Accepting request 38025 from network

checked in (request 38025)

OBS-URL: https://build.opensuse.org/request/show/38025
OBS-URL: https://build.opensuse.org/package/show/network/vsftpd?expand=0&rev=9

vsftpd-2.0.4-conf.diff

@@ -1,8 +1,6 @@
-Index: vsftpd.conf
-===================================================================
---- vsftpd.conf.orig
+--- vsftpd.conf
 +++ vsftpd.conf
-@@ -4,23 +4,89 @@
+@@ -4,100 +4,218 @@
  # loosens things up a bit, to make the ftp daemon more usable.
  # Please see vsftpd.conf.5 for all compiled in defaults.
  #
@@ -12,219 +10,254 @@ Index: vsftpd.conf
  # READ THIS: This example file is NOT an exhaustive list of vsftpd options.
  # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
  # capabilities.
++
++# General Settings
  #
 -# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
 -anonymous_enable=YES
--#
--# Uncomment this to allow local users to log in.
--#local_enable=YES
-+# ################
-+# General Settings
-+# ################
- #
- # Uncomment this to enable any form of FTP write command.
--#write_enable=YES
-+write_enable=NO
++# Uncomment this to enable any form of FTP write command.
++#
++#write_enable=YES
 +#
 +# Activate directory messages - messages given to remote users when they
 +# go into a certain directory.
++#
 +dirmessage_enable=YES
 +#
 +# It is recommended that you define on your system a unique user which the
 +# ftp server can use as a totally isolated and unprivileged user.
++#
 +nopriv_user=ftpsecure
 +#
 +# You may fully customise the login banner string:
-+#ftpd_banner=Welcome to blah FTP service.
++#
++#ftpd_banner="Welcome to FOOBAR FTP service."
 +#
 +# You may activate the "-R" option to the builtin ls. This is disabled by
 +# default to avoid remote users being able to cause excessive I/O on large
 +# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
 +# the presence of the "-R" option, so there is a strong case for enabling it.
++#
 +#ls_recurse_enable=YES
 +#
 +# You may specify a file of disallowed anonymous e-mail addresses. Apparently
 +# useful for combatting certain DoS attacks.
++#
 +#deny_email_enable=YES
++#
 +# (default follows)
+ #
 +#banned_email_file=/etc/vsftpd.banned_emails
 +#
 +# If  enabled,  all  user  and  group  information in
 +# directory listings will be displayed as "ftp".
++#
 +#hide_ids=YES
-+#
-+# #######################
++
 +# Local FTP user Settings
-+# #######################
-+#
-+# Uncomment this to allow local users to log in.
-+local_enable=YES
++# 
+ # Uncomment this to allow local users to log in.
+-#local_enable=YES
+ #
+-# Uncomment this to enable any form of FTP write command.
+-#write_enable=YES
++#local_enable=YES
  #
  # Default umask for local users is 077. You may wish to change this to 022,
  # if your users expect that (022 is used by most other ftpd's)
++#
  #local_umask=022
  #
++# Uncomment to put local users in a chroot() jail in their home directory
++# after login.
++#
++#chroot_local_user=YES
++#
 +# You may specify an explicit list of local users to chroot() to their home
 +# directory. If chroot_local_user is YES, then this list becomes a list of
 +# users to NOT chroot().
-+#chroot_local_user=YES
++#
 +#chroot_list_enable=YES
++#
 +# (default follows)
++#
 +#chroot_list_file=/etc/vsftpd.chroot_list
 +#
 +# The maximum data transfer rate permitted, in bytes per second, for
 +# local authenticated users. The default is 0 (unlimited).
++#
 +#local_max_rate=7200
-+#
-+# ##########################
++
++
 +# Anonymus FTP user Settings
-+# ##########################
 +#
-+# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
++# Allow anonymous FTP?
++#
 +anonymous_enable=YES
 +#
-+# The maximum data transfer rate permitted, in bytes per second, for anonymous
