6 changed files with 43 additions and 552 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/lftp-4.8.4.tar.xz
+SOURCES/lftp-4.9.2.tar.xz
--- a/.lftp.metadata
+++ b/.lftp.metadata
@ -1 +1 @@
-fa97429d4376c87dd0b6a9b27ed89184fb2a9149 SOURCES/lftp-4.8.4.tar.xz
+e1c7936fef725c9e9c5ccccc30f73f9a9f781115 SOURCES/lftp-4.9.2.tar.xz
--- a/SOURCES/lftp-4.8.4-re-newed-cert.patch
+++ b/SOURCES/lftp-4.8.4-re-newed-cert.patch
@ -1,261 +0,0 @@
 From fd40ee3542d877c37ff129d5c9b02df21d20c6a0 Mon Sep 17 00:00:00 2001
 From: Miao Wang <shankerwangmiao@gmail.com>
 Date: Sat, 9 Oct 2021 18:13:30 +0800
 Subject: [PATCH] Use gnutls_certificate_verify_peers2 to verify server
 certificates
 Fixes: #641
 Signed-off-by: Miao Wang <shankerwangmiao@gmail.com>
 ---
 src/lftp_ssl.cc | 207 +++++++++++-------------------------------------
 src/lftp_ssl.h  |   2 -
 2 files changed, 48 insertions(+), 161 deletions(-)
 diff --git a/src/lftp_ssl.cc b/src/lftp_ssl.cc
 index 968d3fb26..26e91e4b9 100644
 --- a/src/lftp_ssl.cc
 +++ b/src/lftp_ssl.cc
@@ -338,6 +338,16 @@ void lftp_ssl_gnutls::load_keys()
       if(res<0)
 	 Log::global->Format(0,"gnutls_certificate_set_x509_key_file(%s,%s): %s\n",cert_file,key_file,gnutls_strerror(res));
    }
 +   res = gnutls_certificate_set_x509_trust(cred, instance->ca_list, instance->ca_list_size);
 +   if(res < 0)
 +      Log::global->Format(0, "gnutls_certificate_set_x509_trust: %s\n", gnutls_strerror(res));
 +   else
 +      Log::global->Format(9, "Loaded %d CAs\n", res);
 +   res = gnutls_certificate_set_x509_crl(cred, instance->crl_list, instance->crl_list_size);
 +   if(res < 0)
 +      Log::global->Format(0, "gnutls_certificate_set_x509_crl: %s\n", gnutls_strerror(res));
 +   else
 +      Log::global->Format(9, "Loaded %d CRLs\n", res);
    gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, cred);
 }
 void lftp_ssl_gnutls::shutdown()
@@ -358,174 +368,53 @@ lftp_ssl_gnutls::~lftp_ssl_gnutls()
  */
 void lftp_ssl_gnutls::verify_certificate_chain(const gnutls_datum_t *cert_chain,int cert_chain_length)
 {
 -   int i;
 -   gnutls_x509_crt_t *cert=(gnutls_x509_crt_t*)alloca(cert_chain_length*sizeof(gnutls_x509_crt_t));
 -
 -   /* Import all the certificates in the chain to
 -    * native certificate format.
 -    */
 -   for (i = 0; i < cert_chain_length; i++)
 -   {
 -      gnutls_x509_crt_init(&cert[i]);
 -      gnutls_x509_crt_import(cert[i],&cert_chain[i],GNUTLS_X509_FMT_DER);
 +   int err;
 +   unsigned int status;
 +
 +   gnutls_x509_crt_t leaf_cert;
 +   err = gnutls_x509_crt_init(&leaf_cert);
 +   if(err < 0){
 +     set_cert_error(xstring::format("GnuTLS Error: %s", gnutls_strerror(err)), NULL);
 +     goto err_out;
    }
 -
 -   /* Now verify the certificates against their issuers
 -    * in the chain.
