Bug#1119295: marked as done (erases all (user) data from /srv/ftp when purged)

Sat, 08 Nov 2025 06:57:21 -0800 

Your message dated Sat, 08 Nov 2025 14:56:13 +0000
with message-id <[email protected]>
and subject line Bug#1119295: fixed in proftpd-dfsg 1.3.9~dfsg-4
has caused the Debian Bug report #1119295,
regarding erases all (user) data from /srv/ftp when purged
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1119295: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119295
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: proftpd-core
Version: 1.3.9~dfsg-3
Severity: grave
X-Debbugs-Cc: [email protected]
Control: found -1 1.3.8.c+dfsg-4

Ohai,

proftpd-core.postrm contains (since [1]) the following snippet:

if [ "$1" = "purge" ]
then
    …
    rm -rf /etc/proftpd 
    rm -rf /var/log/proftpd
    rm -rf /srv/ftp
    rm -f /etc/logrotate.d/proftpd-core
    userdel --remove --force proftpd || true
    userdel ftp || true
fi

The `rm -rf /srv/ftp` part results in *all* data from /srv/ftp being
purged, not only the one related to the package itself. This can lead to
serious data loss if people decide to use /srv/ftp as the root of their
FTP server (e.g. as suggested by the Anonymous example in proftpd.conf).

I think purging proftpd-core should only remove files that were placed
in /srv/ftp by proftpd-core (welcome.msg) and remove the directory only
if it is empty afterwards (rm -f /srv/ftp/welcome.msg; rmdir
--ignore-fail-on-non-empty /srv/ftp).

For historical reference: this was reported once in the past already as
[2], got fixed [3], but now regressed again.

Thanks for maintaining ProFTPD!

Evgeni


[1] 
https://salsa.debian.org/debian-proftpd-team/proftpd/-/commit/9dbf3b40750465e3680601ee55df9e49624de072
[2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655514
[3] 
https://salsa.debian.org/debian-proftpd-team/proftpd/-/commit/99fbc334eace80d1e99302b8b9ecc987d45d73a5


-- System Information:
Debian Release: forky/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.12.38+deb13-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: SELinux: enabled - Mode: Permissive - Policy name: default

Versions of packages proftpd-core depends on:
ii  adduser               3.152
ii  init-system-helpers   1.68
ii  libacl1               2.3.2-2+b1
ii  libc6                 2.41-12
ii  libcap2               1:2.75-10+b1
ii  libcrypt1             1:4.4.38-1
ii  libhiredis1.1.0       1.2.0-6+b3
ii  libidn2-0             2.3.8-2
ii  libmemcached11t64     1.1.4-1.1+b2
ii  libmemcachedutil2t64  1.1.4-1.1+b2
ii  libncursesw6          6.5+20250216-2
ii  libpam-runtime        1.7.0-5
ii  libpam0g              1.7.0-5
ii  libpcre2-8-0          10.45-1
ii  libpcre2-posix3       10.45-1
ii  libssl3t64            3.5.2-1
ii  libtinfo6             6.5+20250216-2
ii  netbase               6.5
ii  ucf                   3.0052
ii  zlib1g                1:1.3.dfsg+really1.3.1-1+b1

Versions of packages proftpd-core recommends:
pn  proftpd-doc  <none>

Versions of packages proftpd-core suggests:
pn  openbsd-inetd | inet-superserver  <none>
ii  openssl                           3.5.2-1
pn  proftpd-mod-crypto                <none>
pn  proftpd-mod-geoip                 <none>
pn  proftpd-mod-ldap                  <none>
pn  proftpd-mod-mysql                 <none>
pn  proftpd-mod-odbc                  <none>
pn  proftpd-mod-pgsql                 <none>
pn  proftpd-mod-snmp                  <none>
pn  proftpd-mod-sqlite                <none>
pn  proftpd-mod-wrap                  <none>

-- no debconf information

--- End Message ---
--- Begin Message --- 
Source: proftpd-dfsg
Source-Version: 1.3.9~dfsg-4
Done: Hilmar Preuße <[email protected]>

We believe that the bug you reported is fixed in the latest version of
proftpd-dfsg, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Hilmar Preuße <[email protected]> (supplier of updated proftpd-dfsg package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 08 Nov 2025 14:48:03 +0100
Source: proftpd-dfsg
Architecture: source
Version: 1.3.9~dfsg-4
Distribution: unstable
Urgency: high
Maintainer: ProFTPD Maintainance Team 
<[email protected]>
Changed-By: Hilmar Preuße <[email protected]>
Closes: 1119295
Changes:
 proftpd-dfsg (1.3.9~dfsg-4) unstable; urgency=high
 .
   [ Evgeni Golov <[email protected]> ]
   * Do not remove non-empty /srv/ftp upon purge (Closes: #1119295).
Checksums-Sha1:
 021e7f2d5519ebfc31c808eb071064d6dcd1c5ca 3424 proftpd-dfsg_1.3.9~dfsg-4.dsc
 407971334ef5f7502d32affef11e247db2267d69 80440 
proftpd-dfsg_1.3.9~dfsg-4.debian.tar.xz
 8210ebc52d5a6aedbf39a961f2a45ce52b7b8e50 5757 
proftpd-dfsg_1.3.9~dfsg-4_source.buildinfo
Checksums-Sha256:
 b16154e56abb69e5f1d17922e9f2ef250c8065a664cbbeed9a39dcc72895484e 3424 
proftpd-dfsg_1.3.9~dfsg-4.dsc
 86066c26e5607e790f6fd2058de22f3ca784eb62e412b28b1b855110ae0b1264 80440 
proftpd-dfsg_1.3.9~dfsg-4.debian.tar.xz
 20b8562f9af97f2b79b15e174f8d413f0e794ecb43c46ef59caeab9ad9d28fe3 5757 
proftpd-dfsg_1.3.9~dfsg-4_source.buildinfo
Files:
 779a128a76f430a29e8090b463fb3e30 3424 net optional 
proftpd-dfsg_1.3.9~dfsg-4.dsc
 bfba122ac35431ffaf6d43e5ba939e25 80440 net optional 
proftpd-dfsg_1.3.9~dfsg-4.debian.tar.xz
 276db1bfa9127606e45ce5eff99e1010 5757 net optional 
proftpd-dfsg_1.3.9~dfsg-4_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEaXGmC/nkbIhxf16kxiZYRqvgLIsFAmkPTbdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDY5
NzFBNjBCRjlFNDZDODg3MTdGNUVBNEM2MjY1ODQ2QUJFMDJDOEIACgkQxiZYRqvg
LIthLxAAnIw0F7apETS4VDadpTG70vieIuJhl2gW4nUTGq9fzCBoVHvs3D0lm4SH
+DaLAAQRtqhkIg36E+qvIeepPXeX2jMfDk8l466onXkH1bXVZ1eZ1yqpBcn/xmV1
MV30SCftfUw2VtOa4+PFzR/R8YHLXZmLVK+cJiqWsUfxo/YkTPQhGiv4FaWq9MIM
3SLu6CMy0MZlppzkV1a47bJsctS6v1CbBZ6Ri254HDv2vhuqrNrMX5v7ooOdIDBJ
mLBm1YCI8QykKPs7yYNBvAOUbrFXsgTT9rQBov6ifjB2wByjSSN8ObW35kypAbi7
kfYYCET8QIX3f4nSG6AZUAty+/9+5y6zmO9YTxT8667PCiTUvh9tr6ed+S48uTON
5vZyf782IOEwjxtAV/1PmveMLHBi38ka1uhLYfXsqJ1HfhJeOG3CPCS0dXugBU31
+J0HPDrID1LqyMHJx1YC0W2/a+9ZbV8LD0Un0lINm+dXCFYeJKzsM2qjuTVJ/IJH
ab5m/lz7bUWr9d4D4DvMar26F6pe9U192G8wMMaczSdJhHyLgX170DgSWPDkyKdH
zDZU81CM7xQvV7Q67LQPgChwdb4LJaM/CTeHA6pdnHtMR4m8XaMArg3cBRfgBDFf
bJlYShMcmo+mr8YndWnOWPNSoKibfXyGHxg6O2vp2V9ybZ1B7Tg=
=tPri
-----END PGP SIGNATURE-----

Attachment: pgpWMIk9r_t29.pgp
Description: PGP signature


--- End Message ---

Reply via email to