** Description changed: [Impact] - * An explanation of the effects of the bug on users and + Users who use squid as an FTP proxy and access sites that block ftp PASV + mode will trigger a squid segfault. That means a brief service + interruption, as upstart/systemd will restart it. - * justification for backporting the fix to the stable release. + Since this is a crash, the backport seems justified. But there is an + effective workaround, see below. - * In addition, it is helpful, but not required, to include an - explanation of how the upload fixes this bug. + Upstream committed a fix, the same fix we are introducing here, which + essentially adds a lot of NULL checks but at the same time disables the + fallback ftp command EPRT should passive mode fail. Upstream states that + this command doesn't work properly in squid yet. + + This is also the recommended workaround: disable EPRT by setting the + following in /etc/squid/squid.conf and restarting the service: + + ftp_eprt off + [Test Case] - * detailed instructions how to reproduce the bug + * detailed instructions how to reproduce the bug - * these should allow someone who is not familiar with the affected - package to reproduce the bug and verify that the updated package fixes - the problem. + * these should allow someone who is not familiar with the affected + package to reproduce the bug and verify that the updated package fixes + the problem. [Regression Potential] - * discussion of how regressions are most likely to manifest as a result + * discussion of how regressions are most likely to manifest as a result of this change. - * It is assumed that any SRU candidate patch is well-tested before - upload and has a low overall risk of regression, but it's important - to make the effort to think about what ''could'' happen in the - event of a regression. + * It is assumed that any SRU candidate patch is well-tested before + upload and has a low overall risk of regression, but it's important + to make the effort to think about what ''could'' happen in the + event of a regression. - * This both shows the SRU team that the risks have been considered, - and provides guidance to testers in regression-testing the SRU. + * This both shows the SRU team that the risks have been considered, + and provides guidance to testers in regression-testing the SRU. [Other Info] - - * Anything else you think is useful to include - * Anticipate questions from users, SRU, +1 maintenance, security teams and the Technical Board - * and address these questions in advance + + * Anything else you think is useful to include + * Anticipate questions from users, SRU, +1 maintenance, security teams and the Technical Board + * and address these questions in advance
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1560429 Title: squid3: segfault when ftp passive mode is not available To manage notifications about this bug go to: https://bugs.launchpad.net/squid/+bug/1560429/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
