Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1230263 - rpm -V openldap complains
rpm -V openldap complains
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: openldap (Show other bugs)
7.2
All Linux
high Severity high
: rc
: ---
Assigned To: Matus Honek
Patrik Kis
: Regression
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-06-10 10:02 EDT by Patrik Kis
Modified: 2015-11-19 03:53 EST (History)
3 users (show)

See Also:
Fixed In Version: 2.4.40-4
Doc Type: Bug Fix
Doc Text:
After upgrading the system from Red Hat Enterprise Linux 6 to Red Hat Enterprise Linux 7, symbolic links to certain libraries unexpectedly pointed to locations belonging to the openldap-devel package. If the user uninstalled openldap-devel, the symbolic links were broken and the "rpm -V openldap" command sometimes produced errors. With this update, the symbolic links no longer get broken in the described situation. If the user downgrades openldap to version 2.4.39-6 or earlier, the symbolic links might break. After such downgrade, it is recommended to verify that the symbolic links did not break. To do this, make sure the yum-plugin-verify package is installed and obtain the target libraries by running the "rpm -V openldap" or "yum verify openldap" command.
Story Points: ---
Clone Of: 466924
Environment:
Last Closed: 2015-11-19 03:53:16 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:2131 normal SHIPPED_LIVE Moderate: openldap security, bug fix, and enhancement update 2015-11-19 04:10:21 EST

  None (edit)
Description Patrik Kis 2015-06-10 10:02:02 EDT 
Description of problem:
# rpm -V openldap
....L....    /usr/lib64/liblber-2.4.so.2
....L....    /usr/lib64/libldap-2.4.so.2
....L....    /usr/lib64/libldap_r-2.4.so.2
....L....    /usr/lib64/libslapi-2.4.so.2

when upgrading to openldap openldap-2.4.40-2.el7 and the devel package is installed.

Version-Release number of selected component (if applicable):
openldap-2.4.40-2.el7

How reproducible:
always

Steps to Reproduce:

1/ Firs a demonstration with package versions RHEL-7.0 < RHEL-7.1 to show it worked as expected:

[root@rhel70 ldap]# rpm -qa openldap\*
openldap-devel-2.4.39-3.el7.x86_64
openldap-2.4.39-3.el7.x86_64
[root@rhel70 ldap]# rpm -V openldap
[root@rhel70 ldap]# ll /usr/lib64/liblber*
lrwxrwxrwx. 1 root root    21 Jun 10 15:48 /usr/lib64/liblber-2.4.so.2 -> liblber-2.4.so.2.10.2
-rwxr-xr-x. 1 root root 62800 Feb 26  2014 /usr/lib64/liblber-2.4.so.2.10.2
lrwxrwxrwx. 1 root root    21 Jun 10 15:48 /usr/lib64/liblber.so -> liblber-2.4.so.2.10.2
[root@rhel70 ldap]# rpm -qf /usr/lib64/liblber-2.4.so.2
openldap-2.4.39-3.el7.x86_64
[root@rhel70 ldap]# rpm -qf /usr/lib64/liblber-2.4.so.2.10.2
openldap-2.4.39-3.el7.x86_64
[root@rhel70 ldap]# rpm -qf /usr/lib64/liblber.so
openldap-devel-2.4.39-3.el7.x86_64
[root@rhel70 ldap]# 
[root@rhel70 ldap]# rpm -Uvh ~/ldap/openldap-2.4.39-6.el7/openldap-2.4.39-6.el7.x86_64.rpm ~/ldap/openldap-2.4.39-6.el7/openldap-devel-2.4.39-6.el7.x86_64.rpm
Preparing...                          ################################# [100%]
Updating / installing...
   1:openldap-2.4.39-6.el7            ################################# [ 25%]
   2:openldap-devel-2.4.39-6.el7      ################################# [ 50%]
Cleaning up / removing...
   3:openldap-devel-2.4.39-3.el7      ################################# [ 75%]
   4:openldap-2.4.39-3.el7            ################################# [100%]
[root@rhel70 ldap]# rpm -V openldap
[root@rhel70 ldap]# ll /usr/lib64/liblber*
lrwxrwxrwx. 1 root root    21 Jun 10 15:49 /usr/lib64/liblber-2.4.so.2 -> liblber-2.4.so.2.10.2
-rwxr-xr-x. 1 root root 62800 Dec  9  2014 /usr/lib64/liblber-2.4.so.2.10.2
lrwxrwxrwx. 1 root root    21 Jun 10 15:49 /usr/lib64/liblber.so -> liblber-2.4.so.2.10.2
[root@rhel70 ldap]# 
[root@rhel70 ldap]# rpm -Uvh --oldpackage ~/ldap/openldap-2.4.39-3.el7/openldap-2.4.39-3.el7.x86_64.rpm ~/ldap/openldap-2.4.39-3.el7/openldap-devel-2.4.39-3.el7.x86_64.rpm Preparing...                          ################################# [100%]
Updating / installing...
   1:openldap-2.4.39-3.el7            ################################# [ 25%]
   2:openldap-devel-2.4.39-3.el7      ################################# [ 50%]
Cleaning up / removing...
   3:openldap-devel-2.4.39-6.el7      ################################# [ 75%]
   4:openldap-2.4.39-6.el7            ################################# [100%]
[root@rhel70 ldap]# rpm -V openldap
[root@rhel70 ldap]# 

