Resolve CVE-2025-14242

Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>

0014-Add-support-for-square-brackets-in-ls.patch

@@ -1,14 +1,11 @@
-From ba0520650ae7f9f63e48ba9fb3a94297aebe2d0c Mon Sep 17 00:00:00 2001
-From: Martin Sehnoutka <msehnout@redhat.com>
-Date: Wed, 7 Sep 2016 14:22:21 +0200
-Subject: [PATCH 14/59] Add support for square brackets in ls.
+commit de556b2643b5da622f501b435740c651b9f82554
+Author: Tomas Korbar <tkorbar@redhat.com>
+Date:   Mon Dec 15 02:00:00 2025 +0200
 
----
- ls.c | 222 +++++++++++++++++++++++++++++++++++++++++++++----------------------
- 1 file changed, 150 insertions(+), 72 deletions(-)
+    Add support for square brackets in ls.
 
 diff --git a/ls.c b/ls.c
-index 616b2d9..b840136 100644
+index 616b2d9..ab69af9 100644
 --- a/ls.c
 +++ b/ls.c
 @@ -246,7 +246,7 @@ vsf_filename_passes_filter(const struct mystr* p_filename_str,
@@ -191,7 +188,7 @@ index 616b2d9..b840136 100644
 -          if (vsf_filename_passes_filter(&name_remain_str, &new_filter_str,
 -                                         iters))
 +          unsigned int cur_pos;
-+          char stch, ench;
++          unsigned char stch, ench;
 +          const char *p_brace;
 +
 +          str_split_char(&filter_remain_str, &temp_str, ']');
@@ -216,7 +213,7 @@ index 616b2d9..b840136 100644
 +              cur_pos++;
 +            }
 +            // expand char[s]
-+            for (;stch <= ench && !str_isempty(&brace_list_str); stch++)
++            for (;stch <= ench && !str_isempty(&brace_list_str) && stch != 0; stch++)
 +            {
 +              str_empty(&new_filter_str);
 +              if (!matched)
@@ -272,6 +269,4 @@ index 616b2d9..b840136 100644
    }
    /* Any incoming string left means no match unless we ended on the correct
     * type of wildcard.
--- 
-2.14.4
 