 -    */
 -   for (i = 1; i < cert_chain_length; i++)
 -      verify_cert2(cert[i - 1], cert[i]);
 -
 -    /* Here we must verify the last certificate in the chain against
 -     * our trusted CA list.
 -     */
 -   verify_last_cert(cert[cert_chain_length - 1]);
 -
 -   /* Check if the name in the first certificate matches our destination!
 -    */
 -   bool check_hostname = ResMgr::QueryBool("ssl:check-hostname", hostname);
 -   if(check_hostname) {
 -      if(!gnutls_x509_crt_check_hostname(cert[0], hostname))
 -	 set_cert_error(xstring::format("certificate common name doesn't match requested host name %s",quote(hostname)),get_fp(cert[0]));
 -   } else {
 -      Log::global->Format(0, "WARNING: Certificate verification: hostname checking disabled\n");
 +   gnutls_x509_crt_import(leaf_cert, &cert_chain[0], GNUTLS_X509_FMT_DER);
 +   if(err < 0){
 +     set_cert_error(xstring::format("GnuTLS Error: %s", gnutls_strerror(err)), NULL);
 +     goto deinit_cert;
    }
 -   for (i = 0; i < cert_chain_length; i++)
 -      gnutls_x509_crt_deinit(cert[i]);
 -}
 -
 -
 -/* Verifies a certificate against an other certificate
 - * which is supposed to be it's issuer. Also checks the
 - * crl_list if the certificate is revoked.
 - */
 -void lftp_ssl_gnutls::verify_cert2(gnutls_x509_crt_t crt,gnutls_x509_crt_t issuer)
 -{
 -   int ret;
 -   time_t now = SMTask::now;
 -   size_t name_size;
 -   char name[256];
 -
 -   /* Print information about the certificates to
 -    * be checked.
 -    */
 -   name_size = sizeof(name);
 -   gnutls_x509_crt_get_dn(crt, name, &name_size);
 -
 -   Log::global->Format(9, "Certificate: %s\n", name);
 -
 -   name_size = sizeof(name);
 -   gnutls_x509_crt_get_issuer_dn(crt, name, &name_size);
 -
 -   Log::global->Format(9, " Issued by:        %s\n", name);
 -
 -   /* Get the DN of the issuer cert.
 -    */
 -   name_size = sizeof(name);
 -   gnutls_x509_crt_get_dn(issuer, name, &name_size);
 -
 -   Log::global->Format(9, " Checking against: %s\n", name);
 -
 -   /* Do the actual verification.
 -    */
 -   unsigned crt_status=0;
 -   unsigned issuer_status=0;
 -   gnutls_x509_crt_verify(crt, &issuer, 1, 0, &crt_status);
 -   if(crt_status&GNUTLS_CERT_SIGNER_NOT_CA)
 -   {
 -      // recheck the issuer certificate against CA
 -      gnutls_x509_crt_verify(issuer, instance->ca_list, instance->ca_list_size, 0, &issuer_status);
 -      if(issuer_status==0)
 -	 crt_status&=~GNUTLS_CERT_SIGNER_NOT_CA;
 -      if(crt_status==GNUTLS_CERT_INVALID)
 -	 crt_status=0;
 +   err = gnutls_certificate_verify_peers2 (session, &status);
 +   if(err < 0){
 +     set_cert_error(xstring::format("Cerificate Verification Error: %s", gnutls_strerror(err)), get_fp(leaf_cert));
 +     goto deinit_cert;
    }
 -   if (crt_status & GNUTLS_CERT_INVALID)
 -   {
 -      char msg[256];
 -      strcpy(msg,"Not trusted");
 -      if(crt_status & GNUTLS_CERT_SIGNER_NOT_FOUND)
 -	 strcat(msg,": no issuer was found");
 -      if(crt_status & GNUTLS_CERT_SIGNER_NOT_CA)
 -	 strcat(msg,": issuer is not a CA");
 -      set_cert_error(msg,get_fp(crt));
 -   }
 -   else
 -      Log::global->Format(9, "  Trusted\n");
 -
 -    /* Now check the expiration dates.
