From d2e95e384a222dc89e21f28d8b1da0e4197d2faf87ae634c9bbe96a64cee1c65 Mon Sep 17 00:00:00 2001 From: Peter Simons Date: Fri, 16 Sep 2022 06:25:15 +0000 Subject: [PATCH 1/2] bsc#1196918 OBS-URL: https://build.opensuse.org/package/show/network/vsftpd?expand=0&rev=168 --- vsftpd.changes | 15 ++++++++++++++- vsftpd.spec | 3 +++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/vsftpd.changes b/vsftpd.changes index 96756cb..41968b4 100644 --- a/vsftpd.changes +++ b/vsftpd.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Fri Sep 16 06:18:26 UTC 2022 - Peter Simons + +- systemd versions prior to 244 do not support the ProtectXYZ + directives we use in our vsftpd.service file and log warnings + every time the daemon starts, which confuses our users. We avoid + this issue by removing the unsupported options from the service + file when installing on a distribution that comes with such an + older version of systemd. [bsc#1196918] + ------------------------------------------------------------------- Thu Aug 25 08:23:08 UTC 2022 - Peter Simons @@ -18,7 +28,10 @@ Wed Jun 29 13:53:16 UTC 2022 - Stefan Schubert Tue Mar 3 16:44:28 UTC 2022 - Peter Simons - Use rpm conditional to build against the proper OpenSSL version - on all distributions. [jsc#PM-3322, bsc#1187686] + on all distributions. This allows us to update vsftpd in all + maintained SLE codestreams to the current Factory version and + mitigate the newly discovered ALPACA attack. [jsc#SLE-24275, + jsc#PM-3322, bsc#1187686] ------------------------------------------------------------------- Tue Feb 1 18:42:41 UTC 2022 - Peter Simons diff --git a/vsftpd.spec b/vsftpd.spec index a1dba05..a5046ec 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -211,6 +211,9 @@ install -D -m 644 %{name}.8 %{buildroot}/%{_mandir}/man8/%{name}.8 %if %{with_systemd} ln -sf service %{buildroot}/%{_sbindir}/rc%{name} install -D -m 0644 %{SOURCE7} %{buildroot}/%{_unitdir}/%{name}.service +%if 0%{?sle_version} < 150300 +sed -r -i '/^(Protect(Home|Hostname|KernelLogs|Clock|KernelTunables|KernelModules|ControlGroups)|RestrictRealtime|PrivateMounts)=/d' %{buildroot}/%{_unitdir}/%{name}.service +%endif install -D -m 0644 %{SOURCE8} %{buildroot}/%{_unitdir}/%{name}@.service install -D -m 0644 %{SOURCE10} %{buildroot}/%{_unitdir}/%{name}.socket %else From 9bab98923d0d8607f622b2c59bd0b2022d8b1b24e3c1ab1cae5e1e5034b77cd9 Mon Sep 17 00:00:00 2001 From: Peter Simons Date: Thu, 6 Oct 2022 10:52:06 +0000 Subject: [PATCH 2/2] address reviewer comments from https://build.opensuse.org/request/show/1004026 OBS-URL: https://build.opensuse.org/package/show/network/vsftpd?expand=0&rev=169 --- vsftpd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vsftpd.spec b/vsftpd.spec index a5046ec..010b62b 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -211,7 +211,7 @@ install -D -m 644 %{name}.8 %{buildroot}/%{_mandir}/man8/%{name}.8 %if %{with_systemd} ln -sf service %{buildroot}/%{_sbindir}/rc%{name} install -D -m 0644 %{SOURCE7} %{buildroot}/%{_unitdir}/%{name}.service -%if 0%{?sle_version} < 150300 +%if 0%{?sle_version} && 0%{?sle_version} < 150300 sed -r -i '/^(Protect(Home|Hostname|KernelLogs|Clock|KernelTunables|KernelModules|ControlGroups)|RestrictRealtime|PrivateMounts)=/d' %{buildroot}/%{_unitdir}/%{name}.service %endif install -D -m 0644 %{SOURCE8} %{buildroot}/%{_unitdir}/%{name}@.service