Hello community,
here is the log from the commit of package apache2-mod_nss for openSUSE:Factory
checked in at 2019-09-13 14:57:34
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/apache2-mod_nss (Old)
and /work/SRC/openSUSE:Factory/.apache2-mod_nss.new.7948 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apache2-mod_nss"
Fri Sep 13 14:57:34 2019 rev:33 rq:730047 version:1.0.18
Changes:
--------
--- /work/SRC/openSUSE:Factory/apache2-mod_nss/apache2-mod_nss.changes
2019-07-08 15:10:38.787323293 +0200
+++
/work/SRC/openSUSE:Factory/.apache2-mod_nss.new.7948/apache2-mod_nss.changes
2019-09-13 14:57:47.657275903 +0200
@@ -1,0 +2,8 @@
+Tue Sep 10 11:01:45 UTC 2019 - Vítězslav Čížek <[email protected]>
+
+- Use a stronger password in gencert to pass the stricter tests in
+ FIPS mode (bsc#1150133)
+ * https://pagure.io/mod_nss/pull-request/48
+ * add mod_nss-gencert_stronger_password.patch
+
+-------------------------------------------------------------------
New:
----
mod_nss-gencert_stronger_password.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ apache2-mod_nss.spec ++++++
--- /var/tmp/diff_new_pack.DLxMmu/_old 2019-09-13 14:57:48.297275930 +0200
+++ /var/tmp/diff_new_pack.DLxMmu/_new 2019-09-13 14:57:48.301275931 +0200
@@ -39,6 +39,7 @@
Patch1: mod_nss-migrate.patch
Patch2: mod_nss-gencert-correct-ownership.patch
Patch4: mod_nss-gencert_use_ss_instead_of_netstat.patch
+Patch5: mod_nss-gencert_stronger_password.patch
BuildRequires: apache-rex
BuildRequires: apache-rpm-macros
BuildRequires: apache2-devel >= 2.2.12
@@ -74,9 +75,7 @@
%prep
%setup -q -n mod_nss-%{version}
-%patch1 -p1
-%patch2 -p1
-%patch4 -p1
+%autopatch -p1
# Touch expression parser sources to prevent regenerating it
touch nss_expr_*.[chyl]
++++++ mod_nss-gencert_stronger_password.patch ++++++
Index: mod_nss-1.0.18/gencert.in
===================================================================
--- mod_nss-1.0.18.orig/gencert.in 2019-09-10 13:43:27.548434070 +0200
+++ mod_nss-1.0.18/gencert.in 2019-09-10 13:43:53.424589071 +0200
@@ -75,6 +75,10 @@ VALIDITY=48
# 3 is the server cert "Server-Cert".
CERTSERIAL=0
+# Password for the certificate. Uses special characters and mixed case in order
+# to pass the strict NSS FIPS mode check
+PASSWORD="hTtp.Te5t"
+
if [ $# -lt 1 ]
then
echo "usage: $0 <destdir>" 1>&2
@@ -115,7 +119,7 @@ done
echo "TEST = $TEST"
echo "SNI = $SNI"
-echo "httptest" > $DEST/pw.txt
+echo "$PASSWORD" > $DEST/pw.txt
function generate_server_sni_cert {
hostname=$1
@@ -173,7 +177,7 @@ function generate_server_sni_cert {
echo ""
echo "#####################################################################"
echo "Generating new server certificate and key database. The password"
-echo "is httptest"
+echo "is $PASSWORD"
echo "#####################################################################"
$CERTUTIL -N -d $DBDIR -f $DEST/pw.txt
@@ -329,7 +333,7 @@ rm $DEST/pw.txt
rm $DEST/noise
echo ""
-echo "The database password is httptest"
+echo "The database password is $PASSWORD"
echo ""
# change the ownership of the NSS database so apache can access it
