From 21430b4d602b4d7f3a82227be72a459cee035c7e Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Wed, 17 Jul 2019 13:57:55 -0400
Subject: [PATCH] Update to upstream 0.79.8

---
 .gitignore                                    |   1 +
 ...y-sets-minimum-RSA-and-DSA-key-size-.patch | 293 ------------------
 ...-var-run-run-in-systemd-service-file.patch |  32 --
 certmonger.spec                               |  12 +-
 sources                                       |   2 +-
 5 files changed, 7 insertions(+), 333 deletions(-)
 delete mode 100644 0001-NSS-crypto-policy-sets-minimum-RSA-and-DSA-key-size-.patch
 delete mode 100644 0002-Change-var-run-run-in-systemd-service-file.patch

diff --git a/.gitignore b/.gitignore
index c9af2d5..5f86d0a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -124,3 +124,4 @@ certmonger-0.28.tar.gz
 /certmonger-0.79.5.tar.gz
 /certmonger-0.79.6.tar.gz
 /certmonger-0.79.7.tar.gz
+/certmonger-0.79.8.tar.gz
diff --git a/0001-NSS-crypto-policy-sets-minimum-RSA-and-DSA-key-size-.patch b/0001-NSS-crypto-policy-sets-minimum-RSA-and-DSA-key-size-.patch
deleted file mode 100644
index 8e19e28..0000000
--- a/0001-NSS-crypto-policy-sets-minimum-RSA-and-DSA-key-size-.patch
+++ /dev/null
@@ -1,293 +0,0 @@
-From fd17f002b2f4150a1fddc2582a21c6c03933a28a Mon Sep 17 00:00:00 2001
-From: Rob Crittenden <rcritten@redhat.com>
-Date: Fri, 23 Feb 2018 10:43:44 -0500
-Subject: [PATCH] NSS crypto policy sets minimum RSA and DSA key size to 2048
-
-Remove keys < 2048 for the NSS tests. This affects some of the
-OpenSSL tests as well where they run in a combined loop.
-
-Where it was not invasive to do I left the 1024/1536 for OpenSSL.
----
- tests/001-keyiread-dsa/expected.out |  6 +++---
- tests/001-keyiread-dsa/run.sh       |  2 +-
- tests/001-keyiread-rsa/expected.out |  2 --
- tests/001-keyiread-rsa/run.sh       |  2 +-
- tests/001-keyiread/expected.out     |  2 --
- tests/001-keyiread/run.sh           |  2 +-
- tests/002-keygen-rsa/expected.out   |  6 ------
- tests/002-keygen-rsa/run.sh         |  2 +-
- tests/002-keygen/expected.out       | 18 ------------------
- tests/002-keygen/run.sh             |  2 +-
- tests/003-csrgen-rsa/expected.out   |  6 ------
- tests/003-csrgen-rsa/run.sh         |  4 ++--
- tests/003-csrgen/expected.out       |  8 --------
- tests/003-csrgen/run.sh             |  4 ++--
- tests/004-selfsign-rsa/expected.out |  2 --
- tests/004-selfsign-rsa/run.sh       |  2 +-
- tests/004-selfsign/expected.out     |  2 --
- tests/004-selfsign/run.sh           |  2 +-
- 18 files changed, 14 insertions(+), 60 deletions(-)
-
-diff --git a/tests/001-keyiread-dsa/expected.out b/tests/001-keyiread-dsa/expected.out
-index b09db0ae..50643176 100644
---- a/tests/001-keyiread-dsa/expected.out
-+++ b/tests/001-keyiread-dsa/expected.out
-@@ -1,4 +1,4 @@
--OK (DSA:1024).
--OK (DSA:1024).
--OK (DSA:1024).
-+OK (DSA:2048).
-+OK (DSA:2048).
-+OK (DSA:2048).
- Test complete.
-diff --git a/tests/001-keyiread-dsa/run.sh b/tests/001-keyiread-dsa/run.sh
-index 9f96b3bc..68f6d1c3 100755
---- a/tests/001-keyiread-dsa/run.sh
-+++ b/tests/001-keyiread-dsa/run.sh
-@@ -5,7 +5,7 @@ cd "$tmpdir"
- source "$srcdir"/functions
- initnssdb "$tmpdir"
- 
--for size in 1024 ; do
-+for size in 2048 ; do
- 	# Generate a self-signed cert.
- 	run_certutil -d "$tmpdir" -S -g $size -n keyi$size \
- 		-s "cn=T$size" -c "cn=T$size" \
-diff --git a/tests/001-keyiread-rsa/expected.out b/tests/001-keyiread-rsa/expected.out
-index 727897d1..3daa51f2 100644
---- a/tests/001-keyiread-rsa/expected.out
-+++ b/tests/001-keyiread-rsa/expected.out
-@@ -1,5 +1,3 @@
--OK (RSA:1024).
--OK (RSA:1536).
- OK (RSA:2048).
- OK (RSA:3072).
- OK (RSA:4096).
-diff --git a/tests/001-keyiread-rsa/run.sh b/tests/001-keyiread-rsa/run.sh
-index c7b77686..ec31c7c7 100755
---- a/tests/001-keyiread-rsa/run.sh
-+++ b/tests/001-keyiread-rsa/run.sh
-@@ -5,7 +5,7 @@ cd "$tmpdir"
- source "$srcdir"/functions
- initnssdb "$tmpdir"
- 
--for size in 1024 1536 2048 3072 4096 ; do
