enterprise-support team mailing list archive

Thread
Date

[Bug 1688575] Re: Segmentation fault on a slave slapd (sync replication with kerberos authentication)

To: enterprise-support@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1688575@xxxxxxxxxxxxxxxxxx>
Date: Thu, 10 Aug 2017 05:57:39 -0000
Reply-to: Bug 1688575 <1688575@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package openldap - 2.4.45+dfsg-1ubuntu1

---------------
openldap (2.4.45+dfsg-1ubuntu1) artful; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - Enable AppArmor support:
      - d/apparmor-profile: add AppArmor profile
      - d/rules: use dh_apparmor
      - d/control: Build-Depends on dh-apparmor
      - d/slapd.README.Debian: add note about AppArmor
    - Enable GSSAPI support:
      - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
        - Add --with-gssapi support
        - Make guess_service_principal() more robust when determining
          principal
      - d/configure.options: Configure with --with-gssapi
      - d/control: Added heimdal-dev as a build depend
      - d/rules:
        - Explicitly add -I/usr/include/heimdal to CFLAGS.
        - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
    - Enable ufw support:
      - d/control: suggest ufw.
      - d/rules: install ufw profile.
      - d/slapd.ufw.profile: add ufw profile.
    - Enable nss overlay:
      - d/{patches/nssov-build,rules}: Apply, build and package the
        nss overlay.
    - d/{rules,slapd.py}: Add apport hook.
    - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
      either the default DIT nor via an Authn mapping.
    - d/slapd.scripts-common:
      - add slapcat_opts to local variables.
      - Fix backup directory naming for multiple reconfiguration.
    - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
    - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
      in the openldap library, as required by Likewise-Open
    - Show distribution in version:
      - d/control: added lsb-release
      - d/patches/fix-ldap-distribution.patch: show distribution in version
    - d/libldap-2.4-2.symbols: Add symbols not present in Debian.
      - CLDAP (UDP) was added in 2.4.17-1ubuntu2
      - GSSAPI support was enabled in 2.4.18-0ubuntu2

openldap (2.4.45+dfsg-1) unstable; urgency=medium

  * New upstream release.
    - fixed a use-after-free in GnuTLS options handling
      (ITS#8385) (Closes: #820244) (LP: #1557248)
    - fixed unsafe concurrent SASL calls causing memory corruption
      (ITS#8648) (Closes: #860947) (LP: #1688575)
    - fixed syncrepl infinite looping with multi-master delta-syncrepl
      (ITS#8432) (Closes: #868753)
  * Rebase patches to apply cleanly:
    - do-not-second-guess-sonames
    - no-AM_INIT_AUTOMAKE
  * Drop patches applied upstream:
    - ITS-8554-kFreeBSD-is-like-BSD.patch
    - ITS-8644-wait-for-slapd-to-start-in-test064.patch
    - ITS-8655-paged-results-double-free.patch
  * Upgrade to debhelper compat level 10.
    - Depend on debhelper 10.
    - Stop enabling parallel and autoreconf explicitly. They are now enabled
      by default.
    - Drop dh-autoreconf from build-depends since debhelper requires it.
  * Add -Wno-format-extra-args to CFLAGS to reduce the noise in the build
    logs, as this warning is emitted on each use of the Debug() macro.
  * Drop libldap-2.4-4-dbg and slapd-dbg binary packages in favour of
    automatic dbgsym packages.
  * Update Standards-Version to 4.0.0; no changes required.
  * Drop Priority and Section from binary package stanzas when they only
    duplicate information from the source stanza.
  * Update Priority of slapd-smbk5pwd and libldap2-dev to optional to match
    the archive.
  * Remove retired developer, Roland Bauerschmidt, from Uploaders.
    (Closes: #856422)
  * Remove Timo Aaltonen from Uploaders, with his agreement.
  * debian/patches/ITS8650-retry-gnutls_handshake-after-GNUTLS_E_AGAIN.patch:
    If gnutls_handshake() returns EAGAIN, call it again. Fixes TLS handshake
    failures when the ServerHello message exceeds 16K.
    (ITS#8650) (Closes: #861838)
  * Drop time from Build-Depends. The upstream testsuite no longer calls it.

 -- Gianfranco Costamagna <locutusofborg@xxxxxxxxxx>  Fri, 28 Jul 2017
14:49:07 +0200

** Changed in: openldap (Ubuntu)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to openldap in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/1688575

Title:
  Segmentation fault on a slave slapd (sync replication with kerberos
  authentication)

To manage notifications about this bug go to:
https://bugs.launchpad.net/openldap/+bug/1688575/+subscriptions

References

[Bug 1688575] [NEW] Segmentation fault on a slave slapd (sync replication with kerberos authentication)
From: Suho Meso, 2017-05-05