Accepting request 904379 from network

Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/904379
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/vsftpd?expand=0&rev=75

0001-Introduce-TLSv1.1-and-TLSv1.2-options.patch

@@ -1,149 +0,0 @@
-From 01bef55a1987700af3d43cdc5f5be88d3843ab85 Mon Sep 17 00:00:00 2001
-From: Martin Sehnoutka <msehnout@redhat.com>
-Date: Thu, 17 Nov 2016 13:36:17 +0100
-Subject: [PATCH] Introduce TLSv1.1 and TLSv1.2 options.
-
-Users can now enable a specific version of TLS protocol.
----
- parseconf.c   |  2 ++
- ssl.c         |  8 ++++++++
- tunables.c    |  9 +++++++--
- tunables.h    |  2 ++
- vsftpd.conf.5 | 24 ++++++++++++++++++++----
- 5 files changed, 39 insertions(+), 6 deletions(-)
-
-Index: vsftpd-3.0.3/parseconf.c
-===================================================================
---- vsftpd-3.0.3.orig/parseconf.c	2020-11-13 09:52:41.369111000 +0000
-+++ vsftpd-3.0.3/parseconf.c	2020-11-13 09:52:48.881045043 +0000
-@@ -85,6 +85,8 @@ parseconf_bool_array[] =
-   { "ssl_sslv2", &tunable_sslv2 },
-   { "ssl_sslv3", &tunable_sslv3 },
-   { "ssl_tlsv1", &tunable_tlsv1 },
-+  { "ssl_tlsv1_1", &tunable_tlsv1_1 },
-+  { "ssl_tlsv1_2", &tunable_tlsv1_2 },
-   { "tilde_user_enable", &tunable_tilde_user_enable },
-   { "force_anon_logins_ssl", &tunable_force_anon_logins_ssl },
-   { "force_anon_data_ssl", &tunable_force_anon_data_ssl },
-Index: vsftpd-3.0.3/ssl.c
-===================================================================
---- vsftpd-3.0.3.orig/ssl.c	2020-11-13 09:52:41.369111000 +0000
-+++ vsftpd-3.0.3/ssl.c	2020-11-13 09:52:48.881045043 +0000
-@@ -78,6 +78,14 @@ ssl_init(struct vsf_session* p_sess)
-     {
-       options |= SSL_OP_NO_TLSv1;
-     }
-+    if (!tunable_tlsv1_1)
-+    {
-+      options |= SSL_OP_NO_TLSv1_1;
-+    }
-+    if (!tunable_tlsv1_2)
-+    {
-+      options |= SSL_OP_NO_TLSv1_2;
-+    }
-     SSL_CTX_set_options(p_ctx, options);
-     if (tunable_rsa_cert_file)
-     {
-Index: vsftpd-3.0.3/tunables.c
-===================================================================
---- vsftpd-3.0.3.orig/tunables.c	2020-11-13 09:52:41.369111000 +0000
-+++ vsftpd-3.0.3/tunables.c	2020-11-13 09:56:53.162888596 +0000
-@@ -66,6 +66,8 @@ int tunable_force_local_data_ssl;
- int tunable_sslv2;
- int tunable_sslv3;
- int tunable_tlsv1;
-+int tunable_tlsv1_1;
-+int tunable_tlsv1_2;
- int tunable_tilde_user_enable;
- int tunable_force_anon_logins_ssl;
- int tunable_force_anon_data_ssl;
-@@ -207,7 +209,10 @@ tunables_load_defaults()
-   tunable_force_local_data_ssl = 1;
-   tunable_sslv2 = 0;
-   tunable_sslv3 = 0;
-+  /* TLSv1 up to TLSv1.2 is enabled by default */
-   tunable_tlsv1 = 1;
-+  tunable_tlsv1_1 = 1;
-+  tunable_tlsv1_2 = 1;
-   tunable_tilde_user_enable = 0;
-   tunable_force_anon_logins_ssl = 0;
-   tunable_force_anon_data_ssl = 0;
-@@ -288,7 +293,8 @@ tunables_load_defaults()
-   install_str_setting("/usr/share/ssl/certs/vsftpd.pem",
-                       &tunable_rsa_cert_file);
-   install_str_setting(0, &tunable_dsa_cert_file);
