Comply with Fedora crypto policy

2020-06-25 15:20:21 +02:00 · 2020-06-25 15:20:21 +02:00 · 8adfcbb8aa
commit 8adfcbb8aa
parent a8b5a04978
2 changed files with 32 additions and 1 deletions
--- a/pegasus-2.14.1-crypto-policy-compliance.patch
+++ b/pegasus-2.14.1-crypto-policy-compliance.patch
@ -0,0 +1,24 @@
+diff -up pegasus/rpm/manLinux/man8.Z/cimconfig.8.orig pegasus/rpm/manLinux/man8.Z/cimconfig.8
+--- pegasus/rpm/manLinux/man8.Z/cimconfig.8.orig	2020-06-25 14:03:32.211892328 +0200
+++ pegasus/rpm/manLinux/man8.Z/cimconfig.8	2020-06-25 14:11:31.687821336 +0200
+@@ -463,7 +463,7 @@ mentioned between single quotes since it
+ like .+, !, -. 
+ .PD 0
+ .IP
+-.BR "Default Value: " DEFAULT\ (The\ default\ cipher\ list\ of\ OpenSSL)
+.BR "Default Value: " PROFILE=SYSTEM\ (Protocols\ enforced\ by\ system-wide\ crypto\ policy)
+ .IP
+ .BR Dynamic: \0No
+ .PD
+diff -up pegasus/src/Pegasus/Config/SecurityPropertyOwner.cpp.orig pegasus/src/Pegasus/Config/SecurityPropertyOwner.cpp
+--- pegasus/src/Pegasus/Config/SecurityPropertyOwner.cpp.orig	2020-06-25 14:02:19.104445704 +0200
+++ pegasus/src/Pegasus/Config/SecurityPropertyOwner.cpp	2020-06-25 14:02:54.695663130 +0200
+@@ -140,7 +140,7 @@ static struct ConfigPropertyRow properti
+ #ifdef PEGASUS_ENABLE_USERGROUP_AUTHORIZATION
+     {"authorizedUserGroups", "", IS_STATIC, IS_VISIBLE},
+ #endif
+-    {"sslCipherSuite", "DEFAULT", IS_STATIC, IS_VISIBLE}
+    {"sslCipherSuite", "PROFILE=SYSTEM", IS_STATIC, IS_VISIBLE}
+ #ifdef PEGASUS_ENABLE_SESSION_COOKIES
+     ,{"httpSessionTimeout", "0", IS_DYNAMIC, IS_VISIBLE}
+ #endif
--- a/tog-pegasus.spec
+++ b/tog-pegasus.spec
@ -8,7 +8,7 @@

 Name:           tog-pegasus
 Version:        %{major_ver}.1
-Release:        52%{?dist}
+Release:        53%{?dist}
 Epoch:          2
 Summary:        OpenPegasus WBEM Services for Linux

@ -99,6 +99,9 @@ Patch41:        pegasus-2.14.1-ssl-cert-path.patch
 Patch42:        pegasus-2.14.1-openssl-1.1-fix.patch
 # 43: fix -Wreserved-user-defined-literal warnings which prevents building with clang
 Patch43:	pegasus-2.14.1-fix-Wreserved-user-defined-literal.patch
+# 44: comply with Fedora crypto policy
+#  (use 'PROFILE=SYSTEM' instead of 'DEFAULT' in SSL_CTX_set_cipher_list calls)
+Patch44:	pegasus-2.14.1-crypto-policy-compliance.patch

 BuildRequires:  procps, libstdc++, pam-devel
 BuildRequires:  openssl, openssl-devel
@ -250,6 +253,7 @@ yes | mak/CreateDmtfSchema 238 %{SOURCE9} cim_schema_2.38.0
 %patch41 -p1 -b .ssl-cert-path
 %patch42 -p1 -b .openssl-1.1-fix
 %patch43 -p1 -b .Wreserved-user-defined-literal-fix
+%patch44 -p1 -b .crypto-policy-compliance


 %build
@ -551,6 +555,9 @@ fi


 %changelog
+* Thu Jun 25 2020 Vitezslav Crhonek <vcrhonek@redhat.com> - 2:2.14.1-53
+- Comply with Fedora crypto policy
+
 * Wed Mar 25 2020 Tom Stellard <tstellar@redhat.com> - 2:2.14.1-52
 - Fix -Wreserved-user-defined-literal warnings