import openwsman-2.6.5-5.el8

This commit is contained in:
CentOS Sources 2019-08-02 15:12:11 -04:00 committed by Stepan Oksanichenko
commit e0e97ecded
11 changed files with 949 additions and 0 deletions

2
.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
SOURCES/openwsmand.8.gz
SOURCES/v2.6.5.tar.gz

2
.openwsman.metadata Normal file
View File

@ -0,0 +1,2 @@
a6a8bbbfa71ce04bedae55f2f06ce97089b6c5e1 SOURCES/openwsmand.8.gz
51230beeaad4a94ab6eb3d390e2608c87b4d76fe SOURCES/v2.6.5.tar.gz

View File

@ -0,0 +1,16 @@
diff -up openwsman-2.6.1/etc/pam/openwsman.pamsetup openwsman-2.6.1/etc/pam/openwsman
--- openwsman-2.6.1/etc/pam/openwsman.pamsetup 2015-08-27 15:46:46.000000000 +0200
+++ openwsman-2.6.1/etc/pam/openwsman 2015-08-31 16:08:28.166913889 +0200
@@ -1,7 +1,7 @@
#%PAM-1.0
-auth required pam_unix2.so nullok
+auth required pam_unix.so nullok
auth required pam_nologin.so
-account required pam_unix2.so
-password required pam_pwcheck.so nullok
-password required pam_unix2.so nullok use_first_pass use_authtok
-session required pam_unix2.so none
+account required pam_unix.so
+password required pam_pwquality.so
+password required pam_unix.so nullok use_first_pass use_authtok
+session required pam_unix.so

View File

@ -0,0 +1,12 @@
diff -up openwsman-2.4.12/bindings/ruby/extconf.rb.orig openwsman-2.4.12/bindings/ruby/extconf.rb
--- openwsman-2.4.12/bindings/ruby/extconf.rb.orig 2015-02-09 09:28:58.232581263 +0100
+++ openwsman-2.4.12/bindings/ruby/extconf.rb 2015-02-09 09:38:22.836772879 +0100
@@ -32,7 +32,7 @@ swig = find_executable("swig")
raise "SWIG not found" unless swig
major, minor, path = RUBY_VERSION.split(".")
-raise "SWIG failed to run" unless system("#{swig} -ruby -autorename -DRUBY_VERSION=#{major}#{minor} -I. -I/usr/include/openwsman -o openwsman_wrap.c openwsman.i")
+raise "SWIG failed to run" unless system("#{swig} -ruby -autorename -DRUBY_VERSION=#{major}#{minor} -I. -I/usr/include/openwsman -I/builddir/build/BUILD/openwsman-2.6.5/include/ -o openwsman_wrap.c openwsman.i")
$CPPFLAGS = "-I/usr/include/openwsman -I.."

View File

@ -0,0 +1,162 @@
diff -up openwsman-2.6.5/src/lib/wsman-curl-client-transport.c.orig openwsman-2.6.5/src/lib/wsman-curl-client-transport.c
--- openwsman-2.6.5/src/lib/wsman-curl-client-transport.c.orig 2017-11-28 09:32:15.000000000 +0100
+++ openwsman-2.6.5/src/lib/wsman-curl-client-transport.c 2018-01-23 13:14:59.357153453 +0100
@@ -241,12 +241,20 @@ write_handler( void *ptr, size_t size, s
static int ssl_certificate_thumbprint_verify_callback(X509_STORE_CTX *ctx, void *arg)
{
unsigned char *thumbprint = (unsigned char *)arg;
- X509 *cert = ctx->cert;
EVP_MD *tempDigest;
unsigned char tempFingerprint[EVP_MAX_MD_SIZE];
unsigned int tempFingerprintLen;
tempDigest = (EVP_MD*)EVP_sha1( );
+
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ X509 *cert = X509_STORE_CTX_get_current_cert(ctx);
+#else
+ X509 *cert = ctx->cert;
+#endif
+ if(!cert)
+ return 0;
+
if ( X509_digest(cert, tempDigest, tempFingerprint, &tempFingerprintLen ) <= 0)
return 0;
if(!memcmp(tempFingerprint, thumbprint, tempFingerprintLen))
diff -up openwsman-2.6.5/src/server/shttpd/compat_unix.h.orig openwsman-2.6.5/src/server/shttpd/compat_unix.h
--- openwsman-2.6.5/src/server/shttpd/compat_unix.h.orig 2017-11-28 09:32:15.000000000 +0100
+++ openwsman-2.6.5/src/server/shttpd/compat_unix.h 2018-01-23 13:14:59.357153453 +0100
@@ -27,10 +27,6 @@
pthread_create(&tid, NULL, (void *(*)(void *))a, c); } while (0)
#endif /* !NO_THREADS */
-#ifndef SSL_LIB
-#define SSL_LIB "libssl.so"
-#endif
-
#define DIRSEP '/'
#define IS_DIRSEP_CHAR(c) ((c) == '/')
#define O_BINARY 0
diff -up openwsman-2.6.5/src/server/shttpd/io_ssl.c.orig openwsman-2.6.5/src/server/shttpd/io_ssl.c
--- openwsman-2.6.5/src/server/shttpd/io_ssl.c.orig 2017-11-28 09:32:15.000000000 +0100
+++ openwsman-2.6.5/src/server/shttpd/io_ssl.c 2018-01-23 13:14:59.357153453 +0100
@@ -11,23 +11,6 @@
#include "defs.h"
#if !defined(NO_SSL)
-struct ssl_func ssl_sw[] = {
- {"SSL_free", {0}},
- {"SSL_accept", {0}},
- {"SSL_connect", {0}},
- {"SSL_read", {0}},
- {"SSL_write", {0}},
- {"SSL_get_error", {0}},
- {"SSL_set_fd", {0}},
- {"SSL_new", {0}},
- {"SSL_CTX_new", {0}},
- {"SSLv23_server_method", {0}},
- {"SSL_library_init", {0}},
- {"SSL_CTX_use_PrivateKey_file", {0}},
- {"SSL_CTX_use_certificate_file",{0}},
- {NULL, {0}}
-};
-
void
_shttpd_ssl_handshake(struct stream *stream)
{
diff -up openwsman-2.6.5/src/server/shttpd/shttpd.c.orig openwsman-2.6.5/src/server/shttpd/shttpd.c
--- openwsman-2.6.5/src/server/shttpd/shttpd.c.orig 2017-11-28 09:32:15.000000000 +0100
+++ openwsman-2.6.5/src/server/shttpd/shttpd.c 2018-01-23 13:16:13.738228773 +0100
@@ -1476,20 +1476,14 @@ set_ssl(struct shttpd_ctx *ctx, const ch
int retval = FALSE;
EC_KEY* key;
- /* Load SSL library dynamically */
- if ((lib = dlopen(SSL_LIB, RTLD_LAZY)) == NULL) {
- _shttpd_elog(E_LOG, NULL, "set_ssl: cannot load %s", SSL_LIB);
- return (FALSE);
- }
-
- for (fp = ssl_sw; fp->name != NULL; fp++)
- if ((fp->ptr.v_void = dlsym(lib, fp->name)) == NULL) {
- _shttpd_elog(E_LOG, NULL,"set_ssl: cannot find %s", fp->name);
- return (FALSE);
- }
-
/* Initialize SSL crap */
+ debug("Initialize SSL");
+ SSL_load_error_strings();
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ OPENSSL_init_ssl(0, NULL);
+#else
SSL_library_init();
+#endif
if ((CTX = SSL_CTX_new(SSLv23_server_method())) == NULL)
_shttpd_elog(E_LOG, NULL, "SSL_CTX_new error");
@@ -1532,7 +1526,11 @@ set_ssl(struct shttpd_ctx *ctx, const ch
if (strncasecmp(protocols[idx].name, ssl_disabled_protocols, blank_ptr-ssl_disabled_protocols) == 0) {
//_shttpd_elog(E_LOG, NULL, "SSL: disable %s protocol", protocols[idx].name);
debug("SSL: disable %s protocol", protocols[idx].name);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ SSL_CTX_set_options(CTX, protocols[idx].opt);
+#else
SSL_CTX_ctrl(CTX, SSL_CTRL_OPTIONS, protocols[idx].opt, NULL);
+#endif
break;
}
}
diff -up openwsman-2.6.5/src/server/shttpd/ssl.h.orig openwsman-2.6.5/src/server/shttpd/ssl.h
--- openwsman-2.6.5/src/server/shttpd/ssl.h.orig 2017-11-28 09:32:15.000000000 +0100
+++ openwsman-2.6.5/src/server/shttpd/ssl.h 2018-01-23 13:14:59.358153454 +0100
@@ -12,50 +12,4 @@
#include <openssl/ssl.h>
-#else
-
-/*
- * Snatched from OpenSSL includes. I put the prototypes here to be independent
- * from the OpenSSL source installation. Having this, shttpd + SSL can be
- * built on any system with binary SSL libraries installed.
- */
-
-typedef struct ssl_st SSL;
-typedef struct ssl_method_st SSL_METHOD;
-typedef struct ssl_ctx_st SSL_CTX;
-
-#define SSL_ERROR_WANT_READ 2
-#define SSL_ERROR_WANT_WRITE 3
-#define SSL_ERROR_SYSCALL 5
-#define SSL_FILETYPE_PEM 1
-
#endif
-
-/*
- * Dynamically loaded SSL functionality
- */
-struct ssl_func {
- const char *name; /* SSL function name */
- union variant ptr; /* Function pointer */
-};
-
-extern struct ssl_func ssl_sw[];
-
-#define FUNC(x) ssl_sw[x].ptr.v_func
-
-#define SSL_free(x) (* (void (*)(SSL *)) FUNC(0))(x)
-#define SSL_accept(x) (* (int (*)(SSL *)) FUNC(1))(x)
-#define SSL_connect(x) (* (int (*)(SSL *)) FUNC(2))(x)
-#define SSL_read(x,y,z) (* (int (*)(SSL *, void *, int)) FUNC(3))((x),(y),(z))
-#define SSL_write(x,y,z) \
- (* (int (*)(SSL *, const void *,int)) FUNC(4))((x), (y), (z))
-#define SSL_get_error(x,y)(* (int (*)(SSL *, int)) FUNC(5))((x), (y))
-#define SSL_set_fd(x,y) (* (int (*)(SSL *, int)) FUNC(6))((x), (y))
-#define SSL_new(x) (* (SSL * (*)(SSL_CTX *)) FUNC(7))(x)
-#define SSL_CTX_new(x) (* (SSL_CTX * (*)(SSL_METHOD *)) FUNC(8))(x)
-#define SSLv23_server_method() (* (SSL_METHOD * (*)(void)) FUNC(9))()
-#define SSL_library_init() (* (int (*)(void)) FUNC(10))()
-#define SSL_CTX_use_PrivateKey_file(x,y,z) (* (int (*)(SSL_CTX *, \
- const char *, int)) FUNC(11))((x), (y), (z))
-#define SSL_CTX_use_certificate_file(x,y,z) (* (int (*)(SSL_CTX *, \
- const char *, int)) FUNC(12))((x), (y), (z))

View File

@ -0,0 +1,79 @@
diff -up openwsman-2.6.5/src/server/shttpd/shttpd.c.orig openwsman-2.6.5/src/server/shttpd/shttpd.c
--- openwsman-2.6.5/src/server/shttpd/shttpd.c.orig 2019-03-13 10:20:07.376527798 +0100
+++ openwsman-2.6.5/src/server/shttpd/shttpd.c 2019-03-13 10:20:07.380527801 +0100
@@ -336,10 +336,12 @@ date_to_epoch(const char *s)
}
static void
-remove_double_dots(char *s)
+remove_all_leading_dots(char *s)
{
char *p = s;
+ while (*s != '\0' && *s == '.') s++;
+
while (*s != '\0') {
*p++ = *s++;
if (s[-1] == '/' || s[-1] == '\\')
@@ -546,7 +548,7 @@ decide_what_to_do(struct conn *c)
*c->query++ = '\0';
_shttpd_url_decode(c->uri, strlen(c->uri), c->uri, strlen(c->uri) + 1);
- remove_double_dots(c->uri);
+ remove_all_leading_dots(c->uri);
root = c->ctx->options[OPT_ROOT];
if (strlen(c->uri) + strlen(root) >= sizeof(path)) {
@@ -556,6 +558,7 @@ decide_what_to_do(struct conn *c)
(void) _shttpd_snprintf(path, sizeof(path), "%s%s", root, c->uri);
+ DBG(("decide_what_to_do -> processed path: [%s]", path));
/* User may use the aliases - check URI for mount point */
if (is_alias(c->ctx, c->uri, &alias_uri, &alias_path) != NULL) {
(void) _shttpd_snprintf(path, sizeof(path), "%.*s%s",
@@ -572,7 +575,10 @@ decide_what_to_do(struct conn *c)
if ((ruri = _shttpd_is_registered_uri(c->ctx, c->uri)) != NULL) {
_shttpd_setup_embedded_stream(c,
ruri->callback, ruri->callback_data);
- } else
+ } else {
+ _shttpd_send_server_error(c, 403, "Forbidden");
+ }
+#if 0
if (strstr(path, HTPASSWD)) {
/* Do not allow to view passwords files */
_shttpd_send_server_error(c, 403, "Forbidden");
@@ -656,6 +662,7 @@ decide_what_to_do(struct conn *c)
} else {
_shttpd_send_server_error(c, 500, "Internal Error");
}
+#endif
}
static int
diff -up openwsman-2.6.5/src/server/wsmand.c.orig openwsman-2.6.5/src/server/wsmand.c
--- openwsman-2.6.5/src/server/wsmand.c.orig 2017-11-28 09:32:15.000000000 +0100
+++ openwsman-2.6.5/src/server/wsmand.c 2019-03-13 10:20:07.380527801 +0100
@@ -198,6 +198,10 @@ static void daemonize(void)
int fd;
char *pid;
+ /* Change our CWD to / */
+ i = chdir("/");
+ assert(i == 0);
+
if (wsmand_options_get_foreground_debug() > 0) {
return;
}
@@ -214,10 +218,6 @@ static void daemonize(void)
log_pid = 0;
setsid();
- /* Change our CWD to / */
- i=chdir("/");
- assert(i == 0);
-
/* Close all file descriptors. */
for (i = getdtablesize(); i >= 0; --i)
close(i);

View File

@ -0,0 +1,12 @@
diff -up openwsman-2.6.5/src/server/shttpd/shttpd.c.orig openwsman-2.6.5/src/server/shttpd/shttpd.c
--- openwsman-2.6.5/src/server/shttpd/shttpd.c.orig 2018-02-21 10:53:24.964163710 +0100
+++ openwsman-2.6.5/src/server/shttpd/shttpd.c 2018-02-21 10:53:31.854162875 +0100
@@ -1541,7 +1541,7 @@ set_ssl(struct shttpd_ctx *ctx, const ch
if (ssl_cipher_list) {
int rc = SSL_CTX_set_cipher_list(CTX, ssl_cipher_list);
- if (rc != 0) {
+ if (rc != 1) {
_shttpd_elog(E_LOG, NULL, "Failed to set SSL cipher list \"%s\"", ssl_cipher_list);
}
}

