[proftpd/el5] Add 3072-bit and 7680-bit DH parameters (upstream bug 4002)

Fri Dec 20 22:43:38 UTC 2013

commit 9415a4698341f55ccd6f163038234ff360188707
Author: Paul Howarth <paul at city-fan.org>
Date:   Fri Dec 20 22:40:41 2013 +0000

    Add 3072-bit and 7680-bit DH parameters (upstream bug 4002)

 proftpd-sftp-dh7680-bug4002.patch |   68 +++++++++++++++++++++++++++++++++++++
 proftpd.spec                      |    8 ++++-
 2 files changed, 75 insertions(+), 1 deletions(-)
---

diff --git a/proftpd-sftp-dh7680-bug4002.patch b/proftpd-sftp-dh7680-bug4002.patch
new file mode 100644
index 0000000..f528f48
--- /dev/null
+++ b/proftpd-sftp-dh7680-bug4002.patch
@@ -0,0 +1,68 @@
+Index: contrib/mod_sftp/dhparams.pem
+===================================================================
+RCS file: /cvsroot/proftp/proftpd/contrib/mod_sftp/dhparams.pem,v
+retrieving revision 1.2
+diff -u -r1.2 dhparams.pem
+--- contrib/mod_sftp/dhparams.pem	14 Jan 2013 22:19:05 -0000	1.2
++++ contrib/mod_sftp/dhparams.pem	20 Dec 2013 18:09:45 -0000
+@@ -5,7 +5,7 @@
+ #
+ # The file was generated using the following OpenSSL command:
+ #
+-#   openssl dhparam -outform PEM -2|-5 1024|1536|2048|4096|6144|8192 >> dhparams.pem
++#   openssl dhparam -outform PEM -2|-5 1024|1536|2048|3072|4096|6144|7680|8192 >> dhparams.pem
+ #
+ # Note that these DH parameters should be refreshed every so often (e.g.
+ # every few years).  These parameters were last updated on 2013-01-14.
+@@ -83,6 +83,19 @@
+ 50XSRbAiSV8ephW8mbwCOLthruMKT7GDTwIBBQ==
+ -----END DH PARAMETERS-----
+ 
++# 3072-bit DH group params
++-----BEGIN DH PARAMETERS-----
++MIIBiAKCAYEA0kEgFEhmtqWiDoykb2ptlZQ3hcB6MP5Bd1mDDjG38j1MFWV6Uaj8
++T4y3tGUntQ0H/OJ8GEueL9OS9q2NU67GJ/XjtoXDVmZOdzYwN3Lr52/RnwLdUCH9
++MZjbXJYoqDJyXSHIFd40fRUkzZRYN6HZTkDad6wsoBgibe3gRvEzp7nBIJlDZy85
++9hmLJHJNGqgIpOTbX9AUNGVSAHEINx6kKX0c1/Kc5nhCytqRdYLnwqeryMdlZ4N0
++qlG8KJum0A8mEpgvUM5D0BLTbjkKgOoORsfrhzykqfxUrv+Pwcb/6UBbPSR99OSZ
++nFBlP3xSTl1WucWNmeZ3o2lZF4H/WosuoiVsPtO3aKYiLEhRxJiQOrMzVnSOdTR7
++d3Sg8a+ufSyccCCjOHssRKk//qoiUpN5R53/lxpUrfl+cJXGuvp+4EM+mfRDKCo7
++FTTaU2QFkF9A7dddwsABZQeqcADVN7T6L8/AIF66mwH7nvaJeNenTUqZTR+i8Doe
++V/QbD1cYDtHzAgEC
++-----END DH PARAMETERS-----
++
+ # 4096-bit DH group params
+ -----BEGIN DH PARAMETERS-----
+ MIICCAKCAgEAnlCYvstlmd2VCDwdI8u0khgNwpuGmjPv17RSGCnSjx6DjuYeOqGn
+@@ -119,6 +132,31 @@
+ wnKl1+O4DPcbAgEC
+ -----END DH PARAMETERS-----
+ 
++# 7680-bit DH group params
++-----BEGIN DH PARAMETERS-----
++MIIDyAKCA8EAmMxFUnXytlC9fIDwSgeG9cM+nqvPDufhOvzVwXXyKutq2rT+b8Iq
++A/rTbvRLro1XpJedzS83HNfsHeCfKC6L5vMAT2rkOSAVjQCBs9/HfdzDXtU6QEqG
++GDW6psiGNkgCahNKVxw1+kgKdnQc5sSKsK0iFXGdXFdaebWYN2yRFH8O+yWC/TQk
++BVc3c6d+Bo1H7VTRJkKz6duL/GRmFVdznhTU8yx+oydfOAjkxNsMaX+/cuTbqcUN
++LJm/g1tKVSw+1mvY9f4q1/B+hV8QxpbfcN8nYrye1+dmAPj/x+T1rfFVXMfQP4Ok
++p0IKom5Esc7e5LZsGqngRl9e6gXgDM+hMX6w7XU/bvaKugBKTNj8PAugIFrsrybR
++voB1bQynUEId1/q7c9soEicwEbGEiZ26LyaPHenAm1j8940Bp63SgiCfuCoEJAda
++A9DWq9idP4eKECFTlt6j3UPs45if3SfkWf6KleZAO8e1LHSkLuRaZpHPzLaZ6zbE
++bA8m8rdOhkbTkTNfVbEa0jTI8Ag4cq5LrMFSiPLRVVQadQzepBB0pv7F4UsqQwzU
++b7FEwBm5xWQG+AlOugc1kZdgcSMdu4C2BhaKOe3xH1SfwEHZSxz3yKtxGcdIcSD3
++RTUQdX0/Yjj8Ia9asC+pZmbS2MGPehQdIvUmWMGeQkwLXz7bBVFBuOei8hkPnRwJ
++ItihKSkZB0fk2olVmYzJwY4VOnfL1EWk6jKbndYBsJE0h/J3lO/xmMGaVmPhINQE
++0kJipmRpqT9sEmghCmYTH5pjymnuOXEIDuAjjNxsaAAuGF9h2jlnAHQimQq3Kch1
++Hwlkb6R2T1XSizA838oLvqmyLOhYzHVVCnqq6DG9W7AAdaouL4tjNFNs9afsR3KG
++H71IiS9+rv7u0m0dYrdRmpx6iXAIASTwhld2IFDyiUPeLYL2Jt9WPHdSA0aySF+7
++z/ntskV5soDIlUYQDZeKLuk2Lw+AMEbNgifCm7bLARm/fI9+c+IaBLE+e+zm+puO
++UHYcWy75NQG8zT2RICuHvvIUkHhgtIDk7K/1AscCDVCgMTYtwMF16nJe+6Omn8TT
++iQQZp76zZoTqjTRDLC9NszXxuewCi8JuklDyubPrqLTeM32bCZwjibPzL/O2NsGY
++0N7AbX7nnBKrAhibA9wdBJpQUrjT2SfEZGHYPA0U24Cm8JKBRu6WHdGH97gwH9bY
++ST5JTdXGPimZanmzidsGqLla4VxWGx+BWMLwXQtLaypHGfDFXHVpMY9KROGmtzsD
++OcXDR4ullYdbAgEC
++-----END DH PARAMETERS-----
++
+ # 8192-bit DH group params
+ -----BEGIN DH PARAMETERS-----
+ MIIECAKCBAEAxcFcwEBebGISxZbtnocUuiv8Z5GoFb1fi3szRz1y1j6Hwe8mTzVM
diff --git a/proftpd.spec b/proftpd.spec
index d876b6a..47511e3 100644
--- a/proftpd.spec
+++ b/proftpd.spec
@@ -30,6 +30,7 @@ Patch0:			proftpd-1.3.3g-bug3841.patch
 Patch1:			proftpd-mod-vroot-0.8.5-bug3841.patch
 Patch2:			proftpd-1.3.3g-bug3973.patch
 Patch3:			proftpd-1.3.3g-bz1044586.patch
+Patch4:			proftpd-sftp-dh7680-bug4002.patch
 BuildRoot:		%{_tmppath}/%{name}-%{version}-%{release}-root
 Requires(post):		/sbin/chkconfig
 Requires(preun):	/sbin/service, /sbin/chkconfig, coreutils, findutils
@@ -99,6 +100,10 @@ mv contrib/README contrib/README.contrib
 # Fix support for 8192-bit DH parameters (#1044586)
 %patch3
 
+# Add 3072-bit and 7680-bit DH parameters
+# http://bugs.proftpd.org/show_bug.cgi?id=4002
+%patch4
+
 # Set up directory names in config file
 sed -e 's#@PKIDIR@#%{pkidir}#g' \
 	%{SOURCE1} > proftpd.conf
@@ -288,8 +293,9 @@ fi
 %{_libexecdir}/proftpd/mod_sql_postgres.so
 
 %changelog
-* Thu Dec 19 2013 Paul Howarth <paul at city-fan.org> 1.3.3g-4
+* Fri Dec 20 2013 Paul Howarth <paul at city-fan.org> 1.3.3g-4
 - Fix support for 8192-bit DH parameters (#1044586)
+- Add 3072-bit and 7680-bit DH parameters (upstream bug 4002)
 
 * Sat Sep 14 2013 Paul Howarth <paul at city-fan.org> 1.3.3g-3
 - Fix mod_sftp/mod_sftp_pam invalid pool allocation during kbdint authentication
