Mon Jun 7 18:53:49 UTC 202120210607185349

Hey folks! Sorry about the delay in getting this batch out but I had other
distractions going on here last week that prevented getting this one wrapped
up. Anyway, probably the highlight of this update set is that we've decided
to abandon the 5.10 LTS kernel in favor of following the latest one. We've
never really had a policy that required LTS in a stable release although that
is how it has been done for years, but based on comments from the Slackware
community it seems like 5.10 LTS isn't getting a lot of love and lacks
hardware support that people need now. Conversely, the reports on 5.12 have
been almost entirely positive, so we're going to provide what we think is the
best available kernel. It's unlikely that we'll see another LTS prior to
release, so the plan for maintenance is to keep following the latest kernels
as needed for security purposes. If that means we have to jump to a new branch
while supporting the stable release, we'll start the kernel out in testing
first until we've had some feedback that it's safe to move it to the patches
directory. Sooner or later we will end up on an LTS kernel again, and at that
point we'll just roll with that one. Feel free to comment (or complain) about
this plan on LQ... I'll be curious to see what people think. Anyway, enjoy!
a/hwdata-0.348-noarch-1.txz:  Upgraded.
a/kernel-generic-5.12.9-x86_64-1.txz:  Upgraded.
a/kernel-huge-5.12.9-x86_64-1.txz:  Upgraded.
a/kernel-modules-5.12.9-x86_64-1.txz:  Upgraded.
ap/ispell-3.4.04-x86_64-1.txz:  Upgraded.
ap/mpg123-1.28.0-x86_64-1.txz:  Upgraded.
ap/slackpkg-15.0.5-noarch-1.txz:  Upgraded.
  Add "--" option to "command cd" in bash completion file. (akinomyoga)
  shell-completions/slackpkg.bash: add "show-changelog".
  Import bash-completion file from upstream project.
  Added the new-config actions for specific files. (Piter PUNK)
  Harden slackpkg with respect to obtaining GPG key. (CRTS)
d/clisp-2.50_20191103_c26de7873-x86_64-5.txz:  Rebuilt.
  Upgraded to libffcall-2.3.
d/git-2.32.0-x86_64-1.txz:  Upgraded.
d/kernel-headers-5.12.9-x86-1.txz:  Upgraded.
d/poke-1.3-x86_64-1.txz:  Upgraded.
d/vala-0.52.4-x86_64-1.txz:  Upgraded.
k/kernel-source-5.12.9-noarch-1.txz:  Upgraded.
kde/calligra-3.2.1-x86_64-9.txz:  Rebuilt.
  Recompiled against poppler-21.06.1.
kde/cantor-21.04.1-x86_64-2.txz:  Rebuilt.
  Recompiled against poppler-21.06.1.
kde/digikam-7.2.0-x86_64-3.txz:  Rebuilt.
  Recompiled against imagemagick-7.0.11_14.
kde/kfilemetadata-5.82.0-x86_64-2.txz:  Rebuilt.
  Recompiled against poppler-21.06.1.
kde/kile-2.9.93-x86_64-9.txz:  Rebuilt.
  Recompiled against poppler-21.06.1.
kde/kitinerary-21.04.1-x86_64-2.txz:  Rebuilt.
  Recompiled against poppler-21.06.1.
kde/krita-4.4.3-x86_64-5.txz:  Rebuilt.
  Recompiled against poppler-21.06.1.
kde/okular-21.04.1-x86_64-2.txz:  Rebuilt.
  Recompiled against poppler-21.06.1.
l/alsa-lib-1.2.5-x86_64-2.txz:  Rebuilt.
  Account for unexpected packing of the conf file tarballs. We'll see if this
  is enough to make things work well again.