View File

@ -0,0 +1,39 @@
diff -up openwsman-4391e5c68d99c6239e1672d1c8a5a16d7d8c4c2b/src/server/wsmand-listener.c.orig openwsman-4391e5c68d99c6239e1672d1c8a5a16d7d8c4c2b/src/server/wsmand-listener.c
--- openwsman-4391e5c68d99c6239e1672d1c8a5a16d7d8c4c2b/src/server/wsmand-listener.c.orig 2016-07-27 16:03:55.000000000 +0200
+++ openwsman-4391e5c68d99c6239e1672d1c8a5a16d7d8c4c2b/src/server/wsmand-listener.c 2018-01-22 13:05:04.478923300 +0100
@@ -344,6 +344,35 @@ DONE:
if (fault_reason == NULL) {
// this is a way to segfault, investigate
//fault_reason = shttpd_reason_phrase(status);
+ // ugly workaround follows...
+ switch (status) {
+ case 200:
+ fault_reason = "OK";
+ break;
+ case 400:
+ fault_reason = "Bad request";
+ break;
+ case 401:
+ fault_reason = "Unauthorized";
+ break;
+ case 403:
+ fault_reason = "Forbidden";
+ break;
+ case 404:
+ fault_reason = "Not found";
+ break;
+ case 500:
+ fault_reason = "Internal Error";
+ break;
+ case 501:
+ fault_reason = "Not implemented";
+ break;
+ case 415:
+ fault_reason = "Unsupported Media Type";
+ break;
+ default:
+ fault_reason = "";
+ }
}
debug("Response status=%d (%s)", status, fault_reason);

View File

@ -0,0 +1,12 @@
[Unit]
Description=Openwsman WS-Management Service
After=syslog.target
[Service]
Type=forking
ExecStart=/usr/sbin/openwsmand -S
ExecStartPre=/etc/openwsman/owsmantestcert.sh
PIDFile=/var/run/wsmand.pid
[Install]
WantedBy=multi-user.target

21
SOURCES/owsmantestcert.sh Normal file
View File

@ -0,0 +1,21 @@
#!/bin/bash
if [ ! -f "/etc/openwsman/serverkey.pem" ]; then
if [ -f "/etc/ssl/servercerts/servercert.pem" \
-a -f "/etc/ssl/servercerts/serverkey.pem" ]; then
echo "Using common server certificate /etc/ssl/servercerts/servercert.pem"
ln -s /etc/ssl/servercerts/server{cert,key}.pem /etc/openwsman
exit 0
else
echo "FAILED: Starting openwsman server"
echo "There is no ssl server key available for openwsman server to use."
echo -e "Please generate one with the following script and start the openwsman service again:\n"
echo "##################################"
echo "/etc/openwsman/owsmangencert.sh"
echo "================================="
echo "NOTE: The script uses /dev/random device for generating some random bits while generating the server key."
echo " If this takes too long, you can replace the value of \"RANDFILE\" in /etc/openwsman/ssleay.cnf with /dev/urandom. Please understand the implications of replacing the RNADFILE."
exit 1
fi
fi

592
SPECS/openwsman.spec Normal file
View File

@ -0,0 +1,592 @@
# RubyGems's macros expect gem_name to exist.
%global gem_name %{name}
Name: openwsman
Version: 2.6.5
Release: 5%{?dist}
Summary: Open source Implementation of WS-Management
License: BSD
URL: http://www.openwsman.org/
Source0: https://github.com/Openwsman/openwsman/archive/v%{version}.tar.gz
# help2man generated manpage for openwsmand binary
Source1: openwsmand.8.gz
# service file for systemd
Source2: openwsmand.service
# script for testing presence of the certificates in ExecStartPre
Source3: owsmantestcert.sh
Patch1: openwsman-2.4.0-pamsetup.patch
Patch2: openwsman-2.4.12-ruby-binding-build.patch
Patch3: openwsman-2.6.2-openssl-1.1-fix.patch
Patch4: openwsman-2.6.5-http-status-line.patch
Patch5: openwsman-2.6.5-fix-set-cipher-list-retval-check.patch
Patch6: openwsman-2.6.5-CVE-2019-3816.patch
BuildRequires: swig
BuildRequires: libcurl-devel libxml2-devel pam-devel sblim-sfcc-devel
BuildRequires: python3 python3-devel ruby ruby-devel rubygems-devel perl-interpreter
BuildRequires: perl-devel perl-generators pkgconfig openssl-devel
BuildRequires: cmake
BuildRequires: systemd-units
%description
Openwsman is a project intended to provide an open-source
implementation of the Web Services Management specification
(WS-Management) and to expose system management information on the
Linux operating system using the WS-Management protocol. WS-Management
is based on a suite of web services specifications and usage
requirements that exposes a set of operations focused on and covers
all system management aspects.
%package -n libwsman1
License: BSD
Summary: Open source Implementation of WS-Management
Provides: %{name} = %{version}-%{release}
Obsoletes: %{name} < %{version}-%{release}
%description -n libwsman1
Openwsman library for packages dependent on openwsman.
%package -n libwsman-devel
License: BSD
Summary: Open source Implementation of WS-Management
Provides: %{name}-devel = %{version}-%{release}
Obsoletes: %{name}-devel < %{version}-%{release}
Requires: libwsman1 = %{version}-%{release}
Requires: %{name}-server = %{version}-%{release}
Requires: %{name}-client = %{version}-%{release}
Requires: sblim-sfcc-devel libxml2-devel pam-devel
Requires: libcurl-devel
%description -n libwsman-devel
Development files for openwsman.
%package client
License: BSD
Summary: Openwsman Client libraries
%description client
Openwsman Client libraries.
%package server
License: BSD
Summary: Openwsman Server and service libraries
Requires: libwsman1 = %{version}-%{release}
%description server
Openwsman Server and service libraries.
%package python3
License: BSD
Summary: Python bindings for openwsman client API
Requires: %{__python3}
Requires: libwsman1 = %{version}-%{release}
%{?python_provide:%python_provide python3-openwsman}
%description python3
This package provides Python3 bindings to access the openwsman client API.
%package -n rubygem-%{gem_name}
License: BSD
Summary: Ruby client bindings for Openwsman
Obsoletes: %{name}-ruby < %{version}-%{release}
%description -n rubygem-%{gem_name}
The openwsman gem provides a Ruby API to manage systems using
the WS-Management protocol.
%package -n rubygem-%{gem_name}-doc
Summary: Documentation for %{name}
Requires: rubygem-%{gem_name} = %{version}-%{release}
BuildArch: noarch
%description -n rubygem-%{gem_name}-doc
Documentation for rubygem-%{gem_name}
%package perl
License: BSD
Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
Summary: Perl bindings for openwsman client API
Requires: libwsman1 = %{version}-%{release}
%description perl
This package provides Perl bindings to access the openwsman client API.
%package winrs
Summary: Windows Remote Shell
Requires: rubygem-%{gem_name} = %{version}-%{release}
%description winrs
This is a command line tool for the Windows Remote Shell protocol.
You can use it to send shell commands to a remote Windows hosts.
%prep
%setup -q
%patch1 -p1 -b .pamsetup
%patch2 -p1 -b .ruby-binding-build
%patch3 -p1 -b .openssl-1.1-fix
%patch4 -p1 -b .http-status-line
%patch5 -p1 -b .fix-set-cipher-list-retval-check
%patch6 -p1 -b .CVE-2019-3816
%build
# Removing executable permissions on .c and .h files to fix rpmlint warnings.
chmod -x src/cpp/WsmanClient.h
rm -rf build
mkdir build
export RPM_OPT_FLAGS="$RPM_OPT_FLAGS -DFEDORA -DNO_SSL_CALLBACK"
export CFLAGS="-D_GNU_SOURCE -fPIE -DPIE"
export LDFLAGS="$LDFLAGS -Wl,-z,now -pie"
cd build
cmake \
-DCMAKE_INSTALL_PREFIX=/usr \
-DCMAKE_VERBOSE_MAKEFILE=TRUE \
-DCMAKE_BUILD_TYPE=Release \
-DCMAKE_C_FLAGS_RELEASE:STRING="$RPM_OPT_FLAGS -fno-strict-aliasing" \
-DCMAKE_CXX_FLAGS_RELEASE:STRING="$RPM_OPT_FLAGS" \
-DCMAKE_SKIP_RPATH=1 \
-DPACKAGE_ARCHITECTURE=`uname -m` \
-DLIB=%{_lib} \
-DBUILD_JAVA=no \
..
make
# Make the freshly build openwsman libraries available to build the gem's
# binary extension.
export LIBRARY_PATH=%{_builddir}/%{name}-%{version}/build/src/lib
export CPATH=%{_builddir}/%{name}-%{version}/include/
export LD_LIBRARY_PATH=%{_builddir}/%{name}-%{version}/build/src/lib/
%gem_install -n ./bindings/ruby/%{name}-%{version}.gem
%install
cd build
# Do not install the ruby extension, we are proviging the rubygem- instead.
echo -n > bindings/ruby/cmake_install.cmake
make DESTDIR=%{buildroot} install
cd ..
rm -f %{buildroot}/%{_libdir}/*.la
rm -f %{buildroot}/%{_libdir}/openwsman/plugins/*.la
rm -f %{buildroot}/%{_libdir}/openwsman/authenticators/*.la
[ -d %{buildroot}/%{ruby_vendorlibdir} ] && rm -f %{buildroot}/%{ruby_vendorlibdir}/openwsmanplugin.rb
[ -d %{buildroot}/%{ruby_vendorlibdir} ] && rm -f %{buildroot}/%{ruby_vendorlibdir}/openwsman.rb
mkdir -p %{buildroot}%{_sysconfdir}/init.d
install -m 644 etc/openwsman.conf %{buildroot}/%{_sysconfdir}/openwsman
install -m 644 etc/openwsman_client.conf %{buildroot}/%{_sysconfdir}/openwsman
mkdir -p %{buildroot}/%{_unitdir}
install -p -m 644 %{SOURCE2} %{buildroot}/%{_unitdir}/openwsmand.service
install -m 644 etc/ssleay.cnf %{buildroot}/%{_sysconfdir}/openwsman
install -p -m 755 %{SOURCE3} %{buildroot}/%{_sysconfdir}/openwsman
# install manpage
mkdir -p %{buildroot}/%{_mandir}/man8/
cp %SOURCE1 %{buildroot}/%{_mandir}/man8/
# install missing headers
install -m 644 include/wsman-xml.h %{buildroot}/%{_includedir}/openwsman
install -m 644 include/wsman-xml-binding.h %{buildroot}/%{_includedir}/openwsman
install -m 644 include/wsman-dispatcher.h %{buildroot}/%{_includedir}/openwsman
mkdir -p %{buildroot}%{gem_dir}
cp -pa ./build%{gem_dir}/* \
%{buildroot}%{gem_dir}/
rm -rf %{buildroot}%{gem_instdir}/ext
mkdir -p %{buildroot}%{gem_extdir_mri}
cp -a ./build%{gem_extdir_mri}/{gem.build_complete,*.so} %{buildroot}%{gem_extdir_mri}/
%post -n libwsman1 -p /sbin/ldconfig
%postun -n libwsman1 -p /sbin/ldconfig
%post server
/sbin/ldconfig
%systemd_post openwsmand.service
%preun server
%systemd_preun openwsmand.service
%postun server
rm -f /var/log/wsmand.log
%systemd_postun_with_restart openwsmand.service
/sbin/ldconfig
%post client -p /sbin/ldconfig
%postun client -p /sbin/ldconfig
%files -n libwsman1
%doc AUTHORS COPYING ChangeLog README.md TODO
%{_libdir}/libwsman.so.*
%{_libdir}/libwsman_client.so.*
%{_libdir}/libwsman_curl_client_transport.so.*
%files -n libwsman-devel
%doc AUTHORS COPYING ChangeLog README.md
%{_includedir}/*
%{_libdir}/pkgconfig/*
%{_libdir}/*.so
%files python3
%doc AUTHORS COPYING ChangeLog README.md
%{python3_sitearch}/*.so
%{python3_sitearch}/*.py
%{python3_sitearch}/__pycache__/*
%files -n rubygem-%{gem_name}
%doc AUTHORS COPYING ChangeLog README.md
%dir %{gem_instdir}
%{gem_libdir}
%{gem_extdir_mri}
%exclude %{gem_cache}
%{gem_spec}
%files -n rubygem-%{gem_name}-doc
%doc %{gem_docdir}
%files perl
%doc AUTHORS COPYING ChangeLog README.md
%{perl_vendorarch}/openwsman.so
%{perl_vendorlib}/openwsman.pm
%files server
%doc AUTHORS COPYING ChangeLog README.md
# Don't remove *.so files from the server package.
# the server fails to start without these files.
%dir %{_sysconfdir}/openwsman
%config(noreplace) %{_sysconfdir}/openwsman/openwsman.conf
%config(noreplace) %{_sysconfdir}/openwsman/ssleay.cnf
%attr(0755,root,root) %{_sysconfdir}/openwsman/owsmangencert.sh
%attr(0755,root,root) %{_sysconfdir}/openwsman/owsmantestcert.sh
%config(noreplace) %{_sysconfdir}/pam.d/openwsman
%{_unitdir}/openwsmand.service
%dir %{_libdir}/openwsman
%dir %{_libdir}/openwsman/authenticators
%{_libdir}/openwsman/authenticators/*.so
%{_libdir}/openwsman/authenticators/*.so.*
%dir %{_libdir}/openwsman/plugins
%{_libdir}/openwsman/plugins/*.so
%{_libdir}/openwsman/plugins/*.so.*
%{_sbindir}/openwsmand
%{_libdir}/libwsman_server.so.*
%{_mandir}/man8/*
%files client
%doc AUTHORS COPYING ChangeLog README.md
%{_libdir}/libwsman_clientpp.so.*
%config(noreplace) %{_sysconfdir}/openwsman/openwsman_client.conf
%files winrs
%{_bindir}/winrs
%changelog
* Mon Apr 01 2019 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.5-5
- Fix CVE-2019-3816
Resolves: #1693972
- Remove Dist Tag from the oldest changelog entry
* Thu Sep 20 2018 Tomas Orsava <torsava@redhat.com> - 2.6.5-4
- Require the Python interpreter directly instead of using the package name
- Related: rhbz#1619153
* Wed Feb 21 2018 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.5-3
- Fix wrong SSL_CTX_set_cipher_list() retval check
- Explicitly disable build of java bindings (build fails if java-devel is installed)
* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Tue Jan 23 2018 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.5-1
- Update to openwsman-2.6.5
- Simplify python binding build and drop python2 subpackage
- Fix malformed HTTP 200 status line
* Sat Jan 20 2018 Björn Esser <besser82@fedoraproject.org> - 2.6.3-11.git4391e5c
- Rebuilt for switch to libxcrypt
* Sat Jan 6 2018 Mamoru TASAKA <mtasaka@fedoraproject.org> - 2.6.3-10.git4391e5c
- F-28: rebuild for ruby 2.5
- Backport git patches to support ruby 2.5
* Wed Oct 04 2017 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.3-9.git
- Remove unnecessary net-tools requirement
Resolves: #1496142
