Ubuntu
pure-ftpd package

  1. Bug #2048764
  2. Activity log

Activity log for bug #2048764

Date Who What changed Old value New value Message
2024-01-09 09:54:21 Disassembler bug added bug
2024-01-09 10:45:45 Sudip Mukherjee bug watch added https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058796
2024-01-09 10:45:45 Sudip Mukherjee bug task added pure-ftpd (Debian)
2024-01-09 10:46:37 Sudip Mukherjee bug added subscriber Sudip Mukherjee
2024-01-09 11:12:55 Bug Watch Updater pure-ftpd (Debian): status Unknown New
2024-01-09 20:13:06 Sudip Mukherjee tags jammy lunar mantic noble
2024-01-09 20:14:04 Robie Basak nominated for series Ubuntu Lunar
2024-01-09 20:14:04 Robie Basak bug task added pure-ftpd (Ubuntu Lunar)
2024-01-09 20:14:04 Robie Basak nominated for series Ubuntu Jammy
2024-01-09 20:14:04 Robie Basak bug task added pure-ftpd (Ubuntu Jammy)
2024-01-09 20:14:04 Robie Basak nominated for series Ubuntu Mantic
2024-01-09 20:14:04 Robie Basak bug task added pure-ftpd (Ubuntu Mantic)
2024-01-09 20:41:17 Sudip Mukherjee pure-ftpd (Ubuntu): status New In Progress
2024-01-09 20:41:20 Sudip Mukherjee pure-ftpd (Ubuntu Jammy): status New In Progress
2024-01-09 20:41:23 Sudip Mukherjee pure-ftpd (Ubuntu Lunar): status New In Progress
2024-01-09 20:41:25 Sudip Mukherjee pure-ftpd (Ubuntu Mantic): status New In Progress
2024-01-09 20:41:28 Sudip Mukherjee pure-ftpd (Ubuntu): assignee Sudip Mukherjee (sudipmuk)
2024-01-09 20:41:29 Sudip Mukherjee pure-ftpd (Ubuntu Jammy): assignee Sudip Mukherjee (sudipmuk)
2024-01-09 20:41:31 Sudip Mukherjee pure-ftpd (Ubuntu Lunar): assignee Sudip Mukherjee (sudipmuk)
2024-01-09 20:41:33 Sudip Mukherjee pure-ftpd (Ubuntu Mantic): assignee Sudip Mukherjee (sudipmuk)
2024-01-09 22:22:33 Sudip Mukherjee summary pure-ftpd-postgresql 1.0.50 segfaults after client connects [SRU] pure-ftpd-postgresql 1.0.50 segfaults after client connects
2024-01-09 22:23:14 Sudip Mukherjee description This is essentially a duplicate of Debian bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058796 After a client connects to pure-ftpd-postgresql 1.0.50, the server establishes the TLS connection, authenticates the user and segfaults immediately after that, interrupting the connection in the process. ``` $ lsb_release -rd Description: Ubuntu 22.04.3 LTS Release: 22.04 ``` ``` $ apt-cache policy pure-ftpd-postgresql pure-ftpd-postgresql: Installed: 1.0.50-2.1 Candidate: 1.0.50-2.1 Version table: *** 1.0.50-2.1 500 500 http://cz.archive.ubuntu.com/ubuntu jammy/universe amd64 Packages 100 /var/lib/dpkg/status ``` ``` Jan 9 10:26:42 info pure-ftpd-postgresql[497741]: Running: /usr/sbin/pure-ftpd-postgresql -l pgsql:/etc/pure-ftpd/db/postgresql.conf -A -D -J ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 -H -Y 1 -O clf:/var/log/pure-ftpd/transfer.log -u 1 -b -E -p 40000:49999 -B Jan 9 10:26:42 info systemd[1]: Started pure-ftpd-postgresql.service. Jan 9 10:26:52 info kernel: [347086.735293] pure-ftpd-postg[497765]: segfault at 1538 ip 00007f4f4dbb1ebc sp 00007ffe6df88698 error 4 in libc.so.6[7f4f4da28000+195000] likely on CPU 6 (core 3, socket 0) Jan 9 10:26:52 info kernel: [347086.735338] Code: 00 00 00 00 00 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 89 f8 62 a1 fd 00 ef c0 25 ff 0f 00 00 3d e0 0f 00 00 0f 87 34 01 00 00 <62> f3 7d 20 3f 07 00 c5 fb 93 c0 85 c0 74 55 f3 0f bc c0 c3 f3 0f Jan 9 10:26:57 info kernel: [347091.872524] pure-ftpd-postg[497779]: segfault at 1538 ip 00007f4f4dbb1ebc sp 00007ffe6df88698 error 4 in libc.so.6[7f4f4da28000+195000] likely on CPU 6 (core 3, socket 0) Jan 9 10:26:57 info kernel: [347091.872562] Code: 00 00 00 00 00 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 89 f8 62 a1 fd 00 ef c0 25 ff 0f 00 00 3d e0 0f 00 00 0f 87 34 01 00 00 <62> f3 7d 20 3f 07 00 c5 fb 93 c0 85 c0 74 55 f3 0f bc c0 c3 f3 0f Jan 9 10:36:24 info kernel: [347659.224784] pure-ftpd-postg[498601]: segfault at 1538 ip 00007f4f4dbb1ebc sp 00007ffe6df88698 error 4 in libc.so.6[7f4f4da28000+195000] likely on CPU 4 (core 2, socket 0) Jan 9 10:36:24 info kernel: [347659.224806] Code: 00 00 00 00 00 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 89 f8 62 a1 fd 00 ef c0 25 ff 0f 00 00 3d e0 0f 00 00 0f 87 34 01 00 00 <62> f3 7d 20 3f 07 00 c5 fb 93 c0 85 c0 74 55 f3 0f bc c0 c3 f3 0f Jan 9 10:36:30 info kernel: [347665.416357] pure-ftpd-postg[498611]: segfault at 1538 ip 00007f4f4dbb1ebc sp 00007ffe6df88698 error 4 in libc.so.6[7f4f4da28000+195000] likely on CPU 4 (core 2, socket 0) Jan 9 10:36:30 info kernel: [347665.416396] Code: 00 00 00 00 00 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 89 f8 62 a1 fd 00 ef c0 25 ff 0f 00 00 3d e0 0f 00 00 0f 87 34 01 00 00 <62> f3 7d 20 3f 07 00 c5 fb 93 c0 85 c0 74 55 f3 0f bc c0 c3 f3 0f ``` The bug is already fixed in upstream via https://github.com/jedisct1/pure-ftpd/commit/c3f0f3c91d86939e6fabf5f65c6c6fc964e6032e [ Impact ] pure-ftpd-postgresql is completely unusable as it will always segfault whenever any user tries to connect to the ftp server. [ Test Plan ] * Install pure-ftpd-postgresql and postgresql * open /etc/pure-ftpd/db/postgresql.conf and modify PGSQLCrypt to use 'cleartext' * use the command "sudo systemctl restart pure-ftpd-postgresql.service" to restart pure-ftpd which will now use the modified conf file. * Use the following command to create the postgresql database which pure-ftpd will use. - sudo -u postgres createdb pureftpd * Use the following command to use psql to connect the db - sudo -u postgres psql pureftpd * while connected use the followwing commands: - ALTER USER postgres WITH PASSWORD 'rootpw'; - CREATE TABLE "users" ( "User" TEXT NOT NULL, "Password" TEXT NOT NULL, "Uid" INTEGER NOT NULL default '-1', "Gid" INTEGER NOT NULL default '-1', "Dir" TEXT NOT NULL, PRIMARY KEY ("User") ) WITHOUT OIDS; - insert into users values ('sudip', 'test', 1000, 1000, '/home/sudip'); - enter \q to exit psql * The above commands are for my test environment. Please modify username or cleartext password or uid or gid as appropriate for anyone else testing. * Use the following command to connect to the ftp server: - ftp localhost - enter username and password as given in the psql insert command. For my environment, username is 'sudip', and password is 'test'. * If the package is not fixed it will end with: 421 Service not available, remote server has closed connection. ftp: Login failed and dmesg will show there was a segfault from pure-ftpd-postgresql * With the fixed package, it will connect to the ftp server. [ Where problems could occur ] * This is an upstream patch which is only changing the port number it is using to connect to the postgresql server. There is no other change. At the worst case, it will not be able to connect to the postgresql server and user will not be able to login to the ftp server. * It is already completely unusable for users, and this will not cause any more regression than what user experiences now. [ Other Info ] * All versions from v1.0.50 is