Accepting request 904379 from network

Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/904379
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/vsftpd?expand=0&rev=75

0001-Introduce-TLSv1.1-and-TLSv1.2-options.patch

@@ -1,149 +0,0 @@
-From 01bef55a1987700af3d43cdc5f5be88d3843ab85 Mon Sep 17 00:00:00 2001
-From: Martin Sehnoutka <msehnout@redhat.com>
-Date: Thu, 17 Nov 2016 13:36:17 +0100
-Subject: [PATCH] Introduce TLSv1.1 and TLSv1.2 options.
-
-Users can now enable a specific version of TLS protocol.
----
- parseconf.c   |  2 ++
- ssl.c         |  8 ++++++++
- tunables.c    |  9 +++++++--
- tunables.h    |  2 ++
- vsftpd.conf.5 | 24 ++++++++++++++++++++----
- 5 files changed, 39 insertions(+), 6 deletions(-)
-
-Index: vsftpd-3.0.3/parseconf.c
-===================================================================
---- vsftpd-3.0.3.orig/parseconf.c	2020-11-13 09:52:41.369111000 +0000
-+++ vsftpd-3.0.3/parseconf.c	2020-11-13 09:52:48.881045043 +0000
-@@ -85,6 +85,8 @@ parseconf_bool_array[] =
-   { "ssl_sslv2", &tunable_sslv2 },
-   { "ssl_sslv3", &tunable_sslv3 },
-   { "ssl_tlsv1", &tunable_tlsv1 },
-+  { "ssl_tlsv1_1", &tunable_tlsv1_1 },
-+  { "ssl_tlsv1_2", &tunable_tlsv1_2 },
-   { "tilde_user_enable", &tunable_tilde_user_enable },
-   { "force_anon_logins_ssl", &tunable_force_anon_logins_ssl },
-   { "force_anon_data_ssl", &tunable_force_anon_data_ssl },
-Index: vsftpd-3.0.3/ssl.c
-===================================================================
---- vsftpd-3.0.3.orig/ssl.c	2020-11-13 09:52:41.369111000 +0000
-+++ vsftpd-3.0.3/ssl.c	2020-11-13 09:52:48.881045043 +0000
-@@ -78,6 +78,14 @@ ssl_init(struct vsf_session* p_sess)
-     {
-       options |= SSL_OP_NO_TLSv1;
-     }
-+    if (!tunable_tlsv1_1)
-+    {
-+      options |= SSL_OP_NO_TLSv1_1;
-+    }
-+    if (!tunable_tlsv1_2)
-+    {
-+      options |= SSL_OP_NO_TLSv1_2;
-+    }
-     SSL_CTX_set_options(p_ctx, options);
-     if (tunable_rsa_cert_file)
-     {
-Index: vsftpd-3.0.3/tunables.c
-===================================================================
---- vsftpd-3.0.3.orig/tunables.c	2020-11-13 09:52:41.369111000 +0000
-+++ vsftpd-3.0.3/tunables.c	2020-11-13 09:56:53.162888596 +0000
-@@ -66,6 +66,8 @@ int tunable_force_local_data_ssl;
- int tunable_sslv2;
- int tunable_sslv3;
- int tunable_tlsv1;
-+int tunable_tlsv1_1;
-+int tunable_tlsv1_2;
- int tunable_tilde_user_enable;
- int tunable_force_anon_logins_ssl;
- int tunable_force_anon_data_ssl;
-@@ -207,7 +209,10 @@ tunables_load_defaults()
-   tunable_force_local_data_ssl = 1;
-   tunable_sslv2 = 0;
-   tunable_sslv3 = 0;
-+  /* TLSv1 up to TLSv1.2 is enabled by default */
-   tunable_tlsv1 = 1;
-+  tunable_tlsv1_1 = 1;
-+  tunable_tlsv1_2 = 1;
-   tunable_tilde_user_enable = 0;
-   tunable_force_anon_logins_ssl = 0;
-   tunable_force_anon_data_ssl = 0;
-@@ -288,7 +293,8 @@ tunables_load_defaults()
-   install_str_setting("/usr/share/ssl/certs/vsftpd.pem",
-                       &tunable_rsa_cert_file);
-   install_str_setting(0, &tunable_dsa_cert_file);
--  install_str_setting("ECDHE-RSA-AES256-GCM-SHA384", &tunable_ssl_ciphers);
-+  install_str_setting("AES128-SHA:DES-CBC3-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384",
-+		      &tunable_ssl_ciphers);
-   install_str_setting(0, &tunable_rsa_private_key_file);
-   install_str_setting(0, &tunable_dsa_private_key_file);
-   install_str_setting(0, &tunable_ca_certs_file);
-Index: vsftpd-3.0.3/tunables.h
-===================================================================
---- vsftpd-3.0.3.orig/tunables.h	2020-11-13 09:52:41.369111000 +0000
-+++ vsftpd-3.0.3/tunables.h	2020-11-13 09:52:48.881045043 +0000
-@@ -67,6 +67,8 @@ extern int tunable_force_local_data_ssl;
- extern int tunable_sslv2;                     /* Allow SSLv2 */
- extern int tunable_sslv3;                     /* Allow SSLv3 */
- extern int tunable_tlsv1;                     /* Allow TLSv1 */
-+extern int tunable_tlsv1_1;                   /* Allow TLSv1.1 */
-+extern int tunable_tlsv1_2;                   /* Allow TLSv1.2 */
- extern int tunable_tilde_user_enable;         /* Support e.g. ~chris */
- extern int tunable_force_anon_logins_ssl;     /* Require anon logins use SSL */
- extern int tunable_force_anon_data_ssl;       /* Require anon data uses SSL */
-Index: vsftpd-3.0.3/vsftpd.conf.5
-===================================================================
---- vsftpd-3.0.3.orig/vsftpd.conf.5	2020-11-13 09:52:41.370110991 +0000
-+++ vsftpd-3.0.3/vsftpd.conf.5	2020-11-13 09:52:48.881045043 +0000
-@@ -486,7 +486,7 @@ Default: YES
- Only applies if
- .BR ssl_enable
- is activated. If enabled, this option will permit SSL v2 protocol connections.
--TLS v1 connections are preferred.
-+TLS v1.2 connections are preferred.
- 
- Default: NO
- .TP
-@@ -494,7 +494,7 @@ Default: NO
- Only applies if
- .BR ssl_enable
- is activated. If enabled, this option will permit SSL v3 protocol connections.
--TLS v1 connections are preferred.
-+TLS v1.2 connections are preferred.
- 
- Default: NO
- .TP
-@@ -502,7 +502,23 @@ Default: NO
- Only applies if
- .BR ssl_enable
- is activated. If enabled, this option will permit TLS v1 protocol connections.
--TLS v1 connections are preferred.
-+TLS v1.2 connections are preferred.
-+
-+Default: YES
-+.TP
-+.B ssl_tlsv1_1
-+Only applies if
-+.BR ssl_enable
-+is activated. If enabled, this option will permit TLS v1.1 protocol connections.
-+TLS v1.2 connections are preferred.
-+
-+Default: YES
-+.TP
-+.B ssl_tlsv1_2
-+Only applies if
-+.BR ssl_enable
-+is activated. If enabled, this option will permit TLS v1.2 protocol connections.
-+TLS v1.2 connections are preferred.
- 
- Default: YES
- .TP
-@@ -1001,7 +1017,7 @@ man page for further details. Note that
- security precaution as it prevents malicious remote parties forcing a cipher
- which they have found problems with.
- 
--Default: DES-CBC3-SHA
-+Default: AES128-SHA:DES-CBC3-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384
- .TP
- .B user_config_dir
- This powerful option allows the override of any config option specified in

seccomp-fixes.patch

@@ -1,7 +1,7 @@
-Index: vsftpd-3.0.3/seccompsandbox.c
+Index: vsftpd-3.0.4/seccompsandbox.c
 ===================================================================
---- vsftpd-3.0.3.orig/seccompsandbox.c
-+++ vsftpd-3.0.3/seccompsandbox.c
+--- vsftpd-3.0.4.orig/seccompsandbox.c	2021-06-15 08:06:29.165512830 +0000
++++ vsftpd-3.0.4/seccompsandbox.c	2021-06-15 08:06:42.778484808 +0000
 @@ -18,6 +18,7 @@
  #include "utility.h"
  
@@ -10,7 +10,7 @@ Index: vsftpd-3.0.3/seccompsandbox.c
  
  #include <netinet/in.h>
  #include <netinet/tcp.h>
-@@ -60,6 +61,7 @@
+@@ -63,6 +64,7 @@
  
  #define kMaxSyscalls 100
  
@@ -18,7 +18,7 @@ Index: vsftpd-3.0.3/seccompsandbox.c
  #ifdef DEBUG_SIGSYS
  
  #include <signal.h>
-@@ -68,7 +70,10 @@
+@@ -71,7 +73,10 @@
  void
  handle_sigsys(int sig)
  {
@@ -30,15 +30,7 @@ Index: vsftpd-3.0.3/seccompsandbox.c
  }
  #endif
  
-@@ -443,6 +448,7 @@ seccomp_sandbox_setup_postlogin(const st
-   allow_nr(__NR_getcwd);
-   allow_nr(__NR_chdir);
-   allow_nr(__NR_getdents);
-+  allow_nr(__NR_getdents64);
-   /* Misc */
-   allow_nr(__NR_umask);
- 
-@@ -579,8 +585,8 @@ seccomp_sandbox_lockdown()
+@@ -586,8 +591,8 @@ seccomp_sandbox_lockdown()
    p_filter->code = BPF_LD+BPF_W+BPF_ABS;
    p_filter->jt = 0;
    p_filter->jf = 0;

vsftpd-2.0.4-lib64.diff

@@ -1,7 +1,7 @@
-Index: vsf_findlibs.sh
+Index: vsftpd-3.0.4/vsf_findlibs.sh
 ===================================================================
---- vsf_findlibs.sh.orig
-+++ vsf_findlibs.sh
+--- vsftpd-3.0.4.orig/vsf_findlibs.sh	2021-05-18 07:14:35.000000000 +0000
++++ vsftpd-3.0.4/vsf_findlibs.sh	2021-06-29 09:24:32.833223756 +0000
 @@ -14,6 +14,7 @@ fi
  # crypt library.
  if find_func pam_start sysdeputil.o; then
@@ -18,11 +18,11 @@ Index: vsf_findlibs.sh
    locate_library /usr/lib/libcrypt.so && echo "-lcrypt";
    locate_library /usr/lib64/libcrypt.so && echo "-lcrypt";
    locate_library /lib/x86_64-linux-gnu/libcrypt.so && echo "-lcrypt";
-@@ -54,6 +56,7 @@ elif locate_library /lib/libcap.so.2; th
-   echo "/lib/libcap.so.2";
- else
-   locate_library /usr/lib/libcap.so && echo "-lcap";
-+  locate_library /usr/lib64/libcap.so && echo "-lcap";
-   locate_library /lib/libcap.so && echo "-lcap";
-   locate_library /lib64/libcap.so && echo "-lcap";
- fi
+@@ -52,6 +54,7 @@ locate_library /usr/lib/libsec.sl && ech
+ # /usr/bin/ld: cannot find -lcap
+ # If the libcap-devel package isn't installed.
+ locate_library /usr/lib/libcap.so && echo "-lcap";
++locate_library /usr/lib64/libcap.so && echo "-lcap";
+ locate_library /lib/libcap.so && echo "-lcap";
+ locate_library /lib64/libcap.so && echo "-lcap";
+ 

vsftpd-3.0.3-build-with-openssl-1.1.patch

@@ -1,13 +1,13 @@
-Index: vsftpd-3.0.3/vsf_findlibs.sh
+Index: vsftpd-3.0.4/vsf_findlibs.sh
 ===================================================================
---- vsftpd-3.0.3.orig/vsf_findlibs.sh
-+++ vsftpd-3.0.3/vsf_findlibs.sh
-@@ -72,7 +72,7 @@ locate_library /usr/shlib/librt.so && ec
+--- vsftpd-3.0.4.orig/vsf_findlibs.sh	2021-06-15 07:58:45.004475824 +0000
++++ vsftpd-3.0.4/vsf_findlibs.sh	2021-06-15 07:59:59.039320940 +0000
+@@ -69,7 +69,7 @@ locate_library /usr/shlib/librt.so && ec
  locate_library /usr/lib/libsendfile.so && echo "-lsendfile";
  
  # OpenSSL
 -if find_func SSL_library_init ssl.o; then
 +if find_func SSL_CTX_new ssl.o; then
    echo "-lssl -lcrypto";
- fi
- 
+ elif find_func SSL_new ssl.o; then
+   echo "-lssl -lcrypto";

vsftpd-3.0.3.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:9d4d2bf6e6e2884852ba4e69e157a2cecd68c5a7635d66a3a8cf8d898c955ef7
-size 196649

vsftpd-3.0.3.tar.gz.asc

@@ -1,7 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1
-
-iEYEABECAAYFAlWy7z8ACgkQqmLsRjwOdRyg1QCgp6fVazIhibmgmlefKPEVBUEM
-yDMAnibP6iavxih4przbfR+Fd3LgsARM
-=G+eX
------END PGP SIGNATURE-----

vsftpd-3.0.4.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:6b9421bd27e8a6cdeed5b31154f294a20b003a11a26c09500715a0a6b1b86a26
+size 197637

vsftpd-3.0.4.tar.gz.asc

@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQJKBAABCAA0FiEEZ6KrT0H5lywh9r9me4kBG8rhz+oFAmCyzAAWHHNjYXJ5YmVh
+c3RzQGdtYWlsLmNvbQAKCRB7iQEbyuHP6m3ND/wKyb9Jjg6yggpZhn1tQU4rUbIc
+7/FjSVIRqUasLuC7vGF4fRCsC3Vi7pLX+HB/6C+PrONIS1OkhEZuzNAG531Oedi1
+jlh3L2qhq55N+vVAm7SPonRKxfraljE1AWpg2aUSK1sgW2/d53XHX6quN8qh415H
+Eu91H06SoZdJbQn94EiowT97RNlFjdcyU6GYeGA7LwrhTEPsJ+CnvER/sE6pDx5F
+RrHpajiBC8cLrhpV6Qkpo8KnVOx2CQHUqqjs1x4h7ItFiIhUvyN4bRwA3Q6sty2q
+rb15JCGngatwf93qXP91vBugY5kqfWWnqRnc8b47QXzPB2H6JPq9VQX3yjaITCHF
+YaiQ7a7wzkADTleAG0TNdYzNk4RAzqf6TL+gsMR5ewLYalpy2dtROheWzTlG8kSz
+Z1bgUnA/WSijdKWKua8qjGSexBIA/yDR2zFHKU6Wp5DsrC7R5m71TL9rX30NQp7J
+R32r5DXWuftygxDVYWH6hzD/P0A7wyE7Kz6HcIeCXncSgonuCsLmsWNYVLKwKcmt
+JlnfBlZ3QjLVyL8+Rdo3swO9BLzDMVnocDBSC96/ixbLRnqMMMv5l11ZrLtbc633
+CpnCug3EawYmA1h6UMF1nIbYqhRmCCnk5fXjC9Akl5ymh0D9WjQ6T+77lFD9kZ+8
+lbA2AOPGnY8m3uHQkg==
+=TLc+
+-----END PGP SIGNATURE-----

vsftpd.changes

@@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Tue Jun 15 07:49:13 AM UTC 2021 - Peter Simons <psimons@suse.com>
+
+- Update to version 3.0.4.
+  * Fix runtime SIGSYS crashes (seccomp sandbox policy tweaks).
+  * Reject HTTP verbs pre-login.
+  * Disable TLS prior to v1.2 by default.
+  * Close the control connection after 10 unknown commands pre-login.
+  * Reject any TLS ALPN advertisement that's not 'ftp'.
+  * Add ssl_sni_hostname option to require a match on incoming SNI hostname.
+
+- Upstream has a new GPG key (7B89011BCAE1CFEA).
+
+- "0001-Introduce-TLSv1.1-and-TLSv1.2-options.patch" is now obsolete.
+
 -------------------------------------------------------------------
 Thu Dec  3 11:20:20 UTC 2020 - Ismail Dönmez <idonmez@suse.com>
 
@@ -121,7 +136,7 @@ Thu Sep  7 12:24:26 UTC 2017 - psimons@suse.com
   log. We stumbled across this issue when vsftpd suddendly had
   build failures on i586 platforms because the script decided to
   try and link "-lnsl" even though the library was neither
-  installed nor required.  
+  installed nor required.
 
 - Drop the explicit specification of the LDFLAGS and LINK variables
   from the call to make. The value of LDFLAGS we passed is the
@@ -160,7 +175,7 @@ Mon Sep 19 11:39:04 UTC 2016 - psimons@suse.com
   where files uploaded by an anonymous user could not be chown()ed
   to the desired UID as specified in the daemon's configuration
   file. [bnc#996370]
-  
+
 -------------------------------------------------------------------
 Wed Aug 31 17:21:04 UTC 2016 - dimstar@opensuse.org
 
@@ -206,7 +221,7 @@ Mon Sep 21 11:34:46 UTC 2015 - tchvatal@suse.com
 -------------------------------------------------------------------
 Mon Sep 21 11:14:59 UTC 2015 - joop.boonen@opensuse.org
 
-- Brought back additional systemv support so it also builds for SLES 10 and 11 
+- Brought back additional systemv support so it also builds for SLES 10 and 11
 
 -------------------------------------------------------------------
 Tue Sep  8 10:57:55 UTC 2015 - tchvatal@suse.com
@@ -439,7 +454,7 @@ Tue Nov 20 09:21:17 UTC 2012 - dimstar@opensuse.org
 -------------------------------------------------------------------
 Mon Oct 22 13:38:57 UTC 2012 - mvyskocil@suse.com
 
-- update to 3.0.2 (bnc#786024) 
+- update to 3.0.2 (bnc#786024)
   * Fix some seccomp related build errors on certain CentOS and Debian versions.
   * Seccomp filter sandbox: missing munmap() -- oops. Did you know that qsort()
   opens and maps /proc/meminfo but only for larger item counts?
@@ -557,12 +572,12 @@ Fri Dec 23 17:48:04 UTC 2011 - andreas.stieger@gmx.de
 -------------------------------------------------------------------
 Sat Nov 26 16:31:20 UTC 2011 - crrodriguez@opensuse.org
 
-- fis copy/paste error in previous change 
+- fis copy/paste error in previous change
 
 -------------------------------------------------------------------
 Fri Nov 25 22:14:14 UTC 2011 - crrodriguez@opensuse.org
 
-- Add systemd unit 
+- Add systemd unit
 
 -------------------------------------------------------------------
 Thu Sep 22 11:17:04 UTC 2011 - mvyskocil@suse.cz
@@ -579,14 +594,14 @@ Fri Feb 25 01:37:38 UTC 2011 - crrodriguez@opensuse.org
 - Avoid consuming excessive CPU when matching filenames to patterns. Thanks to
 Maksymilian Arciemowicz <cxib@securityreason.com>.
 - Some bugfixes from Raphaël Rigo <raphael.rigo@syscall.eu> -- good bugs but
-no apparent security impact. 
+no apparent security impact.
 
 -------------------------------------------------------------------
 Tue Sep 21 16:31:39 UTC 2010 - cristian.rodriguez@opensuse.org
 
 - Update to version 2.3.2
 - Fix silly regression re: log files being overwritten from the start.
-- Rename a few file-open functions to make it clearer what they do 
+- Rename a few file-open functions to make it clearer what they do
 
 -------------------------------------------------------------------
 Tue Aug 10 04:55:16 UTC 2010 - cristian.rodriguez@opensuse.org
@@ -606,12 +621,12 @@ truncating it.
 the transmission of plaintext passwords by buggy clients.
 - Fix failure to transmit a large ASCII file over SSL, if it contains \n -> \r\n
 fixups.
- 
+
 
 -------------------------------------------------------------------
 Tue May 25 13:05:30 UTC 2010 - cristian.rodriguez@opensuse.org
 
-- $remote_fs --> network-remotefs  
+- $remote_fs --> network-remotefs
 
 -------------------------------------------------------------------
 Sun Feb 21 19:28:29 UTC 2010 - mseben@novell.com
@@ -647,7 +662,7 @@ Mon Sep 15 14:52:05 CEST 2008 - hvogel@suse.de
 -------------------------------------------------------------------
 Mon Sep  8 15:30:43 CEST 2008 - hvogel@suse.de
 
-- version 2.0.7 
+- version 2.0.7
   * Fix man page typo
   * Enhance logging for debug_ssl
   * Shutdown the SSL data connections properly
@@ -677,7 +692,7 @@ Wed Apr 30 11:58:17 CEST 2008 - hvogel@suse.de
 Tue Apr  1 16:23:57 CEST 2008 - mkoenig@suse.de
 
 - remove dir /usr/share/omc/svcinfo.d as it is provided now
-  by filesystem 
+  by filesystem
 
 -------------------------------------------------------------------
 Tue Mar 11 20:56:47 CET 2008 - crrodriguez@suse.de
@@ -715,17 +730,17 @@ data connection. Still does not seem to coax lftp to retry :(
 - Recognize OPTS pre-login.
 - A whole ton of SSL improvements, including ability to force requirement of
 a client cert; data and control channel client cert cross checking. Ability
-to require fully valid / authentic client certs. No cert-based auth yet. 
+to require fully valid / authentic client certs. No cert-based auth yet.
 
 -------------------------------------------------------------------
 Tue Mar 27 14:45:11 CEST 2007 - mskibbe@suse.de
 
-- change path to firewall script (#247352) 
+- change path to firewall script (#247352)
 
 -------------------------------------------------------------------
 Fri Mar  2 10:34:33 CET 2007 - mskibbe@suse.de
 
-- change path to firewall script (#247352) 
+- change path to firewall script (#247352)
 
 -------------------------------------------------------------------
 Wed Feb 28 08:46:47 CET 2007 - mskibbe@suse.de
@@ -747,12 +762,12 @@ Fri Jan 12 09:39:24 CET 2007 - mskibbe@suse.de
 -------------------------------------------------------------------
 Thu Jan 11 09:54:07 CET 2007 - mskibbe@suse.de
 
-- change path to xml service document (fate #301713) 
+- change path to xml service document (fate #301713)
 
 -------------------------------------------------------------------
 Mon Jan  8 10:31:52 CET 2007 - mskibbe@suse.de
 
-- fix Bug #230220 - vsftp no debuginfo 
+- fix Bug #230220 - vsftp no debuginfo
 
 -------------------------------------------------------------------
 Mon Jan  8 09:27:36 CET 2007 - mskibbe@suse.de
@@ -762,7 +777,7 @@ Mon Jan  8 09:27:36 CET 2007 - mskibbe@suse.de
 -------------------------------------------------------------------
 Wed Dec  6 12:03:32 CET 2006 - mskibbe@suse.de
 
-- add service xml document (fate #301713 ) 
+- add service xml document (fate #301713 )
 
 -------------------------------------------------------------------
 Mon Oct 23 09:42:05 CEST 2006 - mskibbe@suse.de
@@ -781,7 +796,7 @@ Fri Jul 14 10:57:58 CEST 2006 - mskibbe@suse.de
   o IE should now show the login dialog again
   o configurable login attempt limits and delays were added
   o a bad intereaction with DMAPI filesystems was fixed and chained
-    certs should now work. 
+    certs should now work.
 
 -------------------------------------------------------------------
 Fri May 26 11:50:07 CEST 2006 - schwab@suse.de
@@ -792,7 +807,7 @@ Fri May 26 11:50:07 CEST 2006 - schwab@suse.de
 Thu Apr 20 18:03:29 CEST 2006 - hvogel@suse.de
 
 - revert the rename to vsftp for the xinetd config file. chkconfig
-  knows on for init and xinetd. So this wasnt a bug but a misusage 
+  knows on for init and xinetd. So this wasnt a bug but a misusage
   of chkconfig
 
 -------------------------------------------------------------------
@@ -809,12 +824,12 @@ Wed Apr 19 11:13:47 CEST 2006 - hvogel@suse.de
 -------------------------------------------------------------------
 Thu Feb 16 12:27:53 CET 2006 - hvogel@suse.de
 
-- enable ssl for real [#151453] 
+- enable ssl for real [#151453]
 
 -------------------------------------------------------------------
 Mon Feb  6 14:31:27 CET 2006 - hvogel@suse.de
 
-- The switch to standalone should not happen in update. 
+- The switch to standalone should not happen in update.
   Installed xinetd config file again. The configuration file is
   marked as noreplace anyway so if you are updating you will
   get a xinetd.d/vsftpd.rpmnew and a vsftpd.conf.rpmnew
@@ -875,7 +890,7 @@ Mon Aug  8 14:39:16 CEST 2005 - uli@suse.de
 -------------------------------------------------------------------
 Mon Jun 27 14:09:14 CEST 2005 - ro@suse.de
 
-- use libcap 
+- use libcap
 
 -------------------------------------------------------------------
 Fri Jun 17 10:16:13 CEST 2005 - mmj@suse.de
@@ -1123,7 +1138,7 @@ Sun Feb 17 18:14:13 CET 2002 - mmj@suse.de
 -------------------------------------------------------------------
 Tue Feb 12 13:52:01 MET 2002 - mmj@suse.de
 
-- Remove Requires: ftpdir 
+- Remove Requires: ftpdir
 
 -------------------------------------------------------------------
 Mon Feb  4 18:02:20 CET 2002 - choeger@suse.de

vsftpd.keyring

@@ -1,28 +1,52 @@
-pub   1024D/3C0E751C 2004-06-29
-uid                  Chris Evans <chris@scary.beasts.org>
-sub   1024g/0A9EB17D 2004-06-29
-
 -----BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v2.0.19 (GNU/Linux)
 
