diff --git a/vsftpd.changes b/vsftpd.changes index 96756cb..41968b4 100644 --- a/vsftpd.changes +++ b/vsftpd.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Fri Sep 16 06:18:26 UTC 2022 - Peter Simons + +- systemd versions prior to 244 do not support the ProtectXYZ + directives we use in our vsftpd.service file and log warnings + every time the daemon starts, which confuses our users. We avoid + this issue by removing the unsupported options from the service + file when installing on a distribution that comes with such an + older version of systemd. [bsc#1196918] + ------------------------------------------------------------------- Thu Aug 25 08:23:08 UTC 2022 - Peter Simons @@ -18,7 +28,10 @@ Wed Jun 29 13:53:16 UTC 2022 - Stefan Schubert Tue Mar 3 16:44:28 UTC 2022 - Peter Simons - Use rpm conditional to build against the proper OpenSSL version - on all distributions. [jsc#PM-3322, bsc#1187686] + on all distributions. This allows us to update vsftpd in all + maintained SLE codestreams to the current Factory version and + mitigate the newly discovered ALPACA attack. [jsc#SLE-24275, + jsc#PM-3322, bsc#1187686] ------------------------------------------------------------------- Tue Feb 1 18:42:41 UTC 2022 - Peter Simons diff --git a/vsftpd.spec b/vsftpd.spec index a1dba05..a5046ec 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -211,6 +211,9 @@ install -D -m 644 %{name}.8 %{buildroot}/%{_mandir}/man8/%{name}.8 %if %{with_systemd} ln -sf service %{buildroot}/%{_sbindir}/rc%{name} install -D -m 0644 %{SOURCE7} %{buildroot}/%{_unitdir}/%{name}.service +%if 0%{?sle_version} < 150300 +sed -r -i '/^(Protect(Home|Hostname|KernelLogs|Clock|KernelTunables|KernelModules|ControlGroups)|RestrictRealtime|PrivateMounts)=/d' %{buildroot}/%{_unitdir}/%{name}.service +%endif install -D -m 0644 %{SOURCE8} %{buildroot}/%{_unitdir}/%{name}@.service install -D -m 0644 %{SOURCE10} %{buildroot}/%{_unitdir}/%{name}.socket %else