From 071c1c3826a8073a3e339108f11382a614179065 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= Date: Thu, 21 Dec 2017 12:26:20 +0100 Subject: [PATCH] Use system wide crypto policy Resolves: rhbz#1483970 --- 0040-Use-system-wide-crypto-policy.patch | 27 ++++++++++++++++++++++++ vsftpd.spec | 7 +++++- 2 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 0040-Use-system-wide-crypto-policy.patch diff --git a/0040-Use-system-wide-crypto-policy.patch b/0040-Use-system-wide-crypto-policy.patch new file mode 100644 index 0000000..d79530b --- /dev/null +++ b/0040-Use-system-wide-crypto-policy.patch @@ -0,0 +1,27 @@ +From b83be8b4f86bf1a8a6de4802a9486d084c4a46cd Mon Sep 17 00:00:00 2001 +From: Martin Sehnoutka +Date: Tue, 29 Aug 2017 10:32:16 +0200 +Subject: [PATCH 40/40] Use system wide crypto policy + +Resolves: rhbz#1483970 +--- + tunables.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/tunables.c b/tunables.c +index 5440c00..354251c 100644 +--- a/tunables.c ++++ b/tunables.c +@@ -297,8 +297,7 @@ tunables_load_defaults() + install_str_setting(0, &tunable_dsa_cert_file); + install_str_setting(0, &tunable_dh_param_file); + install_str_setting(0, &tunable_ecdh_param_file); +- install_str_setting("AES128-SHA:DES-CBC3-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384", +- &tunable_ssl_ciphers); ++ install_str_setting("PROFILE=SYSTEM", &tunable_ssl_ciphers); + install_str_setting(0, &tunable_rsa_private_key_file); + install_str_setting(0, &tunable_dsa_private_key_file); + install_str_setting(0, &tunable_ca_certs_file); +-- +2.14.3 + diff --git a/vsftpd.spec b/vsftpd.spec index b75f1c4..f51ffba 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.3 -Release: 11%{?dist} +Release: 12%{?dist} Summary: Very Secure Ftp Daemon Group: System Environment/Daemons @@ -68,6 +68,7 @@ Patch36: 0036-Redefine-VSFTP_COMMAND_FD-to-1.patch Patch37: 0037-Document-the-relationship-of-text_userdb_names-and-c.patch Patch38: 0038-Document-allow_writeable_chroot-in-the-man-page.patch Patch39: 0039-Improve-documentation-of-ASCII-mode-in-the-man-page.patch +Patch40: 0040-Use-system-wide-crypto-policy.patch %description vsftpd is a Very Secure FTP daemon. It was written completely from @@ -137,6 +138,10 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog +* Thu Dec 21 2017 Ondřej Lysoněk - 3.0.3-12 +- Use system wide crypto policy +- Resolves: rhbz#1483970 + * Fri Nov 24 2017 Ondřej Lysoněk - 3.0.3-11 - Improve documentation of ASCII mode in the man page - Resolves: rhbz#1139409