Accepting request 1113641 from home:pmonrealgonzalez:branches:network

- Enable crypto-policies support: [bsc#1211301] * Add vsftpd-use-system-wide-crypto-policy.patch OBS-URL: https://build.opensuse.org/request/show/1113641 OBS-URL: https://build.opensuse.org/package/show/network/vsftpd?expand=0&rev=179
2023-09-26 12:26:47 +00:00 · 2023-09-26 12:26:47 +00:00 · 13c6e7e53c
commit 13c6e7e53c
parent fbe9396fa6
3 changed files with 39 additions and 0 deletions
--- a/vsftpd-use-system-wide-crypto-policy.patch
+++ b/vsftpd-use-system-wide-crypto-policy.patch
@ -0,0 +1,30 @@
+Index: vsftpd-3.0.5/tunables.c
+===================================================================
+--- vsftpd-3.0.5.orig/tunables.c
+++ vsftpd-3.0.5/tunables.c
+@@ -295,7 +295,7 @@ tunables_load_defaults()
+   install_str_setting("/usr/share/ssl/certs/vsftpd.pem",
+                       &tunable_rsa_cert_file);
+   install_str_setting(0, &tunable_dsa_cert_file);
+-  install_str_setting("DEFAULT_SUSE", &tunable_ssl_ciphers);
+  install_str_setting("PROFILE=SYSTEM", &tunable_ssl_ciphers);
+   install_str_setting(0, &tunable_rsa_private_key_file);
+   install_str_setting(0, &tunable_dsa_private_key_file);
+   install_str_setting(0, &tunable_ca_certs_file);
+Index: vsftpd-3.0.5/vsftpd.conf.5
+===================================================================
+--- vsftpd-3.0.5.orig/vsftpd.conf.5
+++ vsftpd-3.0.5/vsftpd.conf.5
+@@ -1024,7 +1024,11 @@ man page for further details. Note that
+ security precaution as it prevents malicious remote parties forcing a cipher
+ which they have found problems with.
+ 
+-Default: DEFAULT_SUSE
+By default, the system-wide crypto policy is used. See
+.BR update-crypto-policies(8)
+for further details.
+
+Default: PROFILE=SYSTEM
+ .TP
+ .B ssl_sni_hostname
+ If set, SSL connections will be rejected unless the SNI hostname in the
--- a/vsftpd.changes
+++ b/vsftpd.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Tue Sep 26 09:20:33 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
+
+- Enable crypto-policies support: [bsc#1211301]
+  * Add vsftpd-use-system-wide-crypto-policy.patch
+
 -------------------------------------------------------------------
 Fri Aug 25 15:06:06 UTC 2023 - Thorsten Kukuk <kukuk@suse.com>

--- a/vsftpd.spec
+++ b/vsftpd.spec
@ -98,6 +98,8 @@ Patch43:        vsftpd-allow-dev-log-socket.patch
 Patch44:        vsftpd-enable-sendto-for-prelogin-syslog.patch
 Patch45:        disable-tls13-to-support-older-openssl-versions.patch
 Patch46:        0001-Fix-default-value-of-strict_ssl_read_eof-in-man-page.patch
+#PATCH-FIX-OPENSUSE bsc#1211301 Enable crypto-policies support
+Patch47:        vsftpd-use-system-wide-crypto-policy.patch
 BuildRequires:  libcap-devel
 %if 0%{?suse_version} == 1315
 BuildRequires:  libopenssl-1_1-devel >= 1.1.1
@ -185,6 +187,7 @@ tests.
 %patch45 -p1
 %endif
 %patch46 -p1
+%patch47 -p1

 %build
 %define seccomp_opts -D_GNU_SOURCE -DUSE_SECCOMP