openldap-bugs July 2021

openldap-bugs@openldap.org

1 participants
263 discussions

[Issue 9546] New: error:141A90B5:SSL routines:ssl_cipher_list_to_bytes:no ciphers available
by openldap-its＠openldap.org 03 Aug '21

03 Aug '21

https://bugs.openldap.org/show_bug.cgi?id=9546 Issue ID: 9546 Summary: error:141A90B5:SSL routines:ssl_cipher_list_to_bytes:no ciphers available Product: OpenLDAP Version: 2.5.4 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: michael(a)stroeder.com Target Milestone: --- TL;DR: TLSCipherSuite HIGH in slapd.conf results in this error message both for incoming connections and out-going syncrepl connections: error:141A90B5:SSL routines:ssl_cipher_list_to_bytes:no ciphers available. If I comment TLSCipherSuite in the 2.5.4 slapd.conf everything works. Details: It fails when setting this in slapd provider (2.4.58) *and* consumer (2.5.4): TLSProtocolMin 3.3 TLSCipherSuite HIGH This works when connecting with 2.5.4 CLI tools to 2.4.58 server: LDAPNOINIT=1 LDAPTLS_PROTOCOL_MIN=3.3 LDAPTLS_CIPHER_SUITE=HIGH /opt/openldap-ms/bin/ldapwhoami .. But connecting even only with openssl s_client to 2.5.4 server does not work with the above TLSCipherSuite settings. All systems have OpenSSL 1.1.1k. The symlink /etc/crypto-policies/back-ends/openssl.config points to /usr/share/crypto-policies/DEFAULT/openssl.txt which has this single line: @SECLEVEL=2:kEECDH:kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:kRSAPSK:-aDSS:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8 Not sure what is really affected by this file. You can see how RPMs are built in OBS: https://build.opensuse.org/package/show/security:tls/openssl-1_1 https://build.opensuse.org/package/show/home:stroeder:openldap25/openldap-ms -- You are receiving this mail because: You are on the CC list for the issue.

1 2

[Issue 9618] New: Sync'ing is not happening in MDB_WRITEMAP mode on Windows with mdb.master3
by openldap-its＠openldap.org 28 Jul '21

28 Jul '21

https://bugs.openldap.org/show_bug.cgi?id=9618 Issue ID: 9618 Summary: Sync'ing is not happening in MDB_WRITEMAP mode on Windows with mdb.master3 Product: LMDB Version: 0.9.29 Hardware: All OS: Windows Status: UNCONFIRMED Severity: normal Priority: --- Component: liblmdb Assignee: bugs(a)openldap.org Reporter: kriszyp(a)gmail.com Target Milestone: --- Created attachment 831 --> https://bugs.openldap.org/attachment.cgi?id=831&action=edit Revert back to using standard FlushViewOfFile/FlushFileBuffers to sync data with WRITEMAP mode on Windows With ITS#9017, Windows sync'ing is performed by using the write-through (and overlapped) writes, as it performs much better than FlushViewOfFile/FlushFileBuffers. However, this functionality has regressed on mdb.master3 because performing the writes is dependent on tracking and writing the list of dirty pages, which is not tracked in WRITEMAP mode. This means that on mdb.master3, with MDB_WRITEMAP, sync'ing is not really happening on Windows. I think it is probably preferable to not try to maintain an exception for dirty page tracking in WRITEMAP mode just for Windows. The attached patch reverts back to using the standard map/file sync procedure (FlushViewOfFile/FlushFileBuffers) to sync data when in WRITEMAP on Windows. This still maintains the (better performing) write-through based sync technique for standard, non-WRITEMAP mode on Windows. -- You are receiving this mail because: You are on the CC list for the issue.

1 2

[Issue 9603] New: tcp wrappers no longer works with IPv6
by openldap-its＠openldap.org 27 Jul '21

27 Jul '21

https://bugs.openldap.org/show_bug.cgi?id=9603 Issue ID: 9603 Summary: tcp wrappers no longer works with IPv6 Product: OpenLDAP Version: 2.5.5 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: toby(a)inf.ed.ac.uk Target Milestone: --- Hi, OpenLDAP 2.5.5 Testing on Scientific Linux 7.9 It looks like slapd no longer passes an IPv6 address correctly to tcp wrappers. Steps to Reproduce: connect to 2.5.5 slapd over IPv6 with tcp-wrappers enabled. Actual Results: access is always denied Expected Results: access permitted for IP addresses in /etc/hosts.allow Additional information: The problem seems to be that an IPv6 address is passed to hosts_ctl (~line 2324 in servers/slapd/daemon.c) as "[ipv6-address]" (with enclosing '[' and ']') - rather than "ipv6-address", e.g. the logged output is: warning: can't resolve hostname ([2001:630:3c1:212:a2d3:c1ff:fe25:eec3]): Name or service not known fd=19 DENIED from unknown ([2001:630:3c1:212:a2d3:c1ff:fe25:eec3] ... when compared to a 2.4.59 slapd: fd=19 DENIED from unknown (2001:630:3c1:212:a2d3:c1ff:fe25:eec3) IPv4 connections work OK. Thanks Toby Blake School of Informatics University of Edinburgh -- You are receiving this mail because: You are on the CC list for the issue.

1 4

[Issue 9602] New: Remove the build warnings in tls_o.c
by openldap-its＠openldap.org 27 Jul '21

27 Jul '21

https://bugs.openldap.org/show_bug.cgi?id=9602 Issue ID: 9602 Summary: Remove the build warnings in tls_o.c Product: OpenLDAP Version: 2.5.5 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: libraries Assignee: bugs(a)openldap.org Reporter: Bin.Lan(a)windriver.com Target Milestone: --- Created attachment 829 --> https://bugs.openldap.org/attachment.cgi?id=829&action=edit the issue fix patch -- You are receiving this mail because: You are on the CC list for the issue.

1 4

[Issue 9601] New: Remove the build warnings in tpool.c
by openldap-its＠openldap.org 27 Jul '21

27 Jul '21

https://bugs.openldap.org/show_bug.cgi?id=9601 Issue ID: 9601 Summary: Remove the build warnings in tpool.c Product: OpenLDAP Version: 2.5.5 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: libraries Assignee: bugs(a)openldap.org Reporter: Bin.Lan(a)windriver.com Target Milestone: --- Created attachment 828 --> https://bugs.openldap.org/attachment.cgi?id=828&action=edit the issue patch tpool.c:721:12: warning: 8 enumeration values not handled in switch: 'LDAP_PVT_THREAD_POOL_PARAM_UNKNOWN', 'LDAP_PVT_THREAD_POOL_PARAM_MAX', 'LDAP_PVT_THREAD_POOL_PARAM_MAX_PENDING'... [-Wswitch] switch(param) { ^ 1 warning generated. -- You are receiving this mail because: You are on the CC list for the issue.

1 5

[Issue 9590] New: missed mutex unlock
by openldap-its＠openldap.org 27 Jul '21

27 Jul '21

https://bugs.openldap.org/show_bug.cgi?id=9590 Issue ID: 9590 Summary: missed mutex unlock Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: libraries Assignee: bugs(a)openldap.org Reporter: grapvar(a)gmail.com Target Milestone: --- Unlikely causes a harm, but oughts fixing ... diff --git a/libraries/libldap/open.c b/libraries/libldap/open.c index 7fe9f9c29..05f6a84c8 100644 --- a/libraries/libldap/open.c +++ b/libraries/libldap/open.c @@ -349,8 +349,9 @@ ldap_init_fd( LDAP_MUTEX_LOCK( &ld->ld_conn_mutex ); /* Attach the passed socket as the LDAP's connection */ conn = ldap_new_connection( ld, NULL, 1, 0, NULL, 0, 0 ); if( conn == NULL ) { + LDAP_MUTEX_UNLOCK( &ld->ld_conn_mutex ); ldap_unbind_ext( ld, NULL, NULL ); return( LDAP_NO_MEMORY ); } if( url ) -- You are receiving this mail because: You are on the CC list for the issue.

1 5

[Issue 9578] New: Buffer overflow at libraries/libldap/ldif.c:907 (ldif_read_record)
by openldap-its＠openldap.org 27 Jul '21

27 Jul '21

https://bugs.openldap.org/show_bug.cgi?id=9578 Issue ID: 9578 Summary: Buffer overflow at libraries/libldap/ldif.c:907 (ldif_read_record) Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: libraries Assignee: bugs(a)openldap.org Reporter: grapvar(a)gmail.com Target Milestone: --- Created attachment 827 --> https://bugs.openldap.org/attachment.cgi?id=827&action=edit fix libraries/libldap/ldif.c:829 > /* Squash \r\n to \n */ > if ( len > 1 && line[len-2] == '\r' ) { > len--; > line[len-1] = '\n'; > } may cause buffer overflow at libraries/libldap/ldif.c:907 > strcpy( *bufp + lcur, line ); -- You are receiving this mail because: You are on the CC list for the issue.

1 3

[Issue 9614] New: Admin guide does not document olcMultiVal
by openldap-its＠openldap.org 27 Jul '21

27 Jul '21

https://bugs.openldap.org/show_bug.cgi?id=9614 Issue ID: 9614 Summary: Admin guide does not document olcMultiVal Product: OpenLDAP Version: 2.5.5 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: documentation Assignee: bugs(a)openldap.org Reporter: quanah(a)openldap.org Target Milestone: --- The admin guide is missing documentation on the new olcMultiVal attribute despite it being noted in the admin guide 2.5 upgrade section. Need to add a detailed section on it. -- You are receiving this mail because: You are on the CC list for the issue.

1 5

[Issue 9613] New: olcIdlExp is not documented in the admin guide
by openldap-its＠openldap.org 27 Jul '21

27 Jul '21

https://bugs.openldap.org/show_bug.cgi?id=9613 Issue ID: 9613 Summary: olcIdlExp is not documented in the admin guide Product: OpenLDAP Version: 2.5.5 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: documentation Assignee: bugs(a)openldap.org Reporter: quanah(a)openldap.org Target Milestone: --- The admin guide does not document idlexp but does recommend configuring it before upgrading to 2.5. We need to add this to the admin guide with a detailed explanation of what it does. -- You are receiving this mail because: You are on the CC list for the issue.

1 4

[Issue 9591] New: Solaris builds broken due to map file
by openldap-its＠openldap.org 27 Jul '21

27 Jul '21

https://bugs.openldap.org/show_bug.cgi?id=9591 Issue ID: 9591 Summary: Solaris builds broken due to map file Product: OpenLDAP Version: 2.5.5 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: build Assignee: bugs(a)openldap.org Reporter: quanah(a)openldap.org Target Milestone: --- Solaris 11.4 fails to build because it uses a different option for the library symbol versioning map file. We need to detect this and provide the correct option (more at https://blogs.oracle.com/solaris/regex_and_glob_for_mapfiles-v2) -- You are receiving this mail because: You are on the CC list for the issue.

1 6

← Newer
1
...
7
8
9
10
11
12
13
...
27
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs July 2021