Comments

8 Comments

I plan to deal with them soon, but I still haven't had a chance. Most of them concern the OpenLDAP Server package, and I recently had enough capacity to deal with client and library parts only (and even then, CentOS Stream and RHEL were the priority).

Anyway, this release is not about them:)

BTW, the Argon2 issue is the first I'll check when I get time, no worries here! Thank you!

Any chance of considering the PRs opened against the RPM? Fedora (and EPEL) packages still use SHA1 for password hashing, advertise argon2, but don't implement it etc. Surely, it is not that complicated, right?

Sorry, I'm not sure I fully understand what you mean... The change https://bugzilla.redhat.com/show_bug.cgi?id=2330711 is a bugfix which generally fixes a crash in libraries that use OpenSSL. You can find more information here: https://github.com/openssl/openssl/issues/25294

I include this patch because OpenSSL expects certain behaviours, and OpenLDAP Upstream doesn't plan on implementing them.

karma

works

BZ#2152171 "pytest" script runs tests without user's personal libraries

Simon, could you please talk to your collaborators from upstream and ensure that python-ldap no removes features in patch releases with important updates?

I'm really sorry it has happened! I'll keep a closer eye next time. Thank you!

I get the need to be careful going from below 2.6 to 2.6. But, for a patch version upgrade? Is there no other way to figure out that required conversion steps have been done and just let slapd start?

I think it's better to check each time the package is updated. Even in the minor version, something may happen that will affect some particular user. OpenLDAP package in Fedora doesn't have any automated upgrade scripts.

But I'm open to discussion. If I'll see Bugzillas being open by users (for now, no one mentioned that besides you). I'll start a discussion in the Fedora Devel list and gather opinions. And then I'll adjust the logic accordingly.

For now, I think it's safer to follow official OpenLDAP recommendations (doing backup on each upgrade).

@bojan, thanks for testing! It's actually intentional. UPGRADE_INSTRUCTIONS file is placed on any upgrade. As per upstream, any version update should be done very carefully (https://www.openldap.org/doc/admin26/maintenance.html).

Ideally, the administrator should perform the actions before the package update. But it's not always possible, so we provide the additional safety mechanism in Fedora.