-+for size in 2048 3072 4096 ; do
- 	# Generate a self-signed cert.
- 	run_certutil -d "$tmpdir" -S -g $size -n keyi$size \
- 		-s "cn=T$size" -c "cn=T$size" \
-diff --git a/tests/001-keyiread/expected.out b/tests/001-keyiread/expected.out
-index 727897d1..3daa51f2 100644
---- a/tests/001-keyiread/expected.out
-+++ b/tests/001-keyiread/expected.out
-@@ -1,5 +1,3 @@
--OK (RSA:1024).
--OK (RSA:1536).
- OK (RSA:2048).
- OK (RSA:3072).
- OK (RSA:4096).
-diff --git a/tests/001-keyiread/run.sh b/tests/001-keyiread/run.sh
-index ce1428ed..0b31df95 100755
---- a/tests/001-keyiread/run.sh
-+++ b/tests/001-keyiread/run.sh
-@@ -5,7 +5,7 @@ cd "$tmpdir"
- source "$srcdir"/functions
- initnssdb "$tmpdir"
- 
--for size in 1024 1536 2048 3072 4096 ; do
-+for size in 2048 3072 4096 ; do
- 	# Generate a self-signed cert.
- 	run_certutil -d "$tmpdir" -S -g $size -n keyi$size \
- 		-s "cn=T$size" -c "cn=T$size" \
-diff --git a/tests/002-keygen-rsa/expected.out b/tests/002-keygen-rsa/expected.out
-index 3e6e9f3c..f7c146d0 100644
---- a/tests/002-keygen-rsa/expected.out
-+++ b/tests/002-keygen-rsa/expected.out
-@@ -1,9 +1,3 @@
--[nss:1024]
--OK.
--OK (RSA:1024).
--[nss:1536]
--OK.
--OK (RSA:1536).
- [nss:2048]
- OK.
- OK (RSA:2048).
-diff --git a/tests/002-keygen-rsa/run.sh b/tests/002-keygen-rsa/run.sh
-index 476f4127..c0c59249 100755
---- a/tests/002-keygen-rsa/run.sh
-+++ b/tests/002-keygen-rsa/run.sh
-@@ -5,7 +5,7 @@ cd "$tmpdir"
- source "$srcdir"/functions
- initnssdb "$tmpdir"
- 
--for size in 1024 1536 2048 3072 4096 ; do
-+for size in 2048 3072 4096 ; do
- 	echo "[nss:$size]"
- 	# Generate a key.
- 	cat > entry.$size <<- EOF
-diff --git a/tests/002-keygen/expected.out b/tests/002-keygen/expected.out
-index dcd1af06..b8fbea56 100644
---- a/tests/002-keygen/expected.out
-+++ b/tests/002-keygen/expected.out
-@@ -1,21 +1,3 @@
--[nss:1024]
--OK.
--OK (RSA:1024).
--OK.
--OK (RSA:1024 after RSA:1024).
--OK.
--OK (RSA:1024 after RSA:1024).
--keyi1024
--keyi1024 (candidate (next))
--[nss:1536]
--OK.
--OK (RSA:1536).
--OK.
--OK (RSA:1536 after RSA:1536).
--OK.
--OK (RSA:1536 after RSA:1536).
--keyi1536
--keyi1536 (candidate (next))
- [nss:2048]
- OK.
- OK (RSA:2048).
-diff --git a/tests/002-keygen/run.sh b/tests/002-keygen/run.sh
-index 08af1523..94230e6f 100755
---- a/tests/002-keygen/run.sh
-+++ b/tests/002-keygen/run.sh
-@@ -7,7 +7,7 @@ scheme="${scheme:-dbm:}"
- source "$srcdir"/functions
- initnssdb "$scheme$tmpdir"
- 
--for size in 1024 1536 2048 3072 4096 ; do
-+for size in 2048 3072 4096 ; do
- 	echo "[nss:$size]"
- 	# Generate a key.
- 	cat > entry.$size <<- EOF
-diff --git a/tests/003-csrgen-rsa/expected.out b/tests/003-csrgen-rsa/expected.out
-index c9dec729..def53fe4 100644
---- a/tests/003-csrgen-rsa/expected.out
-+++ b/tests/003-csrgen-rsa/expected.out
-@@ -1,10 +1,4 @@
- pk12util: PKCS12 EXPORT SUCCESSFUL
--1024 OK.
--Signature OK
--pk12util: PKCS12 EXPORT SUCCESSFUL
--1536 OK.
--Signature OK
--pk12util: PKCS12 EXPORT SUCCESSFUL
- 2048 OK.
- Signature OK
- pk12util: PKCS12 EXPORT SUCCESSFUL
-diff --git a/tests/003-csrgen-rsa/run.sh b/tests/003-csrgen-rsa/run.sh
-index 4cd84084..bb8ebecb 100755
---- a/tests/003-csrgen-rsa/run.sh
-+++ b/tests/003-csrgen-rsa/run.sh
-@@ -5,7 +5,7 @@ cd "$tmpdir"
- source "$srcdir"/functions
- initnssdb "$tmpdir"
- 
--for size in 1024 1536 2048 3072 4096 ; do
-+for size in 2048 3072 4096 ; do
- 	# Build a self-signed certificate.
- 	run_certutil -d "$tmpdir" -S -g $size -n keyi$size \
- 		-s "cn=T$size" -c "cn=T$size" \
-@@ -147,7 +147,7 @@ iterate() {
- 
- iteration=1
- 
--for size in 1024 ; do
-+for size in 2048 ; do
- 	iterate "$size" "$subject" "$hostname" "$email" "$principal" "$ku" "$eku" "$challengepassword" "$certfname" "$ca" "$capathlen" "$crldp" "$ocsp" "$nscomment"
- done
- 
-diff --git a/tests/003-csrgen/expected.out b/tests/003-csrgen/expected.out
-index 8e6cac6e..04342c0f 100644
---- a/tests/003-csrgen/expected.out
-+++ b/tests/003-csrgen/expected.out
-@@ -1,13 +1,5 @@
