commit vsftpd for openSUSE:Factory

Wed, 27 Sep 2023 15:27:24 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package vsftpd for openSUSE:Factory checked 
in at 2023-09-28 00:24:32
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/vsftpd (Old)
 and      /work/SRC/openSUSE:Factory/.vsftpd.new.23327 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "vsftpd"

Thu Sep 28 00:24:32 2023 rev:87 rq:1113665 version:3.0.5

Changes:
--------
--- /work/SRC/openSUSE:Factory/vsftpd/vsftpd.changes    2023-09-06 
18:56:19.351557395 +0200
+++ /work/SRC/openSUSE:Factory/.vsftpd.new.23327/vsftpd.changes 2023-09-28 
00:27:12.564385024 +0200
@@ -1,0 +2,6 @@
+Tue Sep 26 09:20:33 UTC 2023 - Pedro Monreal <pmonr...@suse.com>
+
+- Enable crypto-policies support: [bsc#1211301]
+  * Add vsftpd-use-system-wide-crypto-policy.patch
+
+-------------------------------------------------------------------

New:
----
  vsftpd-use-system-wide-crypto-policy.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ vsftpd.spec ++++++
--- /var/tmp/diff_new_pack.a8bTWK/_old  2023-09-28 00:27:16.896541396 +0200
+++ /var/tmp/diff_new_pack.a8bTWK/_new  2023-09-28 00:27:16.900541540 +0200
@@ -98,6 +98,8 @@
 Patch44:        vsftpd-enable-sendto-for-prelogin-syslog.patch
 Patch45:        disable-tls13-to-support-older-openssl-versions.patch
 Patch46:        0001-Fix-default-value-of-strict_ssl_read_eof-in-man-page.patch
+#PATCH-FIX-OPENSUSE bsc#1211301 Enable crypto-policies support
+Patch47:        vsftpd-use-system-wide-crypto-policy.patch
 BuildRequires:  libcap-devel
 %if 0%{?suse_version} == 1315
 BuildRequires:  libopenssl-1_1-devel >= 1.1.1
@@ -185,6 +187,7 @@
 %patch45 -p1
 %endif
 %patch46 -p1
+%patch47 -p1
 
 %build
 %define seccomp_opts -D_GNU_SOURCE -DUSE_SECCOMP


++++++ vsftpd-use-system-wide-crypto-policy.patch ++++++
Index: vsftpd-3.0.5/tunables.c
===================================================================
--- vsftpd-3.0.5.orig/tunables.c
+++ vsftpd-3.0.5/tunables.c
@@ -295,7 +295,7 @@ tunables_load_defaults()
   install_str_setting("/usr/share/ssl/certs/vsftpd.pem",
                       &tunable_rsa_cert_file);
   install_str_setting(0, &tunable_dsa_cert_file);
-  install_str_setting("DEFAULT_SUSE", &tunable_ssl_ciphers);
+  install_str_setting("PROFILE=SYSTEM", &tunable_ssl_ciphers);
   install_str_setting(0, &tunable_rsa_private_key_file);
   install_str_setting(0, &tunable_dsa_private_key_file);
   install_str_setting(0, &tunable_ca_certs_file);
Index: vsftpd-3.0.5/vsftpd.conf.5
===================================================================
--- vsftpd-3.0.5.orig/vsftpd.conf.5
+++ vsftpd-3.0.5/vsftpd.conf.5
@@ -1024,7 +1024,11 @@ man page for further details. Note that
 security precaution as it prevents malicious remote parties forcing a cipher
 which they have found problems with.
 
-Default: DEFAULT_SUSE
+By default, the system-wide crypto policy is used. See
+.BR update-crypto-policies(8)
+for further details.
+
+Default: PROFILE=SYSTEM
 .TP
 .B ssl_sni_hostname
 If set, SSL connections will be rejected unless the SNI hostname in the

Reply via email to