Hello community, here is the log from the commit of package vsftpd for openSUSE:Factory checked in at 2018-06-25 11:34:14 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/vsftpd (Old) and /work/SRC/openSUSE:Factory/.vsftpd.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "vsftpd" Mon Jun 25 11:34:14 2018 rev:67 rq:618293 version:3.0.3 Changes: -------- --- /work/SRC/openSUSE:Factory/vsftpd/vsftpd.changes 2018-05-23 16:06:05.524596434 +0200 +++ /work/SRC/openSUSE:Factory/.vsftpd.new/vsftpd.changes 2018-06-25 11:34:19.395369718 +0200 @@ -1,0 +2,12 @@ +Thu Jun 21 11:06:33 UTC 2018 - [email protected] + +- Apply "vsftpd-support-dsa-only-setups.patch" to disable the + problematic default setting for rsa_cert_file. Upstream + initializes that value to "/usr/share/ssl/certs/vsftpd.pem" and + vsftpd won't start up if that file does not exist (or if it does + not contain an RSA certificate). Therefore, users who copy a DSA + certificate into that location or properly configure a DSA + certificate via dsa_cert_file without explicitly disabling the + RSA certificate won't be able to start vsftpd. [bsc#975538] + +------------------------------------------------------------------- New: ---- vsftpd-support-dsa-only-setups.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ vsftpd.spec ++++++ --- /var/tmp/diff_new_pack.geaYbo/_old 2018-06-25 11:34:21.287299889 +0200 +++ /var/tmp/diff_new_pack.geaYbo/_new 2018-06-25 11:34:21.291299741 +0200 @@ -83,6 +83,7 @@ Patch29: vsftpd-append-seek-pipe.patch Patch30: vsftpd-3.0.3-address_space_limit.patch Patch31: vsftpd-enable-syscalls-needed-by-sle15.patch +Patch32: vsftpd-support-dsa-only-setups.patch BuildRequires: libcap-devel BuildRequires: libopenssl-devel BuildRequires: pam-devel @@ -146,6 +147,7 @@ %patch29 -p1 %patch30 -p1 %patch31 -p1 +%patch32 -p1 %build %define seccomp_opts -D_GNU_SOURCE -DUSE_SECCOMP ++++++ vsftpd-support-dsa-only-setups.patch ++++++ Index: vsftpd-3.0.3/vsftpd.conf =================================================================== --- vsftpd-3.0.3.orig/vsftpd.conf 2018-06-21 11:01:12.125258812 +0000 +++ vsftpd-3.0.3/vsftpd.conf 2018-06-21 11:04:43.355979116 +0000 @@ -188,8 +188,12 @@ listen=NO # Make sure, that one of the listen options is commented !! listen_ipv6=YES # -# Set to ssl_enable=YES if you want to enable SSL +# Set "ssl_enable=YES" to enable SSL support and configure the location of +# your local certificate (RSA, DSA, or both). Note that vsftpd won't start +# if either of the "xxx_cert_file" options sets a path that doesn't exist. ssl_enable=NO +rsa_cert_file= +dsa_cert_file= # # Limit passive ports to this range to assis firewalling pasv_min_port=30000
