Debugging some administration web-interface, I found out that, when issuing the IMAP command to the server: . setannotation "user.{mailbox}" "/comment" ("value.shared" NIL) the server immediatly dropped connection, if mailbox annotation alredy not contains "/comment" attribute. This is found on the x86 machine, but exaclty the same problem exists in the CentOS 5 distribution, Cyrus IMAP version v2.3.7-Invoca-RPM-2.3.7-2.el5, on AMD64 machine; that's why I'm filed the bug as belonging to 'All' architectures. I have a run under strace; last line from strace log says "Segmentation fault". If there were "/comment", same command works correctly, removing "/comment" attribute (I was not able to see any problems in the session immediatly or after a while). Reproducible: Always Steps to Reproduce: 1. Telnet to the running IMAP server: telnet hostname imap 2. Login there (maybe, administrator rights are needed). This will work only if plain login is enabled on unencrypted connection: . login "admin-login" "admin-password". 3. Find a mailbox without comment and issue a command that should delete the comment: . setannotation "mailbox" "/comment" ("value.shared" NIL). Instead of finding such mailbox, just issue the same command twice: if there were comment, it will be deleted at the first run and the second run will fail. Server will drop the connection. Actual Results: Server will drop the connection. Process with imapd will segfail. Expected Results: In order of predescence: 1) Server reply with tagged line ". NO something-about-that-there-is-no-such-attribute" 2) Server reply with tagged line ". BAD server-error", then untagged "* BYE server left out" (this is also crash, but the session will be correcty termitated in terms of IMAP protocol) Portage 2.1.4.4 (default-linux/x86/2007.0, gcc-4.1.2, glibc-2.6.1-r0, 2.6.24-gentoo-r4 i686) ================================================================= System uname: 2.6.24-gentoo-r4 i686 AMD Athlon(tm) XP 1900+ Timestamp of tree: Tue, 23 Sep 2008 23:05:01 +0000 app-shells/bash: 3.2_p17-r1 dev-lang/python: 2.4.4-r6 dev-python/pycrypto: 2.0.1-r6 sys-apps/baselayout: 1.12.11.1 sys-apps/sandbox: 1.2.18.1-r2 sys-devel/autoconf: 2.13, 2.61-r1 sys-devel/automake: 1.5, 1.6.3, 1.7.9-r1, 1.10 sys-devel/binutils: 2.18-r1 sys-devel/gcc-config: 1.4.0-r4 sys-devel/libtool: 1.5.24 virtual/os-headers: 2.6.23-r3 ACCEPT_KEYWORDS="x86" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=i686" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /var/bind" CONFIG_PROTECT_MASK="/etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo /etc/udev/rules.d" CXXFLAGS="-O2 -march=i686" DISTDIR="/usr/portage/distfiles" FEATURES="distlocks metadata-transfer sandbox sfperms strict unmerge-orphans userfetch" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" LANG="ru_RU.UTF-8" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="3dnow 3dnowext acl apache2 berkdb bzip2 clamav cli cracklib crypt cups curl dbus dri fam fortran gd gdbm gpm iconv idle imap isdnlog jpeg libwww logrotate maildir mbox midi mmx mmxext mudflap mysql mysqli ncurses nls nntp nptl nptlonly openmp pam pcre perl png pppd python readline reflection samba sample sasl session slang snmp spl sse ssl syslog tcpd unicode usb vda x86 xinetd xorg zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic auth_digest authn_anon authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock dbd deflate dir disk_cache env expires ext_filter file_cache filter headers ident imagemap include info log_config logio mem_cache mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_http rewrite setenvif so speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="apm ark chips cirrus cyrix dummy fbdev glint i128 i740 i810 imstt mach64 mga neomagic nsc nv r128 radeon rendition s3 s3virge savage siliconmotion sis sisusb tdfx tga trident tseng v4l vesa vga via vmware voodoo" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY Crashing imap session (passwords and other personal info are stripped): server ~ $ telnet localhost imap Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=CRAM-MD5 AUTH=DIGEST-MD5 AUTH=LOGIN AUTH=PLAIN AUTH=NTLM SASL-IR] server Cyrus IMAP4 v2.3.9-Gentoo server ready . login admin@server password . OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID LOGINDISABLED ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE URLAUTH] User logged in . setannotation "mailbox" "/comment" ("value.shared" NIL) Connection closed by foreign host. server ~ $ Strace log from the setannotation command and to end: select(1, [0], NULL, NULL, {1800, 0}) = 1 (in [0], left {1776, 900000}) time(NULL) = 1222275192 time(NULL) = 1222275192 select(1, [0], NULL, NULL, {1777, 0}) = 1 (in [0], left {1777, 0}) time(NULL) = 1222275192 time(NULL) = 1222275192 read(0, ". setannotation \"mailbox"..., 4096) = 79 time(NULL) = 1222275192 fcntl64(6, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0 fstat64(6, {st_mode=S_IFREG|0600, st_size=16860, ...}) = 0 stat64("/var/imap/mailboxes.db", {st_mode=S_IFREG|0600, st_size=16860, ...}) = 0 fcntl64(6, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0 fcntl64(6, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0 fstat64(6, {st_mode=S_IFREG|0600, st_size=16860, ...}) = 0 stat64("/var/imap/mailboxes.db", {st_mode=S_IFREG|0600, st_size=16860, ...}) = 0 fcntl64(6, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0 fcntl64(12, F_SETLKW, {type=F_WRLCK, whence=SEEK_SET, start=0, len=0}) = 0 fstat64(12, {st_mode=S_IFREG|0600, st_size=736, ...}) = 0 stat64("/var/imap/annotations.db", {st_mode=S_IFREG|0600, st_size=736, ...}) = 0 --- SIGSEGV (Segmentation fault) @ 0 (0) ---
Did you notify upstream yet?
(In reply to comment #1) > Did you notify upstream yet? > Yes, (but after your question) here: https://bugzilla.andrew.cmu.edu/show_bug.cgi?id=3084
According to https://bugzilla.andrew.cmu.edu/show_bug.cgi?id=3084#c2 this should be fixed in 2.3.12p2.
