Update to upstream 0.79.20

Resolves: RHEL-40922
2024-06-10 17:24:11 -04:00 · 2024-06-10 17:24:11 -04:00 · 549bc83a16
commit 549bc83a16
parent 0331d63399
6 changed files with 7 additions and 92 deletions
--- a/.gitignore
+++ b/.gitignore
@ -136,3 +136,4 @@ certmonger-0.28.tar.gz
 /certmonger-0.79.17.tar.gz
 /certmonger-0.79.18.tar.gz
 /certmonger-0.79.19.tar.gz
 /certmonger-0.79.20.tar.gz
--- a/0001-Update-tests-to-be-compatible-with-OpenSSL-3.2.patch
+++ b/0001-Update-tests-to-be-compatible-with-OpenSSL-3.2.patch
@ -1,47 +0,0 @@
 From bba83217f9c6d9804b4707b3ef05e7386a4c48f5 Mon Sep 17 00:00:00 2001
 From: Otto Hollmann <otto.hollmann@suse.com>
 Date: Wed, 13 Dec 2023 10:23:39 +0100
 Subject: [PATCH] Update tests to be compatible with OpenSSL 3.2
 In test 003-csrgen-ec OpenSSL 3.2 shows warning when reading from stdin, so
 specify an input file to get rid of this warning.
 In test 038-ms-v2-template openssl asn1parse shows ':Microsoft certificate
 template' instead of ':1.3.6.1.4.1.311.21.7' so we have to check both versions.
 See https://github.com/openssl/openssl/pull/20986
 ---
 tests/003-csrgen-ec/run.sh                  | 4 ++--
 tests/038-ms-v2-template/extract-extdata.py | 3 ++-
 2 files changed, 4 insertions(+), 3 deletions(-)
 diff --git a/tests/003-csrgen-ec/run.sh b/tests/003-csrgen-ec/run.sh
 index cd9f9422..196b6d02 100755
 --- a/tests/003-csrgen-ec/run.sh
 +++ b/tests/003-csrgen-ec/run.sh
@@ -42,8 +42,8 @@ grep ^minicert= entry.nss.$size | sed s,^minicert=,, | base64 -d > minicert.nss.
 openssl x509 -out minicert.nss.$size.pem -in minicert.nss.$size -inform der
 # The RSA tests already verify the contents of the requests, so we really only
 # need to care about the signatures passing verification.
 -openssl req   -verify -noout < csr.nss.$size 2>&1 | sed 's/Certificate request self-signature //'
 -openssl req   -verify -noout < csr.openssl.$size 2>&1 | sed 's/Certificate request self-signature //'
 +openssl req   -verify -noout -in csr.nss.$size 2>&1 | sed 's/Certificate request self-signature //'
 +openssl req   -verify -noout -in csr.openssl.$size 2>&1 | sed 's/Certificate request self-signature //'
 openssl spkac -verify -noout < spkac.nss.$size 2>&1
 openssl spkac -verify -noout < spkac.openssl.$size 2>&1
 openssl verify -CAfile minicert.openssl.$size.pem minicert.openssl.$size.pem 2>&1
 diff --git a/tests/038-ms-v2-template/extract-extdata.py b/tests/038-ms-v2-template/extract-extdata.py
 index 8b6b14ff..e2f84a10 100755
 --- a/tests/038-ms-v2-template/extract-extdata.py
 +++ b/tests/038-ms-v2-template/extract-extdata.py
@@ -13,7 +13,8 @@ STATE_SEARCH, STATE_FOUND, STATE_DONE = range(3)
 state = STATE_SEARCH
 for line in sys.stdin:
 -    if state == STATE_SEARCH and ':1.3.6.1.4.1.311.21.7' in line:
 +    if state == STATE_SEARCH and (':Microsoft certificate template' in line
 +                                  or ':1.3.6.1.4.1.311.21.7' in line):
         state = STATE_FOUND
         continue
 -- 
 2.42.0
--- a/certmonger-c99-2.patch
+++ b/certmonger-c99-2.patch
@ -1,20 +0,0 @@
 Adjust parameter type for util_EVP_PKEY_id
 The function pointer needs to match the prototype for i2d_PublicKey
 and i2d_PrivateKey.
