Sync patches from Fedora 43, to fix multiple pccs npm security flaws,
and fix typo in pccsadmin help text.
CVE-2026-23745, CVE-2026-23950, CVE-2026-24842, CVE-2025-13465, CVE-2025-15284
Resolves: RHEL-142527, RHEL-145054, RHEL-144307, RHEL-138123, RHEL-140109
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
pyOpenSSL 24.0.0 removed several APIs required by pccsadmin, so
porting to pycryptography is required on Fedora. Since RHEL does
not ship pyOpenSSL, the port is useful here too.
Using pyasn1 instead of asn1 gives stronger validation during
parsing and brings compatibility with RHEL that lacks python3-asn1
The keyring package needs to be optional on RHEL which lacks this
module (currently).
Also drop the inappropriate pccs port number change
Related: https://issues.redhat.com/browse/RHEL-127046
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Changes to qgs.service to make it more amenable to writing a strict
SELinux policy.
Also add patch to allow control over socket perms so QEMU can get
access to the socket.
Related: https://issues.redhat.com/browse/RHELPLAN-171791
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
