2024-01-09 09:54:21 |
Disassembler |
bug |
|
|
added bug |
2024-01-09 10:45:45 |
Sudip Mukherjee |
bug watch added |
|
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058796 |
|
2024-01-09 10:45:45 |
Sudip Mukherjee |
bug task added |
|
pure-ftpd (Debian) |
|
2024-01-09 10:46:37 |
Sudip Mukherjee |
bug |
|
|
added subscriber Sudip Mukherjee |
2024-01-09 11:12:55 |
Bug Watch Updater |
pure-ftpd (Debian): status |
Unknown |
New |
|
2024-01-09 20:13:06 |
Sudip Mukherjee |
tags |
|
jammy lunar mantic noble |
|
2024-01-09 20:14:04 |
Robie Basak |
nominated for series |
|
Ubuntu Lunar |
|
2024-01-09 20:14:04 |
Robie Basak |
bug task added |
|
pure-ftpd (Ubuntu Lunar) |
|
2024-01-09 20:14:04 |
Robie Basak |
nominated for series |
|
Ubuntu Jammy |
|
2024-01-09 20:14:04 |
Robie Basak |
bug task added |
|
pure-ftpd (Ubuntu Jammy) |
|
2024-01-09 20:14:04 |
Robie Basak |
nominated for series |
|
Ubuntu Mantic |
|
2024-01-09 20:14:04 |
Robie Basak |
bug task added |
|
pure-ftpd (Ubuntu Mantic) |
|
2024-01-09 20:41:17 |
Sudip Mukherjee |
pure-ftpd (Ubuntu): status |
New |
In Progress |
|
2024-01-09 20:41:20 |
Sudip Mukherjee |
pure-ftpd (Ubuntu Jammy): status |
New |
In Progress |
|
2024-01-09 20:41:23 |
Sudip Mukherjee |
pure-ftpd (Ubuntu Lunar): status |
New |
In Progress |
|
2024-01-09 20:41:25 |
Sudip Mukherjee |
pure-ftpd (Ubuntu Mantic): status |
New |
In Progress |
|
2024-01-09 20:41:28 |
Sudip Mukherjee |
pure-ftpd (Ubuntu): assignee |
|
Sudip Mukherjee (sudipmuk) |
|
2024-01-09 20:41:29 |
Sudip Mukherjee |
pure-ftpd (Ubuntu Jammy): assignee |
|
Sudip Mukherjee (sudipmuk) |
|
2024-01-09 20:41:31 |
Sudip Mukherjee |
pure-ftpd (Ubuntu Lunar): assignee |
|
Sudip Mukherjee (sudipmuk) |
|
2024-01-09 20:41:33 |
Sudip Mukherjee |
pure-ftpd (Ubuntu Mantic): assignee |
|
Sudip Mukherjee (sudipmuk) |
|
2024-01-09 22:22:33 |
Sudip Mukherjee |
summary |
pure-ftpd-postgresql 1.0.50 segfaults after client connects |
[SRU] pure-ftpd-postgresql 1.0.50 segfaults after client connects |
|
2024-01-09 22:23:14 |
Sudip Mukherjee |
description |
This is essentially a duplicate of Debian bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058796
After a client connects to pure-ftpd-postgresql 1.0.50, the server establishes the TLS connection, authenticates the user and segfaults immediately after that, interrupting the connection in the process.
```
$ lsb_release -rd
Description: Ubuntu 22.04.3 LTS
Release: 22.04
```
```
$ apt-cache policy pure-ftpd-postgresql
pure-ftpd-postgresql:
Installed: 1.0.50-2.1
Candidate: 1.0.50-2.1
Version table:
*** 1.0.50-2.1 500
500 http://cz.archive.ubuntu.com/ubuntu jammy/universe amd64 Packages
100 /var/lib/dpkg/status
```
```
Jan 9 10:26:42 info pure-ftpd-postgresql[497741]: Running: /usr/sbin/pure-ftpd-postgresql -l pgsql:/etc/pure-ftpd/db/postgresql.conf -A -D -J ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 -H -Y 1 -O clf:/var/log/pure-ftpd/transfer.log -u 1 -b -E -p 40000:49999 -B
Jan 9 10:26:42 info systemd[1]: Started pure-ftpd-postgresql.service.
