[Bug 2078638] Re: coredumps with Xymon on 24.04

Dave Jones 2078638 at bugs.launchpad.net
Mon Sep 30 13:57:50 UTC 2024 

This is a bit of a tricky one. With regard to the first patch
(fortify2.patch), while it's expedient, I really don't like the idea of
just turning down the FORTIFY_SOURCE option, so I'm afraid I can't
sponsor that one.

For the second patch (100_md5_bufferoverflow.patch), this looks much
more promising, thank you! The change certainly looks sane and I could
easily see how the existing code would potentially lead to buffer
overrun.

One thing that does concern me is that upstream have apparently had a
good tidy-up of their buffer handling code
(https://sourceforge.net/p/xymon/code/8123/), but that this change
doesn't appear there. To be fair, most of their changes seem either
mechanical (ensuring buffer termination after certain operations) or
cosmetic, while this proposed change is neither. Still, we generally
prefer patches are forwarded upstream so we don't have to maintain them
as an Ubuntu delta long term. Could Roland forward the patch upstream?
(I note Roland is one of the Debian maintainers of the package, so
presumably it doesn't need forwarding to himself there :)

Next steps:

1. I'll target this bug to noble and jammy (and oracular implicitly).
Although jammy doesn't *appear* affected here, it presumably *is* but
it's not noticing the buffer overrun because FORTIFY_SOURCE is lower
there.

2. Because we don't appear certain that this patch is indeed the root
cause, I'm going to prep a PPA (ppa:waveform/xymon) with builds for
oracular, noble, and jammy, containing the second patch here
(100_md5_bufferoverflow.patch). Could I ask those interested to try the
following and report back if it appears to fix things?

** Also affects: xymon (Ubuntu Jammy)
   Importance: Undecided
       Status: New

** Also affects: xymon (Ubuntu Noble)
   Importance: Undecided
       Status: New

** Changed in: xymon (Ubuntu Noble)
       Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/2078638

Title:
  coredumps with Xymon on 24.04

Status in xymon package in Ubuntu:
  Confirmed
Status in xymon source package in Jammy:
  New
Status in xymon source package in Noble:
  Confirmed

Bug description:
  lsb_release -rd:
  No LSB modules are available.
  Description:    Ubuntu 24.04.1 LTS
  Release:        24.04

  apt-cache policy xymon:
  xymon:
    Installed: 4.3.30-2build3
    Candidate: 4.3.30-2build3
    Version table:
   *** 4.3.30-2build3 500
          500 http://us.archive.ubuntu.com/ubuntu noble/universe amd64 Packages
          100 /var/lib/dpkg/status

  
  Noticed Xymon server was not reporting disk and memory utilization from clients however client data was showing that information was received.  Found errors in some logfiles:

  ==> /var/log/xymon/rrd-status.log <==
  2024-09-01 12:34:06.746771 Peer not up, flushing message queue
  2024-09-01 12:34:06.863790 Peer not up, flushing message queue
  2024-09-01 12:34:08.265509 Peer not up, flushing message queue
  2024-09-01 12:34:17.025378 Peer not up, flushing message queue
  2024-09-01 12:34:41.913539 Peer not up, flushing message queue
  2024-09-01 12:34:42.106938 Peer not up, flushing message queue
  2024-09-01 12:34:42.765675 Peer not up, flushing message queue
  *** buffer overflow detected ***: terminated
  2024-09-01 12:34:45.615048 Child process 164275 died: Signal 6
  2024-09-01 12:34:58.117778 Peer at 0.0.0.0:0 failed: Broken pipe

  ==> /var/log/xymon/alert.log <==
  2024-09-01 12:32:54.421811 Flushed 1 stale messages for 0.0.0.0:0
  2024-09-01 12:33:49.327117 Peer not up, flushing message queue
  *** buffer overflow detected ***: terminated
  2024-09-01 12:33:49.488250 Child process 163743 died: Signal 6
  2024-09-01 12:33:49.888530 Peer at 0.0.0.0:0 failed: Broken pipe
  2024-09-01 12:34:06.746753 Peer not up, flushing message queue
  2024-09-01 12:34:37.421808 Flushed 1 stale messages for 0.0.0.0:0
  2024-09-01 12:34:41.913550 Peer not up, flushing message queue
  *** buffer overflow detected ***: terminated
  2024-09-01 12:34:48.583987 Child process 164284 died: Signal 6

  ==> /var/log/xymon/clientdata.log <==
  2024-09-01 12:32:59.421812 Flushed 1 stale messages for 0.0.0.0:0
  2024-09-01 12:33:54.362205 Peer not up, flushing message queue
  *** buffer overflow detected ***: terminated
  2024-09-01 12:33:54.549344 Child process 163757 died: Signal 6
  2024-09-01 12:34:11.535702 Peer at 0.0.0.0:0 failed: Broken pipe
  2024-09-01 12:34:12.013168 Peer not up, flushing message queue
  2024-09-01 12:34:42.421805 Flushed 1 stale messages for 0.0.0.0:0
  2024-09-01 12:34:47.190143 Peer not up, flushing message queue
  *** buffer overflow detected ***: terminated
  2024-09-01 12:34:53.608383 Child process 164295 died: Signal 6

  I am using a xymon hosts.cfg that was running fine with Ubuntu 22.04.4
  (xymon 4.3.30-1build2).  I tried a fresh Ubuntu 24.04 OS install and
  got the same response.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xymon/+bug/2078638/+subscriptions

More information about the Ubuntu-sponsors mailing list