--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian....@packages.debian.org
Usertags: pu
X-Debbugs-Cc: proftpd-d...@packages.debian.org
Control: affects -1 + src:proftpd-dfsg
[ Reason ]
The patch solves an annoying issue:
Proftpd does use the same server port for multiple passive FTP connections.
Even when executing multiple simultaneous FTP sessions from different
clients. This does break simultaneous passive FTP connections, file
listings and transfers.
[ Impact ]
Without the patch two different FTP sessions may interfere (even when
coming from two different hosts) in case the option PassivePorts is
used.
[ Tests ]
Patch / Fix is in proftp version in stable for a long time and works as
expected.
[ Checklist ]
[X] *all* changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable and stable
[ Changes ]
patch for upstream issue #1171 (Closes: #1090813).
"Downloading a file contains the contents of another file."
diff -Nru proftpd-dfsg-1.3.7a+dfsg/debian/changelog proftpd-dfsg-1.3.7a+dfsg/debian/changelog
--- proftpd-dfsg-1.3.7a+dfsg/debian/changelog 2024-11-25 22:20:02.000000000 +0100
+++ proftpd-dfsg-1.3.7a+dfsg/debian/changelog 2025-02-16 23:41:13.000000000 +0100
@@ -1,3 +1,10 @@
+proftpd-dfsg (1.3.7a+dfsg-12+deb11u4) bullseye; urgency=medium
+
+ * Add patch for upstream issue #1171 (Closes: #1090813).
+ "Downloading a file contains the contents of another file."
+
+ -- Hilmar Preuße <hill...@debian.org> Sun, 16 Feb 2025 23:41:13 +0100
+
proftpd-dfsg (1.3.7a+dfsg-12+deb11u3) bullseye-security; urgency=medium
* LTS Team upload
diff -Nru proftpd-dfsg-1.3.7a+dfsg/debian/control proftpd-dfsg-1.3.7a+dfsg/debian/control
--- proftpd-dfsg-1.3.7a+dfsg/debian/control 2024-11-25 22:20:02.000000000 +0100
+++ proftpd-dfsg-1.3.7a+dfsg/debian/control 2025-02-16 23:39:43.000000000 +0100
@@ -3,7 +3,7 @@
Priority: optional
Maintainer: ProFTPD Maintainance Team <pkg-proftpd-maintain...@alioth-lists.debian.net>
Uploaders: Francesco Paolo Lovergine <fran...@debian.org>,
- Hilmar Preusse <hill...@web.de>
+ Hilmar Preuße <hill...@debian.org>
Standards-Version: 4.5.1
Build-Depends: debhelper-compat (=13),
dh-exec,
diff -Nru proftpd-dfsg-1.3.7a+dfsg/debian/control.in proftpd-dfsg-1.3.7a+dfsg/debian/control.in
--- proftpd-dfsg-1.3.7a+dfsg/debian/control.in 2024-11-25 22:20:02.000000000 +0100
+++ proftpd-dfsg-1.3.7a+dfsg/debian/control.in 2025-02-16 23:39:43.000000000 +0100
@@ -3,7 +3,7 @@
Priority: optional
Maintainer: ProFTPD Maintainance Team <pkg-proftpd-maintain...@alioth-lists.debian.net>
Uploaders: Francesco Paolo Lovergine <fran...@debian.org>,
- Hilmar Preusse <hill...@web.de>
+ Hilmar Preuße <hill...@debian.org>
Standards-Version: 4.5.1
Build-Depends: debhelper-compat (=13),
dh-exec,
diff -Nru proftpd-dfsg-1.3.7a+dfsg/debian/patches/57ae0b5ecd2f3e3cc85a87f6b9713bf8d1480dc2.patch proftpd-dfsg-1.3.7a+dfsg/debian/patches/57ae0b5ecd2f3e3cc85a87f6b9713bf8d1480dc2.patch
--- proftpd-dfsg-1.3.7a+dfsg/debian/patches/57ae0b5ecd2f3e3cc85a87f6b9713bf8d1480dc2.patch 1970-01-01 01:00:00.000000000 +0100
+++ proftpd-dfsg-1.3.7a+dfsg/debian/patches/57ae0b5ecd2f3e3cc85a87f6b9713bf8d1480dc2.patch 2025-02-16 23:39:43.000000000 +0100
@@ -0,0 +1,269 @@
+From 57ae0b5ecd2f3e3cc85a87f6b9713bf8d1480dc2 Mon Sep 17 00:00:00 2001
+From: TJ Saunders <t...@castaglia.org>
+Date: Wed, 3 Mar 2021 21:28:24 -0800
+Subject: [PATCH] Issue #1171: Only set the `SO_REUSEPORT` socket option for
+ active data transfers.
+
+---
+ include/inet.h | 4 +++-
+ src/data.c | 18 ++++++++--------
+ src/inet.c | 54 +++++++++++++++++++++++++++++-------------------
+ tests/api/inet.c | 49 ++++++++++++++++++++++++++++++++++++++++++-
+ 4 files changed, 93 insertions(+), 32 deletions(-)
+
+diff --git a/include/inet.h b/include/inet.h
+index 6ca12ad92b..12fc35a452 100644
+--- a/include/inet.h
++++ b/include/inet.h
+@@ -2,7 +2,7 @@
+ * ProFTPD - FTP server daemon
+ * Copyright (c) 1997, 1998 Public Flood Software
+ * Copyright (c) 1999, 2000 MacGyver aka Habeeb J. Dihu <macgy...@tos.net>
+- * Copyright (c) 2001-2016 The ProFTPD Project team
++ * Copyright (c) 2001-2021 The ProFTPD Project team
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+@@ -152,6 +152,8 @@ int pr_inet_set_proto_cork(int, int);
+ int pr_inet_set_proto_nodelay(pool *, conn_t *, int);
+ int pr_inet_set_proto_opts(pool *, conn_t *, int, int, int, int);
+ int pr_inet_set_socket_opts(pool *, conn_t *, int, int, struct tcp_keepalive *);
++int pr_inet_set_socket_opts2(pool *, conn_t *, int, int, struct tcp_keepalive *,
++ int);
+
+ int pr_inet_listen(pool *p, conn_t *conn, int backlog, int flags);
+ #define PR_INET_LISTEN_FL_FATAL_ON_ERROR 0x0001
+diff --git a/src/data.c b/src/data.c
+index 0c9d5bdc3b..940bd8ed7a 100644
+--- a/src/data.c
++++ b/src/data.c
+@@ -2,7 +2,7 @@
+ * ProFTPD - FTP server daemon
+ * Copyright (c) 1997, 1998 Public Flood Software
+ * Copyright (c) 1999, 2000 MacGyver aka Habeeb J. Dihu <macgy...@tos.net>
+- * Copyright (c) 2001-2020 The ProFTPD Project team
++ * Copyright (c) 2001-2021 The ProFTPD Project team
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+@@ -133,14 +133,14 @@ static int data_passive_open(const char *reason, off_t size) {
+ /* Protocol and socket options should be set before handshaking. */
+
+ if (session.xfer.direction == PR_NETIO_IO_RD) {
+- pr_inet_set_socket_opts(session.d->pool, session.d,
++ pr_inet_set_socket_opts2(session.d->pool, session.d,
+ (main_server->tcp_rcvbuf_override ? main_server->tcp_rcvbuf_len : 0), 0,
+- main_server->tcp_keepalive);
++ main_server->tcp_keepalive, 0);
+
+ } else {
+- pr_inet_set_socket_opts(session.d->pool, session.d,
++ pr_inet_set_socket_opts2(session.d->pool, session.d,
+ 0, (main_server->tcp_sndbuf_override ? main_server->tcp_sndbuf_len : 0),
+- main_server->tcp_keepalive);
++ main_server->tcp_keepalive, 0);
+ }
+
+ c = pr_inet_accept(session.pool, session.d, session.c, -1, -1, TRUE);
+@@ -311,14 +311,14 @@ static int data_active_open(const char *reason, off_t size) {
+ /* Protocol and socket options should be set before handshaking. */
+
+ if (session.xfer.direction == PR_NETIO_IO_RD) {
+- pr_inet_set_socket_opts(session.d->pool, session.d,
++ pr_inet_set_socket_opts2(session.d->pool, session.d,
+ (main_server->tcp_rcvbuf_override ? main_server->tcp_rcvbuf_len : 0), 0,
+- main_server->tcp_keepalive);
++ main_server->tcp_keepalive, 1);
+
+ } else {
+- pr_inet_set_socket_opts(session.d->pool, session.d,
++ pr_inet_set_socket_opts2(session.d->pool, session.d,
+ 0, (main_server->tcp_sndbuf_override ? main_server->tcp_sndbuf_len : 0),
+- main_server->tcp_keepalive);
++ main_server->tcp_keepalive, 1);
+ }
+
+ /* Make sure that the necessary socket options are set on the socket prior
+diff --git a/src/inet.c b/src/inet.c
+index 5d8dfdd999..33ce349aa3 100644
+--- a/src/inet.c
++++ b/src/inet.c
+@@ -2,7 +2,7 @@
+ * ProFTPD - FTP server daemon
+ * Copyright (c) 1997, 1998 Public Flood Software
+ * Copyright (c) 1999, 2000 MacGyver aka Habeeb J. Dihu <macgy...@tos.net>
+- * Copyright (c) 2001-2020 The ProFTPD Project team
++ * Copyright (c) 2001-2021 The ProFTPD Project team
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+@@ -324,21 +324,6 @@ static conn_t *init_conn(pool *p, int fd, const pr_netaddr_t *bind_addr,
+ strerror(errno));
+ }
+
+-#ifdef SO_REUSEPORT
+- /* Note that we only want to use this socket option if we are NOT the
+- * master/parent daemon. Otherwise, we would allow multiple daemon
+- * processes to bind to the same socket, causing unexpected terror
+- * and madness (see Issue #622).
+- */
+- if (!is_master) {
+- if (setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, (void *) &on,
+- sizeof(on)) < 0) {
+- pr_log_pri(PR_LOG_NOTICE, "error setting SO_REUSEPORT: %s",
+- strerror(errno));
+- }
+- }
+-#endif /* SO_REUSEPORT */
+-
+ /* Allow socket keepalive messages by default. However, if
+ * "SocketOptions keepalive off" is in effect, then explicitly
+ * disable keepalives.
+@@ -941,8 +926,8 @@ int pr_inet_set_proto_opts(pool *p, conn_t *c, int mss, int nodelay,
+ }
+
+ /* Set socket options on a connection. */
+-int pr_inet_set_socket_opts(pool *p, conn_t *c, int rcvbuf, int sndbuf,
+- struct tcp_keepalive *tcp_keepalive) {
++int pr_inet_set_socket_opts2(pool *p, conn_t *c, int rcvbuf, int sndbuf,
++ struct tcp_keepalive *tcp_keepalive, int reuse_port) {
+
+ if (c == NULL) {
+ errno = EINVAL;
+@@ -982,7 +967,7 @@ int pr_inet_set_socket_opts(pool *p, conn_t *c, int rcvbuf, int sndbuf,
+ if (tcp_keepalive != NULL) {
+ int val = 0;
+
+-#ifdef TCP_KEEPIDLE
++#if defined(TCP_KEEPIDLE)
+ val = tcp_keepalive->keepalive_idle;
+ if (val != -1) {
+ # ifdef __DragonFly__
+@@ -1002,7 +987,7 @@ int pr_inet_set_socket_opts(pool *p, conn_t *c, int rcvbuf, int sndbuf,
+ }
+ #endif /* TCP_KEEPIDLE */
+
+-#ifdef TCP_KEEPCNT
++#if defined(TCP_KEEPCNT)
+ val = tcp_keepalive->keepalive_count;
+ if (val != -1) {
+ if (setsockopt(c->listen_fd, SOL_SOCKET, TCP_KEEPCNT, (void *)
+@@ -1018,7 +1003,7 @@ int pr_inet_set_socket_opts(pool *p, conn_t *c, int rcvbuf, int sndbuf,
+ }
+ #endif /* TCP_KEEPCNT */
+
+-#ifdef TCP_KEEPINTVL
++#if defined(TCP_KEEPINTVL)
+ val = tcp_keepalive->keepalive_intvl;
+ if (val != -1) {
+ # ifdef __DragonFly__
+@@ -1108,9 +1093,36 @@ int pr_inet_set_socket_opts(pool *p, conn_t *c, int rcvbuf, int sndbuf,
+ c->rcvbuf = (rcvbuf ? rcvbuf : crcvbuf);
+ }
+
++#if defined(SO_REUSEPORT)
++ if (reuse_port != -1) {
++ /* Note that we only want to use this socket option if we are NOT the
++ * master/parent daemon. Otherwise, we would allow multiple daemon
++ * processes to bind to the same socket, causing unexpected terror
++ * and madness (see Issue #622).
++ */
++ if (!is_master) {
++ if (setsockopt(c->listen_fd, SOL_SOCKET, SO_REUSEPORT,
++ (void *) &reuse_port, sizeof(reuse_port)) < 0) {
++ pr_log_pri(PR_LOG_NOTICE,
++ "error setting SO_REUSEPORT on fd %d: %s", c->listen_fd,
++ strerror(errno));
++
++ } else {
++ pr_trace_msg("data", 8,
++ "set socket fd %d reuseport = %d", c->listen_fd, reuse_port);
++ }
++ }
++ }
++#endif /* SO_REUSEPORT */
++
+ return 0;
+ }
+
++int pr_inet_set_socket_opts(pool *p, conn_t *c, int rcvbuf, int sndbuf,
++ struct tcp_keepalive *tcp_keepalive) {
++ return pr_inet_set_socket_opts2(p, c, rcvbuf, sndbuf, tcp_keepalive, -1);
++}
++
+ #ifdef SO_OOBINLINE
+ static void set_oobinline(int fd) {
+ int on = 1;
+diff --git a/tests/api/inet.c b/tests/api/inet.c
+index 3b6e8d5de9..27f89d5ce8 100644
+--- a/tests/api/inet.c
++++ b/tests/api/inet.c
+@@ -1,6 +1,6 @@
+ /*
+ * ProFTPD - FTP server testsuite
+- * Copyright (c) 2014-2020 The ProFTPD Project team
++ * Copyright (c) 2014-2021 The ProFTPD Project team
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+@@ -457,6 +457,52 @@ START_TEST (inet_set_socket_opts_test) {
+ }
+ END_TEST
+
++START_TEST (inet_set_socket_opts2_test) {
++ int fd, sockfd, port = INPORT_ANY, res;
++ conn_t *conn;
++ struct tcp_keepalive keepalive;
++
++ mark_point();
++ res = pr_inet_set_socket_opts2(NULL, NULL, 1, 2, NULL, -1);
++ fail_unless(res < 0, "Failed to handle null arguments");
++ fail_unless(errno == EINVAL, "Expected EINVAL (%d), got %s (%d)", EINVAL,
++ strerror(errno), errno);
++
++ conn = pr_inet_create_conn(p, -1, NULL, port, FALSE);
++ fail_unless(conn != NULL, "Failed to create conn: %s", strerror(errno));
++
++ mark_point();
++ res = pr_inet_set_socket_opts2(p, conn, 1, 2, NULL, -1);
++ fail_unless(res == 0, "Failed to set socket opts: %s", strerror(errno));
++
++ mark_point();
++ res = pr_inet_set_socket_opts2(p, conn, INT_MAX, INT_MAX, NULL, 0);
++ fail_unless(res == 0, "Failed to set socket opts: %s", strerror(errno));
++
++ keepalive.keepalive_enabled = 1;
++ keepalive.keepalive_idle = 1;
++ keepalive.keepalive_count = 2;
++ keepalive.keepalive_intvl = 3;
++ res = pr_inet_set_socket_opts2(p, conn, 1, 2, &keepalive, 1);
++ fail_unless(res == 0, "Failed to set socket opts: %s", strerror(errno));
++
++ mark_point();
++ sockfd = devnull_fd();
++ if (sockfd < 0) {
++ return;
++ }
++
++ fd = conn->listen_fd;
++ conn->listen_fd = sockfd;
++ res = pr_inet_set_socket_opts2(p, conn, 1, 2, &keepalive, 1);
++ fail_unless(res == 0, "Failed to set socket opts: %s", strerror(errno));
++ conn->listen_fd = fd;
++
++ (void) close(sockfd);
++ pr_inet_close(p, conn);
++}
++END_TEST
++
+ START_TEST (inet_listen_test) {
+ int fd, mode, sockfd = -1, port = INPORT_ANY, res;
+ conn_t *conn;
+@@ -830,6 +876,7 @@ Suite *tests_get_inet_suite(void) {
+ tcase_add_test(testcase, inet_set_proto_opts_test);
+ tcase_add_test(testcase, inet_set_proto_opts_ipv6_test);
+ tcase_add_test(testcase, inet_set_socket_opts_test);
++ tcase_add_test(testcase, inet_set_socket_opts2_test);
+ tcase_add_test(testcase, inet_listen_test);
+ tcase_add_test(testcase, inet_connect_ipv4_test);
+ tcase_add_test(testcase, inet_connect_ipv6_test);
diff -Nru proftpd-dfsg-1.3.7a+dfsg/debian/patches/series proftpd-dfsg-1.3.7a+dfsg/debian/patches/series
--- proftpd-dfsg-1.3.7a+dfsg/debian/patches/series 2024-11-25 22:20:02.000000000 +0100
+++ proftpd-dfsg-1.3.7a+dfsg/debian/patches/series 2025-02-16 23:39:43.000000000 +0100
@@ -19,3 +19,4 @@
bcec15efe6c53dac40420731013f1cd2fd54123b.diff
97bbe68363ccf2de0c07f67170ec64a8b4d62592.diff
0021-PATCH-Issue-1830-When-no-supplemental-groups-are-pro.patch
+57ae0b5ecd2f3e3cc85a87f6b9713bf8d1480dc2.patch
signature.asc
Description: PGP signature
--- End Message ---
