proftpd-core update from 1.3.7a to newer version because of FTPS with virtual host throws signal 11

Ralf Eßwein resswein at web.de
Mon Oct 24 01:17:15 BST 2022 

Am 23.10.2022 um 00:15 schrieb Ralf Eßwein:

> Am 22.10.2022 um 22:40 schrieb Hilmar Preuße:
>
>> Am 22.10.2022 um 15:15 teilte Ralf Eßwein mit:
>>
>> Hi Ralf,
>>
>>> my installation of debian 11 proftpd server, version 1.3.7a, does not
>>> work anymore with FTPS access to the virtual host configuration in
>>> standalone mode. I use it seldom, but remember it worked in a previous
>>> version.  The observed failure on FTPS access with "signal 11" could
>>> have been fixed in upstream available versions starting with i.e.
>>> proftpd 1.3.7b in the realm of i.e.
>>> https://github.com/proftpd/proftpd/issues/1063
>>> https://github.com/proftpd/proftpd/issues/1239 .
>>> IP based adressing still works.
>>>
>>> Would it be possible to update the package proftpd in a next debian 11
>>> dot release?
>>>
>>
>> The patch for 1063 is contained in
>>
>> proftpd-dfsg (1.3.7a-2) unstable; urgency=medium
>>
>>   [ Hilmar Preusse ]
>>   * Applied some patches pulled from upstream.
>>     - upstream_1063: Avoid segfaults for TLSv1.3 data transfers in
>>       our session tickey callback by checking the status before using
>>       SSL_SESSION pointer.
>>
>> The 1239 is just a reference to this one. Do have the chance to pull
>> the 1.3.d-2 (in fact 1.3.7e) from our repo, build it and check if it
>> solves your issue?
>>
>> Hilmar
>>
> Hi Hilmar,
>
> a source build  is something I tried to avoid, but I will try it, may
> take some time.
>
> Thanks and Kind Regards
> Ralf
>
Hi Hilmar,

the source build adventure ended in a fail and restore from snapshot
backup, which at least is tested now to work very well (good news).

But I was able to setup a small debian 11 VM, upgraded to "unstable"
release and installed proftpd 1.3.7d, mod_tls, mod_wrap and proftpd-basic.
After copying over my configuration files from the "stable" server and
removing one line which tried to include the for whatever reason not
existing  /etc/proftpd/conf.d directory, FTPS access with FileZilla to
the name based virtual host was possible, good news.

Seems that openssl is updated, too in "unstable", but I can't judge if
this had any influence.

So the patches applied to "unstable" seem to fix my observed issue in
"stable", and as I will not upgrade my server to "unstable" to avoid
trouble with the applications, I would again ask if the proftpd 1.3.7a
could become the patches in a possible 11.6 release, or if I have to
wait for release 12 to appear?

Kind Regards
Ralf

More information about the Pkg-proftpd-maintainers mailing list