Bug#949622: proftpd-basic: SSH authentication fails for many clients due to receiving of SSH_MSG_IGNORE packet

2020-02-11 Thread Hilmar Preuße 
Am 11.02.2020 um 08:58 teilte Ghislain Adnet mit:

Hi Ghislain,

> the problem still exist for debian 9 and debian 8, is it possible to 
> backport the patch for those versions?
> 
I'm aware of the issue. However I did not considered yet to fix the
issue for oldstable (Debian 9). I had a look at porting the fix to
Debian stable, but failed until now.

If you have patches, let me know. The Fedora project could have patches,
but I'll have to have a closer look[1].

H.

[1] https://src.fedoraproject.org/rpms/proftpd/blob/HEAD/f/proftpd.spec
-- 
sigfault
#206401 http://counter.li.org



signature.asc
Description: OpenPGP digital signature

Bug#949622: proftpd-basic: SSH authentication fails for many clients due to receiving of SSH_MSG_IGNORE packet

2020-02-11 Thread Ghislain Adnet 

hi,

 the problem still exist for debian 9 and debian 8, is it possible to backport 
the patch for those versions ?

regards,
Ghislain.

Bug#949622: proftpd-basic: SSH authentication fails for many clients due to receiving of SSH_MSG_IGNORE packet

2020-01-22 Thread Hilmar Preuße 
Control: found -1 1.3.6-4+deb10u3
Control: found -1 1.3.5b-4+deb9u2

Am 22.01.2020 um 22:15 teilte Hilmar Preusse mit:

> the issue is already known in upstream and a patch is available:> 
> http://bugs.proftpd.org/show_bug.cgi?id=4385> Hits stable and
oldstable too.

H.
-- 
sigfault
#206401 http://counter.li.org



signature.asc
Description: OpenPGP digital signature

Bug#949622: proftpd-basic: SSH authentication fails for many clients due to receiving of SSH_MSG_IGNORE packet

2020-01-22 Thread Hilmar Preusse 
Package: proftpd-basic
Version: 1.3.6b-2
Severity: important
Tags: patch upstream

Dear Maintainer,

the issue is already known in upstream and a patch is available:
http://bugs.proftpd.org/show_bug.cgi?id=4385

All my users that use the filezilla client 3.46.1+ fail to connect to my
proftpd server.  I tested the problem exist on debian jessie and debian etch
proftpd and filezilla 3.46.2 and 3.46.3 .

filezilla send SSH_MSG_IGNORE in the middle of the auth and it seems to
broke proftpd sftp module that do not seems to ignore them.

Hilmar

-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 5.4.0-3-686-pae (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_GB.UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set 
to en_GB.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages proftpd-basic depends on:
ii  adduser3.118
ii  debianutils4.9.1
ii  libacl12.2.53-5
ii  libc6  2.29-9
ii  libcap21:2.27-1
ii  libhiredis0.14 0.14.0-4
ii  libmemcached11 1.0.18-4.2
ii  libmemcachedutil2  1.0.18-4.2
ii  libncursesw6   6.1+20191019-1
ii  libpam-runtime 1.3.1-5
ii  libpam0g   1.3.1-5
ii  libpcre3   2:8.39-12+b1
ii  libssl1.1  1.1.1d-2
ii  libtinfo6  6.1+20191019-1
ii  libwrap0   7.6.q-30
ii  lsb-base   11.1.0
ii  netbase6.0
ii  sed4.7-1
ii  ucf3.0038+nmu1
ii  zlib1g 1:1.2.11.dfsg-1+b1

Versions of packages proftpd-basic recommends:
pn  proftpd-doc  

Versions of packages proftpd-basic suggests:
ii  openbsd-inetd [inet-superserver]  0.20160825-4+b1
ii  openssl   1.1.1d-2
pn  proftpd-mod-geoip 
pn  proftpd-mod-ldap  
pn  proftpd-mod-mysql 
pn  proftpd-mod-odbc  
pn  proftpd-mod-pgsql 
pn  proftpd-mod-snmp  
pn  proftpd-mod-sqlite

-- debconf information excluded