Jan 9 10:26:52 info kernel: [347086.735293] pure-ftpd-postg[497765]: segfault at 1538 ip 00007f4f4dbb1ebc sp 00007ffe6df88698 error 4 in libc.so.6[7f4f4da28000+195000] likely on CPU 6 (core 3, socket 0)
Jan 9 10:26:52 info kernel: [347086.735338] Code: 00 00 00 00 00 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 89 f8 62 a1 fd 00 ef c0 25 ff 0f 00 00 3d e0 0f 00 00 0f 87 34 01 00 00 <62> f3 7d 20 3f 07 00 c5 fb 93 c0 85 c0 74 55 f3 0f bc c0 c3 f3 0f
Jan 9 10:26:57 info kernel: [347091.872524] pure-ftpd-postg[497779]: segfault at 1538 ip 00007f4f4dbb1ebc sp 00007ffe6df88698 error 4 in libc.so.6[7f4f4da28000+195000] likely on CPU 6 (core 3, socket 0)
Jan 9 10:26:57 info kernel: [347091.872562] Code: 00 00 00 00 00 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 89 f8 62 a1 fd 00 ef c0 25 ff 0f 00 00 3d e0 0f 00 00 0f 87 34 01 00 00 <62> f3 7d 20 3f 07 00 c5 fb 93 c0 85 c0 74 55 f3 0f bc c0 c3 f3 0f
Jan 9 10:36:24 info kernel: [347659.224784] pure-ftpd-postg[498601]: segfault at 1538 ip 00007f4f4dbb1ebc sp 00007ffe6df88698 error 4 in libc.so.6[7f4f4da28000+195000] likely on CPU 4 (core 2, socket 0)
Jan 9 10:36:24 info kernel: [347659.224806] Code: 00 00 00 00 00 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 89 f8 62 a1 fd 00 ef c0 25 ff 0f 00 00 3d e0 0f 00 00 0f 87 34 01 00 00 <62> f3 7d 20 3f 07 00 c5 fb 93 c0 85 c0 74 55 f3 0f bc c0 c3 f3 0f
Jan 9 10:36:30 info kernel: [347665.416357] pure-ftpd-postg[498611]: segfault at 1538 ip 00007f4f4dbb1ebc sp 00007ffe6df88698 error 4 in libc.so.6[7f4f4da28000+195000] likely on CPU 4 (core 2, socket 0)
Jan 9 10:36:30 info kernel: [347665.416396] Code: 00 00 00 00 00 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 89 f8 62 a1 fd 00 ef c0 25 ff 0f 00 00 3d e0 0f 00 00 0f 87 34 01 00 00 <62> f3 7d 20 3f 07 00 c5 fb 93 c0 85 c0 74 55 f3 0f bc c0 c3 f3 0f
```
The bug is already fixed in upstream via https://github.com/jedisct1/pure-ftpd/commit/c3f0f3c91d86939e6fabf5f65c6c6fc964e6032e |
[ Impact ]
pure-ftpd-postgresql is completely unusable as it will always segfault whenever any user tries to connect to the ftp server.
[ Test Plan ]
* Install pure-ftpd-postgresql and postgresql
* open /etc/pure-ftpd/db/postgresql.conf and modify PGSQLCrypt to use 'cleartext'
* use the command "sudo systemctl restart pure-ftpd-postgresql.service" to restart pure-ftpd which will now use the modified conf file.
* Use the following command to create the postgresql database which pure-ftpd will use.
- sudo -u postgres createdb pureftpd
* Use the following command to use psql to connect the db
- sudo -u postgres psql pureftpd
* while connected use the followwing commands:
- ALTER USER postgres WITH PASSWORD 'rootpw';
- CREATE TABLE "users" (
"User" TEXT NOT NULL,
"Password" TEXT NOT NULL,
"Uid" INTEGER NOT NULL default '-1',
"Gid" INTEGER NOT NULL default '-1',
"Dir" TEXT NOT NULL,
PRIMARY KEY ("User")
) WITHOUT OIDS;
- insert into users values ('sudip', 'test', 1000, 1000, '/home/sudip');
- enter \q to exit psql
* The above commands are for my test environment. Please modify username or cleartext password or uid or gid as appropriate for anyone else testing.
* Use the following command to connect to the ftp server:
- ftp localhost
- enter username and password as given in the psql insert command. For my environment, username is 'sudip', and password is 'test'.
* If the package is not fixed it will end with:
421 Service not available, remote server has closed connection.
ftp: Login failed
and dmesg will show there was a segfault from pure-ftpd-postgresql
* With the fixed package, it will connect to the ftp server.
[ Where problems could occur ]
* This is an upstream patch which is only changing the port number it is using to connect to the postgresql server. There is no other change. At the worst case, it will not be able to connect to the postgresql server and user will not be able to login to the ftp server.
* It is already completely unusable for users, and this will not cause any more regression than what user experiences now.
[ Other Info ]
* All versions from v1.0.50 is affected so only Focal is unaffected.
[ Original Bug Description ]
This is essentially a duplicate of Debian bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058796
After a client connects to pure-ftpd-postgresql 1.0.50, the server establishes the TLS connection, authenticates the user and segfaults immediately after that, interrupting the connection in the process.
