Mon May 28 19:12:29 UTC 201820180528191229

a/pkgtools-15.0-noarch-13.txz:  Rebuilt.
  installpkg: default line length for --terselength is the number of columns.
  removepkg: added --terse mode.
  upgradepkg: default line length for --terselength is the number of columns.
  upgradepkg: accept -option in addition to --option.
ap/vim-8.1.0026-x86_64-1.txz:  Upgraded.
d/bison-3.0.5-x86_64-1.txz:  Upgraded.
e/emacs-26.1-x86_64-1.txz:  Upgraded.
kde/kopete-4.14.3-x86_64-8.txz:  Rebuilt.
  Recompiled against libidn-1.35.
n/conntrack-tools-1.4.5-x86_64-1.txz:  Upgraded.
n/libnetfilter_conntrack-1.0.7-x86_64-1.txz:  Upgraded.
n/libnftnl-1.1.0-x86_64-1.txz:  Upgraded.
n/links-2.16-x86_64-2.txz:  Rebuilt.
  Rebuilt to enable X driver for -g mode.
n/lynx-2.8.9dev.19-x86_64-1.txz:  Upgraded.
n/nftables-0.8.5-x86_64-1.txz:  Upgraded.
n/p11-kit-0.23.11-x86_64-1.txz:  Upgraded.
n/ulogd-2.0.7-x86_64-1.txz:  Upgraded.
n/whois-5.3.1-x86_64-1.txz:  Upgraded.
xap/network-manager-applet-1.8.12-x86_64-1.txz:  Upgraded.
xap/vim-gvim-8.1.0026-x86_64-1.txz:  Upgraded.

