From 42d05f956fc32f784dd611fe38461c238c756392 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Fri, 3 Jun 2022 22:12:14 +0000 Subject: [PATCH] import sscg-2.3.3-15.el8 --- SOURCES/0001-Generate-manpage.patch | 6 +++--- ...002-Adjust-defaults-based-on-system-security-level.patch | 6 +++--- ...djust-hash-defaults-based-on-system-security-level.patch | 6 +++--- SOURCES/0004-Properly-check-all-return-values.patch | 6 +++--- SOURCES/0005-Add-password-support-for-private-keys.patch | 6 +++--- .../0006-Allow-specifying-keyfile-password-by-file.patch | 6 +++--- ...7-Add-support-for-client-certificates-and-dhparams.patch | 6 +++--- SOURCES/0008-Fix-client-cert-issues-found-by-CI-tests.patch | 6 +++--- SOURCES/0009-Fix-help-message-for-client-key-file.patch | 6 +++--- .../0010-Better-validation-of-command-line-arguments.patch | 6 +++--- SPECS/sscg.spec | 6 +++++- 11 files changed, 35 insertions(+), 31 deletions(-) diff --git a/SOURCES/0001-Generate-manpage.patch b/SOURCES/0001-Generate-manpage.patch index cc55444..43146df 100644 --- a/SOURCES/0001-Generate-manpage.patch +++ b/SOURCES/0001-Generate-manpage.patch @@ -1,7 +1,7 @@ -From 71e2451c6ba4d5f17de9e24687b66b93f2e58954 Mon Sep 17 00:00:00 2001 +From b0157a6a4c5385dfe720d7eb2f91a473ab0bd592 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Mon, 17 Sep 2018 09:58:25 -0400 -Subject: [PATCH 1/6] Generate manpage +Subject: [PATCH 01/11] Generate manpage Signed-off-by: Stephen Gallagher --- @@ -46,5 +46,5 @@ index e6f33475cce6891d17656bcd10e1afabd43bdc07..a2ca4ba1472bfff61fbbd30ba1ddc7ec + 'man8'), +) -- -2.23.0 +2.35.1 diff --git a/SOURCES/0002-Adjust-defaults-based-on-system-security-level.patch b/SOURCES/0002-Adjust-defaults-based-on-system-security-level.patch index 3fd62ce..03b10e2 100644 --- a/SOURCES/0002-Adjust-defaults-based-on-system-security-level.patch +++ b/SOURCES/0002-Adjust-defaults-based-on-system-security-level.patch @@ -1,7 +1,7 @@ -From 942d9fa4f582a372af3d0bd499f073760dec2335 Mon Sep 17 00:00:00 2001 +From 7074c05cfb250aaa639cf88f54564db852223165 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Tue, 27 Nov 2018 13:24:37 -0500 -Subject: [PATCH 2/6] Adjust defaults based on system security level +Subject: [PATCH 02/11] Adjust defaults based on system security level Also permit arbitrary keylengths. @@ -204,5 +204,5 @@ index b2c7cbbfd9dc69d9f55a18bc91ed6023c0e64c2e..85a42404aa94524b560755d506b89330 goto done; } -- -2.23.0 +2.35.1 diff --git a/SOURCES/0003-Adjust-hash-defaults-based-on-system-security-level.patch b/SOURCES/0003-Adjust-hash-defaults-based-on-system-security-level.patch index 66e8224..49ab056 100644 --- a/SOURCES/0003-Adjust-hash-defaults-based-on-system-security-level.patch +++ b/SOURCES/0003-Adjust-hash-defaults-based-on-system-security-level.patch @@ -1,7 +1,7 @@ -From 298015e8a7cf35cc0de581203b44826d2ae1d406 Mon Sep 17 00:00:00 2001 +From 0cf3235a6d21f17657b78863576a9adda227cc31 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Wed, 28 Nov 2018 08:00:08 -0500 -Subject: [PATCH 3/6] Adjust hash defaults based on system security level +Subject: [PATCH 03/11] Adjust hash defaults based on system security level Unlike the key-strength, this does not set a minimum level because it's not a simple calculation. We will have to rely on libcrypto @@ -111,5 +111,5 @@ index 