 Submitted upstream: <https://pagure.io/certmonger/pull-request/265>
 diff --git a/src/util-o.c b/src/util-o.c
 index c05872ceb1495cee..7feecb9d6a2adf23 100644
 --- a/src/util-o.c
 +++ b/src/util-o.c
@@ -551,7 +551,7 @@ util_NETSCAPE_SPKI_set_sig_alg(NETSCAPE_SPKI *spki, const X509_ALGOR *sig_alg)
 static EVP_PKEY *
 util_EVP_PKEY_dup(EVP_PKEY *pkey,
 -		  int (*i2d)(EVP_PKEY *, unsigned char **),
 +		  int (*i2d)(const EVP_PKEY *, unsigned char **),
 		  EVP_PKEY *(*d2i)(int, EVP_PKEY **, const unsigned char **, long))
 {
 	EVP_PKEY *k;
--- a/certmonger-c99.patch
+++ b/certmonger-c99.patch
@ -1,19 +0,0 @@
 Fix type error in cm_tdbusm_get_vn
 This fixes an out-of-bounds stack write on 32-bit architectures.
 Submitted upstream: <https://pagure.io/certmonger/pull-request/265>
 diff --git a/src/tdbusm.c b/src/tdbusm.c
 index 5e3341172398051d..8f2383dc62bef75e 100644
 --- a/src/tdbusm.c
 +++ b/src/tdbusm.c
@@ -223,7 +223,7 @@ cm_tdbusm_get_vn(DBusMessage *msg, void *parent, long *n)
 {
 	DBusError err;
 	DBusMessageIter iter, sub_iter;
 -	int64_t *i64;
 +	int64_t i64;
 	dbus_error_init(&err);
--- a/certmonger.spec
+++ b/certmonger.spec
@ -27,16 +27,13 @@
 %bcond_with xmlrpc
 Name:		certmonger
-Version:	0.79.19
+Version:	0.79.20
-Release:	5%{?dist}
+Release:	1%{?dist}
 Summary:	Certificate status monitor and PKI enrollment client
 License:	GPL-3.0-or-later
 URL:		http://pagure.io/certmonger/
 Source0:	http://releases.pagure.org/certmonger/certmonger-%{version}.tar.gz
 Patch0:		certmonger-c99.patch
 Patch1:		certmonger-c99-2.patch
 Patch2:		0001-Update-tests-to-be-compatible-with-OpenSSL-3.2.patch
 #Source1:	http://releases.pagure.org/certmonger/certmonger-%%{version}.tar.gz.sig
 BuildRequires:	autoconf
@ -267,6 +264,9 @@ exit 0
 %endif
 %changelog
 * Mon Jun 10 2024 Rob Crittenden <rcritten@redhat.com> - 0.79.20-1
 - Update to upstream 0.79.20
 * Tue Feb 20 2024 Rob Crittenden <rcritten@redhat.com> - 0.79.19-5
 - Update tests to be compatible with OpenSSL 3.2
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (certmonger-0.79.19.tar.gz) = 0dea762b62213d74e31390cda2cacc2cbaad988ab6ba5a8d6376a0620a1337c85cef95f1efee95c4f569db9fa3056899c65ced675220f1799456ee18aad3eb4a
+SHA512 (certmonger-0.79.20.tar.gz) = 76685185172bbf2c766c477c399ce0b14c9fd2d81637b44b8da80ae045ebf6c650ae3d525a87dccd755a6c92d4a5916bb62f8ea1d8520c47ae64770be6a5d2be
`@ -1 +1 @@`
	`SHA512 (certmonger-0.79.19.tar.gz) = 0dea762b62213d74e31390cda2cacc2cbaad988ab6ba5a8d6376a0620a1337c85cef95f1efee95c4f569db9fa3056899c65ced675220f1799456ee18aad3eb4a`	`SHA512 (certmonger-0.79.20.tar.gz) = 76685185172bbf2c766c477c399ce0b14c9fd2d81637b44b8da80ae045ebf6c650ae3d525a87dccd755a6c92d4a5916bb62f8ea1d8520c47ae64770be6a5d2be`