[Git][debian-proftpd-team/proftpd][bullseye] Add patch for upstream issue #1171 (Closes: #1090813). Add my debian.org address to d/control file.
Hilmar Preuße (@hilmar)
gitlab at salsa.debian.org
Fri Dec 20 11:55:35 GMT 2024
Hilmar Preuße pushed to branch bullseye at Debian ProFTPD Team / proftpd
Commits:
62fb0002 by Hilmar Preuße at 2024-12-20T12:55:14+01:00
Add patch for upstream issue #1171 (Closes: #1090813). Add my debian.org address to d/control file.
- - - - -
5 changed files:
- debian/changelog
- debian/control
- debian/control.in
- + debian/patches/57ae0b5ecd2f3e3cc85a87f6b9713bf8d1480dc2.patch
- debian/patches/series
Changes:
=====================================
debian/changelog
=====================================
@@ -1,3 +1,9 @@
+proftpd-dfsg (1.3.7a+dfsg-12+deb11u4) UNRELEASED; urgency=medium
+
+ * Add patch for upstream issue #1171 (Closes: #1090813).
+
+ -- Hilmar Preuße <hille42 at debian.org> Fri, 20 Dec 2024 12:51:52 +0100
+
proftpd-dfsg (1.3.7a+dfsg-12+deb11u3) bullseye-security; urgency=medium
* LTS Team upload
=====================================
debian/control
=====================================
@@ -3,7 +3,7 @@ Section: net
Priority: optional
Maintainer: ProFTPD Maintainance Team <pkg-proftpd-maintainers at alioth-lists.debian.net>
Uploaders: Francesco Paolo Lovergine <frankie at debian.org>,
- Hilmar Preusse <hille42 at web.de>
+ Hilmar Preuße <hille42 at debian.org>
Standards-Version: 4.5.1
Build-Depends: debhelper-compat (=13),
dh-exec,
=====================================
debian/control.in
=====================================
@@ -3,7 +3,7 @@ Section: net
Priority: optional
Maintainer: ProFTPD Maintainance Team <pkg-proftpd-maintainers at alioth-lists.debian.net>
Uploaders: Francesco Paolo Lovergine <frankie at debian.org>,
- Hilmar Preusse <hille42 at web.de>
+ Hilmar Preuße <hille42 at debian.org>
Standards-Version: 4.5.1
Build-Depends: debhelper-compat (=13),
dh-exec,
=====================================
debian/patches/57ae0b5ecd2f3e3cc85a87f6b9713bf8d1480dc2.patch
=====================================
@@ -0,0 +1,269 @@
+From 57ae0b5ecd2f3e3cc85a87f6b9713bf8d1480dc2 Mon Sep 17 00:00:00 2001
+From: TJ Saunders <tj at castaglia.org>
+Date: Wed, 3 Mar 2021 21:28:24 -0800
+Subject: [PATCH] Issue #1171: Only set the `SO_REUSEPORT` socket option for
+ active data transfers.
+
+---
+ include/inet.h | 4 +++-
+ src/data.c | 18 ++++++++--------
+ src/inet.c | 54 +++++++++++++++++++++++++++++-------------------
+ tests/api/inet.c | 49 ++++++++++++++++++++++++++++++++++++++++++-
+ 4 files changed, 93 insertions(+), 32 deletions(-)
+
+diff --git a/include/inet.h b/include/inet.h
+index 6ca12ad92b..12fc35a452 100644
+--- a/include/inet.h
++++ b/include/inet.h
+@@ -2,7 +2,7 @@
+ * ProFTPD - FTP server daemon
+ * Copyright (c) 1997, 1998 Public Flood Software
+ * Copyright (c) 1999, 2000 MacGyver aka Habeeb J. Dihu <macgyver at tos.net>
+- * Copyright (c) 2001-2016 The ProFTPD Project team
++ * Copyright (c) 2001-2021 The ProFTPD Project team
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+@@ -152,6 +152,8 @@ int pr_inet_set_proto_cork(int, int);
+ int pr_inet_set_proto_nodelay(pool *, conn_t *, int);
+ int pr_inet_set_proto_opts(pool *, conn_t *, int, int, int, int);
+ int pr_inet_set_socket_opts(pool *, conn_t *, int, int, struct tcp_keepalive *);
++int pr_inet_set_socket_opts2(pool *, conn_t *, int, int, struct tcp_keepalive *,
++ int);
+
+ int pr_inet_listen(pool *p, conn_t *conn, int backlog, int flags);
+ #define PR_INET_LISTEN_FL_FATAL_ON_ERROR 0x0001
+diff --git a/src/data.c b/src/data.c
+index 0c9d5bdc3b..940bd8ed7a 100644
+--- a/src/data.c
++++ b/src/data.c
+@@ -2,7 +2,7 @@
+ * ProFTPD - FTP server daemon
+ * Copyright (c) 1997, 1998 Public Flood Software
+ * Copyright (c) 1999, 2000 MacGyver aka Habeeb J. Dihu <macgyver at tos.net>
+- * Copyright (c) 2001-2020 The ProFTPD Project team
++ * Copyright (c) 2001-2021 The ProFTPD Project team
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+@@ -133,14 +133,14 @@ static int data_passive_open(const char *reason, off_t size) {
+ /* Protocol and socket options should be set before handshaking. */
+
+ if (session.xfer.direction == PR_NETIO_IO_RD) {
+- pr_inet_set_socket_opts(session.d->pool, session.d,
++ pr_inet_set_socket_opts2(session.d->pool, session.d,
+ (main_server->tcp_rcvbuf_override ? main_server->tcp_rcvbuf_len : 0), 0,
+- main_server->tcp_keepalive);
++ main_server->tcp_keepalive, 0);
+
+ } else {
+- pr_inet_set_socket_opts(session.d->pool, session.d,
++ pr_inet_set_socket_opts2(session.d->pool, session.d,
+ 0, (main_server->tcp_sndbuf_override ? main_server->tcp_sndbuf_len : 0),
+- main_server->tcp_keepalive);
++ main_server->tcp_keepalive, 0);
+ }
+
+ c = pr_inet_accept(session.pool, session.d, session.c, -1, -1, TRUE);
+@@ -311,14 +311,14 @@ static int data_active_open(const char *reason, off_t size) {
+ /* Protocol and socket options should be set before handshaking. */
+
+ if (session.xfer.direction == PR_NETIO_IO_RD) {
+- pr_inet_set_socket_opts(session.d->pool, session.d,
++ pr_inet_set_socket_opts2(session.d->pool, session.d,
+ (main_server->tcp_rcvbuf_override ? main_server->tcp_rcvbuf_len : 0), 0,
+- main_server->tcp_keepalive);
++ main_server->tcp_keepalive, 1);
+
+ } else {
+- pr_inet_set_socket_opts(session.d->pool, session.d,
++ pr_inet_set_socket_opts2(session.d->pool, session.d,
+ 0, (main_server->tcp_sndbuf_override ? main_server->tcp_sndbuf_len : 0),
+- main_server->tcp_keepalive);
++ main_server->tcp_keepalive, 1);
+ }
+
+ /* Make sure that the necessary socket options are set on the socket prior
+diff --git a/src/inet.c b/src/inet.c
+index 5d8dfdd999..33ce349aa3 100644
+--- a/src/inet.c
++++ b/src/inet.c
+@@ -2,7 +2,7 @@
+ * ProFTPD - FTP server daemon
+ * Copyright (c) 1997, 1998 Public Flood Software
+ * Copyright (c) 1999, 2000 MacGyver aka Habeeb J. Dihu <macgyver at tos.net>
+- * Copyright (c) 2001-2020 The ProFTPD Project team
++ * Copyright (c) 2001-2021 The ProFTPD Project team
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+@@ -324,21 +324,6 @@ static conn_t *init_conn(pool *p, int fd, const pr_netaddr_t *bind_addr,
+ strerror(errno));
+ }
+
+-#ifdef SO_REUSEPORT
+- /* Note that we only want to use this socket option if we are NOT the
+- * master/parent daemon. Otherwise, we would allow multiple daemon
+- * processes to bind to the same socket, causing unexpected terror
+- * and madness (see Issue #622).
+- */
+- if (!is_master) {
+- if (setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, (void *) &on,
+- sizeof(on)) < 0) {
+- pr_log_pri(PR_LOG_NOTICE, "error setting SO_REUSEPORT: %s",
+- strerror(errno));
+- }
+- }
+-#endif /* SO_REUSEPORT */
+-
+ /* Allow socket keepalive messages by default. However, if
+ * "SocketOptions keepalive off" is in effect, then explicitly
+ * disable keepalives.
+@@ -941,8 +926,8 @@ int pr_inet_set_proto_opts(pool *p, conn_t *c, int mss, int nodelay,
+ }
+
+ /* Set socket options on a connection. */
+-int pr_inet_set_socket_opts(pool *p, conn_t *c, int rcvbuf, int sndbuf,
+- struct tcp_keepalive *tcp_keepalive) {
++int pr_inet_set_socket_opts2(pool *p, conn_t *c, int rcvbuf, int sndbuf,
++ struct tcp_keepalive *tcp_keepalive, int reuse_port) {
+
+ if (c == NULL) {
+ errno = EINVAL;
+@@ -982,7 +967,7 @@ int pr_inet_set_socket_opts(pool *p, conn_t *c, int rcvbuf, int sndbuf,
+ if (tcp_keepalive != NULL) {
+ int val = 0;
+
+-#ifdef TCP_KEEPIDLE
++#if defined(TCP_KEEPIDLE)
+ val = tcp_keepalive->keepalive_idle;
+ if (val != -1) {
+ # ifdef __DragonFly__
+@@ -1002,7 +987,7 @@ int pr_inet_set_socket_opts(pool *p, conn_t *c, int rcvbuf, int sndbuf,
+ }
+ #endif /* TCP_KEEPIDLE */
+
+-#ifdef TCP_KEEPCNT
++#if defined(TCP_KEEPCNT)
+ val = tcp_keepalive->keepalive_count;
+ if (val != -1) {
+ if (setsockopt(c->listen_fd, SOL_SOCKET, TCP_KEEPCNT, (void *)
+@@ -1018,7 +1003,7 @@ int pr_inet_set_socket_opts(pool *p, conn_t *c, int rcvbuf, int sndbuf,
+ }
+ #endif /* TCP_KEEPCNT */
+
+-#ifdef TCP_KEEPINTVL
++#if defined(TCP_KEEPINTVL)
+ val = tcp_keepalive->keepalive_intvl;
+ if (val != -1) {
+ # ifdef __DragonFly__
+@@ -1108,9 +1093,36 @@ int pr_inet_set_socket_opts(pool *p, conn_t *c, int rcvbuf, int sndbuf,
+ c->rcvbuf = (rcvbuf ? rcvbuf : crcvbuf);
+ }
+
++#if defined(SO_REUSEPORT)
++ if (reuse_port != -1) {
++ /* Note that we only want to use this socket option if we are NOT the
++ * master/parent daemon. Otherwise, we would allow multiple daemon
++ * processes to bind to the same socket, causing unexpected terror
++ * and madness (see Issue #622).
++ */
++ if (!is_master) {
++ if (setsockopt(c->listen_fd, SOL_SOCKET, SO_REUSEPORT,
++ (void *) &reuse_port, sizeof(reuse_port)) < 0) {
++ pr_log_pri(PR_LOG_NOTICE,
++ "error setting SO_REUSEPORT on fd %d: %s", c->listen_fd,
++ strerror(errno));
++
++ } else {
++ pr_trace_msg("data", 8,
++ "set socket fd %d reuseport = %d", c->listen_fd, reuse_port);
++ }
++ }
++ }
++#endif /* SO_REUSEPORT */
++
+ return 0;
+ }
+
++int pr_inet_set_socket_opts(pool *p, conn_t *c, int rcvbuf, int sndbuf,
++ struct tcp_keepalive *tcp_keepalive) {
++ return pr_inet_set_socket_opts2(p, c, rcvbuf, sndbuf, tcp_keepalive, -1);
++}
++
+ #ifdef SO_OOBINLINE
+ static void set_oobinline(int fd) {
+ int on = 1;
+diff --git a/tests/api/inet.c b/tests/api/inet.c
+index 3b6e8d5de9..27f89d5ce8 100644
+--- a/tests/api/inet.c
++++ b/tests/api/inet.c
+@@ -1,6 +1,6 @@
+ /*
+ * ProFTPD - FTP server testsuite
+- * Copyright (c) 2014-2020 The ProFTPD Project team
++ * Copyright (c) 2014-2021 The ProFTPD Project team
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+@@ -457,6 +457,52 @@ START_TEST (inet_set_socket_opts_test) {
+ }
+ END_TEST
+
++START_TEST (inet_set_socket_opts2_test) {
++ int fd, sockfd, port = INPORT_ANY, res;
++ conn_t *conn;
++ struct tcp_keepalive keepalive;
++
++ mark_point();
++ res = pr_inet_set_socket_opts2(NULL, NULL, 1, 2, NULL, -1);
++ fail_unless(res < 0, "Failed to handle null arguments");
++ fail_unless(errno == EINVAL, "Expected EINVAL (%d), got %s (%d)", EINVAL,
++ strerror(errno), errno);
++
++ conn = pr_inet_create_conn(p, -1, NULL, port, FALSE);
++ fail_unless(conn != NULL, "Failed to create conn: %s", strerror(errno));
++
++ mark_point();
++ res = pr_inet_set_socket_opts2(p, conn, 1, 2, NULL, -1);
++ fail_unless(res == 0, "Failed to set socket opts: %s", strerror(errno));
++
++ mark_point();
++ res = pr_inet_set_socket_opts2(p, conn, INT_MAX, INT_MAX, NULL, 0);
++ fail_unless(res == 0, "Failed to set socket opts: %s", strerror(errno));
++
++ keepalive.keepalive_enabled = 1;
++ keepalive.keepalive_idle = 1;
++ keepalive.keepalive_count = 2;
++ keepalive.keepalive_intvl = 3;
++ res = pr_inet_set_socket_opts2(p, conn, 1, 2, &keepalive, 1);
++ fail_unless(res == 0, "Failed to set socket opts: %s", strerror(errno));
++
++ mark_point();
++ sockfd = devnull_fd();
++ if (sockfd < 0) {
++ return;
++ }
++
++ fd = conn->listen_fd;
++ conn->listen_fd = sockfd;
++ res = pr_inet_set_socket_opts2(p, conn, 1, 2, &keepalive, 1);
++ fail_unless(res == 0, "Failed to set socket opts: %s", strerror(errno));
++ conn->listen_fd = fd;
++
++ (void) close(sockfd);
++ pr_inet_close(p, conn);
++}
++END_TEST
++
+ START_TEST (inet_listen_test) {
+ int fd, mode, sockfd = -1, port = INPORT_ANY, res;
+ conn_t *conn;
+@@ -830,6 +876,7 @@ Suite *tests_get_inet_suite(void) {
+ tcase_add_test(testcase, inet_set_proto_opts_test);
+ tcase_add_test(testcase, inet_set_proto_opts_ipv6_test);
+ tcase_add_test(testcase, inet_set_socket_opts_test);
++ tcase_add_test(testcase, inet_set_socket_opts2_test);
+ tcase_add_test(testcase, inet_listen_test);
+ tcase_add_test(testcase, inet_connect_ipv4_test);
+ tcase_add_test(testcase, inet_connect_ipv6_test);
=====================================
debian/patches/series
=====================================
@@ -19,3 +19,4 @@ upstream_1149
bcec15efe6c53dac40420731013f1cd2fd54123b.diff
97bbe68363ccf2de0c07f67170ec64a8b4d62592.diff
0021-PATCH-Issue-1830-When-no-supplemental-groups-are-pro.patch
+57ae0b5ecd2f3e3cc85a87f6b9713bf8d1480dc2.patch
View it on GitLab: https://salsa.debian.org/debian-proftpd-team/proftpd/-/commit/62fb0002d2338cb9dabeacf0fa26de057e40ef8d
--
View it on GitLab: https://salsa.debian.org/debian-proftpd-team/proftpd/-/commit/62fb0002d2338cb9dabeacf0fa26de057e40ef8d
You're receiving this email because of your account on salsa.debian.org.
More information about the Pkg-proftpd-maintainers
mailing list