Hello community, here is the log from the commit of package cfengine for openSUSE:Factory checked in at 2015-03-18 13:07:58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/cfengine (Old) and /work/SRC/openSUSE:Factory/.cfengine.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cfengine" Changes: -------- --- /work/SRC/openSUSE:Factory/cfengine/cfengine.changes 2015-03-16 07:00:55.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.cfengine.new/cfengine.changes 2015-03-18 13:07:59.000000000 +0100 @@ -1,0 +2,12 @@ +Tue Mar 17 13:51:18 UTC 2015 - [email protected] + +- Add patch to use proper SSL exponent bnc#922571 + * cfengine-fips.patch + +------------------------------------------------------------------- +Tue Mar 17 13:41:26 UTC 2015 - [email protected] + +- Format with spec-cleaner, this is just reordering, no factical + change here + +------------------------------------------------------------------- New: ---- cfengine-fips.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cfengine.spec ++++++ --- /var/tmp/diff_new_pack.BUWrtL/_old 2015-03-18 13:08:01.000000000 +0100 +++ /var/tmp/diff_new_pack.BUWrtL/_new 2015-03-18 13:08:01.000000000 +0100 @@ -16,55 +16,36 @@ # -%if 0%{?suse_version} >= 1210 -%define have_systemd 1 -%else -%define have_systemd 0 -%endif - # set to 1 to enable adapter, leave 0 for minimal cfengine %define with_mysql 0 %define with_postgresql 0 %define with_libvirt 0 - -Name: cfengine -Version: 3.6.5 -Release: 0 %define srcname core-%{version} %define libname libpromises %define libsoname %{libname}3 - # Yes, its not FHS conformant but in sync with cfengine documentation # reported upstream as https://cfengine.com/dev/issues/1896 -%define basedir /var/%{name} +%define basedir %{_localstatedir}/%{name} %define workdir %{basedir} +%if 0%{?suse_version} >= 1210 +%define have_systemd 1 +%else +%define have_systemd 0 +%endif +Name: cfengine +Version: 3.6.5 +Release: 0 # This is the place where workdir should be #define basedir /var/lib/%{name} #define workdir %{basedir}/work - Summary: CFEngine automates large-scale IT computing infrastructure License: GPL-3.0 Group: Productivity/Networking/System Url: http://www.cfengine.org/ Source: %{srcname}.tar.gz Source1: %{name}.SuSEfirewall2 - -# wtf? SLE_11 does not honor rpmlintrc -%if 0%{?suse_version} <= 1130 -BuildRequires: -post-build-checks -%endif -%if %have_systemd -Source7: cf-execd.service -Source8: cf-monitord.service -Source9: cf-serverd.service -%else -Source7: cf-monitord -Source8: cf-execd -Source9: cf-serverd -%endif Source10: %{name}.cron Source11: %{name}-rpmlintrc - # docs Source101: http://www.cfengine.org/manuals/cf3-Reference.pdf Source102: http://www.cfengine.org/manuals/cf3-conceptguide.pdf @@ -73,28 +54,43 @@ Source105: http://www.cfengine.org/manuals/cf3-solutions.pdf Source106: http://www.cfengine.org/manuals/cf3-tutorial.pdf Source107: http://www.verticalsysadmin.com/cfengine/primer.pdf - # SLE 11 or RHEL5 autoconf does not support AM_SUBST_NOTMAKE, [email protected] Patch2: remove-am_subst_notmake.patch - # PATCH-FIX-UPSTREAM add 'suse' class for consistency with other vendor classes # PATCH-FEATURE-UPSTREAM better /etc/SuSE-release parsing, upstream #5423 # [email protected] Patch5: 0001-Simplify-and-fix-parsing-of-etc-SuSE-release-fixes-i.patch - # PATCH-FIX-SUSE # set cfengine's notion of bindir to /usr/sbin instead of /var/cfengine/bin # [email protected] Patch6: 0001-Set-sys.bindir-to-usr-sbin-expect-cf-components-ther.patch - -BuildRoot: %{_tmppath}/%{name}-%{version}-build +# PATCH-FIX-UPSTREAM: Use ssl exponent of 65537 for FIPS bnc#922571 +Patch7: cfengine-fips.patch BuildRequires: bison BuildRequires: db-devel BuildRequires: flex +BuildRequires: libacl-devel BuildRequires: libtool BuildRequires: libxml2-devel BuildRequires: lmdb-devel +BuildRequires: openssl-devel BuildRequires: pam-devel +BuildRequires: pcre-devel +Requires: %{libsoname} = %{version} +BuildRoot: %{_tmppath}/%{name}-%{version}-build +# wtf? SLE_11 does not honor rpmlintrc +%if 0%{?suse_version} <= 1130 +BuildRequires: -post-build-checks +%endif +%if %{have_systemd} +Source7: cf-execd.service +Source8: cf-monitord.service +Source9: cf-serverd.service +%else +Source7: cf-monitord +Source8: cf-execd +Source9: cf-serverd +%endif # # Disable mysql for SLE_11: # @@ -103,22 +99,18 @@ # library or disable MySQL connector. See # http://bugs.mysql.com/bug.php?id=65055 for details. # -%if %with_mysql +%if %{with_mysql} %if 0%{?suse_version} != 1110 && 0%{?rhel_version} == 0 BuildRequires: mysql-devel %endif %endif -BuildRequires: libacl-devel -%if %with_libvirt +%if %{with_libvirt} BuildRequires: libvirt-devel %endif -BuildRequires: openssl-devel -BuildRequires: pcre-devel -%if %with_postgresql +%if %{with_postgresql} BuildRequires: postgresql-devel %endif - -%if !%have_systemd +%if !%{have_systemd} # no systemd -> use cron %if 0%{?centos_version} || 0%{?rhel_version} Requires: vixie-cron @@ -126,18 +118,14 @@ Requires: cron %endif %endif - -%if %have_systemd +%if %{have_systemd} BuildRequires: systemd %{?systemd_requires} %endif - %if 0%{?suse_version} > 01020 BuildRequires: fdupes %endif -Requires: %{libsoname} = %{version} - %description CFEngine is the core of a configuration management system: ensuring the availability, security and compliance of mission-critical @@ -153,9 +141,6 @@ Group: System/Libraries Provides: %{libname}1 = %{version} Obsoletes: %{libname}1 < %{version} -%if 0%{?suse_version} == 1010 -Requires: glibc -%endif %description -n %{libsoname} This package contains the shared libpromises (cfengine) library. @@ -163,10 +148,10 @@ %package -n %{libname}-devel Summary: Development package for libpromises Group: Development/Libraries/C and C++ -Provides: %{name}-devel = %{version} -Obsoletes: %{name}-devel < %{version} Requires: %{libsoname} = %{version} Requires: glibc-devel +Provides: %{name}-devel = %{version} +Obsoletes: %{name}-devel < %{version} %description -n %{libname}-devel A high-speed character set detection library @@ -204,6 +189,7 @@ %endif %patch5 -p1 %patch6 -p1 +%patch7 -p1 ##### rpmlint #### wrong-file-end-of-line-encoding @@ -212,22 +198,22 @@ find ./examples -type f -name "*.cf" -exec perl -p -i -e 's|\r\n|\n|,s|^# Foundation.*|# Foundation, 51 Franklin Street, Suite 500, Boston, MA 02110-1335, USA|' {} \; ### install extra docs -%{__install} -d docs +install -d docs cp -a $RPM_SOURCE_DIR/*pdf docs/ %build autoreconf -fi -I m4 # /usr/include/sys for acl.h -CC=gcc CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" \ +CC=gcc CFLAGS="%{optflags} -fno-strict-aliasing" \ %configure \ --disable-static \ --enable-fhs \ --datadir=/var \ --with-workdir=%{workdir} \ -%if %with_postgresql +%if %{with_postgresql} --with-postgresql \ %endif -%if %with_mysql +%if %{with_mysql} %if 0%{?suse_version} != 1110 && 0%{?rhel_version} == 0 && 0%{?fedora_version} != 20 --with-mysql \ %endif @@ -238,7 +224,7 @@ --with-pthreads \ --with-openssl \ --with-pcre \ -%if %with_libvirt +%if %{with_libvirt} --with-libvirt \ %endif --with-libacl \ @@ -248,68 +234,60 @@ %else if 0%{?rhel_version} >= 600 --docdir=%{_docdir}/%{name}-%{version} %endif -# SLE 10 and RHEL5 don't recognize --docdir -%{__make} %{?_smp_mflags} - -# --datadir=/var/lib/%%{name}/inputs \ +make %{?_smp_mflags} %install - chmod -x ChangeLog - -%if 0%{?rhel_version} || 0%{?centos_version} || 0%{?fedora_version} -[ -d %{buildroot} ] && [ "%{buildroot}" != "/" ] && %{__rm} -rf %{buildroot} -%endif -%{__make} "DESTDIR=%{buildroot}" install +make "DESTDIR=%{buildroot}" install %if 0%{?suse_version} >= 1110 || 0%{?rhel_version} >= 600 # will appear in cfengine-examples rm -rf %{buildroot}/%{_docdir}/%{name}/examples %endif -%{__install} -d %{buildroot}/{usr/sbin,%{workdir}/{bin,inputs,reports}} +install -d %{buildroot}/{usr/sbin,%{workdir}/{bin,inputs,reports}} # create dirs needed for better organizing dirs and files -%{__install} -d %{buildroot}/%{basedir}/{backup,failsafe,config,plugins} +install -d %{buildroot}/%{basedir}/{backup,failsafe,config,plugins} #%%{__install} -d %{buildroot}/%%{basedir}/config/{development,production} -%if %have_systemd +%if %{have_systemd} # systemd: install sample cron file in docdir %if 0%{?suse_version} -%{__install} -D -m0644 %{S:10} %{buildroot}/%{_docdir}/%{name} +install -D -m0644 %{SOURCE10} %{buildroot}/%{_docdir}/%{name} %else -%{__install} -D -m0644 %{S:10} %{buildroot}/%{_docdir}/%{name}-%{version} +install -D -m0644 %{SOURCE10} %{buildroot}/%{_docdir}/%{name}-%{version} %endif %else # no systemd -> use cron # install cron file -%{__install} -D -m0644 %{S:10} %{buildroot}/%{_sysconfdir}/cron.d/%{name} +install -D -m0644 %{SOURCE10} %{buildroot}/%{_sysconfdir}/cron.d/%{name} %endif -%if %have_systemd +%if %{have_systemd} # install systemd scripts -%{__install} -D -m 0644 %{S:7} %{buildroot}/%_unitdir/cf-execd.service -%{__install} -D -m 0644 %{S:8} %{buildroot}/%_unitdir/cf-monitord.service -%{__install} -D -m 0644 %{S:9} %{buildroot}/%_unitdir/cf-serverd.service +install -D -m 0644 %{SOURCE7} %{buildroot}/%{_unitdir}/cf-execd.service +install -D -m 0644 %{SOURCE8} %{buildroot}/%{_unitdir}/cf-monitord.service +install -D -m 0644 %{SOURCE9} %{buildroot}/%{_unitdir}/cf-serverd.service %else # install init scripts -%{__install} -d %{buildroot}/etc/init.d -%{__install} -m 0755 %{S:7} %{S:8} %{S:9} %{buildroot}/etc/init.d/ -%{__ln_s} -f ../../etc/init.d/cf-monitord %{buildroot}/%{_sbindir}/rccf-monitord -%{__ln_s} -f ../../etc/init.d/cf-execd %{buildroot}/%{_sbindir}/rccf-execd -%{__ln_s} -f ../../etc/init.d/cf-serverd %{buildroot}/%{_sbindir}/rccf-serverd +install -d %{buildroot}%{_sysconfdir}/init.d +install -m 0755 %{SOURCE7} %{SOURCE8} %{SOURCE9} %{buildroot}%{_initddir}/ +ln -s -f ../..%{_initddir}/cf-monitord %{buildroot}/%{_sbindir}/rccf-monitord +ln -s -f ../..%{_initddir}/cf-execd %{buildroot}/%{_sbindir}/rccf-execd +ln -s -f ../..%{_initddir}/cf-serverd %{buildroot}/%{_sbindir}/rccf-serverd # sed @workdir@ in initscripts/cron.d sed -i\ -e "s,@workdir@,%{workdir},g"\ -e "s,@basedir@,%{basedir},g" \ - %{buildroot}/etc/init.d/cf-* %{buildroot}/etc/cron.d/%{name} + %{buildroot}%{_initddir}/cf-* %{buildroot}%{_sysconfdir}/cron.d/%{name} %endif # create symlinks for sbin_PROGRAMS # because: cf-promises needs to be installed in /var/cfengine/work/bin for pre-validation of full configuration for i in cf-agent cf-execd cf-key cf-monitord cf-promises cf-runagent cf-serverd cf-upgrade; do - %{__ln_s} -f ../../..%{_sbindir}/${i} %{buildroot}%{workdir}/bin/${i} + ln -s -f ../../..%{_sbindir}/${i} %{buildroot}%{workdir}/bin/${i} done rm -rf %{buildroot}/%{_libdir}/%{name}/libpromises.la @@ -319,7 +297,7 @@ rm -rf %{buildroot}/%{_datadir}/%{name}/README # create man pages, see https://cfengine.com/dev/issues/2989 -%{__install} -d %{buildroot}/%{_mandir}/man8 +install -d %{buildroot}/%{_mandir}/man8 for i in cf-agent cf-execd cf-key cf-monitord cf-promises cf-runagent cf-serverd do LD_LIBRARY_PATH=%{buildroot}%{_libdir}/%{name} %{buildroot}%{_sbindir}/$i -M > %{buildroot}%{_mandir}/man8/$i.8 @@ -327,15 +305,15 @@ done %if 0%{?suse_version} > 1010 -install -D -m 644 %{S:1} $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/cfengine +install -D -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/cfengine %endif %if 0%{?suse_version} > 01020 -%fdupes %{buildroot}/usr/share/cfengine +%fdupes %{buildroot}%{_datadir}/cfengine %endif # systemd -%if %have_systemd +%if %{have_systemd} #################################################################### # Systemd @@ -375,13 +353,12 @@ %stop_on_removal cf-execd %stop_on_removal cf-serverd %else -/etc/init.d/cf-execd stop -/etc/init.d/cf-monitord stop -/etc/init.d/cf-serverd stop +%{_initddir}/cf-execd stop +%{_initddir}/cf-monitord stop +%{_initddir}/cf-serverd stop %endif -%post -/sbin/ldconfig +%post -p /sbin/ldconfig %postun %if 0%{?suse_version} > 1010 @@ -393,7 +370,7 @@ # Update ? if [ ${1:-0} -eq 1 ]; then for i in execd monitord serverd; do - /etc/init.d/cf-${i} restart + %{_initddir}/cf-${i} restart done else : @@ -419,12 +396,12 @@ %{_sbindir}/cf-upgrade %{_sbindir}/cf-runagent %{_sbindir}/rpmvercmp -%if %have_systemd -%_unitdir/cf-execd.service -%_unitdir/cf-monitord.service -%_unitdir/cf-serverd.service +%if %{have_systemd} +%{_unitdir}/cf-execd.service +%{_unitdir}/cf-monitord.service +%{_unitdir}/cf-serverd.service %else -%config %attr(0755,root,root) /etc/init.d/* +%config %attr(0755,root,root) %{_initddir}/* %{_sbindir}/rccf-execd %{_sbindir}/rccf-monitord %{_sbindir}/rccf-serverd @@ -439,8 +416,8 @@ %dir %{workdir} %{workdir}/* -%if !%have_systemd -%config(noreplace) /etc/cron.d/%{name} +%if !%{have_systemd} +%config(noreplace) %{_sysconfdir}/cron.d/%{name} %endif %files -n %{libsoname} ++++++ cfengine-fips.patch ++++++ Index: core-3.6.5/cf-key/cf-key-functions.c =================================================================== --- core-3.6.5.orig/cf-key/cf-key-functions.c +++ core-3.6.5/cf-key/cf-key-functions.c @@ -243,11 +243,11 @@ void KeepKeyPromises(const char *public_ printf("Making a key pair for cfengine, please wait, this could take a minute...\n"); #ifdef OPENSSL_NO_DEPRECATED - BN_set_word(rsa_bignum, 35); + BN_set_word(rsa_bignum, RSA_F4); if (!RSA_generate_key_ex(pair, 2048, rsa_bignum, NULL)) #else - pair = RSA_generate_key(2048, 35, NULL, NULL); + pair = RSA_generate_key(2048, 65537, NULL, NULL); if (pair == NULL) #endif Index: core-3.6.5/tests/unit/hash_test.c =================================================================== --- core-3.6.5.orig/tests/unit/hash_test.c +++ core-3.6.5/tests/unit/hash_test.c @@ -52,7 +52,7 @@ void tests_setup() initialized = 0; return; } - BN_set_word(bn, 3); + BN_set_word(bn, RSA_F4); RSA_generate_key_ex(rsa, 1024, bn, NULL); BN_free(bn); } Index: core-3.6.5/tests/unit/key_test.c =================================================================== --- core-3.6.5.orig/tests/unit/key_test.c +++ core-3.6.5/tests/unit/key_test.c @@ -25,7 +25,7 @@ void test_setup() initialized = 0; return; } - BN_set_word(bn, 3); + BN_set_word(bn, RSA_F4); RSA_generate_key_ex(rsa, 1024, bn, NULL); BN_free(bn); } Index: core-3.6.5/tests/unit/tls_generic_test.c =================================================================== --- core-3.6.5.orig/tests/unit/tls_generic_test.c +++ core-3.6.5/tests/unit/tls_generic_test.c @@ -54,7 +54,7 @@ static bool init_test_server() int ret; RSA *key = RSA_new(); BIGNUM *bignum = BN_new(); - BN_set_word(bignum, 17); + BN_set_word(bignum, RSA_F4); ret = RSA_generate_key_ex(key, 1024, bignum, NULL); if (!ret) { @@ -450,7 +450,7 @@ static bool init_test_client() int ret; RSA *key = RSA_new(); BIGNUM *bignum = BN_new(); - BN_set_word(bignum, 17); + BN_set_word(bignum, RSA_F4); ret = RSA_generate_key_ex(key, 1024, bignum, NULL); if (!ret) { -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
