Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1147982 - Rebase openldap to 2.4.40
Rebase openldap to 2.4.40
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: openldap (Show other bugs)
7.1
Unspecified Unspecified
high Severity high
: rc
: ---
Assigned To: Matus Honek
Patrik Kis
Tomas Capek
: Rebase
Depends On:
Blocks: 1205796 1110700 1147983 1191021 1250949
  Show dependency treegraph
 
Reported: 2014-09-30 09:11 EDT by Jan Synacek
Modified: 2015-11-19 03:52 EST (History)
9 users (show)

See Also:
Fixed In Version:
Doc Type: Release Note
Doc Text:
*openldap* rebase to version 2.4.40 The _openldap_ packages have been upgraded to upstream version 2.4.40, which provides a number of bug fixes and one enhancement over the previous version. Notably, the ORDERING matching rules have been added to the *ppolicy* attribute type descriptions. Among the fixed bugs are: The server no longer terminates unexpectedly when processing SRV records, and missing *objectClass* information has been added, which enables the user to modify the front-end configuration by standard means.
Story Points: ---
Clone Of:
: 1147983 (view as bug list)
Environment:
Last Closed: 2015-11-19 03:52:23 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:2131 normal SHIPPED_LIVE Moderate: openldap security, bug fix, and enhancement update 2015-11-19 04:10:21 EST

  None (edit)
Description Jan Synacek 2014-09-30 09:11:27 EDT 
Description of problem:

OpenLDAP 2.4.40 Release (2014/09/20)
	Fixed libldap DNS SRV priority handling (ITS#7027)
	Fixed libldap don't leak libldap err codes (ITS#7676)
	Fixed libldap CR/LF handling (ITS#4635)
	Fixed libldap ldif-wrap length (ITS#7871)
	Fixed libldap GnuTLS ciphersuite parsing (ITS#7500)
	Fixed libldap GnuTLS with newer versions (ITS#7430,ITS#6359)
	Fixed libldif to correctly handle 4096 character lines (ITS#7859)
	Fixed librewrite reference counting (ITS#7723)
	Fixed slapacl with back-mdb reader transactions (ITS#7920)
	Fixed slapd syncrepl to send cookie on fallback (ITS#7849)
	Fixed slapd syncrepl SEGV when abandoning a connection (ITS#7928)
	Fixed slapd slapcat with external schema (ITS#7895)
	Fixed slapd schema RDN normalization (ITS#7935)
	Fixed slapd with repeated language tags (ITS#7941)
	Fixed slapd modrdn crash on naming attr with no matching rule (ITS#7850)
	Fixed slapd memory leak in control handling (ITS#7942)
	Fixed slapd-ldap removed dead code (ITS#7922)
	Fixed slapd-mdb to work concurrently with slapadd (ITS#7798)
	Fixed slapd-mdb with paged results (ITS#7705, ITS#7800)
	Fixed slapd-mdb slapcat with nonexistent indices (ITS#7870)
	Fixed slapd-mdb long lived reader transactions (ITS#7904)
	Fixed slapd-mdb memory leak on matchedDN (ITS#7872)
	Fixed slapd-mdb sorting of attribute values (ITS#7902)
	Fixed slapd-mdb to flag attribute values as sorted (ITS#7903)
	Fixed slapd-mdb index config handling (ITS#7912)
	Fixed slapd-mdb entry release handling (ITS#7915)
	Fixed slapd-mdb with aliases and referrals (ITS#7927)
	Fixed slapd-mdb alias dereferencing (ITS#7702)
	Fixed slapd-sock socket flushing (ITS#7937)
	Fixed slapo-accesslog attribute normalization (ITS#7934)
	Fixed slapo-accesslog internal search logging (ITS#7929)
	Fixed slapo-auditlog connection destroy logic (ITS#7906,ITS#7923)
	Fixed slapo-chain interaction with slapo-rwm (ITS#7930)
	Fixed slapo-constraint connection destroy logic (ITS#7906,ITS#7923)
	Fixed slapo-dds connection destroy logic (ITS#7906,ITS#7923)
	Fixed slapo-dyngroup connection destroy logic (ITS#7906,ITS#7923)
	Fixed slapo-memberof attr count (ITS#7893)
	Fixed slapo-memberof frontendDB handling (ITS#7249)
	Fixed slapo-memberof internal search logging (ITS#7929)
	Fixed slapo-pcache config processing (ITS#7919)
	Fixed slapo-pcache connection destroy logic (ITS#7906,ITS#7923)
	Added slapo-ppolicy ORDERING rules (ITS#7838)
	Fixed slapo-ppolicy timestamp resolution to use microseconds (ITS#7161)
	Fixed slapo-ppolicy connection destroy logic (ITS#7906,ITS#7923)
	Fixed slapo-refint to check for pauses in cn=config (ITS#7873)
	Fixed slapo-refint internal search logging (ITS#7929)
	Fixed slapo-refint connection destroy logic (ITS#7906,ITS#7923)
	Fixed slapo-seqmod connection destroy logic (ITS#7906,ITS#7923)
	Fixed slapo-slapover connection destroy logic (ITS#7906,ITS#7923)
	Fixed slapo-sock db_init (ITS#7868)
	Fixed slapo-sssvlv fix olcSssVlvMaxPerConn (ITS#7908)
	Fixed slapo-translucent double free (ITS#7587)
	Fixed slapo-translucent to work with manageDSAit (ITS#7864)
	Fixed slapo-translucent to use local backend with local entries (ITS#7915)
	Fixed slapo-unique connection destroy logic (ITS#7906,ITS#7923)
	Fixed slapcacl with invalid suffix (ITS#7827)
	Build Environment
		Remove support for gcrypt (ITS#7877)
		BDB 6.0.20 and later is not supported (ITS#7890)
		Fixed ODBC link check (ITS#7891)
		Fixed slapd.ldif frontend config (ITS#7933)
	Contrib
		Added pbkdf2 module (ITS#7742)
		Fixed autogroup double free (ITS#7831)
		Fixed autogroup modification callback responses (ITS#6970)
		Fixed ldapc++ memory leak in Async connection (ITS#7806)
		Fixed nssov install path (ITS#7858)
		Fixed passwd rpath (ITS#7885)
		Fixed apr1 do_phk_hash argument order (ITS#7869)
		Fixed slapd-sha2 buffer overrun (ITS#7851)
	Documentation
		Fixed slapd.ldif man page reference (ITS#7803)
		Fixed slapd.conf(5) man page to reference exattrs (ITS#7847)
		Fixed guide to work with mkrelease (ITS#7887)
		Fixed ldap_get_dn(3) ldap_ava definition (ITS#7860)
Comment 7 Louis Abel 2015-06-28 21:14:06 EDT 
Can we consider on going to 2.4.41 instead? Or at least patching the mdb portion of 2.4.40 while rebasing? The below change logs explain why.

