From d614e8aa11f9520416f7ef10f93a29670efe1505 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Thu, 21 Sep 2017 14:55:16 -0400 Subject: [PATCH] Require sscg 2.2.0 for creating service and CA certificates together Signed-off-by: Stephen Gallagher --- httpd-ssl-gencerts | 7 ++----- httpd.spec | 7 +++++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/httpd-ssl-gencerts b/httpd-ssl-gencerts index 67b6d9a..371a838 100755 --- a/httpd-ssl-gencerts +++ b/httpd-ssl-gencerts @@ -5,18 +5,15 @@ set -e FQDN=`hostname` if test -f /etc/pki/tls/certs/localhost.crt -o \ - -f /etc/pki/tls/private/localhost.key -o \ - -f /etc/pki/tls/certs/localhost-ca.crt; then + -f /etc/pki/tls/private/localhost.key; then exit 1 fi sscg -q \ --cert-file /etc/pki/tls/certs/localhost.crt \ --cert-key-file /etc/pki/tls/private/localhost.key \ - --ca-file /etc/pki/tls/certs/localhost-ca.crt \ + --ca-file /etc/pki/tls/certs/localhost.crt \ --lifetime 365 \ --hostname $FQDN \ --email root@$FQDN -# mod_ssl will send the CA cert if it's appended to the server cert. -cat /etc/pki/tls/certs/localhost-ca.crt >> /etc/pki/tls/certs/localhost.crt diff --git a/httpd.spec b/httpd.spec index 65884a8..6cff5f7 100644 --- a/httpd.spec +++ b/httpd.spec @@ -13,7 +13,7 @@ Summary: Apache HTTP Server Name: httpd Version: 2.4.27 -Release: 10%{?dist} +Release: 11%{?dist} URL: https://httpd.apache.org/ Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2 Source1: index.html @@ -158,7 +158,7 @@ BuildRequires: openssl-devel Requires(post): openssl, /bin/cat, hostname Requires(pre): httpd-filesystem Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa} -Requires: sscg >= 2.1.0 +Requires: sscg >= 2.2.0 Obsoletes: stronghold-mod_ssl # Require an OpenSSL which supports PROFILE=SYSTEM Conflicts: openssl-libs < 1:1.0.1h-4 @@ -689,6 +689,9 @@ rm -rf $RPM_BUILD_ROOT %{_rpmconfigdir}/macros.d/macros.httpd %changelog +* Thu Sep 21 2017 Stephen Gallagher - 2.4.27-11 +- Require sscg 2.2.0 for creating service and CA certificates together + * Thu Sep 21 2017 Jeroen van Meeuwen - 2.4.27-10 - Address CVE-2017-9798 by applying patch from upstream (#1490344)