This bug was fixed in the package openldap -
2.5.14+dfsg-0ubuntu0.22.04.2
---
openldap (2.5.14+dfsg-0ubuntu0.22.04.2) jammy; urgency=medium
* Build the passwd/sha2 contrib module with -fno-strict-aliasing to
avoid computing an incorrect SHA256 hash with some versions of the
This bug was fixed in the package openldap -
2.5.14+dfsg-0ubuntu0.22.10.2
---
openldap (2.5.14+dfsg-0ubuntu0.22.10.2) kinetic; urgency=medium
* Build the passwd/sha2 contrib module with -fno-strict-aliasing to
avoid computing an incorrect SHA256 hash with some versions of the
Another migration-reference/0 attempt for kinetic[1] confirmed that the
previous "success" was a fluke, and exim4 on plain kinetic is already
failing[2]. That's bug #1983605
1. https://autopkgtest.ubuntu.com/packages/e/exim4/kinetic/ppc64el
2.
Jammy verification
Reproducing the problem with the release packages:
$ cat > test.sh
#!/bin/bash
reference_hash="{SHA256}$(echo -n secret | openssl dgst -sha256 -binary |
openssl enc -base64)"
test_hash=$(slappasswd -s secret -h '{SHA256}' -o module-load=pw-sha2)
echo "Reference hash of
Hello Christian, or anyone else affected,
Accepted openldap into jammy-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/openldap/2.5.14+dfsg-0ubuntu0.22.04.2
in a few hours, and then in the -proposed repository.
Please help us by testing this new
https://bugs.launchpad.net/ubuntu/+source/exim4/+bug/1983605 is the
exim4 bug. I would ask the SRU team to ignore the exim4 DEP8 errors on
basis of that.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
And also without the updated packages. It's a bit random. When exim4 is
failing, it stays failing. Restart it, and it might or might not be in
failing mode. Sometimes it works, and keeps working. It's not related to
the openldap update. I think the migration-reference/0 run that
succeeded was a
I'm able to reproduce the exim4 dep8 error on kinetic ppc64el with the
updated libldap packages, investigating...
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/2000817
** Changed in: openldap (Debian)
Status: Unknown => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/2000817
Title:
Wrong SHA256-value computed on
I'm checking the exim4 dep8 failures in kinetic.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/2000817
Title:
Wrong SHA256-value computed on kinetic
Status in openldap
Kinetic verification
Confirming the problem with the unfixed slapd package:
$ apt-cache policy slapd
slapd:
Installed: 2.5.14+dfsg-0ubuntu0.22.10.1
Candidate: 2.5.14+dfsg-0ubuntu0.22.10.1
Version table:
*** 2.5.14+dfsg-0ubuntu0.22.10.1 500
500 http://br.archive.ubuntu.com/ubuntu
Hello Christian, or anyone else affected,
Accepted openldap into kinetic-proposed. The package will build now and
be available at
https://launchpad.net/ubuntu/+source/openldap/2.5.14+dfsg-0ubuntu0.22.10.2
in a few hours, and then in the -proposed repository.
Please help us by testing this new
** Merge proposal linked:
https://code.launchpad.net/~ahasenack/ubuntu/+source/openldap/+git/openldap/+merge/438725
** Merge proposal linked:
https://code.launchpad.net/~ahasenack/ubuntu/+source/openldap/+git/openldap/+merge/438726
--
You received this bug notification because you are a
** Description changed:
[ Impact ]
- * An explanation of the effects of the bug on users and
+ OpenLDAP deployments using the contrib pw-sha2 module are not able to
+ authenticate their users because the SHA2 calculation is done
+ incorrectly.
- * justification for backporting the fix
** Description changed:
+ [ Impact ]
+
+ * An explanation of the effects of the bug on users and
+
+ * justification for backporting the fix to the stable release.
+
+ * In addition, it is helpful, but not required, to include an
+explanation of how the upload fixes this bug.
+
+ [
This bug was fixed in the package openldap - 2.6.3+dfsg-1~exp1ubuntu2
---
openldap (2.6.3+dfsg-1~exp1ubuntu2) lunar; urgency=medium
* Build the passwd/sha2 contrib module with -fno-strict-aliasing to
avoid computing an incorrect SHA256 hash with some versions of the
** Changed in: openldap (Ubuntu Jammy)
Status: New => In Progress
** Changed in: openldap (Ubuntu Kinetic)
Status: New => In Progress
** Changed in: openldap (Ubuntu Jammy)
Assignee: (unassigned) => Andreas Hasenack (ahasenack)
** Changed in: openldap (Ubuntu Kinetic)
** Bug watch added: Debian Bug tracker #1030716
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030716
** Also affects: openldap (Debian) via
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030716
Importance: Unknown
Status: Unknown
** Also affects: openldap (Ubuntu
** Changed in: openldap (Ubuntu)
Status: Triaged => In Progress
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/2000817
Title:
Wrong SHA256-value computed on
** Merge proposal linked:
https://code.launchpad.net/~ahasenack/ubuntu/+source/openldap/+git/openldap/+merge/436723
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
Writing down some options from a quick handover discussion I had with Sergio,
in no particular order:
- rebuild openldap with the attached patch, disabling strict aliasing just for
that module
- check if LTO is having an effect on this: maybe disabling LTO also fixes it,
and there is precedence
** Changed in: openldap (Ubuntu)
Assignee: Sergio Durigan Junior (sergiodj) => Andreas Hasenack (ahasenack)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/2000817
** Changed in: openldap (Ubuntu)
Assignee: (unassigned) => Sergio Durigan Junior (sergiodj)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/2000817
Title:
Wrong
** Tags removed: server-next
** Tags added: server-todo
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/2000817
Title:
Wrong SHA256-value computed on kinetic
Status in
** Tags added: server-next
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/2000817
Title:
Wrong SHA256-value computed on kinetic
Status in openldap package in Ubuntu:
lunar, kinetic, and jammy all return the first result, while focal
provides the second:
triage-lunar+23.04: ~$ slappasswd -s secret -h '{SHA256}' -o module-load=pw-sha2
{SHA256}WIrrpN3OjEVOUf6yrH1j+o+ODuUuNBo979Od4UXnu54=
triage-lunar+23.04: ~$ slapd -VV
@(#) $OpenLDAP: slapd
The attachment "openldap-contrib-sha2.patch" seems to be a patch. If it
isn't, please remove the "patch" flag from the attachment, remove the
"patch" tag, and if you are a member of the ~ubuntu-reviewers,
unsubscribe the team.
[This is an automated message performed by a Launchpad user owned by
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: openldap (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
28 matches
Mail list logo