--  install_str_setting("ECDHE-RSA-AES256-GCM-SHA384", &tunable_ssl_ciphers);
-+  install_str_setting("AES128-SHA:DES-CBC3-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384",
-+		      &tunable_ssl_ciphers);
-   install_str_setting(0, &tunable_rsa_private_key_file);
-   install_str_setting(0, &tunable_dsa_private_key_file);
-   install_str_setting(0, &tunable_ca_certs_file);
-Index: vsftpd-3.0.3/tunables.h
-===================================================================
---- vsftpd-3.0.3.orig/tunables.h	2020-11-13 09:52:41.369111000 +0000
-+++ vsftpd-3.0.3/tunables.h	2020-11-13 09:52:48.881045043 +0000
-@@ -67,6 +67,8 @@ extern int tunable_force_local_data_ssl;
- extern int tunable_sslv2;                     /* Allow SSLv2 */
- extern int tunable_sslv3;                     /* Allow SSLv3 */
- extern int tunable_tlsv1;                     /* Allow TLSv1 */
-+extern int tunable_tlsv1_1;                   /* Allow TLSv1.1 */
-+extern int tunable_tlsv1_2;                   /* Allow TLSv1.2 */
- extern int tunable_tilde_user_enable;         /* Support e.g. ~chris */
- extern int tunable_force_anon_logins_ssl;     /* Require anon logins use SSL */
- extern int tunable_force_anon_data_ssl;       /* Require anon data uses SSL */
-Index: vsftpd-3.0.3/vsftpd.conf.5
-===================================================================
---- vsftpd-3.0.3.orig/vsftpd.conf.5	2020-11-13 09:52:41.370110991 +0000
-+++ vsftpd-3.0.3/vsftpd.conf.5	2020-11-13 09:52:48.881045043 +0000
-@@ -486,7 +486,7 @@ Default: YES
- Only applies if
- .BR ssl_enable
- is activated. If enabled, this option will permit SSL v2 protocol connections.
--TLS v1 connections are preferred.
-+TLS v1.2 connections are preferred.
- 
- Default: NO
- .TP
-@@ -494,7 +494,7 @@ Default: NO
- Only applies if
- .BR ssl_enable
- is activated. If enabled, this option will permit SSL v3 protocol connections.
--TLS v1 connections are preferred.
-+TLS v1.2 connections are preferred.
- 
- Default: NO
- .TP
-@@ -502,7 +502,23 @@ Default: NO
- Only applies if
- .BR ssl_enable
- is activated. If enabled, this option will permit TLS v1 protocol connections.
--TLS v1 connections are preferred.
-+TLS v1.2 connections are preferred.
-+
-+Default: YES
-+.TP
-+.B ssl_tlsv1_1
-+Only applies if
-+.BR ssl_enable
-+is activated. If enabled, this option will permit TLS v1.1 protocol connections.
-+TLS v1.2 connections are preferred.
-+
-+Default: YES
-+.TP
-+.B ssl_tlsv1_2
-+Only applies if
-+.BR ssl_enable
-+is activated. If enabled, this option will permit TLS v1.2 protocol connections.
-+TLS v1.2 connections are preferred.
- 
- Default: YES
- .TP
-@@ -1001,7 +1017,7 @@ man page for further details. Note that
- security precaution as it prevents malicious remote parties forcing a cipher
- which they have found problems with.
- 
--Default: DES-CBC3-SHA
-+Default: AES128-SHA:DES-CBC3-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384
- .TP
- .B user_config_dir
- This powerful option allows the override of any config option specified in

seccomp-fixes.patch

@@ -1,7 +1,7 @@
-Index: vsftpd-3.0.3/seccompsandbox.c
+Index: vsftpd-3.0.4/seccompsandbox.c
 ===================================================================
---- vsftpd-3.0.3.orig/seccompsandbox.c
+--- vsftpd-3.0.4.orig/seccompsandbox.c	2021-06-15 08:06:29.165512830 +0000
-+++ vsftpd-3.0.3/seccompsandbox.c
++++ vsftpd-3.0.4/seccompsandbox.c	2021-06-15 08:06:42.778484808 +0000
 @@ -18,6 +18,7 @@
  #include "utility.h"
  
@@ -10,7 +10,7 @@ Index: vsftpd-3.0.3/seccompsandbox.c
  
  #include <netinet/in.h>
  #include <netinet/tcp.h>
-@@ -60,6 +61,7 @@
+@@ -63,6 +64,7 @@
  
  #define kMaxSyscalls 100
  
@@ -18,7 +18,7 @@ Index: vsftpd-3.0.3/seccompsandbox.c
  #ifdef DEBUG_SIGSYS
  
  #include <signal.h>
-@@ -68,7 +70,10 @@
+@@ -71,7 +73,10 @@
  void
  handle_sigsys(int sig)
  {
@@ -30,15 +30,7 @@ Index: vsftpd-3.0.3/seccompsandbox.c
  }
  #endif
  
-@@ -443,6 +448,7 @@ seccomp_sandbox_setup_postlogin(const st
+@@ -586,8 +591,8 @@ seccomp_sandbox_lockdown()
-   allow_nr(__NR_getcwd);
-   allow_nr(__NR_chdir);
-   allow_nr(__NR_getdents);
-+  allow_nr(__NR_getdents64);
-   /* Misc */
-   allow_nr(__NR_umask);
- 
-@@ -579,8 +585,8 @@ seccomp_sandbox_lockdown()
    p_filter->code = BPF_LD+BPF_W+BPF_ABS;
    p_filter->jt = 0;
    p_filter->jf = 0;

vsftpd-2.0.4-lib64.diff

@@ -1,7 +1,7 @@
-Index: vsf_findlibs.sh
+Index: vsftpd-3.0.4/vsf_findlibs.sh
 ===================================================================
---- vsf_findlibs.sh.orig
+--- vsftpd-3.0.4.orig/vsf_findlibs.sh	2021-05-18 07:14:35.000000000 +0000
-+++ vsf_findlibs.sh
++++ vsftpd-3.0.4/vsf_findlibs.sh	2021-06-29 09:24:32.833223756 +0000
 @@ -14,6 +14,7 @@ fi
  # crypt library.
  if find_func pam_start sysdeputil.o; then
@@ -18,11 +18,11 @@ Index: vsf_findlibs.sh
    locate_library /usr/lib/libcrypt.so && echo "-lcrypt";
    locate_library /usr/lib64/libcrypt.so && echo "-lcrypt";
    locate_library /lib/x86_64-linux-gnu/libcrypt.so && echo "-lcrypt";
-@@ -54,6 +56,7 @@ elif locate_library /lib/libcap.so.2; th
+@@ -52,6 +54,7 @@ locate_library /usr/lib/libsec.sl && ech
-   echo "/lib/libcap.so.2";
+ # /usr/bin/ld: cannot find -lcap
- else
+ # If the libcap-devel package isn't installed.
  locate_library /usr/lib/libcap.so && echo "-lcap";
 +locate_library /usr/lib64/libcap.so && echo "-lcap";
  locate_library /lib/libcap.so && echo "-lcap";
  locate_library /lib64/libcap.so && echo "-lcap";
- fi
+ 

vsftpd-3.0.3-build-with-openssl-1.1.patch

@@ -1,13 +1,13 @@
-Index: vsftpd-3.0.3/vsf_findlibs.sh
+Index: vsftpd-3.0.4/vsf_findlibs.sh
 ===================================================================
---- vsftpd-3.0.3.orig/vsf_findlibs.sh
+--- vsftpd-3.0.4.orig/vsf_findlibs.sh	2021-06-15 07:58:45.004475824 +0000
-+++ vsftpd-3.0.3/vsf_findlibs.sh
++++ vsftpd-3.0.4/vsf_findlibs.sh	2021-06-15 07:59:59.039320940 +0000
-@@ -72,7 +72,7 @@ locate_library /usr/shlib/librt.so && ec
+@@ -69,7 +69,7 @@ locate_library /usr/shlib/librt.so && ec
  locate_library /usr/lib/libsendfile.so && echo "-lsendfile";
  
