[httpd] pull in httpd-filesystem as Requires(pre) (#1128328)
jorton
jorton at fedoraproject.org
Fri Aug 29 13:45:55 UTC 2014
commit 793563ad40c65d89906e61a3f83ded4dcb7996f8
Author: Joe Orton <jorton at redhat.com>
Date: Fri Aug 29 14:45:59 2014 +0100
pull in httpd-filesystem as Requires(pre) (#1128328)
- fix cipher selection in default ssl.conf, depend on new OpenSSL (#1134348)
- require hostname for mod_ssl post script (#1135118)
Resolves: rhbz#1135118
Resolves: rhbz#1134348
Resolves: rhbz#1128328
httpd.spec | 6 +++++-
ssl.conf | 2 +-
2 files changed, 6 insertions(+), 2 deletions(-)
---
diff --git a/httpd.spec b/httpd.spec
index ed5e365..05ba3d7 100644
--- a/httpd.spec
+++ b/httpd.spec
@@ -148,10 +148,12 @@ Group: System Environment/Daemons
Summary: SSL/TLS module for the Apache HTTP Server
Epoch: 1
BuildRequires: openssl-devel
-Requires(post): openssl, /bin/cat
+Requires(post): openssl, /bin/cat, /bin/hostname
Requires(pre): httpd-filesystem
Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
Obsoletes: stronghold-mod_ssl
+# Require an OpenSSL which supports PROFILE=SYSTEM
+Conflicts: openssl < 1:1.0.1h-4
%description -n mod_ssl
The mod_ssl module provides strong cryptography for the Apache Web
@@ -669,6 +671,8 @@ rm -rf $RPM_BUILD_ROOT
%changelog
* Fri Aug 29 2014 Joe Orton <jorton at redhat.com> - 2.4.10-8
- pull in httpd-filesystem as Requires(pre) (#1128328)
+- fix cipher selection in default ssl.conf, depend on new OpenSSL (#1134348)
+- require hostname for mod_ssl post script (#1135118)
* Fri Aug 22 2014 Jan Kaluza <jkaluza at redhat.com> - 2.4.10-7
- mod_systemd: updated to the latest version
diff --git a/ssl.conf b/ssl.conf
index c6b1b27..9dba7c9 100644
--- a/ssl.conf
+++ b/ssl.conf
@@ -80,7 +80,7 @@ SSLProtocol all -SSLv2
# The OpenSSL system profile is configured by default. See
# update-crypto-policies(8) for more details.
#SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
-SSLCipherSuite PROFILE=DEFAULT
+SSLCipherSuite PROFILE=SYSTEM
# Speed-optimized SSL Cipher configuration:
# If speed is your main concern (on busy HTTPS servers e.g.),
More information about the scm-commits
mailing list