Ubuntu
ldb package

Merge ~sergiodj/ubuntu/+source/ldb:merge-2.2.0-3.1-impish into ubuntu/+source/ldb:debian/sid

  1. Git
  2. lp:~sergiodj/ubuntu/+source/ldb
  3. merge-2.2.0-3.1-impish
  4. Merge into debian/sid
Proposed by Sergio Durigan Junior
Status: Merged
Merge reported by: Sergio Durigan Junior
Merged at revision: 20b553574c779975141d989d0422f7ff91615542
Proposed branch: ~sergiodj/ubuntu/+source/ldb:merge-2.2.0-3.1-impish
Merge into: ubuntu/+source/ldb:debian/sid
Diff against target: 102 lines (+75/-1)
2 files modified
debian/changelog (+73/-0)
debian/control (+2/-1)
Reviewer Review Type Date Requested Status
Bryce Harrington (community) Approve
Canonical Server Pending
Canonical Server packageset reviewers Pending
Review via email: mp+406331@code.launchpad.net

Description of the change

This is the merge of ldb 2:2.2.0-3.1ubuntu1 from Debian unstable.

It's a relatively simple merge, whose purpose is to consolidate the CVE fixes that have been added as a delta to the Ubuntu package but are now available in the Debian package as well.

When we remove these patches from our delta, the only thing that is left is the one-liner change on d/rules related to bug 1920825. This change was made because dh-exec on hirsute showed different behaviours depending on the value of DEB_BUILD_PROFILES, which was causing a FTBFS on ldb (and other packages). I was able to verify that the build now passes without this modification.

Considering what I wrote above, this means that the package is actually going to become a sync against Debian. But, in the interest of keeping the merge process transparent and following our conventions, I'm filing this MP and requesting a review before pulling the trigger on requestsync.

There's a PPA with the proposed package here:

https://launchpad.net/~sergiodj/+archive/ubuntu/ldb-merge

ldb doesn't have dep8 tests, but I verified that the package still installs OK. Samba depends on ldb, but we won't need to rebuild it because this is a minor update that doesn't involve soname bumps.

To post a comment you must log in.
Revision history for this message
Bryce Harrington (bryce) wrote :

Yep, LGTM, +1 to syncpackage this.

I had looked at ldb yesterday in doing the merge board review and noticed it looked likely to be a small merge. Glad to hear it can return to sync.

review: Approve
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote (last edit ):

Thanks for the review, Bryce. (And yeah, s/requestsync/syncpackage/ in the Description).

I'm double checking with doko if it's OK to drop the dh-exec-related changes; I'll wait for his reply tomorrow and then (likely) proceed with the sync.

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

I didn't get a reply from doko, so I'm proceeding with the sync. I verified that the package builds fine without the patch in all architectures.

$ syncpackage --force ldb
Loading KWallet
Loading SecretService
Loading Windows
Loading chainer
Loading macOS
Source ldb -> impish/Proposed: current version 2:2.2.0-3ubuntu3, new version 2:2.2.0-3.1
New changes:
ldb (2:2.2.0-3.1) unstable; urgency=medium

  * Non-maintainer upload.
  * ldb_dn: avoid head corruption in ldb_dn_explode (CVE-2020-27840)
    (Closes: #985936)
  * pytests: move Dn.validate test to ldb
  * ldb/attrib_handlers casefold: stay in bounds (CVE-2021-20277)
    (Closes: #985935)
  * ldb: add tests for ldb_wildcard_compare
  * ldb tests: ldb_match tests with extra spaces
  * ldb: Remove tests from ldb_match_test that do not pass

