Your message dated Tue, 18 Apr 2006 05:02:11 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#353175: fixed in proftpd 1.3.0-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: proftpd-ldap
Version: 1.2.10-27
proftpd segfaults trying to authenticate users via LDAP in all observed
cases. Authenticating users via PAM (which relies on files, not on LDAP
in our configuration) works.
We found no workaround, so downgraded to 1.2.10-26 for now.
This is a sample ftp session as seen by the client:
--8><---------------------------------------------------------------
ftp> open XXXXX
Connected to XXXXX.capcom.de.
220 XXXXXXXXX FTP Server ready.
Name (XXXXX:XXXXXXXX):
331 Password required for XXXXXXXX.
Password:
421 Service not available, remote server has closed connection
Login failed.
No control connection for command: Permission denied
--8><---------------------------------------------------------------
This is the corresponding syslog entry:
--8><---------------------------------------------------------------
Feb 16 17:06:41 XXXXX proftpd[6458]: XXXXX.capcom.de
(XXXXXX.capcom.de[XXXXXXXXXXXXXXX]) - FTP session opened.
Feb 16 17:06:45 XXXXX proftpd[6458]: XXXXX.capcom.de
(XXXXXX.capcom.de[XXXXXXXXXXXXXXX]) - ProFTPD terminating (signal 11)
Feb 16 17:06:45 XXXXX proftpd[6458]: XXXXX.capcom.de
(XXXXXX.capcom.de[XXXXXXXXXXXXXXX]) - FTP session closed.
--8><---------------------------------------------------------------
The last observable activity of the proftpd is enquiring the user and
group information from the LDAP server and receiving appropriate
responses. The segfault occurs after receiving the last group search
response. strace shows that the segfault occurs outside of a system
call. ltrace shows two searches for configuration keys (AnonymousGroup
and AuthAliasOnly, both unset) and then this (last line of the config
search included):
--8><---------------------------------------------------------------
[pid 6511] strcmp("AuthAliasOnly", "USER") = -1
[pid 6511] memset(0x815e53c, '\000', 48) = 0x815e53c
[pid 6511] memset(0x815e56c, '\000', 4) = 0x815e56c
[pid 6511] strcasecmp("getpwnam", "getpwnam") = 0
[pid 6511] memcpy(0xbfd72a40, "", 2048) = 0xbfd72a40
[pid 6511] strcasecmp("getpwnam", "getpwnam") = 0
[pid 6511] memcpy(0xbfd72a40, "", 2048) = 0xbfd72a40
[pid 6511] strcasecmp("XXXXXXXX", "XXXXXXXX") = 0
[pid 6511] memset(0x8155904, '\000', 20) = 0x8155904
[pid 6511] memset(0x815e574, '\000', 28) = 0x815e574
[pid 6511] strlen("XXXXXXXX") = 8
[pid 6511] strlen("XXXXXXXXXXXXXXXXXXXXX") = 21
[pid 6511] strlen("") = 0
[pid 6511] strlen("XXXXXXXX") = 8
[pid 6511] memset(0x815e5d4, '\000', 48) = 0x815e5d4
[pid 6511] memset(0x815e604, '\000', 4) = 0x815e604
[pid 6511] strcasecmp("gid_name", "gid_name") = 0
[pid 6511] memcpy(0xbfd72a40, "", 2048) = 0xbfd72a40
[pid 6511] strcasecmp("gid_name", "gid_name") = 0
[pid 6511] memcpy(0xbfd72a40, "", 2048) = 0xbfd72a40
[pid 6511] --- SIGSEGV (Segmentation fault) ---
--8><---------------------------------------------------------------
proftpd configuration file:
--8><---------------------------------------------------------------
#
# /etc/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#
ServerName "XXXXXXXXX FTP Server"
ServerType standalone
ServerAdmin [EMAIL PROTECTED]
DeferWelcome off
IdentLookups off
MultilineRFC2228 on
DefaultServer on
ShowSymlinks on
Umask 0113 0002
TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200
ServerIdent on "XXXXXXXXX FTP Server ready."
DisplayLogin welcome.msg
DisplayFirstChdir .message
ListOptions "-l"
DenyFilter \*.*/
# Uncomment this if you are using NIS or LDAP to retrieve passwords:
PersistentPasswd off
# Uncomment this if you would use TLS module:
#TLSEngine on
# Uncomment this if you would use quota module:
#Quotas on
# Uncomment this if you would use ratio module:
#Ratios on
# Port 21 is the standard FTP port.
Port 21
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30
# Set the user and group that the server normally runs at.
User nobody
Group nogroup
# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
# Normally, we want files to be overwriteable.
AllowOverwrite on
# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default.
