Bug#803197: libldap built against GNUTLS breaks SOGo
Ryan Tandy
ryan at nardis.ca
Tue Oct 27 21:54:10 UTC 2015
Hi Robert,
I won't be able to look into this in detail until Thursday or Friday at
the earliest, but for right now, I'm copying the GnuTLS maintainers in
case they can shed any light.
Comments below...
On Tue, Oct 27, 2015 at 09:03:48PM +0000, Robert McQueen wrote:
>Since upgrading to Jessie I ran into a bug in the SOGo groupware where
>it goes into an infinite loop after connecting to my LDAP server over
>TLS.
>
>This bug doesn't happen if I downgrade libldap to 2.4.31-2, or if you
>configure SOGo to connect to LDAP without TLS, which are both detailed
>on the upstream bug:
> http://www.sogo.nu/bugs/view.php?id=3211
>
>Inverse (upstream developers of SOGo groupware) have investigated and
>found that it seems like initialising TLS in LDAP is closing an
>unrelated file descriptor used internally for SOGo's event handling:
> http://www.sogo.nu/bugs/view.php?id=3211#c9021
Indeed. The top of the trace is very interesting:
#0 close () at ../sysdeps/unix/syscall-template.S:81
0000001 0x00007ffff3e70ee3 in ?? () from
/usr/lib/x86_64-linux-gnu/libgnutls-deb0.so.28
0000002 0x00007ffff3e70f06 in ?? () from
/usr/lib/x86_64-linux-gnu/libgnutls-deb0.so.28
0000003 0x00007ffff3dd0c56 in ?? () from
/usr/lib/x86_64-linux-gnu/libgnutls-deb0.so.28
0000004 0x00007ffff3de1d4f in gnutls_global_set_mutex () from
/usr/lib/x86_64-linux-gnu/libgnutls-deb0.so.28
0000005 0x00007ffff3735c06 in tls_init (impl=0x7ffff394e420
<ldap_int_tls_impl>) at tls2.c:170
Can you please generate that trace again with libgnutls28-dbg installed,
so that we can see more details?
>Seeing as downgrading libldap seems to fix the bug it suggests a
>regression or side-effect from some changes between Wheezy and Jessie.
>
>I'm not sure what the best next step is - I wonder if Ludovic (CC'd)
>or someone at Inverse would be able to create a standalone
>test/reproduction program so somebody could bisect and find a libldap
>change that exposes the bug, or if someone familiar with the code
>could review changes to the TLS code in libldap to see what has
>changed from 2.4.31 to 2.4.40 that might explain it?
thanks,
Ryan
More information about the Pkg-gnutls-maint
mailing list