l/at-spi2-core-2.40.2-x86_64-1.txz:  Upgraded.
l/dvdauthor-0.7.2-x86_64-5.txz:  Rebuilt.
  Recompiled against imagemagick-7.0.11_14.
l/libogg-1.3.5-x86_64-1.txz:  Upgraded.
l/librsvg-2.50.7-x86_64-1.txz:  Upgraded.
l/pipewire-0.3.29-x86_64-1.txz:  Upgraded.
l/polkit-0.119-x86_64-1.txz:  Upgraded.
  This update includes a mitigation for local privilege escalation using
  polkit_system_bus_name_get_creds_sync().
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3560
  (* Security fix *)
l/poppler-21.06.1-x86_64-1.txz:  Upgraded.
  Shared library .so-version bump.
l/pycairo-1.20.1-x86_64-1.txz:  Upgraded.
l/qca-2.3.3-x86_64-1.txz:  Upgraded.
l/vte-0.64.2-x86_64-1.txz:  Upgraded.
n/epic5-2.1.5-x86_64-1.txz:  Upgraded.
n/httpd-2.4.48-x86_64-1.txz:  Upgraded.
  This release contains security fixes and improvements.
  mod_http2: Fix a potential NULL pointer dereference.
  Unexpected <Location> section matching with 'MergeSlashes OFF'.
  mod_auth_digest: possible stack overflow by one nul byte while validating
  the Digest nonce.
  mod_session: Fix possible crash due to NULL pointer dereference, which
  could be used to cause a Denial of Service with a malicious backend
  server and SessionHeader.
  mod_session: Fix possible crash due to NULL pointer dereference, which
  could be used to cause a Denial of Service.
  mod_proxy_http: Fix possible crash due to NULL pointer dereference, which
  could be used to cause a Denial of Service.
  mod_proxy_wstunnel, mod_proxy_http: Handle Upgradable protocols end-to-end
  negotiation.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13950
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17567
  (* Security fix *)
n/libmbim-1.24.8-x86_64-1.txz:  Upgraded.
n/libqmi-1.28.6-x86_64-1.txz:  Upgraded.
n/nettle-3.7.3-x86_64-1.txz:  Upgraded.
n/openldap-2.4.59-x86_64-1.txz:  Upgraded.
n/p11-kit-0.24.0-x86_64-1.txz:  Upgraded.
n/php-7.4.20-x86_64-1.txz:  Upgraded.
n/vsftpd-3.0.4-x86_64-1.txz:  Upgraded.
n/whois-5.5.10-x86_64-1.txz:  Upgraded.
x/libX11-1.7.2-x86_64-1.txz:  Upgraded.
  This is a bug fix release, correcting a regression introduced by and
  improving the checks from the fix for CVE-2021-31535.
x/libinput-1.18.0-x86_64-1.txz:  Upgraded.
x/mesa-21.1.2-x86_64-1.txz:  Upgraded.
xap/blueman-2.2.1-x86_64-1.txz:  Upgraded.
xap/gnuplot-5.4.2-x86_64-1.txz:  Upgraded.
xap/mozilla-thunderbird-78.11.0-x86_64-1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/78.11.0/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2021-26/
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29964
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29967
  (* Security fix *)
xap/pidgin-2.14.5-x86_64-1.txz:  Upgraded.
xap/xine-lib-1.2.11-x86_64-6.txz:  Rebuilt.
  Recompiled against poppler-21.06.1.
extra/bash-completion/bash-completion-2.11-noarch-2.txz:  Rebuilt.
  Removed the slackpkg completion file.
extra/php8/php8-8.0.7-x86_64-1.txz:  Upgraded.
isolinux/initrd.img:  Rebuilt.
kernels/*:  Upgraded.
usb-and-pxe-installers/usbboot.img:  Rebuilt.

12 files changed, 12 insertions, 337 deletions

diff --git a/source/n/epic5/epic5.SlackBuild b/source/n/epic5/epic5.SlackBuild
index 777e424b7..7a8943b4c 100755
--- a/source/n/epic5/epic5.SlackBuild
+++ b/source/n/epic5/epic5.SlackBuild
@@ -26,7 +26,7 @@ PKGNAM=epic5
 VERSION=${VERSION:-$(echo $PKGNAM-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
 EPICVER=5
 HELPFILE=current
-BUILD=${BUILD:-2}
+BUILD=${BUILD:-1}
 
 ## Default to no Ruby support, since it seems that ruby-2.7.0 is not compatible.
 ## Patches to fix this are welcome, otherwise we'll keep an eye on upstream.
diff --git a/source/n/httpd/httpd.SlackBuild b/source/n/httpd/httpd.SlackBuild
index feee4dcb3..438525eef 100755
--- a/source/n/httpd/httpd.SlackBuild
+++ b/source/n/httpd/httpd.SlackBuild
@@ -27,7 +27,7 @@ cd $(dirname $0) ; CWD=$(pwd)
 
 PKGNAM=httpd
 VERSION=${VERSION:-$(echo $PKGNAM-*.tar.bz2 | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-4}
+BUILD=${BUILD:-1}
 
 # Automatically determine the architecture we're building on:
 if [ -z "$ARCH" ]; then
diff --git a/source/n/httpd/httpd.url b/source/n/httpd/httpd.url
index d8812b9c1..9dc6266cb 100644
--- a/source/n/httpd/httpd.url
+++ b/source/n/httpd/httpd.url
@@ -1,2 +1,2 @@
-http://www.apache.org/dist/httpd/httpd-2.4.46.tar.bz2
-http://www.apache.org/dist/httpd/httpd-2.4.46.tar.bz2.asc
+http://www.apache.org/dist/httpd/httpd-2.4.48.tar.bz2
+http://www.apache.org/dist/httpd/httpd-2.4.48.tar.bz2.asc
diff --git a/source/n/libmbim/libmbim.SlackBuild b/source/n/libmbim/libmbim.SlackBuild
index 4a6441fc3..5901801db 100755
--- a/source/n/libmbim/libmbim.SlackBuild
+++ b/source/n/libmbim/libmbim.SlackBuild
@@ -1,7 +1,5 @@
 #!/bin/bash
 
-# Slackware build script for libmbim
-
 # Copyright 2013  Robby Workman, Northport, Alabama, USA
 # All rights reserved.
 #
@@ -26,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd)
 
 PKGNAM=libmbim
 VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-2}
+BUILD=${BUILD:-1}
 
 NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
 
diff --git a/source/n/openldap/openldap.SlackBuild b/source/n/openldap/openldap.SlackBuild
index 4c64439c9..3b6171c6f 100755
--- a/source/n/openldap/openldap.SlackBuild
+++ b/source/n/openldap/openldap.SlackBuild
@@ -25,7 +25,7 @@ cd $(dirname $0) ; CWD=$(pwd)
 
 PKGNAM=openldap
 VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-2}
+BUILD=${BUILD:-1}
 
 # Automatically determine the architecture we're building on:
 if [ -z "$ARCH" ]; then
diff --git a/source/n/p11-kit/p11-kit.SlackBuild b/source/n/p11-kit/p11-kit.SlackBuild
index dd9330ffd..d07499414 100755
--- a/source/n/p11-kit/p11-kit.SlackBuild
+++ b/source/n/p11-kit/p11-kit.SlackBuild
@@ -26,7 +26,7 @@ cd $(dirname $0) ; CWD=$(pwd)
 
 PKGNAM=p11-kit
 VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-3}
+BUILD=${BUILD:-1}
 
 NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
 
diff --git a/source/n/php/fetch-php.sh b/source/n/php/fetch-php.sh
index d91b48634..e22271692 100755
--- a/source/n/php/fetch-php.sh
+++ b/source/n/php/fetch-php.sh
@@ -1,2 +1,2 @@
-lftpget http://us.php.net/distributions/php-7.4.19.tar.xz.asc
-lftpget http://us.php.net/distributions/php-7.4.19.tar.xz
+lftpget http://us.php.net/distributions/php-7.4.20.tar.xz.asc
+lftpget http://us.php.net/distributions/php-7.4.20.tar.xz
diff --git a/source/n/vsftpd/0021-Introduce-support-for-DHE-based-cipher-suites.patch b/source/n/vsftpd/0021-Introduce-support-for-DHE-based-cipher-suites.patch
deleted file mode 100644
index ad7e5bae5..000000000
--- a/source/n/vsftpd/0021-Introduce-support-for-DHE-based-cipher-suites.patch
+++ /dev/null
@@ -1,226 +0,0 @@
-From 4eac1dbb5f70a652d31847eec7c28d245f36cdbb Mon Sep 17 00:00:00 2001
-From: Martin Sehnoutka <msehnout@redhat.com>
-Date: Thu, 17 Nov 2016 10:48:28 +0100
-Subject: [PATCH 21/33] Introduce support for DHE based cipher suites.
-
----
- parseconf.c   |  1 +
- ssl.c         | 93 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
- tunables.c    |  5 +++-
- tunables.h    |  1 +
- vsftpd.conf.5 |  6 ++++
- 5 files changed, 104 insertions(+), 2 deletions(-)
-
-diff --git a/parseconf.c b/parseconf.c
-index 3e0dba4..38e3182 100644
---- a/parseconf.c
-+++ b/parseconf.c
-@@ -176,6 +176,7 @@ parseconf_str_array[] =
-   { "email_password_file", &tunable_email_password_file },
-   { "rsa_cert_file", &tunable_rsa_cert_file },
-   { "dsa_cert_file", &tunable_dsa_cert_file },
-+  { "dh_param_file", &tunable_dh_param_file },
-   { "ssl_ciphers", &tunable_ssl_ciphers },
-   { "rsa_private_key_file", &tunable_rsa_private_key_file },
-   { "dsa_private_key_file", &tunable_dsa_private_key_file },
-diff --git a/ssl.c b/ssl.c
-index c362983..22b69b3 100644
---- a/ssl.c
-+++ b/ssl.c
-@@ -28,6 +28,8 @@
- #include <openssl/err.h>
- #include <openssl/rand.h>
- #include <openssl/bio.h>
-+#include <openssl/dh.h>
-+#include <openssl/bn.h>
- #include <errno.h>
- #include <limits.h>
- 
-@@ -38,6 +40,7 @@ static void setup_bio_callbacks();
- static long bio_callback(
-   BIO* p_bio, int oper, const char* p_arg, int argi, long argl, long retval);
- static int ssl_verify_callback(int verify_ok, X509_STORE_CTX* p_ctx);
-+static DH *ssl_tmp_dh_callback(SSL *ssl, int is_export, int keylength);
- static int ssl_cert_digest(
-   SSL* p_ssl, struct vsf_session* p_sess, struct mystr* p_str);
- static void maybe_log_shutdown_state(struct vsf_session* p_sess);
-@@ -51,6 +54,60 @@ static int ssl_read_common(struct vsf_session* p_sess,
- static int ssl_inited;
- static struct mystr debug_str;
- 
-+
-+// Grab prime number from OpenSSL; <openssl/bn.h>
-+// (get_rfc*) for all available primes.
-+// wraps selection of comparable algorithm strength
-+#if !defined(match_dh_bits)
-+  #define match_dh_bits(keylen) \
-+    keylen >= 8191 ? 8192 : \
-+    keylen >= 6143 ? 6144 : \
-+    keylen >= 4095 ? 4096 : \
-+    keylen >= 3071 ? 3072 : \
-+    keylen >= 2047 ? 2048 : \
-+    keylen >= 1535 ? 1536 : \
-+    keylen >= 1023 ? 1024 : 768
-+#endif
-+
-+#if !defined(DH_get_prime)
-+  BIGNUM *
-+  DH_get_prime(int bits)
-+  {
-+    switch (bits) {
-+      case 768:  return get_rfc2409_prime_768(NULL);
-+      case 1024: return get_rfc2409_prime_1024(NULL);
-+      case 1536: return get_rfc3526_prime_1536(NULL);
-+      case 2048: return get_rfc3526_prime_2048(NULL);
-+      case 3072: return get_rfc3526_prime_3072(NULL);
-+      case 4096: return get_rfc3526_prime_4096(NULL);
-+      case 6144: return get_rfc3526_prime_6144(NULL);
-+      case 8192: return get_rfc3526_prime_8192(NULL);