affected so only Focal is unaffected. [ Original Bug Description ] This is essentially a duplicate of Debian bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058796 After a client connects to pure-ftpd-postgresql 1.0.50, the server establishes the TLS connection, authenticates the user and segfaults immediately after that, interrupting the connection in the process. ``` $ lsb_release -rd Description: Ubuntu 22.04.3 LTS Release: 22.04 ``` ``` $ apt-cache policy pure-ftpd-postgresql pure-ftpd-postgresql:   Installed: 1.0.50-2.1   Candidate: 1.0.50-2.1   Version table:  *** 1.0.50-2.1 500         500 http://cz.archive.ubuntu.com/ubuntu jammy/universe amd64 Packages         100 /var/lib/dpkg/status ``` ``` Jan 9 10:26:42 info pure-ftpd-postgresql[497741]: Running: /usr/sbin/pure-ftpd-postgresql -l pgsql:/etc/pure-ftpd/db/postgresql.conf -A -D -J ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 -H -Y 1 -O clf:/var/log/pure-ftpd/transfer.log -u 1 -b -E -p 40000:49999 -B Jan 9 10:26:42 info systemd[1]: Started pure-ftpd-postgresql.service. Jan 9 10:26:52 info kernel: [347086.735293] pure-ftpd-postg[497765]: segfault at 1538 ip 00007f4f4dbb1ebc sp 00007ffe6df88698 error 4 in libc.so.6[7f4f4da28000+195000] likely on CPU 6 (core 3, socket 0) Jan 9 10:26:52 info kernel: [347086.735338] Code: 00 00 00 00 00 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 89 f8 62 a1 fd 00 ef c0 25 ff 0f 00 00 3d e0 0f 00 00 0f 87 34 01 00 00 <62> f3 7d 20 3f 07 00 c5 fb 93 c0 85 c0 74 55 f3 0f bc c0 c3 f3 0f Jan 9 10:26:57 info kernel: [347091.872524] pure-ftpd-postg[497779]: segfault at 1538 ip 00007f4f4dbb1ebc sp 00007ffe6df88698 error 4 in libc.so.6[7f4f4da28000+195000] likely on CPU 6 (core 3, socket 0) Jan 9 10:26:57 info kernel: [347091.872562] Code: 00 00 00 00 00 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 89 f8 62 a1 fd 00 ef c0 25 ff 0f 00 00 3d e0 0f 00 00 0f 87 34 01 00 00 <62> f3 7d 20 3f 07 00 c5 fb 93 c0 85 c0 74 55 f3 0f bc c0 c3 f3 0f Jan 9 10:36:24 info kernel: [347659.224784] pure-ftpd-postg[498601]: segfault at 1538 ip 00007f4f4dbb1ebc sp 00007ffe6df88698 error 4 in libc.so.6[7f4f4da28000+195000] likely on CPU 4 (core 2, socket 0) Jan 9 10:36:24 info kernel: [347659.224806] Code: 00 00 00 00 00 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 89 f8 62 a1 fd 00 ef c0 25 ff 0f 00 00 3d e0 0f 00 00 0f 87 34 01 00 00 <62> f3 7d 20 3f 07 00 c5 fb 93 c0 85 c0 74 55 f3 0f bc c0 c3 f3 0f Jan 9 10:36:30 info kernel: [347665.416357] pure-ftpd-postg[498611]: segfault at 1538 ip 00007f4f4dbb1ebc sp 00007ffe6df88698 error 4 in libc.so.6[7f4f4da28000+195000] likely on CPU 4 (core 2, socket 0) Jan 9 10:36:30 info kernel: [347665.416396] Code: 00 00 00 00 00 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 89 f8 62 a1 fd 00 ef c0 25 ff 0f 00 00 3d e0 0f 00 00 0f 87 34 01 00 00 <62> f3 7d 20 3f 07 00 c5 fb 93 c0 85 c0 74 55 f3 0f bc c0 c3 f3 0f ``` The bug is already fixed in upstream via https://github.com/jedisct1/pure-ftpd/commit/c3f0f3c91d86939e6fabf5f65c6c6fc964e6032e
2024-01-09 22:25:47 Sudip Mukherjee attachment added pure-ftpd_noble.debdiff https://bugs.launchpad.net/debian/+source/pure-ftpd/+bug/2048764/+attachment/5737876/+files/pure-ftpd_noble.debdiff
2024-01-09 22:26:33 Sudip Mukherjee attachment added pure-ftpd_mantic.debdiff https://bugs.launchpad.net/debian/+source/pure-ftpd/+bug/2048764/+attachment/5737877/+files/pure-ftpd_mantic.debdiff
