Bug#786799: marked as done (lftp cant establish data connection when using ftpes)

Debian Bug Tracking System Wed, 02 Aug 2017 11:45:45 -0700

Your message dated Wed, 02 Aug 2017 20:31:42 +0200
with message-id <[email protected]>
and subject line Re: Bug#786799: lftp cant establish data connection when using 
ftpes
has caused the Debian Bug report #786799,
regarding lftp cant establish data connection when using ftpes
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
786799: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786799
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: lftp
Version: 4.6.0-1+deb8u1
Severity: important

After Upgrading from wheezy to jessie I tried to upload a backup onto a
backup server using FTPES.
This failed with "425 Unable to build data connection: Operation not
permitted"

I tried a simle "ls" after that, which still failed.
Curl was able to connect successfully, so it couldn't have been the server.
After that I downloaded lftp 4.6.2-1 from stretch, installed it
and it worked correctly.

So I assume 4.6.0-1+deb8u1 does something wrong when trying to establish
the data connection, maybe something to do with SSL session reuse, since
that's the most common error that comes up when googling the error message.

Transcript and error messages attached.
-- 
regards,
brainpower

server:~ # lftp --debug -u u#####,################ u#####.your-backup.de
lftp u#####@u#####.your-backup.de:~> ls
---- Verbinde mit u#####.your-backup.de (2a01:4f8:b10:1000::##) Port 21
<--- 220 ProFTPD 1.3.5 Server (Hetzner Backup) [2a01:4f8:b10:1000::##]
---> FEAT
<--- 211-Features:
<---  CCC
<---  PBSZ
<---  AUTH TLS
<---  MFF modify;UNIX.group;UNIX.mode;
<---  REST STREAM
<---  MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.mode*;UNIX.owner*;
<---  UTF8
<---  EPRT
<---  EPSV
<---  LANG 
zh-CN.UTF-8;zh-CN;zh-TW.UTF-8;zh-TW;en-US.UTF-8;en-US*;es-ES.UTF-8;es-ES;it-IT.UTF-8;it-IT;ja-JP.UTF-8;ja-JP;ru-RU.UTF-8;ru-RU;bg-BG.UTF-8;bg-BG;fr-FR.UTF-8;fr-FR;ko-KR.UTF-8;ko-KR
<---  MDTM
<---  SSCN
<---  TVFS
<---  MFMT
<---  SIZE
<---  PROT
<--- 211 End
---> AUTH TLS
<--- 234 AUTH TLS successful
---> LANG
Certificate: OU=GT63049255,OU=See www.rapidssl.com/resources/cps 
(c)14,OU=Domain Control Validated - RapidSSL(R),CN=*.your-backup.de
 Issued by:        C=US,O=GeoTrust Inc.,CN=RapidSSL SHA256 CA - G3
 Checking against: C=US,O=GeoTrust Inc.,CN=RapidSSL SHA256 CA - G3
  Trusted
Certificate: C=US,O=GeoTrust Inc.,CN=RapidSSL SHA256 CA - G3
 Issued by:        C=US,O=GeoTrust Inc.,CN=GeoTrust Global CA
 Checking against: C=US,O=GeoTrust Inc.,CN=GeoTrust Global CA
  Trusted
Certificate: C=US,O=GeoTrust Inc.,CN=GeoTrust Global CA
 Issued by: C=US,O=Equifax,OU=Equifax Secure Certificate Authority
  Trusted
<--- 200 Using default language en_US
---> OPTS UTF8 ON
<--- 200 UTF8 set to on
---> OPTS MLST modify;perm;size;type;UNIX.group;UNIX.mode;UNIX.owner;
<--- 200 OPTS MLST modify;perm;size;type;UNIX.group;UNIX.mode;UNIX.owner;
---> USER u#####
<--- 331 Password required for u#####
---> PASS ################
<--- 230 User u##### logged in
---> PWD
<--- 257 "/" is the current directory
---> PBSZ 0
<--- 200 PBSZ 0 successful
---> PROT P
<--- 200 Protection set to Private
---> EPSV