-+      // shouldn't happen when used match_dh_bits; strict compiler
-+      default:   return NULL;
-+    }
-+}
-+#endif
-+
-+#if !defined(DH_get_dh)
-+  // Grab DH parameters
-+  DH *
-+  DH_get_dh(int size)
-+  {
-+    DH *dh = DH_new();
-+    if (!dh) {
-+      return NULL;
-+    }
-+    dh->p = DH_get_prime(match_dh_bits(size));
-+    BN_dec2bn(&dh->g, "2");
-+    if (!dh->p || !dh->g)
-+    {
-+      DH_free(dh);
-+      return NULL;
-+    }
-+    return dh;
-+  }
-+#endif
-+
- void
- ssl_init(struct vsf_session* p_sess)
- {
-@@ -65,7 +122,7 @@ ssl_init(struct vsf_session* p_sess)
-     {
-       die("SSL: could not allocate SSL context");
-     }
--    options = SSL_OP_ALL;
-+    options = SSL_OP_ALL | SSL_OP_SINGLE_DH_USE;
-     if (!tunable_sslv2)
-     {
-       options |= SSL_OP_NO_SSLv2;
-@@ -111,6 +168,25 @@ ssl_init(struct vsf_session* p_sess)
-         die("SSL: cannot load DSA private key");
-       }
-     }
-+    if (tunable_dh_param_file)
-+    {
-+      BIO *bio;
-+      DH *dhparams = NULL;
-+      if ((bio = BIO_new_file(tunable_dh_param_file, "r")) == NULL)
-+      {
-+        die("SSL: cannot load custom DH params");
-+      }
-+      else
-+      {
-+        dhparams = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
-+        BIO_free(bio);
-+
-+        if (!SSL_CTX_set_tmp_dh(p_ctx, dhparams))
-+	{
-+          die("SSL: setting custom DH params failed");
-+	}
-+      }
-+    }
-     if (tunable_ssl_ciphers &&
-         SSL_CTX_set_cipher_list(p_ctx, tunable_ssl_ciphers) != 1)
-     {
-@@ -165,6 +241,9 @@ ssl_init(struct vsf_session* p_sess)
-       /* Ensure cached session doesn't expire */
-       SSL_CTX_set_timeout(p_ctx, INT_MAX);
-     }
-+    
-+    SSL_CTX_set_tmp_dh_callback(p_ctx, ssl_tmp_dh_callback);
-+
-     p_sess->p_ssl_ctx = p_ctx;
-     ssl_inited = 1;
-   }
-@@ -702,6 +781,18 @@ ssl_verify_callback(int verify_ok, X509_STORE_CTX* p_ctx)
-   return 1;
- }
- 
-+#define UNUSED(x) ( (void)(x) )
-+
-+static DH *
-+ssl_tmp_dh_callback(SSL *ssl, int is_export, int keylength)
-+{
-+  // strict compiler bypassing
-+  UNUSED(ssl);
-+  UNUSED(is_export);
-+  
-+  return DH_get_dh(keylength);
-+}
-+
- void
- ssl_add_entropy(struct vsf_session* p_sess)
- {
-diff --git a/tunables.c b/tunables.c
-index c737465..1ea7227 100644
---- a/tunables.c
-+++ b/tunables.c
-@@ -140,6 +140,7 @@ const char* tunable_user_sub_token;
- const char* tunable_email_password_file;
- const char* tunable_rsa_cert_file;
- const char* tunable_dsa_cert_file;
-+const char* tunable_dh_param_file;
- const char* tunable_ssl_ciphers;
- const char* tunable_rsa_private_key_file;
- const char* tunable_dsa_private_key_file;
-@@ -288,7 +289,9 @@ tunables_load_defaults()
-   install_str_setting("/usr/share/ssl/certs/vsftpd.pem",
-                       &tunable_rsa_cert_file);
-   install_str_setting(0, &tunable_dsa_cert_file);
--  install_str_setting("ECDHE-RSA-AES256-GCM-SHA384", &tunable_ssl_ciphers);
-+  install_str_setting(0, &tunable_dh_param_file);
-+  install_str_setting("AES128-SHA:DES-CBC3-SHA:DHE-RSA-AES256-SHA",
-+                      &tunable_ssl_ciphers);
-   install_str_setting(0, &tunable_rsa_private_key_file);
-   install_str_setting(0, &tunable_dsa_private_key_file);
-   install_str_setting(0, &tunable_ca_certs_file);
-diff --git a/tunables.h b/tunables.h
-index 9553038..3995472 100644
---- a/tunables.h
-+++ b/tunables.h
-@@ -142,6 +142,7 @@ extern const char* tunable_user_sub_token;
- extern const char* tunable_email_password_file;
- extern const char* tunable_rsa_cert_file;
- extern const char* tunable_dsa_cert_file;
-+extern const char* tunable_dh_param_file;
- extern const char* tunable_ssl_ciphers;