  # OpenSSL
 -if find_func SSL_library_init ssl.o; then
 +if find_func SSL_CTX_new ssl.o; then
    echo "-lssl -lcrypto";
- fi
+ elif find_func SSL_new ssl.o; then
- 
+   echo "-lssl -lcrypto";

vsftpd-3.0.3.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:9d4d2bf6e6e2884852ba4e69e157a2cecd68c5a7635d66a3a8cf8d898c955ef7
-size 196649

vsftpd-3.0.3.tar.gz.asc

@@ -1,7 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1
-
-iEYEABECAAYFAlWy7z8ACgkQqmLsRjwOdRyg1QCgp6fVazIhibmgmlefKPEVBUEM
-yDMAnibP6iavxih4przbfR+Fd3LgsARM
-=G+eX
------END PGP SIGNATURE-----

vsftpd-3.0.4.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:6b9421bd27e8a6cdeed5b31154f294a20b003a11a26c09500715a0a6b1b86a26
+size 197637

vsftpd-3.0.4.tar.gz.asc

@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQJKBAABCAA0FiEEZ6KrT0H5lywh9r9me4kBG8rhz+oFAmCyzAAWHHNjYXJ5YmVh
+c3RzQGdtYWlsLmNvbQAKCRB7iQEbyuHP6m3ND/wKyb9Jjg6yggpZhn1tQU4rUbIc
+7/FjSVIRqUasLuC7vGF4fRCsC3Vi7pLX+HB/6C+PrONIS1OkhEZuzNAG531Oedi1
+jlh3L2qhq55N+vVAm7SPonRKxfraljE1AWpg2aUSK1sgW2/d53XHX6quN8qh415H
+Eu91H06SoZdJbQn94EiowT97RNlFjdcyU6GYeGA7LwrhTEPsJ+CnvER/sE6pDx5F
+RrHpajiBC8cLrhpV6Qkpo8KnVOx2CQHUqqjs1x4h7ItFiIhUvyN4bRwA3Q6sty2q
+rb15JCGngatwf93qXP91vBugY5kqfWWnqRnc8b47QXzPB2H6JPq9VQX3yjaITCHF
+YaiQ7a7wzkADTleAG0TNdYzNk4RAzqf6TL+gsMR5ewLYalpy2dtROheWzTlG8kSz
+Z1bgUnA/WSijdKWKua8qjGSexBIA/yDR2zFHKU6Wp5DsrC7R5m71TL9rX30NQp7J
+R32r5DXWuftygxDVYWH6hzD/P0A7wyE7Kz6HcIeCXncSgonuCsLmsWNYVLKwKcmt
+JlnfBlZ3QjLVyL8+Rdo3swO9BLzDMVnocDBSC96/ixbLRnqMMMv5l11ZrLtbc633
+CpnCug3EawYmA1h6UMF1nIbYqhRmCCnk5fXjC9Akl5ymh0D9WjQ6T+77lFD9kZ+8
+lbA2AOPGnY8m3uHQkg==
+=TLc+
+-----END PGP SIGNATURE-----

vsftpd.changes

@@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Tue Jun 15 07:49:13 AM UTC 2021 - Peter Simons <psimons@suse.com>
+
+- Update to version 3.0.4.
+  * Fix runtime SIGSYS crashes (seccomp sandbox policy tweaks).
+  * Reject HTTP verbs pre-login.
+  * Disable TLS prior to v1.2 by default.
+  * Close the control connection after 10 unknown commands pre-login.
+  * Reject any TLS ALPN advertisement that's not 'ftp'.
+  * Add ssl_sni_hostname option to require a match on incoming SNI hostname.
+
+- Upstream has a new GPG key (7B89011BCAE1CFEA).
+
+- "0001-Introduce-TLSv1.1-and-TLSv1.2-options.patch" is now obsolete.
+
 -------------------------------------------------------------------
 Thu Dec  3 11:20:20 UTC 2020 - Ismail Dönmez <idonmez@suse.com>
 

vsftpd.keyring

@@ -1,28 +1,52 @@
-pub   1024D/3C0E751C 2004-06-29
-uid                  Chris Evans <chris@scary.beasts.org>
-sub   1024g/0A9EB17D 2004-06-29
-
 -----BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v2.0.19 (GNU/Linux)
 
