From 5ec11c5a4f6d836c41d6b4e4928531723dc87139 Mon Sep 17 00:00:00 2001 From: Joe Orton Date: Sep 22 2017 07:05:04 +0000 Subject: Merge branch 'master' of ssh://pkgs.fedoraproject.org/rpms/httpd --- diff --git a/httpd-ssl-gencerts b/httpd-ssl-gencerts index 67b6d9a..371a838 100755 --- a/httpd-ssl-gencerts +++ b/httpd-ssl-gencerts @@ -5,18 +5,15 @@ set -e FQDN=`hostname` if test -f /etc/pki/tls/certs/localhost.crt -o \ - -f /etc/pki/tls/private/localhost.key -o \ - -f /etc/pki/tls/certs/localhost-ca.crt; then + -f /etc/pki/tls/private/localhost.key; then exit 1 fi sscg -q \ --cert-file /etc/pki/tls/certs/localhost.crt \ --cert-key-file /etc/pki/tls/private/localhost.key \ - --ca-file /etc/pki/tls/certs/localhost-ca.crt \ + --ca-file /etc/pki/tls/certs/localhost.crt \ --lifetime 365 \ --hostname $FQDN \ --email root@$FQDN -# mod_ssl will send the CA cert if it's appended to the server cert. -cat /etc/pki/tls/certs/localhost-ca.crt >> /etc/pki/tls/certs/localhost.crt diff --git a/httpd.spec b/httpd.spec index 16c9dde..b887b03 100644 --- a/httpd.spec +++ b/httpd.spec @@ -13,7 +13,7 @@ Summary: Apache HTTP Server Name: httpd Version: 2.4.27 -Release: 10%{?dist} +Release: 11%{?dist} URL: https://httpd.apache.org/ Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2 Source1: index.html @@ -158,7 +158,7 @@ BuildRequires: openssl-devel Requires(post): openssl, /bin/cat, hostname Requires(pre): httpd-filesystem Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa} -Requires: sscg >= 2.1.0 +Requires: sscg >= 2.2.0 Obsoletes: stronghold-mod_ssl # Require an OpenSSL which supports PROFILE=SYSTEM Conflicts: openssl-libs < 1:1.0.1h-4 @@ -689,6 +689,9 @@ rm -rf $RPM_BUILD_ROOT %{_rpmconfigdir}/macros.d/macros.httpd %changelog +* Thu Sep 21 2017 Stephen Gallagher - 2.4.27-11 +- Require sscg 2.2.0 for creating service and CA certificates together + * Thu Sep 21 2017 Jeroen van Meeuwen - 2.4.27-10 - Address CVE-2017-9798 by applying patch from upstream (#1490344)