This bug was fixed in the package postfix - 3.4.13-0ubuntu1.2
---
postfix (3.4.13-0ubuntu1.2) focal; urgency=medium
* d/rules: Removed LDFLAG -Bsymbolic-functions (LP: #1885403).
-- Miriam España Acebal Tue, 07 Sep 2021
08:58:01 +0200
** Changed in: postfix (Ubuntu Focal)
This bug was fixed in the package postfix - 3.5.6-1ubuntu0.2
---
postfix (3.5.6-1ubuntu0.2) hirsute; urgency=medium
* d/rules: Removed LDFLAG -Bsymbolic-functions (LP: #1885403).
-- Miriam España Acebal Tue, 07 Sep 2021
11:36:44 +0200
** Changed in: postfix (Ubuntu Hirsute)
Thanks everyone for fixing this issue.
Nick.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1885403
Title:
posttls-finger fails to connect to private/tlsmgr
To manage notifications about this bug
Doing verification for Hirsute:
root@hirsute:/home/ubuntu# apt install postfix/hirsute-proposed
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Selected version '3.5.6-1ubuntu0.2' (Ubuntu:21.04/hirsute-proposed [amd64]) for
'postfix'
[...]
Doing verification for Focal:
root@focal:~# apt upgrade postfix/focal-proposed
Reading package lists... Done
Building dependency tree
Reading state information... Done
Selected version '3.4.13-0ubuntu1.2' (Ubuntu:20.04/focal-proposed [amd64]) for
'postfix'
[...]
Unpacking postfix
For future reference, it would be helpful if the upstream rationale for
why we should drop this build flag would be included in the SRU bug
description. It's quite unusual to have a legitimate case where we
should not build with -Bsymbolic-functions; this one does fit the bill
but it took some
Thanks to you for all your help in this Christian :).
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1885403
Title:
posttls-finger fails to connect to private/tlsmgr
To manage notifications about
This bug was fixed in the package postfix - 3.5.6-1ubuntu2
---
postfix (3.5.6-1ubuntu2) impish; urgency=medium
* d/rules: Removed LDFLAG -Bsymbolic-functions (LP: #1885403).
* d/p/postfix-3.6.2-glibc-234-build-fix.patch: Fix for building
against glibc-2.34 (LP: #1939353).
** Merge proposal linked:
https://code.launchpad.net/~mirespace/ubuntu/+source/postfix/+git/postfix/+merge/408205
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1885403
Title:
posttls-finger
FYI: Uploaded to impish
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1885403
Title:
posttls-finger fails to connect to private/tlsmgr
To manage notifications about this bug go to:
** Merge proposal linked:
https://code.launchpad.net/~mirespace/ubuntu/+source/postfix/+git/postfix/+merge/408202
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1885403
Title:
posttls-finger
That upstream report and answer is great and a clear indication of
disabling symblic-functions for this build. Thanks for driving that
@mirespace!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1885403
** Description changed:
[SRU]
[Impact]
- If posttls-finger is not used within /var/spool/postfix, the
+ If posttls-finger is not used within /var/spool/postfix, the
private/tlmsgr socket is not found and TLS is disabled.
[Test Plan]
- This behaviour has been seen in Focal,
** Description changed:
+ [SRU]
+
+ [Impact]
+
+ If posttls-finger is not used within /var/spool/postfix, the
+ private/tlmsgr socket is not found and TLS is disabled.
+
+ [Test Plan]
+
+ This behaviour has been seen in Focal, Hirsute (also in Impish).
+
+ To test the bad response, run
We discover that if we remove the -BSymbolic-functions from LDFLAGS when
building, the problem goes away. After this, we think that something
with the exposure/rellocation of the folder for the servicename on the
shared library can be the origin of this behaviour. We reported this to
upstream
** Changed in: postfix (Ubuntu Groovy)
Status: Confirmed => Won't Fix
** Changed in: postfix (Ubuntu Focal)
Assignee: (unassigned) => Miriam España Acebal (mirespace)
** Changed in: postfix (Ubuntu Impish)
Status: Confirmed => In Progress
** Changed in: postfix (Ubuntu Focal)
** Merge proposal linked:
https://code.launchpad.net/~mirespace/ubuntu/+source/postfix/+git/postfix/+merge/408137
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1885403
Title:
posttls-finger
** Also affects: postfix (Ubuntu Impish)
Importance: Low
Status: Confirmed
** Changed in: postfix (Ubuntu Impish)
Assignee: (unassigned) => Miriam España Acebal (mirespace)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
Comparing sbuild logs and running that commands in the correspondent
chroots, we found flags and defines present in impish but not on sid:
* LDFLAGS
-z now -z relro (but in the build logs is present in both)
-flto=auto
-Bsymbolic-functions
*CFLAGS
-flto=auto -ffat-lto-objects
I realized that gdb and maps (that I both had already) give me all that I need.
When stopping at a function from libpostfix-tls.so I can print where I am and
check which file is mapped there:
Breakpoint 1, tls_log_mask (log_param=0xc6f8 "-L option",
log_level=0x555728c0
As I have mentioned before I assume as-needed [1] could play a role, at least
for pthread that you wondered about it most likely does.
-lpthread might be listed somewhere, but if not needed it will not effectvely
be linked in Ubuntu but t will in Debian.
No guarantees, but I'd not expect
I built ubuntu package on sid, and this package ubuntu-sourced but
debian-built works ok on impish, so ... What is the difference between
the two compilations mode? or, does it link something different?
Doing a ldd -v on libpostfix-tls.so* from @paelzer in comment [#22](
I had a look at the library interaction like:
$ dist=ubuntu; rm libpostfix-tls.so.${dist}.ltrace; cp -v libpostfix-
tls.so.debug${dist} /usr/lib/postfix/libpostfix-tls.so; ltrace -f -s 128
--no-signals --library=libpostfix-tls.so posttls-finger
mx.dmz.tait.net.nz >libpostfix-tls.so.${dist}.ltrace
Before the really interesting bit first some data that is equal.
Frame/Backtrace wise in gdb they do not look too different:
Debian:
Breakpoint 1, tls_log_mask (log_param=0xc6f8 "-L option",
log_level=0x555728c0 "routine,certmatch") at tls_misc.c:545
545 tls_misc.c: No such file
Here two non-stripped -O0 builds from the very same 3.6.5-1 (plus the
glibc 234 fix):
https://people.canonical.com/~paelzer/libpostfix-tls.so.debugdebian
https://people.canonical.com/~paelzer/libpostfix-tls.so.debugubuntu
The are making the case work/fail when placed at
BTW since it was trivial to try, forcing the conifig to LINUX4 did not
change anything (as expected).
The library that makes the difference consists of all the usual suspects
that we've already seen/heard - it is linked from:
tls_prng_dev.o tls_prng_egd.o tls_prng_file.o tls_fprint.o
libpostfix-tls.so is loaded by posttls-finger as we can see in the
debugging session, while trying to figure out how the path to the socket
is created:
Breakpoint 1, tls_mgr_open () at tls_mgr.c:163
163 tls_mgr.c: No such file or directory.
(gdb) bt
#0 tls_mgr_open () at tls_mgr.c:163
#1
That is it - so /usr/lib/postfix/libpostfix-tls.so is the single file we
need to exchange on an Ubuntu Impish system taking the libpostfix-tls.so
from postfix_3.5.6-1+b1_amd64.deb that makes it work.
It then is also non-important if I run the posttls-finger from the
Ubuntu or the Debian build.
To make the exchange have even less side effects I was extracting the .deb
files and only called the different finger programs.
I started on a Ubuntu system that is broken, and by the former experiment we
know that installing the Debian .deb of postfix would fix it.
1. Only calling the debian
Of the config files only /etc/postfix/makedefs.out changes as part of this
exchange.
That contains the build-settings and in there one only thing was suspicious to
me.
The detection as SYSTYPE = LINUX4 vs the 5 that Ubuntu has.
In the long past these detections could change a lot in the handling
I was exchanging the builds of Debian-sid and Ubuntu in an Impish system.
That means dpkg -i for postfix_3.5.6-1+b1_amd64.deb /
postfix_3.5.6-1ubuntu1_amd64.deb
Of these the Ubuntu build fails and the Debian build works.
Due to exchanging it in-place - Everything else like libc and so on are
More interestingly even the very similar version from Debian works just fine
(just as mentioned even back in comment #2).
