I just saw your request for a gdb trace.
I have not done this before. But I enabled the debuginfo repo and installed the requested packages while trying to run a debug. Let me know if this is correct....
[root@mailsrv01 ~]# gdb /usr/local/citadel/citserver
GNU gdb (GDB) Red Hat Enterprise Linux 8.2-16.el8
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/local/citadel/citserver...done.
(gdb) start
Temporary breakpoint 1 at 0x4179aa: file server_main.c, line 73.
Starting program: /usr/local/citadel/citserver
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Temporary breakpoint 1, main (argc=1, argv=0x7fffffffe2f8) at server_main.c:73
73 server_main.c: No such file or directory.
(gdb)
Subject: Docker version, reporting some bugs with aliases
I have some issues with the docker version unning Citadel 941 with WebCit 941, server build 941
Issue 1. I cannot find a shortcut to edit my address and aliases.
But, in order to "see" my vcard I need to perform the following steps:
- Open "Contacts".
- Go to: Administration - User account management - Add, change, delete user accounts
- Search & select for an account (mine for example)
- Click on "Edit address book entry".
- Show a window with title "Contacts" only with my name "My Name" + Click on the button "Cancel".
- Click on the "Cancel" button
- Displays another window
identical to the Contacts window with my name
(no - (no
My Name
- Click on my name
- Shows my vcard
- Click below on "[edit]"
My: Primary Internet e-mail address and Internet e-mail aliases appear.
Here I can edit and add addresses.
Issue 2: My primary address shows incorrect; it always shows something different if I change it and go back to edit vcard
Issue 3:
- Save changes (if I correct or add something)
- The "Basic commands" window is displayed
Although the vcard displayed shows a number of aliases.
When editing, it removes one address at random from the list of aliases.
If I save without adding, is deletes the missing address.
Every time I repeat the process, it changes the primary and when editing it removes a random address.
And so on ad-nauseum.
Regards
Subject: Re: Docker version, reporting some bugs with aliases
To edit the email aliases for a user:
1. From the main screen, select "Administration"
2. Under the "User account management" menu, select "Add, change, delete user accounts"
3. Select the user to be edited, and click "Edit configuration"
(do not click "Edit address book entry". It is
not there anymore.)
4. On this screen, "Primary Internet e-mail address" is the address that will be used for all outgoing mail. The user can also receive mail at this address.
5. "Internet e-mail aliases" is where you would put any additional addresses for the user, separated by commas. The user can receive mail at any of these addresses.
You can also edit a user's email addresses in the text mode client, using the .Aide User-edit command.
Again, there is no longer any ability to edit email addresses
from the user's address book entry. That was a hack that has been
removed.
Good day
I have some issues with the docker version unning Citadel 941 with WebCit 941, server build 941
Issue 1. I cannot find a shortcut to edit my address and aliases.
Why is citadel not packed for Debian 11?
The short answer is that no one was willing to continue maintaining the package.
We owe a debt of gratitude to previous maintainers for their work. It would be difficult to continue doing so, because Citadel no longer supports being installed in LHFS mode with different files everywhere (/etc /var /usr/sbin and so on). This was becoming very cumbersome to maintain, as it added a lot of complexity to the build system.
Now that Citadel only supports a consolidated installation, it can be packaged for Debian, but they would never include it in the main repos. So if you want a convenient, pre-compiled, correctly built Citadel system that is guaranteed to run, your best option is now the Docker version.
Subject: Re: Docker version, reporting some bugs with aliases
Unfortunately after repeating the steps several times; neither the primary address nor the aliases are preserved in the mentioned boxes.
It seems that something is missing in this version of Docker that works on your side.
Randomly something is left in the primary address, hard to know which one is going to be left and as at the moment my Citadel-docker is not in production I don't know if it is preserving the other aliases; I will check my notes I think I remember we once mentioned how to do a test mailing for any of the addresses I may have; if it works with the primary address or invisible aliases I will comment later.
Regards.
To edit the email aliases for a user:
1. From the main screen, select "Administration"
2. Under the "User account management" menu, select "Add, change, delete user accounts"
3. Select the user to be edited, and click "Edit configuration"
(do not click "Edit address book entry". It is not there anymore.)4. On this screen, "Primary Internet e-mail address" is the address that will be used for all outgoing mail. The user can also receive mail at this address.
5. "Internet e-mail aliases" is where you would put any additional addresses for the user, separated by commas. The user can receive mail at any of these addresses.
You can also edit a user's email addresses in the text mode client, using the .Aide User-edit command.
Again, there is no longer any ability to edit email addresses from the user's address book entry. That was a hack that has been removed.
On 12/15/21 13:59, s3cr3to wrote:
Good day
I have some issues with the docker version unning Citadel 941 with WebCit 941, server build 941
Issue 1. I cannot find a shortcut to edit my address and aliases.
Subject: Re: Docker version, reporting some bugs with aliases
Unfortunately after repeating the steps several times; neither the primary address nor the aliases are preserved in the mentioned boxes.
It seems that something is missing in this version of Docker that works on your side.
Randomly something is left in the primary address, hard to know which one is going to be left and as at the moment my Citadel-docker is not in production I don't know if it is preserving the other aliases; I will check my notes I think I remember we once mentioned how to do a test mailing for any of the addresses I may have; if it works with the primary address or invisible aliases I will comment later.
Regards.
To edit the email aliases for a user:
1. From the main screen, select "Administration"
2. Under the "User account management" menu, select "Add, change, delete user accounts"
3. Select the user to be edited, and click "Edit configuration"
(do not click "Edit address book entry". It is not there anymore.)4. On this screen, "Primary Internet e-mail address" is the address that will be used for all outgoing mail. The user can also receive mail at this address.
5. "Internet e-mail aliases" is where you would put any additional addresses for the user, separated by commas. The user can receive mail at any of these addresses.
You can also edit a user's email addresses in the text mode client, using the .Aide User-edit command.
Again, there is no longer any ability to edit email addresses from the user's address book entry. That was a hack that has been removed.
On 12/15/21 13:59, s3cr3to wrote:
Good day
I have some issues with the docker version unning Citadel 941 with WebCit 941, server build 941
Issue 1. I cannot find a shortcut to edit my address and aliases.
You get the warning about a self-signed certificate, and you can
accept the exception
The majority of support issues these days seem to center around certificate management. These are being heard loud and clear, and we are going to make some big changes in the next release.
I think what we need to do is eliminate the requirement for Citadel Server and WebCit to have different certificate directories (even though you can link them together), and manage it all together. This implies that WebCit will always have to run on the same host as Citadel Server, but I think everyone is doing that already. Shout out if you have any other configuration.
The system will be modified to allow the certificate to be changed without restarting, and support for the ACME HTTP-01 challenge, which should allow us to use Let's Encrypt certificates.
I was browsing the setup menus and found entries for NNTP ports. Cool! Citadel can do Usenet? I searched the GUI but I can't find where they are. Will someone enlighten me please?
It was built as part of a project that ended before we added read-write and server-to-server support. We are exploring other ways of joining Citadel into federated social networks; these days it doesn't look like NNTP is it, but if that ever changes we can expand on our existing work.
Meanwhile, if you find the existing service useful, enjoy it!
There is a very basic, undocumented, read-only NNTP service in Citadel Server.
It was built as part of a project that ended before we added read-write and server-to-server support. We are exploring other ways of joining Citadel into federated social networks; these days it doesn't look like NNTP is it, but if that ever changes we can expand on our existing work.
Meanwhile, if you find the existing service useful, enjoy it!
Well thanks for the info and satisfying my curiosity :)
Hi,
I'm using the docker version of citadel, and after upgrade to 942, it constantly crashes, and it may results in a db error.
I'm guessing it may have something to do with the changes in serv_crypto.c ?
Found something....
according to the code cert_time is the mtime of cert file, but in my case my key file's mtime is always after the cert's, bind_to_key_and_certificate will be called every time.
Subject: Re: server crashes after upgrade to 942
I've tried cleanup on the first crash, that doesn't help, I have to use a backup and roll back to 941 version image. SSL_CTX_use_certificate_chain_file in the bind_to_key_and_certificate is not thread safe right? I think when multiple threads entered this function can cause the server crash.
I see the new commit on serv_crypto.c file, and I think it still can cause server crash on some condition. When the key or cert file did change, meanwhile multiple pop3s connection come in, all these threads may call the SSL_CTX_use_certificate_chain_file function in the same time and causing to server crash. There may need a lock to prevent multiple threads cert&key reload operations.
Subject: Re: server crashes after upgrade to 942
Good thinking, and we'll definitely have to look at the threadsafeness of that call. Is your restored 941 image working properly now? If so, that does suggest that the updated certificate management code has something to do with it. Thanks for actively participating in the search for a fix -- very much appreciated!
The updated code that you're looking at hasn't been released yet, but if we have to wrap it in a mutex then that's fine. It should only get called once, and even then only when it sees a new key or certificate. The bug you discovered caused it to get called over and over again when the key is newer than the certificate -- something that theoretically should never happen, since the certificate is generated *from* the key.
I'll see if we can get it to crash by making that code get called *every* time whether it needs to or not, and then slamming it with connections.
After downgrade to 941 the server works fine. And I use the 943 version's code comment out the update_key_and_cert_if_needed() line in serv_crypto.c, build a new docker image, this image works too, never crashed.
Base on alphabet citadel.cer is in front of citadel.key, my files are copied from another server, so the cert file's modified time is before the key file's.
Subject: Re: server crashes after upgrade to 942
The patch you applied will reduce the crashes to almost nil since it's only vulnerable at the split second the certificate is *actually* changed, but I'm going to go in and fix it right.
Thanks again for such an intelligently investigated bug report. You made it easy :)
Happy to help~
Thank you for your work on citadel!
Hi,
I'm using my own built 943 image without the update_key_and_cert_if_needed, and encountered another server crash. Here's the log.