5 files changed, 337 insertions, 7 deletions

diff --git a/source/n/vsftpd/0021-Introduce-support-for-DHE-based-cipher-suites.patch b/source/n/vsftpd/0021-Introduce-support-for-DHE-based-cipher-suites.patch
new file mode 100644
index 000000000..ad7e5bae5
--- /dev/null
+++ b/source/n/vsftpd/0021-Introduce-support-for-DHE-based-cipher-suites.patch
@@ -0,0 +1,226 @@
+From 4eac1dbb5f70a652d31847eec7c28d245f36cdbb Mon Sep 17 00:00:00 2001
+From: Martin Sehnoutka <msehnout@redhat.com>
+Date: Thu, 17 Nov 2016 10:48:28 +0100
+Subject: [PATCH 21/33] Introduce support for DHE based cipher suites.
+
+---
+ parseconf.c   |  1 +
+ ssl.c         | 93 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
+ tunables.c    |  5 +++-
+ tunables.h    |  1 +
+ vsftpd.conf.5 |  6 ++++
+ 5 files changed, 104 insertions(+), 2 deletions(-)
+
+diff --git a/parseconf.c b/parseconf.c
+index 3e0dba4..38e3182 100644
+--- a/parseconf.c
++++ b/parseconf.c
+@@ -176,6 +176,7 @@ parseconf_str_array[] =
+   { "email_password_file", &tunable_email_password_file },
+   { "rsa_cert_file", &tunable_rsa_cert_file },
+   { "dsa_cert_file", &tunable_dsa_cert_file },
++  { "dh_param_file", &tunable_dh_param_file },
+   { "ssl_ciphers", &tunable_ssl_ciphers },
+   { "rsa_private_key_file", &tunable_rsa_private_key_file },
+   { "dsa_private_key_file", &tunable_dsa_private_key_file },
+diff --git a/ssl.c b/ssl.c
+index c362983..22b69b3 100644
+--- a/ssl.c
++++ b/ssl.c
+@@ -28,6 +28,8 @@
+ #include <openssl/err.h>
+ #include <openssl/rand.h>
+ #include <openssl/bio.h>
++#include <openssl/dh.h>
++#include <openssl/bn.h>
+ #include <errno.h>
+ #include <limits.h>
+ 
+@@ -38,6 +40,7 @@ static void setup_bio_callbacks();
+ static long bio_callback(
+   BIO* p_bio, int oper, const char* p_arg, int argi, long argl, long retval);
+ static int ssl_verify_callback(int verify_ok, X509_STORE_CTX* p_ctx);
++static DH *ssl_tmp_dh_callback(SSL *ssl, int is_export, int keylength);
+ static int ssl_cert_digest(
+   SSL* p_ssl, struct vsf_session* p_sess, struct mystr* p_str);
+ static void maybe_log_shutdown_state(struct vsf_session* p_sess);
+@@ -51,6 +54,60 @@ static int ssl_read_common(struct vsf_session* p_sess,
+ static int ssl_inited;
+ static struct mystr debug_str;
+ 
++
++// Grab prime number from OpenSSL; <openssl/bn.h>
++// (get_rfc*) for all available primes.
++// wraps selection of comparable algorithm strength
++#if !defined(match_dh_bits)
++  #define match_dh_bits(keylen) \
++    keylen >= 8191 ? 8192 : \
++    keylen >= 6143 ? 6144 : \
++    keylen >= 4095 ? 4096 : \
++    keylen >= 3071 ? 3072 : \
++    keylen >= 2047 ? 2048 : \
++    keylen >= 1535 ? 1536 : \
++    keylen >= 1023 ? 1024 : 768
++#endif
++
++#if !defined(DH_get_prime)
++  BIGNUM *
++  DH_get_prime(int bits)
++  {
++    switch (bits) {
++      case 768:  return get_rfc2409_prime_768(NULL);
++      case 1024: return get_rfc2409_prime_1024(NULL);
++      case 1536: return get_rfc3526_prime_1536(NULL);
++      case 2048: return get_rfc3526_prime_2048(NULL);
++      case 3072: return get_rfc3526_prime_3072(NULL);
++      case 4096: return get_rfc3526_prime_4096(NULL);
++      case 6144: return get_rfc3526_prime_6144(NULL);
++      case 8192: return get_rfc3526_prime_8192(NULL);
++      // shouldn't happen when used match_dh_bits; strict compiler
++      default:   return NULL;
++    }
++}
++#endif
++
++#if !defined(DH_get_dh)
++  // Grab DH parameters
++  DH *
++  DH_get_dh(int size)
++  {
++    DH *dh = DH_new();
++    if (!dh) {
++      return NULL;
++    }
++    dh->p = DH_get_prime(match_dh_bits(size));
++    BN_dec2bn(&dh->g, "2");
++    if (!dh->p || !dh->g)
++    {
++      DH_free(dh);
++      return NULL;
++    }
++    return dh;
++  }
++#endif
++
+ void
+ ssl_init(struct vsf_session* p_sess)
+ {
+@@ -65,7 +122,7 @@ ssl_init(struct vsf_session* p_sess)
+     {
+       die("SSL: could not allocate SSL context");
+     }
+-    options = SSL_OP_ALL;
++    options = SSL_OP_ALL | SSL_OP_SINGLE_DH_USE;
+     if (!tunable_sslv2)
+     {
+       options |= SSL_OP_NO_SSLv2;
+@@ -111,6 +168,25 @@ ssl_init(struct vsf_session* p_sess)
+         die("SSL: cannot load DSA private key");
+       }
+     }
++    if (tunable_dh_param_file)
++    {
++      BIO *bio;
++      DH *dhparams = NULL;
++      if ((bio = BIO_new_file(tunable_dh_param_file, "r")) == NULL)
++      {
++        die("SSL: cannot load custom DH params");
++      }
++      else
++      {
++        dhparams = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
++        BIO_free(bio);
++
++        if (!SSL_CTX_set_tmp_dh(p_ctx, dhparams))
++	{
++          die("SSL: setting custom DH params failed");
++	}
++      }
++    }
+     if (tunable_ssl_ciphers &&
+         SSL_CTX_set_cipher_list(p_ctx, tunable_ssl_ciphers) != 1)
+     {
+@@ -165,6 +241,9 @@ ssl_init(struct vsf_session* p_sess)
+       /* Ensure cached session doesn't expire */
+       SSL_CTX_set_timeout(p_ctx, INT_MAX);
+     }
++    
++    SSL_CTX_set_tmp_dh_callback(p_ctx, ssl_tmp_dh_callback);
++
+     p_sess->p_ssl_ctx = p_ctx;
+     ssl_inited = 1;
+   }
+@@ -702,6 +781,18 @@ ssl_verify_callback(int verify_ok, X509_STORE_CTX* p_ctx)
+   return 1;
+ }
+ 