- extern const char* tunable_rsa_private_key_file;
- extern const char* tunable_dsa_private_key_file;
-diff --git a/vsftpd.conf.5 b/vsftpd.conf.5
-index fb6324e..ff94eca 100644
---- a/vsftpd.conf.5
-+++ b/vsftpd.conf.5
-@@ -893,6 +893,12 @@ to be in the same file as the certificate.
- 
- Default: (none)
- .TP
-+.B dh_param_file
-+This option specifies the location of the custom parameters used for
-+ephemeral Diffie-Hellman key exchange in SSL.
-+
-+Default: (none - use built in parameters appropriate for certificate key size)
-+.TP
- .B email_password_file
- This option can be used to provide an alternate file for usage by the
- .BR secure_email_list_enable
--- 
-2.7.4
-
diff --git a/source/n/vsftpd/0035-Modify-DH-enablement-patch-to-build-with-OpenSSL-1.1.patch b/source/n/vsftpd/0035-Modify-DH-enablement-patch-to-build-with-OpenSSL-1.1.patch
deleted file mode 100644
index ab3f35c0f..000000000
--- a/source/n/vsftpd/0035-Modify-DH-enablement-patch-to-build-with-OpenSSL-1.1.patch
+++ /dev/null
@@ -1,74 +0,0 @@
-From 6c8dd87f311e411bcb1c72c1c780497881a5621c Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= <olysonek@redhat.com>
-Date: Mon, 4 Sep 2017 11:32:03 +0200
-Subject: [PATCH 35/35] Modify DH enablement patch to build with OpenSSL 1.1
-
----
- ssl.c | 41 ++++++++++++++++++++++++++++++++++++++---
- 1 file changed, 38 insertions(+), 3 deletions(-)
-
-diff --git a/ssl.c b/ssl.c
-index ba8a613..09ec96a 100644
---- a/ssl.c
-+++ b/ssl.c
-@@ -88,19 +88,54 @@ static struct mystr debug_str;
- }
- #endif
- 
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
-+{
-+  /* If the fields p and g in d are NULL, the corresponding input
-+   * parameters MUST be non-NULL.  q may remain NULL.
-+   */
-+  if ((dh->p == NULL && p == NULL)
-+      || (dh->g == NULL && g == NULL))
-+    return 0;
-+
-+  if (p != NULL) {
-+    BN_free(dh->p);
-+    dh->p = p;
-+  }
-+  if (q != NULL) {
-+    BN_free(dh->q);
-+    dh->q = q;
-+  }
-+  if (g != NULL) {
-+    BN_free(dh->g);
-+    dh->g = g;
-+  }
-+
-+  if (q != NULL) {
-+    dh->length = BN_num_bits(q);
-+  }
-+
-+  return 1;
-+}
-+#endif
-+
- #if !defined(DH_get_dh)
-   // Grab DH parameters
-   DH *
-   DH_get_dh(int size)
-   {
-+    BIGNUM *g = NULL;
-+    BIGNUM *p = NULL;
-     DH *dh = DH_new();
-     if (!dh) {
-       return NULL;
-     }
--    dh->p = DH_get_prime(match_dh_bits(size));
--    BN_dec2bn(&dh->g, "2");
--    if (!dh->p || !dh->g)
-+    p = DH_get_prime(match_dh_bits(size));
-+    BN_dec2bn(&g, "2");
-+    if (!p || !g || !DH_set0_pqg(dh, p, NULL, g))
-     {
-+      BN_free(g);
-+      BN_free(p);
-       DH_free(dh);
-       return NULL;
-     }
--- 
-2.9.5
-
diff --git a/source/n/vsftpd/slack-desc b/source/n/vsftpd/slack-desc
index f076e1a20..f33e7ade8 100644
--- a/source/n/vsftpd/slack-desc
+++ b/source/n/vsftpd/slack-desc
@@ -12,8 +12,8 @@ vsftpd: vsftpd is an FTP server, or daemon. The 'vs' stands for Very Secure.
 vsftpd: Obviously this is not a guarantee, but a reflection that the entire
 vsftpd: codebase was written with security in mind, and carefully designed to
 vsftpd: be resilient to attack (as well as extremely fast and scalable).
+vsftpd: The Very Secure FTP Daemon was written by Chris Evans.
 vsftpd:
-vsftpd: The vsftpd homepage is https://security.appspot.com/vsftpd.html
+vsftpd: Homepage: https://security.appspot.com/vsftpd.html
 vsftpd:
-vsftpd: The Very Secure FTP Daemon was written by Chris Evans.
 vsftpd:
diff --git a/source/n/vsftpd/vsftpd.SlackBuild b/source/n/vsftpd/vsftpd.SlackBuild
index f29ed2494..3403ae178 100755
--- a/source/n/vsftpd/vsftpd.SlackBuild
+++ b/source/n/vsftpd/vsftpd.SlackBuild
@@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd)
 