0033-Introduce-TLSv1.1-and-TLSv1.2-options.patch

@@ -1,153 +0,0 @@
-From 01bef55a1987700af3d43cdc5f5be88d3843ab85 Mon Sep 17 00:00:00 2001
-From: Martin Sehnoutka <msehnout@redhat.com>
-Date: Thu, 17 Nov 2016 13:36:17 +0100
-Subject: [PATCH 33/59] Introduce TLSv1.1 and TLSv1.2 options.
-
-Users can now enable a specific version of TLS protocol.
----
- parseconf.c   |  2 ++
- ssl.c         |  8 ++++++++
- tunables.c    |  9 +++++++--
- tunables.h    |  2 ++
- vsftpd.conf.5 | 24 ++++++++++++++++++++----
- 5 files changed, 39 insertions(+), 6 deletions(-)
-
-diff --git a/parseconf.c b/parseconf.c
-index a2c715b..33a1349 100644
---- a/parseconf.c
-+++ b/parseconf.c
-@@ -85,6 +85,8 @@ parseconf_bool_array[] =
-   { "ssl_sslv2", &tunable_sslv2 },
-   { "ssl_sslv3", &tunable_sslv3 },
-   { "ssl_tlsv1", &tunable_tlsv1 },
-+  { "ssl_tlsv1_1", &tunable_tlsv1_1 },
-+  { "ssl_tlsv1_2", &tunable_tlsv1_2 },
-   { "tilde_user_enable", &tunable_tilde_user_enable },
-   { "force_anon_logins_ssl", &tunable_force_anon_logins_ssl },
-   { "force_anon_data_ssl", &tunable_force_anon_data_ssl },
-diff --git a/ssl.c b/ssl.c
-index 96bf8ad..ba8a613 100644
---- a/ssl.c
-+++ b/ssl.c
-@@ -135,6 +135,14 @@ ssl_init(struct vsf_session* p_sess)
-     {
-       options |= SSL_OP_NO_TLSv1;
-     }
-+    if (!tunable_tlsv1_1)
-+    {
-+      options |= SSL_OP_NO_TLSv1_1;
-+    }
-+    if (!tunable_tlsv1_2)
-+    {
-+      options |= SSL_OP_NO_TLSv1_2;
-+    }
-     SSL_CTX_set_options(p_ctx, options);
-     if (tunable_rsa_cert_file)
-     {
-diff --git a/tunables.c b/tunables.c
-index 93f85b1..78f2bcd 100644
---- a/tunables.c
-+++ b/tunables.c
-@@ -66,6 +66,8 @@ int tunable_force_local_data_ssl;
- int tunable_sslv2;
- int tunable_sslv3;
- int tunable_tlsv1;
-+int tunable_tlsv1_1;
-+int tunable_tlsv1_2;
- int tunable_tilde_user_enable;
- int tunable_force_anon_logins_ssl;
- int tunable_force_anon_data_ssl;
-@@ -209,7 +211,10 @@ tunables_load_defaults()
-   tunable_force_local_data_ssl = 1;
-   tunable_sslv2 = 0;
-   tunable_sslv3 = 0;
-+  /* TLSv1 up to TLSv1.2 is enabled by default */
-   tunable_tlsv1 = 1;
-+  tunable_tlsv1_1 = 1;
-+  tunable_tlsv1_2 = 1;
-   tunable_tilde_user_enable = 0;
-   tunable_force_anon_logins_ssl = 0;
-   tunable_force_anon_data_ssl = 0;
-@@ -292,8 +297,8 @@ tunables_load_defaults()
-   install_str_setting(0, &tunable_dsa_cert_file);
-   install_str_setting(0, &tunable_dh_param_file);
-   install_str_setting(0, &tunable_ecdh_param_file);
--  install_str_setting("AES128-SHA:DES-CBC3-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA",
--                      &tunable_ssl_ciphers);
-+  install_str_setting("AES128-SHA:DES-CBC3-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384",
-+          &tunable_ssl_ciphers);
-   install_str_setting(0, &tunable_rsa_private_key_file);
-   install_str_setting(0, &tunable_dsa_private_key_file);
-   install_str_setting(0, &tunable_ca_certs_file);
-diff --git a/tunables.h b/tunables.h
-index 3e2d40c..a466427 100644
---- a/tunables.h
-+++ b/tunables.h
-@@ -67,6 +67,8 @@ extern int tunable_force_local_data_ssl;      /* Require local data uses SSL */
- extern int tunable_sslv2;                     /* Allow SSLv2 */
- extern int tunable_sslv3;                     /* Allow SSLv3 */
- extern int tunable_tlsv1;                     /* Allow TLSv1 */
-+extern int tunable_tlsv1_1;                   /* Allow TLSv1.1 */
-+extern int tunable_tlsv1_2;                   /* Allow TLSv1.2 */
- extern int tunable_tilde_user_enable;         /* Support e.g. ~chris */
- extern int tunable_force_anon_logins_ssl;     /* Require anon logins use SSL */
- extern int tunable_force_anon_data_ssl;       /* Require anon data uses SSL */
-diff --git a/vsftpd.conf.5 b/vsftpd.conf.5
-index cf1ae34..a3d569e 100644
---- a/vsftpd.conf.5
-+++ b/vsftpd.conf.5
-@@ -506,7 +506,7 @@ Default: YES
- Only applies if
- .BR ssl_enable
- is activated. If enabled, this option will permit SSL v2 protocol connections.
--TLS v1 connections are preferred.
-+TLS v1.2 connections are preferred.
- 
- Default: NO
- .TP
-@@ -514,7 +514,7 @@ Default: NO
- Only applies if
- .BR ssl_enable
- is activated. If enabled, this option will permit SSL v3 protocol connections.
--TLS v1 connections are preferred.
-+TLS v1.2 connections are preferred.
- 
- Default: NO
- .TP
-@@ -522,7 +522,23 @@ Default: NO
- Only applies if
- .BR ssl_enable
- is activated. If enabled, this option will permit TLS v1 protocol connections.
--TLS v1 connections are preferred.
-+TLS v1.2 connections are preferred.
-+
-+Default: YES
-+.TP
-+.B ssl_tlsv1_1
-+Only applies if
-+.BR ssl_enable
-+is activated. If enabled, this option will permit TLS v1.1 protocol connections.
-+TLS v1.2 connections are preferred.
-+
-+Default: YES
-+.TP
-+.B ssl_tlsv1_2
-+Only applies if
-+.BR ssl_enable
-+is activated. If enabled, this option will permit TLS v1.2 protocol connections.
-+TLS v1.2 connections are preferred.
- 
- Default: YES
- .TP
-@@ -1044,7 +1060,7 @@ man page for further details. Note that restricting ciphers can be a useful
- security precaution as it prevents malicious remote parties forcing a cipher
- which they have found problems with.
- 
--Default: DES-CBC3-SHA
-+Default: AES128-SHA:DES-CBC3-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384
- .TP
- .B user_config_dir
- This powerful option allows the override of any config option specified in
--- 
-2.14.4
-

0042-When-handling-FEAT-command-check-ssl_tlsv1_1-and-ssl.patch

@@ -23,7 +23,7 @@ index 1212980..d024366 100644
        vsf_cmdio_write_raw(p_sess, " AUTH SSL\r\n");
      }
 -    if (tunable_tlsv1)
-+    if (tunable_tlsv1 || tunable_tlsv1_1 || tunable_tlsv1_2)
++    if (tunable_tlsv1 || tunable_tlsv1_1 || tunable_tlsv1_2 || tunable_tlsv1_3)
      {
        vsf_cmdio_write_raw(p_sess, " AUTH TLS\r\n");
      }

0043-Enable-only-TLSv1.2-by-default.patch

@@ -1,53 +0,0 @@
-From 75c942c77aa575143c5b75637e64a925ad12641a Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= <olysonek@redhat.com>
-Date: Thu, 21 Dec 2017 16:38:40 +0100
-Subject: [PATCH 43/59] Enable only TLSv1.2 by default
-
-Disable TLSv1 and TLSv1.1 - enable only TLSv1.2 by default.
----
- tunables.c    | 6 +++---
- vsftpd.conf.5 | 4 ++--
- 2 files changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/tunables.c b/tunables.c
-index 354251c..9680528 100644
---- a/tunables.c
-+++ b/tunables.c
-@@ -211,9 +211,9 @@ tunables_load_defaults()
-   tunable_force_local_data_ssl = 1;
-   tunable_sslv2 = 0;
-   tunable_sslv3 = 0;
--  /* TLSv1 up to TLSv1.2 is enabled by default */
--  tunable_tlsv1 = 1;
--  tunable_tlsv1_1 = 1;
-+  tunable_tlsv1 = 0;
-+  tunable_tlsv1_1 = 0;
-+  /* Only TLSv1.2 is enabled by default */
-   tunable_tlsv1_2 = 1;
-   tunable_tilde_user_enable = 0;
-   tunable_force_anon_logins_ssl = 0;
-diff --git a/vsftpd.conf.5 b/vsftpd.conf.5
-index 2a7662e..df14027 100644
---- a/vsftpd.conf.5
-+++ b/vsftpd.conf.5
-@@ -539,7 +539,7 @@ Only applies if
- is activated. If enabled, this option will permit TLS v1 protocol connections.
- TLS v1.2 connections are preferred.
- 
--Default: YES
-+Default: NO
- .TP
- .B ssl_tlsv1_1
- Only applies if
-@@ -547,7 +547,7 @@ Only applies if
- is activated. If enabled, this option will permit TLS v1.1 protocol connections.
- TLS v1.2 connections are preferred.
- 
--Default: YES
-+Default: NO
- .TP
- .B ssl_tlsv1_2
- Only applies if
--- 
-2.14.4
-

0076-Correct-the-definition-of-setup_bio_callbacks-in-ssl.patch

@@ -0,0 +1,25 @@
+From f3a745be207831ebd07add16e66ac2b43a743dc1 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Fri, 24 Jan 2025 11:42:39 +0100
+Subject: [PATCH] Correct the definition of setup_bio_callbacks() in ssl.c
+
+---
+ ssl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ssl.c b/ssl.c
+index e518097..02ed489 100644
+--- a/ssl.c
++++ b/ssl.c
+@@ -36,7 +36,7 @@
+ static char* get_ssl_error();
+ static SSL* get_ssl(struct vsf_session* p_sess, int fd);
+ static int ssl_session_init(struct vsf_session* p_sess);
+-static void setup_bio_callbacks();
++static void setup_bio_callbacks(SSL* p_ssl);
+ static long bio_callback(
+   BIO* p_bio, int oper, const char* p_arg, size_t len, int argi, long argl, int ret, size_t *processed);
+ static int ssl_verify_callback(int verify_ok, X509_STORE_CTX* p_ctx);
+-- 
+2.48.1
+

gating.yaml

@@ -4,8 +4,8 @@ product_versions:
 decision_context: bodhi_update_push_testing
 subject_type: koji_build
 rules:
-  - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/public.functional}
-
+  - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/tier1-public.functional}
+ 
 #Rawhide
 --- !Policy
 product_versions:
@@ -13,15 +13,14 @@ product_versions:
 decision_context: bodhi_update_push_stable
 subject_type: koji_build
 rules:
-  - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/public.functional}
-
+  - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/tier1-public.functional}
+ 
 #gating rhel
 --- !Policy
 product_versions:
   - rhel-*
 decision_context: osci_compose_gate
 rules:
-  - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}
-  - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tedude.validation}
+  - !PassingTestCaseRule {test_case_name: osci.brew-build./plans/tier1-public.functional}
   - !PassingTestCaseRule {test_case_name: osci.brew-build./plans/tier1-internal.functional}
-  - !PassingTestCaseRule {test_case_name: osci.brew-build./plans/public.functional}
+

plans.fmf

@@ -0,0 +1,47 @@
+/tier1-internal:
+  plan:
+    import:
+      url: https://gitlab.com/redhat/centos-stream/tests/vsftpd.git
+      name: /plans/tier1/internal
+  adjust:
+    enabled: false
+    when: distro == centos-stream, fedora
+    because: They don't have access to internal repos.
+
+/tier1-public:
+  plan:
+    import:
+      url: https://gitlab.com/redhat/centos-stream/tests/vsftpd.git
+      name: /plans/tier1/public
+
+/tier2-tier3-internal:
+  plan:
+    import:
+      url: https://gitlab.com/redhat/centos-stream/tests/vsftpd.git
+      name: /plans/tier2-tier3/internal
+  adjust:
+    enabled: false
+    when: distro == centos-stream, fedora
+    because: They don't have access to internal repos.
+
+/tier2-tier3-public:
+  plan:
+    import:
+      url: https://gitlab.com/redhat/centos-stream/tests/vsftpd.git
+      name: /plans/tier2-tier3/public
+
+/others-internal:
+  plan:
+    import:
+      url: https://gitlab.com/redhat/centos-stream/tests/vsftpd.git
+      name: /plans/others/internal
+  adjust:
+    enabled: false
+    when: distro == centos-stream, fedora
+    because: They don't have access to internal repos.
+
+/others-public:
+  plan:
+    import:
+      url: https://gitlab.com/redhat/centos-stream/tests/vsftpd.git
+      name: /plans/others/public