 -     */
 -    if (gnutls_x509_crt_get_activation_time(crt) > now)
 -	set_cert_error("Not yet activated",get_fp(crt));
 -
 -    if (gnutls_x509_crt_get_expiration_time(crt) < now)
 -	set_cert_error("Expired",get_fp(crt));
 -
 -    /* Check if the certificate is revoked.
 -     */
 -    ret = gnutls_x509_crt_check_revocation(crt, instance->crl_list, instance->crl_list_size);
 -    if (ret == 1) {		/* revoked */
 -	set_cert_error("Revoked",get_fp(crt));
 -    }
 -}
 -
 -
 -/* Verifies a certificate against the trusted CA list.
 - * Also checks the crl_list if the certificate is revoked.
 - */
 -void lftp_ssl_gnutls::verify_last_cert(gnutls_x509_crt_t crt)
 -{
 -   unsigned int crt_status;
 -   int ret;
 -   time_t now = SMTask::now;
 -   size_t name_size;
 -   char name[256];
 -
 -   /* Print information about the certificates to
 -    * be checked.
 -    */
 -   name_size = sizeof(name);
 -   gnutls_x509_crt_get_dn(crt, name, &name_size);
 -
 -   Log::global->Format(9, "Certificate: %s\n", name);
 -
 -   name_size = sizeof(name);
 -   gnutls_x509_crt_get_issuer_dn(crt, name, &name_size);
 -
 -   Log::global->Format(9, " Issued by: %s\n", name);
 -
 -   /* Do the actual verification.
 -    */
 -   gnutls_x509_crt_verify(crt, instance->ca_list, instance->ca_list_size, GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT, &crt_status);
 -
 -   if (crt_status & GNUTLS_CERT_INVALID)
 -   {
 -      char msg[256];
 -      strcpy(msg,"Not trusted");
 -      if (crt_status & GNUTLS_CERT_SIGNER_NOT_CA)
 -	 strcat(msg,": Issuer is not a CA");
 -      set_cert_error(msg,get_fp(crt));
 +   if(status != 0){
 +     gnutls_datum_t reason;
 +     err = gnutls_certificate_verification_status_print(status, gnutls_certificate_type_get(session), &reason, 0);
 +     if(err < 0){
 +       set_cert_error(xstring::format("Cerificate Verification Error: %s", gnutls_strerror(err)), get_fp(leaf_cert));
 +       goto deinit_cert;
 +     }
 +     set_cert_error((const char*)reason.data, get_fp(leaf_cert));
 +     gnutls_free(reason.data);
 +     goto deinit_cert;
    }
 -   else
 -      Log::global->Format(9, "  Trusted\n");
 +   if(ResMgr::QueryBool("ssl:check-hostname", hostname)) {
 +      if(!gnutls_x509_crt_check_hostname(leaf_cert, hostname)){
 +         set_cert_error(xstring::format("certificate common name doesn't match requested host name %s",quote(hostname)),get_fp(leaf_cert));
 +         goto deinit_cert;
 +      }
 +   } else {
 +      Log::global->Format(0, "WARNING: Certificate verification: hostname checking disabled\n");
 +   }
 -   /* Now check the expiration dates.
 -    */
 -   if(gnutls_x509_crt_get_activation_time(crt) > now)
 -      set_cert_error("Not yet activated",get_fp(crt));
 -
 -   if(gnutls_x509_crt_get_expiration_time(crt) < now)
 -      set_cert_error("Expired",get_fp(crt));
 +   deinit_cert:
 +   gnutls_x509_crt_deinit(leaf_cert);
 -   /* Check if the certificate is revoked.
