diff --git a/0001-Don-t-use-the-provided-script-to-locate-libraries.patch b/0001-Don-t-use-the-provided-script-to-locate-libraries.patch old mode 100755 new mode 100644 diff --git a/0001-Fix-timestamp-handling-in-MDTM.patch b/0001-Fix-timestamp-handling-in-MDTM.patch old mode 100755 new mode 100644 diff --git a/0001-Move-closing-standard-FDs-after-listen.patch b/0001-Move-closing-standard-FDs-after-listen.patch old mode 100755 new mode 100644 diff --git a/0001-Remove-a-hint-about-the-ftp_home_dir-SELinux-boolean.patch b/0001-Remove-a-hint-about-the-ftp_home_dir-SELinux-boolean.patch old mode 100755 new mode 100644 diff --git a/0001-Set-s_uwtmp_inserted-only-after-record-insertion-rem.patch b/0001-Set-s_uwtmp_inserted-only-after-record-insertion-rem.patch old mode 100755 new mode 100644 diff --git a/0002-Enable-build-with-SSL.patch b/0002-Enable-build-with-SSL.patch old mode 100755 new mode 100644 diff --git a/0002-Prevent-recursion-in-bug.patch b/0002-Prevent-recursion-in-bug.patch old mode 100755 new mode 100644 diff --git a/0002-Repeat-pututxline-if-it-fails-with-EINTR.patch b/0002-Repeat-pututxline-if-it-fails-with-EINTR.patch old mode 100755 new mode 100644 diff --git a/0003-Enable-build-with-TCP-Wrapper.patch b/0003-Enable-build-with-TCP-Wrapper.patch old mode 100755 new mode 100644 diff --git a/0003-Repeat-pututxline-until-it-succeeds-if-it-fails-with.patch b/0003-Repeat-pututxline-until-it-succeeds-if-it-fails-with.patch old mode 100755 new mode 100644 diff --git a/0004-Use-etc-vsftpd-dir-for-config-files-instead-of-etc.patch b/0004-Use-etc-vsftpd-dir-for-config-files-instead-of-etc.patch old mode 100755 new mode 100644 diff --git a/0005-Use-hostname-when-calling-PAM-authentication-module.patch b/0005-Use-hostname-when-calling-PAM-authentication-module.patch old mode 100755 new mode 100644 diff --git a/0006-Close-stdin-out-err-before-listening-for-incoming-co.patch b/0006-Close-stdin-out-err-before-listening-for-incoming-co.patch old mode 100755 new mode 100644 diff --git a/0007-Make-filename-filters-smarter.patch b/0007-Make-filename-filters-smarter.patch old mode 100755 new mode 100644 diff --git a/0008-Write-denied-logins-into-the-log.patch b/0008-Write-denied-logins-into-the-log.patch old mode 100755 new mode 100644 diff --git a/0009-Trim-whitespaces-when-reading-configuration.patch b/0009-Trim-whitespaces-when-reading-configuration.patch old mode 100755 new mode 100644 diff --git a/0010-Improve-daemonizing.patch b/0010-Improve-daemonizing.patch old mode 100755 new mode 100644 diff --git a/0011-Fix-listing-with-more-than-one-star.patch b/0011-Fix-listing-with-more-than-one-star.patch old mode 100755 new mode 100644 diff --git a/0012-Replace-syscall-__NR_clone-.-with-clone.patch b/0012-Replace-syscall-__NR_clone-.