Package: proftpd-core Version: 1.3.7a+dfsg-12+deb11u3 Tags: patch Source: proftpd-dfsg
Description of the incorrect behavior: The PassivePorts directive can cause proftpd to swap data streams across clients when the server is in passive mode. (see https://github.com/proftpd/proftpd/issues/1826). The cause of the issue seems to be that proftpd uses the same PassivePort with the socket option SO_REUSEPORT for multiple clients in parallel. Related proftpd issues: - https://github.com/proftpd/proftpd/issues/1171 (main issue) - https://github.com/proftpd/proftpd/issues/1191 - https://github.com/proftpd/proftpd/issues/1826 The issue was fixed in the proftpd codebase with commit 5ac622f and merged into version 1.3.8rc1 (commit 3411200). There is also a backport for version 1.3.7b (commit 57ae0b5) and a fix for the backport (commit a7db0fa). Debian oldstable proftpd-dfsg is using proftpd 1.3.7a source, and I am still able to reproduce the issue with the latest proftpd-core release. Suggested fix: The commits 57ae0b5 and a7db0fa from the proftpd source, which fix the issue, should be patched into proftpd-dfsg.
upstream_1171
Description: Binary data
