search

omniosorg / omnios-extra

Packages for OmniOS extra
https://omnios.org
Other
26 stars 58 forks source link

cyrus-imapd crashing during TLS shutdown #1413

Closed daleghent closed 7 months ago

daleghent commented 7 months ago

This is an issue in reference to cyrusimap/cyrus-imapd#4785 where it appears that an extra call to SSL_SESSION_free() in cyrus-imapd's TLS handling code induces imapd (and probably also pop3d) to self-immolate. I'm also experiencing this and core files build up daily, which IMAP clients occasionally (but not always) getting unhappy about their connection suddenly dying.

Andy, you mentioned a patch that removes the call that solves the crashing issue. Would you consider producing an updated package that includes this patch until cyrus-imapd gets this sorted in their code?

citrus-it commented 7 months ago

I integrated this to omnios-extra as https://github.com/omniosorg/omnios-extra/commit/08ca4969c3a2de54d0c00121fb47ca630db79899 but it's possible that not all package versions were rebuilt after that. I know that r151048 has it as that is where I run my own cyrus IMAP servers. What version are you using?

daleghent commented 7 months ago

Hmm, strange. I'm indeed running 048:

[root@xenon]~# pkg info cyrus-imapd
             Name: ooce/network/cyrus-imapd
          Summary: Cyrus IMAP is an email, contacts and calendar server
      Description: Cyrus IMAP is an email, contacts and calendar server
            State: Installed (Manually installed)
        Publisher: extra.omnios
          Version: 3.8.1
           Branch: 151048.0
   Packaging Date: December 12, 2023 at 04:27:07 PM
Last Install Time: December  2, 2022 at 11:27:55 PM
 Last Update Time: February 12, 2024 at 04:58:54 PM
             Size: 12.85 MB
             FMRI: pkg://extra.omnios/ooce/network/cyrus-imapd@3.8.1-151048.0:20231212T162707Z

But I'm not seeing newer version than the one that's timestamped 20231212. pkg.omnios.org seems to reflect this version as well: https://pkg.omnios.org/r151048/extra/en/search.shtml?token=cyrus-imapd&action=Search

Maybe the newer version didn't get published?

citrus-it commented 7 months ago

Maybe the newer version didn't get published?

Seems most likely. Try now, sorry about that.

I don't know why the cyrus imap project hasn't fixed this yet, especially when the openssl developers confirmed it was wrong in the linked issue.

daleghent commented 7 months ago

Thanks Andy, that did the trick. I hope they can find some help considering their pull request backlog.