Update to 1.2.1 (RHEL-110404)

Resolves: RHEL-110404

.gitignore

@@ -1,2 +1,3 @@
 /ktls-utils-0.10.tar.gz
 /ktls-utils-0.11.tar.gz
+/ktls-utils-1.2.1.tar.gz

ktls-utils-0.11-nvme-default-keyring.patch

@@ -1,43 +0,0 @@
-From 311d9438b984e3b2a36bd88fb3ab8c87c38701fa Mon Sep 17 00:00:00 2001
-From: Daniel Wagner <wagi@monom.org>
-Date: Thu, 24 Oct 2024 13:15:44 +0200
-Subject: [PATCH] tlshd: always link .nvme default keyring into the session
-
-A common use case for tlshd is to authenticate TLS sessions for the nvme
-subsystem. Currently, the user has to explicitly list a keyring (even
-the defautl one) in the configuration file so that tlshd running
-as daemon (started via systemd) to find any key.
-
-Thus always link the default .nvme keyring into the current session,
-which makes the daemon work out of the box for default configurations.
-
-Signed-off-by: Daniel Wagner <wagi@monom.org>
----
- src/tlshd/config.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/src/tlshd/config.c b/src/tlshd/config.c
-index fae83b3..8becbe0 100644
---- a/src/tlshd/config.c
-+++ b/src/tlshd/config.c
-@@ -91,10 +91,17 @@ bool tlshd_config_init(const gchar *pathname)
- 					      "keyrings", &length, NULL);
- 	if (keyrings) {
- 		for (i = 0; i < length; i++) {
-+			if (!strcmp(keyrings[i], ".nvme"))
-+				continue;
- 			tlshd_keyring_link_session(keyrings[i]);
- 		}
- 		g_strfreev(keyrings);
- 	}
-+	/*
-+	 * Always link the default nvme subsystem keyring into the
-+	 * session.
-+	 */
-+	tlshd_keyring_link_session(".nvme");
- 
- 	return true;
- }
--- 
-2.48.1
-

