On 04/07/2015 01:32 PM, Oleg Strikov wrote: > Client may crash itself > by passing incorrect cipher suite to the API. While that's sad, it > doesn't crash slapd itself To the contrary, it certainly does crash slapd itself. Anyone upgrading will at some point silently switch from a slapd that used openssl to gnutls --- without the package warning about nor updating the apropos config string. As a result, "apt-get update;apt-get upgrade" results in slapd crashing with a double free as it loads the previous conf file. Most package maintainers would refer to this as a regression inasmuch as the typical upgrade process fails to start and without any obvious warning. The answer may be found by spending many hours googling for 'what the heck'. For over a year this has gone unfixed.
At least improve the upgrade script to warn the installer and prevent slapd from starting until some flag is set noting the user has corrected the string and is aware the developers won't fix the issue. In the alternative, I think a much better approach is to put a versions of all these and related packages compiled against openSSL in the appropriate repository. It is not material to me whether this is fixed or not as I've removed all packages using gnutls until it's more mature, and won't revisit this again for at least four years. In fact I'm looking for other distros like Mint that actually check whether upgrades generate regressions and classify risk assessments that allow only proven upgrades to succeed. It's really quite an eye-opener to me that a distro aiming to be deployed outside the sole-user world doesn't see this as a problem. -- Harry G Coin Quiet Fountain LLC 2118 Lundy Ln Bettendorf, Iowa 52722 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1103353 Title: Invalid GnuTLS cipher suite strings causes libldap to crash To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1103353/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
