On Sunday 13 December 2009 12:13:38 Francesco P. Lovergine wrote: > Package: proftpd-dfsg > Version: 1.3.0-1 > > As already communicated to secteam on friday, this issue does not > apply even with old versions, because external modules are taken from the > /usr/lib/proftpd directory only in mod_dso.c. So, using or not the internal > liblt library is not a problem in current and old versions of proftpd > (when DSO modules are used, which is the default since 1.3.0). > > Also, 1.3.2c1 does apply the patch below, which appears sufficient enough > to fix 2.2.4 in the current embedded copy. So I did my homework ;-)
Hi! By quickly reading over the sources in debian unstable (1.3.2c) and comparing them to the sources of latest upstream release candidate (1.3.3~rc3), I think it really looks like the patch below is only applied to the latest upstream release candidate (1.3.3~rc3) and *not* to the version in debian unstable, so this bug is indeed not fixed in debian, assuming the patch below is the one fixing it. It does need a bit of adaption to make it fit, as it seems to be around line 2507 that the first hunk should fit, and around line 3183 the second hunk fits. Somehow, I think it would help if everyone was more specific about the technical details of this issue. I am wondering, though, why proftpd ships its own copy of libltdl instead of using the system version, which would avoid this kind of bugs to be have to be fixed in proftpd at all. /Sune - who has been bitten multiple times by the embedded libltdl in kdelibs. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