-with-clone.patch old mode 100755 new mode 100644 diff --git a/0013-Extend-man-pages-with-systemd-info.patch b/0013-Extend-man-pages-with-systemd-info.patch old mode 100755 new mode 100644 diff --git a/0014-Add-support-for-square-brackets-in-ls.patch b/0014-Add-support-for-square-brackets-in-ls.patch old mode 100755 new mode 100644 diff --git a/0015-Listen-on-IPv6-by-default.patch b/0015-Listen-on-IPv6-by-default.patch old mode 100755 new mode 100644 diff --git a/0016-Increase-VSFTP_AS_LIMIT-from-200UL-to-400UL.patch b/0016-Increase-VSFTP_AS_LIMIT-from-200UL-to-400UL.patch old mode 100755 new mode 100644 diff --git a/0017-Fix-an-issue-with-timestamps-during-DST.patch b/0017-Fix-an-issue-with-timestamps-during-DST.patch old mode 100755 new mode 100644 diff --git a/0018-Change-the-default-log-file-in-configuration.patch b/0018-Change-the-default-log-file-in-configuration.patch old mode 100755 new mode 100644 diff --git a/0019-Introduce-reverse_lookup_enable-option.patch b/0019-Introduce-reverse_lookup_enable-option.patch old mode 100755 new mode 100644 diff --git a/0020-Use-unsigned-int-for-uid-and-gid-representation.patch b/0020-Use-unsigned-int-for-uid-and-gid-representation.patch old mode 100755 new mode 100644 diff --git a/0021-Introduce-support-for-DHE-based-cipher-suites.patch b/0021-Introduce-support-for-DHE-based-cipher-suites.patch old mode 100755 new mode 100644 diff --git a/0022-Introduce-support-for-EDDHE-based-cipher-suites.patch b/0022-Introduce-support-for-EDDHE-based-cipher-suites.patch old mode 100755 new mode 100644 diff --git a/0023-Add-documentation-for-isolate_-options.-Correct-defa.patch b/0023-Add-documentation-for-isolate_-options.-Correct-defa.patch old mode 100755 new mode 100644 diff --git a/0024-Introduce-new-return-value-450.patch b/0024-Introduce-new-return-value-450.patch old mode 100755 new mode 100644 diff --git a/0025-Improve-local_max_rate-option.patch b/0025-Improve-local_max_rate-option.patch old mode 100755 new mode 100644 diff --git a/0026-Prevent-hanging-in-SIGCHLD-handler.patch b/0026-Prevent-hanging-in-SIGCHLD-handler.patch old mode 100755 new mode 100644 diff --git a/0027-Delete-files-when-upload-fails.patch b/0027-Delete-files-when-upload-fails.patch old mode 100755 new mode 100644 diff --git a/0028-Fix-man-page-rendering.patch b/0028-Fix-man-page-rendering.patch old mode 100755 new mode 100644 diff --git a/0029-Fix-segfault-in-config-file-parser.patch b/0029-Fix-segfault-in-config-file-parser.patch old mode 100755 new mode 100644 diff --git a/0030-Fix-logging-into-syslog-when-enabled-in-config.patch b/0030-Fix-logging-into-syslog-when-enabled-in-config.patch old mode 100755 new mode 100644 diff --git a/0031-Fix-question-mark-wildcard-withing-a-file-name.patch b/0031-Fix-question-mark-wildcard-withing-a-file-name.patch old mode 100755 new mode 100644 diff --git a/0032-Propagate-errors-from-nfs-with-quota-to-client.patch b/0032-Propagate-errors-from-nfs-with-quota-to-client.patch old mode 100755 new mode 100644 diff --git a/0033-Introduce-TLSv1.1-and-TLSv1.2-options.patch b/0033-Introduce-TLSv1.1-and-TLSv1.2-options.patch old mode 100755 new mode 100644 diff --git a/0034-Turn-off-seccomp-sandbox-because-it-is-too-strict.patch b/0034-Turn-off-seccomp-sandbox-because-it-is-too-strict.patch old mode 100755 new mode 100644 diff --git a/0035-Modify-DH-enablement-patch-to-build-with-OpenSSL-1.1.patch