Created an attachment (id=213) [details]
Timeout patches to the openldap libraries

Created an attachment (id=214) [details]
Adding timeout to the registration (requires the previous patch)

The updates have been finalized for GTK 2.4.3.  Go to the Globus advisory page 
for to download update package.

I think there's a problem with the released update package.
I tried to build it on top of a Globus 2.4.3 installation, using:

gpt-build -verbose -update globus_openldap-2.0.22.tar.gz gcc64dbgpthr

I got:

gpt-build ====> CHECKING BUILD DEPENDENCIES FOR globus_openldap
SKIPPING REBUILD of gcc64dbgpthr

The pkg_data_src.gpt file is identical in the globus_openldap package
included in the 2.4.3 bundles and in the globus_openldap-2.0.22.tar.gz
update package.

Shouldn't the update package have a newer version number so that
"gpt-build -update" knows to apply it?

Keith,
Increased minor version number in package just to be sure.  Package is 
available on Advisory page.

Ok, thanks, I'll give it a try.

Incidentally, this is the third distinct version of that same update
file at the same URL.  I've downloaded copies of this file dated
Jan 22, Jan 30, and Feb 18.

If a file name includes a version number, it's usually safe to assume
that you're going to get the same version of the file if you download
it again later, especially if other files in the same directory (the
globus_common and globus_openssl updates) exist in multiple copies
with distinct version numbers.

In the case of globus_openldap, I understand that you want to track
the version number of the official release from openldap.org; in
that case I suggest appending your own sub-version number such as 
globus_openldap-2.0.22.1.tar.gz.

If you need to update an update, or any file on your ftp site, please
please please update the version number so we know what we're getting.

I've done a new build with the updated globus_openldap-2.0.22.tar.gz;
it built correctly.

One more note: the globus_openldap-2.0.22.tar.gz
update package contains a large extraneous file,
"globus_openldap/openldap-2.0.22.tar".  No other update packages
contain tar files like this.  I presume it was accidentally left in 
place when the update package was being built.

The openldap-2.0.22.tar file is identical to the original
openldap-2.0.22.tgz from ftp.openldap.org (after decompression).

I believe that this tar file is ignored during the build process,
and that its presence is therefore harmless.  Can you confirm this?
(I've done several builds using a patched version of the update package
(see bug # 1573) with the tar file deleted, with no apparent problems.)

Assuming it's harmless, I obviously don't recommend updating the
globus_openldap-2.0.22.tar.gz update package (at least not without
modifying the version number), but it's something to keep in mind if
a new update is necessary.