From 4c820f4ba4f5aa933350cda6438bd0d461f58dc6 Mon Sep 17 00:00:00 2001
From: Scott Mayhew <smayhew@redhat.com>
Date: Wed, 17 Jul 2024 12:06:46 -0400
Subject: [PATCH] Update to 0.11 (RHEL-48604)

- Also fix some OpenScanHub warnings.

Resolves: RHEL-48604
---
 .gitignore                        |  1 +
 ktls-utils-0.11-openscanhub.patch | 88 +++++++++++++++++++++++++++++++
 ktls-utils.spec                   |  6 ++-
 sources                           |  2 +-
 4 files changed, 94 insertions(+), 3 deletions(-)
 create mode 100644 ktls-utils-0.11-openscanhub.patch

diff --git a/.gitignore b/.gitignore
index 3508f6a..43f999f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
 /ktls-utils-0.10.tar.gz
+/ktls-utils-0.11.tar.gz
diff --git a/ktls-utils-0.11-openscanhub.patch b/ktls-utils-0.11-openscanhub.patch
new file mode 100644
index 0000000..891baca
--- /dev/null
+++ b/ktls-utils-0.11-openscanhub.patch
@@ -0,0 +1,88 @@
+diff --git a/src/tlshd/config.c b/src/tlshd/config.c
+index 7b6a533..fae83b3 100644
+--- a/src/tlshd/config.c
++++ b/src/tlshd/config.c
+@@ -186,6 +186,7 @@ bool tlshd_config_get_client_truststore(char **bundle)
+ 		return false;
+ 	} else if (access(pathname, F_OK)) {
+ 		tlshd_log_debug("client x509.truststore pathname \"%s\" is not accessible", pathname);
++		g_free(pathname);
+ 		return false;
+ 	}
+ 
+@@ -222,6 +223,7 @@ bool tlshd_config_get_client_certs(gnutls_pcert_st *certs,
+ 		return false;
+ 	} else if (access(pathname, F_OK)) {
+ 		tlshd_log_debug("client x509.certificate pathname \"%s\" is not accessible", pathname);
++		g_free(pathname);
+ 		return false;
+ 	}
+ 
+@@ -268,7 +270,8 @@ bool tlshd_config_get_client_privkey(gnutls_privkey_t *privkey)
+ 		g_error_free(error);
+ 		return false;
+ 	} else if (access(pathname, F_OK)) {
+-		tlshd_log_debug("client x095.private_key pathname \"%s\" is not accessible", pathname);
++		tlshd_log_debug("client x509.private_key pathname \"%s\" is not accessible", pathname);
++		g_free(pathname);
+ 		return false;
+ 	}
+ 
+@@ -321,6 +324,7 @@ bool tlshd_config_get_server_truststore(char **bundle)
+ 		return false;
+ 	} else if (access(pathname, F_OK)) {
+ 		tlshd_log_debug("server x509.truststore pathname \"%s\" is not accessible", pathname);
++		g_free(pathname);
+ 		return false;
+ 	}
+ 
+@@ -357,6 +361,7 @@ bool tlshd_config_get_server_certs(gnutls_pcert_st *certs,
+ 		return false;
+ 	} else if (access(pathname, F_OK)) {
+ 		tlshd_log_debug("server x509.certificate pathname \"%s\" is not accessible", pathname);
++		g_free(pathname);
+ 		return false;
+ 	}
+ 
+@@ -378,6 +383,7 @@ bool tlshd_config_get_server_certs(gnutls_pcert_st *certs,
+ 
+ 	tlshd_log_debug("Retrieved %u x.509 server certificate(s) from %s",
+ 			*certs_len, pathname);
++	g_free(pathname);
+ 	return true;
+ }
+ 
+@@ -403,6 +409,7 @@ bool tlshd_config_get_server_privkey(gnutls_privkey_t *privkey)
+ 		return false;
+ 	} else if (access(pathname, F_OK)) {
+ 		tlshd_log_debug("server x509.privkey pathname \"%s\" is not accessible", pathname);
++		g_free(pathname);
+ 		return false;
+ 	}
+ 
+diff --git a/src/tlshd/handshake.c b/src/tlshd/handshake.c
+index 50c2f62..768dac2 100644
+--- a/src/tlshd/handshake.c
++++ b/src/tlshd/handshake.c
+@@ -59,7 +59,7 @@ static void tlshd_save_nagle(gnutls_session_t session, int *saved)
+ 	int ret;
+ 
+ 
+-	len = sizeof(saved);
++	len = sizeof(*saved);
+ 	ret = getsockopt(gnutls_transport_get_int(session),
+ 			 IPPROTO_TCP, TCP_NODELAY, saved, &len);
+ 	if (ret < 0) {
+diff --git a/src/tlshd/netlink.c b/src/tlshd/netlink.c
+index 2e206f6..439904c 100644
+--- a/src/tlshd/netlink.c
++++ b/src/tlshd/netlink.c
+@@ -269,7 +269,7 @@ static int tlshd_genl_valid_handler(struct nl_msg *msg, void *arg)
+ 	tlshd_parse_certificate(parms, tb[HANDSHAKE_A_ACCEPT_CERTIFICATE]);
+ 
+ 	if (peername)
+-		strcpy(tlshd_peername, peername);
++		strncpy(tlshd_peername, peername, sizeof(tlshd_peername) - 1);
+ 	else {
+ 		err = getnameinfo(parms->peeraddr, parms->peeraddr_len,
+ 				  tlshd_peername, sizeof(tlshd_peername),
diff --git a/ktls-utils.spec b/ktls-utils.spec
index 6059b8e..6cd28f4 100644
--- a/ktls-utils.spec
+++ b/ktls-utils.spec
@@ -1,11 +1,11 @@
 %global forgeurl https://github.com/oracle/ktls-utils
-%global baseversion 0.10
+%global baseversion 0.11
 
 Name:           ktls-utils
 Version:        %{baseversion}
 # Using a base release of 3 to continue the sequence from the SRPM taken
 # from Fedora ELN.
-Release:        %{autorelease -b 3}
+Release:        %{autorelease}
 Summary:        TLS handshake agent for kernel sockets
 
 %forgemeta
@@ -16,6 +16,8 @@ URL:            %{forgeurl}
 # FIXME: is this a bug in the tagging scheme or forgesource macro?
 Source0:        %{forgeurl}/releases/download/%{name}-%{baseversion}/%{name}-%{baseversion}.tar.gz
 
+Patch0:		ktls-utils-0.11-openscanhub.patch
+
 BuildRequires:  bash systemd-rpm-macros
 BuildRequires:  gcc make coreutils
 BuildRequires:  pkgconfig(gnutls) >= 3.3.0
diff --git a/sources b/sources
index ea57698..50d64dc 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (ktls-utils-0.10.tar.gz) = cb2ef7fe93b0a9d982c082ff308aad29a4900106911f7f8bce15a876efdaadd7f031b4563373c24927e11abc33e6bfcb56be8675b1c51a2e3763e2a5c6796367
+SHA512 (ktls-utils-0.11.tar.gz) = ce59ef0c84f35bc68136664107cecdcb9b04c17c9315fadc6a2e59bdf8ceeb123e40e657da450eebd7594b09cf790bae30e48cdcfe9213191922fe19ad462231