Hi all,
I recently received a bug report
(
https://bugzilla.redhat.com/show_bug.cgi?id=2166454) about
proftpd not being able to load a dynamic module (mod_rewrite) that
provides some optional functionality. This module is not used by
default and has to be enabled manually. The ticket was raised for
EPEL-9 but I can reproduce the issue on my Fedora 37 machine.
I raised the issue upstream
(
https://github.com/proftpd/proftpd/issues/1590) and after some
experimentation, it appears that turning off hardened build (by
undefining _hardened_build) results in a build that can load the module.
I can also add -fstack-protector-strong back into optflags without it
breaking. Various other of proftpd's optional modules work OK
regardless of the hardened build state.
The hardened build has been enabled in proftpd for a long time so I
don't know if it's recently stopped working or nobody ever used
mod_rewrite with the packaged builds.
Any ideas why this should be happening? I'd really rather not disable
the hardened build for a complex internet-facing server like proftpd.
Regards, Paul.