This bug was fixed in the package openldap - 2.4.42+dfsg-2ubuntu3.3
---
openldap (2.4.42+dfsg-2ubuntu3.3) xenial; urgency=medium
[ Ryan Tandy ]
* d/p/ITS-8648-check-result-of-ldap_int_initialize-in-ldap.patch,
d/p/ITS-8648-init-SASL-library-in-global-init.patch: Import upstrea
Hi,
this package fixes our slapd replication bug.
we tested following version:
# dpkg -l | grep 'slapd\|libldap'
ii libldap-2.4-2:amd64 2.4.42+dfsg-2ubuntu3.3
amd64OpenLDAP libraries
ii slapd 2.4.42+dfsg-2ubuntu3.3
** Tags removed: verification-needed-xenial
** Tags added: verification-done-xenial
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1688575
Title:
Segmentation fault on a
In the meantime I ran the test from the bug description.
Before the update:
ubuntu@xenial-slaps-segfault-1688575:~/test$ export LDAPSASL_SECPROPS=none
ubuntu@xenial-slaps-segfault-1688575:~/test$ ./sasltest
rc = -6 (Unknown authentication method)
sasltest: sasltest.c:70: bind_thread: Assertion `
Hello Brian,
I've updated 2 servers with the new package. Let me test few days, and
I'll get back to you with the results.
Thanks!
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.ne
Hello Suho, or anyone else affected,
Accepted openldap into xenial-proposed. The package will build now and
be available at https://launchpad.net/ubuntu/+source/openldap/2.4.42
+dfsg-2ubuntu3.3 in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See
** Description changed:
[Impact]
Concurrent SASL authentications could trigger a segfault. This was observed
by the bug reporter during replication from a master to a slave, and can be
reproduced with a test program.
The fix is applied upstream, see comment #13.
[Test Case]
* Cre
** Description changed:
[Impact]
Concurrent SASL authentications could trigger a segfault. This was observed
by the bug reporter during replication from a master to a slave, and can be
reproduced with a test program.
The fix is applied upstream, see comment #13.
[Test Case]
* Cre
** Merge proposal linked:
https://code.launchpad.net/~ahasenack/ubuntu/+source/openldap/+git/openldap/+merge/345944
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/168857
** Changed in: openldap (Ubuntu Xenial)
Status: Triaged => In Progress
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1688575
Title:
Segmentation fault on a slave
** Description changed:
[Impact]
+ Concurrent SASL authentications could trigger a segfault. This was observed
by the bug reporter during replication from a master to a slave, and can be
reproduced with a test program.
- * An explanation of the effects of the bug on users and
-
- * justi
** Description changed:
+ [Impact]
+
+ * An explanation of the effects of the bug on users and
+
+ * justification for backporting the fix to the stable release.
+
+ * In addition, it is helpful, but not required, to include an
+explanation of how the upload fixes this bug.
+
+ [Test Ca
** Also affects: openldap (Ubuntu Xenial)
Importance: Undecided
Status: New
** Changed in: openldap (Ubuntu Xenial)
Assignee: (unassigned) => Andreas Hasenack (ahasenack)
** Changed in: openldap (Ubuntu Xenial)
Status: New => Triaged
** Changed in: openldap (Ubuntu Xenial)
Thanks Ryan, much appreciated. I can drive this SRU.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1688575
Title:
Segmentation fault on a slave slapd (sync replication w
The attached debdiff is basically the same as what I already uploaded to
Debian stable in 2.4.44+dfsg-5+deb9u1. No regressions were reported
against that upload.
Tested in a xenial chroot using my test program as above and the patch
fixes the issue for me.
Test packages are building now in the
I also recommend having your local hostname and FQDN in /etc/hosts when
executing that test program, as the SASL library looks it up at least
once on every iteration.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap
Please find attached a test program and Makefile plus a test script to
drive it. Basically the program exercises concurrent SASL binds.
With the current packages in xenial, the test program fails in a variety
of ways:
$ ./sasltest
rc = -6 (Unknown authentication method)
sasltest: sasltest.c:70:
I believe so, thanks
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1688575
Title:
Segmentation fault on a slave slapd (sync replication with kerberos
authentication)
On Mon, May 14, 2018 at 02:34:13PM -, Andreas Hasenack wrote:
>Last I tried, I couldn't reproduce it. Can we make the case for an SRU
>without a clear test case?
I'll try and find time this week to work up instructions.
