Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package openldap2 for openSUSE:Factory checked in at 2021-06-09 21:51:11 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openldap2 (Old) and /work/SRC/openSUSE:Factory/.openldap2.new.32437 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openldap2" Wed Jun 9 21:51:11 2021 rev:167 rq:897312 version:unknown Changes: -------- --- /work/SRC/openSUSE:Factory/openldap2/openldap2.changes 2021-03-19 16:39:58.861856899 +0100 +++ /work/SRC/openSUSE:Factory/.openldap2.new.32437/openldap2.changes 2021-06-09 21:51:11.966356818 +0200 @@ -1,0 +2,18 @@ +Fri Jun 4 00:06:15 UTC 2021 - Michael Str??der <[email protected]> + +- updated to 2.4.59 + +OpenLDAP 2.4.59 Release (2021/06/03) + Fixed libldap TLSv1.3 cipher suites with OpenSSL 1.1.1 (ITS#9521) + Fixed libldap double free of LDAP_OPT_DEFBASE (ITS#9530) + Fixed slapd syncrepl handling of add+delete on single value attr (ITS#9295) + Fixed slapd-mdb cursor init check (ITS#9526) + Fixed slapd-mdb deletion of context entry (ITS#9531) + Fixed slapd-mdb off-by-one affecting search scope (ITS#9557) + Fixed slapo-pcache locking during expiration (ITS#9529) + Contrib + Fixed slapo-autogroup to not thrash thread context (ITS#9494) + Documentation + ldap_modify(3) - Delete non-existent mod_next parameter (ITS#9559) + +------------------------------------------------------------------- Old: ---- openldap-2.4.58.tgz openldap-2.4.58.tgz.asc New: ---- openldap-2.4.59.tgz openldap-2.4.59.tgz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openldap2.spec ++++++ --- /var/tmp/diff_new_pack.kluxit/_old 2021-06-09 21:51:12.822358344 +0200 +++ /var/tmp/diff_new_pack.kluxit/_new 2021-06-09 21:51:12.826358351 +0200 @@ -22,7 +22,7 @@ %endif %define run_test_suite 0 -%define version_main 2.4.58 +%define version_main 2.4.59 %define name_ppolicy_check_module ppolicy-check-password %define version_ppolicy_check_module 1.2 %define ppolicy_docdir %{_docdir}/openldap-%{name_ppolicy_check_module}-%{version_ppolicy_check_module} ++++++ openldap-2.4.58.tgz -> openldap-2.4.59.tgz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openldap-2.4.58/CHANGES new/openldap-2.4.59/CHANGES --- old/openldap-2.4.58/CHANGES 2021-03-16 18:09:58.000000000 +0100 +++ new/openldap-2.4.59/CHANGES 2021-06-03 20:40:31.000000000 +0200 @@ -1,5 +1,18 @@ OpenLDAP 2.4 Change Log +OpenLDAP 2.4.59 Release (2021/06/03) + Fixed libldap TLSv1.3 cipher suites with OpenSSL 1.1.1 (ITS#9521) + Fixed libldap double free of LDAP_OPT_DEFBASE (ITS#9530) + Fixed slapd syncrepl handling of add+delete on single value attr (ITS#9295) + Fixed slapd-mdb cursor init check (ITS#9526) + Fixed slapd-mdb deletion of context entry (ITS#9531) + Fixed slapd-mdb off-by-one affecting search scope (ITS#9557) + Fixed slapo-pcache locking during expiration (ITS#9529) + Contrib + Fixed slapo-autogroup to not thrash thread context (ITS#9494) + Documentation + ldap_modify(3) - Delete non-existent mod_next parameter (ITS#9559) + OpenLDAP 2.4.58 Release (2021/03/16) Fixed slapd validity checks for issuerAndThisUpdateCheck (ITS#9454) Fixed slapd to alloc new conn struct after freeing old one (ITS#9458) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openldap-2.4.58/build/version.var