From 7d36368178062f3965669db958eb3dd475c26f1447c1b07c2511f5ee8d89304a Mon Sep 17 00:00:00 2001
From: Peter Simons <peter.simons@suse.com>
Date: Mon, 19 Jun 2023 06:30:36 +0000
Subject: [PATCH] bsc#1200075

OBS-URL: https://build.opensuse.org/package/show/network/vsftpd?expand=0&rev=175
---
 ...e-of-strict_ssl_read_eof-in-man-page.patch | 29 +++++++++++++++++++
 vsftpd.changes                                | 11 +++++--
 vsftpd.spec                                   |  3 +-
 3 files changed, 39 insertions(+), 4 deletions(-)
 create mode 100644 0001-Fix-default-value-of-strict_ssl_read_eof-in-man-page.patch

diff --git a/0001-Fix-default-value-of-strict_ssl_read_eof-in-man-page.patch b/0001-Fix-default-value-of-strict_ssl_read_eof-in-man-page.patch
new file mode 100644
index 0000000..94da91a
--- /dev/null
+++ b/0001-Fix-default-value-of-strict_ssl_read_eof-in-man-page.patch
@@ -0,0 +1,29 @@
+From 9cba9e81aa96e1d64ae2eaaf88330e09dadfce79 Mon Sep 17 00:00:00 2001
+From: =?utf8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= <olysonek@redhat.com>
+Date: Fri, 5 Jan 2018 09:40:09 +0100
+Subject: [PATCH 01/27] Fix default value of strict_ssl_read_eof in man page
+
+---
+ vsftpd.conf.5 | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/vsftpd.conf.5 b/vsftpd.conf.5
+index a5abeb2..43b0435 100644
+--- a/vsftpd.conf.5
++++ b/vsftpd.conf.5
+@@ -574,10 +574,9 @@ Default: YES
+ .B strict_ssl_read_eof
+ If enabled, SSL data uploads are required to terminate via SSL, not an
+ EOF on the socket. This option is required to be sure that an attacker did
+-not terminate an upload prematurely with a faked TCP FIN. Unfortunately, it
+-is not enabled by default because so few clients get it right. (New in v2.0.7).
++not terminate an upload prematurely with a faked TCP FIN. (New in v2.0.7).
+ 
+-Default: NO
++Default: YES
+ .TP
+ .B strict_ssl_write_shutdown
+ If enabled, SSL data downloads are required to terminate via SSL, not an
+-- 
+2.40.1
+
diff --git a/vsftpd.changes b/vsftpd.changes
index f0e9899..63ec79a 100644
--- a/vsftpd.changes
+++ b/vsftpd.changes
@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Mon Jun 19 06:25:26 UTC 2023 - Peter Simons <psimons@suse.com>
+
+- Apply "0001-Fix-default-value-of-strict_ssl_read_eof-in-man-page.patch"
+  to fix the documentation of the strict_ssl_read_eof option. The
+  documentation says option would be disabled by default, but it is
+  in fact enabled. [bsc#1200075]
+
 -------------------------------------------------------------------
 Tue Jan  3 16:12:32 UTC 2023 - David Anes <david.anes@suse.com>
 
@@ -1304,6 +1312,3 @@ Tue Nov 13 13:30:42 CET 2001 - mmj@suse.de
 Mon Oct 22 15:57:40 CEST 2001 - mmj@suse.de
 
 - Initial package
-
--------------------------------------------------------------------
-Mon Oct 22 15:57:40 CEST 2001 - 
diff --git a/vsftpd.spec b/vsftpd.spec
index 74f404e..6f895f7 100644
--- a/vsftpd.spec
+++ b/vsftpd.spec
@@ -97,6 +97,7 @@ Patch42:        use-system-wide-tls-cipher-policy.patch
 Patch43:        vsftpd-allow-dev-log-socket.patch
 Patch44:        vsftpd-enable-sendto-for-prelogin-syslog.patch
 Patch45:        disable-tls13-to-support-older-openssl-versions.patch
+Patch46:        0001-Fix-default-value-of-strict_ssl_read_eof-in-man-page.patch
 BuildRequires:  libcap-devel
 %if 0%{?suse_version} == 1315
 BuildRequires:  libopenssl-1_1-devel >= 1.1.1
@@ -180,10 +181,10 @@ tests.
 %patch42 -p1
 %patch43 -p1
 %patch44 -p1
-
 %if 0%{?sle_version} == 150000
 %patch45 -p1
 %endif
+%patch46 -p1
 
 %build
 %define seccomp_opts -D_GNU_SOURCE -DUSE_SECCOMP