diff --git a/proftpd-sftp-dh7680-bug4002.patch b/proftpd-sftp-dh7680-bug4002.patch new file mode 100644 index 0000000..f528f48 --- /dev/null +++ b/proftpd-sftp-dh7680-bug4002.patch @@ -0,0 +1,68 @@ +Index: contrib/mod_sftp/dhparams.pem +=================================================================== +RCS file: /cvsroot/proftp/proftpd/contrib/mod_sftp/dhparams.pem,v +retrieving revision 1.2 +diff -u -r1.2 dhparams.pem +--- contrib/mod_sftp/dhparams.pem 14 Jan 2013 22:19:05 -0000 1.2 ++++ contrib/mod_sftp/dhparams.pem 20 Dec 2013 18:09:45 -0000 +@@ -5,7 +5,7 @@ + # + # The file was generated using the following OpenSSL command: + # +-# openssl dhparam -outform PEM -2|-5 1024|1536|2048|4096|6144|8192 >> dhparams.pem ++# openssl dhparam -outform PEM -2|-5 1024|1536|2048|3072|4096|6144|7680|8192 >> dhparams.pem + # + # Note that these DH parameters should be refreshed every so often (e.g. + # every few years). These parameters were last updated on 2013-01-14. +@@ -83,6 +83,19 @@ + 50XSRbAiSV8ephW8mbwCOLthruMKT7GDTwIBBQ== + -----END DH PARAMETERS----- + ++# 3072-bit DH group params ++-----BEGIN DH PARAMETERS----- ++MIIBiAKCAYEA0kEgFEhmtqWiDoykb2ptlZQ3hcB6MP5Bd1mDDjG38j1MFWV6Uaj8 ++T4y3tGUntQ0H/OJ8GEueL9OS9q2NU67GJ/XjtoXDVmZOdzYwN3Lr52/RnwLdUCH9 ++MZjbXJYoqDJyXSHIFd40fRUkzZRYN6HZTkDad6wsoBgibe3gRvEzp7nBIJlDZy85 ++9hmLJHJNGqgIpOTbX9AUNGVSAHEINx6kKX0c1/Kc5nhCytqRdYLnwqeryMdlZ4N0 ++qlG8KJum0A8mEpgvUM5D0BLTbjkKgOoORsfrhzykqfxUrv+Pwcb/6UBbPSR99OSZ ++nFBlP3xSTl1WucWNmeZ3o2lZF4H/WosuoiVsPtO3aKYiLEhRxJiQOrMzVnSOdTR7 ++d3Sg8a+ufSyccCCjOHssRKk//qoiUpN5R53/lxpUrfl+cJXGuvp+4EM+mfRDKCo7 ++FTTaU2QFkF9A7dddwsABZQeqcADVN7T6L8/AIF66mwH7nvaJeNenTUqZTR+i8Doe ++V/QbD1cYDtHzAgEC ++-----END DH PARAMETERS----- ++ + # 4096-bit DH group params + -----BEGIN DH PARAMETERS----- + MIICCAKCAgEAnlCYvstlmd2VCDwdI8u0khgNwpuGmjPv17RSGCnSjx6DjuYeOqGn +@@ -119,6 +132,31 @@ + wnKl1+O4DPcbAgEC + -----END DH PARAMETERS----- + ++# 7680-bit DH group params ++-----BEGIN DH PARAMETERS----- ++MIIDyAKCA8EAmMxFUnXytlC9fIDwSgeG9cM+nqvPDufhOvzVwXXyKutq2rT+b8Iq ++A/rTbvRLro1XpJedzS83HNfsHeCfKC6L5vMAT2rkOSAVjQCBs9/HfdzDXtU6QEqG ++GDW6psiGNkgCahNKVxw1+kgKdnQc5sSKsK0iFXGdXFdaebWYN2yRFH8O+yWC/TQk ++BVc3c6d+Bo1H7VTRJkKz6duL/GRmFVdznhTU8yx+oydfOAjkxNsMaX+/cuTbqcUN ++LJm/g1tKVSw+1mvY9f4q1/B+hV8QxpbfcN8nYrye1+dmAPj/x+T1rfFVXMfQP4Ok ++p0IKom5Esc7e5LZsGqngRl9e6gXgDM+hMX6w7XU/bvaKugBKTNj8PAugIFrsrybR ++voB1bQynUEId1/q7c9soEicwEbGEiZ26LyaPHenAm1j8940Bp63SgiCfuCoEJAda ++A9DWq9idP4eKECFTlt6j3UPs45if3SfkWf6KleZAO8e1LHSkLuRaZpHPzLaZ6zbE ++bA8m8rdOhkbTkTNfVbEa0jTI8Ag4cq5LrMFSiPLRVVQadQzepBB0pv7F4UsqQwzU ++b7FEwBm5xWQG+AlOugc1kZdgcSMdu4C2BhaKOe3xH1SfwEHZSxz3yKtxGcdIcSD3 ++RTUQdX0/Yjj8Ia9asC+pZmbS2MGPehQdIvUmWMGeQkwLXz7bBVFBuOei8hkPnRwJ ++ItihKSkZB0fk2olVmYzJwY4VOnfL1EWk6jKbndYBsJE0h/J3lO/xmMGaVmPhINQE ++0kJipmRpqT9sEmghCmYTH5pjymnuOXEIDuAjjNxsaAAuGF9h2jlnAHQimQq3Kch1 ++Hwlkb6R2T1XSizA838oLvqmyLOhYzHVVCnqq6DG9W7AAdaouL4tjNFNs9afsR3KG ++H71IiS9+rv7u0m0dYrdRmpx6iXAIASTwhld2IFDyiUPeLYL2Jt9WPHdSA0aySF+7 ++z/ntskV5soDIlUYQDZeKLuk2Lw+AMEbNgifCm7bLARm/fI9+c+IaBLE+e+zm+puO ++UHYcWy75NQG8zT2RICuHvvIUkHhgtIDk7K/1AscCDVCgMTYtwMF16nJe+6Omn8TT ++iQQZp76zZoTqjTRDLC9NszXxuewCi8JuklDyubPrqLTeM32bCZwjibPzL/O2NsGY ++0N7AbX7nnBKrAhibA9wdBJpQUrjT2SfEZGHYPA0U24Cm8JKBRu6WHdGH97gwH9bY ++ST5JTdXGPimZanmzidsGqLla4VxWGx+BWMLwXQtLaypHGfDFXHVpMY9KROGmtzsD ++OcXDR4ullYdbAgEC ++-----END DH PARAMETERS----- ++ + # 8192-bit DH group params + -----BEGIN DH PARAMETERS----- + MIIECAKCBAEAxcFcwEBebGISxZbtnocUuiv8Z5GoFb1fi3szRz1y1j6Hwe8mTzVM diff --git a/proftpd.spec b/proftpd.spec index ad84758..50fbef1 100644 --- a/proftpd.spec +++ b/proftpd.spec @@ -31,6 +31,7 @@ Patch0: proftpd-1.3.3g-bug3841.patch Patch1: proftpd-mod-vroot-0.9.2-bug3841.patch Patch2: proftpd-1.3.3g-bug3973.patch Patch3: proftpd-1.3.3g-bz1044586.patch +Patch4: proftpd-sftp-dh7680-bug4002.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root Requires(post): /sbin/chkconfig Requires(preun): /sbin/service, /sbin/chkconfig, coreutils, findutils @@ -104,6 +105,10 @@ mv contrib/README contrib/README.contrib # Fix support for 8192-bit DH parameters (#1044586) %patch3 +# Add 3072-bit and 7680-bit DH parameters +# http://bugs.proftpd.org/show_bug.cgi?id=4002 +%patch4 + # Set up directory names in config file sed -e 's#@PKIDIR@#%{pkidir}#g' \ %{SOURCE1} > proftpd.conf @@ -303,8 +308,9 @@ fi %{_libexecdir}/proftpd/mod_sql_postgres.so %changelog -* Thu Dec 19 2013 Paul Howarth 1.3.3g-4 +* Fri Dec 20 2013 Paul Howarth 1.3.3g-4 - Fix support for 8192-bit DH parameters (#1044586) +- Add 3072-bit and 7680-bit DH parameters (upstream bug 4002) * Sat Sep 14 2013 Paul Howarth 1.3.3g-3 - Fix mod_sftp/mod_sftp_pam invalid pool allocation during kbdint authentication