Accepting request 936137 from home:markkp:branches:security:tls
- Added openssl-1_1-use-include-directive.patch so that the default /etc/ssl/openssl.cnf file will include any configuration files that other packages might place into /etc/ssl/engines.d/ and /etc/ssl/engdef.d/ This is a fix for bsc#1004463 where scripting was being used to modify the openssl.cnf file. The scripting would fail if either the default openssl.cnf file, or the sample openssl-ibmca configuration file would be changed by upstream. - Updated spec file to create the two new necessary directores for the above patch. OBS-URL: https://build.opensuse.org/request/show/936137 OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=100
This commit is contained in:
parent
81ba30e4f7
commit
c13b2fd4bf
26
openssl-1_1-use-include-directive.patch
Normal file
26
openssl-1_1-use-include-directive.patch
Normal file
@ -0,0 +1,26 @@
|
||||
--- a/apps/openssl.cnf 2021-08-24 09:38:47.000000000 -0400
|
||||
+++ b/apps/openssl.cnf 2021-12-06 17:13:34.549291242 -0500
|
||||
@@ -11,9 +11,23 @@
|
||||
# defined.
|
||||
HOME = .
|
||||
|
||||
+openssl_conf = openssl_init
|
||||
+
|
||||
+[openssl_init]
|
||||
+
|
||||
# Extra OBJECT IDENTIFIER info:
|
||||
#oid_file = $ENV::HOME/.oid
|
||||
oid_section = new_oids
|
||||
+engines = engine_section
|
||||
+
|
||||
+# This include will look through the directory that will contain the
|
||||
+# engine declarations for any engines provided by other packages.
|
||||
+[engine_section]
|
||||
+.include /etc/ssl/engines.d/
|
||||
+
|
||||
+# This include will look through the directory that will contain the
|
||||
+# definitions of the engines declared in the engine section.
|
||||
+.include /etc/ssl/engdef.d/
|
||||
|
||||
# To use this configuration file with the "-extfile" option of the
|
||||
# "openssl x509" utility, name here the section containing the
|
@ -1,3 +1,16 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Dec 6 22:21:15 UTC 2021 - Mark Post <mpost@suse.com>
|
||||
|
||||
- Added openssl-1_1-use-include-directive.patch so that the default
|
||||
/etc/ssl/openssl.cnf file will include any configuration files that
|
||||
other packages might place into /etc/ssl/engines.d/ and
|
||||
/etc/ssl/engdef.d/ This is a fix for bsc#1004463 where scripting was
|
||||
being used to modify the openssl.cnf file. The scripting would fail
|
||||
if either the default openssl.cnf file, or the sample openssl-ibmca
|
||||
configuration file would be changed by upstream.
|
||||
- Updated spec file to create the two new necessary directores for
|
||||
the above patch.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Nov 11 18:50:47 UTC 2021 - Giuliano Belinassi <giuliano.belinassi@suse.com>
|
||||
|
||||
|
@ -111,6 +111,7 @@ Patch53: openssl-1_1-seclevel.patch
|
||||
Patch54: openssl-1_1-use-seclevel2-in-tests.patch
|
||||
Patch55: openssl-1_1-disable-test_srp-sslapi.patch
|
||||
Patch56: openssl-add_rfc3526_rfc7919.patch
|
||||
Patch57: openssl-1_1-use-include-directive.patch
|
||||
BuildRequires: pkgconfig
|
||||
%if 0%{?suse_version} && ! 0%{?sle_version}
|
||||
Requires: crypto-policies
|
||||
@ -285,6 +286,10 @@ rm -f %{buildroot}%{_sysconfdir}/ssl/openssl.cnf.dist
|
||||
ln -sf ./%{_rname} %{buildroot}/%{_includedir}/ssl
|
||||
mkdir %{buildroot}/%{_datadir}/ssl
|
||||
mv %{buildroot}/%{ssletcdir}/misc %{buildroot}/%{_datadir}/ssl/
|
||||
# Create the two directories into which packages will drop their configuration
|
||||
# files.
|
||||
mkdir %{buildroot}/%{ssletcdir}/engines.d/
|
||||
mkdir %{buildroot}/%{ssletcdir}/engdef.d/
|
||||
|
||||
# avoid file conflicts with man pages from other packages
|
||||
#
|
||||
@ -382,6 +387,8 @@ unset LD_LIBRARY_PATH
|
||||
%dir %{ssletcdir}
|
||||
%config (noreplace) %{ssletcdir}/openssl.cnf
|
||||
%attr(700,root,root) %{ssletcdir}/private
|
||||
%dir %{ssletcdir}/engines.d
|
||||
%dir %{ssletcdir}/engdef.d
|
||||
%{ssletcdir}/ct_log_list.cnf
|
||||
%{ssletcdir}/ct_log_list.cnf.dist
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user