Debian Bug report logs -
#350754
mailutils-imap4d: Risk of mailbox corruption by imap4d due to lack of multiple access locking?
Reported by: Ben Wheeler <ben@qolc.net>
Date: Tue, 31 Jan 2006 15:48:13 UTC
Severity: critical
Tags: help
Found in version mailutils-imap4d/1:0.6.1-4sarge2
Fixed in version mailutils/1:1.1+dfsg1-1
Done: Jordi Mallach <jordi@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Jordi Mallach <jordi@debian.org>:
Bug#350754; Package mailutils-imap4d.
(full text, mbox, link).
Acknowledgement sent to Ben Wheeler <ben@qolc.net>:
New Bug report received and forwarded. Copy sent to Jordi Mallach <jordi@debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: mailutils-imap4d
Version: 1:0.6.1-4sarge2
Severity: critical
Justification: causes serious data loss
Background
I've been using gnu-imap4d for over a year. Several months back, one of
my users had their mailbox corrupted twice when using balsa over IMAP.
Both times it appeared that she might have had Pine open on the mailbox
(via a shell window) at the same time. I didn't know which thing was at
fault, pine or imap4d, so I restored from backup and set up some log
watchers.
Today the log appeared to show that another user's mailbox had been
chewed during IMAP access. He was accessing either from Outlook Express
or from his mobile phone, either way all access over IMAP, none local.
Looks like the client was misbehaving somewhat in opening several IMAP
connections in quick succession, but irrespective of that, imap4d showed
that it has no awareness of multiple access even amongst itself, let alone
from non-IMAP sources.
The log shows four overlapping sessions:
Jan 31 09:05:08 kali gnu-imap4d[26773]: Incoming connection opened
Jan 31 09:05:08 kali gnu-imap4d[26773]: Connect from 149.254.200.215
Jan 31 09:05:11 kali gnu-imap4d[26773]: User `marky' logged in
Jan 31 09:05:14 kali gnu-imap4d[26774]: Incoming connection opened
Jan 31 09:05:14 kali gnu-imap4d[26774]: Connect from 149.254.200.215
Jan 31 09:05:25 kali gnu-imap4d[26774]: User `marky' logged in
Jan 31 09:08:17 kali gnu-imap4d[26775]: Incoming connection opened
Jan 31 09:08:17 kali gnu-imap4d[26775]: Connect from 149.254.200.215
Jan 31 09:08:19 kali gnu-imap4d[26775]: User `marky' logged in
Jan 31 09:08:21 kali gnu-imap4d[26776]: Incoming connection opened
Jan 31 09:08:21 kali gnu-imap4d[26776]: Connect from 149.254.200.215
Jan 31 09:08:23 kali gnu-imap4d[26776]: User `marky' logged in
Jan 31 09:11:58 kali gnu-imap4d[26776]: Session terminating for user: marky
Jan 31 09:13:56 kali gnu-imap4d[26774]: Error reading from input file: Connection reset by peer
Jan 31 09:13:56 kali gnu-imap4d[26774]: No socket to send to
Jan 31 09:14:23 kali gnu-imap4d[26773]: Error reading from input file: Connection reset by peer
Jan 31 09:14:23 kali gnu-imap4d[26773]: * BAD : Mailbox corrupted, shrank size
Jan 31 09:14:24 kali gnu-imap4d[26773]: No socket to send to
Jan 31 09:38:40 kali gnu-imap4d[26775]: Got signal Alarm clock
Jan 31 09:38:40 kali gnu-imap4d[26775]: Session timed out for user: marky
Fortunately after initial investigation it would appear that there is
no genuine corruption this time. My guess is the user may have deleted
some of his mail in the innermost session (26776), which 26773 was unaware
of when it detected the shrunk mailbox.
The manpage for imap4d suggests it can use some sort of external locking
mutex, but this isn't configured for Debian by default. I have no idea
what the correct settings should be to make imap4d aware of itself and
other MUAs accessing the mailbox, but it seems likely that this lack
of awareness/locking is what led to the original mailbox corruption
some months ago.
In the meantime I am going to replace mailutils-imap4d with uw-imapd
and see if that fares any better!
Regards,
Ben
-- System Information:
Debian Release: 3.1
Architecture: i386 (i586)
Kernel: Linux 2.4.27-2-k6
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages mailutils-imap4d depends on:
ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an
ii libcomerr2 1.37-2sarge1 common error description library
ii libgcrypt11 1.2.0-11.1 LGPL Crypto library - runtime libr
ii libgdbm3 1.8.3-2 GNU dbm database routines (runtime
ii libgnutls11 1.0.16-13.1 GNU TLS library - runtime library
ii libgpg-error0 1.0-1 library for common error values an
ii libgsasl7 0.2.5-1 GNU SASL library
ii libidn11 0.5.13-1.0 GNU libidn library, implementation
ii libkrb53 1.3.6-2sarge2 MIT Kerberos runtime libraries
ii libmailutils0 1:0.6.1-4sarge2 GNU Mail abstraction library
ii libmysqlclient12 4.0.24-10sarge1 mysql database client library
ii libpam0g 0.76-22 Pluggable Authentication Modules l
ii libtasn1-2 0.2.10-3 Manage ASN.1 structures (runtime)
ii netbase 4.21 Basic TCP/IP networking system
ii zlib1g 1:1.2.2-4.sarge.2 compression library - runtime
-- no debconf information
Tags added: help
Request was from Jordi Mallach <jordi@debian.org>
to control@bugs.debian.org.
(full text, mbox, link).
Tags added: pending
Request was from Jordi Mallach <jordi@debian.org>
to control@bugs.debian.org.
(full text, mbox, link).
Reply sent to Jordi Mallach <jordi@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Ben Wheeler <ben@qolc.net>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #14 received at 350754-close@bugs.debian.org (full text, mbox, reply):
Source: mailutils
Source-Version: 1:1.1+dfsg1-1
We believe that the bug you reported is fixed in the latest version of
mailutils, which is due to be installed in the Debian FTP archive:
libmailutils-dev_1.1+dfsg1-1_i386.deb
to pool/main/m/mailutils/libmailutils-dev_1.1+dfsg1-1_i386.deb
libmailutils1_1.1+dfsg1-1_i386.deb
to pool/main/m/mailutils/libmailutils1_1.1+dfsg1-1_i386.deb
mailutils-comsatd_1.1+dfsg1-1_i386.deb
to pool/main/m/mailutils/mailutils-comsatd_1.1+dfsg1-1_i386.deb
mailutils-imap4d_1.1+dfsg1-1_i386.deb
to pool/main/m/mailutils/mailutils-imap4d_1.1+dfsg1-1_i386.deb
mailutils-mh_1.1+dfsg1-1_i386.deb
to pool/main/m/mailutils/mailutils-mh_1.1+dfsg1-1_i386.deb
mailutils-pop3d_1.1+dfsg1-1_i386.deb
to pool/main/m/mailutils/mailutils-pop3d_1.1+dfsg1-1_i386.deb
mailutils_1.1+dfsg1-1.diff.gz
to pool/main/m/mailutils/mailutils_1.1+dfsg1-1.diff.gz
mailutils_1.1+dfsg1-1.dsc
to pool/main/m/mailutils/mailutils_1.1+dfsg1-1.dsc
mailutils_1.1+dfsg1-1_i386.deb
to pool/main/m/mailutils/mailutils_1.1+dfsg1-1_i386.deb
mailutils_1.1+dfsg1.orig.tar.gz
to pool/main/m/mailutils/mailutils_1.1+dfsg1.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 350754@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jordi Mallach <jordi@debian.org> (supplier of updated mailutils package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 31 Oct 2006 20:24:18 +0100
Source: mailutils
Binary: mailutils-mh mailutils-imap4d mailutils-comsatd mailutils-pop3d libmailutils-dev mailutils libmailutils1
Architecture: source i386
Version: 1:1.1+dfsg1-1
Distribution: unstable
Urgency: medium
Maintainer: Jordi Mallach <jordi@debian.org>
Changed-By: Jordi Mallach <jordi@debian.org>
Description:
libmailutils-dev - Development files for GNU mailutils
libmailutils1 - GNU Mail abstraction library
mailutils - GNU mailutils utilities for handling mail
mailutils-comsatd - GNU mailutils-based comsatd daemon
mailutils-imap4d - GNU mailutils-based IMAP4 Daemon
mailutils-mh - GNU mailutils-based MH utilities
mailutils-pop3d - GNU mailutils-based POP3 Daemon
Closes: 350754 368628 391031 393396
Changes:
mailutils (1:1.1+dfsg1-1) unstable; urgency=medium
.
* New upstream release.
- imap4d should act correctly when two clients access and modify a
mailbox in parallel, not causing mailbox corruption
(closes: #350754).
* The source tarball has been trimmed of non-free elements:
- the GNU mailutils texinfo documentation under the GNU FDL with Cover
and Backcover texts.
- the rfc documentation (closes: #393396).
* debian/control:
- add libltdl3-dev to Build-Depends.
- remove no longer needed bzip2 Build-Depends.
- as we now lack texinfo docs, drop Build-Depends on texinfo, texi2html.
- mention the lack of PostgreSQL support due to OpenSSL vs. GPL
incompatibilities in mailutils and libmailutils1 README.Debian
(closes: #391031)
- get rid of mailutils-doc, the remaining contents have been moved
around the relevant packages.
- get rid of Build-Depend-Indep as well.
- adjust description to mention mimeview.
* debian/copyright:
- don't mention FDL licensed components and remove the full GNU FDL text.
- add pointers to common-licenses for GPL and LGPL.
* debian/rules: don't build html from texinfo sources.
* debian/mailutils-doc.*: removed, relevant stuff moved elsewhere.
* debian/mailutils.install: install mimeview.
* debian/mangen.sh:
- don't point at the texinfo manual in manpages.
- add mimeview.1 to generated manpages.
- add sensible manpage descriptions (closes: #368628).
- include mangen.inc in the generated manpages.
* debian/mangen.inc: point to the GNU site for the online mailutils
texinfo manual.
* debian/libmailutils1.shlibs: bump to 1.1.
* debian/patches/01_mail_segfault.patch: removed, fixed upstream.
* debian/patches/02_testsuite_8bit_output.patch: removed, partially fixed
upstream.
* debian/patches/03_mail_doc_prefix.patch: remove texinfo hunk.
* debian/patches/01_program_descriptions.patch: improve the program
description output in --help for comsatd and movemail.
Files:
55833f86b0077edffacbddc159c97ceb 1020 libs optional mailutils_1.1+dfsg1-1.dsc
7ae6c47980c1198417813535b884a606 2773485 libs optional mailutils_1.1+dfsg1.orig.tar.gz
9fdcaf2a7ade902796535ccb095d1066 20775 libs optional mailutils_1.1+dfsg1-1.diff.gz
8767cc1fcd29f20b5eb2440744e52772 629510 libs optional libmailutils1_1.1+dfsg1-1_i386.deb
8f851107842c965de7a1a91ca8a0eb6a 397428 libdevel optional libmailutils-dev_1.1+dfsg1-1_i386.deb
44c1a765a749af0f96bfa4efe8b8be12 220160 mail optional mailutils_1.1+dfsg1-1_i386.deb
cced77f2bdc74953fc2c6b8d3974c859 74690 net optional mailutils-imap4d_1.1+dfsg1-1_i386.deb
37236073c07c7a1592e4f9b3a5ad9ac8 58298 net optional mailutils-pop3d_1.1+dfsg1-1_i386.deb
5b7b6768c260f562960d8919419e79d9 45052 net optional mailutils-comsatd_1.1+dfsg1-1_i386.deb
698d8cc87be2121181805d6056c50fc1 844744 mail optional mailutils-mh_1.1+dfsg1-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFFR6mSJYSUupF6Il4RAs6EAJ4nVZod9YGOyZtPA1a4ujcx3qIbiACfQdyA
9iGUhBu3m013heXFB7p1O6s=
=KGCF
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 25 Jun 2007 22:12:06 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Sat Dec 23 09:21:49 2023;
Machine Name:
bembo
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.