diff --git a/0014-Add-support-for-square-brackets-in-ls.patch b/0014-Add-support-for-square-brackets-in-ls.patch index 5035675..27f5374 100644 --- a/0014-Add-support-for-square-brackets-in-ls.patch +++ b/0014-Add-support-for-square-brackets-in-ls.patch @@ -1,11 +1,14 @@ -commit de556b2643b5da622f501b435740c651b9f82554 -Author: Tomas Korbar -Date: Mon Dec 15 02:00:00 2025 +0200 +From ba0520650ae7f9f63e48ba9fb3a94297aebe2d0c Mon Sep 17 00:00:00 2001 +From: Martin Sehnoutka +Date: Wed, 7 Sep 2016 14:22:21 +0200 +Subject: [PATCH 14/59] Add support for square brackets in ls. - Add support for square brackets in ls. +--- + ls.c | 222 +++++++++++++++++++++++++++++++++++++++++++++---------------------- + 1 file changed, 150 insertions(+), 72 deletions(-) diff --git a/ls.c b/ls.c -index 616b2d9..ab69af9 100644 +index 616b2d9..b840136 100644 --- a/ls.c +++ b/ls.c @@ -246,7 +246,7 @@ vsf_filename_passes_filter(const struct mystr* p_filename_str, @@ -188,7 +191,7 @@ index 616b2d9..ab69af9 100644 - if (vsf_filename_passes_filter(&name_remain_str, &new_filter_str, - iters)) + unsigned int cur_pos; -+ unsigned char stch, ench; ++ char stch, ench; + const char *p_brace; + + str_split_char(&filter_remain_str, &temp_str, ']'); @@ -213,7 +216,7 @@ index 616b2d9..ab69af9 100644 + cur_pos++; + } + // expand char[s] -+ for (;stch <= ench && !str_isempty(&brace_list_str) && stch != 0; stch++) ++ for (;stch <= ench && !str_isempty(&brace_list_str); stch++) + { + str_empty(&new_filter_str); + if (!matched) @@ -269,4 +272,6 @@ index 616b2d9..ab69af9 100644 } /* Any incoming string left means no match unless we ended on the correct * type of wildcard. +-- +2.14.4 diff --git a/0033-Introduce-TLSv1.1-and-TLSv1.2-options.patch b/0033-Introduce-TLSv1.1-and-TLSv1.2-options.patch new file mode 100644 index 0000000..8d6228e --- /dev/null +++ b/0033-Introduce-TLSv1.1-and-TLSv1.2-options.patch @@ -0,0 +1,153 @@ +From 01bef55a1987700af3d43cdc5f5be88d3843ab85 Mon Sep 17 00:00:00 2001 +From: Martin Sehnoutka +Date: Thu, 17 Nov 2016 13:36:17 +0100 +Subject: [PATCH 33/59] Introduce TLSv1.1 and TLSv1.2 options. + +Users can now enable a specific version of TLS protocol. +--- + parseconf.c | 2 ++ + ssl.c | 8 ++++++++ + tunables.c | 9 +++++++-- + tunables.h | 2 ++ + vsftpd.conf.5 | 24 ++++++++++++++++++++---- + 5 files changed, 39 insertions(+), 6 deletions(-) + +diff --git a/parseconf.c b/parseconf.c +index a2c715b..33a1349 100644 +--- a/parseconf.c ++++ b/parseconf.c +@@ -85,6 +85,8 @@ parseconf_bool_array[] = + { "ssl_sslv2", &tunable_sslv2 }, + { "ssl_sslv3", &tunable_sslv3 }, + { "ssl_tlsv1", &tunable_tlsv1 }, ++ { "ssl_tlsv1_1", &tunable_tlsv1_1 }, ++ { "ssl_tlsv1_2", &tunable_tlsv1_2 }, + { "tilde_user_enable", &tunable_tilde_user_enable }, + { "force_anon_logins_ssl", &tunable_force_anon_logins_ssl }, + { "force_anon_data_ssl", &tunable_force_anon_data_ssl }, +diff --git a/ssl.c b/ssl.c +index 96bf8ad..ba8a613 100644 +--- a/ssl.c ++++ b/ssl.c +@@ -135,6 +135,14 @@ ssl_init(struct vsf_session* p_sess) + { + options |= SSL_OP_NO_TLSv1; + } ++ if (!tunable_tlsv1_1) ++ { ++ options |= SSL_OP_NO_TLSv1_1; ++ } ++ if (!tunable_tlsv1_2) ++ { ++ options |= SSL_OP_NO_TLSv1_2; ++ } + SSL_CTX_set_options(p_ctx, options); + if (tunable_rsa_cert_file) + { +diff --git a/tunables.c b/tunables.c +index 93f85b1..78f2bcd 100644 +--- a/tunables.c ++++ b/tunables.c +@@ -66,6 +66,8 @@ int tunable_force_local_data_ssl; + int tunable_sslv2; + int tunable_sslv3; + int tunable_tlsv1; ++int tunable_tlsv1_1; ++int tunable_tlsv1_2; + int tunable_tilde_user_enable; + int tunable_force_anon_logins_ssl; + int tunable_force_anon_data_ssl; +@@ -209,7 +211,10 @@ tunables_load_defaults() + tunable_force_local_data_ssl = 1; + tunable_sslv2 = 0; + tunable_sslv3 = 0; ++ /* TLSv1 up to TLSv1.2 is enabled by default */ + tunable_tlsv1 = 1; ++ tunable_tlsv1_1 = 1; ++ tunable_tlsv1_2 = 1; + tunable_tilde_user_enable = 0; + tunable_force_anon_logins_ssl = 0; + tunable_force_anon_data_ssl = 0; +@@ -292,8 +297,8 @@ tunables_load_defaults() + install_str_setting(0, &tunable_dsa_cert_file); + install_str_setting(0, &tunable_dh_param_file); + install_str_setting(0, &tunable_ecdh_param_file); +- install_str_setting("AES128-SHA:DES-CBC3-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA", +- &tunable_ssl_ciphers); ++ install_str_setting("AES128-SHA:DES-CBC3-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384", ++ &tunable_ssl_ciphers); + install_str_setting(0, &tunable_rsa_private_key_file); + install_str_setting(0, &tunable_dsa_private_key_file); + install_str_setting(0, &tunable_ca_certs_file); +diff --git a/tunables.h b/tunables.h +index 3e2d40c..a466427 100644 +--- a/tunables.h ++++ b/tunables.h +@@ -67,6 +67,8 @@ extern int tunable_force_local_data_ssl; /* Require local data uses SSL */ + extern int tunable_sslv2; /* Allow SSLv2 */ + extern int tunable_sslv3; /* Allow SSLv3 */ + extern int tunable_tlsv1; /* Allow TLSv1 */ ++extern int tunable_tlsv1_1; /* Allow TLSv1.1 */ ++extern int tunable_tlsv1_2; /* Allow TLSv1.2 */ + extern int tunable_tilde_user_enable; /* Support e.g. ~chris */ + extern int tunable_force_anon_logins_ssl; /* Require anon logins use SSL */ + extern int tunable_force_anon_data_ssl; /* Require anon data uses SSL */ +diff --git a/vsftpd.conf.5 b/vsftpd.conf.5 +index cf1ae34..a3d569e 100644 +--- a/vsftpd.conf.5 ++++ b/vsftpd.conf.5 +@@ -506,7 +506,7 @@ Default: YES + Only applies if + .BR ssl_enable + is activated. If enabled, this option will permit SSL v2 protocol connections. +-TLS v1 connections are preferred. ++TLS v1.2 connections are preferred. + + Default: NO + .TP +@@ -514,7 +514,7 @@ Default: NO + Only applies if + .BR ssl_enable + is activated. If enabled, this option will permit SSL v3 protocol connections. +-TLS v1 connections are preferred. ++TLS v1.2 connections are preferred. + + Default: NO + .TP +@@ -522,7 +522,23 @@ Default: NO + Only applies if + .BR ssl_enable + is activated. If enabled, this option will permit TLS v1 protocol connections. +-TLS v1 connections are preferred. ++TLS v1.2 connections are preferred. ++ ++Default: YES ++.TP ++.B ssl_tlsv1_1 ++Only applies if ++.BR ssl_enable ++is activated. If enabled, this