Pure-FTPd Breaks with OpenSSL v1.1.1
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
pure-ftpd (Debian) |
Fix Released
|
Unknown
|
|||
pure-ftpd (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Undecided
|
Mattia Rizzolo | ||
Disco |
Fix Released
|
Undecided
|
Unassigned | ||
Eoan |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[Impact]
* Currently pure-ftpd in bionic, without any further special care, just can't work with modern programs connecting with TLS 1.3 or such.
[Test Plan]
* install pure-ftpd
* create a cert in /etc/ssl/
* echo 1 > /etc/pure-
* try to connect.
Currently the connection fails with "ERROR TLS renegotiation" in the
pure-ftpd logs.
[Where problems could occur]
* I suspect that if the upgrade went well connections would just fail.
[Other Info]
These patches have been released with fedora 29; also seb128 already proposed them in a PPA package, but for whatever reason he didn't care of actually uploading the changes to ubuntu proper. Meaning the changes are actually quite tested; plus the patches come from upstream.
FTR, I have a vested interest in this update, as at dayjob I've got some 18.04 servers that are also running a patched pure-ftpd just for this.
[ Original Report ]
Secure (TLS) connections to Pure-FTPd do not work when the OpenSSL 1.1.1 library is installed. My installation was working perfectly until the system-wide OpenSSL 1.1.1 update was made available a couple days ago. Now, after running apt upgrade, clients are unable to establish TLS connections, as the TLS negotiation tries a couple times and then cancels out.
The current stable version of Pure-FTPd from the developer is 1.0.49, but the apt repository only has version 1.0.46. According to the patch notes (https:/
Ubuntu Server version:
Description: Ubuntu 18.04.2 LTS
Release: 18.04
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: pure-ftpd-mysql 1.0.46-1build1
ProcVersionSign
Uname: Linux 4.15.0-51-generic x86_64
ApportVersion: 2.20.9-0ubuntu7.6
Architecture: amd64
Date: Sun Jun 16 16:51:56 2019
ProcEnviron:
TERM=xterm-
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: pure-ftpd
UpgradeStatus: No upgrade log present (probably fresh install)
modified.
mtime.conffile.
summary: |
- Pure-FTPd Breaks with OpenSSL v1.1.x + Pure-FTPd Breaks with OpenSSL v1.1.1 |
description: | updated |
tags: | added: regression-update |
tags: | added: bionic-openssl-1.1 |
Changed in pure-ftpd (Debian): | |
status: | Unknown → New |
Changed in pure-ftpd (Debian): | |
status: | New → Fix Released |
description: | updated |
Changed in pure-ftpd (Ubuntu Bionic): | |
assignee: | nobody → Mattia Rizzolo (mapreri) |
status: | Confirmed → In Progress |
Status changed to 'Confirmed' because the bug affects multiple users.