-mQGiBEDh9hcRBACkPpPw2Pm4v6i+dQccbPAmiGyf6Hn7hHyKx25lJD7sK5vQ/L/w
+mQINBGCyyncBEADCkx7Uh4mO2Q590LFi7gCh+Ivm1MqsK+pBXmIiIMBPFLMKqmji
-7sKDLBF1JO76+9xN9UQb4emgmRW5T+tll4KD4uaTP1+bopg+RlRSD2S8MqAoYBE/
+boJiJFu4QcB/ZJZOLVBKKwbQfN/7IeulNkrvMhnu+jJizz0hUDDLQjuoScx53+MW
-kUu1je49FNV3VyNHLvi77XkjHd4C0+hoZhnBK/OMo3FXo9vEWrFokXwCtwCgsgxn
+zwIPhI7OAJ6kurlHo0b1wvNnJD5ENmwxrOTYL5bHxut/05a+uTaruPFQPNOMYMzs
-USwXet4jojSt+//E7W6AYV8D/jUMh02PbxHhbCHYQnITB9aiaMQtCoeAlbj3HAQA
+rOvIZrzv0lcW/8ZL4tAFvlkogfiGNC9Vfxy4Px8lyVhhfiVzVY3+UNJMM69n6QAt
-+ZgNxApZ6hbhE0I27i4MrGte3O/9l5j3V0rXltpNY9E6tm8HT2UeLc1m7aMCXy+0
+kUH07xpV+vn7I3lD4dZM96zFnrXuQhwJba3fbCY9vFN0NDRVdF3tYl2xwJhXMJtM
-IUrtQtuEx50jD3oaKbqix6UcBpDAZh+aeqTGansCHUHvlOuQQFO4vAPSr6aHPDmS
+jtQ1Tw9ykRMPsLlaiow0/uW3mYrTYjDP12VxukCEg6a240mhT4jAVA4cSoOCdGBJ
-1Dc7A/9JImvSvwq5xbDQWpWMMvpQXkDgCqjkRnvqBHqoXXy7R8xEaYAqcRYVHCo4
+AZCQk5SLbr/MwikggUyS9Fu3d10WKUSyQFS8NWQGHpaFSIIp3T/dGTe6fprhXzFo
-hmVYyRXsdY7iPxQkugbLBAPTHq2ajWsZGmrJymVZP7FGz+Rn/j/XoGYrbdJ86fgs
+vvLv26OCFNvn4vTHz4lMzZZJjYLNtlcriJoSPCCe8/fI9BmgARmFxiKgY5ENQOrY
-XnydJY+/uBaS/A+P/+xeHByr4fqG2T60LUVXtwQP2oP/xYN8kbQkQ2hyaXMgRXZh
+cZUJJ3sHre52aqCETgz+w8j5o/cAU8iizlYxYsJK/Y+QXlVIzyV8oQGm/jvXhrhi
-bnMgPGNocmlzQHNjYXJ5LmJlYXN0cy5vcmc+iF4EExECAB4FAkDh9hcCGwMGCwkI
+CgB4xx96cthfolv2Lj+Dz90d/MYKB3suX38Q1ZNhxCZjIcoE+dcn+uGHUqzm4sot
-BwMCAxUCAwMWAgECHgECF4AACgkQqmLsRjwOdRwHOACgp9BubQZNeDf+cbTyuhfo
+gN37P1Xfijn15L2cHoV1itasVlOc92HrEUEaBWpB6QXF6nEYkkgA2agnMwARAQAB
-+qEedNsAoJIde2sM6Waxd4utyNEGG4pQ3sKeuQENBEDh9h0QBACTJBc/TYG3jVRL
+tCNDaHJpcyBFdmFucyA8c2NhcnliZWFzdHNAZ21haWwuY29tPokCVAQTAQgAPhYh
-4dI0R1M42DqyaTpm+qDgIgZ6YoXMzw9Z7NiHZaVVrnxYN98mCsNvvevaVT6Jy8Rr
+BGeiq09B+ZcsIfa/ZnuJARvK4c/qBQJgssp3AhsDBQkSzAMABQsJCAcCBhUKCQgL
-FWMf4jx82ulH6NWZ9rKu3V9CXK9VXxt03VAWK2mGaKWlb7QKuiAuxSSrWTFO9neL
+AgQWAgMBAh4BAheAAAoJEHuJARvK4c/qW6QP/2dZFkqxQl7hGJizaGIMCHXV1R2G
-wWAixHsL0w9l19grtn1eKW9e61wIawADBgP/ab8QxketqpzecJhsIr/XM3k2oeKH
+0r1S3GyVSRZEUWuVvv2UMjxYx6DZhhoaTGRNi0gXVrTVL3FG8yBfLN2LQQCSXK4k
-mj2BhegIaZzMAqrdvqGIj0cVGpun0tcoB2w4J1S8PyhM0/1PDaTKT+U83Ewljghw
+eee8FIXSp1LhwciAJKN+Z5nc0i7R6Qy6cIvc82DO6Y4FaMJZoO5lWbl1WjEYO/oN
-Z+J5KUzG8T5xz9Qi3MyG4GnDqCSwZ9gKN8gt354tVd1qioX+ur5rovfVw+21iciW
+NJAp7U3J+BWYKTzIB+Nh2vaapzj2XrNB6dh3ry2nj7yZmerPquYtXsuNRfi/c/Z0
-IENPG81Z/P+DJzSISQQYEQIACQUCQOH2HQIbDAAKCRCqYuxGPA51HJUGAJ9ynmOj
+2t+TiSEFZW83/NZFGbDhhzWB19TMFM5oUpSBH6Yw02ASseaZBRBK0gLhfKGEnf2W
-Hu3p4DUdukkZfSuqyJaAXgCbBxgmdB7hOfSIGyou31PfdaIeFqU=
+KgrwcGd41kMxia6UsrXiG3ZjDR+gF/sed93ZdLWpyYxN4DinirCt/+i1/L5RWCSg
-=BKUG
+Xus1SviMmnTfhB7WB+WfrIauLpPZOZhdLc3vSBdBmOZ6+p0qLQC2eK2rehM6kQzw
+nd9vmCtws2l5HGsBngrBEIkXsPVSVZKEUB8xH57nbIzn7igsUgrTBdz8K61oMaAu
+iEZzRJ35P81B3uJqZyqjkONm/1J9d081V2aiASJw/vfiAEkjpws488ZWkg9FFSFJ
+VqvAUu6p/g152GP+vatqFT1sH8zxXLLrwGlcktZFNfTYSnscQ9NU/L761anjrgM4
+Oi7ks4jLq91vwvxW9E9TNyuMUJj85412xPIwx1o1+fKGwzi1d+01uQ73aPmp6Z4l
+idE6tmV5wVSuMGSCuQINBGCyyncBEADIM7Z+1GxMvEtKRyWukfL5w8C4Bqid6M7N
+yCCs8bT1lunc7/weiNCOFigZDfAaSoFQpVe22YZABeWD/wO0iY9x+wOwpnsGhmC9
+7H/c0+g4IT7fKkaNVMbvUGfo9dWrXD2gtFzZJruMnPbj0HeFqSHvkGbMM7dLyMlF
+K295F901iFvvfw7jSQyVGVS97i7swXj9F/O13jedIbh+3TWdkKk/YqmMsETjkcOe
+UvmY7P7pTKEpdimvY2I1B8PsBJkyjdZA8G+eiG1STa0+Vj4yVtMJodKJDJbY6+y7
+M9hajCdUTplLWTbxzPMo54KjTOzyLVT7mfugUlS7WQWrVWVtvScJsvaec95+p/Bx
+UdJVwylVjQrxJxI8Bk2yrIgu7/rj+uYGV5+TNKjJWFkQw0YDJ1NkcvVjU7WIwNCl
+X6s5s/tuX+yzUA+DBSHx0WuqtGWYaFgXeO/pWPidc8ovYFVIAr3QB76AeEL3ZJj3
+ttN5jk96zOlaVxOOlEC6zX5TJ7Z+aQHBPq8RN/G8o99sOdx5QuKqvhHe8673eIMY
+CWPgNSSMJ/7I5IBLsIfIv2UWgLPPHS8s/HTwPacU0/L4pahh553uAhC4QP7BPkYw
+p4KXGasR3v9YxuSa33IraJALC6eF2t3L0CLUMzsc0pgLCmGqzskbrP8p0daBjFCS
+KofV+jOiQQARAQABiQI8BBgBCAAmFiEEZ6KrT0H5lywh9r9me4kBG8rhz+oFAmCy
+yncCGwwFCRLMAwAACgkQe4kBG8rhz+qDNRAAsG3lta/eQ+yWTHCXxXYfw94jm/bx
+XFUcvSOwjO+vB5tCt8Q0JmxoZ6PDD/bkcGSDz8FHjhxiIGYKPQiyu7jeZDAijBzu
+MLf3yGuubM6SUoXB1olkTbs9DTSFdTPqbM8eYn14CVHk19w/in/Oe11BD0I7D4Qg
+bkjIAkIKf01AxbcLFKOMihqhSEIEeqP70DIP8hT3arefk2wgEKG108SOzCPD1YQ7
+sEkYX2lRXjqBefHmIGLVllF3v+jUHYFIVz62i/OVMBHXF0D9Qn39cE5e94VdRZIf
+0hdizes1w48o9DxVSs+5TTtuLfFtsY+22OqZZ1cxXrdNUBCB4XEllrDdu58Qr7No
+fpDPDB4AVatWkpB288C/USl1UJgvhuvZs1AKChi9egfoMJczkZMvgQeiKagQkyeb
+l/W7vT3wX4R2WvcM4n6rlPkvRNvO+jw9owSDWuF+6iB0DWEpv5hMjPEfTBv0sYTH
+T/sOcV7vKV9Q6JsQwvfOagI9OAkXbxbjpbQgk/jlaaz/9+5wIy2vvW69Nh7ZfFNO
+RU1GhwNbghLwbHF7rrGvpwlV9hwpaMYcplvkW9bMgjPGpwxecE1zDdhO8Zq9QXyb
+dvDqRPNAqsWd/LwwqRpG36/YI4f5Pdv38W9/HoXlqj9+Uaa/TyDl9TIlBCYcnrzM
+SEfMQy8pH/YWOBk=
+=QcZC
 -----END PGP PUBLIC KEY BLOCK-----

vsftpd.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package vsftpd
 #
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2021 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -27,7 +27,7 @@
 %define use_firewalld 0
 %endif
 Name:           vsftpd
-Version:        3.0.3
+Version:        3.0.4
 Release:        0
 Summary:        Very Secure FTP Daemon - Written from Scratch
 License:        SUSE-GPL-2.0-with-openssl-exception
@@ -85,7 +85,6 @@ Patch30:        vsftpd-3.0.3-address_space_limit.patch
 Patch31:        vsftpd-enable-syscalls-needed-by-sle15.patch
 Patch32:        vsftpd-support-dsa-only-setups.patch
 Patch33:        vsftpd-avoid-bogus-ssl-write.patch
-Patch34:        0001-Introduce-TLSv1.1-and-TLSv1.2-options.patch
 Patch35:        0001-When-handling-FEAT-command-check-ssl_tlsv1_1-and-ssl.patch
 # PATCH-FIX-UPSTREAM https://bugzilla.suse.com/show_bug.cgi?id=1179553
 Patch36:        seccomp-fixes.patch
@@ -123,7 +122,7 @@ tests.
 
 %prep
 %setup -q
-%patch1
+%patch1 -p1
 %patch3 -p1
 %patch4
 %patch5
@@ -154,7 +153,6 @@ tests.
 %patch31 -p1
 %patch32 -p1
 %patch33 -p1
-%patch34 -p1
 %patch35 -p1
 %patch36 -p1