 -    */
 -   ret = gnutls_x509_crt_check_revocation(crt, instance->crl_list, instance->crl_list_size);
 -   if (ret == 1) {		/* revoked */
 -      set_cert_error("Revoked",get_fp(crt));
 -   }
 +   err_out:
 +   return;
 }
 bool lftp_ssl_gnutls::check_fatal(int res)
 diff --git a/src/lftp_ssl.h b/src/lftp_ssl.h
 index c37b047b4..87b92d4fa 100644
 --- a/src/lftp_ssl.h
 +++ b/src/lftp_ssl.h
@@ -92,8 +92,6 @@ class lftp_ssl_gnutls : public lftp_ssl_base
    gnutls_session_t session;
    gnutls_certificate_credentials_t cred;
    void verify_certificate_chain(const gnutls_datum_t *cert_chain,int cert_chain_length);
 -   void verify_cert2(gnutls_x509_crt_t crt,gnutls_x509_crt_t issuer);
 -   void verify_last_cert(gnutls_x509_crt_t crt);
    int do_handshake();
    bool check_fatal(int res);
    static const xstring& get_fp(gnutls_x509_crt_t crt);
--- a/SOURCES/lftp-4.8.4-ssh-prompt.patch
+++ b/SOURCES/lftp-4.8.4-ssh-prompt.patch
@ -1,59 +0,0 @@
 From 0ad0732b8fbacd3519b4e3ecf8c394681b314672 Mon Sep 17 00:00:00 2001
 From: "Alexander V. Lukyanov" <lavv17f@gmail.com>
 Date: Thu, 5 Dec 2019 21:34:11 +0300
 Subject: [PATCH] SSH_Access: fixed yes/no/[fingerprint] recognition (fix #547,
 fix #525)
 ---
 src/SSH_Access.cc | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)
 diff --git a/src/SSH_Access.cc b/src/SSH_Access.cc
 index 97683a3f..adf0c196 100644
 --- a/src/SSH_Access.cc
 +++ b/src/SSH_Access.cc
@@ -20,6 +20,8 @@
 #include <config.h>
 #include "SSH_Access.h"
 #include "misc.h"
 +#include <algorithm>
 +#include "ascii_ctype.h"
 void SSH_Access::MakePtyBuffers()
 {
@@ -70,6 +70,26 @@ static bool IsPasswordPrompt(const char *b,const char *e)
    return (e-b>=len && !strncasecmp(b,suffix,len));
 }
 +struct nocase_eq
 +{
 +   inline bool operator() (char lhs, char rhs) const
 +   {
 +      return c_tolower(lhs) == c_tolower(rhs);
 +   };
 +};
 +
 +static bool contains(char const *begin, char const *end, char const *needle)
 +{
 +   return std::search(begin, end, needle, needle+strlen(needle), nocase_eq()) != end;
 +}
 +
 +static bool IsConfirmPrompt(const char *b,const char *e)
 +{
 +   if(b==e)
 +      return false;
 +   return e[-1]=='?' && contains(b,e,"yes/no");
 +}
 +
 int SSH_Access::HandleSSHMessage()
 {
    int m=STALL;
@@ -99,7 +106,7 @@ int SSH_Access::HandleSSHMessage()
 	 password_sent++;
 	 return m;
       }
 -      if(ends_with(b,b+s,"(yes/no)?"))