```
$ lsb_release -rd
Description: Ubuntu 22.04.3 LTS
Release: 22.04
```
```
$ apt-cache policy pure-ftpd-postgresql
pure-ftpd-postgresql:
Installed: 1.0.50-2.1
Candidate: 1.0.50-2.1
Version table:
*** 1.0.50-2.1 500
500 http://cz.archive.ubuntu.com/ubuntu jammy/universe amd64 Packages
100 /var/lib/dpkg/status
```
```
Jan 9 10:26:42 info pure-ftpd-postgresql[497741]: Running: /usr/sbin/pure-ftpd-postgresql -l pgsql:/etc/pure-ftpd/db/postgresql.conf -A -D -J ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 -H -Y 1 -O clf:/var/log/pure-ftpd/transfer.log -u 1 -b -E -p 40000:49999 -B
Jan 9 10:26:42 info systemd[1]: Started pure-ftpd-postgresql.service.
Jan 9 10:26:52 info kernel: [347086.735293] pure-ftpd-postg[497765]: segfault at 1538 ip 00007f4f4dbb1ebc sp 00007ffe6df88698 error 4 in libc.so.6[7f4f4da28000+195000] likely on CPU 6 (core 3, socket 0)
Jan 9 10:26:52 info kernel: [347086.735338] Code: 00 00 00 00 00 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 89 f8 62 a1 fd 00 ef c0 25 ff 0f 00 00 3d e0 0f 00 00 0f 87 34 01 00 00 <62> f3 7d 20 3f 07 00 c5 fb 93 c0 85 c0 74 55 f3 0f bc c0 c3 f3 0f
Jan 9 10:26:57 info kernel: [347091.872524] pure-ftpd-postg[497779]: segfault at 1538 ip 00007f4f4dbb1ebc sp 00007ffe6df88698 error 4 in libc.so.6[7f4f4da28000+195000] likely on CPU 6 (core 3, socket 0)
Jan 9 10:26:57 info kernel: [347091.872562] Code: 00 00 00 00 00 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 89 f8 62 a1 fd 00 ef c0 25 ff 0f 00 00 3d e0 0f 00 00 0f 87 34 01 00 00 <62> f3 7d 20 3f 07 00 c5 fb 93 c0 85 c0 74 55 f3 0f bc c0 c3 f3 0f
Jan 9 10:36:24 info kernel: [347659.224784] pure-ftpd-postg[498601]: segfault at 1538 ip 00007f4f4dbb1ebc sp 00007ffe6df88698 error 4 in libc.so.6[7f4f4da28000+195000] likely on CPU 4 (core 2, socket 0)
Jan 9 10:36:24 info kernel: [347659.224806] Code: 00 00 00 00 00 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 89 f8 62 a1 fd 00 ef c0 25 ff 0f 00 00 3d e0 0f 00 00 0f 87 34 01 00 00 <62> f3 7d 20 3f 07 00 c5 fb 93 c0 85 c0 74 55 f3 0f bc c0 c3 f3 0f
Jan 9 10:36:30 info kernel: [347665.416357] pure-ftpd-postg[498611]: segfault at 1538 ip 00007f4f4dbb1ebc sp 00007ffe6df88698 error 4 in libc.so.6[7f4f4da28000+195000] likely on CPU 4 (core 2, socket 0)
Jan 9 10:36:30 info kernel: [347665.416396] Code: 00 00 00 00 00 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 89 f8 62 a1 fd 00 ef c0 25 ff 0f 00 00 3d e0 0f 00 00 0f 87 34 01 00 00 <62> f3 7d 20 3f 07 00 c5 fb 93 c0 85 c0 74 55 f3 0f bc c0 c3 f3 0f
```
The bug is already fixed in upstream via https://github.com/jedisct1/pure-ftpd/commit/c3f0f3c91d86939e6fabf5f65c6c6fc964e6032e |
|
2024-01-09 22:25:47 |
Sudip Mukherjee |
attachment added |
|
pure-ftpd_noble.debdiff https://bugs.launchpad.net/debian/+source/pure-ftpd/+bug/2048764/+attachment/5737876/+files/pure-ftpd_noble.debdiff |
|
2024-01-09 22:26:33 |
Sudip Mukherjee |
attachment added |
|
pure-ftpd_mantic.debdiff https://bugs.launchpad.net/debian/+source/pure-ftpd/+bug/2048764/+attachment/5737877/+files/pure-ftpd_mantic.debdiff |
|
2024-01-09 22:26:54 |
Sudip Mukherjee |
attachment added |
|
pure-ftpd_lunar.debdiff https://bugs.launchpad.net/debian/+source/pure-ftpd/+bug/2048764/+attachment/5737878/+files/pure-ftpd_lunar.debdiff |
|
2024-01-09 22:27:16 |
Sudip Mukherjee |
attachment added |
|
pure-ftpd_jammy.debdiff https://bugs.launchpad.net/debian/+source/pure-ftpd/+bug/2048764/+attachment/5737879/+files/pure-ftpd_jammy.debdiff |
|
2024-01-09 22:27:29 |
Sudip Mukherjee |
pure-ftpd (Ubuntu): status |
In Progress |
Confirmed |
|
2024-01-09 22:27:31 |
Sudip Mukherjee |
pure-ftpd (Ubuntu Jammy): status |
In Progress |
Confirmed |
|
2024-01-09 22:27:34 |
Sudip Mukherjee |
pure-ftpd (Ubuntu Lunar): status |
In Progress |
Confirmed |
|
2024-01-09 22:27:37 |
Sudip Mukherjee |
pure-ftpd (Ubuntu Mantic): status |
In Progress |
Confirmed |
|
2024-01-09 22:27:40 |
Sudip Mukherjee |
pure-ftpd (Ubuntu): assignee |
Sudip Mukherjee (sudipmuk) |
|
|
2024-01-09 22:27:42 |
Sudip Mukherjee |
pure-ftpd (Ubuntu Jammy): assignee |
Sudip Mukherjee (sudipmuk) |
|
|
2024-01-09 22:27:45 |
Sudip Mukherjee |
pure-ftpd (Ubuntu Lunar): assignee |
Sudip Mukherjee (sudipmuk) |
|
|
2024-01-09 22:27:47 |
Sudip Mukherjee |
pure-ftpd (Ubuntu Mantic): assignee |
Sudip Mukherjee (sudipmuk) |
|
|
2024-01-09 22:28:01 |
Sudip Mukherjee |
bug |
|
|
added subscriber Ubuntu Sponsors |
2024-01-10 11:25:42 |
Simon Chopin |
removed subscriber Ubuntu Sponsors |
|
|
|
2024-01-10 13:59:11 |
Launchpad Janitor |
pure-ftpd (Ubuntu): status |
Confirmed |
Fix Released |
|
2024-01-10 15:42:54 |
Ubuntu Archive Robot |
bug |
|
|
added subscriber Simon Chopin |
2024-01-12 14:51:06 |
Timo Aaltonen |
pure-ftpd (Ubuntu Mantic): status |
Confirmed |
Fix Committed |
|
2024-01-12 14:51:07 |
Timo Aaltonen |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2024-01-12 14:51:09 |
Timo Aaltonen |
bug |
|
|
added subscriber SRU Verification |
2024-01-12 14:51:11 |
Timo Aaltonen |
tags |
jammy lunar mantic noble |
jammy lunar mantic noble verification-needed verification-needed-mantic |
|
2024-01-12 14:52:03 |
Timo Aaltonen |
pure-ftpd (Ubuntu Lunar): status |
Confirmed |
Fix Committed |
|
2024-01-12 14:52:06 |
Timo Aaltonen |
tags |
jammy lunar mantic noble verification-needed verification-needed-mantic |
jammy lunar mantic noble verification-needed verification-needed-lunar verification-needed-mantic |
|
2024-01-12 14:52:35 |
Timo Aaltonen |
pure-ftpd (Ubuntu Jammy): status |
Confirmed |
Fix Committed |
|
2024-01-12 14:52:38 |
Timo Aaltonen |
tags |
jammy lunar mantic noble verification-needed verification-needed-lunar verification-needed-mantic |
jammy lunar mantic noble verification-needed verification-needed-jammy verification-needed-lunar verification-needed-mantic |
|
2024-01-12 18:20:18 |
Bug Watch Updater |
pure-ftpd (Debian): status |
New |
Fix Committed |
|
2024-01-13 09:30:40 |
Disassembler |
tags |
jammy lunar mantic noble verification-needed verification-needed-jammy verification-needed-lunar verification-needed-mantic |
jammy lunar mantic noble verification-done-jammy verification-needed verification-needed-lunar verification-needed-mantic |
|
2024-01-22 06:08:00 |
Bug Watch Updater |
pure-ftpd (Debian): status |
Fix Committed |
Fix Released |
|
2024-01-22 13:21:58 |
Simon Chopin |
tags |
jammy lunar mantic noble verification-done-jammy verification-needed verification-needed-lunar verification-needed-mantic |
jammy lunar mantic noble verification-done-jammy verification-done-mantic verification-needed verification-needed-lunar |
|
2024-01-23 22:09:55 |
Brian Murray |
pure-ftpd (Ubuntu Lunar): status |
Fix Committed |
Won't Fix |
|
2024-01-23 22:14:46 |
Launchpad Janitor |
pure-ftpd (Ubuntu Mantic): status |
Fix Committed |
Fix Released |
|
2024-01-23 22:14:50 |
Brian Murray |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
2024-01-23 22:15:36 |
Launchpad Janitor |
pure-ftpd (Ubuntu Jammy): status |
Fix Committed |
Fix Released |
|