From df2fa43eea749e5d0632ed9ad8f0ee3c6169a8fe Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 3 Nov 2020 06:58:20 -0500 Subject: [PATCH] import tog-pegasus-2.14.1-46.el8 --- ...asus-2.14.1-crypto-policy-compliance.patch | 24 +++++++++++++++++++ SOURCES/tog-pegasus.tmpfiles | 2 +- SPECS/tog-pegasus.spec | 14 ++++++++++- 3 files changed, 38 insertions(+), 2 deletions(-) create mode 100644 SOURCES/pegasus-2.14.1-crypto-policy-compliance.patch diff --git a/SOURCES/pegasus-2.14.1-crypto-policy-compliance.patch b/SOURCES/pegasus-2.14.1-crypto-policy-compliance.patch new file mode 100644 index 0000000..08e2957 --- /dev/null +++ b/SOURCES/pegasus-2.14.1-crypto-policy-compliance.patch @@ -0,0 +1,24 @@ +diff -up pegasus/rpm/manLinux/man8.Z/cimconfig.8.orig pegasus/rpm/manLinux/man8.Z/cimconfig.8 +--- pegasus/rpm/manLinux/man8.Z/cimconfig.8.orig 2020-06-25 14:03:32.211892328 +0200 ++++ pegasus/rpm/manLinux/man8.Z/cimconfig.8 2020-06-25 14:11:31.687821336 +0200 +@@ -463,7 +463,7 @@ mentioned between single quotes since it + like .+, !, -. + .PD 0 + .IP +-.BR "Default Value: " DEFAULT\ (The\ default\ cipher\ list\ of\ OpenSSL) ++.BR "Default Value: " PROFILE=SYSTEM\ (Protocols\ enforced\ by\ system-wide\ crypto\ policy) + .IP + .BR Dynamic: \0No + .PD +diff -up pegasus/src/Pegasus/Config/SecurityPropertyOwner.cpp.orig pegasus/src/Pegasus/Config/SecurityPropertyOwner.cpp +--- pegasus/src/Pegasus/Config/SecurityPropertyOwner.cpp.orig 2020-06-25 14:02:19.104445704 +0200 ++++ pegasus/src/Pegasus/Config/SecurityPropertyOwner.cpp 2020-06-25 14:02:54.695663130 +0200 +@@ -140,7 +140,7 @@ static struct ConfigPropertyRow properti + #ifdef PEGASUS_ENABLE_USERGROUP_AUTHORIZATION + {"authorizedUserGroups", "", IS_STATIC, IS_VISIBLE}, + #endif +- {"sslCipherSuite", "DEFAULT", IS_STATIC, IS_VISIBLE} ++ {"sslCipherSuite", "PROFILE=SYSTEM", IS_STATIC, IS_VISIBLE} + #ifdef PEGASUS_ENABLE_SESSION_COOKIES + ,{"httpSessionTimeout", "0", IS_DYNAMIC, IS_VISIBLE} + #endif diff --git a/SOURCES/tog-pegasus.tmpfiles b/SOURCES/tog-pegasus.tmpfiles index 2fd3b8e..639f413 100644 --- a/SOURCES/tog-pegasus.tmpfiles +++ b/SOURCES/tog-pegasus.tmpfiles @@ -1 +1 @@ -d /var/run/tog-pegasus 1750 root pegasus - +d /run/tog-pegasus 1750 root pegasus - diff --git a/SPECS/tog-pegasus.spec b/SPECS/tog-pegasus.spec index 38f2309..d660242 100644 --- a/SPECS/tog-pegasus.spec +++ b/SPECS/tog-pegasus.spec @@ -8,7 +8,7 @@ Name: tog-pegasus Version: %{major_ver}.1 -Release: 44%{?dist} +Release: 46%{?dist} Epoch: 2 Summary: OpenPegasus WBEM Services for Linux @@ -98,6 +98,9 @@ Patch40: pegasus-2.14.1-tesid.patch Patch41: pegasus-2.14.1-ssl-cert-path.patch # 42: port to openssl-1.1 Patch42: pegasus-2.14.1-openssl-1.1-fix.patch +# 43: comply with system crypto policy +# (use 'PROFILE=SYSTEM' instead of 'DEFAULT' in SSL_CTX_set_cipher_list calls) +Patch43: pegasus-2.14.1-crypto-policy-compliance.patch BuildRequires: procps, libstdc++, pam-devel BuildRequires: openssl, openssl-devel @@ -251,6 +254,7 @@ yes | mak/CreateDmtfSchema 238 %{SOURCE9} cim_schema_2.38.0 %patch40 -p1 -b .testid %patch41 -p1 -b .ssl-cert-path %patch42 -p1 -b .openssl-1.1-fix +%patch43 -p1 -b .crypto-policy-compliance %build @@ -552,6 +556,14 @@ fi %changelog +* Mon Jun 29 2020 Vitezslav Crhonek - 2:2.14.1-46 +- Comply with system crypto policy + Resolves: #1842838 + +* Tue May 05 2020 Vitezslav Crhonek - 2:2.14.1-45 +- Fix tmpfiles path + Resolves: #1805977 + * Wed Aug 01 2018 Vitezslav Crhonek - 2:2.14.1-44 - Review and fix %%files section because of failing rpm -V