rpm/vsftpd
SHA256
1
0
Fork 0
forked from pool/vsftpd
Code Pull Requests Activity

- Apply "vsftpd-support-dsa-only-setups.patch" to disable the

Browse Source 
problematic default setting for rsa_cert_file. Upstream
  initializes that value to "/usr/share/ssl/certs/vsftpd.pem" and
  vsftpd won't start up if that file does not exist (or if does not
  contain an RSA certificate). Therefore, users who copy a DSA
  certificate into that location or properly configure a DSA
  certificate via dsa_cert_file without explicitly disabling the
  RSA certificate won't be able to start vsftpd. [bsc#975538]

OBS-URL: https://build.opensuse.org/package/show/network/vsftpd?expand=0&rev=131
This commit is contained in:
Peter Simons 2018-06-21 11:14:05 +00:00 committed by Git OBS Bridge
parent de62ebfe5c
commit 3c1c0c1731
3 changed files with 32 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
vsftpd-support-dsa-only-setups.patch Normal file
View File

@ -0,0 +1,18 @@
Index: vsftpd-3.0.3/vsftpd.conf
===================================================================
--- vsftpd-3.0.3.orig/vsftpd.conf 2018-06-21 11:01:12.125258812 +0000
+++ vsftpd-3.0.3/vsftpd.conf 2018-06-21 11:04:43.355979116 +0000
@@ -188,8 +188,12 @@ listen=NO
# Make sure, that one of the listen options is commented !!
listen_ipv6=YES
#
-# Set to ssl_enable=YES if you want to enable SSL
+# Set "ssl_enable=YES" to enable SSL support and configure the location of
+# your local certificate (RSA, DSA, or both). Note that vsftpd won't start
+# if either of the "xxx_cert_file" options sets a path that doesn't exist.
ssl_enable=NO
+rsa_cert_file=
+dsa_cert_file=
#
# Limit passive ports to this range to assis firewalling
pasv_min_port=30000

12
vsftpd.changes
View File

@ -1,3 +1,15 @@
-------------------------------------------------------------------
Thu Jun 21 11:06:33 UTC 2018 - psimons@suse.com
- Apply "vsftpd-support-dsa-only-setups.patch" to disable the
problematic default setting for rsa_cert_file. Upstream
initializes that value to "/usr/share/ssl/certs/vsftpd.pem" and
vsftpd won't start up if that file does not exist (or if does not
contain an RSA certificate). Therefore, users who copy a DSA
certificate into that location or properly configure a DSA
certificate via dsa_cert_file without explicitly disabling the
RSA certificate won't be able to start vsftpd. [bsc#975538]
------------------------------------------------------------------- -------------------------------------------------------------------
Wed May 16 15:25:02 UTC 2018 - psimons@suse.com Wed May 16 15:25:02 UTC 2018 - psimons@suse.com

2
vsftpd.spec
View File

@ -83,6 +83,7 @@ Patch28: vsftpd-die-with-session.patch
Patch29: vsftpd-append-seek-pipe.patch Patch29: vsftpd-append-seek-pipe.patch
Patch30: vsftpd-3.0.3-address_space_limit.patch Patch30: vsftpd-3.0.3-address_space_limit.patch
Patch31: vsftpd-enable-syscalls-needed-by-sle15.patch Patch31: vsftpd-enable-syscalls-needed-by-sle15.patch
Patch32: vsftpd-support-dsa-only-setups.patch
BuildRequires: libcap-devel BuildRequires: libcap-devel
BuildRequires: libopenssl-devel BuildRequires: libopenssl-devel
BuildRequires: pam-devel BuildRequires: pam-devel
@ -146,6 +147,7 @@ tests.
%patch29 -p1 %patch29 -p1
%patch30 -p1 %patch30 -p1
%patch31 -p1 %patch31 -p1
%patch32 -p1
%build %build
%define seccomp_opts -D_GNU_SOURCE -DUSE_SECCOMP %define seccomp_opts -D_GNU_SOURCE -DUSE_SECCOMP