diff --git a/disable-tls13-to-support-older-openssl-versions.patch b/disable-tls13-to-support-older-openssl-versions.patch new file mode 100644 index 0000000..4bdd999 --- /dev/null +++ b/disable-tls13-to-support-older-openssl-versions.patch @@ -0,0 +1,14 @@ +Index: vsftpd-3.0.5/ssl.c +=================================================================== +--- vsftpd-3.0.5.orig/ssl.c ++++ vsftpd-3.0.5/ssl.c +@@ -95,7 +95,9 @@ ssl_init(struct vsf_session* p_sess) + } + if (!tunable_tlsv1_3) + { ++#ifdef SSL_OP_NO_TLSv1_3 + options |= SSL_OP_NO_TLSv1_3; ++#endif + } + SSL_CTX_set_options(p_ctx, options); + if (tunable_rsa_cert_file) diff --git a/vsftpd.changes b/vsftpd.changes index 2272416..96756cb 100644 --- a/vsftpd.changes +++ b/vsftpd.changes @@ -1,14 +1,24 @@ +------------------------------------------------------------------- +Thu Aug 25 08:23:08 UTC 2022 - Peter Simons + +- Apply "disable-tls13-to-support-older-openssl-versions.patch" + when building on SLE-15. This is necessary, because openssl_1_1 + on that codestream is version 1.1.0 rather than 1.1.1 and that + older version has no TLSv1.3 support. [bsc#1187686] + ------------------------------------------------------------------- Wed Jun 29 13:53:16 UTC 2022 - Stefan Schubert -- Moved logrotate files from user specific directory /etc/logrotate.d - to vendor specific directory /usr/etc/logrotate.d. +- When building on Tumbleweed, move logrotate files from user + specific directory /etc/logrotate.d to vendor specific directory + /usr/etc/logrotate.d. Builds on other codestreams still use the + original location. ------------------------------------------------------------------- Tue Mar 3 16:44:28 UTC 2022 - Peter Simons - Use rpm conditional to build against the proper OpenSSL version - on all distributions. [jsc#PM-3322] + on all distributions. [jsc#PM-3322, bsc#1187686] ------------------------------------------------------------------- Tue Feb 1 18:42:41 UTC 2022 - Peter Simons diff --git a/vsftpd.spec b/vsftpd.spec index e91f7ec..a1dba05 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -96,12 +96,17 @@ Patch41: revert-undocumented-config-file-format-changes.patch Patch42: use-system-wide-tls-cipher-policy.patch Patch43: vsftpd-allow-dev-log-socket.patch Patch44: vsftpd-enable-sendto-for-prelogin-syslog.patch +Patch45: disable-tls13-to-support-older-openssl-versions.patch BuildRequires: libcap-devel %if 0%{?suse_version} == 1315 BuildRequires: libopenssl-1_1-devel >= 1.1.1 %else +%if 0%{?sle_version} == 150000 +BuildRequires: libopenssl-1_1-devel >= 1.1.0 +%else BuildRequires: libopenssl-devel >= 1.1.1 %endif +%endif BuildRequires: pam-devel Requires: logrotate Requires(pre): shadow @@ -133,7 +138,52 @@ vsftpd was always faster, supporting over twice as many users in some tests. %prep -%autosetup -p1 +%setup -q +%patch1 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 +%patch8 -p1 +%patch9 -p1 +%patch10 -p1 +%patch11 -p1 +%patch13 -p1 +%patch14 -p1 +%patch15 -p1 +%patch16 -p1 +%patch17 -p1 +%patch18 -p1 +%patch19 -p1 +%patch20 -p1 +%patch21 -p1 +%patch22 -p1 +%patch23 -p1 +%patch24 -p1 +%patch25 -p1 +%patch26 -p1 +%patch27 -p1 +%patch28 -p1 +%patch29 -p1 +%patch30 -p1 +%patch31 -p1 +%patch32 -p1 +%patch33 -p1 +%patch35 -p1 +%patch36 -p1 +%patch37 -p1 +%patch38 -p1 +%patch39 -p1 +%patch40 -p1 +%patch41 -p1 +%patch42 -p1 +%patch43 -p1 +%patch44 -p1 + +%if 0%{?sle_version} == 150000 +%patch45 -p1 +%endif %build %define seccomp_opts -D_GNU_SOURCE -DUSE_SECCOMP