add patch to replace deprecated Openssl functions
Resolves: rhbz#1981411
This commit is contained in:
parent
cd065dc824
commit
114585ffc4
@ -31,81 +31,36 @@ index c362983..22b69b3 100644
|
|||||||
#include <openssl/err.h>
|
#include <openssl/err.h>
|
||||||
#include <openssl/rand.h>
|
#include <openssl/rand.h>
|
||||||
#include <openssl/bio.h>
|
#include <openssl/bio.h>
|
||||||
+#include <openssl/dh.h>
|
|
||||||
+#include <openssl/bn.h>
|
+#include <openssl/bn.h>
|
||||||
|
+#include <openssl/param_build.h>
|
||||||
#include <errno.h>
|
#include <errno.h>
|
||||||
#include <limits.h>
|
#include <limits.h>
|
||||||
|
|
||||||
@@ -38,6 +40,7 @@
|
@@ -58,6 +60,23 @@
|
||||||
static char* get_ssl_error();
|
|
||||||
static SSL* get_ssl(struct vsf_session* p_sess, int fd);
|
|
||||||
static int ssl_session_init(struct vsf_session* p_sess);
|
|
||||||
+static DH *ssl_tmp_dh_callback(SSL *ssl, int is_export, int keylength);
|
|
||||||
static void setup_bio_callbacks();
|
|
||||||
static long bio_callback(
|
|
||||||
BIO* p_bio, int oper, const char* p_arg, int argi, long argl, long retval);
|
|
||||||
@@ -51,6 +54,60 @@ static int ssl_read_common(struct vsf_session* p_sess,
|
|
||||||
static int ssl_inited;
|
static int ssl_inited;
|
||||||
static struct mystr debug_str;
|
static struct mystr debug_str;
|
||||||
|
|
||||||
|
+EVP_PKEY *
|
||||||
|
+DH_get_dh()
|
||||||
|
+{
|
||||||
|
+ OSSL_PARAM dh_params[2];
|
||||||
|
+ EVP_PKEY *dh_key = NULL;
|
||||||
|
+ EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL);
|
||||||
+
|
+
|
||||||
+// Grab prime number from OpenSSL; <openssl/bn.h>
|
+ dh_params[0] = OSSL_PARAM_construct_utf8_string("group", "ffdhe2048", 0);
|
||||||
+// (get_rfc*) for all available primes.
|
+ dh_params[1] = OSSL_PARAM_construct_end();
|
||||||
+// wraps selection of comparable algorithm strength
|
|
||||||
+#if !defined(match_dh_bits)
|
|
||||||
+ #define match_dh_bits(keylen) \
|
|
||||||
+ keylen >= 8191 ? 8192 : \
|
|
||||||
+ keylen >= 6143 ? 6144 : \
|
|
||||||
+ keylen >= 4095 ? 4096 : \
|
|
||||||
+ keylen >= 3071 ? 3072 : \
|
|
||||||
+ keylen >= 2047 ? 2048 : \
|
|
||||||
+ keylen >= 1535 ? 1536 : \
|
|
||||||
+ keylen >= 1023 ? 1024 : 768
|
|
||||||
+#endif
|
|
||||||
+
|
+
|
||||||
+#if !defined(DH_get_prime)
|
+ if (EVP_PKEY_keygen_init(pctx) <= 0 || EVP_PKEY_CTX_set_params(pctx, dh_params) <= 0)
|
||||||
+ BIGNUM *
|
+ return NULL;
|
||||||
+ DH_get_prime(int bits)
|
+ EVP_PKEY_generate(pctx, &dh_key);
|
||||||
+ {
|
+ EVP_PKEY_CTX_free(pctx);
|
||||||
+ switch (bits) {
|
+ return dh_key;
|
||||||
+ case 768: return get_rfc2409_prime_768(NULL);
|
|
||||||
+ case 1024: return get_rfc2409_prime_1024(NULL);
|
|
||||||
+ case 1536: return get_rfc3526_prime_1536(NULL);
|
|
||||||
+ case 2048: return get_rfc3526_prime_2048(NULL);
|
|
||||||
+ case 3072: return get_rfc3526_prime_3072(NULL);
|
|
||||||
+ case 4096: return get_rfc3526_prime_4096(NULL);
|
|
||||||
+ case 6144: return get_rfc3526_prime_6144(NULL);
|
|
||||||
+ case 8192: return get_rfc3526_prime_8192(NULL);
|
|
||||||
+ // shouldn't happen when used match_dh_bits; strict compiler
|
|
||||||
+ default: return NULL;
|
|
||||||
+ }
|
|
||||||
+}
|
+}
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
+#if !defined(DH_get_dh)
|
|
||||||
+ // Grab DH parameters
|
|
||||||
+ DH *
|
|
||||||
+ DH_get_dh(int size)
|
|
||||||
+ {
|
|
||||||
+ DH *dh = DH_new();
|
|
||||||
+ if (!dh) {
|
|
||||||
+ return NULL;
|
|
||||||
+ }
|
|
||||||
+ dh->p = DH_get_prime(match_dh_bits(size));
|
|
||||||
+ BN_dec2bn(&dh->g, "2");
|
|
||||||
+ if (!dh->p || !dh->g)
|
|
||||||
+ {
|
|
||||||
+ DH_free(dh);
|
|
||||||
+ return NULL;
|
|
||||||
+ }
|
|
||||||
+ return dh;
|
|
||||||
+ }
|
|
||||||
+#endif
|
|
||||||
+
|
+
|
||||||
void
|
void
|
||||||
ssl_init(struct vsf_session* p_sess)
|
ssl_init(struct vsf_session* p_sess)
|
||||||
{
|
{
|
||||||
@@ -65,7 +122,7 @@ ssl_init(struct vsf_session* p_sess)
|
@@ -72,7 +89,7 @@
|
||||||
{
|
{
|
||||||
die("SSL: could not allocate SSL context");
|
die("SSL: could not allocate SSL context");
|
||||||
}
|
}
|
||||||
@ -114,61 +69,42 @@ index c362983..22b69b3 100644
|
|||||||
if (!tunable_sslv2)
|
if (!tunable_sslv2)
|
||||||
{
|
{
|
||||||
options |= SSL_OP_NO_SSLv2;
|
options |= SSL_OP_NO_SSLv2;
|
||||||
@@ -111,6 +168,25 @@ ssl_init(struct vsf_session* p_sess)
|
@@ -130,6 +147,25 @@
|
||||||
die("SSL: cannot load DSA private key");
|
die("SSL: cannot load DSA private key");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
+ if (tunable_dh_param_file)
|
+ if (tunable_dh_param_file)
|
||||||
+ {
|
+ {
|
||||||
+ BIO *bio;
|
+ BIO *bio;
|
||||||
+ DH *dhparams = NULL;
|
+ EVP_PKEY *dh_params = NULL;
|
||||||
+ if ((bio = BIO_new_file(tunable_dh_param_file, "r")) == NULL)
|
+ if ((bio = BIO_new_file(tunable_dh_param_file, "r")) == NULL)
|
||||||
+ {
|
+ {
|
||||||
+ die("SSL: cannot load custom DH params");
|
+ die("SSL: cannot load custom DH params");
|
||||||
+ }
|
+ }
|
||||||
+ else
|
+ else
|
||||||
+ {
|
+ {
|
||||||
+ dhparams = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
|
+ dh_params = PEM_read_bio_Parameters(bio, NULL);
|
||||||
+ BIO_free(bio);
|
+ BIO_free(bio);
|
||||||
+
|
+
|
||||||
+ if (!SSL_CTX_set_tmp_dh(p_ctx, dhparams))
|
+ if (!SSL_CTX_set0_tmp_dh_pkey(p_ctx, dh_params))
|
||||||
+ {
|
+ {
|
||||||
+ die("SSL: setting custom DH params failed");
|
+ die("SSL: setting custom DH params failed");
|
||||||
+ }
|
+ }
|
||||||
+ }
|
+ }
|
||||||
+ }
|
+ }
|
||||||
if (tunable_ssl_ciphers &&
|
if (tunable_ssl_ciphers &&
|
||||||
SSL_CTX_set_cipher_list(p_ctx, tunable_ssl_ciphers) != 1)
|
SSL_CTX_set_cipher_list(p_ctx, tunable_ssl_ciphers) != 1)
|
||||||
{
|
{
|
||||||
@@ -184,6 +260,9 @@
|
@@ -184,6 +226,9 @@
|
||||||
/* Ensure cached session doesn't expire */
|
/* Ensure cached session doesn't expire */
|
||||||
SSL_CTX_set_timeout(p_ctx, INT_MAX);
|
SSL_CTX_set_timeout(p_ctx, INT_MAX);
|
||||||
}
|
}
|
||||||
+
|
+
|
||||||
+ SSL_CTX_set_tmp_dh_callback(p_ctx, ssl_tmp_dh_callback);
|
+ SSL_CTX_set0_tmp_dh_pkey(p_ctx, DH_get_dh());
|
||||||
+
|
+
|
||||||
/* Set up ALPN to check for FTP protocol intention of client. */
|
/* Set up ALPN to check for FTP protocol intention of client. */
|
||||||
SSL_CTX_set_alpn_select_cb(p_ctx, ssl_alpn_callback, p_sess);
|
SSL_CTX_set_alpn_select_cb(p_ctx, ssl_alpn_callback, p_sess);
|
||||||
/* Set up SNI callback for an optional hostname check. */
|
/* Set up SNI callback for an optional hostname check. */
|
||||||
@@ -854,6 +933,18 @@ ssl_verify_callback(int verify_ok, X509_STORE_CTX* p_ctx)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
+#define UNUSED(x) ( (void)(x) )
|
|
||||||
+
|
|
||||||
+static DH *
|
|
||||||
+ssl_tmp_dh_callback(SSL *ssl, int is_export, int keylength)
|
|
||||||
+{
|
|
||||||
+ // strict compiler bypassing
|
|
||||||
+ UNUSED(ssl);
|
|
||||||
+ UNUSED(is_export);
|
|
||||||
+
|
|
||||||
+ return DH_get_dh(keylength);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
void
|
|
||||||
ssl_add_entropy(struct vsf_session* p_sess)
|
|
||||||
{
|
|
||||||
diff --git a/tunables.c b/tunables.c
|
diff --git a/tunables.c b/tunables.c
|
||||||
index c737465..1ea7227 100644
|
index c737465..1ea7227 100644
|
||||||
--- a/tunables.c
|
--- a/tunables.c
|
||||||
|
@ -36,45 +36,37 @@ index 22b69b3..96bf8ad 100644
|
|||||||
if (!tunable_sslv2)
|
if (!tunable_sslv2)
|
||||||
{
|
{
|
||||||
options |= SSL_OP_NO_SSLv2;
|
options |= SSL_OP_NO_SSLv2;
|
||||||
@@ -244,6 +244,41 @@
|
@@ -244,6 +244,33 @@
|
||||||
|
|
||||||
SSL_CTX_set_tmp_dh_callback(p_ctx, ssl_tmp_dh_callback);
|
SSL_CTX_set0_tmp_dh_pkey(p_ctx, DH_get_dh());
|
||||||
|
|
||||||
+ if (tunable_ecdh_param_file)
|
+ if (tunable_ecdh_param_file)
|
||||||
+ {
|
+ {
|
||||||
+ BIO *bio;
|
+ BIO *bio;
|
||||||
+ int nid;
|
+ EVP_PKEY *ec_params = NULL;
|
||||||
+ EC_GROUP *ecparams = NULL;
|
|
||||||
+ EC_KEY *eckey;
|
|
||||||
+
|
+
|
||||||
+ if ((bio = BIO_new_file(tunable_ecdh_param_file, "r")) == NULL)
|
+ if ((bio = BIO_new_file(tunable_ecdh_param_file, "r")) == NULL)
|
||||||
+ die("SSL: cannot load custom ec params");
|
+ die("SSL: cannot load custom ec params");
|
||||||
+ else
|
+ else
|
||||||
+ {
|
+ {
|
||||||
+ ecparams = PEM_read_bio_ECPKParameters(bio, NULL, NULL, NULL);
|
+ ec_params = PEM_read_bio_Parameters(bio, NULL);
|
||||||
+ BIO_free(bio);
|
+ BIO_free(bio);
|
||||||
+
|
+
|
||||||
+ if (ecparams && (nid = EC_GROUP_get_curve_name(ecparams)) &&
|
+ if (ec_params != NULL)
|
||||||
+ (eckey = EC_KEY_new_by_curve_name(nid)))
|
|
||||||
+ {
|
+ {
|
||||||
+ if (!SSL_CTX_set_tmp_ecdh(p_ctx, eckey))
|
+ if (!SSL_CTX_set1_groups_list(p_ctx, ec_params))
|
||||||
+ die("SSL: setting custom EC params failed");
|
+ die("SSL: setting custom EC params failed");
|
||||||
+ }
|
+ }
|
||||||
+ else
|
+ else
|
||||||
+ {
|
+ {
|
||||||
+ die("SSL: getting ec group or key failed");
|
+ die("SSL: getting ec group or key failed");
|
||||||
+ }
|
+ }
|
||||||
+ }
|
+ }
|
||||||
+ }
|
+ }
|
||||||
+ else
|
+ else
|
||||||
+ {
|
+ {
|
||||||
+#if defined(SSL_CTX_set_ecdh_auto)
|
+ SSL_CTX_set1_groups_list(p_ctx, "P-256");
|
||||||
+ SSL_CTX_set_ecdh_auto(p_ctx, 1);
|
|
||||||
+#else
|
|
||||||
+ SSL_CTX_set_tmp_ecdh(p_ctx, EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
|
|
||||||
+#endif
|
|
||||||
+ }
|
+ }
|
||||||
+
|
|
||||||
/* Set up ALPN to check for FTP protocol intention of client. */
|
/* Set up ALPN to check for FTP protocol intention of client. */
|
||||||
SSL_CTX_set_alpn_select_cb(p_ctx, ssl_alpn_callback, p_sess);
|
SSL_CTX_set_alpn_select_cb(p_ctx, ssl_alpn_callback, p_sess);
|
||||||
/* Set up SNI callback for an optional hostname check. */
|
/* Set up SNI callback for an optional hostname check. */
|
||||||
|
@ -1,74 +0,0 @@
|
|||||||
From 6c8dd87f311e411bcb1c72c1c780497881a5621c Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= <olysonek@redhat.com>
|
|
||||||
Date: Mon, 4 Sep 2017 11:32:03 +0200
|
|
||||||
Subject: [PATCH 35/59] Modify DH enablement patch to build with OpenSSL 1.1
|
|
||||||
|
|
||||||
---
|
|
||||||
ssl.c | 41 ++++++++++++++++++++++++++++++++++++++---
|
|
||||||
1 file changed, 38 insertions(+), 3 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/ssl.c b/ssl.c
|
|
||||||
index ba8a613..09ec96a 100644
|
|
||||||
--- a/ssl.c
|
|
||||||
+++ b/ssl.c
|
|
||||||
@@ -88,19 +88,54 @@ static struct mystr debug_str;
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
||||||
+int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
|
|
||||||
+{
|
|
||||||
+ /* If the fields p and g in d are NULL, the corresponding input
|
|
||||||
+ * parameters MUST be non-NULL. q may remain NULL.
|
|
||||||
+ */
|
|
||||||
+ if ((dh->p == NULL && p == NULL)
|
|
||||||
+ || (dh->g == NULL && g == NULL))
|
|
||||||
+ return 0;
|
|
||||||
+
|
|
||||||
+ if (p != NULL) {
|
|
||||||
+ BN_free(dh->p);
|
|
||||||
+ dh->p = p;
|
|
||||||
+ }
|
|
||||||
+ if (q != NULL) {
|
|
||||||
+ BN_free(dh->q);
|
|
||||||
+ dh->q = q;
|
|
||||||
+ }
|
|
||||||
+ if (g != NULL) {
|
|
||||||
+ BN_free(dh->g);
|
|
||||||
+ dh->g = g;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (q != NULL) {
|
|
||||||
+ dh->length = BN_num_bits(q);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ return 1;
|
|
||||||
+}
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
#if !defined(DH_get_dh)
|
|
||||||
// Grab DH parameters
|
|
||||||
DH *
|
|
||||||
DH_get_dh(int size)
|
|
||||||
{
|
|
||||||
+ BIGNUM *g = NULL;
|
|
||||||
+ BIGNUM *p = NULL;
|
|
||||||
DH *dh = DH_new();
|
|
||||||
if (!dh) {
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
- dh->p = DH_get_prime(match_dh_bits(size));
|
|
||||||
- BN_dec2bn(&dh->g, "2");
|
|
||||||
- if (!dh->p || !dh->g)
|
|
||||||
+ p = DH_get_prime(match_dh_bits(size));
|
|
||||||
+ BN_dec2bn(&g, "2");
|
|
||||||
+ if (!p || !g || !DH_set0_pqg(dh, p, NULL, g))
|
|
||||||
{
|
|
||||||
+ BN_free(g);
|
|
||||||
+ BN_free(p);
|
|
||||||
DH_free(dh);
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
--
|
|
||||||
2.14.4
|
|
||||||
|
|
70
vsftpd-3.0.5-replace-deprecated-openssl-functions.patch
Normal file
70
vsftpd-3.0.5-replace-deprecated-openssl-functions.patch
Normal file
@ -0,0 +1,70 @@
|
|||||||
|
diff --git a/ssl.c b/ssl.c
