diff --git a/AusweisApp2.spec b/AusweisApp2.spec index 6a840d3..7f49177 100644 --- a/AusweisApp2.spec +++ b/AusweisApp2.spec @@ -22,7 +22,7 @@ fipshmac "$bindir/%{name}" \ Name: AusweisApp2 Version: 1.20.2 -Release: 2%{?dist} +Release: 3%{?dist} Summary: %{pkg_sum} # Init forge packaging helpers. @@ -132,15 +132,15 @@ install -pm 0644 %{SOURCE1} LICENSE.en.txt # Create custom configuration for OpenSSL basing on the system's default # configuration to enable all ciphers required by the application. # This basically modifies the system's default configuration to enable -# all RSA-PSK algorithms and the ciphers using SHA384. +# all RSA-PSK algorithms. # A shell wrapper around the AusweisApp2 binary will take care of injecting # this configuration before application startup and only for this specific # application. cat << EOF > %{name}_openssl.cnf # This application specific OpenSSL configuration file basically # modifies the system's default configuration to enable all -# RSA-PSK algorithms and the ciphers using SHA384, which are -# needed for AusweisApp2 to have full functionality. +# RSA-PSK algorithms, which are needed for AusweisApp2 to provide +# full functionality for the end-user. openssl_conf = AusweisApp2_conf @@ -153,8 +153,7 @@ system_default = AusweisApp2_ciphers [AusweisApp2_ciphers] EOF grep 'CipherString' %{_datadir}/crypto-policies/DEFAULT/opensslcnf.txt | \ -sed -e 's!:-!:kRSAPSK&!' -e 's!:-kRSAPSK!!' -e 's!:-SHA384!!' \ - >> %{name}_openssl.cnf +sed -e 's!:-!:kRSAPSK&!' -e 's!:-kRSAPSK!!' >> %{name}_openssl.cnf grep -v 'CipherString' %{_datadir}/crypto-policies/DEFAULT/opensslcnf.txt \ >> %{name}_openssl.cnf @@ -276,6 +275,9 @@ desktop-file-validate %{buildroot}%{_datadir}/applications/*.desktop %changelog +* Wed Sep 23 2020 Björn Esser - 1.20.2-3 +- Do not enable SHA384 ciphers in custom OpenSSL configuration + * Wed Sep 23 2020 Björn Esser - 1.20.2-2 - Use application specific OpenSSL config through a shell wrapper