Univention Bugzilla – Bug 55833
openldap: merge patches to UCS UCS5.1 / 5.2
Last modified: 2024-05-02 12:55:20 CEST
The patches of openldap have to be cherry-picked and rebased to (UCS 5.1 and) UCS 5.2.
The patches have been rebased to UCS 5.1/UCS 5.2: r19947 | Bug #55833: link krb5_init_context in k5pwd against heimdal instead of mit-kerberos r19946 | Bug #55833: k5pwd: initialize krb5_init_context with 0 r19944 | Bug #55833: link krb5_init_context in k5pwd against heimdal instead of mit-kerberos r19940 | Bug #55833: k5pwd: initialize krb5_init_context with 0 r19924 | Bug #55833: disable test074-asyncmeta-concurrency r19923 | Bug #55833: disable failing test073-asyncmeta r19888 | Bug #55833: libldap_r has been merged with libldap r19887 | Bug #55833: config.h has been renamed into slap-config.h r19885 | Revert "Bug #55833: re-add multithreading support" r19883 | Revert "Bug #55833: re-add multithreading support" r19881 | Bug #55833: re-add multithreading support r19880 | Bug #55833: re-add multithreading support r19879 | Bug #55833: migrate Python 3.7 to Python 3.11 r19878 | fixup! Bug #55833: migrate Python 3.7 to Python 3.9 r19877 | Bug #55833: migrate Python 3.7 to Python 3.9 r19876 | fixup! Bug #55833: rebase patches; remove upstream applied patches r19875 | Bug #55833: rebase patches; remove upstream applied patches r19818 | Bug #55833: updat patch hunks r19817 | Bug #55833: remove upstream applied patches r19816 | Bug #55833: rebase patches We observed on segfault in k5pwd overlay module, which was analyzed by Julia as following: The problem was that OpenLDAP now has a dependency on the kerberos MIT libs via some complicated corners. Therefore, the krb5_init_context from the MIT libs was used, which is later no longer compatible with the Heimdal expectations. > root@primary80:~/test5/openldap-2.4.57+dfsg# dpkg -S /usr/lib/x86_64-linux-gnu/libkrb5.so.3 > libkrb5-3:amd64: /usr/lib/x86_64-linux-gnu/libkrb5.so.3 > Breakpoint 1, krb5_init_context (context=0x7ffff4ade1a0 <k5_ctx>) at ../../../src/lib/krb5/krb/init_ctx.c:139 > 139 ../../../src/lib/krb5/krb/init_ctx.c: File or directory not found. > (gdb) info symbol krb5_init_context > krb5_init_context in section .text of /lib/x86_64-linux-gnu/libkrb5.so.3 The fix was to link against krb5 and so that the versioning of libkrb5.so* works and the heimdal libs are used consistently. Full backtrace: #0 initialize_kadm5_error_table_r (list=0x555555b05cd8) at kadm5_err.c:101 #1 0x00007ffff767f1da in krb5_add_et_list () from /lib/x86_64-linux-gnu/libkrb5.so.26 #2 0x00007ffff4b6fe65 in _kadm5_s_init_context (ctx=ctx@entry=0x7fffffffe690, params=params@entry=0x7ffff4b98440 <conf>, context=0x555555b05c70) at context_s.c:241 #3 0x00007ffff4b71d9b in kadm5_s_init_with_context (context=<optimized out>, client_name=0x7ffff4b96015 "kadmin/admin", realm_params=0x7ffff4b98440 <conf>, server_handle=0x7ffff4b98478 <kadm_context>, api_version=<optimized out>, struct_version=<optimized out>, service_name=<optimized out>) at init_s.c:53 #4 0x00007ffff4b94625 in k5pwd_modules_init (pi=<optimized out>) at k5pwd.c:565 #5 0x00005555555fe280 in over_db_open (be=<optimized out>, cr=0x7fffffffe910) at ../../../../servers/slapd/backover.c:155 #6 0x000055555559c2da in backend_startup_one (be=be@entry=0x555555891300, cr=cr@entry=0x7fffffffe910) at ../../../../servers/slapd/backend.c:224 #7 0x000055555559c5eb in backend_startup (be=0x555555891300, be@entry=0x0) at ../../../../servers/slapd/backend.c:325 #8 0x00005555555be4e1 in slap_startup (be=be@entry=0x0) at ../../../../servers/slapd/init.c:219 #9 0x0000555555572a93 in main (argc=<optimized out>, argv=0x7fffffffec28) at ../../../../servers/slapd/main.c:1005
* OK (new) 00_ftbfs.quilt * OK 02-disable-some-tests.quilt * OK (dropped) 03_dbgsym-migration.patch * OK 10_translog_overlay.patch * OK 10_translog_overlay.quilt * OK 12_k5pwd.patch * OK 12_k5pwd.quilt (+ link to heimdal) * OK 15_pwd_scheme_kinit.patch * OK 15_pwd_scheme_kinit.quilt * OK 20_core_schema.patch * OK 21_nis_schema.quilt * OK 23_cosine_schema.patch * OK (+ ppolicy attrs) 30_postinst.patch * OK 31_avoid_OID_changes.quilt * OK 32_lmpasswd.patch.DISABLED * OK 34_socket_permissions.quilt * OK 35_commit_slapd_init_script.patch * OK 53_dellog-2.3.30.patch * OK 53_dellog-2.3.30.quilt * OK 55_libgcrypt.patch * OK 60_ssl.patch * OK 62_disable_tests.patch * OK 63_disable_migrate_to_slapd_d_style.patch * OK 70_ppolicy_udm_lock.patch * OK 70_ppolicy_udm_lock.quilt * OK 80_slapd_init_start.patch * OK 85_disable_move_and_dump.patch * OK 86_postinst_slapd_stop.patch * OK 87_postinst_slapd_restart.patch * OK (new) 88_show_stderr_only_in_case_of_error_during_database_dump.patch * OK 90_bug47196_adjust_ldap_debug_levels.quilt * OK (dropped, applied upstream) 90_bug49780_slapd_bus_error.quilt * OK 92_bug35329_nis_schema.quilt * OK 93-exclude-ldap-utils-from-shlibs.patch * OK 97_shadowbind_overlay.quilt * OK 97_shadowbind_overlay_rules.patch * OK 98_bcrypt.quilt * OK 98_bcrypt_rules.patch * OK (dropped) 98_database_upgrade_version.patch * OK (dropped, applied upstream) 99_Bug37915_avoid_deadlock_and_race_condition.quilt * OK (dropped, applied upstream) 99_ITS-9124-Null-pointer-dereference-in-ber_skip_tag.quilt * OK (dropped, applied upstream) 99_ITS-9171-Insert-callback-in-the-right-place.quilt * OK (dropped) 99_preferredDeliveryMethod_syntax.quilt