pool/csync2
SHA256
3
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- VUL-1: csync2: bad TLS key generation on installation (bsc#1145032)

Browse Source 
Adapt suggested changes in %post section.
  Do not hide output on standard error during generating the keys.

OBS-URL: https://build.opensuse.org/package/show/network:ha-clustering:Factory/csync2?expand=0&rev=56
This commit is contained in:
Peter Varkoly 2021-04-07 13:55:17 +00:00 committed by Git OBS Bridge
parent d473ce2a59
commit 0a278ac1df
2 changed files with 21 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
csync2.changes
View File

@ -15,6 +15,13 @@ Wed Apr 7 09:58:51 UTC 2021 - Peter Varkoly <varkoly@suse.com>
* 0002-Patch-sonames.patch * 0002-Patch-sonames.patch
* 0001-Add-COPYING-as-docfile.patch * 0001-Add-COPYING-as-docfile.patch
-------------------------------------------------------------------
Wed Nov 20 14:00:30 UTC 2019 - Peter Varkoly <varkoly@suse.com>
- VUL-1: csync2: bad TLS key generation on installation (bsc#1145032)
Adapt suggested changes in %post section.
Do not hide output on standard error during generating the keys.
------------------------------------------------------------------- -------------------------------------------------------------------
Mon May 27 08:13:02 UTC 2019 - Kristoffer Gronlund <kgronlund@suse.com> Mon May 27 08:13:02 UTC 2019 - Kristoffer Gronlund <kgronlund@suse.com>

19
csync2.spec
View File

@ -73,26 +73,34 @@ touch %{buildroot}%{_sysconfdir}/csync2/csync2_ssl_cert.pem
%pre %pre
%service_add_pre csync2.socket %service_add_pre csync2.socket
%service_add_pre csync2@.service
%post %post
%service_add_post csync2.socket %service_add_post csync2.socket
%service_add_post csync2@.service
umask 077 umask 077
if [ ! -f %{_sysconfdir}/csync2/csync2_ssl_key.pem ]; then if [ ! -f %{_sysconfdir}/csync2/csync2_ssl_key.pem ]; then
%{_bindir}/openssl genrsa -out %{_sysconfdir}/csync2/csync2_ssl_key.pem 1024 %{_bindir}/openssl ecparam -genkey -name secp384r1 -out %{_sysconfdir}/csync2/csync2_ssl_key.pem
fi fi
FQDN=`hostname` FQDN=`hostname`
if [ "x${FQDN}" = "x" ]; then if [ "x${FQDN}" = "x" ]; then
FQDN=localhost.localdomain FQDN=localhost.localdomain
fi fi
if [ ! -f %{_sysconfdir}/csync2/csync2_ssl_cert.pem ]; then if [ ! -f %{_sysconfdir}/csync2/csync2_ssl_cert.pem ]; then
yes '' | %{_bindir}/openssl req -new -key %{_sysconfdir}/csync2/csync2_ssl_key.pem -out %{_sysconfdir}/csync2/csync2_ssl_cert.csr cat << EOF | %{_bindir}/openssl req -new -key %{_sysconfdir}/csync2/csync2_ssl_key.pem -x509 -days 3000 -out %{_sysconfdir}/csync2/csync2_ssl_cert.pem
%{_bindir}/openssl x509 -req -days 3000 -in %{_sysconfdir}/csync2/csync2_ssl_cert.csr -signkey %{_sysconfdir}/csync2/csync2_ssl_key.pem \ --
-out %{_sysconfdir}/csync2/csync2_ssl_cert.pem SomeState
rm %{_sysconfdir}/csync2/csync2_ssl_cert.csr SomeCity
SomeOrganization
SomeOrganization
SomeName
name@example.com
EOF
fi fi
%preun %preun
%service_del_preun csync2.socket %service_del_preun csync2.socket
%service_del_preun csync2@.service
# Cleanup all databases upon last removal # Cleanup all databases upon last removal
if [ $1 -eq 0 ]; then if [ $1 -eq 0 ]; then
rm -f %{_localstatedir}/lib/csync2/* rm -f %{_localstatedir}/lib/csync2/*
@ -100,6 +108,7 @@ fi
%postun %postun
%service_del_postun csync2.socket %service_del_postun csync2.socket
%service_del_postun csync2@.service
%files %files
%{_sbindir}/csync2 %{_sbindir}/csync2