<--- 229 Entering Extended Passive Mode (|||52613|)
---- Verbinde Daten Socket mit (2a01:4f8:b10:1000::33) Port 52613
---- Datenverbindung hergestellt
---> LIST
<--- 150 Opening ASCII mode data connection for file list
Certificate: OU=GT63049255,OU=See www.rapidssl.com/resources/cps 
(c)14,OU=Domain Control Validated - RapidSSL(R),CN=*.your-backup.de
 Issued by:        C=US,O=GeoTrust Inc.,CN=RapidSSL SHA256 CA - G3
 Checking against: C=US,O=GeoTrust Inc.,CN=RapidSSL SHA256 CA - G3
  Trusted
Certificate: C=US,O=GeoTrust Inc.,CN=RapidSSL SHA256 CA - G3
 Issued by:        C=US,O=GeoTrust Inc.,CN=GeoTrust Global CA
 Checking against: C=US,O=GeoTrust Inc.,CN=GeoTrust Global CA
  Trusted
Certificate: C=US,O=GeoTrust Inc.,CN=GeoTrust Global CA
 Issued by: C=US,O=Equifax,OU=Equifax Secure Certificate Authority
  Trusted
<--- 425 Unable to build data connection: Operation not permitted
---- Schließe den Daten Socket
---> EPSV
<--- 229 Entering Extended Passive Mode (|||63993|)
---- Verbinde Daten Socket mit (2a01:4f8:b10:1000::##) Port 63993
---- Datenverbindung hergestellt
---> LIST
<--- 150 Opening ASCII mode data connection for file list
Certificate: OU=GT63049255,OU=See www.rapidssl.com/resources/cps 
(c)14,OU=Domain Control Validated - RapidSSL(R),CN=*.your-backup.de
 Issued by:        C=US,O=GeoTrust Inc.,CN=RapidSSL SHA256 CA - G3
 Checking against: C=US,O=GeoTrust Inc.,CN=RapidSSL SHA256 CA - G3
  Trusted
Certificate: C=US,O=GeoTrust Inc.,CN=RapidSSL SHA256 CA - G3
 Issued by:        C=US,O=GeoTrust Inc.,CN=GeoTrust Global CA
 Checking against: C=US,O=GeoTrust Inc.,CN=GeoTrust Global CA
  Trusted
Certificate: C=US,O=GeoTrust Inc.,CN=GeoTrust Global CA
 Issued by: C=US,O=Equifax,OU=Equifax Secure Certificate Authority
  Trusted
<--- 425 Unable to build data connection: Operation not permitted
---- Schließe den Daten Socket
---> EPSV
<--- 229 Entering Extended Passive Mode (|||60723|)
---- Verbinde Daten Socket mit (2a01:4f8:b10:1000::##) Port 60723
---- Datenverbindung hergestellt
---> LIST
<--- 150 Opening ASCII mode data connection for file list
Certificate: OU=GT63049255,OU=See www.rapidssl.com/resources/cps 
(c)14,OU=Domain Control Validated - RapidSSL(R),CN=*.your-backup.de
 Issued by:        C=US,O=GeoTrust Inc.,CN=RapidSSL SHA256 CA - G3
 Checking against: C=US,O=GeoTrust Inc.,CN=RapidSSL SHA256 CA - G3
  Trusted
Certificate: C=US,O=GeoTrust Inc.,CN=RapidSSL SHA256 CA - G3
 Issued by:        C=US,O=GeoTrust Inc.,CN=GeoTrust Global CA
 Checking against: C=US,O=GeoTrust Inc.,CN=GeoTrust Global CA
  Trusted
Certificate: C=US,O=GeoTrust Inc.,CN=GeoTrust Global CA
 Issued by: C=US,O=Equifax,OU=Equifax Secure Certificate Authority
  Trusted
<--- 425 Unable to build data connection: Operation not permitted
---- Schließe den Daten Socket
---> EPSV
<--- 229 Entering Extended Passive Mode (|||61660|)
---- Verbinde Daten Socket mit (2a01:4f8:b10:1000::##) Port 61660
---- Datenverbindung hergestellt
---> LIST
<--- 150 Opening ASCII mode data connection for file list
Abbruch
---> ABOR
---- Schließe die Datenverbindung
<--- 425 Unable to build data connection: Operation not permitted
<--- 226 Abort successful
lftp u#####@u#####.your-backup.de:/> exit
---> QUIT
<--- 221 Goodbye.
---- Schließe den Kontroll - Socket



server:~ # curl -vvv ftp://u#####:################@u#####.your-backup.de/ 
--ftp-ssl                                                        :(
* Hostname was NOT found in DNS cache
*   Trying 2a01:4f8:b10:1000::##...
* Connected to u#####.your-backup.de (2a01:4f8:b10:1000::##) port 21 (#0)
< 220 ProFTPD 1.3.5 Server (Hetzner Backup) [2a01:4f8:b10:1000::##]
> AUTH SSL
< 234 AUTH SSL successful
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Request CERT (13):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using TLSv1.0 / DHE-RSA-AES256-SHA
* Server certificate:
*        subject: OU=GT63049255; OU=See www.rapidssl.com/resources/cps (c)14; 
OU=Domain Control Validated - RapidSSL(R); CN=*.your-backup.de
*        start date: 2014-09-30 15:40:55 GMT
*        expire date: 2015-10-04 18:48:05 GMT
*        subjectAltName: u#####.your-backup.de matched
*        issuer: C=US; O=GeoTrust Inc.; CN=RapidSSL SHA256 CA - G3
*        SSL certificate verify ok.
> USER u#####
< 331 Password required for u#####
> PASS ################
< 230 User u##### logged in
> PBSZ 0
< 200 PBSZ 0 successful
> PROT P
< 200 Protection set to Private
> PWD
< 257 "/" is the current directory
* Entry path is '/'
> EPSV
* Connect data stream passively
* ftp_perform ends with SECONDARY: 0
< 229 Entering Extended Passive Mode (|||53598|)
* Hostname was NOT found in DNS cache
*   Trying 2a01:4f8:b10:1000::##...
* Connecting to 2a01:4f8:b10:1000::## (2a01:4f8:b10:1000::##) port 53598
* Connected to u#####.your-backup.de (2a01:4f8:b10:1000::##) port 21 (#0)
> TYPE A
< 200 Type set to A
> LIST
< 150 Opening ASCII mode data connection for file list
* Maxdownload = -1
* Doing the SSL/TLS handshake on the data stream
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSL re-using session ID
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using TLSv1.0 / DHE-RSA-AES256-SHA
* Server certificate:
*        subject: OU=GT63049255; OU=See www.rapidssl.com/resources/cps (c)14; 
OU=Domain Control Validated - RapidSSL(R); CN=*.your-backup.de
*        start date: 2014-09-30 15:40:55 GMT
*        expire date: 2015-10-04 18:48:05 GMT
*        subjectAltName: u#####.your-backup.de matched
*        issuer: C=US; O=GeoTrust Inc.; CN=RapidSSL SHA256 CA - G3
*        SSL certificate verify ok.
drwxr-xr-x   2 u#####   u#####         74 May 23 02:58 fs1
drwxr-xr-x   2 u#####   u#####        524 May 23 02:58 mysql
drwxr-xr-x   2 u#####   u#####        909 May 23 02:59 sc1
* SSLv3, TLS alert, Client hello (1):
* Remembering we are in dir ""
* SSLv3, TLS alert, Client hello (1):
< 226 Transfer complete
* Connection #0 to host u#####.your-backup.de left intact




server:~ # lftp --version | head 1
LFTP | Version 4.6.0 | Copyright (c) 1996-2014 Alexander V. Lukyanov



server:~ # wget 
http://ftp.de.debian.org/debian/pool/main/l/lftp/lftp_4.6.2-1_amd64.deb
--2015-05-25 17:17:50--  
http://ftp.de.debian.org/debian/pool/main/l/lftp/lftp_4.6.2-1_amd64.deb
Auflösen des Hostnamen »ftp.de.debian.org (ftp.de.debian.org)«... 141.76.2.4
Verbindungsaufbau zu ftp.de.debian.org (ftp.de.debian.org)|141.76.2.4|:80... 
verbunden.
HTTP-Anforderung gesendet, warte auf Antwort... 200 OK
Länge: 586912 (573K) [application/x-debian-package]
In »»lftp_4.6.2-1_amd64.deb«« speichern.

lftp_4.6.2-1_amd64.deb                 
100%[==============================================================================>]
 573,16K  --.-KB/s   in 0,1s

2015-05-25 17:17:50 (5,36 MB/s) - »»lftp_4.6.2-1_amd64.deb«« gespeichert 
[586912/586912]





server:~ # dpkg -i lftp_4.6.2-1_amd64.deb
(Lese Datenbank ... 72865 Dateien und Verzeichnisse sind derzeit installiert.)
Vorbereitung zum Entpacken von lftp_4.6.2-1_amd64.deb ...
Entpacken von lftp (4.6.2-1) über (4.6.0-1+deb8u1) ...
lftp (4.6.2-1) wird eingerichtet ...
Neue Version der Konfigurationsdatei /etc/lftp.conf wird installiert ...
Trigger für man-db (2.7.0.2-5) werden verarbeitet ...




server:~ # lftp --debug -u u#####,################ u#####.your-backup.de
lftp u#####@u#####.your-backup.de:~> ls
---- Verbinde mit u#####.your-backup.de (2a01:4f8:b10:1000::##) Port 21
<--- 220 ProFTPD 1.3.5 Server (Hetzner Backup) [2a01:4f8:b10:1000::##]
---> FEAT
<--- 211-Features:
<---  CCC
<---  PBSZ
<---  AUTH TLS
<---  MFF modify;UNIX.group;UNIX.mode;
<---  REST STREAM
<---  MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.mode*;UNIX.owner*;
<---  UTF8
<---  EPRT
<---  EPSV
<---  LANG 
zh-CN.UTF-8;zh-CN;zh-TW.UTF-8;zh-TW;en-US.UTF-8;en-US*;es-ES.UTF-8;es-ES;it-IT.UTF-8;it-IT;ja-JP.UTF-8;ja-JP;ru-RU.UTF-8;ru-RU;bg-BG.UTF-8;bg-BG;fr-FR.UTF-8;fr-FR;ko-KR.UTF-8;ko-KR
<---  MDTM
<---  SSCN
<---  TVFS
<---  MFMT
<---  SIZE
<---  PROT
<--- 211 End
---> AUTH TLS
<--- 234 AUTH TLS successful
---> LANG
Certificate: OU=GT63049255,OU=See www.rapidssl.com/resources/cps 
(c)14,OU=Domain Control Validated - RapidSSL(R),CN=*.your-backup.de
 Issued by:        C=US,O=GeoTrust Inc.,CN=RapidSSL SHA256 CA - G3
 Checking against: C=US,O=GeoTrust Inc.,CN=RapidSSL SHA256 CA - G3
  Trusted
Certificate: C=US,O=GeoTrust Inc.,CN=RapidSSL SHA256 CA - G3
 Issued by:        C=US,O=GeoTrust Inc.,CN=GeoTrust Global CA
 Checking against: C=US,O=GeoTrust Inc.,CN=GeoTrust Global CA
  Trusted
Certificate: C=US,O=GeoTrust Inc.,CN=GeoTrust Global CA
 Issued by: C=US,O=Equifax,OU=Equifax Secure Certificate Authority
  Trusted
<--- 200 Using default language en_US
---> OPTS UTF8 ON
<--- 200 UTF8 set to on
---> OPTS MLST modify;perm;size;type;UNIX.group;UNIX.mode;UNIX.owner
<--- 200 OPTS MLST modify;perm;size;type;UNIX.group;UNIX.mode;
---> USER u#####
<--- 331 Password required for u#####
---> PASS ################
<--- 230 User u##### logged in
---> PWD
<--- 257 "/" is the current directory
---> PBSZ 0
<--- 200 PBSZ 0 successful
---> PROT P
<--- 200 Protection set to Private
---> EPSV
<--- 229 Entering Extended Passive Mode (|||64763|)
---- Verbinde Daten Socket mit (2a01:4f8:b10:1000::##) Port 64763
---- Datenverbindung hergestellt
---> LIST
<--- 150 Opening ASCII mode data connection for file list
Certificate: OU=GT63049255,OU=See www.rapidssl.com/resources/cps 
(c)14,OU=Domain Control Validated - RapidSSL(R),CN=*.your-backup.de
 Issued by:        C=US,O=GeoTrust Inc.,CN=RapidSSL SHA256 CA - G3
 Checking against: C=US,O=GeoTrust Inc.,CN=RapidSSL SHA256 CA - G3
  Trusted
Certificate: C=US,O=GeoTrust Inc.,CN=RapidSSL SHA256 CA - G3
 Issued by:        C=US,O=GeoTrust Inc.,CN=GeoTrust Global CA
 Checking against: C=US,O=GeoTrust Inc.,CN=GeoTrust Global CA
  Trusted
Certificate: C=US,O=GeoTrust Inc.,CN=GeoTrust Global CA
 Issued by: C=US,O=Equifax,OU=Equifax Secure Certificate Authority
  Trusted
---- Got EOF on data connection
---- Schließe den Daten Socket
drwxr-xr-x   2 u#####   u#####         74 May 23 02:58 fs1
drwxr-xr-x   2 u#####   u#####        524 May 23 02:58 mysql
drwxr-xr-x   2 u#####   u#####        909 May 23 02:59 sc1
<--- 226 Transfer complete
lftp u#####@u#####.your-backup.de:/> exit
---> QUIT
<--- 221 Goodbye.
---- Schließe den Kontroll - Socket

signature.asc
Description: OpenPGP digital signature

--- End Message ---

--- Begin Message ---

Found 786799 4.6.0-1+deb8u1
Fixed 786799 4.6.2-1

Hello,

Am Montag, den 25.05.2015, 18:21 +0200 schrieb brainpower:
> Package: lftp
> Version: 4.6.0-1+deb8u1

> After Upgrading from wheezy to jessie I tried to upload a backup onto
> a backup server using FTPES.
> This failed with "425 Unable to build data connection: Operation not
> permitted"
> 
> I tried a simle "ls" after that, which still failed.
> Curl was able to connect successfully, so it couldn't have been the
> server.
> After that I downloaded lftp 4.6.2-1 from stretch, installed it
> and it worked correctly.
> 
> So I assume 4.6.0-1+deb8u1 does something wrong when trying to
> establish the data connection, maybe something to do with SSL session
> reuse, since that's the most common error that comes up when googling
> the error message.

Thanks for your report. Now stretch is released and included 4.7.4 of
lftp I mark this bug fixed for stable and a problem in
oldstable/jessie.

Regards

        Noel

signature.asc
Description: This is a digitally signed message part

--- End Message ---

Bug#786799: marked as done (lftp cant establish data connection when using ftpes)

Reply via email to