plans/public.fmf

@@ -1,6 +0,0 @@
-summary: Test plan with all Fedora tests
-discover:
-       how: fmf
-       url: https://src.fedoraproject.org/tests/vsftpd.git
-execute:
-       how: tmt

plans/tier1-internal.fmf

@@ -1,12 +0,0 @@
-summary: CI plan, picks internal Tier1 tests, runs in beakerlib.
-discover:
-  - name: rhel
-    how: fmf
-    filter: 'tier: 1'
-    url: git://pkgs.devel.redhat.com/tests/vsftpd
-execute:
-    how: tmt 
-adjust:
-    enabled: false
-    when: distro == centos-stream, fedora
-    because: They don't have access to internal repos.

vsftpd-tmpfiles.conf

@@ -0,0 +1,2 @@
+d /var/ftp 0755 root root -
+d /var/ftp/pub 0755 root root -

vsftpd.spec

@@ -2,7 +2,7 @@
 
 Name:    vsftpd
 Version: 3.0.5
-Release: 4%{?dist}
+Release: 14%{?dist}
 Summary: Very Secure Ftp Daemon
 
 # OpenSSL link exception
@@ -18,6 +18,7 @@ Source7:  vsftpd.service
 Source8:  vsftpd@.service
 Source9:  vsftpd.target
 Source10: vsftpd-generator
+Source11: vsftpd-tmpfiles.conf
 
 BuildRequires: make
 BuildRequires: pam-devel
@@ -61,7 +62,6 @@ Patch29: 0029-Fix-segfault-in-config-file-parser.patch
 Patch30: 0030-Fix-logging-into-syslog-when-enabled-in-config.patch
 Patch31: 0031-Fix-question-mark-wildcard-withing-a-file-name.patch
 Patch32: 0032-Propagate-errors-from-nfs-with-quota-to-client.patch
-#Patch33: 0033-Introduce-TLSv1.1-and-TLSv1.2-options.patch
 Patch34: 0034-Turn-off-seccomp-sandbox-because-it-is-too-strict.patch
 Patch36: 0036-Redefine-VSFTP_COMMAND_FD-to-1.patch
 Patch37: 0037-Document-the-relationship-of-text_userdb_names-and-c.patch
@@ -69,8 +69,7 @@ Patch38: 0038-Document-allow_writeable_chroot-in-the-man-page.patch
 Patch39: 0039-Improve-documentation-of-ASCII-mode-in-the-man-page.patch
 Patch40: 0040-Use-system-wide-crypto-policy.patch
 Patch41: 0041-Document-the-new-default-for-ssl_ciphers-in-the-man-.patch
-#Patch42: 0042-When-handling-FEAT-command-check-ssl_tlsv1_1-and-ssl.patch
-#Patch43: 0043-Enable-only-TLSv1.2-by-default.patch
+Patch42: 0042-When-handling-FEAT-command-check-ssl_tlsv1_1-and-ssl.patch
 Patch44: 0044-Disable-anonymous_enable-in-default-config-file.patch
 Patch45: 0045-Expand-explanation-of-ascii_-options-behaviour-in-ma.patch
 Patch46: 0046-vsftpd.conf-Refer-to-the-man-page-regarding-the-asci.patch
@@ -101,6 +100,7 @@ Patch72: vsftpd-3.0.5-replace-old-network-addr-functions.patch
 Patch73: vsftpd-3.0.5-replace-deprecated-openssl-functions.patch
 Patch74: vsftpd-3.0.5-add-option-for-tlsv1.3-ciphersuites.patch
 Patch75: vsftpd-3.0.5-use-old-tlsv-options.patch
+Patch76: 0076-Correct-the-definition-of-setup_bio_callbacks-in-ssl.patch
 
 %description
 vsftpd is a Very Secure FTP daemon. It was written completely from
@@ -120,13 +120,13 @@ cp %{SOURCE1} .
         LINK="-pie -lssl $RPM_LD_FLAGS" %{?_smp_mflags}
 
