From 8adfcbb8aad8f64ad266d21a43414d36656ac798 Mon Sep 17 00:00:00 2001
From: Vitezslav Crhonek <vcrhonek@redhat.com>
Date: Thu, 25 Jun 2020 15:20:21 +0200
Subject: [PATCH] Comply with Fedora crypto policy

---
 pegasus-2.14.1-crypto-policy-compliance.patch | 24 +++++++++++++++++++
 tog-pegasus.spec                              |  9 ++++++-
 2 files changed, 32 insertions(+), 1 deletion(-)
 create mode 100644 pegasus-2.14.1-crypto-policy-compliance.patch

diff --git a/pegasus-2.14.1-crypto-policy-compliance.patch b/pegasus-2.14.1-crypto-policy-compliance.patch
new file mode 100644
index 0000000..08e2957
--- /dev/null
+++ b/pegasus-2.14.1-crypto-policy-compliance.patch
@@ -0,0 +1,24 @@
+diff -up pegasus/rpm/manLinux/man8.Z/cimconfig.8.orig pegasus/rpm/manLinux/man8.Z/cimconfig.8
+--- pegasus/rpm/manLinux/man8.Z/cimconfig.8.orig	2020-06-25 14:03:32.211892328 +0200
++++ pegasus/rpm/manLinux/man8.Z/cimconfig.8	2020-06-25 14:11:31.687821336 +0200
+@@ -463,7 +463,7 @@ mentioned between single quotes since it
+ like .+, !, -. 
+ .PD 0
+ .IP
+-.BR "Default Value: " DEFAULT\ (The\ default\ cipher\ list\ of\ OpenSSL)
++.BR "Default Value: " PROFILE=SYSTEM\ (Protocols\ enforced\ by\ system-wide\ crypto\ policy)
+ .IP
+ .BR Dynamic: \0No
+ .PD
+diff -up pegasus/src/Pegasus/Config/SecurityPropertyOwner.cpp.orig pegasus/src/Pegasus/Config/SecurityPropertyOwner.cpp
+--- pegasus/src/Pegasus/Config/SecurityPropertyOwner.cpp.orig	2020-06-25 14:02:19.104445704 +0200
++++ pegasus/src/Pegasus/Config/SecurityPropertyOwner.cpp	2020-06-25 14:02:54.695663130 +0200
+@@ -140,7 +140,7 @@ static struct ConfigPropertyRow properti
+ #ifdef PEGASUS_ENABLE_USERGROUP_AUTHORIZATION
+     {"authorizedUserGroups", "", IS_STATIC, IS_VISIBLE},
+ #endif
+-    {"sslCipherSuite", "DEFAULT", IS_STATIC, IS_VISIBLE}
++    {"sslCipherSuite", "PROFILE=SYSTEM", IS_STATIC, IS_VISIBLE}
+ #ifdef PEGASUS_ENABLE_SESSION_COOKIES
+     ,{"httpSessionTimeout", "0", IS_DYNAMIC, IS_VISIBLE}
+ #endif
diff --git a/tog-pegasus.spec b/tog-pegasus.spec
index f0d9c2e..4a0da52 100644
--- a/tog-pegasus.spec
+++ b/tog-pegasus.spec
@@ -8,7 +8,7 @@
 
 Name:           tog-pegasus
 Version:        %{major_ver}.1
-Release:        52%{?dist}
+Release:        53%{?dist}
 Epoch:          2
 Summary:        OpenPegasus WBEM Services for Linux
 
@@ -99,6 +99,9 @@ Patch41:        pegasus-2.14.1-ssl-cert-path.patch
 Patch42:        pegasus-2.14.1-openssl-1.1-fix.patch
 # 43: fix -Wreserved-user-defined-literal warnings which prevents building with clang
 Patch43:	pegasus-2.14.1-fix-Wreserved-user-defined-literal.patch
+# 44: comply with Fedora crypto policy
+#  (use 'PROFILE=SYSTEM' instead of 'DEFAULT' in SSL_CTX_set_cipher_list calls)
+Patch44:	pegasus-2.14.1-crypto-policy-compliance.patch
 
 BuildRequires:  procps, libstdc++, pam-devel
 BuildRequires:  openssl, openssl-devel
@@ -250,6 +253,7 @@ yes | mak/CreateDmtfSchema 238 %{SOURCE9} cim_schema_2.38.0
 %patch41 -p1 -b .ssl-cert-path
 %patch42 -p1 -b .openssl-1.1-fix
 %patch43 -p1 -b .Wreserved-user-defined-literal-fix
+%patch44 -p1 -b .crypto-policy-compliance
 
 
 %build
@@ -551,6 +555,9 @@ fi
 
 
 %changelog
+* Thu Jun 25 2020 Vitezslav Crhonek <vcrhonek@redhat.com> - 2:2.14.1-53
+- Comply with Fedora crypto policy
+
 * Wed Mar 25 2020 Tom Stellard <tstellar@redhat.com> - 2:2.14.1-52
 - Fix -Wreserved-user-defined-literal warnings