[Bug 1894838] Re: FFe: update to 2.4.53, fixing crash bugs
This bug was fixed in the package openldap - 2.4.53+dfsg-1ubuntu1 --- openldap (2.4.53+dfsg-1ubuntu1) groovy; urgency=medium * Merge with Debian unstable (LP: #1894838). Remaining changes: - Enable AppArmor support: + d/apparmor-profile: add AppArmor profile + d/rules: use dh_apparmor + d/control: Build-Depends on dh-apparmor + d/slapd.README.Debian: add note about AppArmor - Enable GSSAPI support (first added in 2.4.18-0ubuntu2): + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): - Add --with-gssapi support - Make guess_service_principal() more robust when determining principal + d/configure.options: Configure with --with-gssapi + d/control: Added heimdal-dev as a build depend + d/rules: - Explicitly add -I/usr/include/heimdal to CFLAGS. - Explicitly add -I/usr/lib//heimdal to LDFLAGS. + d/libldap-2.4-2.symbols: add symbols for GSSAPI support This should be dropped when the soname changes. - Enable ufw support: + d/control: suggest ufw. + d/rules: install ufw profile. + d/slapd.ufw.profile: add ufw profile. - Enable nss overlay: + d/rules: - add nssov to CONTRIB_MODULES - add sysconfdir to CONTRIB_MAKEVARS + d/slapd.install: install nssov overlay + d/slapd.manpages: install slapo-nssov(5) man page + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding Debian bug #919136, we also have to patch the nssov makefile accordingly and thus update this patch. - d/{rules,slapd.py}: Add apport hook. - Add support for CLDAP (UDP) support, back then required by likewise-open (first enabled in 2.4.17-1ubuntu2): + d/rules: Enable -DLDAP_CONNECTIONLESS + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP) This should be dropped when the soname changes. - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because of test timing issue. - d/rules: better regexp to match the Maintainer tag in d/control, needed in the Ubuntu case because of XSBC-Original-Maintainer (Closes #960448, LP #1875697) openldap (2.4.53+dfsg-1) unstable; urgency=medium * New upstream release. -- Andreas Hasenack Tue, 08 Sep 2020 09:36:58 -0300 ** Changed in: openldap (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1894838 Title: FFe: update to 2.4.53, fixing crash bugs To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1894838/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1894838] Re: FFe: update to 2.4.53, fixing crash bugs
Thanks for the review laney I did run the sssd dep8 tests, which exercise openldap, but not a replication. So I followed the server guide on setting up replication with TLS (https://ubuntu.com/server/docs/service-ldap-replication and https://ubuntu.com/server/docs/service-ldap-with-tls) and confirmed replication was working. I added data to the provider, and it immediately appeared on the consumer. Of course, this is a basic test, and didn't even show the original bug in the current groovy packages, nor when I updated to 2.4.53 from my ppa, but at least it's not a brown paper bag release. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1894838 Title: FFe: update to 2.4.53, fixing crash bugs To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1894838/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1894838] Re: FFe: update to 2.4.53, fixing crash bugs
Agreed that taking the unit which upstream has validated is more sensible than backporting. Thanks for the detailed report. I think the only thing which I would like to see in future is you saying that (and how) you've tested it manually and spotted no regressions. But go ahead this time. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1894838 Title: FFe: update to 2.4.53, fixing crash bugs To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1894838/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1894838] Re: FFe: update to 2.4.53, fixing crash bugs
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: openldap (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1894838 Title: FFe: update to 2.4.53, fixing crash bugs To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1894838/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1894838] Re: FFe: update to 2.4.53, fixing crash bugs
Switched bug to "New" so it can be considered by the release team. ** Changed in: openldap (Ubuntu) Status: In Progress => New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1894838 Title: FFe: update to 2.4.53, fixing crash bugs To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1894838/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1894838] Re: FFe: update to 2.4.53, fixing crash bugs
