Your message dated Wed, 21 Nov 2018 20:11:38 +0000 with message-id <e1gpyqy-0002zp...@fasolo.debian.org> and subject line Bug#911875: fixed in proftpd-dfsg 1.3.6-3 has caused the Debian Bug report #911875, regarding proftpd-basic (mod_sftp) is missing important upstream fixes for an OpenSSL API change to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 911875: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911875 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: proftpd-basic Version: 1.3.6-2+b1 The distribution of proftpd mod_sftp presently in Buster/Sid is critically flawed. Clients that use DSA and ECDSA keys may have issues connecting. This was caused by an OpenSSL API change (upstream states OpenSSL 1.1.x is affected). Specifically, the position of the signature struct pointer passed DSA_SIG_get0() and ECDSA_SIG_get0() had been altered in OpenSSL (moved from position #2 to position #0), causing key exchanges and other signing-based processes to break in mod_sftp. The fix should be as straightforward as cherry picking the upstream commit. I will be testing this patch with the debian source code shortly.
--- End Message ---
--- Begin Message ---Source: proftpd-dfsg Source-Version: 1.3.6-3 We believe that the bug you reported is fixed in the latest version of proftpd-dfsg, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 911...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Francesco Paolo Lovergine <fran...@debian.org> (supplier of updated proftpd-dfsg package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 21 Nov 2018 14:30:08 +0100 Source: proftpd-dfsg Binary: proftpd-basic proftpd-dev proftpd-doc proftpd-mod-mysql proftpd-mod-pgsql proftpd-mod-ldap proftpd-mod-odbc proftpd-mod-sqlite proftpd-mod-geoip proftpd-mod-snmp Architecture: source amd64 all Version: 1.3.6-3 Distribution: unstable Urgency: medium Maintainer: ProFTPD Maintainance Team <pkg-proftpd-maintain...@alioth-lists.debian.net> Changed-By: Francesco Paolo Lovergine <fran...@debian.org> Description: proftpd-basic - Versatile, virtual-hosting FTP daemon - binaries proftpd-dev - Versatile, virtual-hosting FTP daemon - development files proftpd-doc - Versatile, virtual-hosting FTP daemon - documentation proftpd-mod-geoip - Versatile, virtual-hosting FTP daemon - GeoIP module proftpd-mod-ldap - Versatile, virtual-hosting FTP daemon - LDAP module proftpd-mod-mysql - Versatile, virtual-hosting FTP daemon - MySQL module proftpd-mod-odbc - Versatile, virtual-hosting FTP daemon - ODBC module proftpd-mod-pgsql - Versatile, virtual-hosting FTP daemon - PostgreSQL module proftpd-mod-snmp - Versatile, virtual-hosting FTP daemon - SNMP module proftpd-mod-sqlite - Versatile, virtual-hosting FTP daemon - SQLite3 module Closes: 608881 897168 911875 913824 Changes: proftpd-dfsg (1.3.6-3) unstable; urgency=medium . [ Hilmar Preuße ] * Pick github_pr_710 from upstream: [PATCH] Issue #674: Update mod_sftp to handle changed APIs in OpenSSL (Closes: #911875). * [PATCH] Bug#4356: Fix infinite loop by actually iterating properly for the next configuration record. * Pick github_pr_594 from upstream: [PATCH] Issue #593: If the IgnoreExtendedAttributes FSOption is used, then do not include the EXTENDED attribute flag in the SFTP ATTRS responses (Closes: #913824). . * Run configure w/ --disable-xattr only on kfreebsd to fix FTBFS. (Closes: #897168) * Do create /run/proftpd also in postinst, if not exists yet. (Closes: #608881) * New Proftp module package: proftpd-mod-snmp. * Add "Enhances: proftpd-basic" to all modules built by this package. * d/rules: remove clean code, which is covered by upstreams Makefile. * Lintian: W: maintainer-script-should-not-parse-etc-passwd-or-group E: wrong-path-for-interpreter . [ Francesco Paolo Lovergine ] * Policy bumped to 4.2.1. No changes required. Checksums-Sha1: 76c7ecb9d18f727a9088c30cad8182d81d22d505 2836 proftpd-dfsg_1.3.6-3.dsc 6b380b6cf910ba73e1cf03f5633010a1cd615e23 76056 proftpd-dfsg_1.3.6-3.debian.tar.xz 59c1464ad39fb36abad5217be9252851736703f7 3133164 proftpd-basic-dbgsym_1.3.6-3_amd64.deb abbb979dc2cb84b08f85f2fe2363b23355b2b49e 2650492 proftpd-basic_1.3.6-3_amd64.deb b21a0dcc345b34e0cdc1c5fb4a12069fc1c910d3 2659848 proftpd-dev_1.3.6-3_amd64.deb 9170fc125015ddac90ec8d8250ac4778852ff779 12502 proftpd-dfsg_1.3.6-3_amd64.buildinfo af90b635207e07086aace5fcd7cf382493e79c0b 1695548 proftpd-doc_1.3.6-3_all.deb 8d79923f7019e77147533f67787d9787f6c8467e 27860 proftpd-mod-geoip-dbgsym_1.3.6-3_amd64.deb 95142af8a83327db812a00649969377613534995 499248 proftpd-mod-geoip_1.3.6-3_amd64.deb 1b8113481cfe07efbf4d42a517965899f3361abb 45956 proftpd-mod-ldap-dbgsym_1.3.6-3_amd64.deb 1aea04ad75bca2e327b7be9454aca3831992d2f6 506260 proftpd-mod-ldap_1.3.6-3_amd64.deb e11cd66e615353959e087091111f2c0a0aa5f22a 30424 proftpd-mod-mysql-dbgsym_1.3.6-3_amd64.deb ed5e409be584627108e27b4ed4115bdc7db4c25b 499292 proftpd-mod-mysql_1.3.6-3_amd64.deb feea02372981c9aad15e3f3f6e03e48af0455f73 27140 proftpd-mod-odbc-dbgsym_1.3.6-3_amd64.deb 5ef544b907e5c8fa59b376c5afea3478c49f5e1e 499316 proftpd-mod-odbc_1.3.6-3_amd64.deb a33d871925a4858d30108dfe2221d5ce67d6e1a4 26032 proftpd-mod-pgsql-dbgsym_1.3.6-3_amd64.deb 55f624931c5668909ce8326c9e6e169473b8253a 498244 proftpd-mod-pgsql_1.3.6-3_amd64.deb 0f68d706afb71b591a279995150a6dc6a6b26513 114124 proftpd-mod-snmp-dbgsym_1.3.6-3_amd64.deb 4ec17c39af2a85fa53058e20d166f1553a0181f1 532424 proftpd-mod-snmp_1.3.6-3_amd64.deb 1fc4dcc55d50aff32b462ae9ca6f3610380bbc0a 22828 proftpd-mod-sqlite-dbgsym_1.3.6-3_amd64.deb 051cb582567b31f4b7899677d236af3284cfdebd 497096 proftpd-mod-sqlite_1.3.6-3_amd64.deb Checksums-Sha256: ce15ddf9634c0474246762ff95d8ee45ad597d2b9881cae4911f8e955e4f8030 2836 proftpd-dfsg_1.3.6-3.dsc 6288f0f8550c38f849e0a6012005ffdb51a1702bb30a06a1f8529cc61b4d3510 76056 proftpd-dfsg_1.3.6-3.debian.tar.xz c4e05cd01be4cfb0e8a954ed2bd9690061f0baf0c0135d02dcaffde29513511d 3133164 proftpd-basic-dbgsym_1.3.6-3_amd64.deb 9df097cc7fbe479357cbbf716f9c42d73725248bc811dbae09de9ac5b52624bf 2650492 proftpd-basic_1.3.6-3_amd64.deb 7f1603cade4b0cfba6f5cb397328a20459ebbb4ce98bd1f822f448f7516e0401 2659848 proftpd-dev_1.3.6-3_amd64.deb 108a90c2881028c99a037b1f3fe572d66df115348e3a35690a89b8bd7178dc1a 12502 proftpd-dfsg_1.3.6-3_amd64.buildinfo eca8e74fbb80dda333ee9a2b88c241134daa767b244dc1733d7b5689293f1463 1695548 proftpd-doc_1.3.6-3_all.deb f3a6ba573f928d13dfdc2d96cf35d9cbc4461236a8ae2c1110d13da688948d38 27860 proftpd-mod-geoip-dbgsym_1.3.6-3_amd64.deb 487dceafd1fd3be488693d9cb9a0c726cdaf9cd324b4ba64d24206051ed0c937 499248 proftpd-mod-geoip_1.3.6-3_amd64.deb 07ef9a8eed5ef96cdfd01ae4efcc5a40d33a433013e91447a92b4422f2a86a9f 45956 proftpd-mod-ldap-dbgsym_1.3.6-3_amd64.deb d41f4a00a2012a498fdc6939bb3773c16f0ad0e6fbf9c4d0431e4548d127cb88 506260 proftpd-mod-ldap_1.3.6-3_amd64.deb 08b0bd797d6d327d13aadf6da0fdc89234aa6970b744394a33b62597437322d0 30424 proftpd-mod-mysql-dbgsym_1.3.6-3_amd64.deb aea44a54a40f3318e1182c1826136b4e839e24465726e30f0a758d1c14a13147 499292 proftpd-mod-mysql_1.3.6-3_amd64.deb 78c251e986052ec8e4d04e3307447490dd235ec402971c84fca1bae924d9edd5 27140 proftpd-mod-odbc-dbgsym_1.3.6-3_amd64.deb 5bc534a1e7424f927da034f2dbb3e98b3d71536fbed5efe46ed22e10c904eb3a 499316 proftpd-mod-odbc_1.3.6-3_amd64.deb 1153cbe514da22c25f7685d707321e35be72f6c73bf1739e1a5e56f8f59a1adf 26032 proftpd-mod-pgsql-dbgsym_1.3.6-3_amd64.deb 52d8a27554091a0078073800f0633cbb8ff9bc197f3afc2919ca5273ac3c3801 498244 proftpd-mod-pgsql_1.3.6-3_amd64.deb ff5e71c5ba5e96ddf5ea6f2a4a5309804cb4f93d3169a8fbab5441724b06d851 114124 proftpd-mod-snmp-dbgsym_1.3.6-3_amd64.deb 94e7ae0162535f7b10ea55dee934869bc98817cafaece533488b7c2e728a2804 532424 proftpd-mod-snmp_1.3.6-3_amd64.deb d30f622dfe1c8040a8ac851e049f1ce190b17d961852a5473cab66d8ca3ad128 22828 proftpd-mod-sqlite-dbgsym_1.3.6-3_amd64.deb 78d8572225e0d6268e2c97240564b56482dbbbdfcfeeb59a6ca5d51a36614309 497096 proftpd-mod-sqlite_1.3.6-3_amd64.deb Files: cbed23e1387dcd6221cd78dd7b1a1630 2836 net optional proftpd-dfsg_1.3.6-3.dsc 635ec07944997fd3130edbdfc4134104 76056 net optional proftpd-dfsg_1.3.6-3.debian.tar.xz ab6e40efc17bca9d7baa25b07058e5d6 3133164 debug optional proftpd-basic-dbgsym_1.3.6-3_amd64.deb dce76d693c68187ff415e21eee2f4e66 2650492 net optional proftpd-basic_1.3.6-3_amd64.deb 8748279332fe1fff36cbb9b4a21ee567 2659848 net optional proftpd-dev_1.3.6-3_amd64.deb 03c384d13f380869abc3b4ecbda876d9 12502 net optional proftpd-dfsg_1.3.6-3_amd64.buildinfo d32178740a82c665bb85f229109d466d 1695548 doc optional proftpd-doc_1.3.6-3_all.deb 299ebc1ad8700224c2c39e5eb4204025 27860 debug optional proftpd-mod-geoip-dbgsym_1.3.6-3_amd64.deb da19c71a0ec7bb1e16a202ceb94195bb 499248 net optional proftpd-mod-geoip_1.3.6-3_amd64.deb cedca858b88f17c049d5028d52743b17 45956 debug optional proftpd-mod-ldap-dbgsym_1.3.6-3_amd64.deb 5c6096e13a8e965cfdfe3c9607770cc5 506260 net optional proftpd-mod-ldap_1.3.6-3_amd64.deb 894a4ed04ae68ce21dfa4b39bcba027b 30424 debug optional proftpd-mod-mysql-dbgsym_1.3.6-3_amd64.deb 160ee866d496a86125ccbe0b677ca10d 499292 net optional proftpd-mod-mysql_1.3.6-3_amd64.deb d9a824fcd5a29924d7953e3c5f34f85a 27140 debug optional proftpd-mod-odbc-dbgsym_1.3.6-3_amd64.deb 269ed5aeeb7d2e069e159a3a779225d1 499316 net optional proftpd-mod-odbc_1.3.6-3_amd64.deb 6fffe07ebf4d9aebbf53c5c0afb5c711 26032 debug optional proftpd-mod-pgsql-dbgsym_1.3.6-3_amd64.deb 8fd727d55dc13ffc7b79fccc31340065 498244 net optional proftpd-mod-pgsql_1.3.6-3_amd64.deb 7053bb667c17804bbf4fdb333aea40ae 114124 debug optional proftpd-mod-snmp-dbgsym_1.3.6-3_amd64.deb 8c134e3ec4f0717ddcde79e52e0b4bc7 532424 net optional proftpd-mod-snmp_1.3.6-3_amd64.deb 00f97961b696140b817f8aca55050e35 22828 debug optional proftpd-mod-sqlite-dbgsym_1.3.6-3_amd64.deb 8730db1261f385efa959bb2b0c7a6447 497096 net optional proftpd-mod-sqlite_1.3.6-3_amd64.deb -----BEGIN PGP SIGNATURE----- iQJHBAEBCAAxFiEEBXmpeiI46/m+Ye0CDwKl4RY2hqQFAlv1XuMTHGZyYW5raWVA ZGViaWFuLm9yZwAKCRAPAqXhFjaGpB8fD/9Akuf4TKOfj7S69TVFef7wQAZonJ8q Bp9MAAljZKZp1q2UXSaj4L6p05AuGyxFo/GltOfvYiPI6H1FATStcAKLL1Qx4GN3 adgsStEzRLHLoSVtVPvCNnMVBZD4n8hQf6/gxK5TUWEiJbqf9Vac0l+OUV+zuisH 6VgCpIBwnFQWQQBgu8sxhHTkJBhAGJRMcDg5Q1EfVSPkW/XG8gMMUWteiJYD5WHN xg5+QCrHK9NDOQRVM/AMrThUb17Xqtj3U/Er5MOZsbKHww9Czuqi4JWN5KnTTpuD Owo4MRqIM5G0fBBBvqSN2CYJb6q7cMIaGrLFIU9a3+kXk1AsOs0EWKqJ7wlYFNVL RMkyupQCjocGnhoiJfE42cVOxSMCAFLnCQp70LnFlELRMKnN90NklYjWY+lam0L9 sUIfJ3mH7BCS6gjt/NHzXflrP+zz83RSSFSpI3ksSkZ8OFzmkF+0ZSEWU/72oMr7 y1FcxEUzoyyVTmqdqc4yOAqONoOTWID9qtYErVnoRtYRqr3pNzcWG8w9UdBBz38W u6DsLwFoAg34D2Xl7UAYBC74amTrdkJPVe/PJ3WzHgjjKV/1coEngzV9IJBuNNsK qTR6v/xyBY6Us8+jPfV8q3avobn/W5/0TKJ0SQY3YBsn4045tVxEidYzdaWXZo6D H9DgcF1cepjI/g== =TPLZ -----END PGP SIGNATURE-----
--- End Message ---
