package bacula-director-sqlite3 2.4.0-1ubuntu1 [modified: usr/sbin/bacula-dir usr/sbin/dbcheck] failed to install/upgrade:

Bug #246298 reported by Moti Ochayun
6
Affects Status Importance Assigned to Milestone
Bacula
Unknown
Unknown
bacula (Ubuntu)
High
Chuck Short

Bug Description

Binary package hint: bacula

i did upgrade and i get the error

ProblemType: Package
Architecture: i386
Date: Mon Jul 7 18:29:05 2008
DistroRelease: Ubuntu 8.10
ErrorMessage:
 ErrorMessage: subprocess post-installation script returned error exit status 1
Package: bacula-director-sqlite3 2.4.0-1ubuntu1 [modified: usr/sbin/bacula-dir usr/sbin/dbcheck]
PackageArchitecture: i386
SourcePackage: bacula
Title: package bacula-director-sqlite3 2.4.0-1ubuntu1 [modified: usr/sbin/bacula-dir usr/sbin/dbcheck] failed to install/upgrade:
Uname: Linux 2.6.26-3-generic i686

Revision history for this message
Moti Ochayun (moti) wrote :
Revision history for this message
Pascal De Vuyst (pascal-devuyst) wrote :
Download full text (5.4 KiB)

That's because bacula-director-sqlite3 2.4.0-1ubuntu1 fails to start:

Setting up bacula-director-sqlite3 (2.4.0-1ubuntu1) ...
 * Stopping Bacula Director:
   ...done.
 * Starting Bacula Director:
*** buffer overflow detected ***: /usr/sbin/bacula-dir terminated
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x48)[0x46666388]
/lib/tls/i686/cmov/libc.so.6[0x466644b0]
/usr/sbin/bacula-dir[0x80b7ca9]
/usr/sbin/bacula-dir[0x804db53]
/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe5)[0x46582685]
/usr/sbin/bacula-dir(__gxx_personality_v0+0x13d)[0x804b8e1]
======= Memory map: ========
08047000-080ef000 r-xp 00000000 08:02 657354 /usr/sbin/bacula-dir
080ef000-080f0000 r--p 000a7000 08:02 657354 /usr/sbin/bacula-dir
080f0000-080f4000 rw-p 000a8000 08:02 657354 /usr/sbin/bacula-dir
080f4000-080f5000 rw-p 080f4000 00:00 0
09e68000-09e89000 rw-p 09e68000 00:00 0 [heap]
4654e000-46568000 r-xp 00000000 08:02 1572919 /lib/ld-2.8.90.so
46568000-46569000 r--p 0001a000 08:02 1572919 /lib/ld-2.8.90.so
46569000-4656a000 rw-p 0001b000 08:02 1572919 /lib/ld-2.8.90.so
4656c000-466c4000 r-xp 00000000 08:02 1605661 /lib/tls/i686/cmov/libc-2.8.90.so
466c4000-466c6000 r--p 00158000 08:02 1605661 /lib/tls/i686/cmov/libc-2.8.90.so
466c6000-466c7000 rw-p 0015a000 08:02 1605661 /lib/tls/i686/cmov/libc-2.8.90.so
466c7000-466ca000 rw-p 466c7000 00:00 0
466cc000-466ce000 r-xp 00000000 08:02 1605774 /lib/tls/i686/cmov/libdl-2.8.90.so
466ce000-466cf000 r--p 00001000 08:02 1605774 /lib/tls/i686/cmov/libdl-2.8.90.so
466cf000-466d0000 rw-p 00002000 08:02 1605774 /lib/tls/i686/cmov/libdl-2.8.90.so
466d2000-466f6000 r-xp 00000000 08:02 1605783 /lib/tls/i686/cmov/libm-2.8.90.so
466f6000-466f7000 r--p 00023000 08:02 1605783 /lib/tls/i686/cmov/libm-2.8.90.so
466f7000-466f8000 rw-p 00024000 08:02 1605783 /lib/tls/i686/cmov/libm-2.8.90.so
466fa000-4670f000 r-xp 00000000 08:02 1605700 /lib/tls/i686/cmov/libpthread-2.8.90.so
4670f000-46710000 r--p 00014000 08:02 1605700 /lib/tls/i686/cmov/libpthread-2.8.90.so
46710000-46711000 rw-p 00015000 08:02 1605700 /lib/tls/i686/cmov/libpthread-2.8.90.so
46711000-46713000 rw-p 46711000 00:00 0
4695a000-46961000 r-xp 00000000 08:02 1605781 /lib/tls/i686/cmov/librt-2.8.90.so
46961000-46962000 r--p 00007000 08:02 1605781 /lib/tls/i686/cmov/librt-2.8.90.so
46962000-46963000 rw-p 00008000 08:02 1605781 /lib/tls/i686/cmov/librt-2.8.90.so
4735d000-47372000 r-xp 00000000 08:02 1605671 /lib/tls/i686/cmov/libnsl-2.8.90.so
47372000-47373000 r--p 00014000 08:02 1605671 /lib/tls/i686/cmov/libnsl-2.8.90.so
47373000-47374000 rw-p 00015000 08:02 1605671 /lib/tls/i686/cmov/libnsl-2.8.90.so
47374000-47376000 rw-p 47374000 00:00 0
47499000-4749b000 r-xp 00000000 08:02 1605811 /lib/tls/i686/cmov/libutil-2.8.90.so
4749b000-4749c000 r--p 00001000 08:02 1605811 /lib/tls/i686/cmov/libutil-2.8.90.so
4749c000-4749d000 rw-p 00002000 08:02 1605811 /lib/tls/i686/cmov/libutil-2.8.90.so
47518000-4751f000 r-xp 00000000 08:02 1572990 /lib/libwrap.so.0.7.6
4751f000-47521000 rw-p 00006000 08:02 1572990 /lib/...

Read more...

Changed in bacula:
status: New → Confirmed
Revision history for this message
Chuck Short (zulcss) wrote :

This has been fixed already in a recent upload.

Thanks
chuck

Changed in bacula:
status: Confirmed → Fix Released
Revision history for this message
Kees Cook (kees) wrote :

The crash isn't fixed -- it's just hidden. We need to drill down and find the root-cause of the overflow.

Changed in bacula:
assignee: nobody → zul
importance: Undecided → High
milestone: none → intrepid-alpha-6
status: Fix Released → Confirmed
assignee: zul → zulcss
Revision history for this message
Kern Sibbald (kern) wrote :

If Fortify source is turned of the problem *is* fixed and not simply hidden.

The output indicates that that this crash is due to the fact that Bacula was built with -DFORTIFY_SOURCE=2 (please check spelling). The glibc code that implements this feature according to the authors of the code may generate false positives, and that is indeed the case here. The code reports a buffer overflow where one does *not* exist.

This problem is easily detected because after building Bacula and running any test case, it crashes the first and every time.

Solution:
1. Build Bacula without the fortify source option. It is unnecessary, a flawed implementation, and Bacula does its own checking for these things.

2. Please always run the regression scripts after building a new version.

Best regards,

Kern

Revision history for this message
Kern Sibbald (kern) wrote :

I would recommend to the packagers to move up to Bacula version 2.4.2 as quickly as possible. Versions 2.4.0 and 2.4.1 had a number of important problems concerning mounting tape volumes particularly in manual mount situations (non-autochanger). Version 2.4.2 is a "critical" bug fix to versions 2.4.0 and 2.4.1 that is completely compatible with no major changes other than bug fixes and has proved quite stable.

Regards,

Kern

Kees Cook (kees)
Changed in bacula:
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.