Your message dated Sun, 23 Feb 2025 22:52:57 +0000 with message-id <20ebad189659979803ff21e37fbe6f0c258808b0.camel@adam-barratt.org.uk> and subject line Re: Bug#1098775: bullseye-pu: package proftpd-dfsg/1.3.7a+dfsg-12+deb11u4 has caused the Debian Bug report #1098775, regarding bullseye-pu: package proftpd-dfsg/1.3.7a+dfsg-12+deb11u4 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 1098775: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098775 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: bullseye-pu: package proftpd-dfsg/1.3.7a+dfsg-12+deb11u4
- From: Hilmar Preusse <hille42@web.de>
- Date: Sun, 23 Feb 2025 23:45:00 +0100
- Message-id: <[🔎] Z7uk7Mz00hV4i6dJ@rasppi3>
Package: release.debian.org Severity: normal Tags: bullseye User: release.debian.org@packages.debian.org Usertags: pu X-Debbugs-Cc: proftpd-dfsg@packages.debian.org Control: affects -1 + src:proftpd-dfsg [ Reason ] The patch solves an annoying issue: Proftpd does use the same server port for multiple passive FTP connections. Even when executing multiple simultaneous FTP sessions from different clients. This does break simultaneous passive FTP connections, file listings and transfers. [ Impact ] Without the patch two different FTP sessions may interfere (even when coming from two different hosts) in case the option PassivePorts is used. [ Tests ] Patch / Fix is in proftp version in stable for a long time and works as expected. [ Checklist ] [X] *all* changes are documented in the d/changelog [X] I reviewed all changes and I approve them [X] attach debdiff against the package in (old)stable [X] the issue is verified as fixed in unstable and stable [ Changes ] patch for upstream issue #1171 (Closes: #1090813). "Downloading a file contains the contents of another file."diff -Nru proftpd-dfsg-1.3.7a+dfsg/debian/changelog proftpd-dfsg-1.3.7a+dfsg/debian/changelog --- proftpd-dfsg-1.3.7a+dfsg/debian/changelog 2024-11-25 22:20:02.000000000 +0100 +++ proftpd-dfsg-1.3.7a+dfsg/debian/changelog 2025-02-16 23:41:13.000000000 +0100 @@ -1,3 +1,10 @@ +proftpd-dfsg (1.3.7a+dfsg-12+deb11u4) bullseye; urgency=medium + + * Add patch for upstream issue #1171 (Closes: #1090813). + "Downloading a file contains the contents of another file." + + -- Hilmar Preuße <hille42@debian.org> Sun, 16 Feb 2025 23:41:13 +0100 + proftpd-dfsg (1.3.7a+dfsg-12+deb11u3) bullseye-security; urgency=medium * LTS Team upload diff -Nru proftpd-dfsg-1.3.7a+dfsg/debian/control proftpd-dfsg-1.3.7a+dfsg/debian/control --- proftpd-dfsg-1.3.7a+dfsg/debian/control 2024-11-25 22:20:02.000000000 +0100 +++ proftpd-dfsg-1.3.7a+dfsg/debian/control 2025-02-16 23:39:43.000000000 +0100 @@ -3,7 +3,7 @@ Priority: optional Maintainer: ProFTPD Maintainance Team <pkg-proftpd-maintainers@alioth-lists.debian.net> Uploaders: Francesco Paolo Lovergine <frankie@debian.org>, - Hilmar Preusse <hille42@web.de> + Hilmar Preuße <hille42@debian.org> Standards-Version: 4.5.1 Build-Depends: debhelper-compat (=13), dh-exec, diff -Nru proftpd-dfsg-1.3.7a+dfsg/debian/control.in proftpd-dfsg-1.3.7a+dfsg/debian/control.in --- proftpd-dfsg-1.3.7a+dfsg/debian/control.in 2024-11-25 22:20:02.000000000 +0100 +++ proftpd-dfsg-1.3.7a+dfsg/debian/control.in 2025-02-16 23:39:43.000000000 +0100 @@ -3,7 +3,7 @@ Priority: optional Maintainer: ProFTPD Maintainance Team <pkg-proftpd-maintainers@alioth-lists.debian.net> Uploaders: Francesco Paolo Lovergine <frankie@debian.org>, - Hilmar Preusse <hille42@web.de> + Hilmar Preuße <hille42@debian.org> Standards-Version: 4.5.1 Build-Depends: debhelper-compat (=13), dh-exec, diff -Nru proftpd-dfsg-1.3.7a+dfsg/debian/patches/57ae0b5ecd2f3e3cc85a87f6b9713bf8d1480dc2.patch proftpd-dfsg-1.3.7a+dfsg/debian/patches/57ae0b5ecd2f3e3cc85a87f6b9713bf8d1480dc2.patch --- proftpd-dfsg-1.3.7a+dfsg/debian/patches/57ae0b5ecd2f3e3cc85a87f6b9713bf8d1480dc2.patch 1970-01-01 01:00:00.000000000 +0100 +++ proftpd-dfsg-1.3.7a+dfsg/debian/patches/57ae0b5ecd2f3e3cc85a87f6b9713bf8d1480dc2.patch 2025-02-16 23:39:43.000000000 +0100 @@ -0,0 +1,269 @@ +From 57ae0b5ecd2f3e3cc85a87f6b9713bf8d1480dc2 Mon Sep 17 00:00:00 2001 +From: TJ Saunders <tj@castaglia.org> +Date: Wed, 3 Mar 2021 21:28:24 -0800 +Subject: [PATCH] Issue #1171: Only set the `SO_REUSEPORT` socket option for + active data transfers. + +--- + include/inet.h | 4 +++- + src/data.c | 18 ++++++++-------- + src/inet.c | 54 +++++++++++++++++++++++++++++------------------- + tests/api/inet.c | 49 ++++++++++++++++++++++++++++++++++++++++++- + 4 files changed, 93 insertions(+), 32 deletions(-) + +diff --git a/include/inet.h b/include/inet.h +index 6ca12ad92b..12fc35a452 100644 +--- a/include/inet.h ++++ b/include/inet.h +@@ -2,7 +2,7 @@ + * ProFTPD - FTP server daemon + * Copyright (c) 1997, 1998 Public Flood Software + * Copyright (c) 1999, 2000 MacGyver aka Habeeb J. Dihu <macgyver@tos.net> +- * Copyright (c) 2001-2016 The ProFTPD Project team ++ * Copyright (c) 2001-2021 The ProFTPD Project team + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by +@@ -152,6 +152,8 @@ int pr_inet_set_proto_cork(int, int); + int pr_inet_set_proto_nodelay(pool *, conn_t *, int); + int pr_inet_set_proto_opts(pool *, conn_t *, int, int, int, int); + int pr_inet_set_socket_opts(pool *, conn_t *, int, int, struct tcp_keepalive *); ++int pr_inet_set_socket_opts2(pool *, conn_t *, int, int, struct tcp_keepalive *, ++ int); + + int pr_inet_listen(pool *p, conn_t *conn, int backlog, int flags); + #define PR_INET_LISTEN_FL_FATAL_ON_ERROR 0x0001 +diff --git a/src/data.c b/src/data.c +index 0c9d5bdc3b..940bd8ed7a 100644 +--- a/src/data.c ++++ b/src/data.c +@@ -2,7 +2,7 @@ + * ProFTPD - FTP server daemon + * Copyright (c) 1997, 1998 Public Flood Software + * Copyright (c) 1999, 2000 MacGyver aka Habeeb J. Dihu <macgyver@tos.net> +- * Copyright (c) 2001-2020 The ProFTPD Project team ++ * Copyright (c) 2001-2021 The ProFTPD Project team + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by +@@ -133,14 +133,14 @@ static int data_passive_open(const char *reason, off_t size) { + /* Protocol and socket options should be set before handshaking. */ + + if (session.xfer.direction == PR_NETIO_IO_RD) { +- pr_inet_set_socket_opts(session.d->pool, session.d, ++ pr_inet_set_socket_opts2(session.d->pool, session.d, + (main_server->tcp_rcvbuf_override ? main_server->tcp_rcvbuf_len : 0), 0, +- main_server->tcp_keepalive); ++ main_server->tcp_keepalive, 0); + + } else { +- pr_inet_set_socket_opts(session.d->pool, session.d, ++ pr_inet_set_socket_opts2(session.d->pool, session.d, + 0, (main_server->tcp_sndbuf_override ? main_server->tcp_sndbuf_len : 0), +- main_server->tcp_keepalive); ++ main_server->tcp_keepalive, 0); + } + + c = pr_inet_accept(session.pool, session.d, session.c, -1, -1, TRUE); +@@ -311,14 +311,14 @@ static int data_active_open(const char *reason, off_t size) { + /* Protocol and socket options should be set before handshaking. */ + + if (session.xfer.direction == PR_NETIO_IO_RD) { +- pr_inet_set_socket_opts(session.d->pool, session.d, ++ pr_inet_set_socket_opts2(session.d->pool, session.d, + (main_server->tcp_rcvbuf_override ? main_server->tcp_rcvbuf_len : 0), 0, +- main_server->tcp_keepalive); ++ main_server->tcp_keepalive, 1); + + } else { +- pr_inet_set_socket_opts(session.d->pool, session.d, ++ pr_inet_set_socket_opts2(session.d->pool, session.d, + 0, (main_server->tcp_sndbuf_override ? main_server->tcp_sndbuf_len : 0), +- main_server->tcp_keepalive); ++ main_server->tcp_keepalive, 1); + } + + /* Make sure that the necessary socket options are set on the socket prior +diff --git a/src/inet.c b/src/inet.c +index 5d8dfdd999..33ce349aa3 100644 +--- a/src/inet.c ++++ b/src/inet.c +@@ -2,7 +2,7 @@ + * ProFTPD - FTP server daemon + * Copyright (c) 1997, 1998 Public Flood Software + * Copyright (c) 1999, 2000 MacGyver aka Habeeb J. Dihu <macgyver@tos.net> +- * Copyright (c) 2001-2020 The ProFTPD Project team ++ * Copyright (c) 2001-2021 The ProFTPD Project team + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by +@@ -324,21 +324,6 @@ static conn_t *init_conn(pool *p, int fd, const pr_netaddr_t *bind_addr, + strerror(errno)); + } + +-#ifdef SO_REUSEPORT +- /* Note that we only want to use this socket option if we are NOT the +- * master/parent daemon. Otherwise, we would allow multiple daemon +- * processes to bind to the same socket, causing unexpected terror +- * and madness (see Issue #622). +- */ +- if (!is_master) { +- if (setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, (void *) &on, +- sizeof(on)) < 0) { +- pr_log_pri(PR_LOG_NOTICE, "error setting SO_REUSEPORT: %s", +- strerror(errno)); +- } +- } +-#endif /* SO_REUSEPORT */ +- + /* Allow socket keepalive messages by default. However, if + * "SocketOptions keepalive off" is in effect, then explicitly + * disable keepalives. +@@ -941,8 +926,8 @@ int pr_inet_set_proto_opts(pool *p, conn_t *c, int mss, int nodelay, + } + + /* Set socket options on a connection. */ +-int pr_inet_set_socket_opts(pool *p, conn_t *c, int rcvbuf, int sndbuf, +- struct tcp_keepalive *tcp_keepalive) { ++int pr_inet_set_socket_opts2(pool *p, conn_t *c, int rcvbuf, int sndbuf, ++ struct tcp_keepalive *tcp_keepalive, int reuse_port) { + + if (c == NULL) { + errno = EINVAL; +@@ -982,7 +967,7 @@ int pr_inet_set_socket_opts(pool *p, conn_t *c, int rcvbuf, int sndbuf, + if (tcp_keepalive != NULL) { + int val = 0; + +-#ifdef TCP_KEEPIDLE ++#if defined(TCP_KEEPIDLE) + val = tcp_keepalive->keepalive_idle; + if (val != -1) { + # ifdef __DragonFly__ +@@ -1002,7 +987,7 @@ int pr_inet_set_socket_opts(pool *p, conn_t *c, int rcvbuf, int sndbuf, + } + #endif /* TCP_KEEPIDLE */ + +-#ifdef TCP_KEEPCNT ++#if defined(TCP_KEEPCNT) + val = tcp_keepalive->keepalive_count; + if (val != -1) { + if (setsockopt(c->listen_fd, SOL_SOCKET, TCP_KEEPCNT, (void *) +@@ -1018,7 +1003,7 @@ int pr_inet_set_socket_opts(pool *p, conn_t *c, int rcvbuf, int sndbuf, + } + #endif /* TCP_KEEPCNT */ + +-#ifdef TCP_KEEPINTVL ++#if defined(TCP_KEEPINTVL) + val = tcp_keepalive->keepalive_intvl; + if (val != -1) { + # ifdef __DragonFly__ +@@ -1108,9 +1093,36 @@ int pr_inet_set_socket_opts(pool *p, conn_t *c, int rcvbuf, int sndbuf, + c->rcvbuf = (rcvbuf ? rcvbuf : crcvbuf); + } + ++#if defined(SO_REUSEPORT) ++ if (reuse_port != -1) { ++ /* Note that we only want to use this socket option if we are NOT the ++ * master/parent daemon. Otherwise, we would allow multiple daemon ++ * processes to bind to the same socket, causing unexpected terror ++ * and madness (see Issue #622). ++ */ ++ if (!is_master) { ++ if (setsockopt(c->listen_fd, SOL_SOCKET, SO_REUSEPORT, ++ (void *) &reuse_port, sizeof(reuse_port)) < 0) { ++ pr_log_pri(PR_LOG_NOTICE, ++ "error setting SO_REUSEPORT on fd %d: %s", c->listen_fd, ++ strerror(errno)); ++ ++ } else { ++ pr_trace_msg("data", 8, ++ "set socket fd %d reuseport = %d", c->listen_fd, reuse_port); ++ } ++ } ++ } ++#endif /* SO_REUSEPORT */ ++ + return 0; + } + ++int pr_inet_set_socket_opts(pool *p, conn_t *c, int rcvbuf, int sndbuf, ++ struct tcp_keepalive *tcp_keepalive) { ++ return pr_inet_set_socket_opts2(p, c, rcvbuf, sndbuf, tcp_keepalive, -1); ++} ++ + #ifdef SO_OOBINLINE + static void set_oobinline(int fd) { + int on = 1; +diff --git a/tests/api/inet.c b/tests/api/inet.c +index 3b6e8d5de9..27f89d5ce8 100644 +--- a/tests/api/inet.c ++++ b/tests/api/inet.c +@@ -1,6 +1,6 @@ + /* + * ProFTPD - FTP server testsuite +- * Copyright (c) 2014-2020 The ProFTPD Project team ++ * Copyright (c) 2014-2021 The ProFTPD Project team + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by +@@ -457,6 +457,52 @@ START_TEST (inet_set_socket_opts_test) { + } + END_TEST + ++START_TEST (inet_set_socket_opts2_test) { ++ int fd, sockfd, port = INPORT_ANY, res; ++ conn_t *conn; ++ struct tcp_keepalive keepalive; ++ ++ mark_point(); ++ res = pr_inet_set_socket_opts2(NULL, NULL, 1, 2, NULL, -1); ++ fail_unless(res < 0, "Failed to handle null arguments"); ++ fail_unless(errno == EINVAL, "Expected EINVAL (%d), got %s (%d)", EINVAL, ++ strerror(errno), errno); ++ ++ conn = pr_inet_create_conn(p, -1, NULL, port, FALSE); ++ fail_unless(conn != NULL, "Failed to create conn: %s", strerror(errno)); ++ ++ mark_point(); ++ res = pr_inet_set_socket_opts2(p, conn, 1, 2, NULL, -1); ++ fail_unless(res == 0, "Failed to set socket opts: %s", strerror(errno)); ++ ++ mark_point(); ++ res = pr_inet_set_socket_opts2(p, conn, INT_MAX, INT_MAX, NULL, 0); ++ fail_unless(res == 0, "Failed to set socket opts: %s", strerror(errno)); ++ ++ keepalive.keepalive_enabled = 1; ++ keepalive.keepalive_idle = 1; ++ keepalive.keepalive_count = 2; ++ keepalive.keepalive_intvl = 3; ++ res = pr_inet_set_socket_opts2(p, conn, 1, 2, &keepalive, 1); ++ fail_unless(res == 0, "Failed to set socket opts: %s", strerror(errno)); ++ ++ mark_point(); ++ sockfd = devnull_fd(); ++ if (sockfd < 0) { ++ return; ++ } ++ ++ fd = conn->listen_fd; ++ conn->listen_fd = sockfd; ++ res = pr_inet_set_socket_opts2(p, conn, 1, 2, &keepalive, 1); ++ fail_unless(res == 0, "Failed to set socket opts: %s", strerror(errno)); ++ conn->listen_fd = fd; ++ ++ (void) close(sockfd); ++ pr_inet_close(p, conn); ++} ++END_TEST ++ + START_TEST (inet_listen_test) { + int fd, mode, sockfd = -1, port = INPORT_ANY, res; + conn_t *conn; +@@ -830,6 +876,7 @@ Suite *tests_get_inet_suite(void) { + tcase_add_test(testcase, inet_set_proto_opts_test); + tcase_add_test(testcase, inet_set_proto_opts_ipv6_test); + tcase_add_test(testcase, inet_set_socket_opts_test); ++ tcase_add_test(testcase, inet_set_socket_opts2_test); + tcase_add_test(testcase, inet_listen_test); + tcase_add_test(testcase, inet_connect_ipv4_test); + tcase_add_test(testcase, inet_connect_ipv6_test); diff -Nru proftpd-dfsg-1.3.7a+dfsg/debian/patches/series proftpd-dfsg-1.3.7a+dfsg/debian/patches/series --- proftpd-dfsg-1.3.7a+dfsg/debian/patches/series 2024-11-25 22:20:02.000000000 +0100 +++ proftpd-dfsg-1.3.7a+dfsg/debian/patches/series 2025-02-16 23:39:43.000000000 +0100 @@ -19,3 +19,4 @@ bcec15efe6c53dac40420731013f1cd2fd54123b.diff 97bbe68363ccf2de0c07f67170ec64a8b4d62592.diff 0021-PATCH-Issue-1830-When-no-supplemental-groups-are-pro.patch +57ae0b5ecd2f3e3cc85a87f6b9713bf8d1480dc2.patchAttachment: signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
- To: Hilmar Preusse <hille42@web.de>, 1098775-done@bugs.debian.org
- Cc: debian-lts <debian-lts@lists.debian.org>
- Subject: Re: Bug#1098775: bullseye-pu: package proftpd-dfsg/1.3.7a+dfsg-12+deb11u4
- From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Date: Sun, 23 Feb 2025 22:52:57 +0000
- Message-id: <20ebad189659979803ff21e37fbe6f0c258808b0.camel@adam-barratt.org.uk>
- In-reply-to: <[🔎] Z7uk7Mz00hV4i6dJ@rasppi3>
- References: <[🔎] Z7uk7Mz00hV4i6dJ@rasppi3>
On Sun, 2025-02-23 at 23:45 +0100, Hilmar Preusse wrote: > The patch solves an annoying issue: > > Proftpd does use the same server port for multiple passive FTP > connections. > Even when executing multiple simultaneous FTP sessions from different > clients. This does break simultaneous passive FTP connections, file > listings and transfers. bullseye is no longer maintained by the Release Team, but by the LTS Team (CCed). Please co-ordinate with them regarding any possible update in bullseye. Regards, Adam
--- End Message ---