.1
New changes:
ldb (2:2.2.0-3.1) unstable; urgency=medium

  * Non-maintainer upload.
  * ldb_dn: avoid head corruption in ldb_dn_explode (CVE-2020-27840)
    (Closes: #985936)
  * pytests: move Dn.validate test to ldb
  * ldb/attrib_handlers casefold: stay in bounds (CVE-2021-20277)
    (Closes: #985935)
  * ldb: add tests for ldb_wildcard_compare
  * ldb tests: ldb_match tests with extra spaces
  * ldb: Remove tests from ldb_match_test that do not pass

 -- Salvatore Bonaccorso <email address hidden> Fri, 26 Mar 2021 19:52:18 +0100
Sync this package [y|N]? y
Request succeeded; you should get an e-mail once it is processed.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index b29f4fd..acf20d3 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,33 @@
6+ldb (2:2.2.0-3.1ubuntu1) impish; urgency=medium
7+
8+ * Merge with Debian unstable. Remaining changes:
9+ * Dropped changes
10+ - Fix symbols generation (LP: #1920825). On hirsute, dh-exec is showing
11+ different behavior based on the value of DEB_BUILD_PROFILES. This is
12+ causing it to sometimes generate a file with the leading whitespace
13+ removed, which is resulting in a bad symbols file. Set DEB_BUILD_PROFILES
14+ to empty gives a good symbols file.
15+ [ Not needed anymore; dh-exec has since been fixed. ]
16+ - SECURITY UPDATE: Heap corruption via crafted DN strings
17+ + debian/patches/CVE-2020-27840-1.patch: avoid head corruption in
18+ ldb_dn_explode in common/ldb_dn.c.
19+ + debian/patches/CVE-2020-27840-2.patch: add Dn.validate test to ldb
20+ in tests/python/crash.py, wscript.
21+ + CVE-2020-27840
22+ - SECURITY UPDATE: Out of bounds read in AD DC LDAP server
23+ + debian/patches/CVE-2021-20277-1.patch: add tests for
24+ ldb_wildcard_compare in tests/ldb_match_test.c.
25+ + debian/patches/CVE-2021-20277-2.patch: ldb_match tests with extra
26+ spaces in tests/ldb_match_test.c.
27+ + debian/patches/CVE-2021-20277-3.patch: remove tests from
28+ ldb_match_test that do not pass in tests/ldb_match_test.c.
29+ + debian/patches/CVE-2021-20277-4.patch: stay in bounds in
30+ common/attrib_handlers.c.
31+ + CVE-2021-20277
32+ [ Fixed in version 2:2.2.0-3.1 ]
33+
34+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Wed, 28 Jul 2021 16:24:30 -0400
35+
36 ldb (2:2.2.0-3.1) unstable; urgency=medium
37
38 * Non-maintainer upload.
39@@ -12,6 +42,49 @@ ldb (2:2.2.0-3.1) unstable; urgency=medium
40
41 -- Salvatore Bonaccorso <carnil@debian.org> Fri, 26 Mar 2021 19:52:18 +0100
42
43+ldb (2:2.2.0-3ubuntu3) impish; urgency=medium
44+
45+ * No-change rebuild due to OpenLDAP soname bump.
46+
47+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 21 Jun 2021 17:50:03 -0400
48+
49+ldb (2:2.2.0-3ubuntu2) hirsute; urgency=medium
50+
51+ * SECURITY UPDATE: Heap corruption via crafted DN strings
52+ - debian/patches/CVE-2020-27840-1.patch: avoid head corruption in
53+ ldb_dn_explode in common/ldb_dn.c.
54+ - debian/patches/CVE-2020-27840-2.patch: add Dn.validate test to ldb
55+ in tests/python/crash.py, wscript.
56+ - CVE-2020-27840
57+ * SECURITY UPDATE: Out of bounds read in AD DC LDAP server
58+ - debian/patches/CVE-2021-20277-1.patch: add tests for
59+ ldb_wildcard_compare in tests/ldb_match_test.c.
60+ - debian/patches/CVE-2021-20277-2.patch: ldb_match tests with extra
61+ spaces in tests/ldb_match_test.c.
62+ - debian/patches/CVE-2021-20277-3.patch: remove tests from
63+ ldb_match_test that do not pass in tests/ldb_match_test.c.
64+ - debian/patches/CVE-2021-20277-4.patch: stay in bounds in
65+ common/attrib_handlers.c.
66+ - CVE-2021-20277
67+
68+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 30 Mar 2021 13:00:36 -0400
69+
70+ldb (2:2.2.0-3ubuntu1) hirsute; urgency=medium
71+
72+ * Fix symbols generation (LP: #1920825). On hirsute, dh-exec is showing
73+ different behavior based on the value of DEB_BUILD_PROFILES. This is
74+ causing it to sometimes generate a file with the leading whitespace
75+ removed, which is resulting in a bad symbols file. Set DEB_BUILD_PROFILES
76+ to empty gives a good symbols file.
77+
78+ -- Matthias Klose <doko@ubuntu.com> Tue, 30 Mar 2021 16:11:59 +0200
79+
80+ldb (2:2.2.0-3build1) hirsute; urgency=medium
81+
82+ * No-change rebuild to build with python3.9 as default.
83+
84+ -- Matthias Klose <doko@ubuntu.com> Thu, 19 Nov 2020 20:19:08 +0100
85+
86 ldb (2:2.2.0-3) unstable; urgency=medium
87
88 * Upload to unstable
89diff --git a/debian/control b/debian/control
90index 0d8c475..fdc8e7d 100644
91--- a/debian/control
92+++ b/debian/control
93@@ -1,7 +1,8 @@
94 Source: ldb
95 Section: devel
96 Priority: optional
97-Maintainer: Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>
98+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
99+XSBC-Original-Maintainer: Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>
100 Uploaders: Jelmer Vernooij <jelmer@debian.org>,
101 Mathieu Parent <sathieu@debian.org>
102 Build-Depends: dh-exec,

Subscribers

People subscribed via source and target branches