-mQGiBEDh9hcRBACkPpPw2Pm4v6i+dQccbPAmiGyf6Hn7hHyKx25lJD7sK5vQ/L/w
-7sKDLBF1JO76+9xN9UQb4emgmRW5T+tll4KD4uaTP1+bopg+RlRSD2S8MqAoYBE/
-kUu1je49FNV3VyNHLvi77XkjHd4C0+hoZhnBK/OMo3FXo9vEWrFokXwCtwCgsgxn
-USwXet4jojSt+//E7W6AYV8D/jUMh02PbxHhbCHYQnITB9aiaMQtCoeAlbj3HAQA
-+ZgNxApZ6hbhE0I27i4MrGte3O/9l5j3V0rXltpNY9E6tm8HT2UeLc1m7aMCXy+0
-IUrtQtuEx50jD3oaKbqix6UcBpDAZh+aeqTGansCHUHvlOuQQFO4vAPSr6aHPDmS
-1Dc7A/9JImvSvwq5xbDQWpWMMvpQXkDgCqjkRnvqBHqoXXy7R8xEaYAqcRYVHCo4
-hmVYyRXsdY7iPxQkugbLBAPTHq2ajWsZGmrJymVZP7FGz+Rn/j/XoGYrbdJ86fgs
-XnydJY+/uBaS/A+P/+xeHByr4fqG2T60LUVXtwQP2oP/xYN8kbQkQ2hyaXMgRXZh
-bnMgPGNocmlzQHNjYXJ5LmJlYXN0cy5vcmc+iF4EExECAB4FAkDh9hcCGwMGCwkI
-BwMCAxUCAwMWAgECHgECF4AACgkQqmLsRjwOdRwHOACgp9BubQZNeDf+cbTyuhfo
-+qEedNsAoJIde2sM6Waxd4utyNEGG4pQ3sKeuQENBEDh9h0QBACTJBc/TYG3jVRL
-4dI0R1M42DqyaTpm+qDgIgZ6YoXMzw9Z7NiHZaVVrnxYN98mCsNvvevaVT6Jy8Rr
-FWMf4jx82ulH6NWZ9rKu3V9CXK9VXxt03VAWK2mGaKWlb7QKuiAuxSSrWTFO9neL
-wWAixHsL0w9l19grtn1eKW9e61wIawADBgP/ab8QxketqpzecJhsIr/XM3k2oeKH
-mj2BhegIaZzMAqrdvqGIj0cVGpun0tcoB2w4J1S8PyhM0/1PDaTKT+U83Ewljghw
-Z+J5KUzG8T5xz9Qi3MyG4GnDqCSwZ9gKN8gt354tVd1qioX+ur5rovfVw+21iciW
-IENPG81Z/P+DJzSISQQYEQIACQUCQOH2HQIbDAAKCRCqYuxGPA51HJUGAJ9ynmOj
-Hu3p4DUdukkZfSuqyJaAXgCbBxgmdB7hOfSIGyou31PfdaIeFqU=
-=BKUG
+mQINBGCyyncBEADCkx7Uh4mO2Q590LFi7gCh+Ivm1MqsK+pBXmIiIMBPFLMKqmji
+boJiJFu4QcB/ZJZOLVBKKwbQfN/7IeulNkrvMhnu+jJizz0hUDDLQjuoScx53+MW
+zwIPhI7OAJ6kurlHo0b1wvNnJD5ENmwxrOTYL5bHxut/05a+uTaruPFQPNOMYMzs
+rOvIZrzv0lcW/8ZL4tAFvlkogfiGNC9Vfxy4Px8lyVhhfiVzVY3+UNJMM69n6QAt
+kUH07xpV+vn7I3lD4dZM96zFnrXuQhwJba3fbCY9vFN0NDRVdF3tYl2xwJhXMJtM
+jtQ1Tw9ykRMPsLlaiow0/uW3mYrTYjDP12VxukCEg6a240mhT4jAVA4cSoOCdGBJ
+AZCQk5SLbr/MwikggUyS9Fu3d10WKUSyQFS8NWQGHpaFSIIp3T/dGTe6fprhXzFo
+vvLv26OCFNvn4vTHz4lMzZZJjYLNtlcriJoSPCCe8/fI9BmgARmFxiKgY5ENQOrY
+cZUJJ3sHre52aqCETgz+w8j5o/cAU8iizlYxYsJK/Y+QXlVIzyV8oQGm/jvXhrhi
+CgB4xx96cthfolv2Lj+Dz90d/MYKB3suX38Q1ZNhxCZjIcoE+dcn+uGHUqzm4sot
+gN37P1Xfijn15L2cHoV1itasVlOc92HrEUEaBWpB6QXF6nEYkkgA2agnMwARAQAB
+tCNDaHJpcyBFdmFucyA8c2NhcnliZWFzdHNAZ21haWwuY29tPokCVAQTAQgAPhYh
+BGeiq09B+ZcsIfa/ZnuJARvK4c/qBQJgssp3AhsDBQkSzAMABQsJCAcCBhUKCQgL
+AgQWAgMBAh4BAheAAAoJEHuJARvK4c/qW6QP/2dZFkqxQl7hGJizaGIMCHXV1R2G
+0r1S3GyVSRZEUWuVvv2UMjxYx6DZhhoaTGRNi0gXVrTVL3FG8yBfLN2LQQCSXK4k
+eee8FIXSp1LhwciAJKN+Z5nc0i7R6Qy6cIvc82DO6Y4FaMJZoO5lWbl1WjEYO/oN
+NJAp7U3J+BWYKTzIB+Nh2vaapzj2XrNB6dh3ry2nj7yZmerPquYtXsuNRfi/c/Z0
+2t+TiSEFZW83/NZFGbDhhzWB19TMFM5oUpSBH6Yw02ASseaZBRBK0gLhfKGEnf2W
+KgrwcGd41kMxia6UsrXiG3ZjDR+gF/sed93ZdLWpyYxN4DinirCt/+i1/L5RWCSg
+Xus1SviMmnTfhB7WB+WfrIauLpPZOZhdLc3vSBdBmOZ6+p0qLQC2eK2rehM6kQzw
+nd9vmCtws2l5HGsBngrBEIkXsPVSVZKEUB8xH57nbIzn7igsUgrTBdz8K61oMaAu
+iEZzRJ35P81B3uJqZyqjkONm/1J9d081V2aiASJw/vfiAEkjpws488ZWkg9FFSFJ
+VqvAUu6p/g152GP+vatqFT1sH8zxXLLrwGlcktZFNfTYSnscQ9NU/L761anjrgM4
+Oi7ks4jLq91vwvxW9E9TNyuMUJj85412xPIwx1o1+fKGwzi1d+01uQ73aPmp6Z4l
+idE6tmV5wVSuMGSCuQINBGCyyncBEADIM7Z+1GxMvEtKRyWukfL5w8C4Bqid6M7N
+yCCs8bT1lunc7/weiNCOFigZDfAaSoFQpVe22YZABeWD/wO0iY9x+wOwpnsGhmC9
+7H/c0+g4IT7fKkaNVMbvUGfo9dWrXD2gtFzZJruMnPbj0HeFqSHvkGbMM7dLyMlF
+K295F901iFvvfw7jSQyVGVS97i7swXj9F/O13jedIbh+3TWdkKk/YqmMsETjkcOe
+UvmY7P7pTKEpdimvY2I1B8PsBJkyjdZA8G+eiG1STa0+Vj4yVtMJodKJDJbY6+y7
+M9hajCdUTplLWTbxzPMo54KjTOzyLVT7mfugUlS7WQWrVWVtvScJsvaec95+p/Bx
+UdJVwylVjQrxJxI8Bk2yrIgu7/rj+uYGV5+TNKjJWFkQw0YDJ1NkcvVjU7WIwNCl
+X6s5s/tuX+yzUA+DBSHx0WuqtGWYaFgXeO/pWPidc8ovYFVIAr3QB76AeEL3ZJj3
+ttN5jk96zOlaVxOOlEC6zX5TJ7Z+aQHBPq8RN/G8o99sOdx5QuKqvhHe8673eIMY
+CWPgNSSMJ/7I5IBLsIfIv2UWgLPPHS8s/HTwPacU0/L4pahh553uAhC4QP7BPkYw
+p4KXGasR3v9YxuSa33IraJALC6eF2t3L0CLUMzsc0pgLCmGqzskbrP8p0daBjFCS
+KofV+jOiQQARAQABiQI8BBgBCAAmFiEEZ6KrT0H5lywh9r9me4kBG8rhz+oFAmCy
+yncCGwwFCRLMAwAACgkQe4kBG8rhz+qDNRAAsG3lta/eQ+yWTHCXxXYfw94jm/bx
+XFUcvSOwjO+vB5tCt8Q0JmxoZ6PDD/bkcGSDz8FHjhxiIGYKPQiyu7jeZDAijBzu
+MLf3yGuubM6SUoXB1olkTbs9DTSFdTPqbM8eYn14CVHk19w/in/Oe11BD0I7D4Qg
+bkjIAkIKf01AxbcLFKOMihqhSEIEeqP70DIP8hT3arefk2wgEKG108SOzCPD1YQ7
+sEkYX2lRXjqBefHmIGLVllF3v+jUHYFIVz62i/OVMBHXF0D9Qn39cE5e94VdRZIf
+0hdizes1w48o9DxVSs+5TTtuLfFtsY+22OqZZ1cxXrdNUBCB4XEllrDdu58Qr7No
+fpDPDB4AVatWkpB288C/USl1UJgvhuvZs1AKChi9egfoMJczkZMvgQeiKagQkyeb
+l/W7vT3wX4R2WvcM4n6rlPkvRNvO+jw9owSDWuF+6iB0DWEpv5hMjPEfTBv0sYTH
+T/sOcV7vKV9Q6JsQwvfOagI9OAkXbxbjpbQgk/jlaaz/9+5wIy2vvW69Nh7ZfFNO
+RU1GhwNbghLwbHF7rrGvpwlV9hwpaMYcplvkW9bMgjPGpwxecE1zDdhO8Zq9QXyb
+dvDqRPNAqsWd/LwwqRpG36/YI4f5Pdv38W9/HoXlqj9+Uaa/TyDl9TIlBCYcnrzM
+SEfMQy8pH/YWOBk=
+=QcZC
 -----END PGP PUBLIC KEY BLOCK-----