++#define UNUSED(x) ( (void)(x) )
++
++static DH *
++ssl_tmp_dh_callback(SSL *ssl, int is_export, int keylength)
++{
++  // strict compiler bypassing
++  UNUSED(ssl);
++  UNUSED(is_export);
++  
++  return DH_get_dh(keylength);
++}
++
+ void
+ ssl_add_entropy(struct vsf_session* p_sess)
+ {
+diff --git a/tunables.c b/tunables.c
+index c737465..1ea7227 100644
+--- a/tunables.c
++++ b/tunables.c
+@@ -140,6 +140,7 @@ const char* tunable_user_sub_token;
+ const char* tunable_email_password_file;
+ const char* tunable_rsa_cert_file;
+ const char* tunable_dsa_cert_file;
++const char* tunable_dh_param_file;
+ const char* tunable_ssl_ciphers;
+ const char* tunable_rsa_private_key_file;
+ const char* tunable_dsa_private_key_file;
+@@ -288,7 +289,9 @@ tunables_load_defaults()
+   install_str_setting("/usr/share/ssl/certs/vsftpd.pem",
+                       &tunable_rsa_cert_file);
+   install_str_setting(0, &tunable_dsa_cert_file);
+-  install_str_setting("ECDHE-RSA-AES256-GCM-SHA384", &tunable_ssl_ciphers);
++  install_str_setting(0, &tunable_dh_param_file);
++  install_str_setting("AES128-SHA:DES-CBC3-SHA:DHE-RSA-AES256-SHA",
++                      &tunable_ssl_ciphers);
+   install_str_setting(0, &tunable_rsa_private_key_file);
+   install_str_setting(0, &tunable_dsa_private_key_file);
+   install_str_setting(0, &tunable_ca_certs_file);
+diff --git a/tunables.h b/tunables.h
+index 9553038..3995472 100644
+--- a/tunables.h
++++ b/tunables.h
+@@ -142,6 +142,7 @@ extern const char* tunable_user_sub_token;
+ extern const char* tunable_email_password_file;
+ extern const char* tunable_rsa_cert_file;
+ extern const char* tunable_dsa_cert_file;
++extern const char* tunable_dh_param_file;
+ extern const char* tunable_ssl_ciphers;
+ extern const char* tunable_rsa_private_key_file;
+ extern const char* tunable_dsa_private_key_file;
+diff --git a/vsftpd.conf.5 b/vsftpd.conf.5
+index fb6324e..ff94eca 100644
+--- a/vsftpd.conf.5
++++ b/vsftpd.conf.5
+@@ -893,6 +893,12 @@ to be in the same file as the certificate.
+ 
+ Default: (none)
+ .TP
++.B dh_param_file
++This option specifies the location of the custom parameters used for
++ephemeral Diffie-Hellman key exchange in SSL.
++
++Default: (none - use built in parameters appropriate for certificate key size)
++.TP
+ .B email_password_file
+ This option can be used to provide an alternate file for usage by the
+ .BR secure_email_list_enable
+-- 
+2.7.4
+
diff --git a/source/n/vsftpd/0035-Modify-DH-enablement-patch-to-build-with-OpenSSL-1.1.patch b/source/n/vsftpd/0035-Modify-DH-enablement-patch-to-build-with-OpenSSL-1.1.patch
new file mode 100644
index 000000000..ab3f35c0f
--- /dev/null
+++ b/source/n/vsftpd/0035-Modify-DH-enablement-patch-to-build-with-OpenSSL-1.1.patch
@@ -0,0 +1,74 @@
+From 6c8dd87f311e411bcb1c72c1c780497881a5621c Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= <olysonek@redhat.com>
+Date: Mon, 4 Sep 2017 11:32:03 +0200
+Subject: [PATCH 35/35] Modify DH enablement patch to build with OpenSSL 1.1
+
+---
+ ssl.c | 41 ++++++++++++++++++++++++++++++++++++++---
+ 1 file changed, 38 insertions(+), 3 deletions(-)
+
+diff --git a/ssl.c b/ssl.c
+index ba8a613..09ec96a 100644
+--- a/ssl.c
++++ b/ssl.c
+@@ -88,19 +88,54 @@ static struct mystr debug_str;
+ }
+ #endif
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
++{
++  /* If the fields p and g in d are NULL, the corresponding input
++   * parameters MUST be non-NULL.  q may remain NULL.
++   */
++  if ((dh->p == NULL && p == NULL)
++      || (dh->g == NULL && g == NULL))
++    return 0;
++
++  if (p != NULL) {
++    BN_free(dh->p);
++    dh->p = p;
++  }
++  if (q != NULL) {
++    BN_free(dh->q);
++    dh->q = q;
++  }
++  if (g != NULL) {
++    BN_free(dh->g);
++    dh->g = g;
++  }
++
++  if (q != NULL) {
++    dh->length = BN_num_bits(q);
++  }
++
++  return 1;
++}
++#endif
++
+ #if !defined(DH_get_dh)
+   // Grab DH parameters
+   DH *
+   DH_get_dh(int size)
+   {
++    BIGNUM *g = NULL;
++    BIGNUM *p = NULL;
+     DH *dh = DH_new();
+     if (!dh) {
+       return NULL;
+     }
+-    dh->p = DH_get_prime(match_dh_bits(size));
+-    BN_dec2bn(&dh->g, "2");
+-    if (!dh->p || !dh->g)
++    p = DH_get_prime(match_dh_bits(size));
++    BN_dec2bn(&g, "2");
++    if (!p || !g || !DH_set0_pqg(dh, p, NULL, g))
+     {
++      BN_free(g);
++      BN_free(p);
+       DH_free(dh);
+       return NULL;
+     }
+-- 
+2.9.5
+
diff --git a/source/n/vsftpd/slack-desc b/source/n/vsftpd/slack-desc
index cc4b231ea..f076e1a20 100644
--- a/source/n/vsftpd/slack-desc
+++ b/source/n/vsftpd/slack-desc
@@ -1,8 +1,8 @@
 # HOW TO EDIT THIS FILE:
-# The "handy ruler" below makes it easier to edit a package description.  Line
+# The "handy ruler" below makes it easier to edit a package description. Line
 # up the first '|' above the ':' following the base package name, and the '|' on
-# the right side marks the last column you can put a character in.  You must make
-# exactly 11 lines for the formatting to be correct.  It's also customary to
+# the right side marks the last column you can put a character in. You must make
+# exactly 11 lines for the formatting to be correct. It's also customary to
 # leave one space after the ':'.
 
