[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1098775: marked as done (bullseye-pu: package proftpd-dfsg/1.3.7a+dfsg-12+deb11u4)

Your message dated Sun, 23 Feb 2025 22:52:57 +0000
with message-id <20ebad189659979803ff21e37fbe6f0c258808b0.camel@adam-barratt.org.uk>
and subject line Re: Bug#1098775: bullseye-pu: package proftpd-dfsg/1.3.7a+dfsg-12+deb11u4
has caused the Debian Bug report #1098775,
regarding bullseye-pu: package proftpd-dfsg/1.3.7a+dfsg-12+deb11u4
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1098775: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098775
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: proftpd-dfsg@packages.debian.org
Control: affects -1 + src:proftpd-dfsg

[ Reason ]
The patch solves an annoying issue:

Proftpd does use the same server port for multiple passive FTP connections.
Even when executing multiple simultaneous FTP sessions from different
clients. This does break simultaneous passive FTP connections, file
listings and transfers.

[ Impact ]
Without the patch two different FTP sessions may interfere (even when
coming from two different hosts) in case the option PassivePorts is
used.

[ Tests ]
Patch / Fix is in proftp version in stable for a long time and works as
expected.

[ Checklist ]
  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in (old)stable
  [X] the issue is verified as fixed in unstable and stable

[ Changes ]
patch for upstream issue #1171 (Closes: #1090813).
"Downloading a file contains the contents of another file."

diff -Nru proftpd-dfsg-1.3.7a+dfsg/debian/changelog proftpd-dfsg-1.3.7a+dfsg/debian/changelog
--- proftpd-dfsg-1.3.7a+dfsg/debian/changelog	2024-11-25 22:20:02.000000000 +0100
+++ proftpd-dfsg-1.3.7a+dfsg/debian/changelog	2025-02-16 23:41:13.000000000 +0100
@@ -1,3 +1,10 @@
+proftpd-dfsg (1.3.7a+dfsg-12+deb11u4) bullseye; urgency=medium
+
+   * Add patch for upstream issue #1171 (Closes: #1090813).
+     "Downloading a file contains the contents of another file."
+
+ -- Hilmar Preuße <hille42@debian.org>  Sun, 16 Feb 2025 23:41:13 +0100
+
 proftpd-dfsg (1.3.7a+dfsg-12+deb11u3) bullseye-security; urgency=medium
 
    * LTS Team upload
diff -Nru proftpd-dfsg-1.3.7a+dfsg/debian/control proftpd-dfsg-1.3.7a+dfsg/debian/control
--- proftpd-dfsg-1.3.7a+dfsg/debian/control	2024-11-25 22:20:02.000000000 +0100
+++ proftpd-dfsg-1.3.7a+dfsg/debian/control	2025-02-16 23:39:43.000000000 +0100
@@ -3,7 +3,7 @@
 Priority: optional
 Maintainer: ProFTPD Maintainance Team <pkg-proftpd-maintainers@alioth-lists.debian.net>
 Uploaders: Francesco Paolo Lovergine <frankie@debian.org>,
-           Hilmar Preusse <hille42@web.de>
+           Hilmar Preuße <hille42@debian.org>
 Standards-Version: 4.5.1
 Build-Depends: debhelper-compat (=13),
                dh-exec,
diff -Nru proftpd-dfsg-1.3.7a+dfsg/debian/control.in proftpd-dfsg-1.3.7a+dfsg/debian/control.in
--- proftpd-dfsg-1.3.7a+dfsg/debian/control.in	2024-11-25 22:20:02.000000000 +0100
+++ proftpd-dfsg-1.3.7a+dfsg/debian/control.in	2025-02-16 23:39:43.000000000 +0100
@@ -3,7 +3,7 @@
 Priority: optional
 Maintainer: ProFTPD Maintainance Team <pkg-proftpd-maintainers@alioth-lists.debian.net>
 Uploaders: Francesco Paolo Lovergine <frankie@debian.org>,
-           Hilmar Preusse <hille42@web.de>
+           Hilmar Preuße <hille42@debian.org>
 Standards-Version: 4.5.1
 Build-Depends: debhelper-compat (=13),
                dh-exec,
diff -Nru proftpd-dfsg-1.3.7a+dfsg/debian/patches/57ae0b5ecd2f3e3cc85a87f6b9713bf8d1480dc2.patch proftpd-dfsg-1.3.7a+dfsg/debian/patches/57ae0b5ecd2f3e3cc85a87f6b9713bf8d1480dc2.patch
--- proftpd-dfsg-1.3.7a+dfsg/debian/patches/57ae0b5ecd2f3e3cc85a87f6b9713bf8d1480dc2.patch	1970-01-01 01:00:00.000000000 +0100
+++ proftpd-dfsg-1.3.7a+dfsg/debian/patches/57ae0b5ecd2f3e3cc85a87f6b9713bf8d1480dc2.patch	2025-02-16 23:39:43.000000000 +0100
@@ -0,0 +1,269 @@
+From 57ae0b5ecd2f3e3cc85a87f6b9713bf8d1480dc2 Mon Sep 17 00:00:00 2001
+From: TJ Saunders <tj@castaglia.org>
+Date: Wed, 3 Mar 2021 21:28:24 -0800
+Subject: [PATCH] Issue #1171: Only set the `SO_REUSEPORT` socket option for
+ active data transfers.
+
+---
+ include/inet.h   |  4 +++-
+ src/data.c       | 18 ++++++++--------
+ src/inet.c       | 54 +++++++++++++++++++++++++++++-------------------
+ tests/api/inet.c | 49 ++++++++++++++++++++++++++++++++++++++++++-
+ 4 files changed, 93 insertions(+), 32 deletions(-)
+
+diff --git a/include/inet.h b/include/inet.h
+index 6ca12ad92b..12fc35a452 100644
+--- a/include/inet.h
++++ b/include/inet.h
+@@ -2,7 +2,7 @@
+  * ProFTPD - FTP server daemon
+  * Copyright (c) 1997, 1998 Public Flood Software
+  * Copyright (c) 1999, 2000 MacGyver aka Habeeb J. Dihu <macgyver@tos.net>
+- * Copyright (c) 2001-2016 The ProFTPD Project team
++ * Copyright (c) 2001-2021 The ProFTPD Project team
+  *
+  * This program is free software; you can redistribute it and/or modify
+  * it under the terms of the GNU General Public License as published by
+@@ -152,6 +152,8 @@ int pr_inet_set_proto_cork(int, int);
+ int pr_inet_set_proto_nodelay(pool *, conn_t *, int);
+ int pr_inet_set_proto_opts(pool *, conn_t *, int, int, int, int);
+ int pr_inet_set_socket_opts(pool *, conn_t *, int, int, struct tcp_keepalive *);
++int pr_inet_set_socket_opts2(pool *, conn_t *, int, int, struct tcp_keepalive *,
++  int);
+ 
+ int pr_inet_listen(pool *p, conn_t *conn, int backlog, int flags);
+ #define PR_INET_LISTEN_FL_FATAL_ON_ERROR		0x0001
+diff --git a/src/data.c b/src/data.c
+index 0c9d5bdc3b..940bd8ed7a 100644
+--- a/src/data.c
++++ b/src/data.c
+@@ -2,7 +2,7 @@
+  * ProFTPD - FTP server daemon
+  * Copyright (c) 1997, 1998 Public Flood Software
+  * Copyright (c) 1999, 2000 MacGyver aka Habeeb J. Dihu <macgyver@tos.net>
+- * Copyright (c) 2001-2020 The ProFTPD Project team
++ * Copyright (c) 2001-2021 The ProFTPD Project team
+  *
+  * This program is free software; you can redistribute it and/or modify
+  * it under the terms of the GNU General Public License as published by
+@@ -133,14 +133,14 @@ static int data_passive_open(const char *reason, off_t size) {
+   /* Protocol and socket options should be set before handshaking. */
+ 
+   if (session.xfer.direction == PR_NETIO_IO_RD) {
+-    pr_inet_set_socket_opts(session.d->pool, session.d,
++    pr_inet_set_socket_opts2(session.d->pool, session.d,
+       (main_server->tcp_rcvbuf_override ? main_server->tcp_rcvbuf_len : 0), 0,
+-      main_server->tcp_keepalive);
++      main_server->tcp_keepalive, 0);
+ 
+   } else {
+-    pr_inet_set_socket_opts(session.d->pool, session.d,
++    pr_inet_set_socket_opts2(session.d->pool, session.d,
+       0, (main_server->tcp_sndbuf_override ? main_server->tcp_sndbuf_len : 0),
+-      main_server->tcp_keepalive);
++      main_server->tcp_keepalive, 0);
+   }
+ 
+   c = pr_inet_accept(session.pool, session.d, session.c, -1, -1, TRUE);
+@@ -311,14 +311,14 @@ static int data_active_open(const char *reason, off_t size) {
+   /* Protocol and socket options should be set before handshaking. */
+ 
+   if (session.xfer.direction == PR_NETIO_IO_RD) {
+-    pr_inet_set_socket_opts(session.d->pool, session.d,
++    pr_inet_set_socket_opts2(session.d->pool, session.d,
+       (main_server->tcp_rcvbuf_override ? main_server->tcp_rcvbuf_len : 0), 0,
+-      main_server->tcp_keepalive);
++      main_server->tcp_keepalive, 1);
+     
+   } else {
+-    pr_inet_set_socket_opts(session.d->pool, session.d,
++    pr_inet_set_socket_opts2(session.d->pool, session.d,
+       0, (main_server->tcp_sndbuf_override ? main_server->tcp_sndbuf_len : 0),
+-      main_server->tcp_keepalive);
++      main_server->tcp_keepalive, 1);
+   }
+ 
+   /* Make sure that the necessary socket options are set on the socket prior
+diff --git a/src/inet.c b/src/inet.c
+index 5d8dfdd999..33ce349aa3 100644
+--- a/src/inet.c
++++ b/src/inet.c
+@@ -2,7 +2,7 @@
+  * ProFTPD - FTP server daemon
+  * Copyright (c) 1997, 1998 Public Flood Software
+  * Copyright (c) 1999, 2000 MacGyver aka Habeeb J. Dihu <macgyver@tos.net>
+- * Copyright (c) 2001-2020 The ProFTPD Project team
++ * Copyright (c) 2001-2021 The ProFTPD Project team
+  *
+  * This program is free software; you can redistribute it and/or modify
+  * it under the terms of the GNU General Public License as published by
+@@ -324,21 +324,6 @@ static conn_t *init_conn(pool *p, int fd, const pr_netaddr_t *bind_addr,
+         strerror(errno));
+     }
+ 
+-#ifdef SO_REUSEPORT
+-    /* Note that we only want to use this socket option if we are NOT the
+-     * master/parent daemon.  Otherwise, we would allow multiple daemon
+-     * processes to bind to the same socket, causing unexpected terror
+-     * and madness (see Issue #622).
+-     */
+-    if (!is_master) {
+-      if (setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, (void *) &on,
+-          sizeof(on)) < 0) {