vsftpd.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package vsftpd
 #
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2021 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -27,7 +27,7 @@
 %define use_firewalld 0
 %endif
 Name:           vsftpd
-Version:        3.0.3
+Version:        3.0.4
 Release:        0
 Summary:        Very Secure FTP Daemon - Written from Scratch
 License:        SUSE-GPL-2.0-with-openssl-exception
@@ -85,7 +85,6 @@ Patch30:        vsftpd-3.0.3-address_space_limit.patch
 Patch31:        vsftpd-enable-syscalls-needed-by-sle15.patch
 Patch32:        vsftpd-support-dsa-only-setups.patch
 Patch33:        vsftpd-avoid-bogus-ssl-write.patch
-Patch34:        0001-Introduce-TLSv1.1-and-TLSv1.2-options.patch
 Patch35:        0001-When-handling-FEAT-command-check-ssl_tlsv1_1-and-ssl.patch
 # PATCH-FIX-UPSTREAM https://bugzilla.suse.com/show_bug.cgi?id=1179553
 Patch36:        seccomp-fixes.patch
@@ -123,7 +122,7 @@ tests.
 
 %prep
 %setup -q
-%patch1
+%patch1 -p1
 %patch3 -p1
 %patch4
 %patch5
@@ -154,7 +153,6 @@ tests.
 %patch31 -p1
 %patch32 -p1
 %patch33 -p1
-%patch34 -p1
 %patch35 -p1
 %patch36 -p1