-+# authenticated users. The default is 0 (unlimited).
-+#anon_max_rate=7200
-+#
 +# Anonymous users will only be allowed to download files which are
 +# world readable.
-+anon_world_readable_only=YES
 +#
-+# Default umask for anonymus users is 077. You may wish to change this to 022,
-+# if your users expect that (022 is used by most other ftpd's)
-+#anon_umask=022
++anon_world_readable_only=YES
 +#
  # Uncomment this to allow the anonymous FTP user to upload files. This only
  # has an effect if the above global write enable is activated. Also, you will
  # obviously need to create a directory writable by the FTP user.
-@@ -30,15 +96,9 @@ anonymous_enable=YES
++#
+ #anon_upload_enable=YES
+ #
++# Default umask for anonymus users is 077. You may wish to change this to 022,
++# if your users expect that (022 is used by most other ftpd's)
++#
++#anon_umask=022
++#
+ # Uncomment this if you want the anonymous FTP user to be able to create
  # new directories.
- #anon_mkdir_write_enable=YES
+-#anon_mkdir_write_enable=YES
  #
 -# Activate directory messages - messages given to remote users when they
 -# go into a certain directory.
 -dirmessage_enable=YES
--#
++#anon_mkdir_write_enable=YES
+ #
 -# Activate logging of uploads/downloads.
 -xferlog_enable=YES
--#
--# Make sure PORT transfer connections originate from port 20 (ftp-data).
--connect_from_port_20=YES
 +# Uncomment this to enable anonymus FTP users to perform other write operations
 +# like deletion and renaming.
+ #
+-# Make sure PORT transfer connections originate from port 20 (ftp-data).
+-connect_from_port_20=YES
 +#anon_other_write_enable=YES
  #
  # If you want, you can arrange for uploaded anonymous files to be owned by
  # a different user. Note! Using "root" for uploaded files is not
-@@ -46,24 +106,51 @@ connect_from_port_20=YES
+ # recommended!
++#
  #chown_uploads=YES
  #chown_username=whoever
  #
-+# ############
++# The maximum data transfer rate permitted, in bytes per second, for anonymous
++# authenticated users. The default is 0 (unlimited).
++#
++#anon_max_rate=7200
++
++
 +# Log Settings
-+# ############
 +#
 +# Log to the syslog daemon instead of using an logfile.
++#
 +syslog_enable=YES
 +#
 +# Uncomment this to log all FTP requests and responses.
++#
 +#log_ftp_protocol=YES
 +#
 +# Activate logging of uploads/downloads.
++#
 +#xferlog_enable=YES
 +#
  # You may override where the log file goes if you like. The default is shown
  # below.
 -#xferlog_file=/var/log/vsftpd.log
-+#
-+#vsftpd_log_file=/var/log/vsftpd.log
  #
- # If you want, you can have your log file in standard ftpd xferlog format.
- # Note that the default log file location is /var/log/xferlog in this case.
+-# If you want, you can have your log file in standard ftpd xferlog format
++#vsftpd_log_file=/var/log/vsftpd.log
++# 
++# If you want, you can have your log file in standard ftpd xferlog format.
++# Note: This disables the normal logging unless you enable dual_log_enable below. 
++#
  #xferlog_std_format=YES
  #
 +# You may override where the log file goes if you like. The default is shown
 +# below.
-+#xferlog_file=/var/log/vsftpd.log
++#
++#xferlog_file=/var/log/xferlog
 +#
 +# Enable this to have booth logfiles. Standard xferlog and vsftpd's own style log.
++#
 +#dual_log_enable=YES
 +#
 +# Uncomment this to enable session status information in the system process listing.
-+#setproctitle_enable=YES
 +#
-+# #################
++#setproctitle_enable=YES
++
 +# Transfer Settings
-+# #################
 +#
 +# Make sure PORT transfer connections originate from port 20 (ftp-data).
++#
 +connect_from_port_20=YES
 +#
  # You may change the default value for timing out an idle session.
++#
  #idle_session_timeout=600
  #
  # You may change the default value for timing out a data connection.
- #data_connection_timeout=120
+-#data_connection_timeout=120
  #
 -# It is recommended that you define on your system a unique user which the
 -# ftp server can use as a totally isolated and unprivileged user.
 -#nopriv_user=ftpsecure
--#
++#data_connection_timeout=120
+ #
  # Enable this and the server will recognise asynchronous ABOR requests. Not
  # recommended for security (the code is non-trivial). Not enabling it,
  # however, may confuse older FTP clients.
-@@ -77,38 +164,29 @@ connect_from_port_20=YES
- # predicted this attack and has always been safe, reporting the size of the
- # raw file.
- # ASCII mangling is a horrible feature of the protocol.
--#ascii_upload_enable=YES
-+ascii_upload_enable=YES
++#
+ #async_abor_enable=YES
+ #
+ # By default the server will pretend to allow ASCII mode but in fact ignore
+ # the request. Turn on the below options to have the server actually do ASCII
+ # mangling on files when in ASCII mode.
+-# Beware that on some FTP servers, ASCII support allows a denial of service
+-# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
+-# predicted this attack and has always been safe, reporting the size of the
+-# raw file.
+-# ASCII mangling is a horrible feature of the protocol.
++# Beware that turning on ascii_download_enable enables malicious remote parties
++# to consume your I/O resources, by issuing the command "SIZE /big/file" in
++# ASCII mode.
++# These ASCII options are split into upload and download because you may wish
++# to enable ASCII uploads (to prevent uploaded scripts etc. from breaking),
++# without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be
++# on the client anyway..
++#
+ #ascii_upload_enable=YES
  #ascii_download_enable=YES
  #
 -# You may fully customise the login banner string:
 -#ftpd_banner=Welcome to blah FTP service.
--#
++# Set to NO if you want to disallow the  PASV  method of obtaining a data
++# connection.
+ #
 -# You may specify a file of disallowed anonymous e-mail addresses. Apparently
 -# useful for combatting certain DoS attacks.
 -#deny_email_enable=YES
 -# (default follows)
 -#banned_email_file=/etc/vsftpd.banned_emails
--#
++#pasv_enable=NO
++
++# PAM setting. Do NOT change this unless you know what you do!
+ #
 -# You may specify an explicit list of local users to chroot() to their home
 -# directory. If chroot_local_user is YES, then this list becomes a list of
 -# users to NOT chroot().
--#chroot_local_user=YES
 -#chroot_list_enable=YES
 -# (default follows)
 -#chroot_list_file=/etc/vsftpd.chroot_list
-+# Set to NO if you want to disallow the  PASV  method of obtaining a data
-+# connection.
-+#pasv_enable=NO
++pam_service_name=vsftpd
++
++# Set listen=YES if you want vsftpd to run standalone
  #
 -# You may activate the "-R" option to the builtin ls. This is disabled by
 -# default to avoid remote users being able to cause excessive I/O on large
 -# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
 -# the presence of the "-R" option, so there is a strong case for enabling it.
 -#ls_recurse_enable=YES
-+# PAM setting. Do NOT change this unless you know what you do!
-+pam_service_name=vsftpd
- #
- # When "listen" directive is enabled, vsftpd runs in standalone mode and
- # listens on IPv4 sockets. This directive cannot be used in conjunction
- # with the listen_ipv6 directive.
--listen=YES
-+#listen=YES
- #
- # This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
- # sockets, you must run two copies of vsftpd with two configuration files.
- # Make sure, that one of the listen options is commented !!
--#listen_ipv6=YES
-+listen_ipv6=YES
-+#
++listen=YES
++
 +# Set to ssl_enable=YES if you want to enable SSL
 +ssl_enable=NO
-+#
+ 
 +# Limit passive ports to this range to assis firewalling
 +pasv_min_port=30000
 +pasv_max_port=30100

vsftpd-2.0.4-dmapi.patch

@@ -1,10 +1,8 @@
-Index: postlogin.c
-===================================================================
---- postlogin.c.orig
+--- postlogin.c
 +++ postlogin.c
-@@ -1015,6 +1015,11 @@ handle_upload_common(struct vsf_session*
+@@ -992,6 +992,11 @@
      {
-       do_truncate = 1;
+       new_file_fd = str_create_append(p_filename);
      }
 +    if (new_file_fd >= 0) {
 +      vsf_sysutil_fstat(new_file_fd, &s_p_statbuf);

vsftpd-2.0.4-enable-ssl.patch

@@ -1,6 +1,4 @@
-Index: builddefs.h
-===================================================================
---- builddefs.h.orig
+--- builddefs.h
 +++ builddefs.h
 @@ -3,7 +3,7 @@
  

vsftpd-2.0.4-lib64.diff

@@ -1,20 +1,18 @@
-Index: vsftpd-2.2.2/vsf_findlibs.sh
-===================================================================
---- vsftpd-2.2.2.orig/vsf_findlibs.sh
-+++ vsftpd-2.2.2/vsf_findlibs.sh
-@@ -14,6 +14,7 @@ fi
+--- vsftpd-2.0.4/vsf_findlibs.sh
++++ vsftpd-2.0.4/vsf_findlibs.sh
+@@ -13,6 +13,7 @@
  # crypt library.
  if find_func pam_start sysdeputil.o; then
    locate_library /lib/libpam.so.0 && echo "/lib/libpam.so.0";
 +  locate_library /lib64/libpam.so.0 && echo "/lib64/libpam.so.0";
    locate_library /usr/lib/libpam.so && echo "-lpam";
-   locate_library /usr/lib64/libpam.so && echo "-lpam";
    # HP-UX ends shared libraries with .sl
-@@ -22,6 +23,7 @@ if find_func pam_start sysdeputil.o; the
+   locate_library /usr/lib/libpam.sl && echo "-lpam";
+@@ -20,6 +21,7 @@
    locate_library /usr/lib/libpam.a && echo "-lpam";
  else
    locate_library /lib/libcrypt.so && echo "-lcrypt";
 +  locate_library /lib64/libcrypt.so && echo "-lcrypt";
    locate_library /usr/lib/libcrypt.so && echo "-lcrypt";
-   locate_library /usr/lib64/libcrypt.so && echo "-lcrypt";
  fi
+ 

vsftpd-2.0.4-nowarn.patch

@@ -0,0 +1,10 @@
+--- vsftpd-2.0.4/sysdeputil.c
++++ vsftpd-2.0.4/sysdeputil.c
+@@ -34,6 +34,7 @@
+ /* For FreeBSD */
+ #include <sys/param.h>
+ #include <sys/uio.h>
++#include <crypt.h>
+ 
+ /* Configuration.. here are the possibilities */
+ #undef VSF_SYSDEP_HAVE_CAPABILITIES

vsftpd-2.0.4-xinetd.diff

@@ -1,7 +1,5 @@
-Index: vsftpd-2.2.2/xinetd.d/vsftpd
-===================================================================
---- vsftpd-2.2.2.orig/xinetd.d/vsftpd
-+++ vsftpd-2.2.2/xinetd.d/vsftpd
+--- vsftpd-2.0.4/xinetd.d/vsftpd
++++ vsftpd-2.0.4/xinetd.d/vsftpd
 @@ -1,18 +1,23 @@
 -# default: on
 +# default: off

vsftpd-2.0.5-enable-debuginfo.patch

@@ -1,8 +1,6 @@
-Index: Makefile
-===================================================================
---- Makefile.orig
+--- Makefile
 +++ Makefile
-@@ -6,7 +6,7 @@ IFLAGS  = -idirafter dummyinc
+@@ -6,7 +6,7 @@
  CFLAGS	=	-O2 -Wall -W -Wshadow #-pedantic -Werror -Wconversion
  
  LIBS	=	`./vsf_findlibs.sh`

vsftpd-2.0.5-utf8-log-names.patch

@@ -1,8 +1,8 @@
-Index: vsftpd-2.2.2/str.c
-===================================================================
---- vsftpd-2.2.2.orig/str.c
-+++ vsftpd-2.2.2/str.c
-@@ -27,6 +27,24 @@ static int str_equal_internal(const char
+Index: vsftpd-1.2.1/str.c
+================================================================================
+--- vsftpd-2.0.7/str.c
++++ vsftpd-2.0.7/str.c
+@@ -27,6 +27,24 @@
                                const char* p_buf2, unsigned int buf2_len);
  