+-        pr_log_pri(PR_LOG_NOTICE, "error setting SO_REUSEPORT: %s",
+-          strerror(errno));
+-      }
+-    }
+-#endif /* SO_REUSEPORT */
+-
+     /* Allow socket keepalive messages by default.  However, if
+      * "SocketOptions keepalive off" is in effect, then explicitly
+      * disable keepalives.
+@@ -941,8 +926,8 @@ int pr_inet_set_proto_opts(pool *p, conn_t *c, int mss, int nodelay,
+ }
+ 
+ /* Set socket options on a connection.  */
+-int pr_inet_set_socket_opts(pool *p, conn_t *c, int rcvbuf, int sndbuf,
+-    struct tcp_keepalive *tcp_keepalive) {
++int pr_inet_set_socket_opts2(pool *p, conn_t *c, int rcvbuf, int sndbuf,
++    struct tcp_keepalive *tcp_keepalive, int reuse_port) {
+ 
+   if (c == NULL) {
+     errno = EINVAL;
+@@ -982,7 +967,7 @@ int pr_inet_set_socket_opts(pool *p, conn_t *c, int rcvbuf, int sndbuf,
+       if (tcp_keepalive != NULL) {
+         int val = 0;
+ 
+-#ifdef TCP_KEEPIDLE
++#if defined(TCP_KEEPIDLE)
+         val = tcp_keepalive->keepalive_idle;
+         if (val != -1) {
+ # ifdef __DragonFly__
+@@ -1002,7 +987,7 @@ int pr_inet_set_socket_opts(pool *p, conn_t *c, int rcvbuf, int sndbuf,
+         }
+ #endif /* TCP_KEEPIDLE */
+ 
+-#ifdef TCP_KEEPCNT
++#if defined(TCP_KEEPCNT)
+         val = tcp_keepalive->keepalive_count;
+         if (val != -1) {
+           if (setsockopt(c->listen_fd, SOL_SOCKET, TCP_KEEPCNT, (void *)
+@@ -1018,7 +1003,7 @@ int pr_inet_set_socket_opts(pool *p, conn_t *c, int rcvbuf, int sndbuf,
+         }
+ #endif /* TCP_KEEPCNT */
+ 
+-#ifdef TCP_KEEPINTVL
++#if defined(TCP_KEEPINTVL)
+         val = tcp_keepalive->keepalive_intvl;
+         if (val != -1) {
+ # ifdef __DragonFly__
+@@ -1108,9 +1093,36 @@ int pr_inet_set_socket_opts(pool *p, conn_t *c, int rcvbuf, int sndbuf,
+     c->rcvbuf = (rcvbuf ? rcvbuf : crcvbuf);
+   }
+ 
++#if defined(SO_REUSEPORT)
++  if (reuse_port != -1) {
++    /* Note that we only want to use this socket option if we are NOT the
++     * master/parent daemon.  Otherwise, we would allow multiple daemon
++     * processes to bind to the same socket, causing unexpected terror
++     * and madness (see Issue #622).
++     */
++    if (!is_master) {
++      if (setsockopt(c->listen_fd, SOL_SOCKET, SO_REUSEPORT,
++          (void *) &reuse_port, sizeof(reuse_port)) < 0) {
++        pr_log_pri(PR_LOG_NOTICE,
++          "error setting SO_REUSEPORT on fd %d: %s", c->listen_fd,
++          strerror(errno));
++
++      } else {
++        pr_trace_msg("data", 8,
++          "set socket fd %d reuseport = %d", c->listen_fd, reuse_port);
++      }
++    }
++  }
++#endif /* SO_REUSEPORT */
++
+   return 0;
+ }
+ 
++int pr_inet_set_socket_opts(pool *p, conn_t *c, int rcvbuf, int sndbuf,
++    struct tcp_keepalive *tcp_keepalive) {
++  return pr_inet_set_socket_opts2(p, c, rcvbuf, sndbuf, tcp_keepalive, -1);
++}
++
+ #ifdef SO_OOBINLINE
+ static void set_oobinline(int fd) {
+   int on = 1;
+diff --git a/tests/api/inet.c b/tests/api/inet.c
+index 3b6e8d5de9..27f89d5ce8 100644
+--- a/tests/api/inet.c
++++ b/tests/api/inet.c
+@@ -1,6 +1,6 @@
+ /*
+  * ProFTPD - FTP server testsuite
+- * Copyright (c) 2014-2020 The ProFTPD Project team
++ * Copyright (c) 2014-2021 The ProFTPD Project team
+  *
+  * This program is free software; you can redistribute it and/or modify
+  * it under the terms of the GNU General Public License as published by
+@@ -457,6 +457,52 @@ START_TEST (inet_set_socket_opts_test) {
+ }
+ END_TEST
+ 
++START_TEST (inet_set_socket_opts2_test) {
++  int fd, sockfd, port = INPORT_ANY, res;
++  conn_t *conn;
++  struct tcp_keepalive keepalive;
++
++  mark_point();
++  res = pr_inet_set_socket_opts2(NULL, NULL, 1, 2, NULL, -1);
++  fail_unless(res < 0, "Failed to handle null arguments");
++  fail_unless(errno == EINVAL, "Expected EINVAL (%d), got %s (%d)", EINVAL,
++    strerror(errno), errno);
++
++  conn = pr_inet_create_conn(p, -1, NULL, port, FALSE);
++  fail_unless(conn != NULL, "Failed to create conn: %s", strerror(errno));
++
++  mark_point();
++  res = pr_inet_set_socket_opts2(p, conn, 1, 2, NULL, -1);
++  fail_unless(res == 0, "Failed to set socket opts: %s", strerror(errno));
++
++  mark_point();
++  res = pr_inet_set_socket_opts2(p, conn, INT_MAX, INT_MAX, NULL, 0);
++  fail_unless(res == 0, "Failed to set socket opts: %s", strerror(errno));
++
++  keepalive.keepalive_enabled = 1;
++  keepalive.keepalive_idle = 1;
++  keepalive.keepalive_count = 2;
++  keepalive.keepalive_intvl = 3;
++  res = pr_inet_set_socket_opts2(p, conn, 1, 2, &keepalive, 1);
++  fail_unless(res == 0, "Failed to set socket opts: %s", strerror(errno));
++
++  mark_point();
++  sockfd = devnull_fd();
++  if (sockfd < 0) {
++    return;
++  }
++
++  fd = conn->listen_fd;
++  conn->listen_fd = sockfd;
++  res = pr_inet_set_socket_opts2(p, conn, 1, 2, &keepalive, 1);
++  fail_unless(res == 0, "Failed to set socket opts: %s", strerror(errno));
++  conn->listen_fd = fd;
++
++  (void) close(sockfd);
++  pr_inet_close(p, conn);
++}
++END_TEST
++
+ START_TEST (inet_listen_test) {
+   int fd, mode, sockfd = -1, port = INPORT_ANY, res;
+   conn_t *conn;
+@@ -830,6 +876,7 @@ Suite *tests_get_inet_suite(void) {
+   tcase_add_test(testcase, inet_set_proto_opts_test);
+   tcase_add_test(testcase, inet_set_proto_opts_ipv6_test);
+   tcase_add_test(testcase, inet_set_socket_opts_test);
++  tcase_add_test(testcase, inet_set_socket_opts2_test);
+   tcase_add_test(testcase, inet_listen_test);
+   tcase_add_test(testcase, inet_connect_ipv4_test);
+   tcase_add_test(testcase, inet_connect_ipv6_test);
diff -Nru proftpd-dfsg-1.3.7a+dfsg/debian/patches/series proftpd-dfsg-1.3.7a+dfsg/debian/patches/series
--- proftpd-dfsg-1.3.7a+dfsg/debian/patches/series	2024-11-25 22:20:02.000000000 +0100
+++ proftpd-dfsg-1.3.7a+dfsg/debian/patches/series	2025-02-16 23:39:43.000000000 +0100
@@ -19,3 +19,4 @@
 bcec15efe6c53dac40420731013f1cd2fd54123b.diff
 97bbe68363ccf2de0c07f67170ec64a8b4d62592.diff
 0021-PATCH-Issue-1830-When-no-supplemental-groups-are-pro.patch
+57ae0b5ecd2f3e3cc85a87f6b9713bf8d1480dc2.patch

Attachment: signature.asc
Description: PGP signature


--- End Message ---
--- Begin Message --- 
On Sun, 2025-02-23 at 23:45 +0100, Hilmar Preusse wrote:
> The patch solves an annoying issue:
> 
> Proftpd does use the same server port for multiple passive FTP
> connections.
> Even when executing multiple simultaneous FTP sessions from different
> clients. This does break simultaneous passive FTP connections, file
> listings and transfers.

bullseye is no longer maintained by the Release Team, but by the LTS
Team (CCed).

Please co-ordinate with them regarding any possible update in bullseye.

Regards,

Adam

--- End Message ---
Reply to: