pool/csync2
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- VUL-1: csync2: bad TLS key generation on installation (bsc#1145032)

Browse Source 
Adapt suggested changes in %post section.
  Do not hide output on standard error during generating the keys.

OBS-URL: https://build.opensuse.org/package/show/network:ha-clustering:Factory/csync2?expand=0&rev=56
This commit is contained in:
Peter Varkoly 2021-04-07 13:55:17 +00:00 committed by Git OBS Bridge
parent d473ce2a59
commit 0a278ac1df
2 changed files with 21 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
csync2.changes
View File

@ -15,6 +15,13 @@ Wed Apr 7 09:58:51 UTC 2021 - Peter Varkoly <varkoly@suse.com>
* 0002-Patch-sonames.patch
* 0001-Add-COPYING-as-docfile.patch
-------------------------------------------------------------------
Wed Nov 20 14:00:30 UTC 2019 - Peter Varkoly <varkoly@suse.com>
- VUL-1: csync2: bad TLS key generation on installation (bsc#1145032)
Adapt suggested changes in %post section.
Do not hide output on standard error during generating the keys.
-------------------------------------------------------------------
Mon May 27 08:13:02 UTC 2019 - Kristoffer Gronlund <kgronlund@suse.com>

19
csync2.spec
View File

@ -73,26 +73,34 @@ touch %{buildroot}%{_sysconfdir}/csync2/csync2_ssl_cert.pem
%pre
%service_add_pre csync2.socket
%service_add_pre csync2@.service
%post
%service_add_post csync2.socket
%service_add_post csync2@.service
umask 077
if [ ! -f %{_sysconfdir}/csync2/csync2_ssl_key.pem ]; then
%{_bindir}/openssl genrsa -out %{_sysconfdir}/csync2/csync2_ssl_key.pem 1024
%{_bindir}/openssl ecparam -genkey -name secp384r1 -out %{_sysconfdir}/csync2/csync2_ssl_key.pem
fi
FQDN=`hostname`
if [ "x${FQDN}" = "x" ]; then
FQDN=localhost.localdomain
fi
if [ ! -f %{_sysconfdir}/csync2/csync2_ssl_cert.pem ]; then
yes '' | %{_bindir}/openssl req -new -key %{_sysconfdir}/csync2/csync2_ssl_key.pem -out %{_sysconfdir}/csync2/csync2_ssl_cert.csr
%{_bindir}/openssl x509 -req -days 3000 -in %{_sysconfdir}/csync2/csync2_ssl_cert.csr -signkey %{_sysconfdir}/csync2/csync2_ssl_key.pem \
-out %{_sysconfdir}/csync2/csync2_ssl_cert.pem
rm %{_sysconfdir}/csync2/csync2_ssl_cert.csr
cat << EOF | %{_bindir}/openssl req -new -key %{_sysconfdir}/csync2/csync2_ssl_key.pem -x509 -days 3000 -out %{_sysconfdir}/csync2/csync2_ssl_cert.pem
--
SomeState
SomeCity
SomeOrganization
SomeOrganization
SomeName
name@example.com
EOF
fi
%preun
%service_del_preun csync2.socket
%service_del_preun csync2@.service
# Cleanup all databases upon last removal
if [ $1 -eq 0 ]; then
rm -f %{_localstatedir}/lib/csync2/*
@ -100,6 +108,7 @@ fi
%postun
%service_del_postun csync2.socket
%service_del_postun csync2@.service
%files
%{_sbindir}/csync2