diff --git a/vsftpd-3.0.2-dh.patch b/vsftpd-3.0.2-dh.patch index 10feef3..d5e9c1a 100644 --- a/vsftpd-3.0.2-dh.patch +++ b/vsftpd-3.0.2-dh.patch @@ -1,6 +1,6 @@ diff -up vsftpd-3.0.2/parseconf.c.dh vsftpd-3.0.2/parseconf.c ---- vsftpd-3.0.2/parseconf.c.dh 2014-06-04 09:54:43.364747051 +0200 -+++ vsftpd-3.0.2/parseconf.c 2014-06-04 09:54:43.368747052 +0200 +--- vsftpd-3.0.2/parseconf.c.dh 2014-09-15 15:07:43.719909056 +0200 ++++ vsftpd-3.0.2/parseconf.c 2014-09-15 15:07:43.724909061 +0200 @@ -176,6 +176,7 @@ parseconf_str_array[] = { "email_password_file", &tunable_email_password_file }, { "rsa_cert_file", &tunable_rsa_cert_file }, @@ -11,7 +11,7 @@ diff -up vsftpd-3.0.2/parseconf.c.dh vsftpd-3.0.2/parseconf.c { "dsa_private_key_file", &tunable_dsa_private_key_file }, diff -up vsftpd-3.0.2/ssl.c.dh vsftpd-3.0.2/ssl.c --- vsftpd-3.0.2/ssl.c.dh 2012-04-03 02:23:42.000000000 +0200 -+++ vsftpd-3.0.2/ssl.c 2014-06-04 09:55:59.443770325 +0200 ++++ vsftpd-3.0.2/ssl.c 2014-09-15 15:07:43.725909062 +0200 @@ -28,6 +28,8 @@ #include #include @@ -155,8 +155,8 @@ diff -up vsftpd-3.0.2/ssl.c.dh vsftpd-3.0.2/ssl.c ssl_add_entropy(struct vsf_session* p_sess) { diff -up vsftpd-3.0.2/tunables.c.dh vsftpd-3.0.2/tunables.c ---- vsftpd-3.0.2/tunables.c.dh 2014-06-04 09:54:43.364747051 +0200 -+++ vsftpd-3.0.2/tunables.c 2014-06-04 09:54:43.369747052 +0200 +--- vsftpd-3.0.2/tunables.c.dh 2014-09-15 15:07:43.720909057 +0200 ++++ vsftpd-3.0.2/tunables.c 2014-09-15 15:12:46.516209941 +0200 @@ -140,6 +140,7 @@ const char* tunable_user_sub_token; const char* tunable_email_password_file; const char* tunable_rsa_cert_file; @@ -165,17 +165,20 @@ diff -up vsftpd-3.0.2/tunables.c.dh vsftpd-3.0.2/tunables.c const char* tunable_ssl_ciphers; const char* tunable_rsa_private_key_file; const char* tunable_dsa_private_key_file; -@@ -288,6 +289,7 @@ tunables_load_defaults() +@@ -288,7 +289,9 @@ tunables_load_defaults() install_str_setting("/usr/share/ssl/certs/vsftpd.pem", &tunable_rsa_cert_file); install_str_setting(0, &tunable_dsa_cert_file); +- install_str_setting("AES128-SHA:DES-CBC3-SHA", &tunable_ssl_ciphers); + install_str_setting(0, &tunable_dh_param_file); - install_str_setting("AES128-SHA:DES-CBC3-SHA", &tunable_ssl_ciphers); ++ install_str_setting("AES128-SHA:DES-CBC3-SHA:DHE-RSA-AES256-SHA", ++ &tunable_ssl_ciphers); install_str_setting(0, &tunable_rsa_private_key_file); install_str_setting(0, &tunable_dsa_private_key_file); + install_str_setting(0, &tunable_ca_certs_file); diff -up vsftpd-3.0.2/tunables.h.dh vsftpd-3.0.2/tunables.h ---- vsftpd-3.0.2/tunables.h.dh 2014-06-04 09:54:43.364747051 +0200 -+++ vsftpd-3.0.2/tunables.h 2014-06-04 09:54:43.369747052 +0200 +--- vsftpd-3.0.2/tunables.h.dh 2014-09-15 15:07:43.720909057 +0200 ++++ vsftpd-3.0.2/tunables.h 2014-09-15 15:07:43.725909062 +0200 @@ -142,6 +142,7 @@ extern const char* tunable_user_sub_toke extern const char* tunable_email_password_file; extern const char* tunable_rsa_cert_file; @@ -185,8 +188,8 @@ diff -up vsftpd-3.0.2/tunables.h.dh vsftpd-3.0.2/tunables.h extern const char* tunable_rsa_private_key_file; extern const char* tunable_dsa_private_key_file; diff -up vsftpd-3.0.2/vsftpd.conf.5.dh vsftpd-3.0.2/vsftpd.conf.5 ---- vsftpd-3.0.2/vsftpd.conf.5.dh 2014-06-04 09:54:43.364747051 +0200 -+++ vsftpd-3.0.2/vsftpd.conf.5 2014-06-04 09:54:43.369747052 +0200 +--- vsftpd-3.0.2/vsftpd.conf.5.dh 2014-09-15 15:07:43.720909057 +0200 ++++ vsftpd-3.0.2/vsftpd.conf.5 2014-09-15 15:07:43.725909062 +0200 @@ -893,6 +893,12 @@ to be in the same file as the certificat Default: (none) diff --git a/vsftpd-3.0.2-ecdh.patch b/vsftpd-3.0.2-ecdh.patch index 571d820..95748ed 100644 --- a/vsftpd-3.0.2-ecdh.patch +++ b/vsftpd-3.0.2-ecdh.patch @@ -1,6 +1,6 @@ diff -up vsftpd-3.0.2/parseconf.c.ecdh vsftpd-3.0.2/parseconf.c ---- vsftpd-3.0.2/parseconf.c.ecdh 2014-06-04 09:56:56.358788746 +0200 -+++ vsftpd-3.0.2/parseconf.c 2014-06-04 09:56:56.360788747 +0200 +--- vsftpd-3.0.2/parseconf.c.ecdh 2014-09-15 15:49:48.801315298 +0200 ++++ vsftpd-3.0.2/parseconf.c 2014-09-15 15:49:48.804315301 +0200 @@ -177,6 +177,7 @@ parseconf_str_array[] = { "rsa_cert_file", &tunable_rsa_cert_file }, { "dsa_cert_file", &tunable_dsa_cert_file }, @@ -10,8 +10,8 @@ diff -up vsftpd-3.0.2/parseconf.c.ecdh vsftpd-3.0.2/parseconf.c { "rsa_private_key_file", &tunable_rsa_private_key_file }, { "dsa_private_key_file", &tunable_dsa_private_key_file }, diff -up vsftpd-3.0.2/ssl.c.ecdh vsftpd-3.0.2/ssl.c ---- vsftpd-3.0.2/ssl.c.ecdh 2014-06-04 09:56:56.358788746 +0200 -+++ vsftpd-3.0.2/ssl.c 2014-06-04 09:56:56.360788747 +0200 +--- vsftpd-3.0.2/ssl.c.ecdh 2014-09-15 15:49:48.802315299 +0200 ++++ vsftpd-3.0.2/ssl.c 2014-09-15 15:49:48.804315301 +0200 @@ -122,7 +122,7 @@ ssl_init(struct vsf_session* p_sess) { die("SSL: could not allocate SSL context"); @@ -64,8 +64,8 @@ diff -up vsftpd-3.0.2/ssl.c.ecdh vsftpd-3.0.2/ssl.c ssl_inited = 1; } diff -up vsftpd-3.0.2/tunables.c.ecdh vsftpd-3.0.2/tunables.c ---- vsftpd-3.0.2/tunables.c.ecdh 2014-06-04 09:56:56.358788746 +0200 -+++ vsftpd-3.0.2/tunables.c 2014-06-04 09:56:56.361788747 +0200 +--- vsftpd-3.0.2/tunables.c.ecdh 2014-09-15 15:49:48.802315299 +0200 ++++ vsftpd-3.0.2/tunables.c 2014-09-15 15:51:13.176386035 +0200 @@ -141,6 +141,7 @@ const char* tunable_email_password_file; const char* tunable_rsa_cert_file; const char* tunable_dsa_cert_file; @@ -74,17 +74,19 @@ diff -up vsftpd-3.0.2/tunables.c.ecdh vsftpd-3.0.2/tunables.c const char* tunable_ssl_ciphers; const char* tunable_rsa_private_key_file; const char* tunable_dsa_private_key_file; -@@ -290,6 +291,7 @@ tunables_load_defaults() +@@ -290,7 +291,8 @@ tunables_load_defaults() &tunable_rsa_cert_file); install_str_setting(0, &tunable_dsa_cert_file); install_str_setting(0, &tunable_dh_param_file); +- install_str_setting("AES128-SHA:DES-CBC3-SHA:DHE-RSA-AES256-SHA", + install_str_setting(0, &tunable_ecdh_param_file); - install_str_setting("AES128-SHA:DES-CBC3-SHA", &tunable_ssl_ciphers); ++ install_str_setting("AES128-SHA:DES-CBC3-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA", + &tunable_ssl_ciphers); install_str_setting(0, &tunable_rsa_private_key_file); install_str_setting(0, &tunable_dsa_private_key_file); diff -up vsftpd-3.0.2/tunables.h.ecdh vsftpd-3.0.2/tunables.h ---- vsftpd-3.0.2/tunables.h.ecdh 2014-06-04 09:56:56.359788746 +0200 -+++ vsftpd-3.0.2/tunables.h 2014-06-04 09:56:56.361788747 +0200 +--- vsftpd-3.0.2/tunables.h.ecdh 2014-09-15 15:49:48.802315299 +0200 ++++ vsftpd-3.0.2/tunables.h 2014-09-15 15:49:48.804315301 +0200 @@ -143,6 +143,7 @@ extern const char* tunable_email_passwor extern const char* tunable_rsa_cert_file; extern const char* tunable_dsa_cert_file; @@ -94,9 +96,9 @@ diff -up vsftpd-3.0.2/tunables.h.ecdh vsftpd-3.0.2/tunables.h extern const char* tunable_rsa_private_key_file; extern const char* tunable_dsa_private_key_file; diff -up vsftpd-3.0.2/vsftpd.conf.5.ecdh vsftpd-3.0.2/vsftpd.conf.5 ---- vsftpd-3.0.2/vsftpd.conf.5.ecdh 2014-06-04 09:56:56.359788746 +0200 -+++ vsftpd-3.0.2/vsftpd.conf.5 2014-06-04 09:56:56.361788747 +0200 -@@ -899,6 +899,14 @@ ephemeral Diffie-Hellman key exchange in +--- vsftpd-3.0.2/vsftpd.conf.5.ecdh 2014-09-15 15:49:48.802315299 +0200 ++++ vsftpd-3.0.2/vsftpd.conf.5 2014-09-15 15:49:48.806315302 +0200 +@@ -899,6 +915,14 @@ ephemeral Diffie-Hellman key exchange in Default: (none - use built in parameters appropriate for certificate key size) .TP diff --git a/vsftpd.spec b/vsftpd.spec index 9b3e3fc..7b20e24 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -3,7 +3,7 @@ Name: vsftpd Version: 3.0.2 -Release: 12%{?dist} +Release: 13%{?dist} Summary: Very Secure Ftp Daemon Group: System Environment/Daemons @@ -167,6 +167,9 @@ rm -rf $RPM_BUILD_ROOT %{_var}/ftp %changelog +* Tue Sep 16 2014 Jiri Skala - 3.0.2-13 +- added appropriate values to ssl_ciphers (dh and ecdh patches) + * Mon Aug 18 2014 Fedora Release Engineering - 3.0.2-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild