From 827b9d2f8d8f044bcf8ce4372daf5084d9c4749f Mon Sep 17 00:00:00 2001 From: Vitezslav Crhonek Date: Thu, 15 May 2014 12:43:40 +0200 Subject: [PATCH] Fix SFCB fails to start: Failure setting ECDH curve name (secp224r1) --- ...m-sfcb-1.4.8-default-ecdh-curve-name.patch | 26 +++++++++++++++++++ sblim-sfcb.spec | 10 ++++++- 2 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 sblim-sfcb-1.4.8-default-ecdh-curve-name.patch diff --git a/sblim-sfcb-1.4.8-default-ecdh-curve-name.patch b/sblim-sfcb-1.4.8-default-ecdh-curve-name.patch new file mode 100644 index 0000000..3268d49 --- /dev/null +++ b/sblim-sfcb-1.4.8-default-ecdh-curve-name.patch @@ -0,0 +1,26 @@ +diff -up sblim-sfcb-1.4.8/control.c.orig sblim-sfcb-1.4.8/control.c +--- sblim-sfcb-1.4.8/control.c.orig 2014-03-27 00:46:28.000000000 +0100 ++++ sblim-sfcb-1.4.8/control.c 2014-05-15 12:31:38.304169409 +0200 +@@ -170,7 +170,7 @@ static Control init[] = { + {"sslCertList", CTL_STRING, SFCB_CONFDIR "/clist.pem", {0}}, + {"sslCiphers", CTL_STRING, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH", {0}}, + {"sslDhParamsFilePath", CTL_STRING, NULL, {0}}, +- {"sslEcDhCurveName", CTL_STRING, "secp224r1", {0}}, ++ {"sslEcDhCurveName", CTL_STRING, "secp384r1", {0}}, + {"enableSslCipherServerPref", CTL_BOOL, NULL, {.b=0}}, + + {"registrationDir", CTL_STRING, SFCB_STATEDIR "/registration", {0}}, +diff -up sblim-sfcb-1.4.8/sfcb.cfg.pre.in.orig sblim-sfcb-1.4.8/sfcb.cfg.pre.in +--- sblim-sfcb-1.4.8/sfcb.cfg.pre.in.orig 2014-05-15 12:31:59.188244865 +0200 ++++ sblim-sfcb-1.4.8/sfcb.cfg.pre.in 2014-05-15 12:32:45.554408412 +0200 +@@ -293,8 +293,8 @@ sslCiphers: ALL:!ADH:!LOW:!EXP:!MD5:@STR + ## environment. If this value is not set, the indicated default is in effect. + ## If the value is set but the curve name is not recognized by the underlying + ## openssl implementation, SFCB will abort. +-## Default is secp224r1 +-#sslEcDhCurveName: secp224r1 ++## Default is secp384r1 ++#sslEcDhCurveName: secp384r1 + + ## When set to true, sets the SSL_OP_CIPHER_SERVER_PREFERENCE flag for the ssl + ## context, to enforce server's preference instead of the client preference for diff --git a/sblim-sfcb.spec b/sblim-sfcb.spec index 4c386d1..912e2cd 100644 --- a/sblim-sfcb.spec +++ b/sblim-sfcb.spec @@ -8,7 +8,7 @@ Name: sblim-sfcb Summary: Small Footprint CIM Broker URL: http://sblim.wiki.sourceforge.net/ Version: 1.4.8 -Release: 1%{?dist} +Release: 2%{?dist} Group: Applications/System License: EPL Source0: http://downloads.sourceforge.net/sblim/%{name}-%{version}.tar.bz2 @@ -28,6 +28,9 @@ Patch2: sblim-sfcb-1.3.16-maxMsgLen.patch Patch3: sblim-sfcb-1.4.5-service.patch # Patch4: fixes multilib issue with man page and config file Patch4: sblim-sfcb-1.3.16-multilib-man-cfg.patch +# Patch5: change default ecdh curve name, as the original is not enabled +# in openssl on Fedora, rhbz#1097794 +Patch5: sblim-sfcb-1.4.8-default-ecdh-curve-name.patch Provides: cim-server = 0 Requires: cim-schema Requires: sblim-sfcCommon @@ -60,6 +63,7 @@ Programming Interface (CMPI). %patch2 -p1 -b .maxMsgLen %patch3 -p1 -b .service %patch4 -p1 -b .multilib-man-cfg +%patch5 -p1 -b .default-ecdh-curve-name %build %configure --enable-debug --enable-uds --enable-ssl --enable-pam --enable-ipv6 \ @@ -119,6 +123,10 @@ fi; %files -f _pkg_list %changelog +* Thu May 15 2014 Vitezslav Crhonek - 1.4.8-2 +- Fix SFCB fails to start: Failure setting ECDH curve name (secp224r1) + Resolves: #1097794 + * Thu Mar 27 2014 Vitezslav Crhonek - 1.4.8-1 - Update to sblim-sfcb-1.4.8