* Tue Sep 12 2017 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.3-8.git4391e5c
- Spec file clean up (removed RPM Groups tags, removed obsolete chkconfig/initscripts
dependencies, improved readability, fixed indentation)
- Updated openssl-1.1 patch to support builds with older openssl versions
* Sun Aug 20 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 2.6.3-7.git4391e5c
- Add Provides for the old name without %%_isa
* Sat Aug 19 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 2.6.3-6.git4391e5c
- Python 2 binary package renamed to python2-openwsman
See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.3-5.git4391e5c
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.3-4.git4391e5c
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Sun Jun 04 2017 Jitka Plesnikova <jplesnik@redhat.com> - 2.6.3-3.git4391e5c
- Perl 5.26 rebuild
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.3-2.git4391e5c
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Tue Jan 17 2017 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.3-1.git4391e5c
- Update to openwsman-2.6.3 from upstream VCS
(because it contains shttpd 1.42)
* Thu Jan 12 2017 Vít Ondruch <vondruch@redhat.com> - 2.6.2-11
- Rebuilt for https://fedoraproject.org/wiki/Changes/Ruby_2.4
* Mon Jan 09 2017 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.2-10
- Disable SSL protocols listed in config file
* Tue Jan 03 2017 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.2-9
- Port to openssl 1.1.0
Resolves: #1383992
* Mon Dec 19 2016 Miro Hrončok <mhroncok@redhat.com> - 2.6.2-8
- Rebuild for Python 3.6
* Thu Aug 11 2016 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.2-7
- Add openwsman-python3 subpackage
Resolves: #1354481
* Tue Jul 19 2016 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.6.2-6
- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages
* Sun May 15 2016 Jitka Plesnikova <jplesnik@redhat.com> - 2.6.2-5
- Perl 5.24 rebuild
* Tue Mar 22 2016 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.2-4
- Remove SSL_LIB acquired by readlink from CFLAGS
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Tue Jan 12 2016 Vít Ondruch <vondruch@redhat.com> - 2.6.2-2
- Rebuilt for https://fedoraproject.org/wiki/Changes/Ruby_2.3
* Thu Nov 05 2015 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.2-1
- Update to openwsman-2.6.2
* Mon Aug 31 2015 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.1-1
- Update to openwsman-2.6.1
- Review PAM rules
(pam_pwcheck is replaced by pam_pwquality, pam_unix has no 'none' option)
* Tue Jun 16 2015 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.0-1
- Update to openwsman-2.6.0
* Wed Jun 03 2015 Jitka Plesnikova <jplesnik@redhat.com> - 2.4.15-2
- Perl 5.22 rebuild
* Thu May 21 2015 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.4.15-1
- Update to openwsman-2.4.15
* Sat May 02 2015 Kalev Lember <kalevlember@gmail.com> - 2.4.14-2
- Rebuilt for GCC 5 C++11 ABI change
* Thu Feb 26 2015 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.4.14-1
- Update to openwsman-2.4.14
* Mon Feb 09 2015 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.4.12-1
- Update to openwsman-2.4.12
* Sat Jan 17 2015 Mamoru TASAKA <mtasaka@fedoraproject.org> - 2.4.6-5
- Rebuild for https://fedoraproject.org/wiki/Changes/Ruby_2.2
* Tue Aug 26 2014 Jitka Plesnikova <jplesnik@redhat.com> - 2.4.6-4
- Perl 5.20 rebuild
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.6-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Tue May 20 2014 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.4.6-1
- Update to openwsman-2.4.6
* Fri Apr 25 2014 Vít Ondruch <vondruch@redhat.com> - 2.4.4-2
- Rebuilt for https://fedoraproject.org/wiki/Changes/Ruby_2.1
* Tue Mar 11 2014 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.4.4-1
- Update to openwsman-2.4.4
- Provide rubygem-openwsman instead of openwsman-ruby (patch by Vit Ondruch)
* Wed Feb 05 2014 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.4.3-2
- Update openwsmand man page
* Thu Jan 23 2014 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.4.3-1
- Update to openwsman-2.4.3
* Tue Jan 07 2014 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.4.0-3
- Start the service using SSL by default
* Mon Sep 30 2013 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.4.0-2
- Build with full relro
- Fix provides/requires
- Fix pam.d config (patch by Ales Ledvinka)
Resolves: #1013018
* Tue Sep 17 2013 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.4.0-1
- Update to openwsman-2.4.0
- Fix bogus date in %%changelog
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.3.6-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Wed Jul 17 2013 Petr Pisar <ppisar@redhat.com> - 2.3.6-7
- Perl 5.18 rebuild
* Tue Mar 19 2013 Vít Ondruch <vondruch@redhat.com> - 2.3.6-6
- Rebuild for https://fedoraproject.org/wiki/Features/Ruby_2.0.0
* Mon Mar 18 2013 Praveen K Paladugu <praveen_paladugu@dell.com> - 2.3.6-4
- Updated the dependency for ruby bindings and introduced the java bindings.
* Wed Mar 13 2013 Peter Robinson <pbrobinson@fedoraproject.org> 2.3.6-3
- rebuild for ruby 2
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.3.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Thu Nov 08 2012 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.3.6-1
- Update to openwsman-2.3.6
* Mon Sep 17 2012 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.3.5-1
- Update to openwsman-2.3.5
- Enable ruby subpackage again
* Tue Aug 28 2012 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.3.0-7
- Fix issues found by fedora-review utility in the spec file
* Thu Aug 23 2012 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.3.0-6
- Use new systemd-rpm macros
Resolves: #850405
* Fri Jul 20 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.3.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Sun Jun 10 2012 Petr Pisar <ppisar@redhat.com> - 2.3.0-4
- Perl 5.16 rebuild
* Mon May 28 2012 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.3.0-3
- Rename service file
* Wed May 23 2012 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.3.0-2
- Add systemd support
* Tue Mar 27 2012 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.3.0-1
- Update to openwsman-2.3.0
* Thu Feb 09 2012 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.2.7-4
- Fix libssl loading
* Thu Feb 09 2012 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.2.7-3
- Temporarily disable ruby subpackage
* Thu Jan 26 2012 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.2.7-2
- Remove unnecessary net-tools requirement
Resolves: #784787
* Wed Jan 11 2012 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.2.7-1
- Update to openwsman-2.2.7
* Mon Jun 20 2011 Marcela Mašláňová <mmaslano@redhat.com> - 2.2.5-3
- Perl mass rebuild
* Fri Jun 10 2011 Marcela Mašláňová <mmaslano@redhat.com> - 2.2.5-2
- Perl 5.14 mass rebuild
* Wed Mar 23 2011 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.2.5-1
- Update to openwsman-2.2.5
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.2.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Thu Dec 9 2010 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.2.4-2
- Recompile with -DNO_SSL_CALLBACK
* Tue Nov 16 2010 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.2.4-1
- Update to openwsman-2.2.4
- Add help2man generated manpage for openwsmand binary
- Add missing openwsman headers to libwsman-devel
- Add configuration file to openwsman-client
* Wed Sep 29 2010 jkeating - 2.2.3-9
- Rebuilt for gcc bug 634757
* Mon Sep 13 2010 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.2.3-8
- Move initscript to the right place
- Fix return values from initscript according to guidelines
* Tue Aug 10 2010 Praveen K Paladugu <praveen_paladugu@dell.com> - 2.2.3-7
- Moved the certificate generation from init script. The user will have to
- generate the certificate manually.
* Mon Aug 2 2010 Praveen K Paladugu <praveen_paladugu@dell.com> - 2.2.3-6
- Fixed the version checking of swig and forced all the ruby files to be
- installed into site{lib,arch} dirs
* Wed Jul 21 2010 David Malcolm <dmalcolm@redhat.com> - 2.2.3-5
- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
* Tue Jun 01 2010 Marcela Maslanova <mmaslano@redhat.com> - 2.2.3-4
- Mass rebuild with perl-5.12.0
* Thu Apr 22 2010 Praveen K Paladugu <praveen_paladugu@dell.com> - 2.2.3-3
- authors.patch: Moved all the AUTHORS info to AUTHORS file.
- Corrected the Source tag.
- Corrected the package dependencies to break cyclic dependencies.
- Fixed the default attributes.
- Fixed the preun & postun scripts, to make sure the openwsmand service
- is stopped before the package is removed.
- Added 'condrestart' function to the init script.
- Had to let the *.so files be part of the openwsman-server becuase
- some of the source files explicitly call out for *.so files.
* Thu Apr 15 2010 Praveen K Paladugu <praveen_paladugu@dell.com> - 2.2.3-2
- Updated the spec file to adhere to the upstream standard of breaking
- the package in server, client, lib modules
- randfile.patch: when openwsmand daemon creates a certificate the
- first time it needs a file which have random content it. This
- is pointed to $HOME/.rnd in /etc/openwsman/ssleay.cnf. Changed this
- random file to /dev/urandom.
- initscript.patch: patch to edit the init script so that the services
- are not started by default.
* Wed Mar 3 2010 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.2.3-1
- Update to openwsman-2.2.3
* Wed Sep 23 2009 Praveen K Paladugu <praveen_paladugu@dell.com> - 2.2.0-1
- Added the new 2.2.0 sources.
- Changed the release and version numbers.
* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 2.1.0-4
- rebuilt with new openssl
* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Thu Feb 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Mon Sep 22 2008 Matt Domsch <Matt_Domsch@dell.com> - 2.1.0-1
- update to 2.1.0, resolves security issues
* Tue Aug 19 2008 <srinivas_ramanatha@dell.com> - 2.0.0-1
- Modified the spec file to adhere to fedora packaging guidelines.