Debian Bug report logs - #541256
TLS: could not set cipher list TLS_RSA_AES_256_CBC_SHA1

version graph

Package: slapd; Maintainer for slapd is Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>; Source for slapd is src:openldap.

Reported by: vedranf@vedranf.mine.nu

Date: Wed, 12 Aug 2009 19:12:01 UTC

Severity: important

Tags: confirmed, upstream

Found in versions openldap/2.4.17-1, openldap/2.4.25-1

Forwarded to http://www.openldap.org/its/?findid=6251

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>:
Bug#541256; Package slapd. (Wed, 12 Aug 2009 19:12:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to vedranf@vedranf.mine.nu:
New Bug report received and forwarded. Copy sent to Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>. (Wed, 12 Aug 2009 19:12:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Vedran Furač <vedranf@vedranf.mine.nu>
To: submit@bugs.debian.org
Subject: TLS: could not set cipher list TLS_RSA_AES_256_CBC_SHA1
Date: Wed, 12 Aug 2009 21:06:52 +0200
Package: slapd
Version: 2.4.17-1
Severity: important

OpenLDAP+gnutls worked fine for me for more than a year, but now I have
TLS problems again. It started on my unstable client when libnss-ldap
reported:

TLS: could not set cipher list TLS_RSA_AES_256_CBC_SHA1

Then I upgraded gnutls and ldap on my server from lenny to unstable and
now even slapd doesn't start:

TLS: could not set cipher list TLS_RSA_AES_256_CBC_SHA1.
main: TLS init def ctx failed: -1

If I comment out line which defines cipher:

TLSCipherSuite     TLS_RSA_AES_256_CBC_SHA1

it works again.

$ gnutls-cli -l|grep TLS_RSA_AES_256_CBC_SHA1
TLS_RSA_AES_256_CBC_SHA1     0x00, 0x35      SSL3.0

...so I don't see why it shouldn't work.

Thanks, bye!


-- System Information:
Debian Release: 5.0.2
  APT prefers stable
  APT policy: (990, 'stable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-2-686 (SMP w/1 CPU core)
Locale: LANG=hr_HR.UTF-8, LC_CTYPE=hr_HR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages slapd depends on:
ii  adduser                   3.110          add and remove users and groups
ii  coreutils                 6.10-6         The GNU core utilities
ii  debconf [debconf-2.0]     1.5.24         Debian configuration
management sy
ii  libc6                     2.9-23         GNU C Library: Shared libraries
ii  libdb4.7                  4.7.25-7       Berkeley v4.7 Database
Libraries [
ii  libgnutls26               2.6.6-1        the GNU TLS library -
runtime libr
ii  libldap-2.4-2             2.4.17-1       OpenLDAP libraries
ii  libltdl7                  2.2.6a-4       A system independent dlopen
wrappe
ii  libperl5.10               5.10.0-19      Shared Perl library
ii  libsasl2-2                2.1.23.dfsg1-1 Cyrus SASL - authentication
abstra
ii  libslp1                   1.2.1-7.5      OpenSLP libraries
ii  libwrap0                  7.6.q-16       Wietse Venema's TCP
wrappers libra
ii  perl [libmime-base64-perl 5.10.0-19      Larry Wall's Practical
Extraction
ii  psmisc                    22.6-1         Utilities that use the proc
filesy
ii  unixodbc                  2.2.11-16      ODBC tools libraries

Versions of packages slapd recommends:
ii  libsasl2-modules          2.1.23.dfsg1-1 Cyrus SASL - pluggable
authenticat

Versions of packages slapd suggests:
ii  ldap-utils                    2.4.17-1   OpenLDAP utilities

-- debconf information:
* slapd/tlsciphersuite:
  slapd/fix_directory: true
  shared/organization: nodomain
  slapd/upgrade_slapcat_failure:
  slapd/backend: BDB
  slapd/allow_ldap_v2: false
  slapd/no_configuration: false
  slapd/move_old_database: true
  slapd/suffix_change: false
  slapd/slave_databases_require_updateref:
  slapd/dump_database_destdir: /var/backups/slapd-VERSION
  slapd/autoconf_modules: true
  slapd/domain: nodomain
  slapd/password_mismatch:
  slapd/invalid_config: true
  slapd/slurpd_obsolete:
  slapd/upgrade_slapadd_failure:
  slapd/dump_database: when needed
  slapd/migrate_ldbm_to_bdb: false
  slapd/purge_database: false





Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>:
Bug#541256; Package slapd. (Wed, 12 Aug 2009 19:36:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Quanah Gibson-Mount <quanah@zimbra.com>:
Extra info received and forwarded to list. Copy sent to Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>. (Wed, 12 Aug 2009 19:36:05 GMT) Full text and rfc822 format available.

Message #10 received at 541256@bugs.debian.org (full text, mbox):

From: Quanah Gibson-Mount <quanah@zimbra.com>
To: vedranf@vedranf.mine.nu, 541256@bugs.debian.org
Subject: Re: [Pkg-openldap-devel] Bug#541256: TLS: could not set cipher list TLS_RSA_AES_256_CBC_SHA1
Date: Wed, 12 Aug 2009 12:22:05 -0700
--On Wednesday, August 12, 2009 9:06 PM +0200 Vedran Furač 
<vedranf@vedranf.mine.nu> wrote:

> Package: slapd
> Version: 2.4.17-1
> Severity: important
>
> OpenLDAP+gnutls worked fine for me for more than a year, but now I have
> TLS problems again. It started on my unstable client when libnss-ldap
> reported:
>
> TLS: could not set cipher list TLS_RSA_AES_256_CBC_SHA1
>
> Then I upgraded gnutls and ldap on my server from lenny to unstable and
> now even slapd doesn't start:
>
> TLS: could not set cipher list TLS_RSA_AES_256_CBC_SHA1.
> main: TLS init def ctx failed: -1
>
> If I comment out line which defines cipher:
>
> TLSCipherSuite     TLS_RSA_AES_256_CBC_SHA1
>
> it works again.
>
> $ gnutls-cli -l|grep TLS_RSA_AES_256_CBC_SHA1
> TLS_RSA_AES_256_CBC_SHA1     0x00, 0x35      SSL3.0
>
> ...so I don't see why it shouldn't work.
>
> Thanks, bye!


Filed upstream:

<http://www.openldap.org/its/index.cgi/?findid=6251>

Note that a difference for GnuTLS with 2.4.17 is that it uses gcrypt if a 
newer GnuTLS is detected, so it is possible gcrypt is broken.

--Quanah

--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration




Added tag(s) upstream. Request was from Steve Langasek <vorlon@debian.org> to control@bugs.debian.org. (Wed, 12 Aug 2009 20:12:07 GMT) Full text and rfc822 format available.

Set Bug forwarded-to-address to 'http://www.openldap.org/its/?findid=6251'. Request was from Steve Langasek <vorlon@debian.org> to control@bugs.debian.org. (Wed, 12 Aug 2009 20:12:08 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>:
Bug#541256; Package slapd. (Wed, 12 Aug 2009 21:51:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Quanah Gibson-Mount <quanah@zimbra.com>:
Extra info received and forwarded to list. Copy sent to Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>. (Wed, 12 Aug 2009 21:51:02 GMT) Full text and rfc822 format available.

Message #19 received at 541256@bugs.debian.org (full text, mbox):

From: Quanah Gibson-Mount <quanah@zimbra.com>
To: 541256@bugs.debian.org, vedranf@vedranf.mine.nu
Subject: Re: [Pkg-openldap-devel] Bug#541256: Bug#541256: TLS: could not set cipher list TLS_RSA_AES_256_CBC_SHA1
Date: Wed, 12 Aug 2009 14:49:05 -0700
--On Wednesday, August 12, 2009 12:22 PM -0700 Quanah Gibson-Mount 
<quanah@zimbra.com> wrote:

>> Thanks, bye!
>
>
> Filed upstream:
>
> <http://www.openldap.org/its/index.cgi/?findid=6251>
>
> Note that a difference for GnuTLS with 2.4.17 is that it uses gcrypt if a
> newer GnuTLS is detected, so it is possible gcrypt is broken.

Please see the upstream comments.  The issue is broken behavior on GnuTLS' 
part.

--Quanah

--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration




Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>:
Bug#541256; Package slapd. (Thu, 13 Aug 2009 00:15:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to vedranf@vedranf.mine.nu:
Extra info received and forwarded to list. Copy sent to Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>. (Thu, 13 Aug 2009 00:15:06 GMT) Full text and rfc822 format available.

Message #24 received at 541256@bugs.debian.org (full text, mbox):

From: Vedran Furač <vedranf@vedranf.mine.nu>
To: Quanah Gibson-Mount <quanah@zimbra.com>
Cc: 541256@bugs.debian.org
Subject: Re: [Pkg-openldap-devel] Bug#541256: Bug#541256: TLS: could not set cipher list TLS_RSA_AES_256_CBC_SHA1
Date: Thu, 13 Aug 2009 02:12:43 +0200
Quanah Gibson-Mount wrote:

> --On Wednesday, August 12, 2009 12:22 PM -0700 Quanah Gibson-Mount 
> <quanah@zimbra.com> wrote:
> 
>>> Thanks, bye!
>>
>> Filed upstream:
>>
>> <http://www.openldap.org/its/index.cgi/?findid=6251>
>>
>> Note that a difference for GnuTLS with 2.4.17 is that it uses gcrypt if a
>> newer GnuTLS is detected, so it is possible gcrypt is broken.
> 
> Please see the upstream comments.  The issue is broken behavior on GnuTLS' 
> part.

Ah... I see. Thanks for forwarding it! Anyway, I tried his suggestion
and changed slapd.conf on server side and libnss/pam_ldap.conf/ldap.conf
on client to have:

TLSCipherSuite     +AES-256-CBC:+SHA1

Now slapd starts, but connection (e.g. getent passwd) to it fails with:

TLS: can't connect: No supported cipher suites have been found..

And ldapsearch -ZZ:

TLS: can't connect: A TLS packet with unexpected length was received.


Regards!







Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>:
Bug#541256; Package slapd. (Thu, 13 Aug 2009 00:21:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Quanah Gibson-Mount <quanah@zimbra.com>:
Extra info received and forwarded to list. Copy sent to Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>. (Thu, 13 Aug 2009 00:21:04 GMT) Full text and rfc822 format available.

Message #29 received at 541256@bugs.debian.org (full text, mbox):

From: Quanah Gibson-Mount <quanah@zimbra.com>
To: vedranf@vedranf.mine.nu
Cc: 541256@bugs.debian.org
Subject: Re: [Pkg-openldap-devel] Bug#541256: Bug#541256: TLS: could not set cipher list TLS_RSA_AES_256_CBC_SHA1
Date: Wed, 12 Aug 2009 17:19:15 -0700
--On Thursday, August 13, 2009 2:12 AM +0200 Vedran Furač 
<vedranf@vedranf.mine.nu> wrote:


>> Please see the upstream comments.  The issue is broken behavior on
>> GnuTLS'  part.
>
> Ah... I see. Thanks for forwarding it! Anyway, I tried his suggestion
> and changed slapd.conf on server side and libnss/pam_ldap.conf/ldap.conf
> on client to have:
>
> TLSCipherSuite     +AES-256-CBC:+SHA1
>
> Now slapd starts, but connection (e.g. getent passwd) to it fails with:
>
> TLS: can't connect: No supported cipher suites have been found..
>
> And ldapsearch -ZZ:
>
> TLS: can't connect: A TLS packet with unexpected length was received.


Sadly, this is likely yet another case of broken behavior on GnuTLS' part, 
of which there are growing numbers, like 
<http://www.openldap.org/its/index.cgi/?findid=6252>. I'd recommend 
building your own openldap server and clients using OpenSSL, which is known 
to actually work.

--Quanah

--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration




Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>:
Bug#541256; Package slapd. (Thu, 13 Aug 2009 00:24:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Quanah Gibson-Mount <quanah@zimbra.com>:
Extra info received and forwarded to list. Copy sent to Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>. (Thu, 13 Aug 2009 00:24:05 GMT) Full text and rfc822 format available.

Message #34 received at 541256@bugs.debian.org (full text, mbox):

From: Quanah Gibson-Mount <quanah@zimbra.com>
To: vedranf@vedranf.mine.nu
Cc: 541256@bugs.debian.org
Subject: Re: [Pkg-openldap-devel] Bug#541256: Bug#541256: TLS: could not set cipher list TLS_RSA_AES_256_CBC_SHA1
Date: Wed, 12 Aug 2009 17:21:52 -0700
--On Wednesday, August 12, 2009 5:19 PM -0700 Quanah Gibson-Mount 
<quanah@zimbra.com> wrote:

> --On Thursday, August 13, 2009 2:12 AM +0200 Vedran Furač
> <vedranf@vedranf.mine.nu> wrote:
>
>
>>> Please see the upstream comments.  The issue is broken behavior on
>>> GnuTLS'  part.
>>
>> Ah... I see. Thanks for forwarding it! Anyway, I tried his suggestion
>> and changed slapd.conf on server side and libnss/pam_ldap.conf/ldap.conf
>> on client to have:
>>
>> TLSCipherSuite     +AES-256-CBC:+SHA1


Try:

TLSCipherSuite +RSA:+AES-256-CBC:+SHA1

--Quanah



--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration




Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>:
Bug#541256; Package slapd. (Thu, 13 Aug 2009 00:42:11 GMT) Full text and rfc822 format available.

Acknowledgement sent to vedranf@vedranf.mine.nu:
Extra info received and forwarded to list. Copy sent to Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>. (Thu, 13 Aug 2009 00:42:11 GMT) Full text and rfc822 format available.

Message #39 received at 541256@bugs.debian.org (full text, mbox):

From: Vedran Furač <vedranf@vedranf.mine.nu>
To: Quanah Gibson-Mount <quanah@zimbra.com>
Cc: 541256@bugs.debian.org
Subject: Re: [Pkg-openldap-devel] Bug#541256: Bug#541256: TLS: could not set cipher list TLS_RSA_AES_256_CBC_SHA1
Date: Thu, 13 Aug 2009 02:36:09 +0200
Quanah Gibson-Mount wrote:

> Try:
>
> TLSCipherSuite +RSA:+AES-256-CBC:+SHA1

It works! Thank you both.

I would usually close this report, but it might be useful having it here
for others as they could encounter the same problem, especially because
searching for "+RSA:+AES-256-CBC:+SHA1" on google didn't get any result.
You decide what is the best.

Regards!




Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>:
Bug#541256; Package slapd. (Thu, 13 Aug 2009 11:03:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Steve Langasek <vorlon@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>. (Thu, 13 Aug 2009 11:03:05 GMT) Full text and rfc822 format available.

Message #44 received at 541256@bugs.debian.org (full text, mbox):

From: Steve Langasek <vorlon@debian.org>
To: Quanah Gibson-Mount <quanah@zimbra.com>, 541256@bugs.debian.org
Subject: Re: Bug#541256: [Pkg-openldap-devel] Bug#541256: Bug#541256: TLS: could not set cipher list TLS_RSA_AES_256_CBC_SHA1
Date: Thu, 13 Aug 2009 03:42:56 -0700
tags 541256 confirmed
thanks

On Wed, Aug 12, 2009 at 02:49:05PM -0700, Quanah Gibson-Mount wrote:
> >Note that a difference for GnuTLS with 2.4.17 is that it uses gcrypt if a
> >newer GnuTLS is detected, so it is possible gcrypt is broken.

> Please see the upstream comments.  The issue is broken behavior on
> GnuTLS' part.

   This appears to be caused by our switch to using GnuTLS's cipher suite
   parsing functions in 2.4.14 (due to ITS#5887). The syntax that GnuTLS
   uses is quite different from what we were using in 2.4.13 and earlier.

A change in behavior because OpenLDAP has switched to using a different
parser for cipher suites than what was in place previously isn't "broken
behavior on GnuTLS' part".  Your continuous maligning of GnuTLS in Debian
bug reports is unhelpful; we cannot ship libldap linked against OpenSSL for
license reasons, so reminding us how much you disapprove of GnuTLS isn't
going to change anything - aside from discouraging me from spending time on
bug mail for the openldap package.