 +      if(IsConfirmPrompt(b,b+s))
       {
 	 const char *answer=QueryBool("auto-confirm",hostname)?"yes\n":"no\n";
 	 pty_recv_buf->Put(answer);
--- a/SOURCES/lftp-4.8.4-tls-close.patch
+++ b/SOURCES/lftp-4.8.4-tls-close.patch
@ -1,204 +0,0 @@
 commit 299a194cc86ea81c40d2146dd095dda3954efc81
 Author: Tomas Korbar <tkorbar@redhat.com>
 Date:   Tue May 6 12:01:10 2025 +0200
    Ensure proper closing of TLS connection
 diff --git a/src/buffer.cc b/src/buffer.cc
 index 9ee6580..e54e20e 100644
 --- a/src/buffer.cc
 +++ b/src/buffer.cc
@@ -491,23 +491,31 @@ int IOBuffer::Do()
    if(Done() || Error())
       return STALL;
    int res=0;
 +   int remaining_size;
    switch(mode)
    {
    case PUT:
 -      if(Size()==0)
 -	 return STALL;
 -      res=Put_LL(buffer+buffer_ptr,Size());
 -      if(res>0)
 -      {
 -	 RateAdd(res);
 -	 buffer_ptr+=res;
 -	 event_time=now;
 -	 if(eof)
 -	    PutEOF_LL();
 -	 return MOVED;
 +      remaining_size = Size();
 +      if (remaining_size > 0) {
 +         res=Put_LL(buffer+buffer_ptr, remaining_size);
 +         if (res <= 0) {
 +            return STALL;
 +         }
 +         RateAdd(res);
 +         buffer_ptr+=res;
 +         event_time=now;
 +         if (eof) {
 +            /* We do not have to check for return value of PutEOF_LL here as
 +             * We MOVED anyway and find out whether it was a success in next Do */
 +            PutEOF_LL();
 +         }
 +         return MOVED;
 +      }
 +      if (eof && PutEOF_LL()) {
 +         event_time=now;
 +         return MOVED;
       }
       break;
 -
    case GET:
       if(eof)
 	 return STALL;
 diff --git a/src/buffer_ssl.cc b/src/buffer_ssl.cc
 index 9e701c2..6dd8680 100644
 --- a/src/buffer_ssl.cc
 +++ b/src/buffer_ssl.cc
@@ -39,10 +39,11 @@ int IOBufferSSL::Do()
       // nothing to write, but may need to do handshake
       if(!ssl->handshake_done)
       {
 -	 if(Put_LL("",0)<0)
 -	    return MOVED;
 -	 if(ssl->handshake_done && eof)
 -	    ssl->shutdown();
 +	      if(Put_LL("",0)<0)
 +            return MOVED;
 +      }
 +	   if(ssl->handshake_done && eof && IOBufferSSL::PutEOF_LL()) {
 +         return MOVED;
       }
       if(ssl->handshake_done && !eof)
 	 return m;
@@ -103,8 +104,17 @@ int IOBufferSSL::Put_LL(const char *buf,int size)
 int IOBufferSSL::PutEOF_LL()
 {
 -   if(Size()==0)
 -      ssl->shutdown();
 +   int res;
 +   if(Size()==0) {
 +      res = ssl->shutdown();
 +      if (res == ssl->RETRY) {
 +         SetNotReady(ssl->fd,want_mask());
 +         return 1;
 +      } else if (res == ssl->ERROR) {
 +         SetError(ssl->error,ssl->fatal);
 +         return -1;
 +      }
 +   }
    return 0;
 }
 diff --git a/src/buffer_ssl.h b/src/buffer_ssl.h
 index d3cf7f0..8915066 100644
 --- a/src/buffer_ssl.h
 +++ b/src/buffer_ssl.h
@@ -42,7 +42,7 @@ public:
    IOBufferSSL(const Ref<lftp_ssl>& s,dir_t m) : IOBuffer(m), ssl(s) {}
    ~IOBufferSSL();
    int Do();
 -   bool Done() { return IOBuffer::Done() && ssl->handshake_done; }
 +   bool Done() { return IOBuffer::Done() && ssl->handshake_done && ssl->goodbye_done; }
 };
 #endif
 diff --git a/src/lftp_ssl.cc b/src/lftp_ssl.cc
 index 0a0078a..8820b6f 100644
 --- a/src/lftp_ssl.cc
 +++ b/src/lftp_ssl.cc
@@ -45,6 +45,7 @@ lftp_ssl_base::lftp_ssl_base(int fd1,handshake_mode_t m,const char *h)
 {
    fd=fd1;
    handshake_done=false;
 +   goodbye_done=false;
    handshake_mode=m;
    fatal=false;
    cert_error=false;
@@ -347,10 +348,24 @@ void lftp_ssl_gnutls::load_keys()
       Log::global->Format(9, "Loaded %d CRLs\n", res);
    gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, cred);
 }
 -void lftp_ssl_gnutls::shutdown()
 +/* Try to shutdown the tls connection, return 1 if needed to call again otherwise 0*/
 +int lftp_ssl_gnutls::shutdown()
 {
 -   if(handshake_done)
 -      gnutls_bye(session,GNUTLS_SHUT_RDWR);  // FIXME - E_AGAIN
 +   int res;
 +   if(handshake_done) {
 +      res = gnutls_bye(session,GNUTLS_SHUT_RDWR);
 +      if (res == GNUTLS_E_SUCCESS) {
 +         goodbye_done = true;
 +         return DONE;
 +      } else if (res == GNUTLS_E_AGAIN || res == GNUTLS_E_INTERRUPTED) {
 +         return RETRY;
 +      }
 +      fatal=check_fatal(res);
 +      set_error("gnutls_bye",gnutls_strerror(res));
 +      return ERROR;
 +   }
 +   goodbye_done = true;
 +   return DONE;
 }
 lftp_ssl_gnutls::~lftp_ssl_gnutls()
 {
@@ -849,10 +864,23 @@ void lftp_ssl_openssl::load_keys()
       }
    }
 }
 -void lftp_ssl_openssl::shutdown()
 +int lftp_ssl_openssl::shutdown()
 {
 -   if(handshake_done)
 -      SSL_shutdown(ssl);
 +   int res;
 +   if(handshake_done) {
 +      res = SSL_shutdown(ssl);
 +      if (res == 1) {
 +         goodbye_done = true;
 +         return DONE;
 +      } else if (res == 0) {
 +         return RETRY;
 +      }
 +      fatal=check_fatal(res);
 +      set_error("SSL_shutdown",strerror());
 +      return ERROR;
 +   }
 +   goodbye_done = true;
 +   return DONE;
 }
 lftp_ssl_openssl::~lftp_ssl_openssl()
 {
 diff --git a/src/lftp_ssl.h b/src/lftp_ssl.h
 index 17a91b0..8e0cc85 100644
 --- a/src/lftp_ssl.h
 +++ b/src/lftp_ssl.h
@@ -37,6 +37,7 @@ class lftp_ssl_base
 {
 public:
    bool handshake_done;
 +   bool goodbye_done;
    int fd;
    xstring_c hostname;
    enum handshake_mode_t { CLIENT, SERVER } handshake_mode;
@@ -107,7 +108,7 @@ public:
    bool want_out();
    void copy_sid(const lftp_ssl_gnutls *);
    void load_keys();
 -   void shutdown();
 +   int shutdown();
 };
 typedef lftp_ssl_gnutls lftp_ssl;
 #elif USE_OPENSSL
@@ -143,7 +144,7 @@ public:
    bool want_out();
    void copy_sid(const lftp_ssl_openssl *);
    void load_keys();
 -   void shutdown();
 +   int shutdown();
 };
 typedef lftp_ssl_openssl lftp_ssl;
 #endif
--- a/SPECS/lftp.spec
+++ b/SPECS/lftp.spec
@ -1,20 +1,16 @@
 Summary:	A sophisticated file transfer program
 Name:		lftp
-Version:	4.8.4
+Version:	4.9.2
 Release:	4%{?dist}
 License:	GPLv3+
 Group:		Applications/Internet
 Source0:	http://lftp.yar.ru/ftp/%{name}-%{version}.tar.xz
 URL:		http://lftp.yar.ru/
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires:	ncurses-devel, gnutls-devel, perl-generators, pkgconfig, readline-devel, gettext
-BuildRequires:	zlib-devel
+BuildRequires:	zlib-devel, gcc-c++
 BuildRequires: desktop-file-utils
 BuildRequires: make
 Patch1:  lftp-4.0.9-date_fmt.patch
 Patch2:  lftp-4.8.4-ssh-prompt.patch
 Patch3:  lftp-4.8.4-re-newed-cert.patch
 Patch4:  lftp-4.8.4-tls-close.patch
 %description
 LFTP is a sophisticated ftp/http file transfer program. Like bash, it has job
@ -24,7 +20,6 @@ reliability in mind.
 %package scripts
 Summary:	Scripts for lftp
 Group:		Applications/Internet
 Requires:	lftp >= %{version}-%{release}
 BuildArch:	noarch
@ -35,9 +30,6 @@ Utility scripts for use with lftp.
 %setup -q
 %patch1 -p1 -b .date_fmt
 %patch2 -p1 -b .ssh-prompt
 %patch3 -p1 -b .re-newed-cert
 %patch4 -p1 -b .tls-close
 #sed -i.rpath -e '/lftp_cv_openssl/s|-R.*lib||' configure
 sed -i.norpath -e \
@ -69,15 +61,9 @@ desktop-file-install	\
 %find_lang %{name}
-%clean
+%ldconfig_scriptlets
 rm -rf $RPM_BUILD_ROOT
 %post -p /sbin/ldconfig
 %postun -p /sbin/ldconfig
 %files -f %{name}.lang
 %defattr(-,root,root,-)
 %doc BUGS COPYING ChangeLog FAQ FEATURES README* NEWS THANKS TODO
 %config(noreplace) %{_sysconfdir}/lftp.conf
 %{_bindir}/*
@ -102,24 +88,53 @@ rm -rf $RPM_BUILD_ROOT
 %files scripts
 %defattr(-,root,root,-)
 %{_datadir}/lftp
 %changelog
-* Tue May 06 2025 Tomas Korbar <tkorbar@redhat.com> - 4.8.4-4
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 4.9.2-4
- Ensure proper closing of TLS connection
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
- Resolves: RHEL-88955
+  Related: rhbz#1991688
-* Mon Jul 24 2023 Michal Ruprich <mruprich@redhat.com> - 4.8.4-3
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 4.9.2-3
- Resolves: #2182418 - Connection to site fails with certificate verification error
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
-* Tue Apr 28 2020 Michal Ruprich <michalruprich@gmail.com> - 4.8.4-2
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 4.9.2-2
- Resolves: #1793557 - SFTP over LFTP hangs if host key of the remote system doesn't exist
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
 * Wed Aug 19 2020 Michal Ruprich <michalruprich@gmail.com> - 4.9.2-1
 - New version 4.9.2
 * Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.9.1-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 * Fri Apr 03 2020 Michal Ruprich <michalruprich@gmail.com> - 4.9.1-1
 - New version 4.9.1
 * Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.9.0-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
 * Fri Jan 03 2020 Michal Ruprich <mruprich@redhat.com> - 4.9.0-1
 - New version 4.9.0
 * Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 4.8.4-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
 * Sun Feb 17 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 4.8.4-3
 - Rebuild for readline 8.0
 * Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 4.8.4-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
 * Wed Aug 01 2018 Michal Ruprich <mruprich@redhat.com> - 4.8.4-1
 - New version 4.8.4
 * Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 4.8.3-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
 * Thu Apr 26 2018 Tomas Hozza <thozza@redhat.com> - 4.8.3-3
 - Added gcc-c++ as an explicit BuildRequires
 * Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 4.8.3-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
`@ -1 +1 @@`
	`SOURCES/lftp-4.8.4.tar.xz`	`SOURCES/lftp-4.9.2.tar.xz`
`@ -1 +1 @@`
	`fa97429d4376c87dd0b6a9b27ed89184fb2a9149 SOURCES/lftp-4.8.4.tar.xz`	`e1c7936fef725c9e9c5ccccc30f73f9a9f781115 SOURCES/lftp-4.9.2.tar.xz`