Description of problem: Hi, There seems a problem on dovecot auth since version upgrade, it crash instantly on start. I tried to force-add ssl_dh = </etc/dovecot/dh.pem and generate it but it changed nothing. # journalctl -u dovecot sept. 01 19:19:54 aurae.aoihime.eu systemd[1]: Started Dovecot IMAP/POP3 email server. sept. 01 19:19:55 aurae.aoihime.eu dovecot[32452]: master: Dovecot v2.3.2.1 (0719df592) starting up for imap, lmtp, sieve sept. 01 19:20:02 aurae.aoihime.eu dovecot[32452]: master: Error: service(auth): command startup failed, throttling for 2 secs sept. 01 19:20:02 aurae.aoihime.eu dovecot[32457]: auth: Fatal: master: service(auth): child 32466 killed with signal 11 (core not dumped - https://dovecot.org/bugreport.html#coredumps - set /proc/sys/fs/suid_dumpable to 2) sept. 01 19:20:02 aurae.aoihime.eu dovecot[32457]: imap-login: Disconnected: Auth process broken (disconnected before auth was ready, waited 0 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1, secured, session=<beS/hNJ0ruZ/AAAB> sept. 01 19:20:02 aurae.aoihime.eu dovecot[32457]: imap-login: Warning: Timeout leak: 0x7f0e8a4d46b0 (auth-server-connection.c:397) sept. 01 19:20:07 aurae.aoihime.eu dovecot[32452]: master: Error: service(auth): command startup failed, throttling for 4 secs sept. 01 19:20:07 aurae.aoihime.eu dovecot[32457]: auth: Fatal: master: service(auth): child 32469 killed with signal 11 (core not dumped - https://dovecot.org/bugreport.html#coredumps - set /proc/sys/fs/suid_dumpable to 2) sept. 01 19:20:07 aurae.aoihime.eu dovecot[32457]: lmtp(32475): Connect from local sept. 01 19:20:07 aurae.aoihime.eu dovecot[32457]: lmtp(32477): Connect from local sept. 01 19:20:11 aurae.aoihime.eu dovecot[32452]: master: Error: service(auth): command startup failed, throttling for 8 secs sept. 01 19:20:11 aurae.aoihime.eu dovecot[32457]: auth: Fatal: master: service(auth): child 32478 killed with signal 11 (core not dumped - https://dovecot.org/bugreport.html#coredumps - set /proc/sys/fs/suid_dumpable to 2) sept. 01 19:20:11 aurae.aoihime.eu dovecot[32457]: lmtp(user@example.com)<[...]><[...]>: Error: userdb lookup(user@example.com): Disconnected unexpectedly sept. 01 19:20:11 aurae.aoihime.eu dovecot[32457]: lmtp(user@example.com)<[...]><[...]>: Error: userdb lookup(user@example.com): Disconnected unexpectedly sept. 01 19:20:11 aurae.aoihime.eu dovecot[32457]: lmtp(32475): Error: Failed to lookup user user@example.com: Internal error occurred. Refer to server log for more information. sept. 01 19:20:11 aurae.aoihime.eu dovecot[32457]: lmtp(32477): Error: Failed to lookup user user@example.com: Internal error occurred. Refer to server log for more information. sept. 01 19:20:11 aurae.aoihime.eu dovecot[32457]: lmtp(32475): Disconnect from local: Client has quit the connection (state = READY) sept. 01 19:20:11 aurae.aoihime.eu dovecot[32457]: lmtp(32477): Disconnect from local: Client has quit the connection (state = READY) sept. 01 19:21:08 aurae.aoihime.eu dovecot[32452]: master: Error: service(auth): command startup failed, throttling for 16 secs sept. 01 19:21:08 aurae.aoihime.eu dovecot[32457]: auth: Fatal: master: service(auth): child 32510 killed with signal 11 (core not dumped - https://dovecot.org/bugreport.html#coredumps - set /proc/sys/fs/suid_dumpable to 2) sept. 01 19:21:24 aurae.aoihime.eu dovecot[32452]: master: Error: service(auth): command startup failed, throttling for 32 secs sept. 01 19:21:24 aurae.aoihime.eu dovecot[32457]: auth: Fatal: master: service(auth): child 32522 killed with signal 11 (core not dumped - https://dovecot.org/bugreport.html#coredumps - set /proc/sys/fs/suid_dumpable to 2) sept. 01 19:22:09 aurae.aoihime.eu dovecot[32452]: master: Error: service(auth): command startup failed, throttling for 60 secs sept. 01 19:22:09 aurae.aoihime.eu dovecot[32457]: auth: Fatal: master: service(auth): child 32539 killed with signal 11 (core not dumped - https://dovecot.org/bugreport.html#coredumps - set /proc/sys/fs/suid_dumpable to 2) sept. 01 19:23:09 aurae.aoihime.eu dovecot[32452]: master: Error: service(auth): command startup failed, throttling for 60 secs sept. 01 19:23:09 aurae.aoihime.eu dovecot[32457]: auth: Fatal: master: service(auth): child 32550 killed with signal 11 (core not dumped - https://dovecot.org/bugreport.html#coredumps - set /proc/sys/fs/suid_dumpable to 2) $ sudo gdb /usr/libexec/dovecot/auth Type "apropos word" to search for commands related to "word"... Reading symbols from /usr/libexec/dovecot/auth...Reading symbols from /usr/lib/debug/usr/libexec/dovecot/auth-2.3.2.1-2.mga7.x86_64.debug...done. done. (gdb) run Starting program: /usr/libexec/dovecot/auth Missing separate debuginfo for /lib64/libpam.so.0 Try: dnf --enablerepo='*debug*' install /usr/lib/debug/.build-id/fc/268cf4d5fddddecf7a903bf6c43139997c8b13.debug Or try: urpmi /usr/lib/debug/.build-id/fc/268cf4d5fddddecf7a903bf6c43139997c8b13.debug Missing separate debuginfo for /lib64/libaudit.so.1 Try: dnf --enablerepo='*debug*' install /usr/lib/debug/.build-id/d1/b59ad781d3817b3fe752e186370a1e11463a8e.debug Or try: urpmi /usr/lib/debug/.build-id/d1/b59ad781d3817b3fe752e186370a1e11463a8e.debug Missing separate debuginfo for /lib64/libcap-ng.so.0 Try: dnf --enablerepo='*debug*' install /usr/lib/debug/.build-id/9f/d77a7e412de93e1e8443aa2175d15ee128afff.debug Or try: urpmi /usr/lib/debug/.build-id/9f/d77a7e412de93e1e8443aa2175d15ee128afff.debug Program received signal SIGSEGV, Segmentation fault. __strcmp_sse2_unaligned () at ../sysdeps/x86_64/multiarch/strcmp-sse2-unaligned.S:31 31 movdqu (%rdi), %xmm1 (gdb) bt #0 __strcmp_sse2_unaligned () at ../sysdeps/x86_64/multiarch/strcmp-sse2-unaligned.S:31 #1 0x000055555558c538 in password_scheme_register_crypt () at password-scheme-crypt.c:190 #2 0x000055555558c0ac in password_schemes_init () at password-scheme.c:874 #3 0x0000555555567a46 in main_preinit () at main.c:185 #4 main () at main.c:392 #5 0x00007ffff7c5902b in __libc_start_main (main=0x555555567980 <main>, argc=1, argv=0x7fffffffe478, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe468) at ../csu/libc-start.c:308 #6 0x0000555555567f0a in _start () at ../sysdeps/x86_64/start.S:120 (gdb) Version-Release number of selected component (if applicable): dovecot-2.3.2.1-2.mga7 How reproducible: Always Steps to Reproduce: 1. /etc/postfix/main.cf # Add this at end smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination mailbox_transport = lmtp:unix:private/dovecot-lmtp 2. /etc/dovecot/local.conf ## Dovecot local configuration file # Set dovecot protocols protocols = imap lmtp sieve # Disable plaintext auth disable_plaintext_auth = yes # Set auth mechanisms auth_mechanisms = plain login # Set mail location mail_location = maildir:/var/mail/%u # Strip username from domain part auth_username_format = %Ln # Set privileged group #mail_privileged_group = mail # SSL DH parameters ssl_dh = </etc/dovecot/dh.pem # Set listener service auth { # Postfix smtp-auth unix_listener /var/spool/postfix/private/auth { mode = 0660 user = postfix group = postfix } # Auth process is run as this user. #user = $default_internal_user } # Set lmtp listener service lmtp { # Postfix smtp-auth unix_listener /var/spool/postfix/private/dovecot-lmtp { mode = 0600 user = postfix group = postfix } } 2. systemctl restart postfix.service 3. systemctl restart dovecot.service 4. gdb /usr/libexec/dovecot/auth run bt
Seems a known bug related to glibc change.
URL: (none) => https://www.mail-archive.com/dovecot@dovecot.org/msg74130.html
Seems realted a regression in glibc crypt function which invalidate the pointer, see the mail-archive link of mailing list.
Assignee: bugsquad => tmb
They say that we may force the link against crypt lib and not glibc. Should the patch be applied or glibc patched to fix it for other services ? See (from same thread): https://www.mail-archive.com/dovecot@dovecot.org/msg74134.html Not tried yet, what do you think ?
Seems related to last point of section "Deprecated and removed features, and other changes affecting compatibility" in release not of glibc 2.28 : https://www.sourceware.org/ml/libc-alpha/2018-08/msg00003.html
Add patch dovecot-2.3.2.1-include-crypt-h.patch from dovecot ml which fix the problem : Index: SOURCES/dovecot-2.3.2.1-include-crypt-h.patch =================================================================== --- SOURCES/dovecot-2.3.2.1-include-crypt-h.patch (nonexistent) +++ SOURCES/dovecot-2.3.2.1-include-crypt-h.patch (copie de travail) @@ -0,0 +1,12 @@ +From: https://www.mail-archive.com/dovecot@dovecot.org/msg74132.html +diff -urNp dovecot-2.3.2.1/src/auth/mycrypt.c.orig dovecot-2.3.2.1/src/auth/mycrypt.c +--- dovecot-2.3.2.1/src/auth/mycrypt.c.orig 2018-09-01 20:17:20.451155812 +0200 ++++ dovecot-2.3.2.1/src/auth/mycrypt.c 2018-09-01 20:17:38.661155622 +0200 +@@ -14,6 +14,7 @@ + # define _XPG6 /* Some Solaris versions require this, some break with this */ + #endif + #include <unistd.h> ++#include <crypt.h> + + #include "mycrypt.h" + Index: SPECS/dovecot.spec =================================================================== --- SPECS/dovecot.spec (révision 1256095) +++ SPECS/dovecot.spec (copie de travail) @@ -36,7 +36,7 @@ Summary: Secure IMAP and POP3 server Name: dovecot Version: 2.3.2.1 -Release: %mkrel 2 +Release: %mkrel 3 License: MIT and LGPLv2 and BSD-like and Public Domain Group: System/Servers URL: https://dovecot.org @@ -50,6 +50,7 @@ Source8: https://www.earth.ox.ac.uk/~steve/sieve/procmail2sieve.pl Source9: %{name}-tmpfiles.conf Patch0: dovecot-2.2.6-compress-ldl.patch +Patch1: dovecot-2.3.2.1-include-crypt-h.patch Provides: imap-server pop3-server Provides: imaps-server pop3s-server Requires(post): systemd >= %{systemd_required_version} Waiting for build system version to close as resolved.
Assignee: tmb => mageia
Should be fixed in dovecot-2.3.2.1-3.mga7, reopen if you still have the bug.
Status: NEW => RESOLVEDResolution: (none) => FIXED