|
||||||
|
--- ssl.c
|
||||||
|
+++ ssl.c
|
||||||
|
@@ -28,17 +28,17 @@
|
||||||
|
#include <openssl/err.h>
|
||||||
|
#include <openssl/rand.h>
|
||||||
|
#include <openssl/bio.h>
|
||||||
|
#include <openssl/bn.h>
|
||||||
|
#include <openssl/param_build.h>
|
||||||
|
#include <errno.h>
|
||||||
|
#include <limits.h>
|
||||||
|
|
||||||
|
static char* get_ssl_error();
|
||||||
|
static SSL* get_ssl(struct vsf_session* p_sess, int fd);
|
||||||
|
static int ssl_session_init(struct vsf_session* p_sess);
|
||||||
|
static void setup_bio_callbacks();
|
||||||
|
static long bio_callback(
|
||||||
|
- BIO* p_bio, int oper, const char* p_arg, int argi, long argl, long retval);
|
||||||
|
+ BIO* p_bio, int oper, const char* p_arg, size_t len, int argi, long argl, int ret, size_t *processed);
|
||||||
|
static int ssl_verify_callback(int verify_ok, X509_STORE_CTX* p_ctx);
|
||||||
|
static int ssl_alpn_callback(SSL* p_ssl,
|
||||||
|
const unsigned char** p_out,
|
||||||
|
@@ -88,7 +88,7 @@
|
||||||
|
long options;
|
||||||
|
int verify_option = 0;
|
||||||
|
SSL_library_init();
|
||||||
|
- p_ctx = SSL_CTX_new(SSLv23_server_method());
|
||||||
|
+ p_ctx = SSL_CTX_new_ex(NULL, NULL, SSLv23_server_method());
|
||||||
|
if (p_ctx == NULL)
|
||||||
|
{
|
||||||
|
die("SSL: could not allocate SSL context");
|
||||||
|
@@ -180,13 +180,10 @@
|
||||||
|
die("SSL: RNG is not seeded");
|
||||||
|
}
|
||||||
|
{
|
||||||
|
- EC_KEY* key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
|
||||||
|
- if (key == NULL)
|
||||||
|
+ if (!SSL_CTX_set1_groups_list(p_ctx, "P-256"))
|
||||||
|
{
|
||||||
|
die("SSL: failed to get curve p256");
|
||||||
|
}
|
||||||
|
- SSL_CTX_set_tmp_ecdh(p_ctx, key);
|
||||||
|
- EC_KEY_free(key);
|
||||||
|
}
|
||||||
|
if (tunable_ssl_request_cert)
|
||||||
|
{
|
||||||
|
@@ -692,17 +689,19 @@
|
||||||
|
static void setup_bio_callbacks(SSL* p_ssl)
|
||||||
|
{
|
||||||
|
BIO* p_bio = SSL_get_rbio(p_ssl);
|
||||||
|
- BIO_set_callback(p_bio, bio_callback);
|
||||||
|
+ BIO_set_callback_ex(p_bio, bio_callback);
|
||||||
|
p_bio = SSL_get_wbio(p_ssl);
|
||||||
|
- BIO_set_callback(p_bio, bio_callback);
|
||||||
|
+ BIO_set_callback_ex(p_bio, bio_callback);
|
||||||
|
}
|
||||||
|
|
||||||
|
static long
|
||||||
|
bio_callback(
|
||||||
|
- BIO* p_bio, int oper, const char* p_arg, int argi, long argl, long ret)
|
||||||
|
+ BIO* p_bio, int oper, const char* p_arg, size_t len, int argi, long argl, int ret, size_t *processed)
|
||||||
|
{
|
||||||
|
int retval = 0;
|
||||||
|
int fd = 0;
|
||||||
|
+ (void) len;
|
||||||
|
+ (void) processed;
|
||||||
|
(void) p_arg;
|
||||||
|
(void) argi;
|
||||||
|
(void) argl;
|
||||||
|
|
10
vsftpd.spec
10
vsftpd.spec
@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
Name: vsftpd
|
Name: vsftpd
|
||||||
Version: 3.0.5
|
Version: 3.0.5
|
||||||
Release: 3%{?dist}
|
Release: 4%{?dist}
|
||||||
Summary: Very Secure Ftp Daemon
|
Summary: Very Secure Ftp Daemon
|
||||||
|
|
||||||
# OpenSSL link exception
|
# OpenSSL link exception
|
||||||
@ -63,7 +63,6 @@ Patch31: 0031-Fix-question-mark-wildcard-withing-a-file-name.patch
|
|||||||
Patch32: 0032-Propagate-errors-from-nfs-with-quota-to-client.patch
|
Patch32: 0032-Propagate-errors-from-nfs-with-quota-to-client.patch
|
||||||
#Patch33: 0033-Introduce-TLSv1.1-and-TLSv1.2-options.patch
|
#Patch33: 0033-Introduce-TLSv1.1-and-TLSv1.2-options.patch
|
||||||
Patch34: 0034-Turn-off-seccomp-sandbox-because-it-is-too-strict.patch
|
Patch34: 0034-Turn-off-seccomp-sandbox-because-it-is-too-strict.patch
|
||||||
Patch35: 0035-Modify-DH-enablement-patch-to-build-with-OpenSSL-1.1.patch
|
|
||||||
Patch36: 0036-Redefine-VSFTP_COMMAND_FD-to-1.patch
|
Patch36: 0036-Redefine-VSFTP_COMMAND_FD-to-1.patch
|
||||||
Patch37: 0037-Document-the-relationship-of-text_userdb_names-and-c.patch
|
Patch37: 0037-Document-the-relationship-of-text_userdb_names-and-c.patch
|
||||||
Patch38: 0038-Document-allow_writeable_chroot-in-the-man-page.patch
|
Patch38: 0038-Document-allow_writeable_chroot-in-the-man-page.patch
|
||||||
@ -95,11 +94,12 @@ Patch64: 0002-Repeat-pututxline-if-it-fails-with-EINTR.patch
|
|||||||
Patch65: 0001-Repeat-pututxline-until-it-succeeds-if-it-fails-with.patch
|
Patch65: 0001-Repeat-pututxline-until-it-succeeds-if-it-fails-with.patch
|
||||||
Patch67: 0001-Fix-timestamp-handling-in-MDTM.patch
|
Patch67: 0001-Fix-timestamp-handling-in-MDTM.patch
|
||||||
Patch68: 0002-Drop-an-unused-global-variable.patch
|
Patch68: 0002-Drop-an-unused-global-variable.patch
|
||||||
#Patch69: 0001-Remove-a-hint-about-the-ftp_home_dir-SELinux-boolean.patch
|
Patch69: 0001-Remove-a-hint-about-the-ftp_home_dir-SELinux-boolean.patch
|
||||||
Patch70: fix-str_open.patch
|
Patch70: fix-str_open.patch
|
||||||
Patch71: vsftpd-3.0.3-enable_wc_logs-replace_unprintable_with_hex.patch
|
Patch71: vsftpd-3.0.3-enable_wc_logs-replace_unprintable_with_hex.patch
|
||||||
Patch72: vsftpd-3.0.5-use-old-tlsv-options.patch
|
Patch72: vsftpd-3.0.5-use-old-tlsv-options.patch
|
||||||
Patch73: vsftpd-3.0.5-repalce-old-network-addr-functions.patch
|
Patch73: vsftpd-3.0.5-repalce-old-network-addr-functions.patch
|
||||||
|
Patch74: vsftpd-3.0.5-replace-deprecated-openssl-functions.patch
|
||||||
|
|
||||||
%description
|
%description
|
||||||
vsftpd is a Very Secure FTP daemon. It was written completely from
|
vsftpd is a Very Secure FTP daemon. It was written completely from
|
||||||
@ -172,6 +172,10 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub
|
|||||||
%{_var}/ftp
|
%{_var}/ftp
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Feb 13 2023 Richard Lescak <rlescak@redhat.com> - 3.0.5-4
|
||||||
|
- add patch to replace deprecated Openssl functions
|
||||||
|
- Resolves: rhbz#1981411
|
||||||
|
|
||||||
* Mon Feb 06 2023 Richard Lescak <rlescak@redhat.com> - 3.0.5-3
|
* Mon Feb 06 2023 Richard Lescak <rlescak@redhat.com> - 3.0.5-3
|
||||||
- add patch to replace old network functions
|
- add patch to replace old network functions
|
||||||
- Resolves: rhbz#1951545
|
- Resolves: rhbz#1951545
|
||||||
|
Loading…
Reference in New Issue
Block a user