3.5.6-1+b1 in sid worked fine in my test.
That is closer code and config-wise than Fedora.
That would be a better partner for the comparison in (a).
--
You received this
Since I have seen 3.5.10 to work in fedora @mirespace and myself have built
3.5.12, but in Ubuntu that fails the very same way as our normal version in
impish.
That might be due to differences in the configuration, but I could not easily
spot it from here.
Possible steps from here:
a) GDB
And to confirm on "it seems to be opening things relative to the CWD"
here a small test:
mkdir -p /tmp/test/private
ln -s /var/spool/postfix/private/tlsmgr /tmp/test/private/tlsmgr
cd /tmp/test/
posttls-finger mx.dmz.tait.net.nz
Miriam will post a few more detailed updates what we have seen in
In terms of version comparison (call the example not in
/var/spool/postfix to have tls support) is:
Ubuntu:
bionic 3.3.0-1ubuntu0.4 working
focal 3.4.13-0ubuntu1.1 failing
hirsute 3.5.6-1 failing
impish 3.5.6-1ubuntu1failing
Fedora:
32 2:3.5.10-2.fc34 working
34
** Changed in: postfix (Ubuntu Hirsute)
Assignee: (unassigned) => Miriam España Acebal (mirespace)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1885403
Title:
posttls-finger fails to connect
** Description changed:
When running posttls-finger on focal, it attempts to connect to
private/tlsmgr, and unless the program is being run from
/var/spool/postfix as root, this fails and posttls-finger disables TLS
in the subsequent connection that it makes to the specified SMTP server.
Aha, bunch more analysis was done on this issue as part of this:
https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1868955
Comment #17 in particular suggests "private/tlsmgr" is probably a red
herring, and comment #21 and #23 have some good debugging analysis.
Comments #26 and
A portion of the strace running this from /:
futex(0x7f9b450e27e8, FUTEX_WAKE_PRIVATE, 2147483647) = 0
socket(AF_UNIX, SOCK_STREAM, 0) = 3
fcntl(3, F_GETFL) = 0x2 (flags O_RDWR)
fcntl(3, F_SETFL, O_RDWR) = 0
connect(3, {sa_family=AF_UNIX,
Confirmed the test case (although the provided url is 404) on Focal:
root@triage-focal:/home/bryce# cd /
root@triage-focal:/# posttls-finger mx.dmz.tait.net.nz
posttls-finger: warning: connect to private/tlsmgr: No such file or directory
posttls-finger: warning: connect to private/tlsmgr: No such
** Tags added: server-next
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1885403
Title:
posttls-finger fails to connect to private/tlsmgr
To manage notifications about this bug go to:
Debian sid package + latest 3.5 upstream patch rebuild on Debian sid.
Work perfectly on Ubuntu 20.04 (with libicu67 and libnsl2 added).
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1885403
Title:
Ubuntu build/toolchain problem confirmed.
The verbatim Debian package work perfectly. No more posttls-finger trying to
connect to the tlsmgr daemon.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Ok, you know what ? Latest Debian package rebuild on Ubuntu : same error.
Will try a verbatim Debian package to see if it is a build chain problem.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Running not chrooted here since age. But affected.
This is clearly a linking problem. Posttls-finger does not pick the tlsmgr
subs of the local tlsmgrmem.o object but the global real one.
Citing the posttls-finger source code : " It does not communicate with the
tlsmgr daemon (or any other
** Changed in: postfix (Ubuntu)
Importance: Undecided => Low
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1885403
Title:
posttls-finger fails to connect to private/tlsmgr
To manage
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: postfix (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1885403
Title:
No. We've had postfix in a chroot since approximately forever. It
might be something in default path resolution has changed? Since I no
longer us Ubuntu, I really don't know.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Hi Scott.
I was thinking it was something along those lines, but based on what
I've read this issue is specific to focal.
>From Jan's original bug report -
https://bugs.launchpad.net/ubuntu/focal/+source/postfix/+bug/1868955/comments/2
(which eventually focussed on just the DANE issue):
> ...
We (Debian and derivatives such as Ubuntu) have postfix in a chroot by
default. This is a side effect of that configuration.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1885403
Title:
50 matches
Mail list logo
