From 9cf17bc358802490213a18793e819479a0224fd3 Mon Sep 17 00:00:00 2001 From: Pawel Date: Wed, 7 Oct 2020 05:24:47 -0700 Subject: [PATCH 1/3] Updating cert bundle paths. --- SPECS/curl/curl.spec | 6 ++++-- SPECS/gnutls/gnutls.spec | 6 ++++-- SPECS/wget/wget.spec | 6 ++++-- .../manifests/package/pkggen_core_aarch64.txt | 6 +++--- .../manifests/package/pkggen_core_x86_64.txt | 6 +++--- .../manifests/package/toolchain_aarch64.txt | 12 ++++++------ .../resources/manifests/package/toolchain_x86_64.txt | 12 ++++++------ 7 files changed, 30 insertions(+), 24 deletions(-) diff --git a/SPECS/curl/curl.spec b/SPECS/curl/curl.spec index 8d179e0f157..0af41e97f52 100644 --- a/SPECS/curl/curl.spec +++ b/SPECS/curl/curl.spec @@ -1,7 +1,7 @@ Summary: An URL retrieval utility and library Name: curl Version: 7.68.0 -Release: 1%{?dist} +Release: 2%{?dist} License: MIT URL: http://curl.haxx.se Group: System Environment/NetworkingLibraries @@ -47,7 +47,7 @@ This package contains minimal set of shared curl libraries. --with-ssl \ --with-gssapi \ --with-libssh2 \ - --with-ca-bundle=/etc/pki/tls/certs/ca-bundle.crt \ + --with-ca-bundle=/etc/pki/tls/certs/ca-bundle.trust.crt \ --with-ca-path=/etc/ssl/certs make %{?_smp_mflags} @@ -87,6 +87,8 @@ rm -rf %{buildroot}/* %{_libdir}/libcurl.so.* %changelog +* Wed Oct 07 2020 Pawel Winogrodzki 7.68.0-2 +- Updating certificate bundle path to include full set of trust information. * Tue Aug 11 2020 Pawel Winogrodzki 7.68.0-1 - Upgrading to 7.68.0 to enable verification against a partial cert chain. * Thu May 14 2020 Nicolas Ontiveros 7.66.0-1 diff --git a/SPECS/gnutls/gnutls.spec b/SPECS/gnutls/gnutls.spec index 419793c211d..3f8dfa1e2a5 100644 --- a/SPECS/gnutls/gnutls.spec +++ b/SPECS/gnutls/gnutls.spec @@ -1,7 +1,7 @@ Summary: The GnuTLS Transport Layer Security Library Name: gnutls Version: 3.6.14 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv3+ and LGPLv2+ URL: https://www.gnutls.org Source0: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.6/%{name}-%{version}.tar.xz @@ -44,7 +44,7 @@ developing applications that use gnutls. --disable-openssl-compatibility \ --with-included-unistring \ --with-system-priority-file=%{_sysconfdir}/gnutls/default-priorities \ - --with-default-trust-store-file=%{_sysconfdir}/pki/tls/certs/ca-bundle.crt \ + --with-default-trust-store-file=%{_sysconfdir}/pki/tls/certs/ca-bundle.trust.crt \ --with-default-trust-store-dir=%{_sysconfdir}/ssl/certs make %{?_smp_mflags} @@ -88,6 +88,8 @@ make %{?_smp_mflags} check %{_mandir}/man3/* %changelog +* Wed Oct 07 2020 Pawel Winogrodzki 3.6.14-2 +- Updating certificate bundle path to include full set of trust information. * Fri Aug 21 2020 Andrew Phelps 3.6.14-1 - Update to version 3.6.14 for CVE-2020-13777 * Sat May 09 2020 Nick Samson 3.6.8-3 diff --git a/SPECS/wget/wget.spec b/SPECS/wget/wget.spec index 4e66f79f04b..ff5da122be0 100644 --- a/SPECS/wget/wget.spec +++ b/SPECS/wget/wget.spec @@ -1,7 +1,7 @@ Summary: A network utility to retrieve files from the Web Name: wget Version: 1.20.3 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv3+ URL: https://www.gnu.org/software/wget/wget.html Group: System Environment/NetworkingPrograms @@ -40,7 +40,7 @@ make DESTDIR=%{buildroot} install install -vdm 755 %{buildroot}/etc cat >> %{buildroot}/etc/wgetrc <<-EOF # default root certs location - ca_certificate=/etc/pki/tls/certs/ca-bundle.crt + ca_certificate=/etc/pki/tls/certs/ca-bundle.trust.crt ca_directory = /etc/ssl/certs EOF rm -rf %{buildroot}/%{_infodir} @@ -62,6 +62,8 @@ rm -rf %{buildroot}/* %{_mandir}/man1/* %changelog +* Wed Oct 07 2020 Pawel Winogrodzki 1.20.3-2 +- Updating certificate bundle path to include full set of trust information. * Mon Jun 08 2020 Joe Schmitt 1.20.3-1 - Update to version 1.20.3 to resolve CVE-2019-5953. - Use https for URL. diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index 0b1460e8d82..25fc8ae720f 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -129,9 +129,9 @@ libsolv-0.7.7-4.cm1.aarch64.rpm libsolv-devel-0.7.7-4.cm1.aarch64.rpm libssh2-1.9.0-1.cm1.aarch64.rpm libssh2-devel-1.9.0-1.cm1.aarch64.rpm -curl-7.68.0-1.cm1.aarch64.rpm -curl-devel-7.68.0-1.cm1.aarch64.rpm -curl-libs-7.68.0-1.cm1.aarch64.rpm +curl-7.68.0-2.cm1.aarch64.rpm +curl-devel-7.68.0-2.cm1.aarch64.rpm +curl-libs-7.68.0-2.cm1.aarch64.rpm tdnf-2.1.0-4.cm1.aarch64.rpm tdnf-cli-libs-2.1.0-4.cm1.aarch64.rpm tdnf-devel-2.1.0-4.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index 40d788c287e..f0fae29b2fc 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -129,9 +129,9 @@ libsolv-0.7.7-4.cm1.x86_64.rpm libsolv-devel-0.7.7-4.cm1.x86_64.rpm libssh2-1.9.0-1.cm1.x86_64.rpm libssh2-devel-1.9.0-1.cm1.x86_64.rpm -curl-7.68.0-1.cm1.x86_64.rpm -curl-devel-7.68.0-1.cm1.x86_64.rpm -curl-libs-7.68.0-1.cm1.x86_64.rpm +curl-7.68.0-2.cm1.x86_64.rpm +curl-devel-7.68.0-2.cm1.x86_64.rpm +curl-libs-7.68.0-2.cm1.x86_64.rpm tdnf-2.1.0-4.cm1.x86_64.rpm tdnf-cli-libs-2.1.0-4.cm1.x86_64.rpm tdnf-devel-2.1.0-4.cm1.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 6bdbb7ba44d..33e851752ff 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -47,10 +47,10 @@ cryptsetup-debuginfo-2.3.3-2.cm1.aarch64.rpm cryptsetup-devel-2.3.3-2.cm1.aarch64.rpm cryptsetup-libs-2.3.3-2.cm1.aarch64.rpm cryptsetup-reencrypt-2.3.3-2.cm1.aarch64.rpm -curl-7.68.0-1.cm1.aarch64.rpm -curl-debuginfo-7.68.0-1.cm1.aarch64.rpm -curl-devel-7.68.0-1.cm1.aarch64.rpm -curl-libs-7.68.0-1.cm1.aarch64.rpm +curl-7.68.0-2.cm1.aarch64.rpm +curl-debuginfo-7.68.0-2.cm1.aarch64.rpm +curl-devel-7.68.0-2.cm1.aarch64.rpm +curl-libs-7.68.0-2.cm1.aarch64.rpm device-mapper-2.03.05-5.cm1.aarch64.rpm device-mapper-devel-2.03.05-5.cm1.aarch64.rpm device-mapper-event-2.03.05-5.cm1.aarch64.rpm @@ -378,8 +378,8 @@ util-linux-devel-2.32.1-3.cm1.aarch64.rpm util-linux-lang-2.32.1-3.cm1.aarch64.rpm util-linux-libs-2.32.1-3.cm1.aarch64.rpm veritysetup-2.3.3-2.cm1.aarch64.rpm -wget-1.20.3-1.cm1.aarch64.rpm -wget-debuginfo-1.20.3-1.cm1.aarch64.rpm +wget-1.20.3-2.cm1.aarch64.rpm +wget-debuginfo-1.20.3-2.cm1.aarch64.rpm which-2.21-7.cm1.aarch64.rpm which-debuginfo-2.21-7.cm1.aarch64.rpm xz-5.2.4-3.