Your message dated Mon, 11 Apr 2011 21:54:26 +0000 with message-id <e1q9p3y-0003yr...@franck.debian.org> and subject line Bug#618904: fixed in openldap 2.4.25-1 has caused the Debian Bug report #618904, regarding openldap 2.4.23 slapd server process frequently hangs during everyday use to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 618904: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=618904 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: slapd Version: 2.4.23-7 Severity: critical Tags: squeeze After upgrading our LDAP server from lenny (2.4.11) to squeeze (2.4.23), we have found that the slapd process frequently hangs when adding new objects to the LDAP tree. The server freezes and will not accept any new connections until it is forcibly terminated with kill -9 and then the slapd process restarted. When the slapd process has hung, I see the following backtrace in gdb: (gdb) bt full #0 0x00007fa50aca8be5 in pthread_join (threadid=140346751547136, thread_return=0x0) at pthread_join.c:89 __ignore = <value optimized out> _tid = 10340 _buffer = {__routine = 0x7fa50aca8ab0 <cleanup>, __arg = 0x7fa506457d28, __canceltype = 105216464, __prev = 0x0} oldtype = 0 result = <value optimized out> #1 0x000000000042d72c in slapd_daemon () at /home/devel/openldap/trunk/servers/slapd/daemon.c:2842 listener_tid = 140346751547136 rc = 0 #2 0x000000000041ae6a in main (argc=9, argv=0x7fffd2f2e5b0) at /home/devel/openldap/trunk/servers/slapd/main.c:961 i = 9 no_detach = 0 rc = -12 urls = 0x7df0c0 "ldap:/// ldapi:///" username = 0x7df100 "root" groupname = 0x7df0e0 "ldap" sandbox = 0x0 syslogUser = 160 configfile = 0x7df120 "/etc/ldap/slapd.conf" configdir = 0x0 serverName = <value optimized out> scp = <value optimized out> scp_entry = <value optimized out> debug_unknowns = 0x0 syslog_unknowns = 0x0 slapd_pid_file_unlink = 1 slapd_args_file_unlink = 1 firstopt = <value optimized out> __PRETTY_FUNCTION__ = "main" (gdb) This suggests that there may be some kind of thread locking issue occurring which is causing the main process to hang. I have raised this with upstream here: http://www.openldap.org/lists/openldap-technical/201103/msg00175.html and confirmed that the same issue occurs on a vanilla build of 2.4.23. Further testing here shows that issue appears to be resolved in 2.4.24. This is an extremely critical DOS issue and means that Squeeze's 2.4.23 packages are unusable in a production environment. -- System Information: Debian Release: 6.0 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages slapd depends on: ii adduser 3.112+nmu2 add and remove users and groups ii coreutils 8.5-1 GNU core utilities ii debconf [debconf-2.0] 1.5.36.1 Debian configuration management sy ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib ii libdb4.8 4.8.30-2 Berkeley v4.8 Database Libraries [ ii libgnutls26 2.8.6-1 the GNU TLS library - runtime libr ii libldap-2.4-2 2.4.23-7 OpenLDAP libraries ii libltdl7 2.2.6b-2 A system independent dlopen wrappe ii libperl5.10 5.10.1-17 shared Perl library ii libsasl2-2 2.1.23.dfsg1-7 Cyrus SASL - authentication abstra ii libslp1 1.2.1-7.8 OpenSLP libraries ii libuuid1 2.17.2-9 Universally Unique ID library ii libwrap0 7.6.q-19 Wietse Venema's TCP wrappers libra ii lsb-base 3.2-23.2squeeze1 Linux Standard Base 3.2 init scrip ii perl [libmime-base64-pe 5.10.1-17 Larry Wall's Practical Extraction ii psmisc 22.11-1 utilities that use the proc file s ii unixodbc 2.2.14p2-1 ODBC tools libraries Versions of packages slapd recommends: ii libsasl2-modules 2.1.23.dfsg1-7 Cyrus SASL - pluggable authenticat Versions of packages slapd suggests: ii ldap-utils 2.4.23-7 OpenLDAP utilities -- debconf information excluded -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
--- End Message ---
--- Begin Message ---Source: openldap Source-Version: 2.4.25-1 We believe that the bug you reported is fixed in the latest version of openldap, which is due to be installed in the Debian FTP archive: ldap-utils_2.4.25-1_amd64.deb to main/o/openldap/ldap-utils_2.4.25-1_amd64.deb libldap-2.4-2-dbg_2.4.25-1_amd64.deb to main/o/openldap/libldap-2.4-2-dbg_2.4.25-1_amd64.deb libldap-2.4-2_2.4.25-1_amd64.deb to main/o/openldap/libldap-2.4-2_2.4.25-1_amd64.deb libldap2-dev_2.4.25-1_amd64.deb to main/o/openldap/libldap2-dev_2.4.25-1_amd64.deb openldap_2.4.25-1.diff.gz to main/o/openldap/openldap_2.4.25-1.diff.gz openldap_2.4.25-1.dsc to main/o/openldap/openldap_2.4.25-1.dsc openldap_2.4.25.orig.tar.gz to main/o/openldap/openldap_2.4.25.orig.tar.gz slapd-dbg_2.4.25-1_amd64.deb to main/o/openldap/slapd-dbg_2.4.25-1_amd64.deb slapd-smbk5pwd_2.4.25-1_amd64.deb to main/o/openldap/slapd-smbk5pwd_2.4.25-1_amd64.deb slapd_2.4.25-1_amd64.deb to main/o/openldap/slapd_2.4.25-1_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 618...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Matthijs Möhlmann <matth...@cacholong.nl> (supplier of updated openldap package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Mon, 11 Apr 2011 22:10:14 +0200 Source: openldap Binary: slapd slapd-smbk5pwd ldap-utils libldap-2.4-2 libldap-2.4-2-dbg libldap2-dev slapd-dbg Architecture: source amd64 Version: 2.4.25-1 Distribution: unstable Urgency: low Maintainer: Debian OpenLDAP Maintainers <pkg-openldap-de...@lists.alioth.debian.org> Changed-By: Matthijs Möhlmann <matth...@cacholong.nl> Description: ldap-utils - OpenLDAP utilities libldap-2.4-2 - OpenLDAP libraries libldap-2.4-2-dbg - Debugging information for OpenLDAP libraries libldap2-dev - OpenLDAP development libraries slapd - OpenLDAP server (slapd) slapd-dbg - Debugging information for the OpenLDAP server (slapd) slapd-smbk5pwd - Keeps Samba and Kerberos passwords in sync within slapd. Closes: 555409 555867 598361 601569 606815 608699 608813 616164 616703 617606 618904 621925 Changes: openldap (2.4.25-1) unstable; urgency=low . * New upstream version (Closes: #617606, #618904, #606815, #608813) - Fixes CVE-2011-1024, CVE-2011-1025, CVE-2011-1081 - slapd server process frequently hangs during everyday usage is fixed in newer versions of openldap according to the bug submitter * Refresh all patches * Remove manpage-tlscyphersuite-additions, applied upstream * Remove issue-6534-patch, applied upstream * Add Slovak translation, thanks Slavko <li...@slavino.sk> (Closes: #608699) * Add debian specific patch for ldap.conf. Add TLS_CACERT option and set it by default to /etc/ssl/certs/ca-certificates.crt (Closes: #555409, #616703) * Add patch to fix a FTBFS with binutils-gold (Closes: #555867) * Add slapschema, just hardlink it (Closes: #601569) * Update patch service-operational-before-detach (Closes: #616164, #598361) * Add ldif_* symbols to libldap-2.4-2 * Add upstream patch for a locking issue in libldap_r * Fix build failure, use @SHELL@ instead of hardcoded /bin/sh (build/top.mk) (Closes: #621925) Checksums-Sha1: d26deae49f9e2afce8d1457633b7c0d6ef31a431 2501 openldap_2.4.25-1.dsc 7826c6f63a07617ba853d053e33c3775997d0f0f 4541300 openldap_2.4.25.orig.tar.gz 8d040121feb1d54fa89e24635c3a31f8b8422974 157791 openldap_2.4.25-1.diff.gz 662bce7e578ea5de1fce3ae1f560c420463b8947 1646490 slapd_2.4.25-1_amd64.deb d56b40ef1da54ed6ace57716bcfc4770109a2f11 59154 slapd-smbk5pwd_2.4.25-1_amd64.deb ff14b95ff4d2f96d08f3e580fe2b988d9cc9abc4 302482 ldap-utils_2.4.25-1_amd64.deb 7666bb55d8e0af2ee21a089f9883a9fc9a70d01e 220810 libldap-2.4-2_2.4.25-1_amd64.deb ed87662814278c3c1b8d7011865e68c2f723a000 349124 libldap-2.4-2-dbg_2.4.25-1_amd64.deb 163642795f21291af3465704efe3d17948d6dc97 1103104 libldap2-dev_2.4.25-1_amd64.deb 25dc045dc786aece54f50f1ba20c96c738bcd292 4434304 slapd-dbg_2.4.25-1_amd64.deb Checksums-Sha256: 32bd4fb81d50037959d62eacbf72f4d96894be864e1befbdda0beed60a5f4732 2501 openldap_2.4.25-1.dsc a59a89768e6c63219a0da34cbbb6250a208b7d576e0b40a9a90b150de480ec0c 4541300 openldap_2.4.25.orig.tar.gz 9896b00d9e85564b996797fdce731f48aa7680a1d89f761873dbf36a3e1ffab9 157791 openldap_2.4.25-1.diff.gz c8710dc8d7c2c191b6a6a1aad31a52121cd84f663e7ad66049a2b77da8dd83a2 1646490 slapd_2.4.25-1_amd64.deb 92645e531e8b1995955d20fd9672019536c7f544ddfe0f97cd016e75afc0a420 59154 slapd-smbk5pwd_2.4.25-1_amd64.deb 8bc27e9cf9ca653de398f3a1a295bdec79dc1f51cbd926f8040388c3b432f9f4 302482 ldap-utils_2.4.25-1_amd64.deb 6803988ac52826dc9ffe16a76799061bf8a517459a72243956c218bd4978eb9c 220810 libldap-2.4-2_2.4.25-1_amd64.deb 89d82462fc765a9eacc0faecbdff77ce6eeb0da919ce70689a6c4c2b861ba364 349124 libldap-2.4-2-dbg_2.4.25-1_amd64.deb 8a1737bb9ede6f5a95f20e0e9d983aeac6a60d912441267d3697f3bc1712d304 1103104 libldap2-dev_2.4.25-1_amd64.deb 61e03ba289bfa23ec621941c650dad0d4a392b0d1af44646ab0c8304f524649b 4434304 slapd-dbg_2.4.25-1_amd64.deb Files: 98eef6672dbe2454faf12327bf112541 2501 net optional openldap_2.4.25-1.dsc 0ecf35eeaf859d59b529b424c7275e6a 4541300 net optional openldap_2.4.25.orig.tar.gz 5b45b6c3f1a3771883a6b49e3e08a693 157791 net optional openldap_2.4.25-1.diff.gz 0fe51be7b6ba407ee80c6a85361083ab 1646490 net optional slapd_2.4.25-1_amd64.deb bc77940d181a72d0d040dc4fa90b6eeb 59154 net extra slapd-smbk5pwd_2.4.25-1_amd64.deb e0b95b9a939c5118dcd80052c0a76446 302482 net optional ldap-utils_2.4.25-1_amd64.deb 3cd9b7f19298cdb94305a0b0dde1f71a 220810 libs standard libldap-2.4-2_2.4.25-1_amd64.deb d2d5c2e31ccdddbc9977d771e0ffb82f 349124 debug extra libldap-2.4-2-dbg_2.4.25-1_amd64.deb a73b5b3b625d7d15654f3ffddd168ac5 1103104 libdevel extra libldap2-dev_2.4.25-1_amd64.deb da0dce16855c9938787f8141ccd8ab7e 4434304 debug extra slapd-dbg_2.4.25-1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGBQJNo2m3AAoJEBXBjvSJ+ky+PqoP/2hQMz+Huu/N8ZC5B/GjvYjw zIgq4CO25thbJn3/n6Vo5JwZTzViOiNVzJUhRHLnP+Ov+dfWBVS34MCFbhi9PssK iMx3S8RjfgEt7kjISEzT9FKoGLVNdHxE5vgkD+1I9k1b958hWkTn9b8MuhLXTtmo nmGvkMsNiy8kw8oj6ujDiULVZKkNHniMQLULNx+pThnOdWQWp/qivqE/k5wB1gPv nZYqN8yNjcUmZqNcW6qKw3Wkc06lCE09FXqriYqv5+KHmY1PXD8e4klivMCUlEgr Bf9VD14k8iezEWHMWqHhBAP0zDOgbvOKUjIYP9Az/EBbDpJDmbvk5CN9nM9UmJFp SmxF5yeur5QsdwL3F5EdmpIBY72voYJ7ATgzE4Pgu/1Nk4SPkhlr0SbjmtNPcZqO OI9JBFMYW/d53CLgwQqcSnNRFpIGqddiMieR0y0i3n7KpMabiJ9TINSw0n2WbJOX zAfdnk0JPcxqXOVxtHsml5Q//Fj6bqiEWj04CuRp5GN7miIJ9aNIuKo3E7DH53Ic vTppzpdXqcUN+MTX+gYj+pIv8C21wnydCsjvXRsGJTiK75uK9c9sNgZVeghTOWzJ uMouOzIdMz/JyBm06cX+ILLv2KTnuCaSkw1D6qggTvEsBC6Q8n2QsTMW0wGifD6x puXTTJP+63akq2ellXoz =Mcq3 -----END PGP SIGNATURE-----
--- End Message ---
