Comply with Fedora crypto policy

This commit is contained in:
Vitezslav Crhonek 2020-06-25 15:20:21 +02:00
parent a8b5a04978
commit 8adfcbb8aa
2 changed files with 32 additions and 1 deletions

View File

@ -0,0 +1,24 @@
diff -up pegasus/rpm/manLinux/man8.Z/cimconfig.8.orig pegasus/rpm/manLinux/man8.Z/cimconfig.8
--- pegasus/rpm/manLinux/man8.Z/cimconfig.8.orig 2020-06-25 14:03:32.211892328 +0200
+++ pegasus/rpm/manLinux/man8.Z/cimconfig.8 2020-06-25 14:11:31.687821336 +0200
@@ -463,7 +463,7 @@ mentioned between single quotes since it
like .+, !, -.
.PD 0
.IP
-.BR "Default Value: " DEFAULT\ (The\ default\ cipher\ list\ of\ OpenSSL)
+.BR "Default Value: " PROFILE=SYSTEM\ (Protocols\ enforced\ by\ system-wide\ crypto\ policy)
.IP
.BR Dynamic: \0No
.PD
diff -up pegasus/src/Pegasus/Config/SecurityPropertyOwner.cpp.orig pegasus/src/Pegasus/Config/SecurityPropertyOwner.cpp
--- pegasus/src/Pegasus/Config/SecurityPropertyOwner.cpp.orig 2020-06-25 14:02:19.104445704 +0200
+++ pegasus/src/Pegasus/Config/SecurityPropertyOwner.cpp 2020-06-25 14:02:54.695663130 +0200
@@ -140,7 +140,7 @@ static struct ConfigPropertyRow properti
#ifdef PEGASUS_ENABLE_USERGROUP_AUTHORIZATION
{"authorizedUserGroups", "", IS_STATIC, IS_VISIBLE},
#endif
- {"sslCipherSuite", "DEFAULT", IS_STATIC, IS_VISIBLE}
+ {"sslCipherSuite", "PROFILE=SYSTEM", IS_STATIC, IS_VISIBLE}
#ifdef PEGASUS_ENABLE_SESSION_COOKIES
,{"httpSessionTimeout", "0", IS_DYNAMIC, IS_VISIBLE}
#endif

View File

@ -8,7 +8,7 @@
Name: tog-pegasus Name: tog-pegasus
Version: %{major_ver}.1 Version: %{major_ver}.1
Release: 52%{?dist} Release: 53%{?dist}
Epoch: 2 Epoch: 2
Summary: OpenPegasus WBEM Services for Linux Summary: OpenPegasus WBEM Services for Linux
@ -99,6 +99,9 @@ Patch41: pegasus-2.14.1-ssl-cert-path.patch
Patch42: pegasus-2.14.1-openssl-1.1-fix.patch Patch42: pegasus-2.14.1-openssl-1.1-fix.patch
# 43: fix -Wreserved-user-defined-literal warnings which prevents building with clang # 43: fix -Wreserved-user-defined-literal warnings which prevents building with clang
Patch43: pegasus-2.14.1-fix-Wreserved-user-defined-literal.patch Patch43: pegasus-2.14.1-fix-Wreserved-user-defined-literal.patch
# 44: comply with Fedora crypto policy
# (use 'PROFILE=SYSTEM' instead of 'DEFAULT' in SSL_CTX_set_cipher_list calls)
Patch44: pegasus-2.14.1-crypto-policy-compliance.patch
BuildRequires: procps, libstdc++, pam-devel BuildRequires: procps, libstdc++, pam-devel
BuildRequires: openssl, openssl-devel BuildRequires: openssl, openssl-devel
@ -250,6 +253,7 @@ yes | mak/CreateDmtfSchema 238 %{SOURCE9} cim_schema_2.38.0
%patch41 -p1 -b .ssl-cert-path %patch41 -p1 -b .ssl-cert-path
%patch42 -p1 -b .openssl-1.1-fix %patch42 -p1 -b .openssl-1.1-fix
%patch43 -p1 -b .Wreserved-user-defined-literal-fix %patch43 -p1 -b .Wreserved-user-defined-literal-fix
%patch44 -p1 -b .crypto-policy-compliance
%build %build
@ -551,6 +555,9 @@ fi
%changelog %changelog
* Thu Jun 25 2020 Vitezslav Crhonek <vcrhonek@redhat.com> - 2:2.14.1-53
- Comply with Fedora crypto policy
* Wed Mar 25 2020 Tom Stellard <tstellar@redhat.com> - 2:2.14.1-52 * Wed Mar 25 2020 Tom Stellard <tstellar@redhat.com> - 2:2.14.1-52
- Fix -Wreserved-user-defined-literal warnings - Fix -Wreserved-user-defined-literal warnings