Hello community, here is the log from the commit of package apache2 for openSUSE:12.2 checked in at 2012-07-30 20:11:19 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.2/apache2 (Old) and /work/SRC/openSUSE:12.2/.apache2.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "apache2", Maintainer is "draht@suse.com" Changes: -------- --- /work/SRC/openSUSE:12.2/apache2/apache2.changes 2012-07-12 10:37:22.000000000 +0200 +++ /work/SRC/openSUSE:12.2/.apache2.new/apache2.changes 2012-07-30 20:12:15.000000000 +0200 @@ -1,0 +2,6 @@ +Wed Jul 25 11:32:34 UTC 2012 - saschpe@suse.de + +- gensslcert: Use 0400 permissions for generated SSL certificate files + instead of 0644 + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gensslcert ++++++ --- /var/tmp/diff_new_pack.9pzXfR/_old 2012-07-30 20:12:32.000000000 +0200 +++ /var/tmp/diff_new_pack.9pzXfR/_new 2012-07-30 20:12:32.000000000 +0200 @@ -91,7 +91,7 @@ # CA # echo;myecho creating CA key ... -$openssl genrsa -rand $r/var/log/y2log:$r/var/log/messages -out $sslkeydir/${name}ca.key 2048 || myexit $LINENO $? +(umask 0377 ; $openssl genrsa -rand $r/var/log/y2log:$r/var/log/messages -out $sslkeydir/${name}ca.key 2048 || myexit $LINENO $?) cat >$r/root/.mkcert.cfg <<EOT [ req ] @@ -116,7 +116,7 @@ EOT echo;myecho creating CA request/certificate ... -$openssl req -config $r/root/.mkcert.cfg -new -x509 -days $CAdays -key $sslkeydir/${name}ca.key -out $sslcrtdir/${name}ca.crt || myexit $LINENO $? +(umask 0377 ; $openssl req -config $r/root/.mkcert.cfg -new -x509 -days $CAdays -key $sslkeydir/${name}ca.key -out $sslcrtdir/${name}ca.crt || myexit $LINENO $?) cp -pv $sslcrtdir/${name}ca.crt $r/srv/www/htdocs/$(echo $name | tr 'a-z' 'A-Z')CA.crt @@ -124,7 +124,7 @@ # Server CERT # echo;myecho creating server key ... -$openssl genrsa -rand $r/etc/rc.config:$r/var/log/messages -out $sslkeydir/${name}server.key 1024 || myexit $LINENO $? +(umask 0377 ; $openssl genrsa -rand $r/etc/rc.config:$r/var/log/messages -out $sslkeydir/${name}server.key 1024 || myexit $LINENO $?) cat >$r/root/.mkcert.cfg <<EOT [ req ] @@ -149,7 +149,7 @@ EOT echo;myecho creating server request ... -$openssl req -config $r/root/.mkcert.cfg -new -key $sslkeydir/${name}server.key -out $sslcsrdir/${name}server.csr || myexit $LINENO $? +(umask 0377 ; $openssl req -config $r/root/.mkcert.cfg -new -key $sslkeydir/${name}server.key -out $sslcsrdir/${name}server.csr || myexit $LINENO $?) cat >$r/root/.mkcert.cfg <<EOT @@ -163,14 +163,14 @@ test -f $r/root/.mkcert.serial || echo 01 >$r/root/.mkcert.serial myecho "creating server certificate ..." -$openssl x509 \ +(umask 0377 ; $openssl x509 \ -extfile $r/root/.mkcert.cfg \ -days $srvdays \ -CAserial $r/root/.mkcert.serial \ -CA $sslcrtdir/${name}ca.crt \ -CAkey $sslkeydir/${name}ca.key \ -in $sslcsrdir/${name}server.csr -req \ - -out $sslcrtdir/${name}server.crt || myexit $LINENO $? + -out $sslcrtdir/${name}server.crt || myexit $LINENO $?) rm -f $r/root/.mkcert.cfg -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org