Bug#1107147: bookworm-pu: package debian-edu-config/2.12.46~deb12u1
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: debian-edu-config@packages.debian.org
Control: affects -1 + src:debian-edu-config
User: release.debian.org@packages.debian.org
Usertags: pu
While initial work on Debian Edu 13 has started over the last weekend, I
plan to fix important things for Debian Edu 12 (and finally also
announce it as released).
[ Reason ]
Rather than cherry-picking individual commits from unstable, I figured
that all changes in unstable are important for Debian Edu 12 (or too
trivial to dive into the cherry-picking hell).
From now on, I will cherry-pick individual fixes / changes from
debian-edu-config 2.13.x (in prep) into the bookworm branch of the
debian-edu-config Git repo and propose bookworm-pu uploads while
bookworm is still 'stable' or 'oldstable'.
[ Impact ]
Debian Edu only.
[ Tests ]
Manual tests on a Debian Edu 12 mainserver.
[ Risks ]
Breakage of Debian Edu that might require a regression fix.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
+ [ Holger Levsen ]
+ * Team upload.
+ * Remove myself from uploaders as discussed during FOSDEM. It was a pleasure
+ and an honor!
-> Thanks to Holger once more for being around for so many years. Means a lot!
+ [ Frans Spiesschaert ]
+ * sbin/debian-edu-pxeinstall:
+ - remove unnecessary article.
+ - remove extra space.
-> Script beautifications only...
+ * etc/exim4/exim-ldap-server-v4.conf: no longer give exim4 a reason to
+ complain about "tainted search query is not properly quoted".
-> Get rid of non-helpful warning message in logs.
+ -- Holger Levsen <holger@debian.org> Wed, 05 Mar 2025 13:08:19 +0100
+
+debian-edu-config (2.12.45) unstable; urgency=medium
+
+ * share/debian-edu-config/tools/gosa-sync:
+ + From password TMPFILE, strip newline character from end-of-file.
+ The LDAP whoami call for verifying the correctness of the passed-in
+ user password requires a password file without trailing newline
+ to succeed.
+ * share/debian-edu-config/gosa.conf.template:
+ + Various white-space fixes.
+ + Don't (single-)quote placeholders in plugin hooks. GOsa² will add single-
+ quotes around placeholder variables when generating hook commands. Esp.
+ when using single quotes around placeholders, they will be duplicated
+ and thus eliminate eacher other. This problem occurred for users
+ with space characters in their DN while changing the user's password.
+ (The hook would only operate on a partial DN string, split at first
+ space char occurrence in the DN string).
-> The above two fixes are important for changing passwords via GOsa,
the latter one is about users with space chars in their DN path.
[ Other info ]
None.
diff -Nru debian-edu-config-2.12.44~deb12u1/debian/changelog debian-edu-config-2.12.46~deb12u1/debian/changelog
--- debian-edu-config-2.12.44~deb12u1/debian/changelog 2024-02-01 10:52:12.000000000 +0100
+++ debian-edu-config-2.12.46~deb12u1/debian/changelog 2024-02-01 10:52:12.000000000 +0100
@@ -1,3 +1,44 @@
+debian-edu-config (2.12.46~deb12u1) bookworm; urgency=medium
+
+ * Upload to bookworm.
+
+ -- Mike Gabriel <sunweaver@debian.org> Thu, 01 Feb 2024 10:52:12 +0100
+
+debian-edu-config (2.12.46) unstable; urgency=medium
+
+ [ Holger Levsen ]
+ * Team upload.
+ * Remove myself from uploaders as discussed during FOSDEM. It was a pleasure
+ and an honor!
+
+ [ Frans Spiesschaert ]
+ * sbin/debian-edu-pxeinstall:
+ - remove unnecessary article.
+ - remove extra space.
+ * etc/exim4/exim-ldap-server-v4.conf: no longer give exim4 a reason to
+ complain about "tainted search query is not properly quoted".