- pk12util: PKCS12 EXPORT SUCCESSFUL
- Signature OK
--minicert.openssl.1024.pem: OK
--1024 OK.
--pk12util: PKCS12 EXPORT SUCCESSFUL
--Signature OK
--minicert.openssl.1536.pem: OK
--1536 OK.
--pk12util: PKCS12 EXPORT SUCCESSFUL
--Signature OK
- minicert.openssl.2048.pem: OK
- 2048 OK.
- pk12util: PKCS12 EXPORT SUCCESSFUL
-diff --git a/tests/003-csrgen/run.sh b/tests/003-csrgen/run.sh
-index 7c169ed9..31466b5c 100755
---- a/tests/003-csrgen/run.sh
-+++ b/tests/003-csrgen/run.sh
-@@ -5,7 +5,7 @@ cd "$tmpdir"
- source "$srcdir"/functions
- initnssdb "$tmpdir"
- 
--for size in 1024 1536 2048 3072 4096 ; do
-+for size in 2048 3072 4096 ; do
- 	# Build a self-signed certificate.
- 	run_certutil -d "$tmpdir" -S -g $size -n keyi$size \
- 		-s "cn=T$size" -c "cn=T$size" \
-@@ -199,7 +199,7 @@ iterate() {
- 
- iteration=1
- 
--for size in 1024 ; do
-+for size in 2048 ; do
- 	iterate "$size" "$subject" "$hostname" "$email" "$principal" "$ku" "$eku" "$challengepassword" "$certfname" "$ca" "$capathlen" "$crldp" "$ocsp" "$nscomment" "$subjectder" "$ipaddress" "$freshestcrl" "$no_ocsp_check" "$profile" "$ns_certtype"
- done
- 
-diff --git a/tests/004-selfsign-rsa/expected.out b/tests/004-selfsign-rsa/expected.out
-index dd5029ec..0eb84ef1 100644
---- a/tests/004-selfsign-rsa/expected.out
-+++ b/tests/004-selfsign-rsa/expected.out
-@@ -1,5 +1,3 @@
--1024 OK.
--1536 OK.
- 2048 OK.
- 3072 OK.
- 4096 OK.
-diff --git a/tests/004-selfsign-rsa/run.sh b/tests/004-selfsign-rsa/run.sh
-index 6f9285b6..c1dd4c80 100755
---- a/tests/004-selfsign-rsa/run.sh
-+++ b/tests/004-selfsign-rsa/run.sh
-@@ -33,7 +33,7 @@ function setupca() {
- 	EOF
- }
- 
--for size in 1024 1536 2048 3072 4096 ; do
-+for size in 2048 3072 4096 ; do
- 	# Build a self-signed certificate.
- 	run_certutil -d "$tmpdir" -S -g $size -n keyi$size \
- 		-s "cn=T$size" -c "cn=T$size" \
-diff --git a/tests/004-selfsign/expected.out b/tests/004-selfsign/expected.out
-index dd5029ec..0eb84ef1 100644
---- a/tests/004-selfsign/expected.out
-+++ b/tests/004-selfsign/expected.out
-@@ -1,5 +1,3 @@
--1024 OK.
--1536 OK.
- 2048 OK.
- 3072 OK.
- 4096 OK.
-diff --git a/tests/004-selfsign/run.sh b/tests/004-selfsign/run.sh
-index 7bb368ec..eb1df4ee 100755
---- a/tests/004-selfsign/run.sh
-+++ b/tests/004-selfsign/run.sh
-@@ -43,7 +43,7 @@ function setupca() {
- 	EOF
- }
- 
--for size in 1024 1536 2048 3072 4096 ; do
-+for size in 2048 3072 4096 ; do
- 	# Build a self-signed certificate.
- 	run_certutil -d "$tmpdir" -S -g $size -n keyi$size \
- 		-s "cn=T$size" -c "cn=T$size" \
--- 
-2.16.2
-
diff --git a/0002-Change-var-run-run-in-systemd-service-file.patch b/0002-Change-var-run-run-in-systemd-service-file.patch
deleted file mode 100644
index f02cb30..0000000
--- a/0002-Change-var-run-run-in-systemd-service-file.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From c2687bdf550f65756aef2cada53e18530ad402c9 Mon Sep 17 00:00:00 2001
-From: Orion Poplawski <orion@nwra.com>
-Date: Wed, 8 May 2019 08:23:23 -0600
-Subject: [PATCH] Change /var/run -> /run in systemd service file
-
-systemd 239 complains about the legacy of certmonger's PID file which is
-located in /var/run.
-
-Signed-off-by: Orion Poplawski <orion@nwra.com>
----
- systemd/certmonger.service.in | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/systemd/certmonger.service.in b/systemd/certmonger.service.in
-index 7bdbb464..6381d845 100644
---- a/systemd/certmonger.service.in
-+++ b/systemd/certmonger.service.in
-@@ -4,9 +4,9 @@ After=syslog.target network.target dbus.service
- 
- [Service]
- Type=dbus
--PIDFile=/var/run/certmonger.pid
-+PIDFile=/run/certmonger.pid
- EnvironmentFile=-/etc/sysconfig/certmonger
--ExecStart=/usr/sbin/certmonger -S -p /var/run/certmonger.pid -n $OPTS
-+ExecStart=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS
- BusName=@CM_DBUS_NAME@
- 
- [Install]
--- 
-2.17.2
-
diff --git a/certmonger.spec b/certmonger.spec
index 6dd2ca3..e39166e 100644
--- a/certmonger.spec
+++ b/certmonger.spec
@@ -25,8 +25,8 @@
 %endif
 
