Disable tcp_wrappers support, fix man page

Disable tcp_wrappers support
Resolves: rhbz#1518796

Fix default value of strict_ssl_read_eof in man page

0047-Disable-tcp_wrappers-support.patch

@@ -0,0 +1,49 @@
+From b383ec42bb750419fea102fccf36af5216145eb2 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= <olysonek@redhat.com>
+Date: Fri, 5 Jan 2018 09:17:13 +0100
+Subject: [PATCH 47/48] Disable tcp_wrappers support
+
+Resolves: rhbz#1518796
+---
+ Makefile    | 2 +-
+ builddefs.h | 1 -
+ vsftpd.conf | 1 -
+ 3 files changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index 98118dc..612994e 100644
+--- a/Makefile
++++ b/Makefile
+@@ -8,7 +8,7 @@ CFLAGS	=	-O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 \
+ 	-D_FORTIFY_SOURCE=2 \
+ 	#-pedantic -Wconversion
+ 
+-LIBS	=	-lwrap -lnsl -lpam -lcap -ldl -lcrypto
++LIBS	=	-lnsl -lpam -lcap -ldl -lcrypto
+ LINK	=	-Wl,-s
+ LDFLAGS	=	-fPIE -pie -Wl,-z,relro -Wl,-z,now
+ 
+diff --git a/builddefs.h b/builddefs.h
+index 83de674..2aa3a4c 100644
+--- a/builddefs.h
++++ b/builddefs.h
+@@ -1,7 +1,6 @@
+ #ifndef VSF_BUILDDEFS_H
+ #define VSF_BUILDDEFS_H
+ 
+-#define VSF_BUILD_TCPWRAPPERS
+ #define VSF_BUILD_PAM
+ #define VSF_BUILD_SSL
+ 
+diff --git a/vsftpd.conf b/vsftpd.conf
+index e70bc6d..6b8eebb 100644
+--- a/vsftpd.conf
++++ b/vsftpd.conf
+@@ -125,4 +125,3 @@ listen_ipv6=YES
+ 
+ pam_service_name=vsftpd
+ userlist_enable=YES
+-tcp_wrappers=YES
+-- 
+2.14.3
+

0048-Fix-default-value-of-strict_ssl_read_eof-in-man-page.patch

@@ -0,0 +1,29 @@
+From 9cba9e81aa96e1d64ae2eaaf88330e09dadfce79 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= <olysonek@redhat.com>
+Date: Fri, 5 Jan 2018 09:40:09 +0100
+Subject: [PATCH 48/48] Fix default value of strict_ssl_read_eof in man page
+
+---
+ vsftpd.conf.5 | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/vsftpd.conf.5 b/vsftpd.conf.5
+index a5abeb2..43b0435 100644
+--- a/vsftpd.conf.5
++++ b/vsftpd.conf.5
+@@ -574,10 +574,9 @@ Default: YES
+ .B strict_ssl_read_eof
+ If enabled, SSL data uploads are required to terminate via SSL, not an
+ EOF on the socket. This option is required to be sure that an attacker did
+-not terminate an upload prematurely with a faked TCP FIN. Unfortunately, it
+-is not enabled by default because so few clients get it right. (New in v2.0.7).
++not terminate an upload prematurely with a faked TCP FIN. (New in v2.0.7).
+ 
+-Default: NO
++Default: YES
+ .TP
+ .B strict_ssl_write_shutdown
+ If enabled, SSL data downloads are required to terminate via SSL, not an
+-- 
+2.14.3
+

vsftpd.spec

@@ -2,7 +2,7 @@
 
 Name:    vsftpd
 Version: 3.0.3
-Release: 15%{?dist}
+Release: 16%{?dist}
 Summary: Very Secure Ftp Daemon
 
 Group:    System Environment/Daemons
@@ -24,7 +24,6 @@ BuildRequires: pam-devel
 BuildRequires: libcap-devel
 BuildRequires: openssl-devel
 BuildRequires: systemd
-BuildRequires: tcp_wrappers-devel
 BuildRequires: git
 
 Requires: logrotate
@@ -75,6 +74,8 @@ Patch43: 0043-Enable-only-TLSv1.2-by-default.patch
 Patch44: 0044-Disable-anonymous_enable-in-default-config-file.patch
 Patch45: 0045-Expand-explanation-of-ascii_-options-behaviour-in-ma.patch
 Patch46: 0046-vsftpd.conf-Refer-to-the-man-page-regarding-the-asci.patch
+Patch47: 0047-Disable-tcp_wrappers-support.patch
+Patch48: 0048-Fix-default-value-of-strict_ssl_read_eof-in-man-page.patch
 
 %description
 vsftpd is a Very Secure FTP daemon. It was written completely from
@@ -144,6 +145,11 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub
 %{_var}/ftp
 
 %changelog
+* Fri Jan 05 2018 Ondřej Lysoněk <olysonek@redhat.com> - 3.0.3-16
+- Disable tcp_wrappers support
+- Resolves: rhbz#1518796
+- Fix default value of strict_ssl_read_eof in man page
+
 * Tue Jan 02 2018 Ondřej Lysoněk <olysonek@redhat.com> - 3.0.3-15
 - Expand the explanation of the ascii_* options behaviour