[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#901192: marked as done (stretch-pu: package openldap/2.4.44+dfsg-5+deb9u2)

Your message dated Sat, 14 Jul 2018 11:21:20 +0100
with message-id <1531563680.2095.30.camel@adam-barratt.org.uk>
and subject line Closing bugs for updates included in 9.5
has caused the Debian Bug report #901192,
regarding stretch-pu: package openldap/2.4.44+dfsg-5+deb9u2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
901192: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901192
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org@packages.debian.org
Usertags: pu

Dear SRM,

Please consider this openldap update for stretch. I apologize for the 
late request and will understand if it doesn't make it.

Both fixes have already had some time in testing and stretch-backports.

  * Import upstream patch to fix an out-of-sync issue with delta-syncrepl
    replication in multi-master environments, resulting from changes losing
    tracking information and being applied multiple times.
    (ITS#84444) (Closes: #877166)

This issue impacts replication when the memberof overlay is used in a 
multi-master setup. Sven Mäder (in X-D-CC) has tested the proposed 
package on a stretch system and verified the fix.

  * Really fix upgrades when the config contains backslash-escaped special
    characters. The previous fix was incomplete and didn't fully fix upgrades
    involving a database reload. (Closes: #864719)

The first part of this, fixing simple upgrades that don't require a 
database reload, is already in stretch (as +deb9u1). This additional 
patch deals with code that is not executed in a typical upgrade but 
might be triggered based on the old version or the debconf settings.

thanks,
Ryan

-- System Information:
Debian Release: 9.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-6-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8), LANGUAGE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

diff -Nru openldap-2.4.44+dfsg/debian/changelog openldap-2.4.44+dfsg/debian/changelog
--- openldap-2.4.44+dfsg/debian/changelog	2017-08-10 12:12:46.000000000 -0700
+++ openldap-2.4.44+dfsg/debian/changelog	2018-05-22 21:25:19.000000000 -0700
@@ -1,3 +1,15 @@
+openldap (2.4.44+dfsg-5+deb9u2) stretch; urgency=medium
+
+  * Import upstream patch to fix an out-of-sync issue with delta-syncrepl
+    replication in multi-master environments, resulting from changes losing
+    tracking information and being applied multiple times.
+    (ITS#8444) (Closes: #877166)
+  * Really fix upgrades when the config contains backslash-escaped special
+    characters. The previous fix was incomplete and didn't fully fix upgrades
+    involving a database reload. (Closes: #864719)
+
+ -- Ryan Tandy <ryan@nardis.ca>  Tue, 22 May 2018 21:25:19 -0700
+
 openldap (2.4.44+dfsg-5+deb9u1) stretch; urgency=medium
 
   * Relax the dependency of libldap-2.4-2 on libldap-common to also permit 
diff -Nru openldap-2.4.44+dfsg/debian/patches/ITS-8444-Do-not-clear-the-pending-operation-when-che.patch openldap-2.4.44+dfsg/debian/patches/ITS-8444-Do-not-clear-the-pending-operation-when-che.patch
--- openldap-2.4.44+dfsg/debian/patches/ITS-8444-Do-not-clear-the-pending-operation-when-che.patch	1969-12-31 16:00:00.000000000 -0800
+++ openldap-2.4.44+dfsg/debian/patches/ITS-8444-Do-not-clear-the-pending-operation-when-che.patch	2018-05-22 21:25:19.000000000 -0700
@@ -0,0 +1,30 @@
+From bb6438fb7ae32a622f456af8c4c9b8d479d5b209 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= <ondra@mistotebe.net>
+Date: Fri, 25 Aug 2017 16:25:23 +0100
+Subject: [PATCH] ITS#8444 Do not clear the pending operation when
+ checkpointing
+
+When a checkpoint happens, if we remove the CSN from the pending list,
+accesslog won't pass it onto the accesslog DB. But in a delta-mmr
+scenario, an accesslog entry without a CSN faces a race where it might
+be applied twice - that usually fails and causes a full refresh, other
+times it can cause a silent desync - both are undesirable.
+---
+ servers/slapd/overlays/syncprov.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/servers/slapd/overlays/syncprov.c b/servers/slapd/overlays/syncprov.c
+index 3e7667336..4c2d939d4 100644
+--- a/servers/slapd/overlays/syncprov.c
++++ b/servers/slapd/overlays/syncprov.c
+@@ -1494,6 +1494,7 @@ syncprov_checkpoint( Operation *op, slap_overinst *on )
+ 	opm.o_bd->bd_info = on->on_info->oi_orig;
+ 	opm.o_managedsait = SLAP_CONTROL_NONCRITICAL;
+ 	opm.o_no_schema_check = 1;
++	opm.o_opid = -1;
+ 	opm.o_bd->be_modify( &opm, &rsm );
+ 
+ 	if ( rsm.sr_err == LDAP_NO_SUCH_OBJECT &&
+-- 
+2.11.0
+
diff -Nru openldap-2.4.44+dfsg/debian/patches/series openldap-2.4.44+dfsg/debian/patches/series
--- openldap-2.4.44+dfsg/debian/patches/series	2017-08-09 22:07:34.000000000 -0700
+++ openldap-2.4.44+dfsg/debian/patches/series	2018-05-22 21:25:19.000000000 -0700
@@ -31,3 +31,4 @@
 ITS-8432-fix-infinite-looping-mods-in-delta-mmr.patch
 ITS-8648-check-result-of-ldap_int_initialize-in-ldap.patch
 ITS-8648-init-SASL-library-in-global-init.patch
+ITS-8444-Do-not-clear-the-pending-operation-when-che.patch
diff -Nru openldap-2.4.44+dfsg/debian/slapd.scripts-common openldap-2.4.44+dfsg/debian/slapd.scripts-common
--- openldap-2.4.44+dfsg/debian/slapd.scripts-common	2017-08-09 22:07:34.000000000 -0700
+++ openldap-2.4.44+dfsg/debian/slapd.scripts-common	2018-05-22 21:25:19.000000000 -0700
@@ -182,11 +182,11 @@
 
 	dir=`database_dumping_destdir`
 	echo >&2 "  Dumping to $dir: "
-	(get_suffix | while read suffix; do
+	(get_suffix | while read -r suffix; do
 		dbdir=`get_directory "$suffix"`
 		if [ -n "$dbdir" ]; then
 			file="$dir/$suffix.ldif"
-			echo -n "  - directory $suffix... " >&2
+			printf '  - directory %s... ' "$suffix" >&2
 			# Need to support slapd.d migration from preinst
 			if [ -f "${SLAPD_CONF}" ]; then
 				slapcat_opts="-g -f ${SLAPD_CONF}"
@@ -215,7 +215,7 @@
 	echo >&2 "  Loading from $dir: "
 	# restore by increasing suffix length due to possibly glued databases
 	get_suffix | awk '{ print length, $0 }' | sort -n | cut -d ' ' -f 2- \
-	| while read suffix; do
+	| while read -r suffix; do
 		dbdir=`get_directory "$suffix"`
 		if [ -z "$dbdir" ]; then
 			continue
@@ -227,11 +227,11 @@
 		fi
 
 		file="$dir/$suffix.ldif"
-		echo -n "  - directory $suffix... " >&2
+		printf '  - directory %s... ' "$suffix" >&2
 
 		# If there is an old DB_CONFIG file, restore it before
 		# running slapadd
-		backupdir=`compute_backup_path -n "$dbdir" "$suffix"`
+		backupdir="$(compute_backup_path -n "$dbdir" "$suffix")"
 		if [ -e "$backupdir"/DB_CONFIG ]; then
 			cp -a "$backupdir"/DB_CONFIG "$dbdir"/
 		fi
@@ -267,7 +267,7 @@
 # }}}
 move_incompatible_databases_away() {					# {{{
 	echo >&2 "  Moving old database directories to /var/backups:"
-	(get_suffix | while read suffix; do
+	(get_suffix | while read -r suffix; do
 		dbdir=`get_directory "$suffix"`
 		move_old_database_away "$dbdir" "$suffix" <&5
 	done) 5<&0 </dev/null
@@ -287,7 +287,7 @@
 get_suffix() {								# {{{
 	if [ -f "${SLAPD_CONF}" ]; then
 		for f in `get_all_slapd_conf_files`; do
-			sed -n -e's/^suffix[[:space:]]\+"*\([^"]\+\)"*/\1/p' $f
+			sed -n -e '/^suffix[[:space:]]/ { s/^suffix[[:space:]]\+"*\([^"]\+\)"*/\1/; s/\\\\/\\/g; p }' $f
 		done
 	else
 		grep -h ^olcSuffix ${SLAPD_CONF}/cn\=config/olcDatabase*.ldif | cut -d: -f 2
@@ -297,13 +297,15 @@
 get_directory() {							# {{{
 # Returns the db directory for a given suffix
 	if [ -d "${SLAPD_CONF}" ] && get_suffix | grep -Fq "$1" ; then
-		sed -n 's/^olcDbDirectory: *//p' `grep -Fl "^olcSuffix: $1" ${SLAPD_CONF}/cn\=config/olcDatabase*.ldif`
+		sed -n 's/^olcDbDirectory: *//p' `grep -Flx "olcSuffix: $1" ${SLAPD_CONF}/cn\=config/olcDatabase*.ldif`
 	elif [ -f "${SLAPD_CONF}" ]; then
 		# Extract the directory for the given suffix ($1)
+		# Quote backslashes once for slapd.conf parser, again for awk
+		quoted="$(printf '%s' "$1" | sed 's/\\/\\\\\\\\/g')"
 		for f in `get_all_slapd_conf_files`; do
 		awk  ' BEGIN { DB=0; SUF=""; DIR="" } ;
 		       /^database/ { DB=1; SUF=""; DIR="" } ; 
-		       DB==1 && /^suffix[ \t]+"?'"$1"'"?$/ { SUF=$2 ; } ; 
+		       DB==1 && /^suffix[ \t]+"?'"$quoted"'"?$/ { SUF=$2 ; } ; 
 		       DB==1 && /^directory/ { DIR=$2 ;} ; 
 		       DB==1 && SUF!="" && DIR!="" { sub(/^"/,"",DIR) ; sub(/"$/,"",DIR) ; print DIR; SUF=""; DIR="" }' "${f}" | \
 		sed -e's/\([^\\]\|^\)"/\1/g; s/\\"/"/g; s/\\\\/\\/g'
@@ -369,7 +371,7 @@
 		exit 1
 	fi
 
-	echo "$target"
+	printf '%s' "$target"
 }
 
 # }}}
@@ -397,8 +399,8 @@
 	# include mount points as well anyway, but it's much less likely.
 	db_get slapd/move_old_database
 	if [ "$RET" = true ]; then
-		backupdir=`compute_backup_path "$databasedir" "$suffix"`
-		echo -n "  - directory $suffix... " >&2
+		backupdir="$(compute_backup_path "$databasedir" "$suffix")"
+		printf '  - directory %s... ' "$suffix" >&2
 		mkdir -p "$backupdir"
 		find -H "$databasedir" -mindepth 1 -maxdepth 1 -type f \
 			-exec mv {} "$backupdir" \;

--- End Message ---
--- Begin Message --- 
Version: 9.5

Hi,

The update referenced by each of these bugs was included in this
morning's stretch point release.

Regards,

Adam

--- End Message ---
Reply to: