wput should be compiled with TLS support

Bug #1678463 reported by Marcos Diez on 2017-04-01
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
wput (Ubuntu)
Undecided
Stephen Kitt

Bug Description

Although wput originally supports TLS encryption, the version provided by Ubuntu does not.
This is a shame in a post Snowden world.

You can see that it supports out of the box:

https://sourceforge.net/p/wput/code/ci/master/tree/INSTALL

but somehow even on Ubuntu 17.04 that option is still not available.
(the flag is disabled in compile time compilation)

Here is the output of a custom compiled version of wput:

wput --help

------------------------------------------------------
[a lot of stuff]
FTP-Options:
  -p, --port-mode no-passive, turn on port mode ftp (def. pasv)
  -A, --ascii force ASCII mode-transfer
  -B, --binary force BINARY mode-transfer
  -m, --chmod change mode of transferred files ([0-7]{3})
       --force-tls force the useage of TLS
       --disable-tls disable the usage of TLS

See wput(1) for more detailed descriptions of the options.
Report bugs and suggestions via SourceForge at
http://sourceforge.net/tracker/?group_id=141519

---------------------------------------------------------

Stephen Kitt (steve-sk2) wrote :

Nice catch, thanks. The fix is straightforward, all that’s needed is to add libgcrypt20-dev to the build-dependencies. I’ll see if I can provide an update through Debian despite the freeze.

Changed in wput (Ubuntu):
assignee: nobody → Stephen Kitt (steve-sk2)
status: New → In Progress
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package wput - 0.6.2+git20130413-5

---------------
wput (0.6.2+git20130413-5) unstable; urgency=medium

  * Actually build with TLS support (LP: #1678463).

 -- Stephen Kitt <email address hidden> Mon, 05 Jun 2017 16:39:05 +0200

Changed in wput (Ubuntu):
status: In Progress → Fix Released
Marcos Diez (bugshideout) wrote :

Hi Stephen!

I downloaded http://launchpadlibrarian.net/322656352/wput_0.6.2+git20130413-5_amd64.deb

I tried ./wput --help
and it still does not have SSL there.

Sorry for delivering bad news
Marcos

Stephen Kitt (steve-sk2) wrote :

Hi Marcos,

No need to be sorry, the Ubuntu package does indeed still not have TLS support. The Debian package does: https://packages.debian.org/sid/wput (that's where I fixed the issue). Looking at the build details, I'm not sure what the difference is...

I can't find how to re-open this bug, do you know how to do that?

Regards,

Stephen

Marcos Diez (bugshideout) wrote :

Hi

You are right, on debian it is working ( https://packages.debian.org/sid/amd64/wput/download )

On Ubuntu it is not.

I think I was able to change the bug back to In Progress (here on Ubutu).

I just had to click on the Status and there was a list to pick from.

I actually have no clue what is necessary to compile it with TLS.

In Ubuntu, no matter what I do it always says TLS is not found.

I am also looking for a solution.

Thanks again,
Marcos

Changed in wput (Ubuntu):
status: Fix Released → In Progress
Marcos Diez (bugshideout) wrote :

Hi Stephen,

I found out the problem and solved it. Now I need you to your magic and make it an "official package" (TM)

The problem is that ./configure was not properly detecting if GnuTLS is available or not.
To be more specific, ./configure was passing the gcc parameters in the wrong way.

It was passing:

gcc -lgnutls -lgnutls-openssl test_file.c

and it should be:

gcc test_file.c -lgnutls -lgnutls-openssl

The fix for this issue is here:
https://github.com/marcosdiez/wput/commit/f5f3d70c4eef7db62a1b33efaaaf4a42417c95da

BUT after changing configure.in I had to run autoconf again.

So you might as well get the whole thing:

https://github.com/marcosdiez/wput/commit/6daa01608b8abc0d5d6c60a60d780a135ba5b3bb

In order for me to do that I:

a) cloned the original wput repository (https://sourceforge.net/p/wput/code/ci/master/tree/)
b) applied all the debian patches in the order of 'debian/patches/series'
c) fixed the code

All these steps are separated into specific commits:
https://github.com/marcosdiez/wput/commits/master

So I guess the problem is solved, I just don't know how to continue from now on.
Please help!

Marcos

Stephen Kitt (steve-sk2) wrote :

Hi Marcos,

That is fantastic, thanks for figuring it out! I need to wait for the wput package to migrate to Debian Stretch (tonight I think), then I’ll add you commit as a patch to the package and upload it (and it will migrate to Ubuntu).

Thanks again,

Stephen

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package wput - 0.6.2+git20130413-6

---------------
wput (0.6.2+git20130413-6) unstable; urgency=medium

  * Add patch by Marcos Diez so that configure finds TLS support on Ubuntu
    (really LP: #1678463); thanks Marcos!

 -- Stephen Kitt <email address hidden> Thu, 08 Jun 2017 08:31:47 +0200

Changed in wput (Ubuntu):
status: In Progress → Fix Released
Changed in wput (Ubuntu):
status: Fix Released → In Progress
Marcos Diez (bugshideout) wrote :

Hi Stephan!

It's me again...

The Ubuntu package was still without TLS.

So I read the documentation on how to create an Debian/Ubuntu package, created one and found the issue.

The fix is here:

https://github.com/marcosdiez/wput/commit/e4625ad73e964ac280ff1d666618376b21d44e93

I tested creating the package both on Debian Jessie and Ubuntu and it worked on both.

As a nice side effect, the other patch to configure.in ( 13-configure.in--gcrypt-link.patch ) no works as well. But it actually does not make any difference in wput, it's just for detecting the library.

I hope the issue is finally really fixed.
Marcos

Stephen Kitt (steve-sk2) wrote :

I’m really sorry about that, I thought the package was fixed to update its configure during the build. I should have checked... I’ve upgraded it to debhelper compatibility level 10 and fixed configure.in so that autoreconf works correctly (which is better all round). Thanks for your work on this!

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package wput - 0.6.2+git20130413-7

---------------
wput (0.6.2+git20130413-7) unstable; urgency=medium

  * Switch to debhelper compatibility level 10 and fix configure.in so
    autoreconf works, which allows Marcos’ fix to actually take effect
    (really, really LP: #1678463).

 -- Stephen Kitt <email address hidden> Thu, 08 Jun 2017 20:49:57 +0200

Changed in wput (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers