[Pkg-openldap-devel] Bug#864719: slapd: fails to configure when olcSuffix contains a backslash-escaped umlaut
Thorsten Glaser
tg at mirbsd.de
Tue Jun 13 13:13:50 UTC 2017
Package: slapd
Version: 2.4.31-2+deb7u3
Severity: serious
Justification: fails to configure
With recent security updates being available in Debian oldstable
(soon to be oldoldstable, but hey!), the package fails to upgrade
because it fails to configure if the olcSuffix contains a nōn-ASCII
character (and a space, but I don’t think that is it).
I will be filtering the name of our client as follows, believing
that the problem will still appear.
olcSuffix: o=Kundenname M\c3\bcumlaut,c=de
No, I did not invent this…
With “set -x” in slapd.postinst (and reverting the default /bin/sh
to bash to be sure it’s not an mksh problem) I get:
root at prodname-dollarcustomer:~ # dpkg -a --configure
Setting up slapd (2.4.31-2+deb7u3) ...
+ . /usr/share/debconf/confmodule
++ '[' '!' '' ']'
++ PERL_DL_NONLAZY=1
++ export PERL_DL_NONLAZY
++ '[' '' ']'
++ exec /usr/share/debconf/frontend /var/lib/dpkg/info/slapd.postinst configure 2.4.31-2+deb7u3
+ . /usr/share/debconf/confmodule
++ '[' '!' 1 ']'
++ '[' -z '' ']'
++ exec
++ '[' '' ']'
++ exec
++ DEBCONF_REDIR=1
++ export DEBCONF_REDIR
+ MODE=configure
+ OLD_VERSION=2.4.31-2+deb7u3
+ '[' -f /etc/default/slapd ']'
+ . /etc/default/slapd
++ SLAPD_CONF=
++ SLAPD_USER=openldap
++ SLAPD_GROUP=openldap
++ SLAPD_PIDFILE=
++ SLAPD_SERVICES='ldap:/// ldapi:///'
++ SLAPD_SENTINEL_FILE=/etc/ldap/noslapd
++ SLAPD_OPTIONS=
+ '[' -z '' ']'
+ '[' -f /etc/ldap/slapd.conf ']'
+ SLAPD_CONF=/etc/ldap/slapd.d
+ '[' configure = configure ']'
+ '[' openldap = openldap ']'
+ create_new_user
++ getent group openldap
+ '[' -z openldap:x:112: ']'
++ getent passwd openldap
+ '[' -z 'openldap:x:106:112:OpenLDAP Server Account,,,:/var/lib/ldap:/bin/false' ']'
+ is_initial_configuration configure 2.4.31-2+deb7u3
+ '[' configure = configure ']'
+ '[' -z 2.4.31-2+deb7u3 ']'
+ '[' configure = reconfigure ']'
+ '[' '' ']'
+ '[' configure = configure ']'
+ '[' '!' -e /etc/ldap/slapd.d ']'
+ return 1
+ postinst_upgrade_configuration
++ database_dumping_destdir
++ local dir
++ db_get slapd/dump_database_destdir
++ _db_cmd 'GET slapd/dump_database_destdir'
++ _db_internal_IFS='
'
++ IFS=' '
++ printf '%s\n' 'GET slapd/dump_database_destdir'
++ IFS='
'
++ IFS='
'
++ read -r _db_internal_line
++ RET=/var/backups/slapd-VERSION
++ case ${_db_internal_line%%[ ]*} in
++ return 0
+++ sed -e s/VERSION/2.4.31-2+deb7u3/
+++ echo /var/backups/slapd-VERSION
++ dir=/var/backups/slapd-2.4.31-2+deb7u3
++ mkdir -p -m 700 /var/backups/slapd-2.4.31-2+deb7u3
++ echo /var/backups/slapd-2.4.31-2+deb7u3
+ echo -n ' Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.4.31-2+deb7u3... '
Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.4.31-2+deb7u3... + backup_config_once
+ local backupdir
+ '[' -z '' ']'
++ database_dumping_destdir
++ local dir
++ db_get slapd/dump_database_destdir
++ _db_cmd 'GET slapd/dump_database_destdir'
++ _db_internal_IFS='
'
++ IFS=' '
++ printf '%s\n' 'GET slapd/dump_database_destdir'
++ IFS='
'
++ IFS='
'
++ read -r _db_internal_line
++ RET=/var/backups/slapd-VERSION
++ case ${_db_internal_line%%[ ]*} in
++ return 0
+++ sed -e s/VERSION/2.4.31-2+deb7u3/
+++ echo /var/backups/slapd-VERSION
++ dir=/var/backups/slapd-2.4.31-2+deb7u3
++ mkdir -p -m 700 /var/backups/slapd-2.4.31-2+deb7u3
++ echo /var/backups/slapd-2.4.31-2+deb7u3
+ backupdir=/var/backups/slapd-2.4.31-2+deb7u3
+ '[' -e /etc/ldap/slapd.d ']'
+ cp -a /etc/ldap/slapd.d /var/backups/slapd-2.4.31-2+deb7u3
+ FLAG_CONFIG_BACKED_UP=yes
+ echo done.
done.