The sssd DEP8 tests, which exercise the ldap server a bit, passed locally: ... autopkgtest [09:48:35]: summary ldap-user-group-ldap-auth PASS ldap-user-group-krb5-auth PASS -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1894838 Title: FFe: update to 2.4.53, fixing crash bugs To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1894838/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1894838] Re: FFe: update to 2.4.53, fixing crash bugs
** Merge proposal linked: https://code.launchpad.net/~ahasenack/ubuntu/+source/openldap/+git/openldap/+merge/390398 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1894838 Title: FFe: update to 2.4.53, fixing crash bugs To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1894838/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1894838] Re: FFe: update to 2.4.53, fixing crash bugs
** Description changed: - To be filled + Groovy has openldap 2.4.51 + + Upstream made two quick new releases after that: 2.4.52 and 2.4.53. A + crash was reported in the mailing list: https://lists.openldap.org/hyperkitty/list/openldap- techni...@openldap.org/thread/NKOM6DI7RQY6FDLRZGSGYJSGONKIRFEP/ + + """ + This segfault is due to a problem with the fix for ITS#9282 that went into + the OpenLDAP 2.4.51 and OpenLDAP 2.4.52 releases. This is fixed in the + 2.4.53 release (released today). + """ + + Almost all changes in 2.4.52 and 2.4.53 are bug fixes, but a few feathre changes/additions slipped through, hence this FFe: + OpenLDAP 2.4.53 (2020/09/07) + Added slapd syncrepl additional SYNC logging (ITS#9043) + Fixed slapd syncrepl segfault on NULL cookie on REFRESH (ITS#9282) + Fixed slapd syncrepl to use fresh connection on REFRESH fallback (ITS#9338) + Fixed slapo-ppolicy race condition for pwdFailureTime (ITS#9302,ITS#9334) + Build + Require OpenSSL 1.0.2 or later (ITS#9323) + Fixed libldap compilation issue with broken C compilers (ITS#9332) + + OpenLDAP 2.4.52 (2020/08/28) + Added libldap LDAP_OPT_X_TLS_REQUIRE_SAN option (ITS#9318) + Added libldap OpenSSL support for multiple EECDH curves (ITS#9054) + Added slapd OpenSSL support for multiple EECDH curves (ITS#9054) + Fixed librewrite malloc/free corruption (ITS#9249) + Fixed libldap hang when using UDP and server down (ITS#9328) + Fixed slapd syncrepl rare deadlock due to network issues (ITS#9324) + Fixed slapd syncrepl regression that could trigger an assert (ITS#9329) + Fixed slapd-mdb index error with collapsed range (ITS#9135) + + I grouped the changes with links to the bug reports: + Replication fixes: + Fixed slapd syncrepl segfault on NULL cookie on REFRESH (https://bugs.openldap.org/show_bug.cgi?id=9282) + Fixed slapd syncrepl to use fresh connection on REFRESH fallback (https://bugs.openldap.org/show_bug.cgi?id=9338) + Fixed slapd syncrepl rare deadlock due to network issues (https://bugs.openldap.org/show_bug.cgi?id=9324) + Fixed slapd syncrepl regression that could trigger an assert (https://bugs.openldap.org/show_bug.cgi?id=9329) + + Features and other non-fixes changes: + Added slapd syncrepl additional SYNC logging (https://bugs.openldap.org/show_bug.cgi?id=9043) + Require OpenSSL 1.0.2 or later (https://bugs.openldap.org/show_bug.cgi?id=9323) + Added libldap LDAP_OPT_X_TLS_REQUIRE_SAN option (https://bugs.openldap.org/show_bug.cgi?id=9318) + Added libldap OpenSSL support for multiple EECDH curves (https://bugs.openldap.org/show_bug.cgi?id=9054) + Added slapd OpenSSL support for multiple EECDH curves (https://bugs.openldap.org/show_bug.cgi?id=9054) + + Other fixes: + Fixed slapo-ppolicy race condition for pwdFailureTime (https://bugs.openldap.org/show_bug.cgi?id=9302,https://bugs.openldap.org/show_bug.cgi?id=9334) + Fixed libldap compilation issue with broken C compilers (https://bugs.openldap.org/show_bug.cgi?id=9332) + Fixed librewrite malloc/free corruption (https://bugs.openldap.org/show_bug.cgi?id=9249) + Fixed libldap hang when using UDP and server down (https://bugs.openldap.org/show_bug.cgi?id=9328) + Fixed slapd-mdb index error with collapsed range (https://bugs.openldap.org/show_bug.cgi?id=9135) + + + PPA with a groovy proposed and all arches test build (still ongoing as I write this): https://launchpad.net/~ahasenack/+archive/ubuntu/openldap-2453/+packages + + I believe a backport of that many fixes is riskier than an update to the + new upstream version at this point. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1894838 Title: FFe: update to 2.4.53, fixing crash bugs To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1894838/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs