Bug#1056158: bookworm-pu: package proftpd-dfsg/1.3.8+dfsg-4+deb12u2
Hilmar Preusse
hille42 at web.de
Fri Nov 17 22:17:13 GMT 2023
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian.org at packages.debian.org
Usertags: pu
X-Debbugs-Cc: proftpd-dfsg at packages.debian.org
Control: affects -1 + src:proftpd-dfsg
[ Reason ]
In Proftp 1.3.8 the buffer size for SSL communicatio set to small,
so some SFTP client connections fail, in case the "KEXINIT"
messages from both sides are too large. The patch solves the
regression, which was caused by bullseye -> bookworm upgrade.
[ Impact ]
Currently in some situations (large "KEXINIT" messages from
both sides) the SSL communication may fail.
[ Tests ]
I provided a fixed package to the bug submitter for testing.
He confirmed that his specific issue is solved. The package
itself passes the built it test suite.
[ Risks ]
Patch is trivial, there are no real functional changes, but
rather changes in buffer sizes.
[ Checklist ]
[X] *all* changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable
Debdiff is here https://release.debian.org/proposed-updates/bookworm_diffs/proftpd-dfsg_1.3.8+dfsg-4+deb12u2.debdiff
[ Changes ]
The patch extends the buffer length to do SSL computation.
In Proftp 1.3.8 the size set to small, so some SFTP client
connections fail. The patch solves the regression, which
was caused by bullseye -> bookworm upgrade.
More information about the Pkg-proftpd-maintainers
mailing list