[Bug 1894838] Re: FFe: update to 2.4.53, fixing crash bugs
This bug was fixed in the package openldap - 2.4.53+dfsg-1ubuntu1
---
openldap (2.4.53+dfsg-1ubuntu1) groovy; urgency=medium
* Merge with Debian unstable (LP: #1894838). Remaining changes:
- Enable AppArmor support:
+ d/apparmor-profile: add AppArmor profile
+ d/rules: use dh_apparmor
+ d/control: Build-Depends on dh-apparmor
+ d/slapd.README.Debian: add note about AppArmor
- Enable GSSAPI support (first added in 2.4.18-0ubuntu2):
+ d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
- Add --with-gssapi support
- Make guess_service_principal() more robust when determining
principal
+ d/configure.options: Configure with --with-gssapi
+ d/control: Added heimdal-dev as a build depend
+ d/rules:
- Explicitly add -I/usr/include/heimdal to CFLAGS.
- Explicitly add -I/usr/lib//heimdal to LDFLAGS.
+ d/libldap-2.4-2.symbols: add symbols for GSSAPI support
This should be dropped when the soname changes.
- Enable ufw support:
+ d/control: suggest ufw.
+ d/rules: install ufw profile.
+ d/slapd.ufw.profile: add ufw profile.
- Enable nss overlay:
+ d/rules:
- add nssov to CONTRIB_MODULES
- add sysconfdir to CONTRIB_MAKEVARS
+ d/slapd.install: install nssov overlay
+ d/slapd.manpages: install slapo-nssov(5) man page
+ d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
Debian bug #919136, we also have to patch the nssov makefile
accordingly and thus update this patch.
- d/{rules,slapd.py}: Add apport hook.
- Add support for CLDAP (UDP) support, back then required by
likewise-open (first enabled in 2.4.17-1ubuntu2):
+ d/rules: Enable -DLDAP_CONNECTIONLESS
+ d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP)
This should be dropped when the soname changes.
- debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because
of test timing issue.
- d/rules: better regexp to match the Maintainer tag in d/control,
needed in the Ubuntu case because of XSBC-Original-Maintainer
(Closes #960448, LP #1875697)
openldap (2.4.53+dfsg-1) unstable; urgency=medium
* New upstream release.
-- Andreas Hasenack Tue, 08 Sep 2020 09:36:58
-0300
** Changed in: openldap (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1894838
Title:
FFe: update to 2.4.53, fixing crash bugs
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1894838/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1894838] Re: FFe: update to 2.4.53, fixing crash bugs
Thanks for the review laney I did run the sssd dep8 tests, which exercise openldap, but not a replication. So I followed the server guide on setting up replication with TLS (https://ubuntu.com/server/docs/service-ldap-replication and https://ubuntu.com/server/docs/service-ldap-with-tls) and confirmed replication was working. I added data to the provider, and it immediately appeared on the consumer. Of course, this is a basic test, and didn't even show the original bug in the current groovy packages, nor when I updated to 2.4.53 from my ppa, but at least it's not a brown paper bag release. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1894838 Title: FFe: update to 2.4.53, fixing crash bugs To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1894838/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1894838] Re: FFe: update to 2.4.53, fixing crash bugs
Agreed that taking the unit which upstream has validated is more sensible than backporting. Thanks for the detailed report. I think the only thing which I would like to see in future is you saying that (and how) you've tested it manually and spotted no regressions. But go ahead this time. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1894838 Title: FFe: update to 2.4.53, fixing crash bugs To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1894838/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1894838] Re: FFe: update to 2.4.53, fixing crash bugs
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: openldap (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1894838 Title: FFe: update to 2.4.53, fixing crash bugs To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1894838/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1894838] Re: FFe: update to 2.4.53, fixing crash bugs
Switched bug to "New" so it can be considered by the release team. ** Changed in: openldap (Ubuntu) Status: In Progress => New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1894838 Title: FFe: update to 2.4.53, fixing crash bugs To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1894838/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1894838] Re: FFe: update to 2.4.53, fixing crash bugs
The sssd DEP8 tests, which exercise the ldap server a bit, passed locally: ... autopkgtest [09:48:35]: summary ldap-user-group-ldap-auth PASS ldap-user-group-krb5-auth PASS -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1894838 Title: FFe: update to 2.4.53, fixing crash bugs To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1894838/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1894838] Re: FFe: update to 2.4.53, fixing crash bugs
** Merge proposal linked: https://code.launchpad.net/~ahasenack/ubuntu/+source/openldap/+git/openldap/+merge/390398 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1894838 Title: FFe: update to 2.4.53, fixing crash bugs To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1894838/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1894838] Re: FFe: update to 2.4.53, fixing crash bugs
** Description changed: - To be filled + Groovy has openldap 2.4.51 + + Upstream made two quick new releases after that: 2.4.52 and 2.4.53. A + crash was reported in the mailing list: https://lists.openldap.org/hyperkitty/list/openldap- techni...@openldap.org/thread/NKOM6DI7RQY6FDLRZGSGYJSGONKIRFEP/ + + """ + This segfault is due to a problem with the fix for ITS#9282 that went into + the OpenLDAP 2.4.51 and OpenLDAP 2.4.52 releases. This is fixed in the + 2.4.53 release (released today). + """ + + Almost all changes in 2.4.52 and 2.4.53 are bug fixes, but a few feathre changes/additions slipped through, hence this FFe: + OpenLDAP 2.4.53 (2020/09/07) + Added slapd syncrepl additional SYNC logging (ITS#9043) + Fixed slapd syncrepl segfault on NULL cookie on REFRESH (ITS#9282) + Fixed slapd syncrepl to use fresh connection on REFRESH fallback (ITS#9338) + Fixed slapo-ppolicy race condition for pwdFailureTime (ITS#9302,ITS#9334) + Build + Require OpenSSL 1.0.2 or later (ITS#9323) + Fixed libldap compilation issue with broken C compilers (ITS#9332) + + OpenLDAP 2.4.52 (2020/08/28) + Added libldap LDAP_OPT_X_TLS_REQUIRE_SAN option (ITS#9318) + Added libldap OpenSSL support for multiple EECDH curves (ITS#9054) + Added slapd OpenSSL support for multiple EECDH curves (ITS#9054) + Fixed librewrite malloc/free corruption (ITS#9249) + Fixed libldap hang when using UDP and server down (ITS#9328) + Fixed slapd syncrepl rare deadlock due to network issues (ITS#9324) + Fixed slapd syncrepl regression that could trigger an assert (ITS#9329) + Fixed slapd-mdb index error with collapsed range (ITS#9135) + + I grouped the changes with links to the bug reports: + Replication fixes: + Fixed slapd syncrepl segfault on NULL cookie on REFRESH (https://bugs.openldap.org/show_bug.cgi?id=9282) + Fixed slapd syncrepl to use fresh connection on REFRESH fallback (https://bugs.openldap.org/show_bug.cgi?id=9338) + Fixed slapd syncrepl rare deadlock due to network issues (https://bugs.openldap.org/show_bug.cgi?id=9324) + Fixed slapd syncrepl regression that could trigger an assert (https://bugs.openldap.org/show_bug.cgi?id=9329) + + Features and other non-fixes changes: + Added slapd syncrepl additional SYNC logging (https://bugs.openldap.org/show_bug.cgi?id=9043) + Require OpenSSL 1.0.2 or later (https://bugs.openldap.org/show_bug.cgi?id=9323) + Added libldap LDAP_OPT_X_TLS_REQUIRE_SAN option (https://bugs.openldap.org/show_bug.cgi?id=9318) + Added libldap OpenSSL support for multiple EECDH curves (https://bugs.openldap.org/show_bug.cgi?id=9054) + Added slapd OpenSSL support for multiple EECDH curves (https://bugs.openldap.org/show_bug.cgi?id=9054) + + Other fixes: + Fixed slapo-ppolicy race condition for pwdFailureTime (https://bugs.openldap.org/show_bug.cgi?id=9302,https://bugs.openldap.org/show_bug.cgi?id=9334) + Fixed libldap compilation issue with broken C compilers (https://bugs.openldap.org/show_bug.cgi?id=9332) + Fixed librewrite malloc/free corruption (https://bugs.openldap.org/show_bug.cgi?id=9249) + Fixed libldap hang when using UDP and server down (https://bugs.openldap.org/show_bug.cgi?id=9328) + Fixed slapd-mdb index error with collapsed range (https://bugs.openldap.org/show_bug.cgi?id=9135) + + + PPA with a groovy proposed and all arches test build (still ongoing as I write this): https://launchpad.net/~ahasenack/+archive/ubuntu/openldap-2453/+packages + + I believe a backport of that many fixes is riskier than an update to the + new upstream version at this point. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1894838 Title: FFe: update to 2.4.53, fixing crash bugs To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1894838/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
