>>>>> Starting test075-dsee-persist for mdb... >>>>> Finished test075-dsee-persist for mdb after 0 seconds. >>>>> Starting test076-authid-rewrite for mdb... >>>>> Failed test076-authid-rewrite for mdb after 2 seconds make[1]: *** [Makefile:321: mdb-yes] Error 139 make: *** [Makefile:301: pmdb] Error 2 * ERROR: net-nds/openldap-2.6.1-r1::gentoo failed (test phase): ------------------------------------------------------------------- This is an unstable amd64 chroot image at a tinderbox (==build bot) name: 17.1_systemd-j4_test-20220531-140159 ------------------------------------------------------------------- gcc-config -l: [1] x86_64-pc-linux-gnu-12.1.1 * clang/llvm (if any): Python 3.9.12 Available Ruby profiles: (none found) Available Rust versions: (none found) php cli: HEAD of ::gentoo commit c308ffa205ec6c3c5779259b194447fd381d9b04 Author: Repository mirror & CI <repomirrorci@gentoo.org> Date: Tue May 31 15:05:33 2022 +0000 2022-05-31 15:05:33 UTC emerge -qpvO net-nds/openldap [ebuild N ] net-nds/openldap-2.6.1-r1 USE="cleartext crypt ipv6 sasl ssl syslog systemd test -argon2 -autoca -cxx -debug -experimental -gnutls -iodbc -kerberos -kinit -minimal -odbc -overlays -pbkdf2 -perl -samba (-selinux) -sha2 -smbkrb5passwd -static-libs -tcpd" ABI_X86="(64) -32 (-x32)"
Created attachment 781730 [details] emerge-info.txt
Created attachment 781733 [details] emerge-history.txt
Created attachment 781736 [details] environment
Created attachment 781739 [details] etc.portage.tar.bz2
Created attachment 781742 [details] logs.tar.bz2
Created attachment 781745 [details] net-nds:openldap-2.6.1-r1:20220531-171006.log.bz2
Same w/ (not yet in tree) 2.6.2: ``` >>>>> 00:09:25 Failed test076-authid-rewrite for mdb after 1 seconds make[1]: *** [Makefile:321: mdb-yes] Error 139 make: *** [Makefile:301: pmdb] Error 2 * ERROR: net-nds/openldap-2.6.2::gentoo failed (test phase): * emake failed ``` In /var/tmp/portage/net-nds/openldap-2.6.2/work/openldap-OPENLDAP_REL_ENG_2_6_2-abi_x86_64.amd64/tests/testout.0 (testout.1 has very very little in it), I see: ``` [...] >>>>> 00:09:24 Starting test076-authid-rewrite for mdb... running defines.sh Starting slapd on TCP/IP port 9011... /var/tmp/portage/net-nds/openldap-2.6.2/work/openldap-OPENLDAP_REL_ENG_2_6_2-abi_x86_64.amd64/tests Using ldapsearch to check that slapd is running... Checking whether DIGEST-MD5 is supported... Adding schema and database... Using ldapadd to populate the database... Adding olcAuthzRegexp rule for static mapping... Testing ldapwhoami as Manager... Segmentation fault ldapwhoami failed (139)! >>>>> 00:09:25 Failed test076-authid-rewrite for mdb after 1 seconds (exit 139) make[1]: Leaving directory '/var/tmp/portage/net-nds/openldap-2.6.2/work/openldap-OPENLDAP_REL_ENG_2_6_2-abi_x86_64.amd64/tests' ```
``` Core was generated by `/var/tmp/portage/net-nds/openldap-2.6.2/work/openldap-OPENLDAP_REL_ENG_2_6_2-ab'. Program terminated with signal SIGSEGV, Segmentation fault. #0 0x00007ff288482ec4 in EVP_EncryptUpdate (ctx=0x0, out=0x559e430dcde4 "0\036\002\001\003w\031\200\027\061.3.6.1.4.1.4203.1.11.3ST-MD5 client step 3", outl=0x7ffdc12d97d4, in=0x559e430dde40 "0\036\002\001\003w\031\200\027\061.3.6.1.4.1.4203.1.11.311.311.3", inl=0x20) at crypto/evp/evp_enc.c:614 614 if (!ctx->encrypt) { gef➤ bt #0 0x00007ff288482ec4 in EVP_EncryptUpdate (ctx=0x0, out=0x559e430dcde4 "0\036\002\001\003w\031\200\027\061.3.6.1.4.1.4203.1.11.3ST-MD5 client step 3", outl=0x7ffdc12d97d4, in=0x559e430dde40 "0\036\002\001\003w\031\200\027\061.3.6.1.4.1.4203.1.11.311.311.3", inl=0x20) at crypto/evp/evp_enc.c:614 #1 0x00007ff28807d6c9 in ?? () from /usr/lib64/sasl2/libdigestmd5.so #2 0x00007ff28807dd18 in ?? () from /usr/lib64/sasl2/libdigestmd5.so #3 0x00007ff2889ad41e in ?? () from /usr/lib64/libsasl2.so.3 #4 