mdb change log:
LMDB 0.9.15 Release (2015/06/19)
	Fix txn init (ITS#7961,#7987)
	Fix MDB_PREV_DUP (ITS#7955,#7671)
	Fix compact of empty env (ITS#7956)
	Fix mdb_copy file mode
	Fix mdb_env_close() after failed mdb_env_open()
	Fix mdb_rebalance collapsing root (ITS#8062)
	Fix mdb_load with large values (ITS#8066)
	Fix to retry writes on EINTR (ITS#8106)
	Fix mdb_cursor_del on empty DB (ITS#8109)
	Fix MDB_INTEGERDUP key compare (ITS#8117)
	Fix error handling (ITS#7959,#8157,etc.)
	Fix race conditions (ITS#7969,7970)
	Added workaround for fdatasync bug in ext3fs
	Build
		Don't use -fPIC for static lib
		Update .gitignore (ITS#7952,#7953)
		Cleanup for "make test" (ITS#7841), "make clean", mtest*.c
		Misc. Android/Windows cleanup
	Documentation
		Fix MDB_APPEND doc
		Fix MDB_MAXKEYSIZE doc (ITS#8156)
		Fix mdb_cursor_put,mdb_cursor_del EACCES description
		Fix mdb_env_sync(MDB_RDONLY env) doc (ITS#8021)
		Clarify MDB_WRITEMAP doc (ITS#8021)
		Clarify mdb_env_open doc
		Clarify mdb_dbi_open doc