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index e5fdf7d1b97..b91cf4fd13f 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -47,10 +47,10 @@ cryptsetup-debuginfo-2.3.3-2.cm1.x86_64.rpm cryptsetup-devel-2.3.3-2.cm1.x86_64.rpm cryptsetup-libs-2.3.3-2.cm1.x86_64.rpm cryptsetup-reencrypt-2.3.3-2.cm1.x86_64.rpm -curl-7.68.0-1.cm1.x86_64.rpm -curl-debuginfo-7.68.0-1.cm1.x86_64.rpm -curl-devel-7.68.0-1.cm1.x86_64.rpm -curl-libs-7.68.0-1.cm1.x86_64.rpm +curl-7.68.0-2.cm1.x86_64.rpm +curl-debuginfo-7.68.0-2.cm1.x86_64.rpm +curl-devel-7.68.0-2.cm1.x86_64.rpm +curl-libs-7.68.0-2.cm1.x86_64.rpm device-mapper-2.03.05-5.cm1.x86_64.rpm device-mapper-devel-2.03.05-5.cm1.x86_64.rpm device-mapper-event-2.03.05-5.cm1.x86_64.rpm @@ -378,8 +378,8 @@ util-linux-devel-2.32.1-3.cm1.x86_64.rpm util-linux-lang-2.32.1-3.cm1.x86_64.rpm util-linux-libs-2.32.1-3.cm1.x86_64.rpm veritysetup-2.3.3-2.cm1.x86_64.rpm -wget-1.20.3-1.cm1.x86_64.rpm -wget-debuginfo-1.20.3-1.cm1.x86_64.rpm +wget-1.20.3-2.cm1.x86_64.rpm +wget-debuginfo-1.20.3-2.cm1.x86_64.rpm which-2.21-7.cm1.x86_64.rpm which-debuginfo-2.21-7.cm1.x86_64.rpm xz-5.2.4-3.cm1.x86_64.rpm From a53b8d5b45086fc83fc093ff096482ee65fcdb75 Mon Sep 17 00:00:00 2001 From: Pawel Date: Wed, 7 Oct 2020 06:19:24 -0700 Subject: [PATCH 2/3] Updating cgmanifest.json. --- cgmanifest.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/cgmanifest.json b/cgmanifest.json index 772aed51dcd..a87dae37c81 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -666,8 +666,8 @@ "type": "other", "other": { "name": "curl", - "version": "7.66.0", - "downloadUrl": "http://curl.haxx.se/download/curl-7.66.0.tar.gz" + "version": "7.68.0", + "downloadUrl": "http://curl.haxx.se/download/curl-7.68.0.tar.gz" } } }, @@ -1266,8 +1266,8 @@ "type": "other", "other": { "name": "gnutls", - "version": "3.6.8", - "downloadUrl": "ftp://ftp.gnutls.org/gcrypt/gnutls/v3.6/gnutls-3.6.8.tar.xz" + "version": "3.6.14", + "downloadUrl": "ftp://ftp.gnutls.org/gcrypt/gnutls/v3.6/gnutls-3.6.14.tar.xz" } } }, From 346cae54df4552efbf5595a28cc13732b6f42235 Mon Sep 17 00:00:00 2001 From: Pawel Date: Wed, 7 Oct 2020 07:20:26 -0700 Subject: [PATCH 3/3] Updating e-mails. --- SPECS/curl/curl.spec | 2 +- SPECS/gnutls/gnutls.spec | 2 +- SPECS/wget/wget.spec | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/SPECS/curl/curl.spec b/SPECS/curl/curl.spec index 0af41e97f52..63faa7b546d 100644 --- a/SPECS/curl/curl.spec +++ b/SPECS/curl/curl.spec @@ -87,7 +87,7 @@ rm -rf %{buildroot}/* %{_libdir}/libcurl.so.* %changelog -* Wed Oct 07 2020 Pawel Winogrodzki 7.68.0-2 +* Wed Oct 07 2020 Pawel Winogrodzki 7.68.0-2 - Updating certificate bundle path to include full set of trust information. * Tue Aug 11 2020 Pawel Winogrodzki 7.68.0-1 - Upgrading to 7.68.0 to enable verification against a partial cert chain. diff --git a/SPECS/gnutls/gnutls.spec b/SPECS/gnutls/gnutls.spec index 3f8dfa1e2a5..696f52c7b8f 100644 --- a/SPECS/gnutls/gnutls.spec +++ b/SPECS/gnutls/gnutls.spec @@ -88,7 +88,7 @@ make %{?_smp_mflags} check %{_mandir}/man3/* %changelog -* Wed Oct 07 2020 Pawel Winogrodzki 3.6.14-2 +* Wed Oct 07 2020 Pawel Winogrodzki 3.6.14-2 - Updating certificate bundle path to include full set of trust information. * Fri Aug 21 2020 Andrew Phelps 3.6.14-1 - Update to version 3.6.14 for CVE-2020-13777 diff --git a/SPECS/wget/wget.spec b/SPECS/wget/wget.spec index ff5da122be0..423af80818b 100644 --- a/SPECS/wget/wget.spec +++ b/SPECS/wget/wget.spec @@ -62,7 +62,7 @@ rm -rf %{buildroot}/* %{_mandir}/man1/* %changelog -* Wed Oct 07 2020 Pawel Winogrodzki 1.20.3-2 +* Wed Oct 07 2020 Pawel Winogrodzki 1.20.3-2 - Updating certificate bundle path to include full set of trust information. * Mon Jun 08 2020 Joe Schmitt 1.20.3-1 - Update to version 1.20.3 to resolve CVE-2019-5953.