b/0035-Modify-DH-enablement-patch-to-build-with-OpenSSL-1.1.patch old mode 100755 new mode 100644 diff --git a/0036-Redefine-VSFTP_COMMAND_FD-to-1.patch b/0036-Redefine-VSFTP_COMMAND_FD-to-1.patch old mode 100755 new mode 100644 diff --git a/0037-Document-the-relationship-of-text_userdb_names-and-c.patch b/0037-Document-the-relationship-of-text_userdb_names-and-c.patch old mode 100755 new mode 100644 diff --git a/0038-Document-allow_writeable_chroot-in-the-man-page.patch b/0038-Document-allow_writeable_chroot-in-the-man-page.patch old mode 100755 new mode 100644 diff --git a/0039-Improve-documentation-of-ASCII-mode-in-the-man-page.patch b/0039-Improve-documentation-of-ASCII-mode-in-the-man-page.patch old mode 100755 new mode 100644 diff --git a/0040-Use-system-wide-crypto-policy.patch b/0040-Use-system-wide-crypto-policy.patch old mode 100755 new mode 100644 diff --git a/0041-Document-the-new-default-for-ssl_ciphers-in-the-man-.patch b/0041-Document-the-new-default-for-ssl_ciphers-in-the-man-.patch old mode 100755 new mode 100644 diff --git a/0042-When-handling-FEAT-command-check-ssl_tlsv1_1-and-ssl.patch b/0042-When-handling-FEAT-command-check-ssl_tlsv1_1-and-ssl.patch old mode 100755 new mode 100644 diff --git a/0043-Enable-only-TLSv1.2-by-default.patch b/0043-Enable-only-TLSv1.2-by-default.patch old mode 100755 new mode 100644 diff --git a/0044-Disable-anonymous_enable-in-default-config-file.patch b/0044-Disable-anonymous_enable-in-default-config-file.patch old mode 100755 new mode 100644 diff --git a/0045-Expand-explanation-of-ascii_-options-behaviour-in-ma.patch b/0045-Expand-explanation-of-ascii_-options-behaviour-in-ma.patch old mode 100755 new mode 100644 diff --git a/0046-vsftpd.conf-Refer-to-the-man-page-regarding-the-asci.patch b/0046-vsftpd.conf-Refer-to-the-man-page-regarding-the-asci.patch old mode 100755 new mode 100644 diff --git a/0047-Disable-tcp_wrappers-support.patch b/0047-Disable-tcp_wrappers-support.patch old mode 100755 new mode 100644 diff --git a/0048-Fix-default-value-of-strict_ssl_read_eof-in-man-page.patch b/0048-Fix-default-value-of-strict_ssl_read_eof-in-man-page.patch old mode 100755 new mode 100644 diff --git a/0049-Add-new-filename-generation-algorithm-for-STOU-comma.patch b/0049-Add-new-filename-generation-algorithm-for-STOU-comma.patch old mode 100755 new mode 100644 diff --git a/0050-Don-t-link-with-libnsl.patch b/0050-Don-t-link-with-libnsl.patch old mode 100755 new mode 100644 diff --git a/0051-Improve-documentation-of-better_stou-in-the-man-page.patch b/0051-Improve-documentation-of-better_stou-in-the-man-page.patch old mode 100755 new mode 100644 diff --git a/0052-Fix-rDNS-with-IPv6.patch b/0052-Fix-rDNS-with-IPv6.patch old mode 100755 new mode 100644 diff --git a/0053-Always-do-chdir-after-chroot.patch b/0053-Always-do-chdir-after-chroot.patch old mode 100755 new mode 100644 diff --git a/0054-vsf_sysutil_rcvtimeo-Check-return-value-of-setsockop.patch b/0054-vsf_sysutil_rcvtimeo-Check-return-value-of-setsockop.patch old mode 100755 new mode 100644 diff --git