#DelayEngine off
# A basic anonymous configuration, no upload directories.
<Anonymous ~ftp>
User ftp
Group ftp
# We want clients to be able to login with "anonymous" as well as "ftp"
UserAlias anonymous ftp
# Cosmetic changes, all files belongs to ftp user
DirFakeUser on ftp
HideNoAccess on
DirFakeGroup on ftp
RequireValidShell off
# Limit the maximum number of anonymous logins
MaxClients 10
# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
DisplayLogin welcome.msg
DisplayFirstChdir .message
# Limit WRITE everywhere in the anonymous chroot
<Directory *>
<Limit WRITE>
DenyAll
</Limit>
</Directory>
# Limit downloads to 300kB/s, first MB does not count against this limit.
TransferRate RETR 300:1024
#
# # Uncomment this if you're brave.
# # <Directory incoming>
# # # Umask 022 is a good standard umask to prevent new files and dirs
# # # (second parm) from being group and world writable.
# # Umask 022 022
# # <Limit READ WRITE>
# # DenyAll
# # </Limit>
# # <Limit STOR>
# # AllowAll
# # </Limit>
# # </Directory>
</Anonymous>
# Nicht-anonyme Benutzer
DefaultChDir ~ capcom
DefaultRoot ~ !capcom
LDAPServer XXXXXXXXXX.capcom.de
LDAPDNInfo "" ""
LDAPDoAuth on ou=people,dc=capcom,dc=de "(uid=%v)"
LDAPAuthBinds on
LDAPDefaultUID 101
LDAPDefaultGID 104
LDAPDoUIDLookups on ou=people,dc=capcom,dc=de "(uid=%v)"
LDAPDoGIDLookups on ou=groups,dc=capcom,dc=de
CreateHome on
LDAPGenerateHomedir on
LDAPGenerateHomedirPrefix /ccftp/projects
RequireValidShell off
<Directory /ccftp/home>
Umask 0177 0077
</Directory>
--8><---------------------------------------------------------------
Kernel version: 2.6.15-1-686
Installed versions of packages on which protpd-ldap depends:
netbase 4.24
libc6 2.3.5-13
libcap1 1:1.10-14
debconf 1.4.70
libldap2 2.1.30-12
libpam0g 0.79-3
libssl0.9.8 0.9.8a-7
libwrap0 7.6.dbs-8
proftpd-common 1.2.10-27
adduser 3.80
ucf 2.005
Regards,
Ralph Rößner
--- End Message ---
--- Begin Message ---
Source: proftpd
Source-Version: 1.3.0-1
We believe that the bug you reported is fixed in the latest version of
proftpd, which is due to be installed in the Debian FTP archive:
proftpd-doc_1.3.0-1_all.deb
to pool/main/p/proftpd/proftpd-doc_1.3.0-1_all.deb
proftpd-ldap_1.3.0-1_all.deb
to pool/main/p/proftpd/proftpd-ldap_1.3.0-1_all.deb
proftpd-mysql_1.3.0-1_all.deb
to pool/main/p/proftpd/proftpd-mysql_1.3.0-1_all.deb
proftpd-pgsql_1.3.0-1_all.deb
to pool/main/p/proftpd/proftpd-pgsql_1.3.0-1_all.deb
proftpd_1.3.0-1.diff.gz
to pool/main/p/proftpd/proftpd_1.3.0-1.diff.gz
proftpd_1.3.0-1.dsc
to pool/main/p/proftpd/proftpd_1.3.0-1.dsc
proftpd_1.3.0-1_i386.deb
to pool/main/p/proftpd/proftpd_1.3.0-1_i386.deb
proftpd_1.3.0.orig.tar.gz
to pool/main/p/proftpd/proftpd_1.3.0.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Francesco Paolo Lovergine <[EMAIL PROTECTED]> (supplier of updated proftpd
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 18 Apr 2006 12:42:04 +0200
Source: proftpd
Binary: proftpd proftpd-mysql proftpd-pgsql proftpd-ldap proftpd-doc
Architecture: source all i386
Version: 1.3.0-1
Distribution: unstable
Urgency: low
Maintainer: Francesco Paolo Lovergine <[EMAIL PROTECTED]>
Changed-By: Francesco Paolo Lovergine <[EMAIL PROTECTED]>
Description:
proftpd - Versatile, virtual-hosting FTP daemon
proftpd-doc - Versatile, virtual-hosting FTP daemon (Documentation)
proftpd-ldap - Versatile, virtual-hosting FTP daemon (dummy transitional
package
proftpd-mysql - Versatile, virtual-hosting FTP daemon (dummy transitional
package
proftpd-pgsql - Versatile, virtual-hosting FTP daemon (dummy transitional
package
Closes: 207136 274414 349827 353175 356221
Changes:
proftpd (1.3.0-1) unstable; urgency=low
.
The "Here we go" release.
.
* New upstream release (final). Just closing fixed-in-experimental issues.
(closes: #353175, #349827, #207136, #274414, #356221)
* First upload to unstable.
* Moved to LSB logging in proftpd.init and changed a bit script inners.
* Revised mysql_config use in rules file.
Files:
07728bfc9ad23c3c65eafdacf5505bb7 892 net optional proftpd_1.3.0-1.dsc
e53786f320eace50e0746e97624dfd79 1868706 net optional proftpd_1.3.0.orig.tar.gz
9da0ce5dd85dcbfc96084b71c8cc8248 65853 net optional proftpd_1.3.0-1.diff.gz
fcefdbd296c437563fce4d848eaadfde 620306 net optional proftpd_1.3.0-1_i386.deb
213283559f046aa25c0cef7af612beac 480184 doc optional
proftpd-doc_1.3.0-1_all.deb
a6eb9301a21e020688b57ecc3aadaacd 160500 net optional
proftpd-mysql_1.3.0-1_all.deb
33164d786357ce6e0aebcd7df75552a5 160500 net optional
proftpd-pgsql_1.3.0-1_all.deb
5dbac2dc20f8cb5013896403925a8f1d 160500 net optional
proftpd-ldap_1.3.0-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFERNQvpFNRmenyx0cRApRUAJ9/S9epp9LSzWkHOSpMJsbaUl9iUACdHszX
Taol/q9QwiKYk3lXejCxYSA=
=J/RR
-----END PGP SIGNATURE-----
--- End Message ---