       |-----handy-ruler------------------------------------------------------|
diff --git a/source/n/vsftpd/vsftpd.SlackBuild b/source/n/vsftpd/vsftpd.SlackBuild
index f03206b67..6c38886a3 100755
--- a/source/n/vsftpd/vsftpd.SlackBuild
+++ b/source/n/vsftpd/vsftpd.SlackBuild
@@ -1,6 +1,6 @@
-#!/bin/sh
+#!/bin/bash
 
-# Copyright 2008, 2009, 2010, 2011, 2012, 2016  Patrick J. Volkerding, Sebeka, MN, USA
+# Copyright 2008, 2009, 2010, 2011, 2012, 2016, 2018  Patrick J. Volkerding, Sebeka, MN, USA
 # All rights reserved.
 #
 # Redistribution and use of this script, with or without modification, is
@@ -20,9 +20,11 @@
 #  OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
 #  ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
+cd $(dirname $0) ; CWD=$(pwd)
+
 PKGNAM=vsftpd
 VERSION=${VERSION:-$(echo ${PKGNAM}-*.tar.gz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-3}
+BUILD=${BUILD:-5}
 
 NUMJOBS=${NUMJOBS:-" -j7 "}
 
@@ -36,13 +38,20 @@ if [ -z "$ARCH" ]; then
   esac
 fi
 
+# If the variable PRINT_PACKAGE_NAME is set, then this script will report what
+# the name of the created package would be, and then exit. This information
+# could be useful to other scripts.
+if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
+  echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz"
+  exit 0
+fi
+
 if [ "$ARCH" = "x86_64" ]; then
   LIBDIRSUFFIX="64"
 else
   LIBDIRSUFFIX=""
 fi
 
-CWD=$(pwd)
 TMP=${TMP:-/tmp}
 PKG=$TMP/package-vsftpd
 
@@ -64,6 +73,11 @@ zcat $CWD/vsftpd.builddefs.diff.gz | patch -p1 --verbose || exit 1
 zcat $CWD/vsftpd.conf.diff.gz | patch -p1 --verbose || exit 1
 zcat $CWD/vsftpd.crypt.diff.gz | patch -p1 --verbose || exit 1
 
+# Support OpenSSL 1.1.x:
+zcat $CWD/0021-Introduce-support-for-DHE-based-cipher-suites.patch.gz | patch -p1 --verbose || exit 1
+zcat $CWD/0035-Modify-DH-enablement-patch-to-build-with-OpenSSL-1.1.patch.gz | patch -p1 --verbose || exit 1
+zcat $CWD/vsftpd.link-with-openssl-1.1.diff.gz | patch -p1 --verbose || exit 1
+
 make $NUMJOBS || make || exit 1
 
 mkdir -p $PKG/usr/sbin
diff --git a/source/n/vsftpd/vsftpd.link-with-openssl-1.1.diff b/source/n/vsftpd/vsftpd.link-with-openssl-1.1.diff
new file mode 100644
index 000000000..2ef819a58
--- /dev/null
+++ b/source/n/vsftpd/vsftpd.link-with-openssl-1.1.diff
@@ -0,0 +1,16 @@
+--- ./vsf_findlibs.sh.orig	2012-03-27 21:17:41.000000000 -0500
++++ ./vsf_findlibs.sh	2018-05-07 16:10:58.744003755 -0500
+@@ -68,10 +68,10 @@
+ # Solaris sendfile
+ locate_library /usr/lib/libsendfile.so && echo "-lsendfile";
+ 
+-# OpenSSL
+-if find_func SSL_library_init ssl.o; then
++# Always link with OpenSSL:
++#if find_func SSL_library_init ssl.o; then
+   echo "-lssl -lcrypto";
+-fi
++#fi
+ 
+ exit 0;
+