Bug 1576825

Summary: 1.0.45 fixes isues with not accepting TLS 1.0, please upgrade
Product: [Fedora] Fedora EPEL Reporter: Michael Romans <michael.romans>
Component: pure-ftpdAssignee: Ondřej Lysoněk <olysonek>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: epel7CC: aurelien, gregswift, jaromir.capik, michael.romans, mi, msehnout, olysonek
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: pure-ftpd-1.0.47-2.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-03-12 21:07:48 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Michael Romans 2018-05-10 13:10:41 UTC 
Description of problem:
The current version 1.0.43 does not allow you to shut off TLS 1.0 making this a security issue.  Version 1.0.45 fixes this.  Please upgrade ASAP.

Version-Release number of selected component (if applicable):
1.0.43

How reproducible:
100%

Steps to Reproduce:
1. Run it and log in with TLS v1.0
2.
3.

Actual results:


Expected results:
TLS v1.0 is considered not secure and should be shut off or allowed to be shut off.

Additional info:
Comment 1 Michael Romans 2018-05-10 13:18:37 UTC 
Shutting off v1.0 is required for PCI compliance so this is a pretty big security issue.
Comment 2 Ondřej Lysoněk 2018-05-10 13:26:55 UTC 
Hi, I'm one of the pure-ftpd maintainers in Fedora. I'm planning to do this, but was holding it off, because there was a regression report in Fedora:
https://bugzilla.redhat.com/show_bug.cgi?id=1490354

Hopefully that's resolved now, so I think I'll do the rebase (straight to 1.0.47) in the coming days.
Comment 3 Fedora Update System 2019-02-06 13:30:24 UTC 
pure-ftpd-1.0.47-1.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-675ebc0315
Comment 4 Fedora Update System 2019-02-10 02:12:46 UTC 
pure-ftpd-1.0.47-1.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-675ebc0315
Comment 5 Fedora Update System 2019-02-13 16:22:42 UTC 
pure-ftpd-1.0.47-2.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-675ebc0315
Comment 6 Fedora Update System 2019-02-14 03:20:59 UTC 
pure-ftpd-1.0.47-2.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-675ebc0315
Comment 7 Fedora Update System 2019-03-12 21:07:48 UTC 
pure-ftpd-1.0.47-2.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.