a/0055-vsf_sysutil_get_tz-Check-the-return-value-of-syscall.patch b/0055-vsf_sysutil_get_tz-Check-the-return-value-of-syscall.patch old mode 100755 new mode 100644 diff --git a/0056-Log-die-calls-to-syslog.patch b/0056-Log-die-calls-to-syslog.patch old mode 100755 new mode 100644 diff --git a/0057-Improve-error-message-when-max-number-of-bind-attemp.patch b/0057-Improve-error-message-when-max-number-of-bind-attemp.patch old mode 100755 new mode 100644 diff --git a/0058-Make-the-max-number-of-bind-retries-tunable.patch b/0058-Make-the-max-number-of-bind-retries-tunable.patch old mode 100755 new mode 100644 diff --git a/0059-Fix-SEGFAULT-when-running-in-a-container-as-PID-1.patch b/0059-Fix-SEGFAULT-when-running-in-a-container-as-PID-1.patch old mode 100755 new mode 100644 diff --git a/1001-Fix-assignment-of-an-enumerator-of-a-different-type.patch b/1001-Fix-assignment-of-an-enumerator-of-a-different-type.patch deleted file mode 100644 index e20404a3aec041e2864443e1ddcd1ae65bdd7bbb..0000000000000000000000000000000000000000 --- a/1001-Fix-assignment-of-an-enumerator-of-a-different-type.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 8882c5f7788fc2ea7cae824a7fa09b82782fc81e Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= -Date: Fri, 7 Feb 2020 11:51:46 +0100 -Subject: [PATCH] Fix assignment of an enumerator of a different type - -The kVSFSysStrOpenUnknown enumerator is not part of the -EVSFSysUtilOpenMode enum. The assignment causes a build failure with -gcc 10. - -The open_mode variable need not be initialized, because the switch -statement either sets the variable or causes us to exit. - -Resolves: rhbz#1800239 ---- - sysstr.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/sysstr.c b/sysstr.c -index d86cdf1..ff2671b 100644 ---- a/sysstr.c -+++ b/sysstr.c -@@ -74,7 +74,7 @@ str_chdir(const struct mystr* p_str) - int - str_open(const struct mystr* p_str, const enum EVSFSysStrOpenMode mode) - { -- enum EVSFSysUtilOpenMode open_mode = kVSFSysStrOpenUnknown; -+ enum EVSFSysUtilOpenMode open_mode; - switch (mode) - { - case kVSFSysStrOpenReadOnly: --- -2.24.1 - diff --git a/download b/download new file mode 100644 index 0000000000000000000000000000000000000000..b94676ed3b2004bdf2fa942b9fb379c9d836a18e --- /dev/null +++ b/download @@ -0,0 +1 @@ +da119d084bd3f98664636ea05b5bb398 vsftpd-3.0.3.tar.gz diff --git a/vsftpd-3.0.3-enable_wc_logs-replace_unprintable_with_hex.patch b/vsftpd-3.0.3-enable_wc_logs-replace_unprintable_with_hex.patch old mode 100755 new mode 100644 diff --git a/vsftpd-3.0.3-option_to_disable_TLSv1_3.patch b/vsftpd-3.0.3-option_to_disable_TLSv1_3.patch new file mode 100644 index 0000000000000000000000000000000000000000..354cb830ccb0da9ef9093e0761aa7a8aa57e4b67 --- /dev/null +++ b/vsftpd-3.0.3-option_to_disable_TLSv1_3.patch @@ -0,0 +1,132 @@ +diff --git a/features.c b/features.c +index d024366..3a60b88 100644 +--- a/features.c ++++ b/features.c +@@ -22,7 +22,7 @@ handle_feat(struct vsf_session* p_sess) + { + vsf_cmdio_write_raw(p_sess, " AUTH SSL\r\n"); + } +- if (tunable_tlsv1 || tunable_tlsv1_1 || tunable_tlsv1_2) ++ if (tunable_tlsv1 || tunable_tlsv1_1 || tunable_tlsv1_2 || tunable_tlsv1_3) + { + vsf_cmdio_write_raw(p_sess, " AUTH TLS\r\n"); + } +diff --git a/parseconf.c b/parseconf.c +index 3729818..2c5ffe6 100644 +--- a/parseconf.c ++++ b/parseconf.c +@@ -87,6 +87,7 @@ parseconf_bool_array[] = + { "ssl_tlsv1", &tunable_tlsv1 }, + { "ssl_tlsv1_1", &tunable_tlsv1_1 }, + { "ssl_tlsv1_2", &tunable_tlsv1_2 }, ++ { "ssl_tlsv1_3", &tunable_tlsv1_3 }, + { "tilde_user_enable", &tunable_tilde_user_enable }, + { "force_anon_logins_ssl", &tunable_force_anon_logins_ssl }, + { "force_anon_data_ssl", &tunable_force_anon_data_ssl }, +diff --git a/ssl.c b/ssl.c +index 09ec96a..5d9c595 100644 +--- a/ssl.c ++++ b/ssl.c +@@ -178,6 +178,10 @@ ssl_init(struct vsf_session* p_sess) + { + options |= SSL_OP_NO_TLSv1_2; + } ++ if (!tunable_tlsv1_3) ++ { ++ options |= SSL_OP_NO_TLSv1_3; ++ } + SSL_CTX_set_options(p_ctx, options); + if (tunable_rsa_cert_file) + { +diff --git a/tunables.c b/tunables.c +index c96c1ac..e6fbb9d 100644 +--- a/tunables.c ++++ b/tunables.c +@@ -68,6 +68,7 @@ int tunable_sslv3; + int tunable_tlsv1; + int tunable_tlsv1_1; + int tunable_tlsv1_2; ++int tunable_tlsv1_3; + int tunable_tilde_user_enable; + int tunable_force_anon_logins_ssl; + int tunable_force_anon_data_ssl; +@@ -217,8 +218,9 @@ tunables_load_defaults() + tunable_sslv3 = 0; + tunable_tlsv1 = 0; + tunable_tlsv1_1 = 0; +- /* Only TLSv1.2 is enabled by default */ ++ /* Only TLSv1.2 and TLSv1.3 are enabled by default */ + tunable_tlsv1_2 = 1; ++ tunable_tlsv1_3 = 1; + tunable_tilde_user_enable = 0; + tunable_force_anon_logins_ssl = 0; + tunable_force_anon_data_ssl = 0; +diff --git a/tunables.h b/tunables.h +index 8d50150..6e1d301 100644 +--- a/tunables.h ++++ b/tunables.h +@@ -69,6 +69,7 @@ extern int tunable_sslv3; /* Allow SSLv3 */ + extern int tunable_tlsv1; /* Allow TLSv1 */ + extern int tunable_tlsv1_1; /* Allow TLSv1.1 */ + extern int tunable_tlsv1_2; /* Allow TLSv1.2 */ ++extern int tunable_tlsv1_3; /* Allow TLSv1.3 */ + extern int tunable_tilde_user_enable; /* Support e.g. ~chris */ + extern int tunable_force_anon_logins_ssl; /* Require anon logins use SSL */ + extern int tunable_force_anon_data_ssl; /* Require anon data uses SSL */ +diff --git a/vsftpd.conf.5 b/vsftpd.conf.5 +index 815773f..c37a536 100644 +--- a/vsftpd.conf.5 ++++ b/vsftpd.conf.5 +@@ -555,7 +555,7 @@ Default: YES + Only applies if + .BR ssl_enable + is activated. If enabled, this option will permit SSL v2 protocol connections. +-TLS v1.2 connections are preferred. ++TLS v1.2 and TLS v1.3 connections are preferred. + + Default: NO + .TP +@@ -563,7 +563,7 @@ Default: NO + Only applies if + .BR ssl_enable + is activated. If enabled, this option will permit SSL v3 protocol connections. +-TLS v1.2 connections are preferred. ++TLS v1.2 and TLS v1.3 connections are preferred. + + Default: NO + .TP +@@ -571,7 +571,7 @@ Default: NO + Only applies if + .BR ssl_enable + is activated. If enabled, this option will permit TLS v1 protocol connections. +-TLS v1.2 connections are preferred. ++TLS v1.2 and TLS v1.3 connections are