 %install
-mkdir -p $RPM_BUILD_ROOT%{_sbindir}
+mkdir -p $RPM_BUILD_ROOT%{_bindir}
 mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}
 mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/{vsftpd,pam.d,logrotate.d}
 mkdir -p $RPM_BUILD_ROOT%{_mandir}/man{5,8}
 mkdir -p $RPM_BUILD_ROOT%{_unitdir}
 mkdir -p $RPM_BUILD_ROOT%{_generatorsdir}
-install -m 755 vsftpd  $RPM_BUILD_ROOT%{_sbindir}/vsftpd
+install -m 755 vsftpd  $RPM_BUILD_ROOT%{_bindir}/vsftpd
 install -m 600 vsftpd.conf $RPM_BUILD_ROOT%{_sysconfdir}/vsftpd/vsftpd.conf
 install -m 644 vsftpd.conf.5 $RPM_BUILD_ROOT/%{_mandir}/man5/
 install -m 644 vsftpd.8 $RPM_BUILD_ROOT/%{_mandir}/man8/
@@ -139,6 +139,7 @@ install -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{_unitdir}
 install -m 644 %{SOURCE8} $RPM_BUILD_ROOT%{_unitdir}
 install -m 644 %{SOURCE9} $RPM_BUILD_ROOT%{_unitdir}
 install -m 755 %{SOURCE10} $RPM_BUILD_ROOT%{_generatorsdir}
+install -Dpm 644 %{SOURCE11} $RPM_BUILD_ROOT%{_tmpfilesdir}/vsftpd.conf
                             
 mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub
 
@@ -155,7 +156,7 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub
 %files
 %{_unitdir}/*
 %{_generatorsdir}/*
-%{_sbindir}/vsftpd
+%{_bindir}/vsftpd
 %dir %{_sysconfdir}/vsftpd
 %{_sysconfdir}/vsftpd/vsftpd_conf_migrate.sh
 %config(noreplace) %{_sysconfdir}/vsftpd/ftpusers
@@ -168,8 +169,39 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/ftp/pub
 %{_mandir}/man5/vsftpd.conf.*
 %{_mandir}/man8/vsftpd.*
 %{_var}/ftp
+%{_tmpfilesdir}/vsftpd.conf
 
 %changelog
+* Wed Jan 14 2026 Tomas Korbar <tkorbar@redhat.com> - 3.0.5-14
+- Resolve CVE-2025-14242
+
+* Thu Dec 18 2025 Fedor Vorobev <fvorobev@redhat.com> - 3.0.5-13
+- Add a tmpfiles.d config. (image mode support)
+
+* Fri Jul 25 2025 Fedora Release Engineering <releng@fedoraproject.org> - 3.0.5-12
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
+
+* Tue Apr 15 2025 Tomas Korbar <tkorbar@redhat.com> - 3.0.5-11
+- Move executable to bindir
+
+* Fri Jan 24 2025 Stepan Broz <sbroz@redhat.com> - 3.0.5-10
+- Correct the definition of setup_bio_callbacks() in ssl.c
+
+* Sun Jan 19 2025 Fedora Release Engineering <releng@fedoraproject.org> - 3.0.5-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
+
+* Mon Aug 19 2024 Tomas Korbar <tkorbar@redhat.com> - 3.0.5-8
+- Fix FEAT command to list AUTH TLS when TLSv1.3 is enabled
+
+* Sat Jul 20 2024 Fedora Release Engineering <releng@fedoraproject.org> - 3.0.5-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
+
+* Sat Jan 27 2024 Fedora Release Engineering <releng@fedoraproject.org> - 3.0.5-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Sat Jul 22 2023 Fedora Release Engineering <releng@fedoraproject.org> - 3.0.5-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
 * Thu May 04 2023 Richard Lescak <rlescak@redhat.com> - 3.0.5-4
 - add option for TLSv1.3 ciphersuites
 - SPDX migration