ktls-utils-0.11-openscanhub.patch

@@ -1,88 +0,0 @@
-diff --git a/src/tlshd/config.c b/src/tlshd/config.c
-index 7b6a533..fae83b3 100644
---- a/src/tlshd/config.c
-+++ b/src/tlshd/config.c
-@@ -186,6 +186,7 @@ bool tlshd_config_get_client_truststore(char **bundle)
- 		return false;
- 	} else if (access(pathname, F_OK)) {
- 		tlshd_log_debug("client x509.truststore pathname \"%s\" is not accessible", pathname);
-+		g_free(pathname);
- 		return false;
- 	}
- 
-@@ -222,6 +223,7 @@ bool tlshd_config_get_client_certs(gnutls_pcert_st *certs,
- 		return false;
- 	} else if (access(pathname, F_OK)) {
- 		tlshd_log_debug("client x509.certificate pathname \"%s\" is not accessible", pathname);
-+		g_free(pathname);
- 		return false;
- 	}
- 
-@@ -268,7 +270,8 @@ bool tlshd_config_get_client_privkey(gnutls_privkey_t *privkey)
- 		g_error_free(error);
- 		return false;
- 	} else if (access(pathname, F_OK)) {
--		tlshd_log_debug("client x095.private_key pathname \"%s\" is not accessible", pathname);
-+		tlshd_log_debug("client x509.private_key pathname \"%s\" is not accessible", pathname);
-+		g_free(pathname);
- 		return false;
- 	}
- 
-@@ -321,6 +324,7 @@ bool tlshd_config_get_server_truststore(char **bundle)
- 		return false;
- 	} else if (access(pathname, F_OK)) {
- 		tlshd_log_debug("server x509.truststore pathname \"%s\" is not accessible", pathname);
-+		g_free(pathname);
- 		return false;
- 	}
- 
-@@ -357,6 +361,7 @@ bool tlshd_config_get_server_certs(gnutls_pcert_st *certs,
- 		return false;
- 	} else if (access(pathname, F_OK)) {
- 		tlshd_log_debug("server x509.certificate pathname \"%s\" is not accessible", pathname);
-+		g_free(pathname);
- 		return false;
- 	}
- 
-@@ -378,6 +383,7 @@ bool tlshd_config_get_server_certs(gnutls_pcert_st *certs,
- 
- 	tlshd_log_debug("Retrieved %u x.509 server certificate(s) from %s",
- 			*certs_len, pathname);
-+	g_free(pathname);
- 	return true;
- }
- 
-@@ -403,6 +409,7 @@ bool tlshd_config_get_server_privkey(gnutls_privkey_t *privkey)
- 		return false;
- 	} else if (access(pathname, F_OK)) {
- 		tlshd_log_debug("server x509.privkey pathname \"%s\" is not accessible", pathname);
-+		g_free(pathname);
- 		return false;
- 	}
- 
-diff --git a/src/tlshd/handshake.c b/src/tlshd/handshake.c
-index 50c2f62..768dac2 100644
---- a/src/tlshd/handshake.c
-+++ b/src/tlshd/handshake.c
-@@ -59,7 +59,7 @@ static void tlshd_save_nagle(gnutls_session_t session, int *saved)
- 	int ret;
- 
- 
--	len = sizeof(saved);
-+	len = sizeof(*saved);
- 	ret = getsockopt(gnutls_transport_get_int(session),
- 			 IPPROTO_TCP, TCP_NODELAY, saved, &len);
- 	if (ret < 0) {
-diff --git a/src/tlshd/netlink.c b/src/tlshd/netlink.c
-index 2e206f6..439904c 100644
---- a/src/tlshd/netlink.c
-+++ b/src/tlshd/netlink.c
-@@ -269,7 +269,7 @@ static int tlshd_genl_valid_handler(struct nl_msg *msg, void *arg)
- 	tlshd_parse_certificate(parms, tb[HANDSHAKE_A_ACCEPT_CERTIFICATE]);
- 
- 	if (peername)
--		strcpy(tlshd_peername, peername);
-+		strncpy(tlshd_peername, peername, sizeof(tlshd_peername) - 1);
- 	else {
- 		err = getnameinfo(parms->peeraddr, parms->peeraddr_len,
- 				  tlshd_peername, sizeof(tlshd_peername),

ktls-utils.spec

@@ -1,5 +1,5 @@
 %global forgeurl https://github.com/oracle/ktls-utils
-%global baseversion 0.11
+%global baseversion 1.2.1
 
 Name:           ktls-utils
 Version:        %{baseversion}
@@ -16,9 +16,6 @@ URL:            %{forgeurl}
 # FIXME: is this a bug in the tagging scheme or forgesource macro?
 Source0:        %{forgeurl}/releases/download/%{name}-%{baseversion}/%{name}-%{baseversion}.tar.gz
 
-Patch0:		ktls-utils-0.11-openscanhub.patch
-Patch1:		ktls-utils-0.11-nvme-default-keyring.patch
-
 BuildRequires:  bash systemd-rpm-macros
 BuildRequires:  gcc make coreutils
 BuildRequires:  pkgconfig(gnutls) >= 3.3.0

sources

@@ -1 +1 @@
-SHA512 (ktls-utils-0.11.tar.gz) = ce59ef0c84f35bc68136664107cecdcb9b04c17c9315fadc6a2e59bdf8ceeb123e40e657da450eebd7594b09cf790bae30e48cdcfe9213191922fe19ad462231
+SHA512 (ktls-utils-1.2.1.tar.gz) = 34b5565d5c816bf4dc519b41b7dba9445c6c3dffc09b0eacb56fa7345e5d6daa909a8d682448f02a42063f7a66ed8e377047852a775723fd4cb08964bb7344ca