Bug#780321: unblock: openldap/2.4.40+dfsg-1 (pre-approval)

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#780321: unblock: openldap/2.4.40+dfsg-1 (pre-approval)
From: Ryan Tandy <ryan@nardis.ca>
Date: Wed, 11 Mar 2015 19:18:39 -0700
Message-id: <[🔎] 1426126719.909353.9464.nullmailer@kiwi>
Reply-to: Ryan Tandy <ryan@nardis.ca>, 780321@bugs.debian.org

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please pre-approve upload of package openldap

One of the schema files shipped with slapd still includes text copied 
from an IETF RFC (bug #780283). This is a targeted change to fix that by 
replacing it with a copy stripped of the RFC excerpts, as has been done 
for other files.

The debian/watch change is not strictly related to fixing the bug, but 
keeps the uscan results correct and avoids adding a new lintian warning.  
I could revert it, if you prefer.

The attached inetorgperson.schema.diff is the diff from the original 
(upstream) schema to the stripped copy. The added boilerplate is the 
same in the other stripped schemas. There are no functional changes.

thank you,

Ryan

-- System Information:
Debian Release: 8.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: unable to detect

--- servers/slapd/schema/inetorgperson.schema
+++ debian/schema/inetorgperson.schema
@@ -25,9 +25,16 @@
 #
 #   The COSINE and Internet X.500 Schema [RFC1274] (cosine.schema)
 
+# The version of this file as distributed by the OpenLDAP Foundation
+# contains text from an IETF RFC explaining the schema.  Unfortunately,
+# that text is covered by a license that doesn't meet Debian's Free
+# Software Guidelines.  This is a stripped version of the schema that
+# contains only the functional schema definition, not the text of the
+# RFC.
+#
+# For an explanation of this schema, see RFC 2798, at (among other
+# places):  http://www.ietf.org/rfc/rfc2798.txt
+
-# carLicense
-# This multivalued field is used to record the values of the license or
-# registration plate associated with an individual.
 attributetype ( 2.16.840.1.113730.3.1.1
 	NAME 'carLicense'
 	DESC 'RFC2798: vehicle license or registration plate'
@@ -35,9 +42,6 @@ attributetype ( 2.16.840.1.113730.3.1.1
 	SUBSTR caseIgnoreSubstringsMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
 
-# departmentNumber
-# Code for department to which a person belongs.  This can also be
-# strictly numeric (e.g., 1234) or alphanumeric (e.g., ABC/123).
 attributetype ( 2.16.840.1.113730.3.1.2
 	NAME 'departmentNumber'
 	DESC 'RFC2798: identifies a department within an organization'
@@ -45,11 +49,6 @@ attributetype ( 2.16.840.1.113730.3.1.2
 	SUBSTR caseIgnoreSubstringsMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
 
-# displayName
-# When displaying an entry, especially within a one-line summary list, it
-# is useful to be able to identify a name to be used.  Since other attri-
-# bute types such as 'cn' are multivalued, an additional attribute type is
-# needed.  Display name is defined for this purpose.
 attributetype ( 2.16.840.1.113730.3.1.241
 	NAME 'displayName'
 	DESC 'RFC2798: preferred name to be used when displaying entries'
@@ -58,9 +57,6 @@ attributetype ( 2.16.840.1.113730.3.1.241
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
 	SINGLE-VALUE )
 
-# employeeNumber
-# Numeric or alphanumeric identifier assigned to a person, typically based
-# on order of hire or association with an organization.  Single valued.
 attributetype ( 2.16.840.1.113730.3.1.3
 	NAME 'employeeNumber'
 	DESC 'RFC2798: numerically identifies an employee within an organization'
@@ -69,10 +65,6 @@ attributetype ( 2.16.840.1.113730.3.1.3
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
 	SINGLE-VALUE )
 
-# employeeType
-# Used to identify the employer to employee relationship.  Typical values
-# used will be "Contractor", "Employee", "Intern", "Temp", "External", and
-# "Unknown" but any value may be used.
 attributetype ( 2.16.840.1.113730.3.1.4
 	NAME 'employeeType'
 	DESC 'RFC2798: type of employment for a person'
@@ -80,24 +72,11 @@ attributetype ( 2.16.840.1.113730.3.1.4
 	SUBSTR caseIgnoreSubstringsMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
 
-# jpegPhoto
-# Used to store one or more images of a person using the JPEG File
-# Interchange Format [JFIF].
-# Note that the jpegPhoto attribute type was defined for use in the
-# Internet X.500 pilots but no referencable definition for it could be
-# located.
 attributetype ( 0.9.2342.19200300.100.1.60
 	NAME 'jpegPhoto'
 	DESC 'RFC2798: a JPEG image'
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 )
 
-# preferredLanguage
-# Used to indicate an individual's preferred written or spoken
-# language.  This is useful for international correspondence or human-
-# computer interaction.  Values for this attribute type MUST conform to
-# the definition of the Accept-Language header field defined in
-# [RFC2068] with one exception:  the sequence "Accept-Language" ":"
-# should be omitted.  This is a single valued attribute type.
 attributetype ( 2.16.840.1.113730.3.1.39
 	NAME 'preferredLanguage'
 	DESC 'RFC2798: preferred written or spoken language for a person'
@@ -106,39 +85,18 @@ attributetype ( 2.16.840.1.113730.3.1.39
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
 	SINGLE-VALUE )
 
-# userSMIMECertificate
-# A PKCS#7 [RFC2315] SignedData, where the content that is signed is
-# ignored by consumers of userSMIMECertificate values.  It is
-# recommended that values have a `contentType' of data with an absent
-# `content' field.  Values of this attribute contain a person's entire
-# certificate chain and an smimeCapabilities field [RFC2633] that at a
-# minimum describes their SMIME algorithm capabilities.  Values for
-# this attribute are to be stored and requested in binary form, as
-# 'userSMIMECertificate;binary'.  If available, this attribute is
-# preferred over the userCertificate attribute for S/MIME applications.
 ## OpenLDAP note: ";binary" transfer should NOT be used as syntax is binary
 attributetype ( 2.16.840.1.113730.3.1.40
 	NAME 'userSMIMECertificate'
 	DESC 'RFC2798: PKCS#7 SignedData used to support S/MIME'
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
 
-# userPKCS12
-# PKCS #12 [PKCS12] provides a format for exchange of personal identity
-# information.  When such information is stored in a directory service,
-# the userPKCS12 attribute should be used. This attribute is to be stored
-# and requested in binary form, as 'userPKCS12;binary'.  The attribute
-# values are PFX PDUs stored as binary data.
 ## OpenLDAP note: ";binary" transfer should NOT be used as syntax is binary
 attributetype ( 2.16.840.1.113730.3.1.216
 	NAME 'userPKCS12'
 	DESC 'RFC2798: personal identity information, a PKCS #12 PFX'
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
 
-
-# inetOrgPerson
-# The inetOrgPerson represents people who are associated with an
-# organization in some way.  It is a structural class and is derived
-# from the organizationalPerson which is defined in X.521 [X521].
 objectclass	( 2.16.840.1.113730.3.2.2
     NAME 'inetOrgPerson'
 	DESC 'RFC2798: Internet Organizational Person'

diff -Nru openldap-2.4.40/debian/changelog openldap-2.4.40+dfsg/debian/changelog
--- openldap-2.4.40/debian/changelog	2015-03-11 22:49:14.000000000 +0000
+++ openldap-2.4.40+dfsg/debian/changelog	2015-03-11 22:49:15.000000000 +0000
@@ -1,3 +1,11 @@
+openldap (2.4.40+dfsg-1) unstable; urgency=medium
+
+  * Remove inetorgperson.schema from the upstream source. Replace it with a
+    copy stripped of RFC text. (Closes: #780283)
+  * Adjust debian/watch for +dfsg versioning.
+
+ -- Ryan Tandy <ryan@nardis.ca>  Wed, 11 Mar 2015 14:59:45 -0700
+
 openldap (2.4.40-4) unstable; urgency=medium
 
   * debian/patches/ITS8027-deref-reject-empty-attr-list.patch: Import upstream 
diff -Nru openldap-2.4.40/debian/schema/inetorgperson.schema openldap-2.4.40+dfsg/debian/schema/inetorgperson.schema
--- openldap-2.4.40/debian/schema/inetorgperson.schema	1970-01-01 00:00:00.000000000 +0000
+++ openldap-2.4.40+dfsg/debian/schema/inetorgperson.schema	2015-03-11 22:49:15.000000000 +0000
@@ -0,0 +1,113 @@
+# inetorgperson.schema -- InetOrgPerson (RFC2798)
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2014 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+# InetOrgPerson (RFC2798)
+#
+# Depends upon
+#   Definition of an X.500 Attribute Type and an Object Class to Hold
+#   Uniform Resource Identifiers (URIs) [RFC2079]
+#	(core.schema)
+#
+#   A Summary of the X.500(96) User Schema for use with LDAPv3 [RFC2256]
+#	(core.schema)
+#
+#   The COSINE and Internet X.500 Schema [RFC1274] (cosine.schema)
+
+# The version of this file as distributed by the OpenLDAP Foundation
+# contains text from an IETF RFC explaining the schema.  Unfortunately,
+# that text is covered by a license that doesn't meet Debian's Free
+# Software Guidelines.  This is a stripped version of the schema that
+# contains only the functional schema definition, not the text of the
+# RFC.
+#
+# For an explanation of this schema, see RFC 2798, at (among other
+# places):  http://www.ietf.org/rfc/rfc2798.txt
+
+attributetype ( 2.16.840.1.113730.3.1.1
+	NAME 'carLicense'
+	DESC 'RFC2798: vehicle license or registration plate'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 2.16.840.1.113730.3.1.2
+	NAME 'departmentNumber'
+	DESC 'RFC2798: identifies a department within an organization'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 2.16.840.1.113730.3.1.241
+	NAME 'displayName'
+	DESC 'RFC2798: preferred name to be used when displaying entries'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113730.3.1.3
+	NAME 'employeeNumber'
+	DESC 'RFC2798: numerically identifies an employee within an organization'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113730.3.1.4
+	NAME 'employeeType'
+	DESC 'RFC2798: type of employment for a person'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 0.9.2342.19200300.100.1.60
+	NAME 'jpegPhoto'
+	DESC 'RFC2798: a JPEG image'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 )
+
+attributetype ( 2.16.840.1.113730.3.1.39
+	NAME 'preferredLanguage'
+	DESC 'RFC2798: preferred written or spoken language for a person'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE )
+
+## OpenLDAP note: ";binary" transfer should NOT be used as syntax is binary
+attributetype ( 2.16.840.1.113730.3.1.40
+	NAME 'userSMIMECertificate'
+	DESC 'RFC2798: PKCS#7 SignedData used to support S/MIME'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
+
+## OpenLDAP note: ";binary" transfer should NOT be used as syntax is binary
+attributetype ( 2.16.840.1.113730.3.1.216
+	NAME 'userPKCS12'
+	DESC 'RFC2798: personal identity information, a PKCS #12 PFX'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
+
+objectclass	( 2.16.840.1.113730.3.2.2
+    NAME 'inetOrgPerson'
+	DESC 'RFC2798: Internet Organizational Person'
+    SUP organizationalPerson
+    STRUCTURAL
+	MAY (
+		audio $ businessCategory $ carLicense $ departmentNumber $
+		displayName $ employeeNumber $ employeeType $ givenName $
+		homePhone $ homePostalAddress $ initials $ jpegPhoto $
+		labeledURI $ mail $ manager $ mobile $ o $ pager $
+		photo $ roomNumber $ secretary $ uid $ userCertificate $
+		x500uniqueIdentifier $ preferredLanguage $
+		userSMIMECertificate $ userPKCS12 )
+	)
diff -Nru openldap-2.4.40/debian/watch openldap-2.4.40+dfsg/debian/watch
--- openldap-2.4.40/debian/watch	2015-03-11 22:49:14.000000000 +0000
+++ openldap-2.4.40+dfsg/debian/watch	2015-03-11 22:49:15.000000000 +0000
@@ -1,5 +1,6 @@
 # debian/watch -- Rules for uscan to find new upstream versions.
 
 version=3
+opts=dversionmangle=s/\+dfsg// \
 http://www.openldap.org/software/download/ \
     (?:.*/)?openldap-?_?([\d+\.]+)\.tgz
diff -Nru openldap-2.4.40/servers/slapd/schema/inetorgperson.schema openldap-2.4.40+dfsg/servers/slapd/schema/inetorgperson.schema
--- openldap-2.4.40/servers/slapd/schema/inetorgperson.schema	2014-09-19 01:48:49.000000000 +0000
+++ openldap-2.4.40+dfsg/servers/slapd/schema/inetorgperson.schema	1970-01-01 00:00:00.000000000 +0000
@@ -1,155 +0,0 @@
-# inetorgperson.schema -- InetOrgPerson (RFC2798)
-# $OpenLDAP$
-## This work is part of OpenLDAP Software <http://www.openldap.org/>.
-##
-## Copyright 1998-2014 The OpenLDAP Foundation.
-## All rights reserved.
-##
-## Redistribution and use in source and binary forms, with or without
-## modification, are permitted only as authorized by the OpenLDAP
-## Public License.
-##
-## A copy of this license is available in the file LICENSE in the
-## top-level directory of the distribution or, alternatively, at
-## <http://www.OpenLDAP.org/license.html>.
-#
-# InetOrgPerson (RFC2798)
-#
-# Depends upon
-#   Definition of an X.500 Attribute Type and an Object Class to Hold
-#   Uniform Resource Identifiers (URIs) [RFC2079]
-#	(core.schema)
-#
-#   A Summary of the X.500(96) User Schema for use with LDAPv3 [RFC2256]
-#	(core.schema)
-#
-#   The COSINE and Internet X.500 Schema [RFC1274] (cosine.schema)
-
-# carLicense
-# This multivalued field is used to record the values of the license or
-# registration plate associated with an individual.
-attributetype ( 2.16.840.1.113730.3.1.1
-	NAME 'carLicense'
-	DESC 'RFC2798: vehicle license or registration plate'
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-
-# departmentNumber
-# Code for department to which a person belongs.  This can also be
-# strictly numeric (e.g., 1234) or alphanumeric (e.g., ABC/123).
-attributetype ( 2.16.840.1.113730.3.1.2
-	NAME 'departmentNumber'
-	DESC 'RFC2798: identifies a department within an organization'
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-
-# displayName
-# When displaying an entry, especially within a one-line summary list, it
-# is useful to be able to identify a name to be used.  Since other attri-
-# bute types such as 'cn' are multivalued, an additional attribute type is
-# needed.  Display name is defined for this purpose.
-attributetype ( 2.16.840.1.113730.3.1.241
-	NAME 'displayName'
-	DESC 'RFC2798: preferred name to be used when displaying entries'
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	SINGLE-VALUE )
-
-# employeeNumber
-# Numeric or alphanumeric identifier assigned to a person, typically based
-# on order of hire or association with an organization.  Single valued.
-attributetype ( 2.16.840.1.113730.3.1.3
-	NAME 'employeeNumber'
-	DESC 'RFC2798: numerically identifies an employee within an organization'
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	SINGLE-VALUE )
-
-# employeeType
-# Used to identify the employer to employee relationship.  Typical values
-# used will be "Contractor", "Employee", "Intern", "Temp", "External", and
-# "Unknown" but any value may be used.
-attributetype ( 2.16.840.1.113730.3.1.4
-	NAME 'employeeType'
-	DESC 'RFC2798: type of employment for a person'
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-
-# jpegPhoto
-# Used to store one or more images of a person using the JPEG File
-# Interchange Format [JFIF].
-# Note that the jpegPhoto attribute type was defined for use in the
-# Internet X.500 pilots but no referencable definition for it could be
-# located.
-attributetype ( 0.9.2342.19200300.100.1.60
-	NAME 'jpegPhoto'
