stable

openldap-2.6.8-6.fc41

FEDORA-2024-0e4b20f715 created by spichugi 2 months ago for Fedora 41

Update for openldap-2.6.8-6.fc41.

Changelog

* Thu Dec 05 2024 Simon Pichugin <spichugi@redhat.com> - 2.6.8-6
- Avoid SSL context cleanup during library destruction (rhbz#2330711)

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2024-0e4b20f715

This update has been submitted for testing by spichugi.

2 months ago

This update's test gating status has been changed to 'waiting'.

2 months ago

This update's test gating status has been changed to 'waiting'.

2 months ago
User Icon bojan commented & provided feedback 2 months ago

Any chance of considering the PRs opened against the RPM? Fedora (and EPEL) packages still use SHA1 for password hashing, advertise argon2, but don't implement it etc. Surely, it is not that complicated, right?

This update's test gating status has been changed to 'passed'.

2 months ago
User Icon spichugi commented & provided feedback 2 months ago

Any chance of considering the PRs opened against the RPM? Fedora (and EPEL) packages still use SHA1 for password hashing, advertise argon2, but don't implement it etc. Surely, it is not that complicated, right?

Sorry, I'm not sure I fully understand what you mean... The change https://bugzilla.redhat.com/show_bug.cgi?id=2330711 is a bugfix which generally fixes a crash in libraries that use OpenSSL. You can find more information here: https://github.com/openssl/openssl/issues/25294

I include this patch because OpenSSL expects certain behaviours, and OpenLDAP Upstream doesn't plan on implementing them.

User Icon bojan commented & provided feedback 2 months ago

I mean, given that you are patching OpenLDAP as part of its maintenance, there are a number of pull requests opened against it right now, for missing functionality:

https://src.fedoraproject.org/rpms/openldap/pull-requests

There is also a bug that mentions missing argon2, despite being explicitly mentioned as available:

https://bugzilla.redhat.com/show_bug.cgi?id=2229405

So, given you are patching OpenLDAP, maybe go through these, accept/reject them or ask for a rework.

User Icon spichugi commented & provided feedback 2 months ago

I plan to deal with them soon, but I still haven't had a chance. Most of them concern the OpenLDAP Server package, and I recently had enough capacity to deal with client and library parts only (and even then, CentOS Stream and RHEL were the priority).

Anyway, this release is not about them:)

BTW, the Argon2 issue is the first I'll check when I get time, no worries here! Thank you!

User Icon bojan commented & provided feedback 2 months ago

Awesome, thank you!

This update has been pushed to testing.

2 months ago
karma
User Icon filiperosset commented & provided feedback 2 months ago
karma

no regressions noted

This update can be pushed to stable now if the maintainer wishes

2 months ago
User Icon derekenz commented & provided feedback 2 months ago
karma

Works

This update has been submitted for stable by bodhi.

2 months ago

This update has been pushed to stable.

2 months ago

Please login to add feedback.

Metadata
Type
unspecified
Karma
3
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
14 days
Dates
submitted
2 months ago
in testing
2 months ago
in stable
2 months ago
approved
2 months ago
BZ#2330711 OpenLDAP should leak the SSL ctx and not try to free it in a destructor [f41]
0
0

Automated Test Results