From 1e89aa3bad6e0d3d2cb3af08100e0ac1a650f1a22fa2e3e18d5a7b2fb61a8a3b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= <tchvatal@suse.com>
Date: Mon, 23 Mar 2015 10:20:00 +0000
Subject: [PATCH] - Partial fix for bnc#923417:   *
 0001-Do-not-use-insecure-MD5-but-rather-SHA256.patch

OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/cfengine?expand=0&rev=124
---
 ...t-use-insecure-MD5-but-rather-SHA256.patch | 27 +++++++++++++++++++
 cfengine.changes                              |  6 +++++
 cfengine.spec                                 |  2 ++
 3 files changed, 35 insertions(+)
 create mode 100644 0001-Do-not-use-insecure-MD5-but-rather-SHA256.patch

diff --git a/0001-Do-not-use-insecure-MD5-but-rather-SHA256.patch b/0001-Do-not-use-insecure-MD5-but-rather-SHA256.patch
new file mode 100644
index 0000000..d82f44a
--- /dev/null
+++ b/0001-Do-not-use-insecure-MD5-but-rather-SHA256.patch
@@ -0,0 +1,27 @@
+From a814751421422cad22373eb6e568272fd24e1532 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= <tomas.chvatal@gmail.com>
+Date: Mon, 23 Mar 2015 11:12:58 +0100
+Subject: [PATCH] Do not use insecure MD5 but rather SHA256
+
+---
+ libpromises/generic_agent.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libpromises/generic_agent.c b/libpromises/generic_agent.c
+index eaace00..4863230 100644
+--- a/libpromises/generic_agent.c
++++ b/libpromises/generic_agent.c
+@@ -101,8 +101,8 @@ static void SanitizeEnvironment()
+ 
+ ENTERPRISE_VOID_FUNC_2ARG_DEFINE_STUB(void, GenericAgentSetDefaultDigest, HashMethod *, digest, int *, digest_len)
+ {
+-    *digest = HASH_METHOD_MD5;
+-    *digest_len = CF_MD5_LEN;
++    *digest = HASH_METHOD_SHA256;
++    *digest_len = CF_SHA256_LEN;
+ }
+ 
+ void MarkAsPolicyServer(EvalContext *ctx)
+-- 
+2.3.0
+
diff --git a/cfengine.changes b/cfengine.changes
index 45c9587..93d8851 100644
--- a/cfengine.changes
+++ b/cfengine.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Mon Mar 23 10:19:37 UTC 2015 - tchvatal@suse.com
+
+- Partial fix for bnc#923417:
+  * 0001-Do-not-use-insecure-MD5-but-rather-SHA256.patch
+
 -------------------------------------------------------------------
 Wed Mar 18 14:33:33 UTC 2015 - tchvatal@suse.com
 
diff --git a/cfengine.spec b/cfengine.spec
index 629359d..bca3aa3 100644
--- a/cfengine.spec
+++ b/cfengine.spec
@@ -66,6 +66,7 @@ Patch5:         0001-Simplify-and-fix-parsing-of-etc-SuSE-release-fixes-i.patch
 Patch6:         0001-Set-sys.bindir-to-usr-sbin-expect-cf-components-ther.patch
 # PATCH-FIX-UPSTREAM: Use ssl exponent of 65537 for FIPS bnc#922571
 Patch7:         cfengine-fips.patch
+Patch8:         0001-Do-not-use-insecure-MD5-but-rather-SHA256.patch
 BuildRequires:  bison
 BuildRequires:  db-devel
 BuildRequires:  fdupes
@@ -165,6 +166,7 @@ Lots of examples promises for CFEngine.
 %patch5 -p1
 %patch6 -p1
 %patch7 -p1
+%patch8 -p1
 
 ##### rpmlint
 #### wrong-file-end-of-line-encoding