If the current parser behavior is going to remain in place (which is not yet
clear), then we should address this in the packaging on upgrade, either by
converting the TLSCipherSuite values automatically or at minimum by
notifying the user that an adjustment will be needed.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek@ubuntu.com                                     vorlon@debian.org




Added tag(s) confirmed. Request was from Steve Langasek <vorlon@debian.org> to control@bugs.debian.org. (Thu, 13 Aug 2009 11:03:13 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>:
Bug#541256; Package slapd. (Thu, 13 Aug 2009 18:18:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Howard Chu <hyc@openldap.org>:
Extra info received and forwarded to list. Copy sent to Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>. (Thu, 13 Aug 2009 18:18:03 GMT) Full text and rfc822 format available.

Message #51 received at 541256@bugs.debian.org (full text, mbox):

From: Howard Chu <hyc@openldap.org>
To: 541256@bugs.debian.org
Subject: Re: Bug#541256: TLS: could not set cipher list TLS_RSA_AES_256_CBC_SHA1
Date: Thu, 13 Aug 2009 11:15:48 -0700
> A change in behavior because OpenLDAP has switched to using a different
> parser for cipher suites than what was in place previously isn't "broken
> behavior on GnuTLS' part".

Steve: the fact that the behavior changed isn't "broken"; the fact that the 
behavior is so completely different from the official GnuTLS documentation *is*.

> Your continuous maligning of GnuTLS in Debian
> bug reports is unhelpful; we cannot ship libldap linked against OpenSSL for
> license reasons, so reminding us how much you disapprove of GnuTLS isn't
> going to change anything - aside from discouraging me from spending time on
> bug mail for the openldap package.

As software and security professionals, we cannot in good conscience stand 
mute on the subject. The quality of the code in GnuTLS is obviously low, the 
risk of security vulnerabilities is high, and the cost in maintenance is only 
going up. Whether you want to hear it or not, we are obligated to state for 
the record that using GnuTLS is a bad idea, because that's the objective truth.

-- 
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/




Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>:
Bug#541256; Package slapd. (Wed, 11 May 2011 08:06:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Simon L'nu <simon.lnu@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>. (Wed, 11 May 2011 08:06:04 GMT) Full text and rfc822 format available.

Message #56 received at 541256@bugs.debian.org (full text, mbox):

From: Simon L'nu <simon.lnu@gmail.com>
To: Debian Bug Tracking System <541256@bugs.debian.org>
Subject: slapd: could not set cipher list SIGABRT
Date: Wed, 11 May 2011 03:55:55 -0400
Package: slapd
Version: 2.4.25-1+b1
Followup-For: Bug #541256

*** glibc detected *** slapd: double free or corruption (top): 0x08894138 ***

and slapd crashes with an abort signal.

this happens when i set "oldTLSCipherSuite: ___" doesn't matter what, it crashes.

doesn't happen with openssl-built slapd, but only with gnutls-built one.

thanks
simon

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (995, 'unstable'), (990, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.38.5-acahkos
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages slapd depends on:
ii  adduser                   3.112+nmu2     add and remove users and groups
ii  cdebconf [debconf-2.0]    0.155          Debian Configuration Management Sy
ii  coreutils                 8.5-1          GNU core utilities
ii  debconf [debconf-2.0]     1.5.39         Debian configuration management sy
ii  libc6                     2.13-2         Embedded GNU C Library: Shared lib
ii  libdb4.8                  4.8.30-8       Berkeley v4.8 Database Libraries [
ii  libgcrypt11               1.5.0~beta1-1  LGPL Crypto library - runtime libr
ii  libgnutls26               2.12.4-1       GNU TLS library - runtime library
ii  libldap-2.4-2             2.4.25-1+b1    OpenLDAP libraries
ii  libltdl7                  2.4-2          A system independent dlopen wrappe
ii  libperl5.12               5.12.3-6       shared Perl library
ii  libsasl2-2                2.1.23.dfsg1-8 Cyrus SASL - authentication abstra
ii  libslp1                   1.2.1-7.8      OpenSLP libraries
ii  libwrap0                  7.6.q-19       Wietse Venema's TCP wrappers libra
ii  lsb-base                  3.2-27         Linux Standard Base 3.2 init scrip
ii  perl [libmime-base64-perl 5.12.3-6       Larry Wall's Practical Extraction 
ii  psmisc                    22.13-1        utilities that use the proc file s
ii  unixodbc                  2.2.14p2-2     ODBC tools libraries

Versions of packages slapd recommends:
ii  libsasl2-modules          2.1.23.dfsg1-8 Cyrus SASL - pluggable authenticat

Versions of packages slapd suggests:
ii  ldap-utils                   2.4.25-1+b1 OpenLDAP utilities

-- Configuration Files:
/etc/default/slapd changed [not included]
/etc/ldap/schema/corba.schema changed [not included]
/etc/ldap/schema/core.ldif changed [not included]
/etc/ldap/schema/cosine.schema changed [not included]
/etc/ldap/schema/java.schema changed [not included]
/etc/ldap/schema/ppolicy.schema changed [not included]

-- debconf information:
  slapd/tlsciphersuite:
  shared/organization:
* slapd/upgrade_slapcat_failure:
  slapd/backend: HDB
* slapd/allow_ldap_v2: true
* slapd/no_configuration: true
  slapd/move_old_database: true
  slapd/suffix_change: false
* slapd/dump_database_destdir: /var/backups/slapd-VERSION
  slapd/domain:
  slapd/password_mismatch:
  slapd/invalid_config: true
  slapd/slurpd_obsolete:
* slapd/dump_database: when needed
  slapd/migrate_ldbm_to_bdb: false
  slapd/purge_database: false




Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>:
Bug#541256; Package slapd. (Wed, 11 May 2011 09:15:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Quanah Gibson-Mount <quanah@zimbra.com>:
Extra info received and forwarded to list. Copy sent to Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>. (Wed, 11 May 2011 09:15:03 GMT) Full text and rfc822 format available.

Message #61 received at 541256@bugs.debian.org (full text, mbox):

From: Quanah Gibson-Mount <quanah@zimbra.com>
To: Simon L'nu <simon.lnu@gmail.com>, 541256@bugs.debian.org
Subject: Re: [Pkg-openldap-devel] Bug#541256: slapd: could not set cipher list SIGABRT
Date: Wed, 11 May 2011 02:03:04 -0700
--On Wednesday, May 11, 2011 3:55 AM -0400 Simon L'nu <simon.lnu@gmail.com> 
wrote:

> Package: slapd
> Version: 2.4.25-1+b1
> Followup-For: Bug #541256
>
> *** glibc detected *** slapd: double free or corruption (top): 0x08894138
> ***

I've filed this upstream as that is the appropriate place to file this bug.

<http://www.openldap.org/its/index.cgi/?findid=6939>

--Quanah


--

Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration




Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>:
Bug#541256; Package slapd. (Wed, 11 May 2011 09:57:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Howard Chu <hyc@symas.com>:
Extra info received and forwarded to list. Copy sent to Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>. (Wed, 11 May 2011 09:57:04 GMT) Full text and rfc822 format available.

Message #66 received at 541256@bugs.debian.org (full text, mbox):

From: Howard Chu <hyc@symas.com>
To: Quanah Gibson-Mount <quanah@zimbra.com>, 541256@bugs.debian.org
Cc: Simon L'nu <simon.lnu@gmail.com>
Subject: Re: Bug#541256: [Pkg-openldap-devel] Bug#541256: slapd: could not set cipher list SIGABRT
Date: Wed, 11 May 2011 02:24:29 -0700
Quanah Gibson-Mount wrote:
> --On Wednesday, May 11, 2011 3:55 AM -0400 Simon L'nu<simon.lnu@gmail.com>
> wrote:
>
>> Package: slapd
>> Version: 2.4.25-1+b1
>> Followup-For: Bug #541256
>>
>> *** glibc detected *** slapd: double free or corruption (top): 0x08894138
>> ***
>
> I've filed this upstream as that is the appropriate place to file this bug.
>
> <http://www.openldap.org/its/index.cgi/?findid=6939>
>
> --Quanah

A backtrace is needed. And I'm not sure we should handle this upstream, 
depending on whatever other patches may be in the debian build that we don't 
know about.

-- 
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/




Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 16 19:32:02 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.