Your message dated Sat, 14 Jul 2018 11:21:20 +0100
with message-id <[email protected]>
and subject line Closing bugs for updates included in 9.5
has caused the Debian Bug report #901192,
regarding stretch-pu: package openldap/2.4.44+dfsg-5+deb9u2
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
901192: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901192
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: stretch
User: [email protected]
Usertags: pu
Dear SRM,
Please consider this openldap update for stretch. I apologize for the
late request and will understand if it doesn't make it.
Both fixes have already had some time in testing and stretch-backports.
* Import upstream patch to fix an out-of-sync issue with delta-syncrepl
replication in multi-master environments, resulting from changes losing
tracking information and being applied multiple times.
(ITS#84444) (Closes: #877166)
This issue impacts replication when the memberof overlay is used in a
multi-master setup. Sven Mäder (in X-D-CC) has tested the proposed
package on a stretch system and verified the fix.
* Really fix upgrades when the config contains backslash-escaped special
characters. The previous fix was incomplete and didn't fully fix upgrades
involving a database reload. (Closes: #864719)
The first part of this, fixing simple upgrades that don't require a
database reload, is already in stretch (as +deb9u1). This additional
patch deals with code that is not executed in a typical upgrade but
might be triggered based on the old version or the debconf settings.
thanks,
Ryan
-- System Information:
Debian Release: 9.4
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500,
'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.9.0-6-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8),
LANGUAGE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru openldap-2.4.44+dfsg/debian/changelog
openldap-2.4.44+dfsg/debian/changelog
--- openldap-2.4.44+dfsg/debian/changelog 2017-08-10 12:12:46.000000000
-0700
+++ openldap-2.4.44+dfsg/debian/changelog 2018-05-22 21:25:19.000000000
-0700
@@ -1,3 +1,15 @@
+openldap (2.4.44+dfsg-5+deb9u2) stretch; urgency=medium
+
+ * Import upstream patch to fix an out-of-sync issue with delta-syncrepl
+ replication in multi-master environments, resulting from changes losing
+ tracking information and being applied multiple times.
+ (ITS#8444) (Closes: #877166)
+ * Really fix upgrades when the config contains backslash-escaped special
+ characters. The previous fix was incomplete and didn't fully fix upgrades
+ involving a database reload. (Closes: #864719)
+
+ -- Ryan Tandy <[email protected]> Tue, 22 May 2018 21:25:19 -0700
+
openldap (2.4.44+dfsg-5+deb9u1) stretch; urgency=medium
* Relax the dependency of libldap-2.4-2 on libldap-common to also permit
diff -Nru
openldap-2.4.44+dfsg/debian/patches/ITS-8444-Do-not-clear-the-pending-operation-when-che.patch
openldap-2.4.44+dfsg/debian/patches/ITS-8444-Do-not-clear-the-pending-operation-when-che.patch
---
openldap-2.4.44+dfsg/debian/patches/ITS-8444-Do-not-clear-the-pending-operation-when-che.patch
1969-12-31 16:00:00.000000000 -0800
+++
openldap-2.4.44+dfsg/debian/patches/ITS-8444-Do-not-clear-the-pending-operation-when-che.patch
2018-05-22 21:25:19.000000000 -0700
@@ -0,0 +1,30 @@
+From bb6438fb7ae32a622f456af8c4c9b8d479d5b209 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= <[email protected]>
+Date: Fri, 25 Aug 2017 16:25:23 +0100
+Subject: [PATCH] ITS#8444 Do not clear the pending operation when
+ checkpointing
+
+When a checkpoint happens, if we remove the CSN from the pending list,
+accesslog won't pass it onto the accesslog DB. But in a delta-mmr
+scenario, an accesslog entry without a CSN faces a race where it might
+be applied twice - that usually fails and causes a full refresh, other
+times it can cause a silent desync - both are undesirable.