2024-01-09 22:26:54 Sudip Mukherjee attachment added pure-ftpd_lunar.debdiff https://bugs.launchpad.net/debian/+source/pure-ftpd/+bug/2048764/+attachment/5737878/+files/pure-ftpd_lunar.debdiff
2024-01-09 22:27:16 Sudip Mukherjee attachment added pure-ftpd_jammy.debdiff https://bugs.launchpad.net/debian/+source/pure-ftpd/+bug/2048764/+attachment/5737879/+files/pure-ftpd_jammy.debdiff
2024-01-09 22:27:29 Sudip Mukherjee pure-ftpd (Ubuntu): status In Progress Confirmed
2024-01-09 22:27:31 Sudip Mukherjee pure-ftpd (Ubuntu Jammy): status In Progress Confirmed
2024-01-09 22:27:34 Sudip Mukherjee pure-ftpd (Ubuntu Lunar): status In Progress Confirmed
2024-01-09 22:27:37 Sudip Mukherjee pure-ftpd (Ubuntu Mantic): status In Progress Confirmed
2024-01-09 22:27:40 Sudip Mukherjee pure-ftpd (Ubuntu): assignee Sudip Mukherjee (sudipmuk)
2024-01-09 22:27:42 Sudip Mukherjee pure-ftpd (Ubuntu Jammy): assignee Sudip Mukherjee (sudipmuk)
2024-01-09 22:27:45 Sudip Mukherjee pure-ftpd (Ubuntu Lunar): assignee Sudip Mukherjee (sudipmuk)
2024-01-09 22:27:47 Sudip Mukherjee pure-ftpd (Ubuntu Mantic): assignee Sudip Mukherjee (sudipmuk)
2024-01-09 22:28:01 Sudip Mukherjee bug added subscriber Ubuntu Sponsors
2024-01-10 11:25:42 Simon Chopin removed subscriber Ubuntu Sponsors
2024-01-10 13:59:11 Launchpad Janitor pure-ftpd (Ubuntu): status Confirmed Fix Released
2024-01-10 15:42:54 Ubuntu Archive Robot bug added subscriber Simon Chopin
2024-01-12 14:51:06 Timo Aaltonen pure-ftpd (Ubuntu Mantic): status Confirmed Fix Committed
2024-01-12 14:51:07 Timo Aaltonen bug added subscriber Ubuntu Stable Release Updates Team
2024-01-12 14:51:09 Timo Aaltonen bug added subscriber SRU Verification
2024-01-12 14:51:11 Timo Aaltonen tags jammy lunar mantic noble jammy lunar mantic noble verification-needed verification-needed-mantic
2024-01-12 14:52:03 Timo Aaltonen pure-ftpd (Ubuntu Lunar): status Confirmed Fix Committed
2024-01-12 14:52:06 Timo Aaltonen tags jammy lunar mantic noble verification-needed verification-needed-mantic jammy lunar mantic noble verification-needed verification-needed-lunar verification-needed-mantic
2024-01-12 14:52:35 Timo Aaltonen pure-ftpd (Ubuntu Jammy): status Confirmed Fix Committed
2024-01-12 14:52:38 Timo Aaltonen tags jammy lunar mantic noble verification-needed verification-needed-lunar verification-needed-mantic jammy lunar mantic noble verification-needed verification-needed-jammy verification-needed-lunar verification-needed-mantic
2024-01-12 18:20:18 Bug Watch Updater pure-ftpd (Debian): status New Fix Committed
2024-01-13 09:30:40 Disassembler tags jammy lunar mantic noble verification-needed verification-needed-jammy verification-needed-lunar verification-needed-mantic jammy lunar mantic noble verification-done-jammy verification-needed verification-needed-lunar verification-needed-mantic
2024-01-22 06:08:00 Bug Watch Updater pure-ftpd (Debian): status Fix Committed Fix Released
2024-01-22 13:21:58 Simon Chopin tags jammy lunar mantic noble verification-done-jammy verification-needed verification-needed-lunar verification-needed-mantic jammy lunar mantic noble verification-done-jammy verification-done-mantic verification-needed verification-needed-lunar
2024-01-23 22:09:55 Brian Murray pure-ftpd (Ubuntu Lunar): status Fix Committed Won't Fix
2024-01-23 22:14:46 Launchpad Janitor pure-ftpd (Ubuntu Mantic): status Fix Committed Fix Released
2024-01-23 22:14:50 Brian Murray removed subscriber Ubuntu Stable Release Updates Team
2024-01-23 22:15:36 Launchpad Janitor pure-ftpd (Ubuntu Jammy): status Fix Committed Fix Released