+
+ -- Holger Levsen <holger@debian.org> Wed, 05 Mar 2025 13:08:19 +0100
+
+debian-edu-config (2.12.45) unstable; urgency=medium
+
+ * share/debian-edu-config/tools/gosa-sync:
+ + From password TMPFILE, strip newline character from end-of-file.
+ The LDAP whoami call for verifying the correctness of the passed-in
+ user password requires a password file without trailing newline
+ to succeed.
+ * share/debian-edu-config/gosa.conf.template:
+ + Various white-space fixes.
+ + Don't (single-)quote placeholders in plugin hooks. GOsa² will add single-
+ quotes around placeholder variables when generating hook commands. Esp.
+ when using single quotes around placeholders, they will be duplicated
+ and thus eliminate eacher other. This problem occurred for users
+ with space characters in their DN while changing the user's password.
+ (The hook would only operate on a partial DN string, split at first
+ space char occurrence in the DN string).
+
+ -- Mike Gabriel <sunweaver@debian.org> Thu, 25 Jul 2024 09:52:14 +0200
+
debian-edu-config (2.12.44~deb12u1) bookworm; urgency=medium
* Upload to bookworm.
diff -Nru debian-edu-config-2.12.44~deb12u1/debian/control debian-edu-config-2.12.46~deb12u1/debian/control
--- debian-edu-config-2.12.44~deb12u1/debian/control 2023-09-27 22:34:54.000000000 +0200
+++ debian-edu-config-2.12.46~deb12u1/debian/control 2024-02-01 10:52:12.000000000 +0100
@@ -3,7 +3,6 @@
Priority: optional
Maintainer: Debian Edu Developers <debian-edu@lists.debian.org>
Uploaders: Petter Reinholdtsen <pere@debian.org>,
- Holger Levsen <holger@debian.org>,
Mike Gabriel <sunweaver@debian.org>,
Dominik George <natureshadow@debian.org>,
Standards-Version: 4.6.2
diff -Nru debian-edu-config-2.12.44~deb12u1/etc/exim4/exim-ldap-server-v4.conf debian-edu-config-2.12.46~deb12u1/etc/exim4/exim-ldap-server-v4.conf
--- debian-edu-config-2.12.44~deb12u1/etc/exim4/exim-ldap-server-v4.conf 2022-03-21 15:18:05.000000000 +0100
+++ debian-edu-config-2.12.46~deb12u1/etc/exim4/exim-ldap-server-v4.conf 2024-02-01 10:52:12.000000000 +0100
@@ -316,7 +316,7 @@
ldapuser:
driver = accept
check_local_user
- condition = ${if eq {}{${lookup ldap {ldap://LDAPSERVER/LDAPBASE?uid?sub?(uid=${local_part})}}}{no}{yes}}
+ condition = ${if eq {}{${lookup ldap {ldap://LDAPSERVER/LDAPBASE?uid?sub?(uid=${quote_ldap_dn:${local_part}})}}}{no}{yes}}
cannot_route_message = Recipent ${local_part} unknown.