preferred. + + Default: NO + .TP +@@ -579,7 +579,7 @@ Default: NO + Only applies if + .BR ssl_enable + is activated. If enabled, this option will permit TLS v1.1 protocol connections. +-TLS v1.2 connections are preferred. ++TLS v1.2 and TLS v1.3 connections are preferred. + + Default: NO + .TP +@@ -587,7 +587,15 @@ Default: NO + Only applies if + .BR ssl_enable + is activated. If enabled, this option will permit TLS v1.2 protocol connections. +-TLS v1.2 connections are preferred. ++TLS v1.2 and TLS v1.3 connections are preferred. ++ ++Default: YES ++.TP ++.B ssl_tlsv1_3 ++Only applies if ++.BR ssl_enable ++is activated. If enabled, this option will permit TLS v1.3 protocol connections. ++TLS v1.2 and TLS v1.3 connections are preferred. + + Default: YES + .TP diff --git a/vsftpd-3.0.3.tar.gz b/vsftpd-3.0.3.tar.gz deleted file mode 100755 index 6259f9dae6ef30acf25154fb45519bbcca9ca529..0000000000000000000000000000000000000000 Binary files a/vsftpd-3.0.3.tar.gz and /dev/null differ diff --git a/vsftpd.ftpusers b/vsftpd.ftpusers old mode 100755 new mode 100644 diff --git a/vsftpd.pam b/vsftpd.pam old mode 100755 new mode 100644 diff --git a/vsftpd.service b/vsftpd.service old mode 100755 new mode 100644 diff --git a/vsftpd.spec b/vsftpd.spec old mode 100755 new mode 100644 index d5008329db8596e65a3d50b80cff943baf5599ec..523454b83bc6124617ea4fc2682c4e7f4113c86c --- a/vsftpd.spec +++ b/vsftpd.spec @@ -1,9 +1,8 @@ -%define anolis_release .0.1 %global _generatorsdir %{_prefix}/lib/systemd/system-generators Name: vsftpd Version: 3.0.3 -Release: 34%{anolis_release}%{?dist} +Release: 35%{?dist} Summary: Very Secure Ftp Daemon Group: System Environment/Daemons @@ -97,11 +96,7 @@ Patch64: 0003-Repeat-pututxline-until-it-succeeds-if-it-fails-with.patch Patch65: 0001-Fix-timestamp-handling-in-MDTM.patch Patch66: 0001-Remove-a-hint-about-the-ftp_home_dir-SELinux-boolean.patch Patch67: vsftpd-3.0.3-enable_wc_logs-replace_unprintable_with_hex.patch - -# Begin: Anolis customized patches -# Backport from fc32 to fix FTBFS on gcc10 -Patch1001: 1001-Fix-assignment-of-an-enumerator-of-a-different-type.patch -# End: Anolis customized patches +Patch68: vsftpd-3.0.3-option_to_disable_TLSv1_3.patch %description vsftpd is a Very Secure FTP daemon. It was written completely from @@ -170,10 +165,11 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_var}/ftp %changelog -* Thu Jan 20 2022 Weitao Zhou - 3.0.3-34.0.1 -- Fix FTBFS on gcc10 +* Fri Dec 03 2021 Artem Egorenkov - 3.0.3-35 +- add option to disable TLSv1.3 +- Resolves: rhbz#1638375 -* Mon Apr 12 2021 Artem Egorenkov - 3.0.3-33 +* Mon Apr 12 2021 Artem Egorenkov - 3.0.3-34 - Enable support for wide-character strings in logs - Replace unprintables with HEX code, not question marks - Resolves: rhbz#1947900 diff --git a/vsftpd.target b/vsftpd.target old mode 100755 new mode 100644 diff --git a/vsftpd.user_list b/vsftpd.user_list old mode 100755 new mode 100644 diff --git a/vsftpd.xinetd b/vsftpd.xinetd old mode 100755 new mode 100644 diff --git a/vsftpd@.service b/vsftpd@.service old mode 100755 new mode 100644