  /* Private functions */
@@ -27,7 +27,7 @@ Index: vsftpd-2.2.2/str.c
  static void
  s_setbuf(struct mystr* p_str, char* p_newbuf)
  {
-@@ -158,6 +176,45 @@ str_reserve(struct mystr* p_str, unsigne
+@@ -158,6 +176,45 @@
    p_str->p_buf[res_len - 1] = '\0';
  }
  
@@ -73,7 +73,7 @@ Index: vsftpd-2.2.2/str.c
  int
  str_isempty(const struct mystr* p_str)
  {
-@@ -671,11 +728,13 @@ void
+@@ -657,11 +714,13 @@
  str_replace_unprintable(struct mystr* p_str, char new_char)
  {
    unsigned int i;
@@ -91,11 +91,9 @@ Index: vsftpd-2.2.2/str.c
      }
    }
  }
-Index: vsftpd-2.2.2/str.h
-===================================================================
---- vsftpd-2.2.2.orig/str.h
-+++ vsftpd-2.2.2/str.h
-@@ -36,6 +36,7 @@ void str_free(struct mystr* p_str);
+--- vsftpd-2.0.7/str.h
++++ vsftpd-2.0.7/str.h
+@@ -36,6 +36,7 @@
  void str_trunc(struct mystr* p_str, unsigned int trunc_len);
  void str_reserve(struct mystr* p_str, unsigned int res_len);
  
@@ -103,3 +101,4 @@ Index: vsftpd-2.2.2/str.h
  int str_isempty(const struct mystr* p_str);
  unsigned int str_getlen(const struct mystr* p_str);
  const char* str_getbuf(const struct mystr* p_str);
+

vsftpd-2.0.5-vuser.patch

@@ -1,6 +1,4 @@
-Index: EXAMPLE/VIRTUAL_USERS/vsftpd.pam
-===================================================================
---- EXAMPLE/VIRTUAL_USERS/vsftpd.pam.orig
+--- EXAMPLE/VIRTUAL_USERS/vsftpd.pam
 +++ EXAMPLE/VIRTUAL_USERS/vsftpd.pam
 @@ -1,2 +1,2 @@
 -auth required /lib/security/pam_userdb.so db=/etc/vsftpd_login

vsftpd-2.0.6-write_race.patch

@@ -0,0 +1,65 @@
+--- postlogin.c
++++ postlogin.c
+@@ -983,6 +983,7 @@
+   int remote_fd;
+   int success = 0;
+   int created = 0;
++  int truncit = 0;
+   filesize_t offset = p_sess->restart_pos;
+   p_sess->restart_pos = 0;
+   if (!data_transfer_checks_ok(p_sess))
+@@ -1017,7 +1018,15 @@
+     /* For non-anonymous, allow open() to overwrite or append existing files */
+     if (!is_append && offset == 0)
+     {
+-      new_file_fd = str_create_overwrite(p_filename);
++      if (tunable_lock_upload_files)
++      {
++        new_file_fd = str_create_append(p_filename);
++        truncit = 1;
++      }
++      else
++      {
++        new_file_fd = str_create_overwrite(p_filename);
++      }
+     }
+     else
+     {
+@@ -1060,6 +1069,11 @@
+   if (tunable_lock_upload_files)
+   {
+     vsf_sysutil_lock_file_write(new_file_fd);
++    if (truncit)
++    {
++      vsf_sysutil_truncate(new_file_fd, 0);
++      vsf_sysutil_lseek_to(new_file_fd, 0);
++    }
+   }
+   if (!is_append && offset != 0)
+   {
+--- sysutil.c
++++ sysutil.c
+@@ -1200,6 +1200,12 @@
+ }
+ 
+ int
++vsf_sysutil_truncate(int fd, filesize_t length)
++{
++  return ftruncate(fd, length);
++}
++
++int
+ vsf_sysutil_unlink(const char* p_dead)
+ {
+   return unlink(p_dead);
+--- sysutil.h
++++ sysutil.h
+@@ -90,6 +90,8 @@
+ int vsf_sysutil_close_failok(int fd);
+ int vsf_sysutil_unlink(const char* p_dead);
+ int vsf_sysutil_write_access(const char* p_filename);
++/* Trucate after open */
++int vsf_sysutil_truncate(int fd, filesize_t length);
+ 
+ /* Reading and writing */
+ void vsf_sysutil_lseek_to(const int fd, filesize_t seek_pos);

vsftpd-2.0.7-use-ipv6-scope-id.patch

@@ -0,0 +1,12 @@
+Index: vsftpd-2.0.7/sysutil.c
+===================================================================
+--- vsftpd-2.0.7.orig/sysutil.c	2010-01-28 00:48:21.000000000 +0530
++++ vsftpd-2.0.7/sysutil.c	2010-01-28 00:59:33.000000000 +0530
+@@ -1893,6 +1893,7 @@
+     vsf_sysutil_memcpy(&p_sockaddr->u.u_sockaddr_in6.sin6_addr,
+                        &p_src->u.u_sockaddr_in6.sin6_addr,
+                        sizeof(p_sockaddr->u.u_sockaddr_in6.sin6_addr));
++    p_sockaddr->u.u_sockaddr_in6.sin6_scope_id = p_src->u.u_sockaddr_in6.sin6_scope_id;
+   }
+   else
+   {

vsftpd-2.0.7.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:56567db3afd6939599a5361aa69aad9358b2820e94f500bcb7e9ede1401f39c6
+size 119410

vsftpd-2.2.2.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:c126a431dd907e1302335491c7e8a5b8f3ccf05c54bbb0fca4ca8b911f572c58
-size 136506

vsftpd.changes

@@ -1,17 +1,3 @@
--------------------------------------------------------------------
-Sun Feb 21 19:28:29 UTC 2010 - mseben@novell.com
-
-- updated to version 2.2.2
-  * Change "File receive OK." to "Transfer complete." to placate some broken
-	clients. Thanks Holger Kiehl <Holger.Kiehl@dwd.de>.
-  * Fix erroneous "child died" upon FTP client connect, when under load. Awesome
-	thanks to Holger Kiehl <Holger.Kiehl@dwd.de> for running diagnostic tests on
-	his live server.
-  * Boot the session if an overly long line is encountered.
-- see Changelog file for changes in 2.1.0, 2.1.1, 2.1.2 and 2.2.0 releases
-- deprecated use-ipv6-scope-id.patch,libcap2-fix.diff,write_race.patch
-  nowarn.patch
-
 -------------------------------------------------------------------
 Thu Jan 28 10:42:31 UTC 2010 - mseben@novell.com
 

vsftpd.spec

@@ -25,7 +25,7 @@ BuildRequires:  libcap
 %else
 BuildRequires:  libcap-devel
 %endif
-Version:        2.2.2
+Version:        2.0.7
 Release:        6
 Summary:        Very Secure FTP Daemon - Written from Scratch
 License:        GPLv2+
@@ -38,14 +38,19 @@ Source3:        %name.init
 Source4:        README.SUSE
 Source5:        %name.xml
 Source6:        %name.firewall
+Patch:          %name-2.0.4-conf.diff
 Patch1:         %name-2.0.4-lib64.diff
+Patch2:         %name-2.0.4-nowarn.patch
 Patch3:         %name-2.0.4-xinetd.diff
 Patch4:         %name-2.0.4-enable-ssl.patch
 Patch5:         %name-2.0.4-dmapi.patch
 Patch6:         %name-2.0.5-vuser.patch
 Patch7:         %name-2.0.5-enable-debuginfo.patch
 Patch8:         %name-2.0.5-utf8-log-names.patch
-Patch9:         %name-2.0.4-conf.diff
+Patch9:         %name-2.0.6-libcap2-fix.diff
+Patch10:        %name-2.0.6-write_race.patch
+#fix connection issues with ipv6-link local address (bnc#574366) fix already in upstream
+Patch11:        %name-2.0.7-use-ipv6-scope-id.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Provides:       ftp-server
 PreReq:         %insserv_prereq /usr/sbin/useradd
@@ -64,6 +69,7 @@ tests.
 %prep
 %setup -q
 %patch1 -p1
+%patch2 -p1
 %patch3 -p1
 %patch4
 %patch5
@@ -71,6 +77,9 @@ tests.
 %patch7
 %patch8 -p1
 %patch9
+%patch10
+%patch
+%patch11 -p1
 
 %build
 rm -f dummyinc/sys/capability.h