 -- Salvatore Bonaccorso <email address hidden> Fri, 26 Mar 2021 19:52:18 +0100
Sync this package [y|N]? y
Request succeeded; you should get an e-mail once it is processed.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/changelog b/debian/changelog
index b29f4fd..acf20d3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,33 @@
1ldb (2:2.2.0-3.1ubuntu1) impish; urgency=medium
2
3 * Merge with Debian unstable. Remaining changes:
4 * Dropped changes
5 - Fix symbols generation (LP: #1920825). On hirsute, dh-exec is showing
6 different behavior based on the value of DEB_BUILD_PROFILES. This is
7 causing it to sometimes generate a file with the leading whitespace
8 removed, which is resulting in a bad symbols file. Set DEB_BUILD_PROFILES
9 to empty gives a good symbols file.
10 [ Not needed anymore; dh-exec has since been fixed. ]
11 - SECURITY UPDATE: Heap corruption via crafted DN strings
12 + debian/patches/CVE-2020-27840-1.patch: avoid head corruption in
13 ldb_dn_explode in common/ldb_dn.c.
14 + debian/patches/CVE-2020-27840-2.patch: add Dn.validate test to ldb
15 in tests/python/crash.py, wscript.
16 + CVE-2020-27840
17 - SECURITY UPDATE: Out of bounds read in AD DC LDAP server
18 + debian/patches/CVE-2021-20277-1.patch: add tests for
19 ldb_wildcard_compare in tests/ldb_match_test.c.
20 + debian/patches/CVE-2021-20277-2.patch: ldb_match tests with extra
21 spaces in tests/ldb_match_test.c.
22 + debian/patches/CVE-2021-20277-3.patch: remove tests from
23 ldb_match_test that do not pass in tests/ldb_match_test.c.
24 + debian/patches/CVE-2021-20277-4.patch: stay in bounds in
25 common/attrib_handlers.c.
26 + CVE-2021-20277
27 [ Fixed in version 2:2.2.0-3.1 ]
28
29 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Wed, 28 Jul 2021 16:24:30 -0400
30
1ldb (2:2.2.0-3.1) unstable; urgency=medium31ldb (2:2.2.0-3.1) unstable; urgency=medium
232
3 * Non-maintainer upload.33 * Non-maintainer upload.
@@ -12,6 +42,49 @@ ldb (2:2.2.0-3.1) unstable; urgency=medium
1242
13 -- Salvatore Bonaccorso <carnil@debian.org> Fri, 26 Mar 2021 19:52:18 +010043 -- Salvatore Bonaccorso <carnil@debian.org> Fri, 26 Mar 2021 19:52:18 +0100
1444
45ldb (2:2.2.0-3ubuntu3) impish; urgency=medium
46
47 * No-change rebuild due to OpenLDAP soname bump.
48
49 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 21 Jun 2021 17:50:03 -0400
50
51ldb (2:2.2.0-3ubuntu2) hirsute; urgency=medium
52
53 * SECURITY UPDATE: Heap corruption via crafted DN strings
54 - debian/patches/CVE-2020-27840-1.patch: avoid head corruption in
55 ldb_dn_explode in common/ldb_dn.c.
56 - debian/patches/CVE-2020-27840-2.patch: add Dn.validate test to ldb
57 in tests/python/crash.py, wscript.
58 - CVE-2020-27840
59 * SECURITY UPDATE: Out of bounds read in AD DC LDAP server
60 - debian/patches/CVE-2021-20277-1.patch: add tests for
61 ldb_wildcard_compare in tests/ldb_match_test.c.
62 - debian/patches/CVE-2021-20277-2.patch: ldb_match tests with extra
63 spaces in tests/ldb_match_test.c.
64 - debian/patches/CVE-2021-20277-3.patch: remove tests from
65 ldb_match_test that do not pass in tests/ldb_match_test.c.
66 - debian/patches/CVE-2021-20277-4.patch: stay in bounds in
67 common/attrib_handlers.c.
68 - CVE-2021-20277
69
70 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 30 Mar 2021 13:00:36 -0400
71
72ldb (2:2.2.0-3ubuntu1) hirsute; urgency=medium
73
74 * Fix symbols generation (LP: #1920825). On hirsute, dh-exec is showing
75 different behavior based on the value of DEB_BUILD_PROFILES. This is
76 causing it to sometimes generate a file with the leading whitespace
77 removed, which is resulting in a bad symbols file. Set DEB_BUILD_PROFILES
78 to empty gives a good symbols file.
79
80 -- Matthias Klose <doko@ubuntu.com> Tue, 30 Mar 2021 16:11:59 +0200
81
82ldb (2:2.2.0-3build1) hirsute; urgency=medium
83
84 * No-change rebuild to build with python3.9 as default.
85
86 -- Matthias Klose <doko@ubuntu.com> Thu, 19 Nov 2020 20:19:08 +0100
87
15ldb (2:2.2.0-3) unstable; urgency=medium88ldb (2:2.2.0-3) unstable; urgency=medium
1689
17 * Upload to unstable90 * Upload to unstable
diff --git a/debian/control b/debian/control
index 0d8c475..fdc8e7d 100644
--- a/debian/control
+++ b/debian/control
@@ -1,7 +1,8 @@
1Source: ldb1Source: ldb
2Section: devel2Section: devel
3Priority: optional3Priority: optional
4Maintainer: Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>4Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
5XSBC-Original-Maintainer: Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>
5Uploaders: Jelmer Vernooij <jelmer@debian.org>,6Uploaders: Jelmer Vernooij <jelmer@debian.org>,
6 Mathieu Parent <sathieu@debian.org>7 Mathieu Parent <sathieu@debian.org>
7Build-Depends: dh-exec,8Build-Depends: dh-exec,

Subscribers

People subscribed via source and target branches