- Partial fix for bnc#923417:

* 0001-Do-not-use-insecure-MD5-but-rather-SHA256.patch OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/cfengine?expand=0&rev=124
2015-03-23 10:20:00 +00:00 · 2015-03-23 10:20:00 +00:00 · 1e89aa3bad
commit 1e89aa3bad
parent a820315dde
3 changed files with 35 additions and 0 deletions
--- a/0001-Do-not-use-insecure-MD5-but-rather-SHA256.patch
+++ b/0001-Do-not-use-insecure-MD5-but-rather-SHA256.patch
@ -0,0 +1,27 @@
+From a814751421422cad22373eb6e568272fd24e1532 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= <tomas.chvatal@gmail.com>
+Date: Mon, 23 Mar 2015 11:12:58 +0100
+Subject: [PATCH] Do not use insecure MD5 but rather SHA256
+
+---
+ libpromises/generic_agent.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libpromises/generic_agent.c b/libpromises/generic_agent.c
+index eaace00..4863230 100644
+--- a/libpromises/generic_agent.c
+++ b/libpromises/generic_agent.c
+@@ -101,8 +101,8 @@ static void SanitizeEnvironment()
+ 
+ ENTERPRISE_VOID_FUNC_2ARG_DEFINE_STUB(void, GenericAgentSetDefaultDigest, HashMethod *, digest, int *, digest_len)
+ {
+-    *digest = HASH_METHOD_MD5;
+-    *digest_len = CF_MD5_LEN;
+    *digest = HASH_METHOD_SHA256;
+    *digest_len = CF_SHA256_LEN;
+ }
+ 
+ void MarkAsPolicyServer(EvalContext *ctx)
+-- 
+2.3.0
+
--- a/cfengine.changes
+++ b/cfengine.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Mon Mar 23 10:19:37 UTC 2015 - tchvatal@suse.com
+
+- Partial fix for bnc#923417:
+  * 0001-Do-not-use-insecure-MD5-but-rather-SHA256.patch
+
 -------------------------------------------------------------------
 Wed Mar 18 14:33:33 UTC 2015 - tchvatal@suse.com

--- a/cfengine.spec
+++ b/cfengine.spec
@ -66,6 +66,7 @@ Patch5:         0001-Simplify-and-fix-parsing-of-etc-SuSE-release-fixes-i.patch
 Patch6:         0001-Set-sys.bindir-to-usr-sbin-expect-cf-components-ther.patch
 # PATCH-FIX-UPSTREAM: Use ssl exponent of 65537 for FIPS bnc#922571
 Patch7:         cfengine-fips.patch
+Patch8:         0001-Do-not-use-insecure-MD5-but-rather-SHA256.patch
 BuildRequires:  bison
 BuildRequires:  db-devel
 BuildRequires:  fdupes
@ -165,6 +166,7 @@ Lots of examples promises for CFEngine.
 %patch5 -p1
 %patch6 -p1
 %patch7 -p1
+%patch8 -p1

 ##### rpmlint
 #### wrong-file-end-of-line-encoding