OpenLDAP change log: 
OpenLDAP 2.4.41 Release (2015/06/21)
	Fixed ldapsearch to explicitly flush its buffer (ITS#8118)
	Fixed libldap async connections (ITS#8090)
	Fixed libldap double free of request during abandon (ITS#7967)
	Fixed libldap error string for LDAP_X_CONNECTING (ITS#8093)
	Fixed libldap segfault in ldap_sync_initialize (ITS#8001)
	Fixed libldap ldif-wrap off by one error (ITS#8003)
	Fixed libldap handling of TLS in async mode (ITS#8022)
	Fixed libldap null pointer dereference (ITS#8028)
	Fixed libldap mutex handling with LDAP_OPT_SESSION_REFCNT (ITS#8050)
	Fixed slapd slapadd config db import of minimal frontend entry (ITS#8150)
	Fixed slapd slapadd onetime leak with -w (ITS#8014)
	Fixed slapd sasl auxprop crash with invalid config (ITS#8092)
	Fixed slapd syncrepl delta-mmr issue with overlays and slapd.conf (ITS#7976)
	Fixed slapd syncrepl mutex for cookie state (ITS#7968)
	Fixed slapd syncrepl memory leaks (ITS#8035)
	Fixed slapd syncrepl to free presentlist at end of refresh mode (ITS#8038)
	Fixed slapd syncrepl to streamline presentlist (ITS#8042)
	Fixed slapd syncrepl concurrency when CHECK_CSN is enabled (ITS#8120)
	Fixed slapd rootdn checks for hidden backends (ITS#8108)
	Fixed slapd segfault when using matched values control (ITS#8046)
	Fixed slapd-ldap reconnection behavior on remote failure (ITS#8142)
	Fixed slapd-mdb minor case typo (ITS#8049)
	Fixed slapd-mdb one-level search (ITS#7975)
	Fixed slapd-mdb heap corruption (ITS#7965)
	Fixed slapd-mdb crash after deleting in-use schema (ITS#7995)
	Fixed slapd-mdb minor code cleanup (ITS#8011)
	Fixed slapd-mdb to return errors when using incorrect env flags (ITS#8016)
	Fixed slapd-mdb to correctly update search candidates (ITS#8036, ITS#7904)
	Fixed slapd-mdb when there were more than 65535 aliases in scope (ITS#8103)
	Fixed slapd-mdb alias deref when objectClass is not indexed (ITS#8146)
	Fixed slapd-meta TLS initialization with ldaps URIs (ITS#8022)
	Fixed slapd-meta to have better error logging (ITS#8131)
	Fixed slapd-perl conversion to cn=config (ITS#8105)
	Fixed slapd-sql autocommit config variable (ITS#8129,ITS#6613)
	Fixed slapo-collect segfault (ITS#7797)
	Fixed slapo-constraint with 0 count constraint (ITS#7780,ITS#7781)
	Fixed slapo-deref with empty attribute list (ITS#8027)
	Fixed slapo-memberof to correctly reject invalid members (ITS#8107)
	Fixed slapo-sock result parser for CONTINUE (ITS#8048)
	Fixed slapo-syncprov synprov_matchops usage of test_filter (ITS#8013)
	Fixed slapo-syncprov segfault on disconnect/abandon (ITS#5452,ITS#8012)
	Fixed slapo-syncprov memory leak (ITS#8039)
	Fixed slapo-syncprov segfault on disconnect/abandon (ITS#8043)
	Fixed slapo-syncprov deadlock when autogroup is in use (ITS#8063)
	Fixed slapo-syncprov potential loss of changes when under load (ITS#8081)
	Fixed slapo-unique enforcement of uniqueness with manageDSAit control (ITS#8057)
Comment 9 Matus Honek 2015-06-30 11:16:34 EDT 
I would be in favour of rebasing to 2.4.41. Unfortunately, Development Freeze for RHEL-7.2 is in a week and OpenLDAP 2.4.41 has not still been released officially (even though the upstream git branch is already tagged so). Therefore, I do not find it realistic to be included in next release.

Should you find some particular patch needed to be included, please pose a reasoning and I will try to include it in the next release.
Comment 10 Louis Abel 2015-06-30 14:34:58 EDT 
I understand the reasoning for holding off (freezes, etc). But it just seems to me that the fixes alone in both the slapo-mdb AND OpenLDAP itself would warrant the rebase to .41. The slapo-syncprov and slapo-mdb show significant fixes in the next release.

But because of your points (freeze/41 release), it may need to be considered later after the freeze, however it works on your side.
Comment 14 Louis Abel 2015-08-26 21:40:40 EDT 
I noticed 2.4.40 is around for EL6. It has not arrived for EL7 (as this bug is listed for RHEL 7). Is there a reason for this? 1147983 shows closed for EL6.
Comment 15 Patrik Kis 2015-08-27 04:12:31 EDT 
(In reply to Louis Abel from comment #14)
> I noticed 2.4.40 is around for EL6. It has not arrived for EL7 (as this bug
> is listed for RHEL 7). Is there a reason for this? 1147983 shows closed for
> EL6.

openldap-2.4.40 is still in testing; it will be released in next RHEL-7 update.
Comment 17 errata-xmlrpc 2015-11-19 03:52:23 EST 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-2131.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.