0x00007ff2889af432 in sasl_encodev () from /usr/lib64/libsasl2.so.3 #5 0x00007ff2889af520 in sasl_encode () from /usr/lib64/libsasl2.so.3 #6 0x00007ff2889ecc5a in sb_sasl_cyrus_encode () from /var/tmp/portage/net-nds/openldap-2.6.2/work/openldap-OPENLDAP_REL_ENG_2_6_2-abi_x86_64.amd64/libraries/libldap/.libs/libldap.so.2 #7 0x00007ff2889efa49 in sb_sasl_generic_write () from /var/tmp/portage/net-nds/openldap-2.6.2/work/openldap-OPENLDAP_REL_ENG_2_6_2-abi_x86_64.amd64/libraries/libldap/.libs/libldap.so.2 #8 0x00007ff2889cc7f8 in ber_int_sb_write () from /var/tmp/portage/net-nds/openldap-2.6.2/work/openldap-OPENLDAP_REL_ENG_2_6_2-abi_x86_64.amd64/libraries/liblber/.libs/liblber.so.2 #9 0x00007ff2889c9bbb in ber_flush2 () from /var/tmp/portage/net-nds/openldap-2.6.2/work/openldap-OPENLDAP_REL_ENG_2_6_2-abi_x86_64.amd64/libraries/liblber/.libs/liblber.so.2 #10 0x00007ff2889f93a7 in ldap_int_flush_request () from /var/tmp/portage/net-nds/openldap-2.6.2/work/openldap-OPENLDAP_REL_ENG_2_6_2-abi_x86_64.amd64/libraries/libldap/.libs/libldap.so.2 #11 0x00007ff2889f9692 in ldap_send_server_request () from /var/tmp/portage/net-nds/openldap-2.6.2/work/openldap-OPENLDAP_REL_ENG_2_6_2-abi_x86_64.amd64/libraries/libldap/.libs/libldap.so.2 #12 0x00007ff2889f9a41 in ldap_send_initial_request () from /var/tmp/portage/net-nds/openldap-2.6.2/work/openldap-OPENLDAP_REL_ENG_2_6_2-abi_x86_64.amd64/libraries/libldap/.libs/libldap.so.2 #13 0x00007ff2889ec42d in ldap_extended_operation () from /var/tmp/portage/net-nds/openldap-2.6.2/work/openldap-OPENLDAP_REL_ENG_2_6_2-abi_x86_64.amd64/libraries/libldap/.libs/libldap.so.2 #14 0x0000559e4114f00c in main () ``` I think cyrus-sasl might be broken somehow with OpenSSL 3.
https://github.com/cyrusimap/cyrus-sasl/commit/887dbc0435056ec58ee48c4d803f110ade1e4c39 https://github.com/cyrusimap/cyrus-sasl/commit/dfaa62392e7caecc6ecf0097b4d73738ec4fc0a8 https://github.com/cyrusimap/cyrus-sasl/commit/c2bd3afbca57f176d8c650670ce371444bb7fcc0
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0b6f917fbb156370f36f38def0db2a04e569f07b commit 0b6f917fbb156370f36f38def0db2a04e569f07b Author: Sam James <sam@gentoo.org> AuthorDate: 2022-06-01 04:53:37 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-06-01 05:05:58 +0000 dev-libs/cyrus-sasl: backport OpenSSL 3 patches (+ small other fixes) Also, throw in: - upstream version of static build / PIC patch (same as we had before, just with commit headers now) - gdbm errno variable change (looks like a typo in the original fix) Bug: https://bugs.gentoo.org/848831 Signed-off-by: Sam James <sam@gentoo.org> dev-libs/cyrus-sasl/Manifest | 1 + dev-libs/cyrus-sasl/cyrus-sasl-2.1.28-r3.ebuild | 218 ++++++++++++++++++++++++ 2 files changed, 219 insertions(+)
With the cyrus-sasl fixes, it's a bit better, but not great. Still OpenSSL 3 related, I guess, as you have to lod a legacy provider to get RC4: ``` >>>>> 00:09:26 Starting test076-authid-rewrite for mdb... running defines.sh Starting slapd on TCP/IP port 9011... /var/tmp/portage/net-nds/openldap-2.6.2/work/openldap-OPENLDAP_REL_ENG_2_6_2-abi_x86_64.amd64/tests Using ldapsearch to check that slapd is running... Checking whether DIGEST-MD5 is supported... Adding schema and database... Using ldapadd to populate the database... Adding olcAuthzRegexp rule for static mapping... Testing ldapwhoami as Manager... ldap_sasl_interactive_bind: Local error (-2) additional info: SASL(-1): generic failure: internal error: failed to init cipher 'rc4' ldapwhoami failed (254)! >>>>> 00:09:27 Failed test076-authid-rewrite for mdb after 1 seconds (exit 254) make[1]: Leaving directory '/var/tmp/portage/net-nds/openldap-2.6.2/work/openldap-OPENLDAP_REL_ENG_2_6_2-abi_x86_64.amd64/tests' ```
Let's close this bug as the original issue is fixed, anyway.
