[Pkg-openldap-devel] [openldap] 332/339: drop patches applied upstream
Ryan Tandy
rtandy-guest at moszumanska.debian.org
Sun Oct 19 22:47:31 UTC 2014
This is an automated email from the git hooks/post-receive script.
rtandy-guest pushed a commit to branch master
in repository openldap.
commit 2113d2dde360f5d579b7fed46a5bb54948484115
Author: Ryan Tandy <ryan at nardis.ca>
Date: Wed Oct 1 04:18:39 2014 +0000
drop patches applied upstream
---
debian/changelog | 9 +-
debian/patches/CVE-2013-4449.patch | 25 ----
.../its7430-avoid-gnutls-deprecated-function | 42 ------
.../patches/its7877-use-nettle-instead-of-gcrypt | 155 ---------------------
debian/patches/series | 3 -
5 files changed, 3 insertions(+), 231 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index e3afddd..35298ce 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -25,12 +25,8 @@ openldap (2.4.40-1) UNRELEASED; urgency=low
#676168. (Closes: #742841)
* debian/slapd.README.Debian: Add a note about database format upgrades and
the consequences of missing one. (Closes: #594711)
- * Build with GnuTLS 3 (Closes: #745231, #760559):
- - debian/patches/its7430-avoid-gnutls-deprecated-function: Import upstream
- fix for building with newer gnutls.
- - debian/patches/its7877-use-nettle-instead-of-gcrypt: Remove explicit
- gcrypt usage from libldap and migrate smbk5pwd from gcrypt to nettle.
- - Drop debian/patches/fix-ftbfs-binutils-gold, no longer needed.
+ * Build with GnuTLS 3 (Closes: #745231, #760559).
+ * Drop debian/patches/fix-ftbfs-binutils-gold, no longer needed.
* Drop debconf-utils from Build-Depends, no longer used (replaced by
po-debconf). Thanks Johannes Schauer.
* Acknowledge NMU fixing #729367, thanks to Michael Gilbert.
@@ -46,6 +42,7 @@ openldap (2.4.40-1) UNRELEASED; urgency=low
LDAP schema definitions. Fixes a Lintian error on the original.
* debian/schema/duaconf.schema: Strip Internet-Draft text from
duaconf.schema.
+ * Drop debian/patches/CVE-2013-4449.patch, applied upstream.
[ Jelmer Vernooij ]
* Depend on heimdal-multidev rather than heimdal-dev. (Closes: #745356,
diff --git a/debian/patches/CVE-2013-4449.patch b/debian/patches/CVE-2013-4449.patch
deleted file mode 100644
index d166cf1..0000000
--- a/debian/patches/CVE-2013-4449.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From 742d3e4a6a1f62c3c3ae1e9341f3615b4705a701 Mon Sep 17 00:00:00 2001
-From: Jan Synacek <jsynacek at redhat.com>
-Date: Wed, 13 Nov 2013 09:06:54 +0100
-Subject: [PATCH] ITS#7723 fix reference counting
-
-http://www.openldap.org/its/?findid=7723
-
---- a/libraries/librewrite/session.c
-+++ b/libraries/librewrite/session.c
-@@ -161,6 +161,7 @@ rewrite_session_find(
- #ifdef USE_REWRITE_LDAP_PVT_THREADS
- if ( session ) {
- ldap_pvt_thread_mutex_lock( &session->ls_mutex );
-+ session->ls_count++;
- }
- ldap_pvt_thread_rdwr_runlock( &info->li_cookies_mutex );
- #endif /* USE_REWRITE_LDAP_PVT_THREADS */
-@@ -178,6 +179,7 @@ rewrite_session_return(
- )
- {
- assert( session != NULL );
-+ session->ls_count--;
- ldap_pvt_thread_mutex_unlock( &session->ls_mutex );
- }
-
diff --git a/debian/patches/its7430-avoid-gnutls-deprecated-function b/debian/patches/its7430-avoid-gnutls-deprecated-function
deleted file mode 100644
index 60af264..0000000
--- a/debian/patches/its7430-avoid-gnutls-deprecated-function
+++ /dev/null
@@ -1,42 +0,0 @@
-From 654ae1871fc35647af7ff78cb2d4851cac263fff Mon Sep 17 00:00:00 2001
-From: Howard Chu <hyc at openldap.org>
-Date: Sat, 7 Sep 2013 09:39:24 -0700
-Subject: [PATCH] ITS#7430 GnuTLS: Avoid use of deprecated function
-
----
- libraries/libldap/tls_g.c | 12 ++++++++++++
- 1 file changed, 12 insertions(+)
-
-diff --git a/libraries/libldap/tls_g.c b/libraries/libldap/tls_g.c
-index c1e368e..cc8af63 100644
---- a/libraries/libldap/tls_g.c
-+++ b/libraries/libldap/tls_g.c
-@@ -368,6 +368,17 @@ tlsg_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
- * then we have to build the cert chain.
- */
- if ( max == 1 && !gnutls_x509_crt_check_issuer( certs[0], certs[0] )) {
-+#if GNUTLS_VERSION_NUMBER >= 0x020c00
-+ unsigned int i;
-+ for ( i = 1; i<VERIFY_DEPTH; i++ ) {
-+ if ( gnutls_certificate_get_issuer( ctx->cred, certs[i-1], &certs[i], 0 ))
-+ break;
-+ max++;
-+ /* If this CA is self-signed, we're done */
-+ if ( gnutls_x509_crt_check_issuer( certs[i], certs[i] ))
-+ break;
-+ }
-+#else
- gnutls_x509_crt_t *cas;
- unsigned int i, j, ncas;
-
-@@ -387,6 +398,7 @@ tlsg_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
- if ( j == ncas )
- break;
- }
-+#endif
- }
- rc = gnutls_certificate_set_x509_key( ctx->cred, certs, max, key );
- if ( rc ) return -1;
---
-2.0.1
-
diff --git a/debian/patches/its7877-use-nettle-instead-of-gcrypt b/debian/patches/its7877-use-nettle-instead-of-gcrypt
deleted file mode 100644
index 247c788..0000000
--- a/debian/patches/its7877-use-nettle-instead-of-gcrypt
+++ /dev/null
@@ -1,155 +0,0 @@
-From 8a5bec8ce0fdd9e5ba1671920baf52cdd5ced5d9 Mon Sep 17 00:00:00 2001
-From: Ryan Tandy <ryan at nardis.ca>
-Date: Wed, 2 Jul 2014 14:27:56 -0700
-Subject: [PATCH] ITS#7877 use nettle instead of gcrypt
-
----
- contrib/slapd-modules/smbk5pwd/smbk5pwd.c | 34 +++++++++++++------------------
- libraries/libldap/tls_g.c | 34 ++++---------------------------
- 2 files changed, 18 insertions(+), 50 deletions(-)
-
-diff --git a/contrib/slapd-modules/smbk5pwd/smbk5pwd.c b/contrib/slapd-modules/smbk5pwd/smbk5pwd.c
-index 075ce88..459ce0c 100644
---- a/contrib/slapd-modules/smbk5pwd/smbk5pwd.c
-+++ b/contrib/slapd-modules/smbk5pwd/smbk5pwd.c
-@@ -66,7 +66,8 @@ static ObjectClass *oc_krb5KDCEntry;
-
- #ifdef DO_SAMBA
- #ifdef HAVE_GNUTLS
--#include <gcrypt.h>
-+#include <nettle/des.h>
-+#include <nettle/md4.h>
- typedef unsigned char DES_cblock[8];
- #elif HAVE_OPENSSL
- #include <openssl/des.h>
-@@ -193,11 +194,7 @@ static void lmhash(
- #ifdef HAVE_OPENSSL
- DES_key_schedule schedule;
- #elif defined(HAVE_GNUTLS)
-- gcry_cipher_hd_t h = NULL;
-- gcry_error_t err;
--
-- err = gcry_cipher_open( &h, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_CBC, 0 );
-- if ( err ) return;
-+ struct des_ctx ctx;
- #endif
-
- strncpy( UcasePassword, passwd->bv_val, 14 );
-@@ -206,19 +203,12 @@ static void lmhash(
-
- lmPasswd_to_key( UcasePassword, &key );
- #ifdef HAVE_GNUTLS
-- err = gcry_cipher_setkey( h, &key, sizeof(key) );
-- if ( err == 0 ) {
-- err = gcry_cipher_encrypt( h, &hbuf[0], sizeof(key), &StdText, sizeof(key) );
-- if ( err == 0 ) {
-- gcry_cipher_reset( h );
-- lmPasswd_to_key( &UcasePassword[7], &key );
-- err = gcry_cipher_setkey( h, &key, sizeof(key) );
-- if ( err == 0 ) {
-- err = gcry_cipher_encrypt( h, &hbuf[1], sizeof(key), &StdText, sizeof(key) );
-- }
-- }
-- gcry_cipher_close( h );
-- }
-+ des_set_key( &ctx, &key );
-+ des_encrypt( &ctx, sizeof(key), &hbuf[0], &StdText );
-+
-+ lmPasswd_to_key( &UcasePassword[7], &key );
-+ des_set_key( &ctx, &key );
-+ des_encrypt( &ctx, sizeof(key), &hbuf[1], &StdText );
- #elif defined(HAVE_OPENSSL)
- des_set_key_unchecked( &key, schedule );
- des_ecb_encrypt( &StdText, &hbuf[0], schedule , DES_ENCRYPT );
-@@ -243,6 +233,8 @@ static void nthash(
- char hbuf[HASHLEN];
- #ifdef HAVE_OPENSSL
- MD4_CTX ctx;
-+#elif defined(HAVE_GNUTLS)
-+ struct md4_ctx ctx;
- #endif
-
- if (passwd->bv_len > MAX_PWLEN*2)
-@@ -253,7 +245,9 @@ static void nthash(
- MD4_Update( &ctx, passwd->bv_val, passwd->bv_len );
- MD4_Final( (unsigned char *)hbuf, &ctx );
- #elif defined(HAVE_GNUTLS)
-- gcry_md_hash_buffer(GCRY_MD_MD4, hbuf, passwd->bv_val, passwd->bv_len );
-+ md4_init( &ctx );
-+ md4_update( &ctx, passwd->bv_len, passwd->bv_val );
-+ md4_digest( &ctx, sizeof(hbuf), (unsigned char *)hbuf );
- #endif
-
- hexify( hbuf, hash );
-diff --git a/libraries/libldap/tls_g.c b/libraries/libldap/tls_g.c
-index cc8af63..be7ebc0 100644
---- a/libraries/libldap/tls_g.c
-+++ b/libraries/libldap/tls_g.c
-@@ -43,21 +43,13 @@
-
- #include <gnutls/gnutls.h>
- #include <gnutls/x509.h>
--#include <gcrypt.h>
-
- #define DH_BITS (1024)
-
- #if LIBGNUTLS_VERSION_NUMBER >= 0x020200
- #define HAVE_CIPHERSUITES 1
--/* This is a kludge. gcrypt 1.4.x has support. Recent GnuTLS requires gcrypt 1.4.x
-- * but that dependency isn't reflected in their configure script, resulting in
-- * build errors on older gcrypt. So, if they have a working build environment,
-- * assume gcrypt is new enough.
-- */
--#define HAVE_GCRYPT_RAND 1
- #else
- #undef HAVE_CIPHERSUITES
--#undef HAVE_GCRYPT_RAND
- #endif
-
- #ifndef HAVE_CIPHERSUITES
-@@ -145,20 +137,13 @@ tlsg_mutex_unlock( void **lock )
- return ldap_pvt_thread_mutex_unlock( *lock );
- }
-
--static struct gcry_thread_cbs tlsg_thread_cbs = {
-- GCRY_THREAD_OPTION_USER,
-- NULL,
-- tlsg_mutex_init,
-- tlsg_mutex_destroy,
-- tlsg_mutex_lock,
-- tlsg_mutex_unlock,
-- NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
--};
--
- static void
- tlsg_thr_init( void )
- {
-- gcry_control (GCRYCTL_SET_THREAD_CBS, &tlsg_thread_cbs);
-+ gnutls_global_set_mutex (tlsg_mutex_init,
-+ tlsg_mutex_destroy,
-+ tlsg_mutex_lock,
-+ tlsg_mutex_unlock);
- }
- #endif /* LDAP_R_COMPILE */
-
-@@ -168,17 +153,6 @@ tlsg_thr_init( void )
- static int
- tlsg_init( void )
- {
--#ifdef HAVE_GCRYPT_RAND
-- struct ldapoptions *lo = LDAP_INT_GLOBAL_OPT();
-- if ( lo->ldo_tls_randfile &&
-- gcry_control( GCRYCTL_SET_RNDEGD_SOCKET, lo->ldo_tls_randfile )) {
-- Debug( LDAP_DEBUG_ANY,
-- "TLS: gcry_control GCRYCTL_SET_RNDEGD_SOCKET failed\n",
-- 0, 0, 0);
-- return -1;
-- }
--#endif
--
- gnutls_global_init();
-
- #ifndef HAVE_CIPHERSUITES
---
-2.0.1
-
diff --git a/debian/patches/series b/debian/patches/series
index 32554c5..780e3df 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -18,6 +18,3 @@ no-AM_INIT_AUTOMAKE
switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.diff
no-bdb-ABI-second-guessing
heimdal-fix
-CVE-2013-4449.patch
-its7430-avoid-gnutls-deprecated-function
-its7877-use-nettle-instead-of-gcrypt
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-openldap/openldap.git
More information about the Pkg-openldap-devel
mailing list