Package: pure-ftpd Severity: important Tags: sarge
A friend notified me of a problem is the description field of Pure-FTPd which means that a reported feature is non-existant. apt-cache search pure-ftpd shows the following: Description: Pure-FTPd FTP server Pure-FTPd is a fast, production-quality, standards-conformant FTP server based upon Troll-FTPd. Features include chrooted home directories, virtual domains, built-in 'ls', anti-warez system, configurable ports for passive downloads, FXP protocol, bandwidth throttling, ratios, fortune files, Apache-like log files, fast standalone mode, atomic uploads, text / HTML / XML real-time status report, virtual users, virtual quotas, privilege separation, SSL/TLS and more. Littered with references to SSL. No mention of it being disabled in both manpages, or the docs at /usr/share/doc/pure-ftpd. Everything points to the fact that SSL is enabled. Now to prove my point that SSL is NOT supported, here is some packet logs of the authentication process: You will notice that AUTH TLS is accepted, however AUTH SSL is not. I am aware of the legal issues that people think they're plagued by, when linking to openssl libraries, which forced lftp to not support ssl in fact (for sarge). However, since this package links to libssl anyway, and advertises SSL availability, it should really implement it. ----- paste ----- interface: lo (127.0.0.0/255.0.0.0) #### T 127.0.0.1:21 -> 127.0.0.1:1499 [AP] 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------..220-You are user number 1 of 50 allowed...220-Local time is now 14:28. Server port: 21. ..220-This is a private system - No anonymous login..220-IPv6 connections a re also welcome on this server...220 You will be disconnected after 15 minu tes of inactivity... ## T 127.0.0.1:1499 -> 127.0.0.1:21 [AP] AUTH SSL.. ## T 127.0.0.1:21 -> 127.0.0.1:1499 [AP] 500 This security scheme is not implemented.. ## T 127.0.0.1:1499 -> 127.0.0.1:21 [AP] AUTH TLS.. # T 127.0.0.1:21 -> 127.0.0.1:1499 [AP] 234 AUTH TLS OK... ####exit ---- end paste----- Thank you. P.S. this may be a "Serious" bug because the fact that there is non-existant features. -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.9 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
