pool/cfengine
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- Add patch to use proper SSL exponent bnc#922571

Browse Source 
* cfengine-fips.patch

OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/cfengine?expand=0&rev=117
This commit is contained in:
Tomáš Chvátal 2015-03-17 13:51:53 +00:00 committed by Git OBS Bridge
parent dc78c5095c
commit f620abe9c9
3 changed files with 75 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
cfengine-fips.patch Normal file
View File

@ -0,0 +1,66 @@
Index: core-3.6.5/cf-key/cf-key-functions.c
===================================================================
--- core-3.6.5.orig/cf-key/cf-key-functions.c
+++ core-3.6.5/cf-key/cf-key-functions.c
@@ -243,11 +243,11 @@ void KeepKeyPromises(const char *public_
printf("Making a key pair for cfengine, please wait, this could take a minute...\n");
#ifdef OPENSSL_NO_DEPRECATED
- BN_set_word(rsa_bignum, 35);
+ BN_set_word(rsa_bignum, RSA_F4);
if (!RSA_generate_key_ex(pair, 2048, rsa_bignum, NULL))
#else
- pair = RSA_generate_key(2048, 35, NULL, NULL);
+ pair = RSA_generate_key(2048, 65537, NULL, NULL);
if (pair == NULL)
#endif
Index: core-3.6.5/tests/unit/hash_test.c
===================================================================
--- core-3.6.5.orig/tests/unit/hash_test.c
+++ core-3.6.5/tests/unit/hash_test.c
@@ -52,7 +52,7 @@ void tests_setup()
initialized = 0;
return;
}
- BN_set_word(bn, 3);
+ BN_set_word(bn, RSA_F4);
RSA_generate_key_ex(rsa, 1024, bn, NULL);
BN_free(bn);
}
Index: core-3.6.5/tests/unit/key_test.c
===================================================================
--- core-3.6.5.orig/tests/unit/key_test.c
+++ core-3.6.5/tests/unit/key_test.c
@@ -25,7 +25,7 @@ void test_setup()
initialized = 0;
return;
}
- BN_set_word(bn, 3);
+ BN_set_word(bn, RSA_F4);
RSA_generate_key_ex(rsa, 1024, bn, NULL);
BN_free(bn);
}
Index: core-3.6.5/tests/unit/tls_generic_test.c
===================================================================
--- core-3.6.5.orig/tests/unit/tls_generic_test.c
+++ core-3.6.5/tests/unit/tls_generic_test.c
@@ -54,7 +54,7 @@ static bool init_test_server()
int ret;
RSA *key = RSA_new();
BIGNUM *bignum = BN_new();
- BN_set_word(bignum, 17);
+ BN_set_word(bignum, RSA_F4);
ret = RSA_generate_key_ex(key, 1024, bignum, NULL);
if (!ret)
{
@@ -450,7 +450,7 @@ static bool init_test_client()
int ret;
RSA *key = RSA_new();
BIGNUM *bignum = BN_new();
- BN_set_word(bignum, 17);
+ BN_set_word(bignum, RSA_F4);
ret = RSA_generate_key_ex(key, 1024, bignum, NULL);
if (!ret)
{

6
cfengine.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Tue Mar 17 13:51:18 UTC 2015 - tchvatal@suse.com
- Add patch to use proper SSL exponent bnc#922571
* cfengine-fips.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Mar 17 13:41:26 UTC 2015 - tchvatal@suse.com Tue Mar 17 13:41:26 UTC 2015 - tchvatal@suse.com

3
cfengine.spec
View File

@ -64,6 +64,8 @@ Patch5: 0001-Simplify-and-fix-parsing-of-etc-SuSE-release-fixes-i.patch
# set cfengine's notion of bindir to /usr/sbin instead of /var/cfengine/bin # set cfengine's notion of bindir to /usr/sbin instead of /var/cfengine/bin
# kkaempf@suse.de # kkaempf@suse.de
Patch6: 0001-Set-sys.bindir-to-usr-sbin-expect-cf-components-ther.patch Patch6: 0001-Set-sys.bindir-to-usr-sbin-expect-cf-components-ther.patch
# PATCH-FIX-UPSTREAM: Use ssl exponent of 65537 for FIPS bnc#922571
Patch7: cfengine-fips.patch
BuildRequires: bison BuildRequires: bison
BuildRequires: db-devel BuildRequires: db-devel
BuildRequires: flex BuildRequires: flex
@ -186,6 +188,7 @@ Lots of examples promises for CFEngine.
%endif %endif
%patch5 -p1 %patch5 -p1
%patch6 -p1 %patch6 -p1
%patch7 -p1
##### rpmlint ##### rpmlint
#### wrong-file-end-of-line-encoding #### wrong-file-end-of-line-encoding