Ubuntu
ldap2dns package

ldap2dns needs upgrade from version 0.3.1

Bug #206303 reported by Obleak
276
This bug affects 4 people
Affects Status Importance Assigned to Milestone
ldap2dns (Debian)
New
Unknown
ldap2dns (Ubuntu)
Confirmed
Wishlist
Unassigned

Bug Description

Binary package hint: ldap2dns

so is there some reason why Ubuntu is still using version 0.3.1? current version is 0.4.1
there been numerous bug & security fixes since 0.3.1

is this just a matter of no one being able to produce an updated package for ubuntu?

# $Id: ChangeLog 381 2006-10-19 18:29:16Z bklang $
Version 0.4.1 (latest)
* Updated scripts/data2ldif.pl to properly handle reverse domains
* Fixed parser bugs in scripts/data2ldif.pl (Thanks Fleischmann Bonaventura and
  Adrian Goins)
* Added missing option -M (Thanks Jason Chambers)
* Change default record limit to LDAP_NO_LIMIT
* Tightned up LDAP search scope when calculating the checksum (Thanks Jason
  Chambers for the bug report)
* Fixed bug reading the LDAP bind password out of the environment (Thanks Nick
  Gregory for the bug report)
* Updated FAQ

Version 0.4.0
+ Corrected segfault when using BIND output with SRV records (Thanks Fred Leitz)
+ Fixed off-by-one string termination problem
+ Fixed a number of possible segfaults if required cmdline options were missing
  Thanks Steve Ayotte (sayotte.alkaloid.net)
+ Added more verbose LDAP error and sanity checking output
+ Replaced all deprecated LDAP API calls
+ Converted to getopt_long and added double-dash options (--help)
+ Added search timeout and max record count options
+ Added warnings when zero records are returned from searches

Version 0.3.7
+ Changed default location of ldap.conf to /etc/ldap.conf
+ Added note on potential security vulns in deprecated/webadmin to README
+ Changed port declarations/format strings from int to unsigned short
  to match standards
+ Updated doc/README.html
+ Added security audit result patch from Erik Cabetas (erik.cabetas.com)
+ Fixed typo in ldap2dns.spec.in
+ Updated example ldif in doc/ (Thanks Marc Huot)

Version 0.3.6
+ New maintainer: Ben Klang <email address hidden>
+ Fixed bug with duplicate OIDs in dns.schema from partially applied patch
+ Renamed schema file to ldap2dns.schema
+ Updated RPM specfile
+ Removed already merged patchfiles
+ Restructured file layout, created doc directory
+ Deprecated unfinished webadmin work. Will be replaced with Beatnik
+ Deprecated OpenLDAP 2.0 schema support
+ Deprecated djbdns-1.0.5 native LDAP patch (status of patch unknown)
+ Removed old index.html
+ Removed TODO.schema
+ Updated Makefile
+ Modified ldap2dns-conf to behave more like tinydns-conf
+ Altered default behavior (via ldap2dns-conf) to run ldap2dns as non-root
+ Updated FAQ
+ Deprecated askldap.c and askldap.h
+ Created TODO file
+ Added TinyDNS data file import script (scripts/data2ldap.pl)
+ Moved AXFR import script (formerly import.pl) to scripts/axfr2ldap.pl
+ Deprecated export-ldap.pl (Possibly old ldap2dns 0.2->0.3 upgrade script?)

Version 0.3.5 - 2005/11/30
+ Added support for DNS SRV records

Version 0.3.3
- Removed a bug which caused ldap2dns to etablish more than one connections
  to the LDAP server.

Version 0.3.2
+ Only patches from Martin Lesser <email address hidden>
  applied. Nothing from myself.
+ connecting to a ldap-server where the server is given as URI works
  (both ldap:// [with TLS] and ldaps://)
+ we use location-codes here, so ldap2dns.c was extended to make use of
  them, this also requires an extension of dns.schema.

Tags: upgrade
Revision history for this message
Michael Rooney (mrooney) wrote : Re: needs upgrade from version 0.3.1

Well, the same version (0.3.1-3ubuntu2) is still in Intrepid as well as Hardy. It looks like this package has had / is having problems with a stable maintainer upstream since the same version appears to be in Debian. Can anyone chime in with some more details? For being marked as a security vulnerability for over 3 months, I am surprised no one has said anything.

Daniel T Chen (crimsun)
Changed in ldap2dns:
importance: Undecided → Wishlist
status: New → Confirmed
Revision history for this message
Obleak (fraser-arkhostings) wrote :

version 0.4.1 has been waiting for a sponsor over at debian for two years now, http://mentors.debian.net/cgi-bin/sponsor-pkglist?action=details;package=ldap2dns

Revision history for this message
Obleak (fraser-arkhostings) wrote :

If anyone is interested I've 'ubuntized' into a PPA the debian 0.4.1 package that's stuck in the mentor queue.
https://launchpad.net/~fraser-arkhostings/+archive/needs-packaging

BTW I'm happy to do what is required to get this into ubuntu as the source seems to be fairly stable and not require a massive time investment.

Revision history for this message
Stefano Rivera (stefanor) wrote :

I've pinged the Debian maintainer of this package. Don't have high hopes of getting a reply, though...

Revision history for this message
Chris Coulson (chrisccoulson) wrote :

Unsubscribing sponsors for now whilst there's nothing to sponsor

Revision history for this message
Will Daniels (wdaniels) wrote :

I contacted the Debian maintainer (Igor Stroh) a couple of times and had a reply from him on 8th Apr, 2011 then latest reply on 20th Dec 2011. He said "I'm willing to RFA the ldap2dns package, no problems here" but still no further action.

So I've been using my own updated package (https://github.com/wdaniels/ldap2dns/tree/ubuntu), which I just rebuilt for precise and separated in a PPA here:

https://launchpad.net/~wdaniels/+archive/ldap2dns

I got in touch with Ben Klang (upstream maintainer) who was very amenable to helping get this updated in Debian (he quickly fixed a license issue that I raised) and I contacted Björn Boschman who first tried to get a NMU done via Debian mentors, he was still willing to help maintain the package at that time (Apr 2011).

I would gladly help maintain it via the mentors process also, but not 100% sure the best way to move things forward either via Debian or Ubuntu. If an old version of the package is still in Debian, is it OK to try to update it via REVU, MOTU?

Probably the updated package still needs work but the original is far from perfect and I can't invest more time in this until somebody is willing to mentor and maybe NMU. Hope the PPA version helps someone.

Revision history for this message
Stefano Rivera (stefanor) wrote :

> I'm willing to RFA the ldap2dns package, no problems here

I don't quite understand that. Does the "no problems here" mean he has time and doesn't think it needs to be put up for adoption, or that he doesn't mind it being put up for adoption. Would he accept you as a co-maintainer?

> but not 100% sure the best way to move things forward either via Debian or Ubuntu.

The best way forward is to get it updated in Debian, which means you should try and co-maintain the package, if you can. I see a release-critical bug in Debian that should be fixed ASAP, so there is work to do here. Debian has also *just* frozen for the wheezy release, but it's still early in the freeze, so it may be possible to persuade the release team to update ldap2dns. That means you need to move fast, though.

If that isn't going to work out, we just need to fix it in Ubuntu's development release: quantal.

Once it's fixed in the Ubuntu development release (preferably by syncing from Debian), important patches can be applied to the version in precise.

As to mentoring, stick your nose into #ubuntu-motu on IRC. There are usually helpful people around. You can also prod/mail me, if you need to.

Bug Watch Updater (bug-watch-updater)
Changed in ldap2dns (Debian):
status: Unknown → New
Thomas Hotz (thotz-deactivatedaccount)
summary: - needs upgrade from version 0.3.1
+ ldap2dns needs upgrade from version 0.3.1
Revision history for this message
Maarten Abbink (mfdrten) wrote :

It looks like this issue has been forgotten, just like the entire ldap2dns package. Maybe this comment will help revive it.

The lack of an up to date ready-to-use package is merely a nuisance for experienced users. However, the lack of maintenance is proving to be an issue for me, since because of it I'm unable to build and install ldap2dns from source myself.
I have a couple of questions that, if answered, will let me get past this. Having answers to these questions might also motivate future maintainers to revive ldap2dns.

1) Where is ldap2dns currently being maintained/hosted?
GitHub (https://github.com/bklang/ldap2dns/network) shows a bunch of individual efforts to move the project forward, but none of them seem to attempt to contribute to a canonical implementation of ldap2dns.
2) Apart from this issue's initial report (by Obleak on 2008-03-25), I cannot find a list of ldap2dns versions. What are the existing ldap2dns versions, and how can the corresponding code be retrieved?
None of the aforementioned clones on GitHub are using version tags, or version-specific branches.
3) Where is the Debian/Ubuntu integration for ldap2dns maintained?

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.