Opened 3 months ago
Closed 3 months ago
#19211 closed enhancement (fixed)
openldap-2.6.7
| Reported by: | Bruce Dubbs | Owned by: | Rahul Chandra |
|---|---|---|---|
| Priority: | elevated | Milestone: | 12.1 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New point version.
Change History (10)
comment:2 by , 3 months ago
diff -Naurp openldap-2.6.2.orig/servers/slapd/slapd.ldif openldap-2.6.2/servers/slapd/slapd.ldif --- openldap-2.6.2.orig/servers/slapd/slapd.ldif 2022-05-04 16:55:23.000000000 +0200 +++ openldap-2.6.2/servers/slapd/slapd.ldif 2022-05-05 12:05:53.332727816 +0200 @@ -9,8 +9,8 @@ cn: config # # Define global ACLs to disable default read access. # -olcArgsFile: %LOCALSTATEDIR%/run/slapd.args -olcPidFile: %LOCALSTATEDIR%/run/slapd.pid +olcArgsFile: %LOCALSTATEDIR%/run/openldap/slapd.args +olcPidFile: %LOCALSTATEDIR%/run/openldap/slapd.pid
Should be updated to
+olcArgsFile: /run/openldap/slapd.args +olcPidFile: /run/openldap/slapd.pid
as /var/run is deprecated.
comment:3 by , 3 months ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
follow-up: 5 comment:4 by , 3 months ago
follow-up: 6 comment:5 by , 3 months ago
Replying to Xi Ruoyao:
Updated patch: https://www.linuxfromscratch.org/patches/downloads/openldap/openldap-2.6.7-consolidated-1.patch
Wait a minute, I'm missing some /var/run -> /run change. I'll do an update immediately...
comment:6 by , 3 months ago
Replying to Xi Ruoyao:
Replying to Xi Ruoyao:
Updated patch: https://www.linuxfromscratch.org/patches/downloads/openldap/openldap-2.6.7-consolidated-1.patch
Wait a minute, I'm missing some /var/run -> /run change. I'll do an update immediately...
Done.
comment:7 by , 3 months ago
| Priority: | normal → elevated |
|---|
Marking as Elevated since the release notes mention a security issue.
A new maintentance release for the 2.6 Feature series has been released, fixing a security issue. - ITS#10139 Fixed slapd to honour disclose in matchedDN handling
The rest of the release notes:
OpenLDAP 2.6.7 Release (2024/01/29)
Added slapo-dynlist option to disable filter support (ITS#10025)
Fixed liblber missing newline on long msg (ITS#10105)
Fixed libldap exit handling with OpenSSL3 (ITS#9952)
Fixed libldap with TLS and multiple ldap URIs (ITS#10101)
Fixed libldap OpenSSL cipher suite handling (ITS#10094)
Fixed libldap OpenSSL 3.0 and Diffie-Hellman param files (ITS#10124)
Fixed libldap timestamps on Windows (ITS#10100)
Fixed lloadd to work when resolv.conf is missing (ITS#10070)
Fixed lloadd handling of closing connection (ITS#10083)
Fixed lloadd tiers to be correctly linked on startup (ITS#10142)
Fixed slapd to honour disclose in matchedDN handling (ITS#10139)
Fixed slapd handling of regex testing in ACLs (ITS#10089)
Fixed slapd sync replication with glued database (ITS#10080)
Fixed slapd local logging on Windows (ITS#10092)
Fixed slapd-asyncmeta when remote suffix is empty (ITS#10076)
Fixed slapo-dynlist so it can't be global (ITS#10091)
Build
Fixed lloadd type mismatches (ITS#10074)
Fixed builds for Windows (ITS#10117)
Fixed build with clang16 (ITS#10123)
Documentation
Fixed slapo-homedir(5) attribute name for olcHomedirArchivePath (ITS#10057)
comment:8 by , 3 months ago
The bug for the security issue can be found at https://bugs.openldap.org/show_bug.cgi?id=10139
comment:10 by , 3 months ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Fixed @ d57fcad3dc93686010aab452b107447791a60067 - talloc-2.4.2 cb7d0f08abb1380774273ce0a2789acbbd7eb434 - cmake-3.28.2 34a96c3f57174bc2e072e68c218705c55a6859ad - neon-0.33.0 e746ac69423b1564ae459aaf34c8fc09c67e74ec - openldap-2.6.7
The patch fails to apply (due to the bogus ".orig" files). We should removing the creation of the ".orig" files from the patch (I bet they were introduced during one not-so-careful rediff).