85a42404aa94524b560755d506b893300a4414cd..58855f764480d24d6c0f57460b22a3a8 { fprintf (stderr, "Unsupported hashing algorithm."); -- -2.23.0 +2.35.1 diff --git a/SOURCES/0004-Properly-check-all-return-values.patch b/SOURCES/0004-Properly-check-all-return-values.patch index 9225fe7..f834ff5 100644 --- a/SOURCES/0004-Properly-check-all-return-values.patch +++ b/SOURCES/0004-Properly-check-all-return-values.patch @@ -1,7 +1,7 @@ -From 9e4497d1dd2a337be1f69e0cfb24ce8080690ccf Mon Sep 17 00:00:00 2001 +From 6c9ae621c41e1df30dead272aaee30a231c82cef Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Wed, 28 Nov 2018 09:16:29 -0500 -Subject: [PATCH 4/6] Properly check all return values +Subject: [PATCH 04/11] Properly check all return values Signed-off-by: Stephen Gallagher --- @@ -47,5 +47,5 @@ index 6d152fc969d745cc5cf085116c8688866f9d6ab4..18f0627bc64e7cb503a9e81c36dbe726 /* We'll create a random number of sizeof(unsigned long) - 1 bits to use as the serial. We use unsigned long to ensure that it -- -2.23.0 +2.35.1 diff --git a/SOURCES/0005-Add-password-support-for-private-keys.patch b/SOURCES/0005-Add-password-support-for-private-keys.patch index 4e21a9a..3db78b6 100644 --- a/SOURCES/0005-Add-password-support-for-private-keys.patch +++ b/SOURCES/0005-Add-password-support-for-private-keys.patch @@ -1,7 +1,7 @@ -From 7190d08e1a166455e767769492b8c6b9f41bc0da Mon Sep 17 00:00:00 2001 +From 9166f6ceaa925584bcf30a132b8f560ff61b6bb3 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Wed, 5 Jun 2019 17:08:23 -0400 -Subject: [PATCH 5/6] Add password support for private keys +Subject: [PATCH 05/11] Add password support for private keys Fixes: https://github.com/sgallagher/sscg/issues/14 @@ -269,5 +269,5 @@ index 58855f764480d24d6c0f57460b22a3a83281e37e..9dc926c77038105ca881a612cccd1913 BIO_get_fp (ca_key_out, &fp); if (options->verbosity >= SSCG_DEBUG) -- -2.23.0 +2.35.1 diff --git a/SOURCES/0006-Allow-specifying-keyfile-password-by-file.patch b/SOURCES/0006-Allow-specifying-keyfile-password-by-file.patch index 6487436..c869543 100644 --- a/SOURCES/0006-Allow-specifying-keyfile-password-by-file.patch +++ b/SOURCES/0006-Allow-specifying-keyfile-password-by-file.patch @@ -1,7 +1,7 @@ -From 9cb7daa54708dcf5e6500cd20ec7b1cc2f6f6350 Mon Sep 17 00:00:00 2001 +From bfb35ad835e6fcbe97c2d70b3ca8f724b4dc2a5f Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Mon, 10 Jun 2019 10:15:42 -0400 -Subject: [PATCH 6/6] Allow specifying keyfile password by file +Subject: [PATCH 06/11] Allow specifying keyfile password by file Signed-off-by: Stephen Gallagher --- @@ -149,5 +149,5 @@ index 9dc926c77038105ca881a612cccd1913bc2d42f1..a02e4df66c6cf9ec1865f425b4a15da8 if (options->key_strength < options->minimum_key_strength) -- -2.23.0 +2.35.1 diff --git a/SOURCES/0007-Add-support-for-client-certificates-and-dhparams.patch b/SOURCES/0007-Add-support-for-client-certificates-and-dhparams.patch index e22236e..ea03511 100644 --- a/SOURCES/0007-Add-support-for-client-certificates-and-dhparams.patch +++ b/SOURCES/0007-Add-support-for-client-certificates-and-dhparams.patch @@ -1,7 +1,7 @@ -From ceed1c19b6002164482eb358570a91a9563ce694 Mon Sep 17 00:00:00 2001 +From 6a66c249ef497c7b341a618bf458284113c4e958 Mon Sep 17 00:00:00 2001 From: Tim Burke Date: Wed, 2 Oct 2019 13:10:23 -0700 -Subject: [PATCH 7/7] Add support for client certificates and dhparams +Subject: [PATCH 07/11] Add support for client certificates and dhparams Resolves: rhbz#1720667 @@ -2647,5 +2647,5 @@ index 0000000000000000000000000000000000000000..b054b40ea73ca98870836bd89ea10677 + return ret; +} -- -2.23.0 +2.35.1 diff --git a/SOURCES/0008-Fix-client-cert-issues-found-by-CI-tests.patch b/SOURCES/0008-Fix-client-cert-issues-found-by-CI-tests.patch index 152464a..12b92d6 100644 --- a/SOURCES/0008-Fix-client-cert-issues-found-by-CI-tests.patch +++ b/SOURCES/0008-Fix-client-cert-issues-found-by-CI-tests.patch @@ -1,7 +1,7 @@ -From 8afa0ce578ecd5cc3a397707fdb163cc169b9bd1 Mon Sep 17 00:00:00 2001 +From 846ea9642360184afb38cf2d8fed01e4fbc84410 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Fri, 13 Dec 2019 08:25:01 -0500 -Subject: [PATCH 8/8] Fix client-cert issues found by CI tests +Subject: [PATCH 08/11] Fix client-cert issues found by CI tests Resolves: rhbz#1720667 @@ -94,5 +94,5 @@ index 18f0627bc64e7cb503a9e81c36dbe726186d1144..c173f539791fbbc51e52e6b121e587dc return ret; } -- -2.23.0 +2.35.1 diff --git a/SOURCES/0009-Fix-help-message-for-client-key-file.patch b/SOURCES/0009-Fix-help-message-for-client-key-file.patch index 04e0777..0d087e7 100644 --- a/SOURCES/0009-Fix-help-message-for-client-key-file.patch +++ b/SOURCES/0009-Fix-help-message-for-client-key-file.patch @@ -1,7 +1,7 @@ -From fa6be1a9bbc8c5d42a248e398e3aac08078e311e Mon Sep 17 00:00:00 2001 +From 80f1965776d1213aeb4bee71e615ec8717249700 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Fri, 13 Dec 2019 11:51:43 -0500 -Subject: [PATCH 9/9] Fix help message for --client-key-file +Subject: [PATCH 09/11] Fix help message for --client-key-file Resolves: rhbz#1720667 @@ -32,5 +32,5 @@ index f34a43b83e562d0bd7da9a77e25911762db83693..4d009a67488e83c4332f58ee52f7d6ea }, -- -2.24.1 +2.35.1 diff --git a/SOURCES/0010-Better-validation-of-command-line-arguments.patch b/SOURCES/0010-Better-validation-of-command-line-arguments.patch index 7e934e9..2f99705 100644 --- a/SOURCES/0010-Better-validation-of-command-line-arguments.patch +++ b/SOURCES/0010-Better-validation-of-command-line-arguments.patch @@ -1,7 +1,7 @@ -From 87530e9ebc872761c06506f3cb6a4fa5c494a614 Mon Sep 17 00:00:00 2001 +From 870f8338b73f3300d4030eb31df8416fa7208f89 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Tue, 7 Jan 2020 14:32:01 -0500 -Subject: [PATCH 10/10] Better validation of command line arguments +Subject: [PATCH 10/11] Better validation of command line arguments Check that key passphrases are within 4-1023 characters @@ -916,5 +916,5 @@ index c173f539791fbbc51e52e6b121e587dca43924d4..42315d42d1e03460a8121e1592d8e7fc /* Sign the new certificate */ -- -2.24.1 +2.35.1 diff --git a/SPECS/sscg.spec b/SPECS/sscg.spec index 235e7fb..e55fb38 100644 --- a/SPECS/sscg.spec +++ b/SPECS/sscg.spec @@ -9,7 +9,7 @@ Name: sscg Version: 2.3.3 -Release: 14%{?dist} +Release: 15%{?dist} Summary: Simple SSL certificate generator License: BSD @@ -79,6 +79,10 @@ false signatures from the service certificate. %{_mandir}/man8/%{name}.8* %changelog +* Thu Jun 02 2022 Stephen Gallagher - 2.3.3-15 +- Fix certificate lifetime calculation +- Resolves: rhbz#2091525 + * Tue Jan 21 2020 Stephen Gallagher - 2.3.3-14 - Properly handling reading long passphrase files.