+---
+ servers/slapd/overlays/syncprov.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/servers/slapd/overlays/syncprov.c
b/servers/slapd/overlays/syncprov.c
+index 3e7667336..4c2d939d4 100644
+--- a/servers/slapd/overlays/syncprov.c
++++ b/servers/slapd/overlays/syncprov.c
+@@ -1494,6 +1494,7 @@ syncprov_checkpoint( Operation *op, slap_overinst *on )
+ opm.o_bd->bd_info = on->on_info->oi_orig;
+ opm.o_managedsait = SLAP_CONTROL_NONCRITICAL;
+ opm.o_no_schema_check = 1;
++ opm.o_opid = -1;
+ opm.o_bd->be_modify( &opm, &rsm );
+
+ if ( rsm.sr_err == LDAP_NO_SUCH_OBJECT &&
+--
+2.11.0
+
diff -Nru openldap-2.4.44+dfsg/debian/patches/series
openldap-2.4.44+dfsg/debian/patches/series
--- openldap-2.4.44+dfsg/debian/patches/series 2017-08-09 22:07:34.000000000
-0700
+++ openldap-2.4.44+dfsg/debian/patches/series 2018-05-22 21:25:19.000000000
-0700
@@ -31,3 +31,4 @@
ITS-8432-fix-infinite-looping-mods-in-delta-mmr.patch
ITS-8648-check-result-of-ldap_int_initialize-in-ldap.patch
ITS-8648-init-SASL-library-in-global-init.patch
+ITS-8444-Do-not-clear-the-pending-operation-when-che.patch
diff -Nru openldap-2.4.44+dfsg/debian/slapd.scripts-common
openldap-2.4.44+dfsg/debian/slapd.scripts-common
--- openldap-2.4.44+dfsg/debian/slapd.scripts-common 2017-08-09
22:07:34.000000000 -0700
+++ openldap-2.4.44+dfsg/debian/slapd.scripts-common 2018-05-22
21:25:19.000000000 -0700
@@ -182,11 +182,11 @@
dir=`database_dumping_destdir`
echo >&2 " Dumping to $dir: "
- (get_suffix | while read suffix; do
+ (get_suffix | while read -r suffix; do
dbdir=`get_directory "$suffix"`
if [ -n "$dbdir" ]; then
file="$dir/$suffix.ldif"
- echo -n " - directory $suffix... " >&2
+ printf ' - directory %s... ' "$suffix" >&2
# Need to support slapd.d migration from preinst
if [ -f "${SLAPD_CONF}" ]; then
slapcat_opts="-g -f ${SLAPD_CONF}"
@@ -215,7 +215,7 @@
echo >&2 " Loading from $dir: "
# restore by increasing suffix length due to possibly glued databases
get_suffix | awk '{ print length, $0 }' | sort -n | cut -d ' ' -f 2- \
- | while read suffix; do
+ | while read -r suffix; do
dbdir=`get_directory "$suffix"`
if [ -z "$dbdir" ]; then
continue
@@ -227,11 +227,11 @@
fi
file="$dir/$suffix.ldif"
- echo -n " - directory $suffix... " >&2
+ printf ' - directory %s... ' "$suffix" >&2
# If there is an old DB_CONFIG file, restore it before
# running slapadd
- backupdir=`compute_backup_path -n "$dbdir" "$suffix"`
+ backupdir="$(compute_backup_path -n "$dbdir" "$suffix")"
if [ -e "$backupdir"/DB_CONFIG ]; then
cp -a "$backupdir"/DB_CONFIG "$dbdir"/
fi
@@ -267,7 +267,7 @@
# }}}
move_incompatible_databases_away() { # {{{
echo >&2 " Moving old database directories to /var/backups:"
- (get_suffix | while read suffix; do
+ (get_suffix | while read -r suffix; do
dbdir=`get_directory "$suffix"`
move_old_database_away "$dbdir" "$suffix" <&5
done) 5<&0 </dev/null
@@ -287,7 +287,7 @@
get_suffix() { # {{{
if [ -f "${SLAPD_CONF}" ]; then
for f in `get_all_slapd_conf_files`; do
- sed -n -e's/^suffix[[:space:]]\+"*\([^"]\+\)"*/\1/p' $f
+ sed -n -e '/^suffix[[:space:]]/ {
s/^suffix[[:space:]]\+"*\([^"]\+\)"*/\1/; s/\\\\/\\/g; p }' $f
done
else
grep -h ^olcSuffix ${SLAPD_CONF}/cn\=config/olcDatabase*.ldif |
cut -d: -f 2
@@ -297,13 +297,15 @@
get_directory() { # {{{
# Returns the db directory for a given suffix
if [ -d "${SLAPD_CONF}" ] && get_suffix | grep -Fq "$1" ; then
- sed -n 's/^olcDbDirectory: *//p' `grep -Fl "^olcSuffix: $1"
${SLAPD_CONF}/cn\=config/olcDatabase*.ldif`
+ sed -n 's/^olcDbDirectory: *//p' `grep -Flx "olcSuffix: $1"
${SLAPD_CONF}/cn\=config/olcDatabase*.ldif`
elif [ -f "${SLAPD_CONF}" ]; then
# Extract the directory for the given suffix ($1)
+ # Quote backslashes once for slapd.conf parser, again for awk
+ quoted="$(printf '%s' "$1" | sed 's/\\/\\\\\\\\/g')"
for f in `get_all_slapd_conf_files`; do
awk ' BEGIN { DB=0; SUF=""; DIR="" } ;
/^database/ { DB=1; SUF=""; DIR="" } ;
- DB==1 && /^suffix[ \t]+"?'"$1"'"?$/ { SUF=$2 ; } ;
+ DB==1 && /^suffix[ \t]+"?'"$quoted"'"?$/ { SUF=$2 ; } ;
DB==1 && /^directory/ { DIR=$2 ;} ;
DB==1 && SUF!="" && DIR!="" { sub(/^"/,"",DIR) ;
sub(/"$/,"",DIR) ; print DIR; SUF=""; DIR="" }' "${f}" | \
sed -e's/\([^\\]\|^\)"/\1/g; s/\\"/"/g; s/\\\\/\\/g'
@@ -369,7 +371,7 @@
exit 1
fi
- echo "$target"
+ printf '%s' "$target"
}
# }}}
@@ -397,8 +399,8 @@
# include mount points as well anyway, but it's much less likely.
db_get slapd/move_old_database
if [ "$RET" = true ]; then
- backupdir=`compute_backup_path "$databasedir" "$suffix"`
- echo -n " - directory $suffix... " >&2
+ backupdir="$(compute_backup_path "$databasedir" "$suffix")"
+ printf ' - directory %s... ' "$suffix" >&2
mkdir -p "$backupdir"
find -H "$databasedir" -mindepth 1 -maxdepth 1 -type f \
-exec mv {} "$backupdir" \;
--- End Message ---
--- Begin Message ---
Version: 9.5
Hi,
The update referenced by each of these bugs was included in this
morning's stretch point release.
Regards,
Adam
--- End Message ---