 PKGNAM=vsftpd
 VERSION=${VERSION:-$(echo ${PKGNAM}-*.tar.gz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-9}
+BUILD=${BUILD:-1}
 
 # Automatically determine the architecture we're building on:
 if [ -z "$ARCH" ]; then
@@ -72,13 +72,6 @@ find . \
 zcat $CWD/vsftpd.builddefs.diff.gz | patch -p1 --verbose || exit 1
 zcat $CWD/vsftpd.conf.diff.gz | patch -p1 --verbose || exit 1
 zcat $CWD/vsftpd.crypt.diff.gz | patch -p1 --verbose || exit 1
-# patch from BLFS due to gcc >= 10.1.x
-sed -e "s/kVSFSysStrOpenUnknown;/(enum EVSFSysUtilOpenMode)&/" -i sysstr.c
-
-# Support OpenSSL 1.1.x:
-zcat $CWD/0021-Introduce-support-for-DHE-based-cipher-suites.patch.gz | patch -p1 --verbose || exit 1
-zcat $CWD/0035-Modify-DH-enablement-patch-to-build-with-OpenSSL-1.1.patch.gz | patch -p1 --verbose || exit 1
-zcat $CWD/vsftpd.link-with-openssl-1.1.diff.gz | patch -p1 --verbose || exit 1
 
 make $NUMJOBS || make || exit 1
 
diff --git a/source/n/vsftpd/vsftpd.link-with-openssl-1.1.diff b/source/n/vsftpd/vsftpd.link-with-openssl-1.1.diff
deleted file mode 100644
index 2ef819a58..000000000
--- a/source/n/vsftpd/vsftpd.link-with-openssl-1.1.diff
+++ /dev/null
@@ -1,16 +0,0 @@
---- ./vsf_findlibs.sh.orig	2012-03-27 21:17:41.000000000 -0500
-+++ ./vsf_findlibs.sh	2018-05-07 16:10:58.744003755 -0500
-@@ -68,10 +68,10 @@
- # Solaris sendfile
- locate_library /usr/lib/libsendfile.so && echo "-lsendfile";
- 
--# OpenSSL
--if find_func SSL_library_init ssl.o; then
-+# Always link with OpenSSL:
-+#if find_func SSL_library_init ssl.o; then
-   echo "-lssl -lcrypto";
--fi
-+#fi
- 
- exit 0;
-