Would a program that demonstrates the issue (test instructions: compile
Last I tried, I couldn't reproduce it. Can we make the case for an SRU
without a clear test case?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1688575
Title:
Segmentati
This slipped off my radar after the fix was uploaded to arful, but we
should fix it in xenial as well.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1688575
Title:
Segme
** Changed in: openldap
Status: Fix Committed => Fix Released
** Changed in: openldap (Ubuntu)
Assignee: Ryan Tandy (rtandy) => (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
http
This bug was fixed in the package openldap - 2.4.45+dfsg-1ubuntu1
---
openldap (2.4.45+dfsg-1ubuntu1) artful; urgency=low
* Merge from Debian unstable. Remaining changes:
- Enable AppArmor support:
- d/apparmor-profile: add AppArmor profile
- d/rules: use dh_apparmo
Hi Andreas,
here are my syncprov and syncrepl configurations:
dn: olcOverlay={0}syncprov,olcDatabase={1}mdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: {0}syncprov
olcSpCheckpoint: 5 5
dn: olcOverlay={0}syncprov,olcDatabase={2}mdb,cn=config
objectClass: olc
Oh, and I used libsasl2-modules-gssapi-mit and MIT kerberos KDC:
krb5-kdc1.13.2+dfsg-5ubuntu2
libsasl2-modules-gssapi-mit:amd64 2.1.26.dfsg1-14build1
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ub
Hm, I'm not getting a segfault.
I have two databases on the server: dc=example,dc=com and dc=example,dc=org.
Both have syncprov, and my slave is syncrepling from both using gssapi.
I created a replicator principal, added an ACL to allow it to read
everything in both trees.
I didn't use k5start i
Just to be clear, I'm not doubting the bug, I'm just trying to come up
with a test scenario that will satisfy the SRU requirements so we can
ship the fix to xenial :)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in
Thanks. I'm coming up with a test case simple enough to use for the SRU
template
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1688575
Title:
Segmentation fault on a sla
Hi Andreas,
On Mon, Jul 24, 2017 at 05:33:41PM -, Andreas Hasenack wrote:
>I can take a look at this.
Thanks. FYI the fix is released upstream in 2.4.45 and I'll be uploading
that to Debian soon.
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=d59310f86295d5ca0e2947efc78a
Found two upstream commits related to ITS #8648:
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=431c4af526b18abb4a18c2c4c8655690b753cbe5
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=e437b12277c1cc8ec72e0f78f660137c60ffaad7
--
You received this bug notif
Upstream issue:
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=8648
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1688575
Title:
Segmentation fault on a slave
I can take a look at this.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1688575
Title:
Segmentation fault on a slave slapd (sync replication with kerberos
authenticat
** Tags added: server-next
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1688575
Title:
Segmentation fault on a slave slapd (sync replication with kerberos
authenticat
Thanks Ryan, I will wait...
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1688575
Title:
Segmentation fault on a slave slapd (sync replication with kerberos
authentica
Hi,
Sorry for the silence, I'm in a busy spell and not able to look at
Ubuntu stuff right now. I do intend to follow up and propose the patch
for a stable update when I can; anyone else is welcome to beat me to it
in the meantime.
--
You received this bug notification because you are a member
Hi Ryan, what would be the next step? Will you integrate it in the
official repo?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1688575
Title:
Segmentation fault on a sl
Looks good.
I've tested deleting and replicating the databases few times, 20-30 successive
service restarts, no issues...
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/16
** Changed in: openldap (Ubuntu)
Status: New => In Progress
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1688575
Title:
Segmentation fault on a slave slapd (sync
Yes, just openldap.
I uploaded the patched package to a PPA for you to try:
https://launchpad.net/~rtandy/+archive/ubuntu/bug1688575
Hope that helps.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https
I meant openldap...
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1688575
Title:
Segmentation fault on a slave slapd (sync replication with kerberos
authentication)
S
Hi Ryan,
thanks, I'll try to apply the patch by myself.
Is libldap the only package to be patched?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1688575
Title:
Segment
** Also affects: openldap
Importance: Undecided
Status: New
** Changed in: openldap
Status: New => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/
The attachment "0001-ITS-8648-add-back-mutex-for-sasl_client_init.patch"
seems to be a patch. If it isn't, please remove the "patch" flag from
the attachment, remove the "patch" tag, and if you are a member of the
~ubuntu-reviewers, unsubscribe the team.
[This is an automated message performed by
Thanks for opening the new bug.
I have a patch under review right now for a suspiciously similar issue.
Are you able to build and test a patched package, and see if it fixes
your problem? If you need help modifying the package, I can upload it to
a PPA for you later on.
** Changed in: openlda
44 matches
Mail list logo