From 549bc83a1661af7c60f540409d844506f20ecb7f Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Mon, 10 Jun 2024 17:24:11 -0400
Subject: [PATCH] Update to upstream 0.79.20

Resolves: RHEL-40922
---
 .gitignore                                    |  1 +
 ...ts-to-be-compatible-with-OpenSSL-3.2.patch | 47 -------------------
 certmonger-c99-2.patch                        | 20 --------
 certmonger-c99.patch                          | 19 --------
 certmonger.spec                               | 10 ++--
 sources                                       |  2 +-
 6 files changed, 7 insertions(+), 92 deletions(-)
 delete mode 100644 0001-Update-tests-to-be-compatible-with-OpenSSL-3.2.patch
 delete mode 100644 certmonger-c99-2.patch
 delete mode 100644 certmonger-c99.patch

diff --git a/.gitignore b/.gitignore
index 0c029ea..46acd34 100644
--- a/.gitignore
+++ b/.gitignore
@@ -136,3 +136,4 @@ certmonger-0.28.tar.gz
 /certmonger-0.79.17.tar.gz
 /certmonger-0.79.18.tar.gz
 /certmonger-0.79.19.tar.gz
+/certmonger-0.79.20.tar.gz
diff --git a/0001-Update-tests-to-be-compatible-with-OpenSSL-3.2.patch b/0001-Update-tests-to-be-compatible-with-OpenSSL-3.2.patch
deleted file mode 100644
index 5a1a27c..0000000
--- a/0001-Update-tests-to-be-compatible-with-OpenSSL-3.2.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From bba83217f9c6d9804b4707b3ef05e7386a4c48f5 Mon Sep 17 00:00:00 2001
-From: Otto Hollmann <otto.hollmann@suse.com>
-Date: Wed, 13 Dec 2023 10:23:39 +0100
-Subject: [PATCH] Update tests to be compatible with OpenSSL 3.2
-
-In test 003-csrgen-ec OpenSSL 3.2 shows warning when reading from stdin, so
-specify an input file to get rid of this warning.
-In test 038-ms-v2-template openssl asn1parse shows ':Microsoft certificate
-template' instead of ':1.3.6.1.4.1.311.21.7' so we have to check both versions.
-See https://github.com/openssl/openssl/pull/20986
----
- tests/003-csrgen-ec/run.sh                  | 4 ++--
- tests/038-ms-v2-template/extract-extdata.py | 3 ++-
- 2 files changed, 4 insertions(+), 3 deletions(-)
-
-diff --git a/tests/003-csrgen-ec/run.sh b/tests/003-csrgen-ec/run.sh
-index cd9f9422..196b6d02 100755
---- a/tests/003-csrgen-ec/run.sh
-+++ b/tests/003-csrgen-ec/run.sh
-@@ -42,8 +42,8 @@ grep ^minicert= entry.nss.$size | sed s,^minicert=,, | base64 -d > minicert.nss.
- openssl x509 -out minicert.nss.$size.pem -in minicert.nss.$size -inform der
- # The RSA tests already verify the contents of the requests, so we really only
- # need to care about the signatures passing verification.
--openssl req   -verify -noout < csr.nss.$size 2>&1 | sed 's/Certificate request self-signature //'
--openssl req   -verify -noout < csr.openssl.$size 2>&1 | sed 's/Certificate request self-signature //'
-+openssl req   -verify -noout -in csr.nss.$size 2>&1 | sed 's/Certificate request self-signature //'
-+openssl req   -verify -noout -in csr.openssl.$size 2>&1 | sed 's/Certificate request self-signature //'
- openssl spkac -verify -noout < spkac.nss.$size 2>&1
- openssl spkac -verify -noout < spkac.openssl.$size 2>&1
- openssl verify -CAfile minicert.openssl.$size.pem minicert.openssl.$size.pem 2>&1
-diff --git a/tests/038-ms-v2-template/extract-extdata.py b/tests/038-ms-v2-template/extract-extdata.py
-index 8b6b14ff..e2f84a10 100755
---- a/tests/038-ms-v2-template/extract-extdata.py
-+++ b/tests/038-ms-v2-template/extract-extdata.py
-@@ -13,7 +13,8 @@ STATE_SEARCH, STATE_FOUND, STATE_DONE = range(3)
- state = STATE_SEARCH
- 
- for line in sys.stdin:
--    if state == STATE_SEARCH and ':1.3.6.1.4.1.311.21.7' in line:
-+    if state == STATE_SEARCH and (':Microsoft certificate template' in line
-+                                  or ':1.3.6.1.4.1.311.21.7' in line):
-         state = STATE_FOUND
-         continue
- 
--- 
-2.42.0
-
diff --git a/certmonger-c99-2.patch b/certmonger-c99-2.patch
deleted file mode 100644
index a0aa37b..0000000
--- a/certmonger-c99-2.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-Adjust parameter type for util_EVP_PKEY_id
-
-The function pointer needs to match the prototype for i2d_PublicKey
-and i2d_PrivateKey.
-
-Submitted upstream: <https://pagure.io/certmonger/pull-request/265>
-
-diff --git a/src/util-o.c b/src/util-o.c
-index c05872ceb1495cee..7feecb9d6a2adf23 100644
---- a/src/util-o.c
-+++ b/src/util-o.c
-@@ -551,7 +551,7 @@ util_NETSCAPE_SPKI_set_sig_alg(NETSCAPE_SPKI *spki, const X509_ALGOR *sig_alg)
- 
- static EVP_PKEY *
- util_EVP_PKEY_dup(EVP_PKEY *pkey,
--		  int (*i2d)(EVP_PKEY *, unsigned char **),
-+		  int (*i2d)(const EVP_PKEY *, unsigned char **),
- 		  EVP_PKEY *(*d2i)(int, EVP_PKEY **, const unsigned char **, long))
- {
- 	EVP_PKEY *k;
diff --git a/certmonger-c99.patch b/certmonger-c99.patch
deleted file mode 100644
index ffc738e..0000000
--- a/certmonger-c99.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-Fix type error in cm_tdbusm_get_vn
-
-This fixes an out-of-bounds stack write on 32-bit architectures.
-
-Submitted upstream: <https://pagure.io/certmonger/pull-request/265>
-
-diff --git a/src/tdbusm.c b/src/tdbusm.c
-index 5e3341172398051d..8f2383dc62bef75e 100644
---- a/src/tdbusm.c
-+++ b/src/tdbusm.c
-@@ -223,7 +223,7 @@ cm_tdbusm_get_vn(DBusMessage *msg, void *parent, long *n)
- {
- 	DBusError err;
- 	DBusMessageIter iter, sub_iter;
--	int64_t *i64;
-+	int64_t i64;
- 
- 	dbus_error_init(&err);
- 
diff --git a/certmonger.spec b/certmonger.spec
index e6c8a2a..24cba8f 100644
--- a/certmonger.spec
+++ b/certmonger.spec
@@ -27,16 +27,13 @@
 %bcond_with xmlrpc
 