option will permit TLS v1.1 protocol connections. ++TLS v1.2 connections are preferred. ++ ++Default: YES ++.TP ++.B ssl_tlsv1_2 ++Only applies if ++.BR ssl_enable ++is activated. If enabled, this option will permit TLS v1.2 protocol connections. ++TLS v1.2 connections are preferred. + + Default: YES + .TP +@@ -1044,7 +1060,7 @@ man page for further details. Note that restricting ciphers can be a useful + security precaution as it prevents malicious remote parties forcing a cipher + which they have found problems with. + +-Default: DES-CBC3-SHA ++Default: AES128-SHA:DES-CBC3-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384 + .TP + .B user_config_dir + This powerful option allows the override of any config option specified in +-- +2.14.4 + diff --git a/0042-When-handling-FEAT-command-check-ssl_tlsv1_1-and-ssl.patch b/0042-When-handling-FEAT-command-check-ssl_tlsv1_1-and-ssl.patch index 1e14813..250a44c 100644 --- a/0042-When-handling-FEAT-command-check-ssl_tlsv1_1-and-ssl.patch +++ b/0042-When-handling-FEAT-command-check-ssl_tlsv1_1-and-ssl.patch @@ -23,7 +23,7 @@ index 1212980..d024366 100644 vsf_cmdio_write_raw(p_sess, " AUTH SSL\r\n"); } - if (tunable_tlsv1) -+ if (tunable_tlsv1 || tunable_tlsv1_1 || tunable_tlsv1_2 || tunable_tlsv1_3) ++ if (tunable_tlsv1 || tunable_tlsv1_1 || tunable_tlsv1_2) { vsf_cmdio_write_raw(p_sess, " AUTH TLS\r\n"); } diff --git a/0043-Enable-only-TLSv1.2-by-default.patch b/0043-Enable-only-TLSv1.2-by-default.patch new file mode 100644 index 0000000..eb157f8 --- /dev/null +++ b/0043-Enable-only-TLSv1.2-by-default.patch @@ -0,0 +1,53 @@ +From 75c942c77aa575143c5b75637e64a925ad12641a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= +Date: Thu, 21 Dec 2017 16:38:40 +0100 +Subject: [PATCH 43/59] Enable only TLSv1.2 by default + +Disable TLSv1 and TLSv1.1 - enable only TLSv1.2 by default. +--- + tunables.c | 6 +++--- + vsftpd.conf.5 | 4 ++-- + 2 files changed, 5 insertions(+), 5 deletions(-) + +diff --git a/tunables.c b/tunables.c +index 354251c..9680528 100644 +--- a/tunables.c ++++ b/tunables.c +@@ -211,9 +211,9 @@ tunables_load_defaults() + tunable_force_local_data_ssl = 1; + tunable_sslv2 = 0; + tunable_sslv3 = 0; +- /* TLSv1 up to TLSv1.2 is enabled by default */ +- tunable_tlsv1 = 1; +- tunable_tlsv1_1 = 1; ++ tunable_tlsv1 = 0; ++ tunable_tlsv1_1 = 0; ++ /* Only TLSv1.2 is enabled by default */ + tunable_tlsv1_2 = 1; + tunable_tilde_user_enable = 0; + tunable_force_anon_logins_ssl = 0; +diff --git a/vsftpd.conf.5 b/vsftpd.conf.5 +index 2a7662e..df14027 100644 +--- a/vsftpd.conf.5 ++++ b/vsftpd.conf.5 +@@ -539,7 +539,7 @@ Only applies if + is activated. If enabled, this option will permit TLS v1 protocol connections. + TLS v1.2 connections are preferred. + +-Default: YES ++Default: NO + .TP + .B ssl_tlsv1_1 + Only applies if +@@ -547,7 +547,7 @@ Only applies if + is activated. If enabled, this option will permit TLS v1.1 protocol connections. + TLS v1.2 connections are preferred. + +-Default: YES ++Default: NO + .TP + .B ssl_tlsv1_2 + Only applies if +-- +2.14.4 + diff --git a/0076-Correct-the-definition-of-setup_bio_callbacks-in-ssl.patch b/0076-Correct-the-definition-of-setup_bio_callbacks-in-ssl.patch deleted file mode 100644 index 4fb8420..0000000 --- a/0076-Correct-the-definition-of-setup_bio_callbacks-in-ssl.patch +++ /dev/null @@ -1,25 +0,0 @@ -From f3a745be207831ebd07add16e66ac2b43a743dc1 Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Fri, 24 Jan 2025 11:42:39 +0100 -Subject: [PATCH] Correct the definition of setup_bio_callbacks() in ssl.c - ---- - ssl.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ssl.c b/ssl.c -index e518097..02ed489 100644 ---- a/ssl.c -+++ b/ssl.c -@@ -36,7 +36,7 @@ - static char* get_ssl_error(); - static SSL* get_ssl(struct vsf_session* p_sess, int fd); - static int ssl_session_init(struct vsf_session* p_sess); --static void setup_bio_callbacks(); -+static void setup_bio_callbacks(SSL* p_ssl); - static long bio_callback( - BIO* p_bio, int oper, const char* p_arg, size_t len, int argi, long argl, int ret, size_t *processed); - static int ssl_verify_callback(int verify_ok, X509_STORE_CTX* p_ctx); --- -2.48.1 - diff --git a/gating.yaml b/gating.yaml index 9b2646f..de5c323 100644 --- a/gating.yaml +++ b/gating.yaml @@ -4,8 +4,8 @@ product_versions: decision_context: bodhi_update_push_testing subject_type: koji_build rules: - - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/tier1-public.functional} - + - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/public.functional} + #Rawhide --- !Policy product_versions: @@ -13,14 +13,15 @@ product_versions: decision_context: bodhi_update_push_stable subject_type: koji_build rules: - - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/tier1-public.functional} - + - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/public.functional} + #gating rhel --- !Policy product_versions: - rhel-* decision_context: osci_compose_gate rules: - - !PassingTestCaseRule {test_case_name: osci.brew-build./plans/tier1-public.functional} + - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional} + - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tedude.validation} - !PassingTestCaseRule {test_case_name: osci.brew-build./plans/tier1-internal.functional} - + - !PassingTestCaseRule {test_case_name: osci.brew-build./plans/public.functional} diff --git a/plans.fmf b/plans.fmf deleted file mode 100644 index 900f2e5..0000000 --- a/plans.fmf +++ /dev/null @@ -1,47 +0,0 @@ -/tier1-internal: - plan: - import: - url: https://gitlab.com/redhat/centos-stream/tests/vsftpd.git - name: /plans/tier1/internal - adjust: - enabled: false - when: distro == centos-stream, fedora - because: They don't have access to internal repos. - -/tier1-public: - plan: - import: - url: https://gitlab.com/redhat/centos-stream/tests/vsftpd.git - name: /plans/tier1/public - -/tier2-tier3-internal: - plan: - import: - url: https://gitlab.com/redhat/centos-stream/tests/vsftpd.git - name: /plans/tier2-tier3/internal - adjust: - enabled: false - when: distro == centos-stream, fedora - because: They don't have access to internal repos. - -/tier2-tier3-public: - plan: - import: - url: https://gitlab.com/redhat/centos-stream/tests/vsftpd.git - name: /plans/tier2-tier3/public - -/others-internal: - plan: - import: - url: https://gitlab.com/redhat/centos-stream/tests/vsftpd.git - name: /plans/others/internal - adjust: - enabled: false - when: distro == centos-stream, fedora - because: They don't have access to internal repos. - -/others-public: - plan: - import: - url: https://gitlab.com/redhat/centos-stream/tests/vsftpd.git - name: /plans/others/public diff --git a/plans/public.fmf b/plans/public.fmf new file mode 100644 index 0000000..95682f5 --- /dev/null +++ b/plans/public.fmf @@ -0,0 +1,6 @@ +summary: Test plan with all Fedora tests +discover: + how: fmf + url: https://src.fedoraproject.org/tests/vsftpd.git +execute: + how: tmt diff --git a/plans/tier1-internal.fmf b/plans/tier1-internal.fmf new file mode 100644 index 0000000..d1dd032 --- /dev/null +++ b/plans/tier1-internal.fmf @@ -0,0 +1,12 @@ +summary: CI plan, picks internal Tier1 tests, runs in beakerlib. +discover: + - name: rhel + how: fmf + filter: 'tier: 1' + url: git://pkgs.devel.redhat.com/tests/vsftpd +execute: + how: tmt +adjust: + enabled: false + when: distro == centos-stream, fedora + because: They don't have access to internal repos. diff --git a/vsftpd-tmpfiles.conf b/vsftpd-tmpfiles.conf deleted file mode 100644 index f1a385c..0000000 --- a/vsftpd-tmpfiles.conf +++ /dev/null @@ -1,2 +0,0 @@ -d /var/ftp 0755 root root - -d /var/ftp/pub 0755 root root - diff --git a/vsftpd.spec b/vsftpd.spec index d8e0a58..3df6d73 100644 --- a/vsftpd.spec +++ b/vsftpd.spec @@ -2,7 +2,7 @@ Name: vsftpd Version: 3.0.5 -Release: 14%{?dist} +Release: 4%{?dist} Summary: Very Secure Ftp Daemon # OpenSSL link exception @@ -18,7 +18,6 @@ Source7: vsftpd.service Source8: vsftpd@.service Source9: vsftpd.target Source10: vsftpd-generator -Source11: vsftpd-tmpfiles.conf BuildRequires: make BuildRequires: pam-devel @@ -62,6 +61,7 @@ Patch29: 0029-Fix-segfault-in-config-file-parser.patch Patch30: 0030-Fix-logging-into-syslog-when-enabled-in-config.patch Patch31: 0031-Fix-question-mark-wildcard-withing-a-file-name.patch Patch32: 0032-Propagate-errors-from-nfs-with-quota-to-client.patch +#Patch33: 0033-Introduce-TLSv1.1-and-TLSv1.2-options.patch Patch34: 0034-Turn-off-seccomp-sandbox-because-it-is-too-strict.patch Patch36: 0036-Redefine-VSFTP_COMMAND_FD-to-1.patch Patch37: 0037-Document-the-relationship-of-text_userdb_names-and-c.patch @@ -69,7 +69,8 @@ Patch38: 0038-Document-allow_writeable_chroot-in-the-man-page.patch Patch39: 0039-Improve-documentation-of-ASCII-mode-in-the-man-page.patch Patch40: 0040-Use-system-wide-crypto-policy.patch Patch41: 0041-Document-the-new-default-for-ssl_ciphers-in-the-man-.patch -Patch42: 0042-When-handling-FEAT-command-check-ssl_tlsv1_1-and-ssl.patch +#Patch42: 0042-When-handling-FEAT-command-check-ssl_tlsv1_1-and-ssl.patch +#Patch43: 0043-Enable-only-TLSv1.2-by-default.patch Patch44: 0044-Disable-anonymous_enable-in-default-config-file.patch Patch45: 0045-Expand-explanation-of-ascii_-options-behaviour-in-ma.patch Patch46: 0046-vsftpd.conf-Refer-to-the-man-page-regarding-the-asci.patch @@ -100,7 +101,6 @@ Patch72: vsftpd-3.0.5-replace-old-network-addr-functions.patch Patch73: vsftpd-3.0.5-replace-deprecated-openssl-functions.patch Patch74: vsftpd-3.0.5-add-option-for-tlsv1.3-ciphersuites.patch Patch75: vsftpd-3.0.5-use-old-tlsv-options.patch -Patch76: 0076-Correct-the-definition-of-setup_bio_callbacks-in-ssl.patch %description vsftpd is a Very Secure FTP daemon. It was written completely from @@ -120,13 +120,13 @@ cp %{SOURCE1} . LINK="-pie -lssl $RPM_LD_FLAGS" %{?_smp_mflags} %install -mkdir -p $RPM_BUILD_ROOT%{_bindir} +mkdir -p $RPM_BUILD_ROOT%{_sbindir} mkdir -p $RPM_BUILD_ROOT%{_sysconfdir} mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/{vsftpd,pam.d,logrotate.d} mkdir -p $RPM_BUILD_ROOT%{_mandir}/man{5,8} mkdir -p $RPM_BUILD_ROOT%{_unitdir} mkdir -p $RPM_BUILD_ROOT%{_generatorsdir} -install -m 755 vsftpd $RPM_BUILD_ROOT%{_bindir}/vsftpd +install -m 755 vsftpd $RPM_BUILD_ROOT%{_sbindir}/vsftpd install -m 600 vsftpd.conf $RPM_BUILD_ROOT%{_sysconfdir}/vsftpd/vsftpd.conf install -m 644 vsftpd.conf.5 $RPM_BUILD_ROOT/%{_mandir}/man5/ install -m 644 vsftpd.8 $RPM_BUILD_ROOT/%{_mandir}/man8/ @@ -139,7 +139,6 @@ install -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{_unitdir} install -m 644 %{SOURCE8} $RPM_BUILD_ROOT%{_unitdir} install -m 644 %{SOURCE9} $RPM_BUILD_ROOT%{_unitdir} install -m 755 %{SOURCE10} $RPM_BUILD_ROOT%{_generatorsdir} -install -Dpm 644 %{SOURCE11} $RPM_BUILD_ROOT%{_tmpfilesdir}/vsftpd.conf mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub @@ -156,7 +155,7 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %files %{_unitdir}/* %{_generatorsdir}/* -%{_bindir}/vsftpd +%{_sbindir}/vsftpd %dir %{_sysconfdir}/vsftpd %{_sysconfdir}/vsftpd/vsftpd_conf_migrate.sh %config(noreplace) %{_sysconfdir}/vsftpd/ftpusers @@ -169,39 +168,8 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub %{_mandir}/man5/vsftpd.conf.* %{_mandir}/man8/vsftpd.* %{_var}/ftp -%{_tmpfilesdir}/vsftpd.conf %changelog -* Wed Jan 14 2026 Tomas Korbar - 3.0.5-14 -- Resolve CVE-2025-14242 - -* Thu Dec 18 2025 Fedor Vorobev - 3.0.5-13 -- Add a tmpfiles.d config. (image mode support) - -* Fri Jul 25 2025 Fedora Release Engineering - 3.0.5-12 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild - -* Tue Apr 15 2025 Tomas Korbar - 3.0.5-11 -- Move executable to bindir - -* Fri Jan 24 2025 Stepan Broz - 3.0.5-10 -- Correct the definition of setup_bio_callbacks() in ssl.c - -* Sun Jan 19 2025 Fedora Release Engineering - 3.0.5-9 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild - -* Mon Aug 19 2024 Tomas Korbar - 3.0.5-8 -- Fix FEAT command to list AUTH TLS when TLSv1.3 is enabled - -* Sat Jul 20 2024 Fedora Release Engineering - 3.0.5-7 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild - -* Sat Jan 27 2024 Fedora Release Engineering - 3.0.5-6 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild - -* Sat Jul 22 2023 Fedora Release Engineering - 3.0.5-5 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild - * Thu May 04 2023 Richard Lescak - 3.0.5-4 - add option for TLSv1.3 ciphersuites - SPDX migration