retry_use_local_part
transport = ldap_delivery
diff -Nru debian-edu-config-2.12.44~deb12u1/sbin/debian-edu-pxeinstall debian-edu-config-2.12.46~deb12u1/sbin/debian-edu-pxeinstall
--- debian-edu-config-2.12.44~deb12u1/sbin/debian-edu-pxeinstall 2023-09-27 22:34:54.000000000 +0200
+++ debian-edu-config-2.12.46~deb12u1/sbin/debian-edu-pxeinstall 2024-02-01 10:52:12.000000000 +0100
@@ -342,7 +342,7 @@
goto start
:shell
-echo Type 'exit' to get the back to the menu
+echo Type 'exit' to get back to the menu
shell
goto start
diff -Nru debian-edu-config-2.12.44~deb12u1/share/debian-edu-config/gosa.conf.template debian-edu-config-2.12.46~deb12u1/share/debian-edu-config/gosa.conf.template
--- debian-edu-config-2.12.44~deb12u1/share/debian-edu-config/gosa.conf.template 2023-11-30 08:36:09.000000000 +0100
+++ debian-edu-config-2.12.46~deb12u1/share/debian-edu-config/gosa.conf.template 2024-02-01 10:52:12.000000000 +0100
@@ -41,7 +41,7 @@
class="userManagement" />
<plugin acl="groups" class="groupManagement" />
<plugin acl="roles" class="roleManagement" />
- <plugin acl="acl" class="aclManagement" />
+ <plugin acl="acl" class="aclManagement" />
<plugin acl="ogroups" class="ogroupManagement" />
<plugin acl="sudo" class="sudoManagement" />
<plugin acl="netgroup" class="netgroupManagement" />
@@ -56,14 +56,14 @@
<!-- Section to enable addon plugins -->
<section name="Addons">
- <plugin acl="all/all" class="propertyEditor" />
+ <plugin acl="all/all" class="propertyEditor" />
<plugin acl="server/rSyslogServer" class="rsyslog" />
<!-- <plugin acl="mailqueue" class="mailqueue" />-->
<plugin acl="users/viewFaxEntries:self,users/viewFaxEntries" class="faxreport" />
<plugin acl="users/viewFonEntries:self,users/viewFonEntries" class="fonreport" />
<plugin acl="ldapmanager" class="ldif" />
<plugin acl="schoolmanager" class="schoolmgr" />
- <plugin acl="pwreset" class="pwreset"/>
+ <plugin acl="pwreset" class="pwreset" />
</section>
</menu>
@@ -76,9 +76,9 @@
<pathMenu>
<plugin acl="users/netatalk:self,users/environment:self,users/posixAccount:self,users/kolabAccount:self,users/phpscheduleitAccount:self,users/oxchangeAccount:self,users/proxyAccount:self,users/connectivity:self,users/pureftpdAccount:self,users/phpgwAccount:self,users/opengwAccount:self,users/pptpAccount:self,users/intranetAccount:self, users/webdavAccount:self,users/nagiosAccount:self,users/mailAccount:self,users/groupware, users/user:self,users/scalixAccount:self,users/gofaxAccount:self,users/phoneAccount:self,users/Groupware:self" class="MyAccount" />
<plugin acl="users/password:self" class="password"
- postmodify="USERPASSWORD=%new_password /usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync '%dn'"
- postlock="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-lock-user '%dn'"
- postunlock="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-unlock-user '%dn'" />
+ postmodify="USERPASSWORD=%new_password /usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync %dn"
+ postlock="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-lock-user %dn"
+ postunlock="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-unlock-user %dn" />
</pathMenu>
@@ -279,7 +279,7 @@
<!-- Connectivity plugins -->
<connectivity>
- <tab class='kolabAccount' />
+ <tab class="kolabAccount" />
<tab class="proxyAccount" />
<tab class="pureftpdAccount" />
<tab class="webdavAccount" />
diff -Nru debian-edu-config-2.12.44~deb12u1/share/debian-edu-config/tools/gosa-sync debian-edu-config-2.12.46~deb12u1/share/debian-edu-config/tools/gosa-sync
--- debian-edu-config-2.12.44~deb12u1/share/debian-edu-config/tools/gosa-sync 2023-12-03 08:45:01.000000000 +0100
+++ debian-edu-config-2.12.46~deb12u1/share/debian-edu-config/tools/gosa-sync 2024-02-01 10:52:12.000000000 +0100
@@ -36,6 +36,8 @@
base64 -d - <<EOF > "$TMPFILE"
$USERPASSWORD
EOF
+# strip newline from EOF
+perl -i -pe 'chomp if eof' "$TMPFILE"
# check the password in $TMPfile against LDAP...
IAM=`ldapwhoami -x -Z -y "$TMPFILE" -D "$USERDN" 2>/dev/null || true`
Reply to: