commit e0e97ecded6da73b5bf6213a8a6ccc5d8bb78fe5 Author: CentOS Sources Date: Fri Aug 2 15:12:11 2019 -0400 import openwsman-2.6.5-5.el8 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..81494b7 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +SOURCES/openwsmand.8.gz +SOURCES/v2.6.5.tar.gz diff --git a/.openwsman.metadata b/.openwsman.metadata new file mode 100644 index 0000000..25a9407 --- /dev/null +++ b/.openwsman.metadata @@ -0,0 +1,2 @@ +a6a8bbbfa71ce04bedae55f2f06ce97089b6c5e1 SOURCES/openwsmand.8.gz +51230beeaad4a94ab6eb3d390e2608c87b4d76fe SOURCES/v2.6.5.tar.gz diff --git a/SOURCES/openwsman-2.4.0-pamsetup.patch b/SOURCES/openwsman-2.4.0-pamsetup.patch new file mode 100644 index 0000000..021ca88 --- /dev/null +++ b/SOURCES/openwsman-2.4.0-pamsetup.patch @@ -0,0 +1,16 @@ +diff -up openwsman-2.6.1/etc/pam/openwsman.pamsetup openwsman-2.6.1/etc/pam/openwsman +--- openwsman-2.6.1/etc/pam/openwsman.pamsetup 2015-08-27 15:46:46.000000000 +0200 ++++ openwsman-2.6.1/etc/pam/openwsman 2015-08-31 16:08:28.166913889 +0200 +@@ -1,7 +1,7 @@ + #%PAM-1.0 +-auth required pam_unix2.so nullok ++auth required pam_unix.so nullok + auth required pam_nologin.so +-account required pam_unix2.so +-password required pam_pwcheck.so nullok +-password required pam_unix2.so nullok use_first_pass use_authtok +-session required pam_unix2.so none ++account required pam_unix.so ++password required pam_pwquality.so ++password required pam_unix.so nullok use_first_pass use_authtok ++session required pam_unix.so diff --git a/SOURCES/openwsman-2.4.12-ruby-binding-build.patch b/SOURCES/openwsman-2.4.12-ruby-binding-build.patch new file mode 100644 index 0000000..7f46996 --- /dev/null +++ b/SOURCES/openwsman-2.4.12-ruby-binding-build.patch @@ -0,0 +1,12 @@ +diff -up openwsman-2.4.12/bindings/ruby/extconf.rb.orig openwsman-2.4.12/bindings/ruby/extconf.rb +--- openwsman-2.4.12/bindings/ruby/extconf.rb.orig 2015-02-09 09:28:58.232581263 +0100 ++++ openwsman-2.4.12/bindings/ruby/extconf.rb 2015-02-09 09:38:22.836772879 +0100 +@@ -32,7 +32,7 @@ swig = find_executable("swig") + raise "SWIG not found" unless swig + + major, minor, path = RUBY_VERSION.split(".") +-raise "SWIG failed to run" unless system("#{swig} -ruby -autorename -DRUBY_VERSION=#{major}#{minor} -I. -I/usr/include/openwsman -o openwsman_wrap.c openwsman.i") ++raise "SWIG failed to run" unless system("#{swig} -ruby -autorename -DRUBY_VERSION=#{major}#{minor} -I. -I/usr/include/openwsman -I/builddir/build/BUILD/openwsman-2.6.5/include/ -o openwsman_wrap.c openwsman.i") + + $CPPFLAGS = "-I/usr/include/openwsman -I.." + diff --git a/SOURCES/openwsman-2.6.2-openssl-1.1-fix.patch b/SOURCES/openwsman-2.6.2-openssl-1.1-fix.patch new file mode 100644 index 0000000..1be385d --- /dev/null +++ b/SOURCES/openwsman-2.6.2-openssl-1.1-fix.patch @@ -0,0 +1,162 @@ +diff -up openwsman-2.6.5/src/lib/wsman-curl-client-transport.c.orig openwsman-2.6.5/src/lib/wsman-curl-client-transport.c +--- openwsman-2.6.5/src/lib/wsman-curl-client-transport.c.orig 2017-11-28 09:32:15.000000000 +0100 ++++ openwsman-2.6.5/src/lib/wsman-curl-client-transport.c 2018-01-23 13:14:59.357153453 +0100 +@@ -241,12 +241,20 @@ write_handler( void *ptr, size_t size, s + static int ssl_certificate_thumbprint_verify_callback(X509_STORE_CTX *ctx, void *arg) + { + unsigned char *thumbprint = (unsigned char *)arg; +- X509 *cert = ctx->cert; + EVP_MD *tempDigest; + + unsigned char tempFingerprint[EVP_MAX_MD_SIZE]; + unsigned int tempFingerprintLen; + tempDigest = (EVP_MD*)EVP_sha1( ); ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ X509 *cert = X509_STORE_CTX_get_current_cert(ctx); ++#else ++ X509 *cert = ctx->cert; ++#endif ++ if(!cert) ++ return 0; ++ + if ( X509_digest(cert, tempDigest, tempFingerprint, &tempFingerprintLen ) <= 0) + return 0; + if(!memcmp(tempFingerprint, thumbprint, tempFingerprintLen)) +diff -up openwsman-2.6.5/src/server/shttpd/compat_unix.h.orig openwsman-2.6.5/src/server/shttpd/compat_unix.h +--- openwsman-2.6.5/src/server/shttpd/compat_unix.h.orig 2017-11-28 09:32:15.000000000 +0100 ++++ openwsman-2.6.5/src/server/shttpd/compat_unix.h 2018-01-23 13:14:59.357153453 +0100 +@@ -27,10 +27,6 @@ + pthread_create(&tid, NULL, (void *(*)(void *))a, c); } while (0) + #endif /* !NO_THREADS */ + +-#ifndef SSL_LIB +-#define SSL_LIB "libssl.so" +-#endif +- + #define DIRSEP '/' + #define IS_DIRSEP_CHAR(c) ((c) == '/') + #define O_BINARY 0 +diff -up openwsman-2.6.5/src/server/shttpd/io_ssl.c.orig openwsman-2.6.5/src/server/shttpd/io_ssl.c +--- openwsman-2.6.5/src/server/shttpd/io_ssl.c.orig 2017-11-28 09:32:15.000000000 +0100 ++++ openwsman-2.6.5/src/server/shttpd/io_ssl.c 2018-01-23 13:14:59.357153453 +0100 +@@ -11,23 +11,6 @@ + #include "defs.h" + + #if !defined(NO_SSL) +-struct ssl_func ssl_sw[] = { +- {"SSL_free", {0}}, +- {"SSL_accept", {0}}, +- {"SSL_connect", {0}}, +- {"SSL_read", {0}}, +- {"SSL_write", {0}}, +- {"SSL_get_error", {0}}, +- {"SSL_set_fd", {0}}, +- {"SSL_new", {0}}, +- {"SSL_CTX_new", {0}}, +- {"SSLv23_server_method", {0}}, +- {"SSL_library_init", {0}}, +- {"SSL_CTX_use_PrivateKey_file", {0}}, +- {"SSL_CTX_use_certificate_file",{0}}, +- {NULL, {0}} +-}; +- + void + _shttpd_ssl_handshake(struct stream *stream) + { +diff -up openwsman-2.6.5/src/server/shttpd/shttpd.c.orig openwsman-2.6.5/src/server/shttpd/shttpd.c +--- openwsman-2.6.5/src/server/shttpd/shttpd.c.orig 2017-11-28 09:32:15.000000000 +0100 ++++ openwsman-2.6.5/src/server/shttpd/shttpd.c 2018-01-23 13:16:13.738228773 +0100 +@@ -1476,20 +1476,14 @@ set_ssl(struct shttpd_ctx *ctx, const ch + int retval = FALSE; + EC_KEY* key; + +- /* Load SSL library dynamically */ +- if ((lib = dlopen(SSL_LIB, RTLD_LAZY)) == NULL) { +- _shttpd_elog(E_LOG, NULL, "set_ssl: cannot load %s", SSL_LIB); +- return (FALSE); +- } +- +- for (fp = ssl_sw; fp->name != NULL; fp++) +- if ((fp->ptr.v_void = dlsym(lib, fp->name)) == NULL) { +- _shttpd_elog(E_LOG, NULL,"set_ssl: cannot find %s", fp->name); +- return (FALSE); +- } +- + /* Initialize SSL crap */ ++ debug("Initialize SSL"); ++ SSL_load_error_strings(); ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ OPENSSL_init_ssl(0, NULL); ++#else + SSL_library_init(); ++#endif + + if ((CTX = SSL_CTX_new(SSLv23_server_method())) == NULL) + _shttpd_elog(E_LOG, NULL, "SSL_CTX_new error"); +@@ -1532,7 +1526,11 @@ set_ssl(struct shttpd_ctx *ctx, const ch + if (strncasecmp(protocols[idx].name, ssl_disabled_protocols, blank_ptr-ssl_disabled_protocols) == 0) { + //_shttpd_elog(E_LOG, NULL, "SSL: disable %s protocol", protocols[idx].name); + debug("SSL: disable %s protocol", protocols[idx].name); ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ SSL_CTX_set_options(CTX, protocols[idx].opt); ++#else + SSL_CTX_ctrl(CTX, SSL_CTRL_OPTIONS, protocols[idx].opt, NULL); ++#endif + break; + } + } +diff -up openwsman-2.6.5/src/server/shttpd/ssl.h.orig openwsman-2.6.5/src/server/shttpd/ssl.h +--- openwsman-2.6.5/src/server/shttpd/ssl.h.orig 2017-11-28 09:32:15.000000000 +0100 ++++ openwsman-2.6.5/src/server/shttpd/ssl.h 2018-01-23 13:14:59.358153454 +0100 +@@ -12,50 +12,4 @@ + + #include + +-#else +- +-/* +- * Snatched from OpenSSL includes. I put the prototypes here to be independent +- * from the OpenSSL source installation. Having this, shttpd + SSL can be +- * built on any system with binary SSL libraries installed. +- */ +- +-typedef struct ssl_st SSL; +-typedef struct ssl_method_st SSL_METHOD; +-typedef struct ssl_ctx_st SSL_CTX; +- +-#define SSL_ERROR_WANT_READ 2 +-#define SSL_ERROR_WANT_WRITE 3 +-#define SSL_ERROR_SYSCALL 5 +-#define SSL_FILETYPE_PEM 1 +- + #endif +- +-/* +- * Dynamically loaded SSL functionality +- */ +-struct ssl_func { +- const char *name; /* SSL function name */ +- union variant ptr; /* Function pointer */ +-}; +- +-extern struct ssl_func ssl_sw[]; +- +-#define FUNC(x) ssl_sw[x].ptr.v_func +- +-#define SSL_free(x) (* (void (*)(SSL *)) FUNC(0))(x) +-#define SSL_accept(x) (* (int (*)(SSL *)) FUNC(1))(x) +-#define SSL_connect(x) (* (int (*)(SSL *)) FUNC(2))(x) +-#define SSL_read(x,y,z) (* (int (*)(SSL *, void *, int)) FUNC(3))((x),(y),(z)) +-#define SSL_write(x,y,z) \ +- (* (int (*)(SSL *, const void *,int)) FUNC(4))((x), (y), (z)) +-#define SSL_get_error(x,y)(* (int (*)(SSL *, int)) FUNC(5))((x), (y)) +-#define SSL_set_fd(x,y) (* (int (*)(SSL *, int)) FUNC(6))((x), (y)) +-#define SSL_new(x) (* (SSL * (*)(SSL_CTX *)) FUNC(7))(x) +-#define SSL_CTX_new(x) (* (SSL_CTX * (*)(SSL_METHOD *)) FUNC(8))(x) +-#define SSLv23_server_method() (* (SSL_METHOD * (*)(void)) FUNC(9))() +-#define SSL_library_init() (* (int (*)(void)) FUNC(10))() +-#define SSL_CTX_use_PrivateKey_file(x,y,z) (* (int (*)(SSL_CTX *, \ +- const char *, int)) FUNC(11))((x), (y), (z)) +-#define SSL_CTX_use_certificate_file(x,y,z) (* (int (*)(SSL_CTX *, \ +- const char *, int)) FUNC(12))((x), (y), (z)) diff --git a/SOURCES/openwsman-2.6.5-CVE-2019-3816.patch b/SOURCES/openwsman-2.6.5-CVE-2019-3816.patch new file mode 100644 index 0000000..ba91ba7 --- /dev/null +++ b/SOURCES/openwsman-2.6.5-CVE-2019-3816.patch @@ -0,0 +1,79 @@ +diff -up openwsman-2.6.5/src/server/shttpd/shttpd.c.orig openwsman-2.6.5/src/server/shttpd/shttpd.c +--- openwsman-2.6.5/src/server/shttpd/shttpd.c.orig 2019-03-13 10:20:07.376527798 +0100 ++++ openwsman-2.6.5/src/server/shttpd/shttpd.c 2019-03-13 10:20:07.380527801 +0100 +@@ -336,10 +336,12 @@ date_to_epoch(const char *s) + } + + static void +-remove_double_dots(char *s) ++remove_all_leading_dots(char *s) + { + char *p = s; + ++ while (*s != '\0' && *s == '.') s++; ++ + while (*s != '\0') { + *p++ = *s++; + if (s[-1] == '/' || s[-1] == '\\') +@@ -546,7 +548,7 @@ decide_what_to_do(struct conn *c) + *c->query++ = '\0'; + + _shttpd_url_decode(c->uri, strlen(c->uri), c->uri, strlen(c->uri) + 1); +- remove_double_dots(c->uri); ++ remove_all_leading_dots(c->uri); + + root = c->ctx->options[OPT_ROOT]; + if (strlen(c->uri) + strlen(root) >= sizeof(path)) { +@@ -556,6 +558,7 @@ decide_what_to_do(struct conn *c) + + (void) _shttpd_snprintf(path, sizeof(path), "%s%s", root, c->uri); + ++ DBG(("decide_what_to_do -> processed path: [%s]", path)); + /* User may use the aliases - check URI for mount point */ + if (is_alias(c->ctx, c->uri, &alias_uri, &alias_path) != NULL) { + (void) _shttpd_snprintf(path, sizeof(path), "%.*s%s", +@@ -572,7 +575,10 @@ decide_what_to_do(struct conn *c) + if ((ruri = _shttpd_is_registered_uri(c->ctx, c->uri)) != NULL) { + _shttpd_setup_embedded_stream(c, + ruri->callback, ruri->callback_data); +- } else ++ } else { ++ _shttpd_send_server_error(c, 403, "Forbidden"); ++ } ++#if 0 + if (strstr(path, HTPASSWD)) { + /* Do not allow to view passwords files */ + _shttpd_send_server_error(c, 403, "Forbidden"); +@@ -656,6 +662,7 @@ decide_what_to_do(struct conn *c) + } else { + _shttpd_send_server_error(c, 500, "Internal Error"); + } ++#endif + } + + static int +diff -up openwsman-2.6.5/src/server/wsmand.c.orig openwsman-2.6.5/src/server/wsmand.c +--- openwsman-2.6.5/src/server/wsmand.c.orig 2017-11-28 09:32:15.000000000 +0100 ++++ openwsman-2.6.5/src/server/wsmand.c 2019-03-13 10:20:07.380527801 +0100 +@@ -198,6 +198,10 @@ static void daemonize(void) + int fd; + char *pid; + ++ /* Change our CWD to / */ ++ i = chdir("/"); ++ assert(i == 0); ++ + if (wsmand_options_get_foreground_debug() > 0) { + return; + } +@@ -214,10 +218,6 @@ static void daemonize(void) + log_pid = 0; + setsid(); + +- /* Change our CWD to / */ +- i=chdir("/"); +- assert(i == 0); +- + /* Close all file descriptors. */ + for (i = getdtablesize(); i >= 0; --i) + close(i); diff --git a/SOURCES/openwsman-2.6.5-fix-set-cipher-list-retval-check.patch b/SOURCES/openwsman-2.6.5-fix-set-cipher-list-retval-check.patch new file mode 100644 index 0000000..dc3e52c --- /dev/null +++ b/SOURCES/openwsman-2.6.5-fix-set-cipher-list-retval-check.patch @@ -0,0 +1,12 @@ +diff -up openwsman-2.6.5/src/server/shttpd/shttpd.c.orig openwsman-2.6.5/src/server/shttpd/shttpd.c +--- openwsman-2.6.5/src/server/shttpd/shttpd.c.orig 2018-02-21 10:53:24.964163710 +0100 ++++ openwsman-2.6.5/src/server/shttpd/shttpd.c 2018-02-21 10:53:31.854162875 +0100 +@@ -1541,7 +1541,7 @@ set_ssl(struct shttpd_ctx *ctx, const ch + + if (ssl_cipher_list) { + int rc = SSL_CTX_set_cipher_list(CTX, ssl_cipher_list); +- if (rc != 0) { ++ if (rc != 1) { + _shttpd_elog(E_LOG, NULL, "Failed to set SSL cipher list \"%s\"", ssl_cipher_list); + } + } diff --git a/SOURCES/openwsman-2.6.5-http-status-line.patch b/SOURCES/openwsman-2.6.5-http-status-line.patch new file mode 100644 index 0000000..f571508 --- /dev/null +++ b/SOURCES/openwsman-2.6.5-http-status-line.patch @@ -0,0 +1,39 @@ +diff -up openwsman-4391e5c68d99c6239e1672d1c8a5a16d7d8c4c2b/src/server/wsmand-listener.c.orig openwsman-4391e5c68d99c6239e1672d1c8a5a16d7d8c4c2b/src/server/wsmand-listener.c +--- openwsman-4391e5c68d99c6239e1672d1c8a5a16d7d8c4c2b/src/server/wsmand-listener.c.orig 2016-07-27 16:03:55.000000000 +0200 ++++ openwsman-4391e5c68d99c6239e1672d1c8a5a16d7d8c4c2b/src/server/wsmand-listener.c 2018-01-22 13:05:04.478923300 +0100 +@@ -344,6 +344,35 @@ DONE: + if (fault_reason == NULL) { + // this is a way to segfault, investigate + //fault_reason = shttpd_reason_phrase(status); ++ // ugly workaround follows... ++ switch (status) { ++ case 200: ++ fault_reason = "OK"; ++ break; ++ case 400: ++ fault_reason = "Bad request"; ++ break; ++ case 401: ++ fault_reason = "Unauthorized"; ++ break; ++ case 403: ++ fault_reason = "Forbidden"; ++ break; ++ case 404: ++ fault_reason = "Not found"; ++ break; ++ case 500: ++ fault_reason = "Internal Error"; ++ break; ++ case 501: ++ fault_reason = "Not implemented"; ++ break; ++ case 415: ++ fault_reason = "Unsupported Media Type"; ++ break; ++ default: ++ fault_reason = ""; ++ } + } + debug("Response status=%d (%s)", status, fault_reason); + diff --git a/SOURCES/openwsmand.service b/SOURCES/openwsmand.service new file mode 100644 index 0000000..e10c75d --- /dev/null +++ b/SOURCES/openwsmand.service @@ -0,0 +1,12 @@ +[Unit] +Description=Openwsman WS-Management Service +After=syslog.target + +[Service] +Type=forking +ExecStart=/usr/sbin/openwsmand -S +ExecStartPre=/etc/openwsman/owsmantestcert.sh +PIDFile=/var/run/wsmand.pid + +[Install] +WantedBy=multi-user.target diff --git a/SOURCES/owsmantestcert.sh b/SOURCES/owsmantestcert.sh new file mode 100644 index 0000000..8918f41 --- /dev/null +++ b/SOURCES/owsmantestcert.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +if [ ! -f "/etc/openwsman/serverkey.pem" ]; then + if [ -f "/etc/ssl/servercerts/servercert.pem" \ + -a -f "/etc/ssl/servercerts/serverkey.pem" ]; then + echo "Using common server certificate /etc/ssl/servercerts/servercert.pem" + ln -s /etc/ssl/servercerts/server{cert,key}.pem /etc/openwsman + exit 0 + else + echo "FAILED: Starting openwsman server" + echo "There is no ssl server key available for openwsman server to use." + echo -e "Please generate one with the following script and start the openwsman service again:\n" + echo "##################################" + echo "/etc/openwsman/owsmangencert.sh" + echo "=================================" + + echo "NOTE: The script uses /dev/random device for generating some random bits while generating the server key." + echo " If this takes too long, you can replace the value of \"RANDFILE\" in /etc/openwsman/ssleay.cnf with /dev/urandom. Please understand the implications of replacing the RNADFILE." + exit 1 + fi +fi diff --git a/SPECS/openwsman.spec b/SPECS/openwsman.spec new file mode 100644 index 0000000..55b1b0b --- /dev/null +++ b/SPECS/openwsman.spec @@ -0,0 +1,592 @@ +# RubyGems's macros expect gem_name to exist. +%global gem_name %{name} + +Name: openwsman +Version: 2.6.5 +Release: 5%{?dist} +Summary: Open source Implementation of WS-Management + +License: BSD +URL: http://www.openwsman.org/ +Source0: https://github.com/Openwsman/openwsman/archive/v%{version}.tar.gz +# help2man generated manpage for openwsmand binary +Source1: openwsmand.8.gz +# service file for systemd +Source2: openwsmand.service +# script for testing presence of the certificates in ExecStartPre +Source3: owsmantestcert.sh +Patch1: openwsman-2.4.0-pamsetup.patch +Patch2: openwsman-2.4.12-ruby-binding-build.patch +Patch3: openwsman-2.6.2-openssl-1.1-fix.patch +Patch4: openwsman-2.6.5-http-status-line.patch +Patch5: openwsman-2.6.5-fix-set-cipher-list-retval-check.patch +Patch6: openwsman-2.6.5-CVE-2019-3816.patch +BuildRequires: swig +BuildRequires: libcurl-devel libxml2-devel pam-devel sblim-sfcc-devel +BuildRequires: python3 python3-devel ruby ruby-devel rubygems-devel perl-interpreter +BuildRequires: perl-devel perl-generators pkgconfig openssl-devel +BuildRequires: cmake +BuildRequires: systemd-units + +%description +Openwsman is a project intended to provide an open-source +implementation of the Web Services Management specification +(WS-Management) and to expose system management information on the +Linux operating system using the WS-Management protocol. WS-Management +is based on a suite of web services specifications and usage +requirements that exposes a set of operations focused on and covers +all system management aspects. + +%package -n libwsman1 +License: BSD +Summary: Open source Implementation of WS-Management +Provides: %{name} = %{version}-%{release} +Obsoletes: %{name} < %{version}-%{release} + +%description -n libwsman1 +Openwsman library for packages dependent on openwsman. + +%package -n libwsman-devel +License: BSD +Summary: Open source Implementation of WS-Management +Provides: %{name}-devel = %{version}-%{release} +Obsoletes: %{name}-devel < %{version}-%{release} +Requires: libwsman1 = %{version}-%{release} +Requires: %{name}-server = %{version}-%{release} +Requires: %{name}-client = %{version}-%{release} +Requires: sblim-sfcc-devel libxml2-devel pam-devel +Requires: libcurl-devel + +%description -n libwsman-devel +Development files for openwsman. + +%package client +License: BSD +Summary: Openwsman Client libraries + +%description client +Openwsman Client libraries. + +%package server +License: BSD +Summary: Openwsman Server and service libraries +Requires: libwsman1 = %{version}-%{release} + +%description server +Openwsman Server and service libraries. + +%package python3 +License: BSD +Summary: Python bindings for openwsman client API +Requires: %{__python3} +Requires: libwsman1 = %{version}-%{release} +%{?python_provide:%python_provide python3-openwsman} + +%description python3 +This package provides Python3 bindings to access the openwsman client API. + +%package -n rubygem-%{gem_name} +License: BSD +Summary: Ruby client bindings for Openwsman +Obsoletes: %{name}-ruby < %{version}-%{release} + +%description -n rubygem-%{gem_name} +The openwsman gem provides a Ruby API to manage systems using +the WS-Management protocol. + +%package -n rubygem-%{gem_name}-doc +Summary: Documentation for %{name} +Requires: rubygem-%{gem_name} = %{version}-%{release} +BuildArch: noarch + +%description -n rubygem-%{gem_name}-doc +Documentation for rubygem-%{gem_name} + +%package perl +License: BSD +Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) +Summary: Perl bindings for openwsman client API +Requires: libwsman1 = %{version}-%{release} + +%description perl +This package provides Perl bindings to access the openwsman client API. + +%package winrs +Summary: Windows Remote Shell +Requires: rubygem-%{gem_name} = %{version}-%{release} + +%description winrs +This is a command line tool for the Windows Remote Shell protocol. +You can use it to send shell commands to a remote Windows hosts. + +%prep +%setup -q + +%patch1 -p1 -b .pamsetup +%patch2 -p1 -b .ruby-binding-build +%patch3 -p1 -b .openssl-1.1-fix +%patch4 -p1 -b .http-status-line +%patch5 -p1 -b .fix-set-cipher-list-retval-check +%patch6 -p1 -b .CVE-2019-3816 + +%build +# Removing executable permissions on .c and .h files to fix rpmlint warnings. +chmod -x src/cpp/WsmanClient.h + +rm -rf build +mkdir build + +export RPM_OPT_FLAGS="$RPM_OPT_FLAGS -DFEDORA -DNO_SSL_CALLBACK" +export CFLAGS="-D_GNU_SOURCE -fPIE -DPIE" +export LDFLAGS="$LDFLAGS -Wl,-z,now -pie" +cd build +cmake \ + -DCMAKE_INSTALL_PREFIX=/usr \ + -DCMAKE_VERBOSE_MAKEFILE=TRUE \ + -DCMAKE_BUILD_TYPE=Release \ + -DCMAKE_C_FLAGS_RELEASE:STRING="$RPM_OPT_FLAGS -fno-strict-aliasing" \ + -DCMAKE_CXX_FLAGS_RELEASE:STRING="$RPM_OPT_FLAGS" \ + -DCMAKE_SKIP_RPATH=1 \ + -DPACKAGE_ARCHITECTURE=`uname -m` \ + -DLIB=%{_lib} \ + -DBUILD_JAVA=no \ + .. + +make + +# Make the freshly build openwsman libraries available to build the gem's +# binary extension. +export LIBRARY_PATH=%{_builddir}/%{name}-%{version}/build/src/lib +export CPATH=%{_builddir}/%{name}-%{version}/include/ +export LD_LIBRARY_PATH=%{_builddir}/%{name}-%{version}/build/src/lib/ + +%gem_install -n ./bindings/ruby/%{name}-%{version}.gem + +%install +cd build + +# Do not install the ruby extension, we are proviging the rubygem- instead. +echo -n > bindings/ruby/cmake_install.cmake + +make DESTDIR=%{buildroot} install +cd .. +rm -f %{buildroot}/%{_libdir}/*.la +rm -f %{buildroot}/%{_libdir}/openwsman/plugins/*.la +rm -f %{buildroot}/%{_libdir}/openwsman/authenticators/*.la +[ -d %{buildroot}/%{ruby_vendorlibdir} ] && rm -f %{buildroot}/%{ruby_vendorlibdir}/openwsmanplugin.rb +[ -d %{buildroot}/%{ruby_vendorlibdir} ] && rm -f %{buildroot}/%{ruby_vendorlibdir}/openwsman.rb +mkdir -p %{buildroot}%{_sysconfdir}/init.d +install -m 644 etc/openwsman.conf %{buildroot}/%{_sysconfdir}/openwsman +install -m 644 etc/openwsman_client.conf %{buildroot}/%{_sysconfdir}/openwsman +mkdir -p %{buildroot}/%{_unitdir} +install -p -m 644 %{SOURCE2} %{buildroot}/%{_unitdir}/openwsmand.service +install -m 644 etc/ssleay.cnf %{buildroot}/%{_sysconfdir}/openwsman +install -p -m 755 %{SOURCE3} %{buildroot}/%{_sysconfdir}/openwsman +# install manpage +mkdir -p %{buildroot}/%{_mandir}/man8/ +cp %SOURCE1 %{buildroot}/%{_mandir}/man8/ +# install missing headers +install -m 644 include/wsman-xml.h %{buildroot}/%{_includedir}/openwsman +install -m 644 include/wsman-xml-binding.h %{buildroot}/%{_includedir}/openwsman +install -m 644 include/wsman-dispatcher.h %{buildroot}/%{_includedir}/openwsman + +mkdir -p %{buildroot}%{gem_dir} +cp -pa ./build%{gem_dir}/* \ + %{buildroot}%{gem_dir}/ + +rm -rf %{buildroot}%{gem_instdir}/ext + +mkdir -p %{buildroot}%{gem_extdir_mri} +cp -a ./build%{gem_extdir_mri}/{gem.build_complete,*.so} %{buildroot}%{gem_extdir_mri}/ + +%post -n libwsman1 -p /sbin/ldconfig + +%postun -n libwsman1 -p /sbin/ldconfig + +%post server +/sbin/ldconfig +%systemd_post openwsmand.service + +%preun server +%systemd_preun openwsmand.service + +%postun server +rm -f /var/log/wsmand.log +%systemd_postun_with_restart openwsmand.service +/sbin/ldconfig + +%post client -p /sbin/ldconfig + +%postun client -p /sbin/ldconfig + +%files -n libwsman1 +%doc AUTHORS COPYING ChangeLog README.md TODO +%{_libdir}/libwsman.so.* +%{_libdir}/libwsman_client.so.* +%{_libdir}/libwsman_curl_client_transport.so.* + +%files -n libwsman-devel +%doc AUTHORS COPYING ChangeLog README.md +%{_includedir}/* +%{_libdir}/pkgconfig/* +%{_libdir}/*.so + +%files python3 +%doc AUTHORS COPYING ChangeLog README.md +%{python3_sitearch}/*.so +%{python3_sitearch}/*.py +%{python3_sitearch}/__pycache__/* + +%files -n rubygem-%{gem_name} +%doc AUTHORS COPYING ChangeLog README.md +%dir %{gem_instdir} +%{gem_libdir} +%{gem_extdir_mri} +%exclude %{gem_cache} +%{gem_spec} + +%files -n rubygem-%{gem_name}-doc +%doc %{gem_docdir} + +%files perl +%doc AUTHORS COPYING ChangeLog README.md +%{perl_vendorarch}/openwsman.so +%{perl_vendorlib}/openwsman.pm + +%files server +%doc AUTHORS COPYING ChangeLog README.md +# Don't remove *.so files from the server package. +# the server fails to start without these files. +%dir %{_sysconfdir}/openwsman +%config(noreplace) %{_sysconfdir}/openwsman/openwsman.conf +%config(noreplace) %{_sysconfdir}/openwsman/ssleay.cnf +%attr(0755,root,root) %{_sysconfdir}/openwsman/owsmangencert.sh +%attr(0755,root,root) %{_sysconfdir}/openwsman/owsmantestcert.sh +%config(noreplace) %{_sysconfdir}/pam.d/openwsman +%{_unitdir}/openwsmand.service +%dir %{_libdir}/openwsman +%dir %{_libdir}/openwsman/authenticators +%{_libdir}/openwsman/authenticators/*.so +%{_libdir}/openwsman/authenticators/*.so.* +%dir %{_libdir}/openwsman/plugins +%{_libdir}/openwsman/plugins/*.so +%{_libdir}/openwsman/plugins/*.so.* +%{_sbindir}/openwsmand +%{_libdir}/libwsman_server.so.* +%{_mandir}/man8/* + +%files client +%doc AUTHORS COPYING ChangeLog README.md +%{_libdir}/libwsman_clientpp.so.* +%config(noreplace) %{_sysconfdir}/openwsman/openwsman_client.conf + +%files winrs +%{_bindir}/winrs + +%changelog +* Mon Apr 01 2019 Vitezslav Crhonek - 2.6.5-5 +- Fix CVE-2019-3816 + Resolves: #1693972 +- Remove Dist Tag from the oldest changelog entry + +* Thu Sep 20 2018 Tomas Orsava - 2.6.5-4 +- Require the Python interpreter directly instead of using the package name +- Related: rhbz#1619153 + +* Wed Feb 21 2018 Vitezslav Crhonek - 2.6.5-3 +- Fix wrong SSL_CTX_set_cipher_list() retval check +- Explicitly disable build of java bindings (build fails if java-devel is installed) + +* Thu Feb 08 2018 Fedora Release Engineering - 2.6.5-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Tue Jan 23 2018 Vitezslav Crhonek - 2.6.5-1 +- Update to openwsman-2.6.5 +- Simplify python binding build and drop python2 subpackage +- Fix malformed HTTP 200 status line + +* Sat Jan 20 2018 Björn Esser - 2.6.3-11.git4391e5c +- Rebuilt for switch to libxcrypt + +* Sat Jan 6 2018 Mamoru TASAKA - 2.6.3-10.git4391e5c +- F-28: rebuild for ruby 2.5 +- Backport git patches to support ruby 2.5 + +* Wed Oct 04 2017 Vitezslav Crhonek - 2.6.3-9.git +- Remove unnecessary net-tools requirement + Resolves: #1496142 + +* Tue Sep 12 2017 Vitezslav Crhonek - 2.6.3-8.git4391e5c +- Spec file clean up (removed RPM Groups tags, removed obsolete chkconfig/initscripts + dependencies, improved readability, fixed indentation) +- Updated openssl-1.1 patch to support builds with older openssl versions + +* Sun Aug 20 2017 Zbigniew Jędrzejewski-Szmek - 2.6.3-7.git4391e5c +- Add Provides for the old name without %%_isa + +* Sat Aug 19 2017 Zbigniew Jędrzejewski-Szmek - 2.6.3-6.git4391e5c +- Python 2 binary package renamed to python2-openwsman + See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3 + +* Thu Aug 03 2017 Fedora Release Engineering - 2.6.3-5.git4391e5c +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Thu Jul 27 2017 Fedora Release Engineering - 2.6.3-4.git4391e5c +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Sun Jun 04 2017 Jitka Plesnikova - 2.6.3-3.git4391e5c +- Perl 5.26 rebuild + +* Sat Feb 11 2017 Fedora Release Engineering - 2.6.3-2.git4391e5c +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Tue Jan 17 2017 Vitezslav Crhonek - 2.6.3-1.git4391e5c +- Update to openwsman-2.6.3 from upstream VCS + (because it contains shttpd 1.42) + +* Thu Jan 12 2017 Vít Ondruch - 2.6.2-11 +- Rebuilt for https://fedoraproject.org/wiki/Changes/Ruby_2.4 + +* Mon Jan 09 2017 Vitezslav Crhonek - 2.6.2-10 +- Disable SSL protocols listed in config file + +* Tue Jan 03 2017 Vitezslav Crhonek - 2.6.2-9 +- Port to openssl 1.1.0 + Resolves: #1383992 + +* Mon Dec 19 2016 Miro Hrončok - 2.6.2-8 +- Rebuild for Python 3.6 + +* Thu Aug 11 2016 Vitezslav Crhonek - 2.6.2-7 +- Add openwsman-python3 subpackage + Resolves: #1354481 + +* Tue Jul 19 2016 Fedora Release Engineering - 2.6.2-6 +- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages + +* Sun May 15 2016 Jitka Plesnikova - 2.6.2-5 +- Perl 5.24 rebuild + +* Tue Mar 22 2016 Vitezslav Crhonek - 2.6.2-4 +- Remove SSL_LIB acquired by readlink from CFLAGS + +* Thu Feb 04 2016 Fedora Release Engineering - 2.6.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Tue Jan 12 2016 Vít Ondruch - 2.6.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Changes/Ruby_2.3 + +* Thu Nov 05 2015 Vitezslav Crhonek - 2.6.2-1 +- Update to openwsman-2.6.2 + +* Mon Aug 31 2015 Vitezslav Crhonek - 2.6.1-1 +- Update to openwsman-2.6.1 +- Review PAM rules + (pam_pwcheck is replaced by pam_pwquality, pam_unix has no 'none' option) + +* Tue Jun 16 2015 Vitezslav Crhonek - 2.6.0-1 +- Update to openwsman-2.6.0 + +* Wed Jun 03 2015 Jitka Plesnikova - 2.4.15-2 +- Perl 5.22 rebuild + +* Thu May 21 2015 Vitezslav Crhonek - 2.4.15-1 +- Update to openwsman-2.4.15 + +* Sat May 02 2015 Kalev Lember - 2.4.14-2 +- Rebuilt for GCC 5 C++11 ABI change + +* Thu Feb 26 2015 Vitezslav Crhonek - 2.4.14-1 +- Update to openwsman-2.4.14 + +* Mon Feb 09 2015 Vitezslav Crhonek - 2.4.12-1 +- Update to openwsman-2.4.12 + +* Sat Jan 17 2015 Mamoru TASAKA - 2.4.6-5 +- Rebuild for https://fedoraproject.org/wiki/Changes/Ruby_2.2 + +* Tue Aug 26 2014 Jitka Plesnikova - 2.4.6-4 +- Perl 5.20 rebuild + +* Sun Aug 17 2014 Fedora Release Engineering - 2.4.6-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sat Jun 07 2014 Fedora Release Engineering - 2.4.6-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Tue May 20 2014 Vitezslav Crhonek - 2.4.6-1 +- Update to openwsman-2.4.6 + +* Fri Apr 25 2014 Vít Ondruch - 2.4.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Changes/Ruby_2.1 + +* Tue Mar 11 2014 Vitezslav Crhonek - 2.4.4-1 +- Update to openwsman-2.4.4 +- Provide rubygem-openwsman instead of openwsman-ruby (patch by Vit Ondruch) + +* Wed Feb 05 2014 Vitezslav Crhonek - 2.4.3-2 +- Update openwsmand man page + +* Thu Jan 23 2014 Vitezslav Crhonek - 2.4.3-1 +- Update to openwsman-2.4.3 + +* Tue Jan 07 2014 Vitezslav Crhonek - 2.4.0-3 +- Start the service using SSL by default + +* Mon Sep 30 2013 Vitezslav Crhonek - 2.4.0-2 +- Build with full relro +- Fix provides/requires +- Fix pam.d config (patch by Ales Ledvinka) + Resolves: #1013018 + +* Tue Sep 17 2013 Vitezslav Crhonek - 2.4.0-1 +- Update to openwsman-2.4.0 +- Fix bogus date in %%changelog + +* Sat Aug 03 2013 Fedora Release Engineering - 2.3.6-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Wed Jul 17 2013 Petr Pisar - 2.3.6-7 +- Perl 5.18 rebuild + +* Tue Mar 19 2013 Vít Ondruch - 2.3.6-6 +- Rebuild for https://fedoraproject.org/wiki/Features/Ruby_2.0.0 + +* Mon Mar 18 2013 Praveen K Paladugu - 2.3.6-4 +- Updated the dependency for ruby bindings and introduced the java bindings. + +* Wed Mar 13 2013 Peter Robinson 2.3.6-3 +- rebuild for ruby 