2/ The issue appears when upgrading from RHEL-7.1 to RHEL-7.2:

[root@rhel70 ldap]# rpm -Uvh ~/ldap/openldap-2.4.39-6.el7/openldap-2.4.39-6.el7.x86_64.rpm ~/ldap/openldap-2.4.39-6.el7/openldap-devel-2.4.39-6.el7.x86_64.rpm
Preparing...                          ################################# [100%]
Updating / installing...
   1:openldap-2.4.39-6.el7            ################################# [ 25%]
   2:openldap-devel-2.4.39-6.el7      ################################# [ 50%]
Cleaning up / removing...
   3:openldap-devel-2.4.39-3.el7      ################################# [ 75%]
   4:openldap-2.4.39-3.el7            ################################# [100%]
[root@rhel70 ldap]# rpm -V openldap
[root@rhel70 ldap]# 
[root@rhel70 ldap]# rpm -Uvh ~/ldap/openldap-2.4.40-2.el7/openldap-2.4.40-2.el7.x86_64.rpm ~/ldap/openldap-2.4.40-2.el7/openldap-devel-2.4.40-2.el7.x86_64.rpm 
Preparing...                          ################################# [100%]
Updating / installing...
   1:openldap-2.4.40-2.el7            ################################# [ 25%]
   2:openldap-devel-2.4.40-2.el7      ################################# [ 50%]
Cleaning up / removing...
   3:openldap-devel-2.4.39-6.el7      ################################# [ 75%]
   4:openldap-2.4.39-6.el7            ################################# [100%]
[root@rhel70 ldap]# rpm -V openldap
....L....    /usr/lib64/liblber-2.4.so.2
....L....    /usr/lib64/libldap-2.4.so.2
....L....    /usr/lib64/libldap_r-2.4.so.2
....L....    /usr/lib64/libslapi-2.4.so.2

3/ The issue seems to be that /usr/lib64/liblber-2.4.so.2 points to symlink liblber.so what is owned by openldap-devel!

[root@rhel70 ldap]# ll /usr/lib64/liblber*
lrwxrwxrwx. 1 root root    10 Jun 10 15:50 /usr/lib64/liblber-2.4.so.2 -> liblber.so
-rwxr-xr-x. 1 root root 61848 Jun  3 10:40 /usr/lib64/liblber-2.4.so.2.10.3
lrwxrwxrwx. 1 root root    21 Jun 10 15:50 /usr/lib64/liblber.so -> liblber-2.4.so.2.10.3
[root@rhel70 ldap]# rpm -qf /usr/lib64/liblber-2.4.so.2
openldap-2.4.40-2.el7.x86_64
[root@rhel70 ldap]# rpm -qf /usr/lib64/liblber-2.4.so.2.10.3
openldap-2.4.40-2.el7.x86_64
[root@rhel70 ldap]# rpm -qf /usr/lib64/liblber.so
openldap-devel-2.4.40-2.el7.x86_64

4/ And this may cause real problem not only some warning, when openldap devel is suddenly removed:

[root@rhel70 ldap]# rpm -ev openldap-devel
Preparing packages...
openldap-devel-2.4.40-2.el7.x86_64
[root@rhel70 ldap]# ll /usr/lib64/liblber*
lrwxrwxrwx. 1 root root    10 Jun 10 15:50 /usr/lib64/liblber-2.4.so.2 -> liblber.so
-rwxr-xr-x. 1 root root 61848 Jun  3 10:40 /usr/lib64/liblber-2.4.so.2.10.3



+++ This bug was initially created as a clone of Bug #466924 +++
Comment 1 Patrik Kis 2015-06-10 10:03:58 EDT 
This is a regression with serious impact on the system. In short, when a system is upgraded and the openldap-devel package is removed (what is perfectly valid operation), the system will be in in inconsistent state.
Comment 3 Matus Honek 2015-06-23 04:25:18 EDT 
As correctly stated by Patrik, the links point to wrong files, therefore rpm -V complains those files are broken.
The cause is /sbin/ldconfig which was present at multiple places in the openldap.spec file and which made the links with filename equal to the SONAME of the library to point to links of filename equal to a base name of a library. That means a problem would occur, as also correctly stated by Patrik, on removal of the link caused by removing openldap-devel package.
The problem seems to be in multiple packages and each one solves it its way. See a discussion [1] for example.

Because all the links for the ${_libdir} are provided as files by packages themselves, I drop the calls of /sbin/ldconfig from the .spec file and call it only where required. See git-diff [2].

[1] http://thread.gmane.org/gmane.linux.redhat.fedora.devel/181593

[2] http://pkgs.devel.redhat.com/cgit/rpms/openldap/commit/?h=rhel-7.2&id=92c3debede102153b9802e19b527397839fa2b2c
Comment 5 Patrik Kis 2015-06-24 08:22:21 EDT 
Although rpm -V does not report error when upgrading to the latest package, I found two cases when this is still failing:

1/ Downgrade

[root@rhel70 ~]# rpm -qa openldap\*
openldap-2.4.39-6.el7.x86_64
openldap-devel-2.4.39-6.el7.x86_64
openldap-clients-2.4.39-6.el7.x86_64
[root@rhel70 ~]# rpm -V openldap
[root@rhel70 ~]# 
[root@rhel70 openldap-2.4.40-3.el7]# rpm -Uvh openldap-2.4.40-3.el7.x86_64.rpm openldap-clients-2.4.40-3.el7.x86_64.rpm openldap-devel-2.4.40-3.el7.x86_64.rpm 
Preparing...                          ################################# [100%]
Updating / installing...
   1:openldap-2.4.40-3.el7            ################################# [ 17%]
   2:openldap-clients-2.4.40-3.el7    ################################# [ 33%]
   3:openldap-devel-2.4.40-3.el7      ################################# [ 50%]
Cleaning up / removing...
   4:openldap-devel-2.4.39-6.el7      ################################# [ 67%]
   5:openldap-clients-2.4.39-6.el7    ################################# [ 83%]
   6:openldap-2.4.39-6.el7            ################################# [100%]
[root@rhel70 openldap-2.4.40-3.el7]# 
[root@rhel70 openldap-2.4.40-3.el7]# rpm -V openldap
[root@rhel70 openldap-2.4.40-3.el7]# ll /usr/lib64/liblber*
lrwxrwxrwx. 1 root root    21 Jun 24 13:32 /usr/lib64/liblber-2.4.so.2 -> liblber-2.4.so.2.10.3
-rwxr-xr-x. 1 root root 61848 Jun 23 09:37 /usr/lib64/liblber-2.4.so.2.10.3
lrwxrwxrwx. 1 root root    21 Jun 24 13:32 /usr/lib64/liblber.so -> liblber-2.4.so.2.10.3
[root@rhel70 openldap-2.4.40-3.el7]# 
[root@rhel70 openldap-2.4.39-6.el7]# rpm -Uvh --oldpackage openldap-2.4.39-6.el7.x86_64.rpm openldap-clients-2.4.39-6.el7.x86_64.rpm openldap-devel-2.4.39-6.el7.x86_64.rpm 
Preparing...                          ################################# [100%]
Updating / installing...
   1:openldap-2.4.39-6.el7            ################################# [ 17%]
   2:openldap-clients-2.4.39-6.el7    ################################# [ 33%]
   3:openldap-devel-2.4.39-6.el7      ################################# [ 50%]
Cleaning up / removing...
   4:openldap-devel-2.4.40-3.el7      ################################# [ 67%]
   5:openldap-clients-2.4.40-3.el7    ################################# [ 83%]
   6:openldap-2.4.40-3.el7            ################################# [100%]
[root@rhel70 openldap-2.4.39-6.el7]# 
[root@rhel70 openldap-2.4.39-6.el7]# rpm -V openldap
....L....    /usr/lib64/liblber-2.4.so.2
....L....    /usr/lib64/libldap-2.4.so.2
....L....    /usr/lib64/libldap_r-2.4.so.2
....L....    /usr/lib64/libslapi-2.4.so.2
[root@rhel70 openldap-2.4.39-6.el7]# ll /usr/lib64/liblber*
lrwxrwxrwx. 1 root root    10 Jun 24 13:33 /usr/lib64/liblber-2.4.so.2 -> liblber.so
-rwxr-xr-x. 1 root root 62800 Dec  9  2014 /usr/lib64/liblber-2.4.so.2.10.2
lrwxrwxrwx. 1 root root    21 Jun 24 13:33 /usr/lib64/liblber.so -> liblber-2.4.so.2.10.2
[root@rhel70 openldap-2.4.39-6.el7]# 


2/ Upgrade when openldap-servers-sql package is installed

[root@rhel70 openldap-2.4.40-3.el7]# rpm -qa openldap\* |sortopenldap-2.4.39-6.el7.i686
openldap-2.4.39-6.el7.x86_64
openldap-devel-2.4.39-6.el7.i686
openldap-devel-2.4.39-6.el7.x86_64
openldap-servers-2.4.39-6.el7.x86_64
openldap-servers-sql-2.4.39-6.el7.x86_64
[root@rhel70 openldap-2.4.40-3.el7]# rpm -V openldap.x86_64 openldap.i686[root@rhel70 openldap-2.4.40-3.el7]# 
[root@rhel70 openldap-2.4.40-3.el7]# rpm -Uvh openldap-2.4.40-3.el7.*rpm openldap-devel-2.4.40-3.el7.*rpm openldap-servers-2.4.40-3.el7.x86_64.rpm openldap-servers-sql-2.4.40-3.el7.x86_64.rpm Preparing...                          ################################# [100%]
Updating / installing...
   1:openldap-2.4.40-3.el7            ################################# [  8%]
   2:openldap-servers-2.4.40-3.el7    ################################# [ 17%]
   3:openldap-2.4.40-3.el7            ################################# [ 25%]
   4:openldap-devel-2.4.40-3.el7      ################################# [ 33%]
   5:openldap-servers-sql-2.4.40-3.el7################################# [ 42%]
   6:openldap-devel-2.4.40-3.el7      ################################# [ 50%]
Cleaning up / removing...
   7:openldap-devel-2.4.39-6.el7      ################################# [ 58%]
   8:openldap-devel-2.4.39-6.el7      ################################# [ 67%]
   9:openldap-servers-sql-2.4.39-6.el7################################# [ 75%]
  10:openldap-2.4.39-6.el7            ################################# [ 83%]
  11:openldap-servers-2.4.39-6.el7    ################################# [ 92%]
  12:openldap-2.4.39-6.el7            ################################# [100%]
[root@rhel70 openldap-2.4.40-3.el7]# rpm -V openldap.x86_64 openldap.i686....L....    /usr/lib64/liblber-2.4.so.2
....L....    /usr/lib64/libldap-2.4.so.2
....L....    /usr/lib64/libldap_r-2.4.so.2
....L....    /usr/lib64/libslapi-2.4.so.2
[root@rhel70 openldap-2.4.40-3.el7]#
Comment 6 Matus Honek 2015-06-29 12:02:20 EDT 
Fixing a wrongly called ldconfig by [1], so that it does what was intended.

Due to the calls to ldconfig in versions 2.4.39-6 and older a downgrade will result to rpm -V complaining in specific situations, that cannot be fixed by fixing future versions. Therefore an attention should be paid on where the links in /usr/lib (/usr/lib64 respectively) are pointing to. See `rpm -V openldap', or `yum verify openldap' with yum-plugin-verify installed, after downgrade for the target libraries.

[1] http://pkgs.devel.redhat.com/cgit/rpms/openldap/commit/?h=rhel-7.2&id=21dad9dd80b7a23b38590f82593c6c9a33a4e44e
Comment 10 errata-xmlrpc 2015-11-19 03:53:16 EST 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-2131.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.