-	DESC 'RFC2798: a JPEG image'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 )
-
-# preferredLanguage
-# Used to indicate an individual's preferred written or spoken
-# language.  This is useful for international correspondence or human-
-# computer interaction.  Values for this attribute type MUST conform to
-# the definition of the Accept-Language header field defined in
-# [RFC2068] with one exception:  the sequence "Accept-Language" ":"
-# should be omitted.  This is a single valued attribute type.
-attributetype ( 2.16.840.1.113730.3.1.39
-	NAME 'preferredLanguage'
-	DESC 'RFC2798: preferred written or spoken language for a person'
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	SINGLE-VALUE )
-
-# userSMIMECertificate
-# A PKCS#7 [RFC2315] SignedData, where the content that is signed is
-# ignored by consumers of userSMIMECertificate values.  It is
-# recommended that values have a `contentType' of data with an absent
-# `content' field.  Values of this attribute contain a person's entire
-# certificate chain and an smimeCapabilities field [RFC2633] that at a
-# minimum describes their SMIME algorithm capabilities.  Values for
-# this attribute are to be stored and requested in binary form, as
-# 'userSMIMECertificate;binary'.  If available, this attribute is
-# preferred over the userCertificate attribute for S/MIME applications.
-## OpenLDAP note: ";binary" transfer should NOT be used as syntax is binary
-attributetype ( 2.16.840.1.113730.3.1.40
-	NAME 'userSMIMECertificate'
-	DESC 'RFC2798: PKCS#7 SignedData used to support S/MIME'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
-
-# userPKCS12
-# PKCS #12 [PKCS12] provides a format for exchange of personal identity
-# information.  When such information is stored in a directory service,
-# the userPKCS12 attribute should be used. This attribute is to be stored
-# and requested in binary form, as 'userPKCS12;binary'.  The attribute
-# values are PFX PDUs stored as binary data.
-## OpenLDAP note: ";binary" transfer should NOT be used as syntax is binary
-attributetype ( 2.16.840.1.113730.3.1.216
-	NAME 'userPKCS12'
-	DESC 'RFC2798: personal identity information, a PKCS #12 PFX'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
-
-
-# inetOrgPerson
-# The inetOrgPerson represents people who are associated with an
-# organization in some way.  It is a structural class and is derived
-# from the organizationalPerson which is defined in X.521 [X521].
-objectclass	( 2.16.840.1.113730.3.2.2
-    NAME 'inetOrgPerson'
-	DESC 'RFC2798: Internet Organizational Person'
-    SUP organizationalPerson
-    STRUCTURAL
-	MAY (
-		audio $ businessCategory $ carLicense $ departmentNumber $
-		displayName $ employeeNumber $ employeeType $ givenName $
-		homePhone $ homePostalAddress $ initials $ jpegPhoto $
-		labeledURI $ mail $ manager $ mobile $ o $ pager $
-		photo $ roomNumber $ secretary $ uid $ userCertificate $
-		x500uniqueIdentifier $ preferredLanguage $
-		userSMIMECertificate $ userPKCS12 )
-	)

Reply to:

Follow-Ups:
- Bug#780321: unblock: openldap/2.4.40+dfsg-1 (pre-approval)
  - From: Niels Thykier <niels@thykier.net>
- Processed: Re: Bug#780321: unblock: openldap/2.4.40+dfsg-1 (pre-approval)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)
- Bug#780321: marked as done (unblock: openldap/2.4.40+dfsg-1 (pre-approval))
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: NEW changes in stable-new
Next by Date: Bug#780285: unblock: roger-router/1.8.9-2jessie1
Previous by thread: Bug#706488: marked as done (RM: boinc-server-maker/7.0.27)
Next by thread: Bug#780321: unblock: openldap/2.4.40+dfsg-1 (pre-approval)
Index(es):
- Date
- Thread