2 + +* Thu Feb 14 2013 Fedora Release Engineering - 2.3.6-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Thu Nov 08 2012 Vitezslav Crhonek - 2.3.6-1 +- Update to openwsman-2.3.6 + +* Mon Sep 17 2012 Vitezslav Crhonek - 2.3.5-1 +- Update to openwsman-2.3.5 +- Enable ruby subpackage again + +* Tue Aug 28 2012 Vitezslav Crhonek - 2.3.0-7 +- Fix issues found by fedora-review utility in the spec file + +* Thu Aug 23 2012 Vitezslav Crhonek - 2.3.0-6 +- Use new systemd-rpm macros + Resolves: #850405 + +* Fri Jul 20 2012 Fedora Release Engineering - 2.3.0-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Sun Jun 10 2012 Petr Pisar - 2.3.0-4 +- Perl 5.16 rebuild + +* Mon May 28 2012 Vitezslav Crhonek - 2.3.0-3 +- Rename service file + +* Wed May 23 2012 Vitezslav Crhonek - 2.3.0-2 +- Add systemd support + +* Tue Mar 27 2012 Vitezslav Crhonek - 2.3.0-1 +- Update to openwsman-2.3.0 + +* Thu Feb 09 2012 Vitezslav Crhonek - 2.2.7-4 +- Fix libssl loading + +* Thu Feb 09 2012 Vitezslav Crhonek - 2.2.7-3 +- Temporarily disable ruby subpackage + +* Thu Jan 26 2012 Vitezslav Crhonek - 2.2.7-2 +- Remove unnecessary net-tools requirement + Resolves: #784787 + +* Wed Jan 11 2012 Vitezslav Crhonek - 2.2.7-1 +- Update to openwsman-2.2.7 + +* Mon Jun 20 2011 Marcela Mašláňová - 2.2.5-3 +- Perl mass rebuild + +* Fri Jun 10 2011 Marcela Mašláňová - 2.2.5-2 +- Perl 5.14 mass rebuild + +* Wed Mar 23 2011 Vitezslav Crhonek - 2.2.5-1 +- Update to openwsman-2.2.5 + +* Tue Feb 08 2011 Fedora Release Engineering - 2.2.4-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Thu Dec 9 2010 Vitezslav Crhonek - 2.2.4-2 +- Recompile with -DNO_SSL_CALLBACK + +* Tue Nov 16 2010 Vitezslav Crhonek - 2.2.4-1 +- Update to openwsman-2.2.4 +- Add help2man generated manpage for openwsmand binary +- Add missing openwsman headers to libwsman-devel +- Add configuration file to openwsman-client + +* Wed Sep 29 2010 jkeating - 2.2.3-9 +- Rebuilt for gcc bug 634757 + +* Mon Sep 13 2010 Vitezslav Crhonek - 2.2.3-8 +- Move initscript to the right place +- Fix return values from initscript according to guidelines + +* Tue Aug 10 2010 Praveen K Paladugu - 2.2.3-7 +- Moved the certificate generation from init script. The user will have to +- generate the certificate manually. + +* Mon Aug 2 2010 Praveen K Paladugu - 2.2.3-6 +- Fixed the version checking of swig and forced all the ruby files to be +- installed into site{lib,arch} dirs + +* Wed Jul 21 2010 David Malcolm - 2.2.3-5 +- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild + +* Tue Jun 01 2010 Marcela Maslanova - 2.2.3-4 +- Mass rebuild with perl-5.12.0 + +* Thu Apr 22 2010 Praveen K Paladugu - 2.2.3-3 +- authors.patch: Moved all the AUTHORS info to AUTHORS file. +- Corrected the Source tag. +- Corrected the package dependencies to break cyclic dependencies. +- Fixed the default attributes. +- Fixed the preun & postun scripts, to make sure the openwsmand service +- is stopped before the package is removed. +- Added 'condrestart' function to the init script. +- Had to let the *.so files be part of the openwsman-server becuase +- some of the source files explicitly call out for *.so files. + + +* Thu Apr 15 2010 Praveen K Paladugu - 2.2.3-2 +- Updated the spec file to adhere to the upstream standard of breaking +- the package in server, client, lib modules +- randfile.patch: when openwsmand daemon creates a certificate the +- first time it needs a file which have random content it. This +- is pointed to $HOME/.rnd in /etc/openwsman/ssleay.cnf. Changed this +- random file to /dev/urandom. +- initscript.patch: patch to edit the init script so that the services +- are not started by default. + + +* Wed Mar 3 2010 Vitezslav Crhonek - 2.2.3-1 +- Update to openwsman-2.2.3 + + +* Wed Sep 23 2009 Praveen K Paladugu - 2.2.0-1 +- Added the new 2.2.0 sources. +- Changed the release and version numbers. + +* Fri Aug 21 2009 Tomas Mraz - 2.1.0-4 +- rebuilt with new openssl + +* Sat Jul 25 2009 Fedora Release Engineering - 2.1.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Thu Feb 26 2009 Fedora Release Engineering - 2.1.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Mon Sep 22 2008 Matt Domsch - 2.1.0-1 +- update to 2.1.0, resolves security issues + +* Tue Aug 19 2008 - 2.0.0-1 +- Modified the spec file to adhere to fedora packaging guidelines.