 Name:		certmonger
-Version:	0.79.7
-Release:	3%{?dist}
+Version:	0.79.8
+Release:	1%{?dist}
 Summary:	Certificate status monitor and PKI enrollment client
 
 License:	GPLv3+
@@ -111,17 +111,12 @@ Requires(preun):	/sbin/chkconfig, /sbin/service, dbus, sed
 Conflicts: libtevent < 0.9.13
 %endif
 
-Patch1:	0001-NSS-crypto-policy-sets-minimum-RSA-and-DSA-key-size-.patch
-Patch2:	0002-Change-var-run-run-in-systemd-service-file.patch
-
 %description
 Certmonger is a service which is primarily concerned with getting your
 system enrolled with a certificate authority (CA) and keeping it enrolled.
 
 %prep
 %setup -q
-%patch1 -p1
-%patch2 -p1
 
 %if 0%{?rhel} > 0
 # Enabled by default for RHEL for bug #765600, still disabled by default for
@@ -249,6 +244,9 @@ exit 0
 %endif
 
 %changelog
+* Wed Jul 17 2019 Rob Crittenden <rcritten@redhat.com> - 0.79.8-1
+- Update to upstream 0.79.8
+
 * Wed May 22 2019 Rob Crittenden <rcritten@redhat.com> - 0.79.7-3
 - Add BuildRequires for krb5-devel, the buildroot changed.
 
diff --git a/sources b/sources
index 67e8455..73c22cc 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (certmonger-0.79.7.tar.gz) = eca748cc28a3d9e3a1d5871848e1c22a6025b86a07ffc166bbca59f0945e2d461d6fc8201bd0e6b94d13680e86bbd29a501c5c38763484640b5b8f70ca470980
+SHA512 (certmonger-0.79.8.tar.gz) = 5e6f9c6a0b9c4a7c68a5f894b9ff3ba20fa42aa4d490c7e5e57c97dab2e152ca6ef7aee64f17a92fce7ca971077011f8f391218098612011be2b4961203db6bc