new/openldap-2.4.59/build/version.var --- old/openldap-2.4.58/build/version.var 2021-03-16 18:09:58.000000000 +0100 +++ new/openldap-2.4.59/build/version.var 2021-06-03 20:40:31.000000000 +0200 @@ -15,9 +15,9 @@ ol_package=OpenLDAP ol_major=2 ol_minor=4 -ol_patch=58 -ol_api_inc=20458 +ol_patch=59 +ol_api_inc=20459 ol_api_current=13 -ol_api_revision=6 +ol_api_revision=7 ol_api_age=11 -ol_release_date="2021/03/16" +ol_release_date="2021/06/03" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openldap-2.4.58/contrib/slapd-modules/autogroup/autogroup.c new/openldap-2.4.59/contrib/slapd-modules/autogroup/autogroup.c --- old/openldap-2.4.58/contrib/slapd-modules/autogroup/autogroup.c 2021-03-16 18:09:58.000000000 +0100 +++ new/openldap-2.4.59/contrib/slapd-modules/autogroup/autogroup.c 2021-06-03 20:40:31.000000000 +0200 @@ -2071,7 +2071,7 @@ return 0; } - connection_fake_init( &conn, &opbuf, thrctx ); + connection_fake_init2( &conn, &opbuf, thrctx, 0 ); op = &opbuf.ob_op; op->ors_attrsonly = 0; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openldap-2.4.58/doc/guide/admin/guide.html new/openldap-2.4.59/doc/guide/admin/guide.html --- old/openldap-2.4.58/doc/guide/admin/guide.html 2021-03-16 19:30:41.000000000 +0100 +++ new/openldap-2.4.59/doc/guide/admin/guide.html 2021-06-03 23:52:21.000000000 +0200 @@ -23,7 +23,7 @@ <DIV CLASS="title"> <H1 CLASS="doc-title">OpenLDAP Software 2.4 Administrator's Guide</H1> <ADDRESS CLASS="doc-author">The OpenLDAP Project <<A HREF="http://www.openldap.org/";>http://www.openldap.org/</A>></ADDRESS> -<ADDRESS CLASS="doc-modified">16 March 2021</ADDRESS> +<ADDRESS CLASS="doc-modified">3 June 2021</ADDRESS> <BR CLEAR="All"> </DIV> <DIV CLASS="contents"> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openldap-2.4.58/doc/man/man3/ldap_modify.3 new/openldap-2.4.59/doc/man/man3/ldap_modify.3 --- old/openldap-2.4.58/doc/man/man3/ldap_modify.3 2021-03-16 18:09:58.000000000 +0100 +++ new/openldap-2.4.59/doc/man/man3/ldap_modify.3 2021-06-03 20:40:31.000000000 +0200 @@ -60,7 +60,6 @@ char **modv_strvals; struct berval **modv_bvals; } mod_vals; - struct ldapmod *mod_next; } LDAPMod; #define mod_values mod_vals.modv_strvals #define mod_bvalues mod_vals.modv_bvals @@ -71,9 +70,7 @@ perform and should be one of LDAP_MOD_ADD, LDAP_MOD_DELETE, or LDAP_MOD_REPLACE. The \fImod_type\fP and \fImod_values\fP fields specify the attribute type to modify and a null-terminated array of -values to add, delete, or replace respectively. The \fImod_next\fP -field is used only by the LDAP server and may be ignored by the -client. +values to add, delete, or replace respectively. .LP If you need to specify a non-string value (e.g., to add a photo or audio attribute value), you should set \fImod_op\fP to the diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openldap-2.4.58/libraries/libldap/open.c new/openldap-2.4.59/libraries/libldap/open.c --- old/openldap-2.4.58/libraries/libldap/open.c 2021-03-16 18:09:58.000000000 +0100 +++ new/openldap-2.4.59/libraries/libldap/open.c 2021-06-03 20:40:31.000000000 +0200 @@ -139,6 +139,9 @@ ld->ld_options.ldo_defludp = NULL; ld->ld_options.ldo_conn_cbs = NULL; + ld->ld_options.ldo_defbase = gopts->ldo_defbase + ? LDAP_STRDUP( gopts->ldo_defbase ) : NULL; + #ifdef HAVE_CYRUS_SASL ld->ld_options.ldo_def_sasl_mech = gopts->ldo_def_sasl_mech ? LDAP_STRDUP( gopts->ldo_def_sasl_mech ) : NULL; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openldap-2.4.58/libraries/libldap/tls_o.c new/openldap-2.4.59/libraries/libldap/tls_o.c --- old/openldap-2.4.58/libraries/libldap/tls_o.c 2021-03-16 18:09:58.000000000 +0100 +++ new/openldap-2.4.59/libraries/libldap/tls_o.c 2021-06-03 20:40:31.000000000 +0200 @@ -273,6 +273,76 @@ SSL_CTX_free( c ); } +#if OPENSSL_VERSION_NUMBER >= 0x10101000 +static char * +tlso_stecpy( char *dst, const char *src, const char *end ) +{ + while ( dst < end && *src ) + *dst++ = *src++; + if ( dst < end ) + *dst = '\0'; + return dst; +} + +/* OpenSSL 1.1.1 uses a separate API for TLS1.3 ciphersuites. + * Try to find any TLS1.3 ciphers in the given list of suites. + */ +static void +tlso_ctx_cipher13( tlso_ctx *ctx, char *suites ) +{ + char tls13_suites[1024], *ts = tls13_suites, *te = tls13_suites + sizeof(tls13_suites); + char *ptr, *colon, *nptr; + char sname[128]; + STACK_OF(SSL_CIPHER) *cs; + SSL *s = SSL_new( ctx ); + int ret; + + if ( !s ) + return; + + *ts = '\0'; + + /* check individual suites in a separate SSL handle before + * mucking with the provided ctx. Init it to a known + * mostly-empty state. + */ + SSL_set_ciphersuites( s, "" ); + SSL_set_cipher_list( s, SSL3_TXT_RSA_NULL_SHA ); + + for ( ptr = suites;; ) { + colon = strchr( ptr, ':' ); + if ( colon ) { + int len = colon - ptr; + if ( len > 63 ) len = 63; + strncpy( sname, ptr, len ); + sname[len] = '\0'; + nptr = sname; + } else { + nptr = ptr; + } + if ( SSL_set_ciphersuites( s, nptr )) { + cs = SSL_get_ciphers( s ); + if ( cs ) { + const char *ver = SSL_CIPHER_get_version( sk_SSL_CIPHER_value( cs, 0 )); + if ( !strncmp( ver, "TLSv", 4 ) && strncmp( ver+4, "1.3", 3 ) >= 0 ) { + if ( tls13_suites[0] ) + ts = tlso_stecpy( ts, ":", te ); + ts = tlso_stecpy( ts, sname, te ); + } + } + } + if ( !colon || ts >= te ) + break; + ptr = colon+1; + } + SSL_free( s ); + + /* If no TLS1.3 ciphersuites were specified, leave current settings untouched. */ + if ( tls13_suites[0] ) + SSL_CTX_set_ciphersuites( ctx, tls13_suites ); +} +#endif /* OpenSSL 1.1.1 TLS 1.3 */ + /* * initialize a new TLS context */ @@ -311,14 +381,18 @@ else if ( lo->ldo_tls_protocol_min > LDAP_OPT_X_TLS_PROTOCOL_SSL2 ) SSL_CTX_set_options( ctx, SSL_OP_NO_SSLv2 ); - if ( lo->ldo_tls_ciphersuite && - !SSL_CTX_set_cipher_list( ctx, lt->lt_ciphersuite ) ) - { - Debug( LDAP_DEBUG_ANY, - "TLS: could not set cipher list %s.\n", - lo->ldo_tls_ciphersuite, 0, 0 ); - tlso_report_error(); - return -1; + if ( lo->ldo_tls_ciphersuite ) { +#if OPENSSL_VERSION_NUMBER >= 0x10101000 + tlso_ctx_cipher13( ctx, lt->lt_ciphersuite ); +#endif /* OpenSSL 1.1.1 */ + if ( !SSL_CTX_set_cipher_list( ctx, lt->lt_ciphersuite ) ) + { + Debug( LDAP_DEBUG_ANY, + "TLS: could not set cipher list %s.\n", + lo->ldo_tls_ciphersuite, 0, 0 ); + tlso_report_error(); + return -1; + } } if ( lo->ldo_tls_cacertfile == NULL && lo->ldo_tls_cacertdir == NULL ) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openldap-2.4.58/libraries/libldap/unbind.c new/openldap-2.4.59/libraries/libldap/unbind.c --- old/openldap-2.4.58/libraries/libldap/unbind.c 2021-03-16 18:09:58.000000000 +0100 +++ new/openldap-2.4.59/libraries/libldap/unbind.c 2021-06-03 20:40:31.000000000 +0200 @@ -187,6 +187,11 @@ } #endif + if ( ld->ld_options.ldo_defbase != NULL ) { + LDAP_FREE( ld->ld_options.ldo_defbase ); + ld->ld_options.ldo_defbase = NULL; + } + #ifdef HAVE_CYRUS_SASL if ( ld->ld_options.ldo_def_sasl_mech != NULL ) { LDAP_FREE( ld->ld_options.ldo_def_sasl_mech ); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openldap-2.4.58/servers/slapd/back-mdb/delete.c new/openldap-2.4.59/servers/slapd/back-mdb/delete.c --- old/openldap-2.4.58/servers/slapd/back-mdb/delete.c 2021-03-16 18:09:58.000000000 +0100 +++ new/openldap-2.4.59/servers/slapd/back-mdb/delete.c 2021-06-03 20:40:31.000000000 +0200 @@ -113,57 +113,58 @@ slap_get_csn( op, &csn, 1 ); } - if ( !be_issuffix( op->o_bd, &op->o_req_ndn ) ) { - dnParent( &op->o_req_ndn, &pdn ); - } - rs->sr_err = mdb_cursor_open( txn, mdb->mi_dn2id, &mc ); if ( rs->sr_err ) { rs->sr_err = LDAP_OTHER; rs->sr_text = "internal error"; goto return_results; } - /* get parent */ - rs->sr_err = mdb_dn2entry( op, txn, mc, &pdn, &p, NULL, 1 ); - switch( rs->sr_err ) { - case 0: - case MDB_NOTFOUND: - break; - case LDAP_BUSY: - rs->sr_text = "ldap server busy"; - goto return_results; - default: - rs->sr_err = LDAP_OTHER; - rs->sr_text = "internal error"; - goto return_results; - } - if ( rs->sr_err == MDB_NOTFOUND ) { - Debug( LDAP_DEBUG_ARGS, - "<=- " LDAP_XSTRING(mdb_delete) ": no such object %s\n", - op->o_req_dn.bv_val, 0, 0); - - if ( p && !BER_BVISEMPTY( &p->e_name )) { - rs->sr_matched = ch_strdup( p->e_name.bv_val ); - if ( is_entry_referral( p )) { - BerVarray ref = get_entry_referrals( op, p ); - rs->sr_ref = referral_rewrite( ref, &p->e_name, - &op->o_req_dn, LDAP_SCOPE_DEFAULT ); - ber_bvarray_free( ref ); + + if ( !be_issuffix( op->o_bd, &op->o_req_ndn ) ) { + dnParent( &op->o_req_ndn, &pdn ); + + /* get parent */ + rs->sr_err = mdb_dn2entry( op, txn, mc, &pdn, &p, NULL, 1 ); + switch( rs->sr_err ) { + case 0: + case MDB_NOTFOUND: + break; + case LDAP_BUSY: + rs->sr_text = "ldap server busy"; + goto return_results; + default: + rs->sr_err = LDAP_OTHER; + rs->sr_text = "internal error"; + goto return_results; + } + if ( rs->sr_err == MDB_NOTFOUND ) { + Debug( LDAP_DEBUG_ARGS, + "<=- " LDAP_XSTRING(mdb_delete) ": no such object %s\n", + op->o_req_dn.bv_val, 0, 0 ); + + if ( p && !BER_BVISEMPTY( &p->e_name )) { + rs->sr_matched = ch_strdup( p->e_name.bv_val ); + if ( is_entry_referral( p )) { + BerVarray ref = get_entry_referrals( op, p ); + rs->sr_ref = referral_rewrite( ref, &p->e_name, + &op->o_req_dn, LDAP_SCOPE_DEFAULT ); + ber_bvarray_free( ref ); + } else { + rs->sr_ref = NULL; + } } else { - rs->sr_ref = NULL; + rs->sr_ref = referral_rewrite( default_referral, NULL, + &op->o_req_dn, LDAP_SCOPE_DEFAULT ); + } + if ( p ) { + mdb_entry_return( op, p ); + p = NULL; } - } else { - rs->sr_ref = referral_rewrite( default_referral, NULL, - &op->o_req_dn, LDAP_SCOPE_DEFAULT ); - } - if ( p ) { - mdb_entry_return( op, p ); - p = NULL; - } - rs->sr_err = LDAP_REFERRAL; - rs->sr_flags = REP_MATCHED_MUSTBEFREED | REP_REF_MUSTBEFREED; - goto return_results; + rs->sr_err = LDAP_REFERRAL; + rs->sr_flags = REP_MATCHED_MUSTBEFREED | REP_REF_MUSTBEFREED; + goto return_results; + } } /* get entry */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openldap-2.4.58/servers/slapd/back-mdb/search.c new/openldap-2.4.59/servers/slapd/back-mdb/search.c --- old/openldap-2.4.58/servers/slapd/back-mdb/search.c 2021-03-16 18:09:58.000000000 +0100 +++ new/openldap-2.4.59/servers/slapd/back-mdb/search.c 2021-06-03 20:40:31.000000000 +0200 @@ -406,7 +406,7 @@ ww->data.mv_data = NULL; } else if ( isc->scopes[0].mid > 1 ) { /* candidate-based search */ int i; - for ( i=1; i<isc->scopes[0].mid; i++ ) { + for ( i=1; i<=isc->scopes[0].mid; i++ ) { if ( !isc->scopes[i].mval.mv_data ) continue; key.mv_data = &isc->scopes[i].mid; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openldap-2.4.58/servers/slapd/back-mdb/tools.c new/openldap-2.4.59/servers/slapd/back-mdb/tools.c --- old/openldap-2.4.58/servers/slapd/back-mdb/tools.c 2021-03-16 18:09:58.000000000 +0100 +++ new/openldap-2.4.59/servers/slapd/back-mdb/tools.c 2021-06-03 20:40:31.000000000 +0200 @@ -649,6 +649,8 @@ text->bv_val, 0, 0 ); return NOID; } + } + if ( !idcursor ) { rc = mdb_cursor_open( mdb_tool_txn, mdb->mi_id2entry, &idcursor ); if( rc != 0 ) { snprintf( text->bv_val, text->bv_len, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openldap-2.4.58/servers/slapd/overlays/pcache.c new/openldap-2.4.59/servers/slapd/overlays/pcache.c --- old/openldap-2.4.58/servers/slapd/overlays/pcache.c 2021-03-16 18:09:58.000000000 +0100 +++ new/openldap-2.4.59/servers/slapd/overlays/pcache.c 2021-06-03 20:40:31.000000000 +0200 @@ -87,6 +87,7 @@ int bind_refcnt; /* number of bind operation referencing this query */ unsigned long answerable_cnt; /* how many times it was answerable */ int refcnt; /* references since last refresh */ + int in_lru; /* query is in LRU list */ ldap_pvt_thread_mutex_t answerable_cnt_mutex; struct cached_query_s *next; /* next query in the template */ struct cached_query_s *prev; /* previous query in the template */ @@ -1044,6 +1045,7 @@ { CachedQuery* top = qm->lru_top; + qc->in_lru = 1; qm->lru_top = qc; if (top) @@ -1065,9 +1067,10 @@ CachedQuery* up; CachedQuery* down; - if (!qc) + if (!qc || !qc->in_lru) return; + qc->in_lru = 0; up = qc->lru_up; down = qc->lru_down; @@ -3515,6 +3518,7 @@ Operation *op; CachedQuery *query, *qprev; + CachedQuery *expires = NULL; int return_val, pause = PCACHE_CC_PAUSED; QueryTemplate *templ; @@ -3548,6 +3552,9 @@ ttl += op->o_time; } + Debug( pcache_debug, "Lock CR index = %p\n", + (void *) templ, 0, 0 ); + ldap_pvt_thread_rdwr_wlock(&templ->t_rwlock); for ( query=templ->query_last; query; query=qprev ) { qprev = query->prev; if ( query->refresh_time && query->refresh_time < op->o_time ) { @@ -3559,56 +3566,29 @@ if ( query->refcnt ) query->expiry_time = op->o_time + templ->ttl; if ( query->expiry_time > op->o_time ) { - refresh_query( op, query, on ); + /* perform actual refresh below */ continue; } } if (query->expiry_time < op->o_time) { int rem = 0; - Debug( pcache_debug, "Lock CR index = %p\n", - (void *) templ, 0, 0 ); - ldap_pvt_thread_rdwr_wlock(&templ->t_rwlock); - if ( query == templ->query_last ) { - rem = 1; - remove_from_template(query, templ); - Debug( pcache_debug, "TEMPLATE %p QUERIES-- %d\n", - (void *) templ, templ->no_of_queries, 0 ); - Debug( pcache_debug, "Unlock CR index = %p\n", - (void *) templ, 0, 0 ); - } - if ( !rem ) { - ldap_pvt_thread_rdwr_wunlock(&templ->t_rwlock); + if ( query != templ->query_last ) continue; - } ldap_pvt_thread_mutex_lock(&qm->lru_mutex); - remove_query(qm, query); - ldap_pvt_thread_mutex_unlock(&qm->lru_mutex); - if ( BER_BVISNULL( &query->q_uuid )) - return_val = 0; - else - return_val = remove_query_data(op, &query->q_uuid); - Debug( pcache_debug, "STALE QUERY REMOVED, SIZE=%d\n", - return_val, 0, 0 ); - ldap_pvt_thread_mutex_lock(&cm->cache_mutex); - cm->cur_entries -= return_val; - cm->num_cached_queries--; - Debug( pcache_debug, "STORED QUERIES = %lu\n", - cm->num_cached_queries, 0, 0 ); - ldap_pvt_thread_mutex_unlock(&cm->cache_mutex); - Debug( pcache_debug, - "STALE QUERY REMOVED, CACHE =" - "%d entries\n", - cm->cur_entries, 0, 0 ); - ldap_pvt_thread_rdwr_wlock( &query->rwlock ); - if ( query->bind_refcnt-- ) { - rem = 0; - } else { + if (query->in_lru) { + remove_query(qm, query); rem = 1; } - ldap_pvt_thread_rdwr_wunlock( &query->rwlock ); - if ( rem ) free_query(query); - ldap_pvt_thread_rdwr_wunlock(&templ->t_rwlock); + ldap_pvt_thread_mutex_unlock(&qm->lru_mutex); + if (!rem) + continue; + remove_from_template(query, templ); + Debug( pcache_debug, "TEMPLATE %p QUERIES-- %d\n", + (void *) templ, templ->no_of_queries, 0 ); + query->prev = expires; + expires = query; + query->qtemp = NULL; } else if ( !templ->ttr && query->expiry_time > ttl ) { /* We don't need to check for refreshes, and this * query's expiry is too new, and all subsequent queries @@ -3620,6 +3600,57 @@ break; } } + Debug( pcache_debug, "Unlock CR index = %p\n", + (void *) templ, 0, 0 ); + ldap_pvt_thread_rdwr_wunlock(&templ->t_rwlock); + for ( query=expires; query; query=qprev ) { + int rem; + qprev = query->prev; + if ( BER_BVISNULL( &query->q_uuid )) + return_val = 0; + else + return_val = remove_query_data(op, &query->q_uuid); + Debug( pcache_debug, "STALE QUERY REMOVED, SIZE=%d\n", + return_val, 0, 0 ); + ldap_pvt_thread_mutex_lock(&cm->cache_mutex); + cm->cur_entries -= return_val; + cm->num_cached_queries--; + Debug( pcache_debug, "STORED QUERIES = %lu\n", + cm->num_cached_queries, 0, 0 ); + ldap_pvt_thread_mutex_unlock(&cm->cache_mutex); + Debug( pcache_debug, + "STALE QUERY REMOVED, CACHE =" + "%d entries\n", + cm->cur_entries, 0, 0 ); + ldap_pvt_thread_rdwr_wlock( &query->rwlock ); + if ( query->bind_refcnt-- ) { + rem = 0; + } else { + rem = 1; + } + ldap_pvt_thread_rdwr_wunlock( &query->rwlock ); + if ( rem ) free_query(query); + } + + /* handle refreshes that we skipped earlier */ + if ( templ->ttr ) { + ldap_pvt_thread_rdwr_rlock(&templ->t_rwlock); + for ( query=templ->query_last; query; query=qprev ) { + qprev = query->prev; + if ( query->refresh_time && query->refresh_time < op->o_time ) { + /* A refresh will extend the expiry if the query has been + * referenced, but not if it's unreferenced. If the + * expiration has been hit, then skip the refresh since + * we're just going to discard the result anyway. + */ + if ( query->expiry_time > op->o_time ) { + refresh_query( op, query, on ); + query->refresh_time = op->o_time + templ->ttr; + } + } + } + ldap_pvt_thread_rdwr_runlock(&templ->t_rwlock); + } } leave: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openldap-2.4.58/servers/slapd/syncrepl.c new/openldap-2.4.59/servers/slapd/syncrepl.c --- old/openldap-2.4.58/servers/slapd/syncrepl.c 2021-03-16 18:09:58.000000000 +0100 +++ new/openldap-2.4.59/servers/slapd/syncrepl.c 2021-06-03 20:40:31.000000000 +0200 @@ -1965,9 +1965,16 @@ mod->sml_nvalues = NULL; mod->sml_numvals = 0; - /* Keep 'op' to reflect what we read out from accesslog */ - if ( op == LDAP_MOD_ADD && is_at_single_value( ad->ad_type )) - mod->sml_op = LDAP_MOD_REPLACE; + if ( is_at_single_value( ad->ad_type ) ) { + if ( op == LDAP_MOD_ADD ) { + /* ITS#9295 an ADD might conflict with an existing value */ + mod->sml_op = LDAP_MOD_REPLACE; + } else if ( op == LDAP_MOD_DELETE ) { + /* ITS#9295 the above REPLACE could invalidate subsequent + * DELETEs */ + mod->sml_op = SLAP_MOD_SOFTDEL; + } + } *modtail = mod; modtail = &mod->sml_next; @@ -2129,6 +2136,7 @@ continue; } if ( m2->sml_op == LDAP_MOD_DELETE || + m2->sml_op == SLAP_MOD_SOFTDEL || m2->sml_op == LDAP_MOD_REPLACE ) { int numvals = m2->sml_numvals; if ( m2->sml_op == LDAP_MOD_REPLACE ) @@ -2140,7 +2148,8 @@ op->o_tmpfree( m1, op->o_tmpmemctx ); continue; } - if ( m1->sml_op == LDAP_MOD_DELETE ) { + if ( m1->sml_op == LDAP_MOD_DELETE || + m1->sml_op == SLAP_MOD_SOFTDEL ) { if ( m1->sml_numvals == 0 ) { /* turn this to SOFTDEL later */ m1->sml_flags = SLAP_MOD_INTERNAL; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openldap-2.4.58/tests/scripts/test043-delta-syncrepl new/openldap-2.4.59/tests/scripts/test043-delta-syncrepl --- old/openldap-2.4.58/tests/scripts/test043-delta-syncrepl 2021-03-16 18:09:58.000000000 +0100 +++ new/openldap-2.4.59/tests/scripts/test043-delta-syncrepl 2021-06-03 20:40:31.000000000 +0200 @@ -177,6 +177,17 @@ - add: sn sn: Jones +- +add: displayName +displayName: The one + +dn: cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example,dc=com +changetype: modify +add: displayName +displayName: James the First +- +delete: displayName +displayName: The one dn: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, dc=example,dc=com changetype: modify diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openldap-2.4.58/tests/scripts/test063-delta-multiprovider new/openldap-2.4.59/tests/scripts/test063-delta-multiprovider --- old/openldap-2.4.58/tests/scripts/test063-delta-multiprovider 2021-03-16 18:09:58.000000000 +0100 +++ new/openldap-2.4.59/tests/scripts/test063-delta-multiprovider 2021-06-03 20:40:31.000000000 +0200 @@ -279,7 +279,9 @@ done echo "Using ldapadd to populate server 2..." -$LDAPADD -D "$MANAGERDN" -H $URI2 -w $PASSWD -f $LDIFADD1 \ +cp $LDIFADD1 $TESTDIR/add.ldif +echo "displayName: The other" >>$TESTDIR/add.ldif +$LDAPADD -D "$MANAGERDN" -H $URI2 -w $PASSWD -f $TESTDIR/add.ldif \ >> $TESTOUT 2>&1 RC=$? if test $RC != 0 ; then @@ -377,6 +379,12 @@ changetype: modify add: description description: Amazing +- +add: displayName +displayName: James the Second +- +delete: displayName +displayName: The other EOF RC=$? @@ -394,6 +402,12 @@ - add: description description: Stupendous +- +add: displayName +displayName: James II +- +delete: displayName +displayName: The other EOF RC=$?