+ database_format_changed
+ dpkg --compare-versions 2.4.31-2+deb7u3 lt-nl 2.4.25-2
+ return 1
+ migrate_to_slapd_d_style
+ previous_version_older 2.4.23-3
+ dpkg --compare-versions 2.4.31-2+deb7u3 lt-nl 2.4.23-3
+ return 1
+ previous_version_older 2.4.23-5
+ dpkg --compare-versions 2.4.31-2+deb7u3 lt-nl 2.4.23-5
+ return 1
+ configure_v2_protocol_support
+ local new_conf
+ db_get slapd/allow_ldap_v2
+ _db_cmd 'GET slapd/allow_ldap_v2'
+ _db_internal_IFS='
'
+ IFS=' '
+ printf '%s\n' 'GET slapd/allow_ldap_v2'
+ IFS='
'
+ IFS='
'
+ read -r _db_internal_line
+ RET=false
+ case ${_db_internal_line%%[ ]*} in
+ return 0
+ '[' false '!=' true ']'
+ return 0
+ update_databases_permissions
+ read suffix
+ get_suffix
+ '[' -f /etc/ldap/slapd.d ']'
+ cut -d: -f 2
+ grep -h olcSuffix '/etc/ldap/slapd.d/cn=config/olcDatabase={-1}frontend.ldif' '/etc/ldap/slapd.d/cn=config/olcDatabase={0}config.ldif' '/etc/ldap/slapd.d/cn=config/olcDatabase={1}hdb.ldif'
++ get_directory 'o=Kundenname Mc3bcumlaut,c=de'
++ '[' -d /etc/ldap/slapd.d ']'
++ grep -q 'o=Kundenname Mc3bcumlaut,c=de'
++ get_suffix
++ '[' -f /etc/ldap/slapd.d ']'
++ cut -d: -f 2
++ grep -h olcSuffix '/etc/ldap/slapd.d/cn=config/olcDatabase={-1}frontend.ldif' '/etc/ldap/slapd.d/cn=config/olcDatabase={0}config.ldif' '/etc/ldap/slapd.d/cn=config/olcDatabase={1}hdb.ldif'
++ '[' -f /etc/ldap/slapd.d ']'
++ return 1
+ dbdir=
dpkg: error processing slapd (--configure):
subprocess installed post-installation script returned error exit status 1
Errors were encountered while processing:
slapd
-- System Information:
Debian Release: 7.11
APT prefers oldstable-updates
APT policy: (500, 'oldstable-updates'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-0.bpo.4-amd64 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages slapd depends on:
ii adduser 3.113+nmu3
ii coreutils 8.13-3.5
ii debconf [debconf-2.0] 1.5.49
ii libc6 2.13-38+deb7u11
ii libdb5.1 5.1.29-5
ii libgcrypt11 1.5.0-5+deb7u5
ii libgnutls26 2.12.20-8+deb7u5
ii libldap-2.4-2 2.4.31-2+deb7u3
ii libltdl7 2.4.2-1.1
ii libodbc1 2.2.14p2-5
ii libperl5.14 5.14.2-21+deb7u5
ii libsasl2-2 2.1.25.dfsg1-6+deb7u1
ii libslp1 1.2.1-9+deb7u1
ii libwrap0 7.6.q-24
ii lsb-base 4.1+Debian8+deb7u1
ii multiarch-support 2.13-38+deb7u11
ii perl [libmime-base64-perl] 5.14.2-21+deb7u5
ii psmisc 22.19-1+deb7u1
Versions of packages slapd recommends:
pn libsasl2-modules <none>
Versions of packages slapd suggests:
ii ldap-utils 2.4.31-2+deb7u3
-- debconf information:
slapd/internal/generated_adminpw: (password omitted)
* slapd/password2: (password omitted)
slapd/internal/adminpw: (password omitted)
* slapd/password1: (password omitted)
slapd/allow_ldap_v2: false
slapd/password_mismatch:
slapd/invalid_config: true
shared/organization: lan.tarent.de
slapd/upgrade_slapcat_failure:
slapd/unsafe_selfwrite_acl:
* slapd/no_configuration: true
slapd/move_old_database: true
slapd/dump_database_destdir: /var/backups/slapd-VERSION
slapd/purge_database: false
slapd/domain: lan.tarent.de
slapd/backend: HDB
slapd/dump_database: when needed
More information about the Pkg-openldap-devel
mailing list