[SRU] Please backport vsftpd 3.0.2-1ubuntu1 (main) from raring

Bug #1175953 reported by xavy
20
This bug affects 3 people
Affects Status Importance Assigned to Milestone
Precise Backports
Undecided
Unassigned
Quantal Backports
Undecided
Unassigned

Bug Description

Please backport vsftpd 3.0.2-1ubuntu1 (main) from saucy to precise.

Reason for the backport:
========================
If you see the original software changelog: https://security.appspot.com/vsftpd/Changelog.txt, the following check was added in 2.3.5:
- Add stronger checks for the configuration error of running with a writeable
root directory inside a chroot(). This may bite people who carelessly turned
on chroot_local_user but such is life.

This provokes that if a writeable root for a chroot exists, it will fail to log in with this message:

    500 OOPS: vsftpd: refusing to run with writable root inside chroot ()

If you look further in 3.0 version a key config for vsftpd.conf has been included that allows to set a writeable chroot:

    500 OOPS: vsftpd: refusing to run with writable root inside chroot ()

This is the situation up to now in precise and quantal (raring and saucy already include this 3.0 version) in both i386 and amd64.

Testing:
========
Mark off items in the checklist [X] as you test them, but please leave the checklist so that backporters can quickly evaluate the state of testing.

You can test-build the backport in your PPA with backportpackage:
$ backportpackage -u ppa:<lp username>/<ppa name> -s saucy -d raring vsftpd

* raring:
[ ] Package builds without modification
[ ] vsftpd installs cleanly and runs

Reverse dependencies:
=====================
The following reverse-dependencies need to be tested against the new version of vsftpd. For reverse-build-dependencies (-Indep), please test that the package still builds against the new vsftpd. For reverse-dependencies, please test that the version of the package currently in the release still works with the new vsftpd installed. Reverse- Recommends, Suggests, and Enhances don't need to be tested, and are listed for completeness-sake.

vsftpd
------
* ubumirror
  [ ] raring (Reverse-Suggests)
* harden-servers
  [ ] raring (Reverse-Conflicts)

Tags: sru Edit Tag help
Revision history for this message
Felix Geyer (debfx) wrote : Re: Please backport vsftpd 3.0.2-1ubuntu1 (main) from raring

Have you tested that the backport builds and runs fine on precise and quantal?

affects: raring-backports → quantal-backports
summary: - Please backport vsftpd 3.0.2-1ubuntu1 (main) from saucy
+ Please backport vsftpd 3.0.2-1ubuntu1 (main) from raring
Revision history for this message
xavy (xavyirc) wrote : Re: [Bug 1175953] Re: Please backport vsftpd 3.0.2-1ubuntu1 (main) from saucy

I did not do any tests I'm afraid, as I was just asking to backport it ;)

El 03/05/13 16:54, Felix Geyer escribió:
> Have you tested that the backport builds and runs fine on precise and
> quantal?
>
> ** Project changed: raring-backports => quantal-backports
>
> ** Also affects: precise-backports
> Importance: Undecided
> Status: New
>
> ** Summary changed:
>
> - Please backport vsftpd 3.0.2-1ubuntu1 (main) from saucy
> + Please backport vsftpd 3.0.2-1ubuntu1 (main) from raring
>

Felix Geyer (debfx)
Changed in quantal-backports:
status: New → Incomplete
Changed in precise-backports:
status: New → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote : Re: Please backport vsftpd 3.0.2-1ubuntu1 (main) from raring

[Expired for Quantal Backports because there has been no activity for 60 days.]

Changed in quantal-backports:
status: Incomplete → Expired
Revision history for this message
Norbert (nrbrtx) wrote :

The problem is still actual, please backport.
Vsftpd version 2.3.5 is unusable without allow_writeable_chroot option.

Changed in precise-backports:
status: Incomplete → Confirmed
Changed in quantal-backports:
status: Expired → Confirmed
summary: - Please backport vsftpd 3.0.2-1ubuntu1 (main) from raring
+ [SRU] Please backport vsftpd 3.0.2-1ubuntu1 (main) from raring
tags: added: precise sru
Revision history for this message
Norbert (nrbrtx) wrote :

And if it is not possible to backport the version from raring, may be it is possible to
publish thefrontiergroup's version (ppa:thefrontiergroup/vsftpd, https://launchpad.net/~thefrontiergroup/+archive/vsftpd) of vsftpd in Ubuntu Precise repositories?

Norbert (nrbrtx)
tags: removed: precise
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers