[Bug 1613737] Re: Proftpd - MLSD lines not properly terminated with CRLF

Mon Mar 12 19:38:25 UTC 2018

Hello Jesse, or anyone else affected,

Accepted proftpd-dfsg into xenial-proposed. The package will build now
and be available at https://launchpad.net/ubuntu/+source/proftpd-
dfsg/1.3.5a-1ubuntu0.1 in a few hours, and then in the -proposed
repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested and change the tag from
verification-needed-xenial to verification-done-xenial. If it does not
fix the bug for you, please add a comment stating that, and change the
tag to verification-failed-xenial. In either case, without details of
your testing we will not be able to proceed.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance!

** Also affects: proftpd-dfsg (Ubuntu Xenial)
   Importance: Undecided
       Status: New

** Changed in: proftpd-dfsg (Ubuntu)
       Status: Confirmed => Fix Released

** Changed in: proftpd-dfsg (Ubuntu Xenial)
       Status: New => In Progress

** Changed in: proftpd-dfsg (Ubuntu Xenial)
       Status: In Progress => Fix Committed

** Tags added: verification-needed verification-needed-xenial

-- 
You received this bug notification because you are a member of ProFTPD
Maintainance Team, which is subscribed to proftpd-dfsg in Ubuntu.
https://bugs.launchpad.net/bugs/1613737

Title:
  Proftpd - MLSD lines not properly terminated with CRLF

Status in Proftpd Dfsg:
  Fix Released
Status in proftpd-dfsg package in Ubuntu:
  Fix Released
Status in proftpd-dfsg source package in Xenial:
  Fix Committed

Bug description:
  [Impact]

   * A bug exists in Proftpd version 1.3.5a. which causes FTP sessions
  to fail or timeout with strict clients

   * The package, as published in LTS, does not comply with the FTP
  protocol

   * Ported upstream patch and test changes

  [Test Case]

   * Connect to an affected server with ftptest.net

   * Prior to the patch, it will fail to perform an MLSD command with an
  explicit error and explanation

   * After the patch, this works as expected

  [Regression Potential]

   * Failures in SSL connection handling

  A bug exists in Proftpd version 1.3.5a. which causes ssl sessions to
  fail or timeout with some clients

  Excerpt from http://bugs.proftpd.org/show_bug.cgi?id=4202

  Server seems to send an improperly formatted response causing some clients to
  time out.

  Log from ftptest.net:
  [snip]
  Command: TYPE I
  Reply: 200 Type set to I
  Command: EPSV
  Reply: 229 Entering Extended Passive Mode (|||45766|)
  Command: MLSD
  Status: Data connection established.
  Reply: 150 Opening BINARY mode data connection for MLSD
  Error: Malformed directory listing
  Error: Line feed received without preceding carriage return

  This bug has been fixed upstream in version 1.3.5b I recommend getting
  this fixed this is causing a lot of havoc with my servers I've had to
  delay my rollout of 16.04 because of this.

To manage notifications about this bug go to:
https://bugs.launchpad.net/proftpd-dfsg/+bug/1613737/+subscriptions