 Name:		certmonger
-Version:	0.79.19
-Release:	5%{?dist}
+Version:	0.79.20
+Release:	1%{?dist}
 Summary:	Certificate status monitor and PKI enrollment client
 
 License:	GPL-3.0-or-later
 URL:		http://pagure.io/certmonger/
 Source0:	http://releases.pagure.org/certmonger/certmonger-%{version}.tar.gz
-Patch0:		certmonger-c99.patch
-Patch1:		certmonger-c99-2.patch
-Patch2:		0001-Update-tests-to-be-compatible-with-OpenSSL-3.2.patch
 #Source1:	http://releases.pagure.org/certmonger/certmonger-%%{version}.tar.gz.sig
 
 BuildRequires:	autoconf
@@ -267,6 +264,9 @@ exit 0
 %endif
 
 %changelog
+* Mon Jun 10 2024 Rob Crittenden <rcritten@redhat.com> - 0.79.20-1
+- Update to upstream 0.79.20
+
 * Tue Feb 20 2024 Rob Crittenden <rcritten@redhat.com> - 0.79.19-5
 - Update tests to be compatible with OpenSSL 3.2
 
diff --git a/sources b/sources
index a64291d..dab5d02 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (certmonger-0.79.19.tar.gz) = 0dea762b62213d74e31390cda2cacc2cbaad988ab6ba5a8d6376a0620a1337c85cef95f1efee95c4f569db9fa3056899c65ced675220f1799456ee18aad3eb4a
+SHA512 (certmonger-0.79.20.tar.gz) = 76685185172bbf2c766c477c399ce0b14c9fd2d81637b44b8da80ae045ebf6c650ae3d525a87dccd755a6c92d4a5916bb62f8ea1d8520c47ae64770be6a5d2be