PR#2: Require sscg 2.2.0 for creating service and CA certificates together - rpms/httpd

Stephen Gallagher • 6 years ago

d614e8a

httpd-ssl-gencerts

file modified

+2 -5

		`@@ -5,18 +5,15 @@`
		FQDN=`hostname`

		`if test -f /etc/pki/tls/certs/localhost.crt -o \`
		`- -f /etc/pki/tls/private/localhost.key -o \`
		`- -f /etc/pki/tls/certs/localhost-ca.crt; then`
		`+ -f /etc/pki/tls/private/localhost.key; then`
		`exit 1`
		`fi`

		`sscg -q \`
		`--cert-file /etc/pki/tls/certs/localhost.crt \`
		`--cert-key-file /etc/pki/tls/private/localhost.key \`
		`- --ca-file /etc/pki/tls/certs/localhost-ca.crt \`
		`+ --ca-file /etc/pki/tls/certs/localhost.crt \`
		`--lifetime 365 \`
		`--hostname $FQDN \`
		`--email root@$FQDN`

		`- # mod_ssl will send the CA cert if it's appended to the server cert.`
		`- cat /etc/pki/tls/certs/localhost-ca.crt >> /etc/pki/tls/certs/localhost.crt`

httpd.spec

file modified

+5 -2

		`@@ -13,7 +13,7 @@`
		`Summary: Apache HTTP Server`
		`Name: httpd`
		`Version: 2.4.27`
		`- Release: 10%{?dist}`
		`+ Release: 11%{?dist}`
		`URL: https://httpd.apache.org/`
		`Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2`
		`Source1: index.html`
		`@@ -158,7 +158,7 @@`
		`Requires(post): openssl, /bin/cat, hostname`
		`Requires(pre): httpd-filesystem`
		`Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}`
		`- Requires: sscg >= 2.1.0`
		`+ Requires: sscg >= 2.2.0`
		`Obsoletes: stronghold-mod_ssl`
		`# Require an OpenSSL which supports PROFILE=SYSTEM`
		`Conflicts: openssl-libs < 1:1.0.1h-4`
		`@@ -689,6 +689,9 @@`
		`%{_rpmconfigdir}/macros.d/macros.httpd`

		`%changelog`
		`+ * Thu Sep 21 2017 Stephen Gallagher <sgallagh@redhat.com> - 2.4.27-11`
		`+ - Require sscg 2.2.0 for creating service and CA certificates together`
		`+`
		`* Thu Sep 21 2017 Jeroen van Meeuwen <kanarip@fedoraproject.org> - 2.4.27-10`
		`- Address CVE-2017-9798 by applying patch from upstream (#1490344)`