Update to openwsman-2.7.0

2021-03-09 11:29:15 +01:00 · 2021-03-09 11:29:15 +01:00 · ed11717978
commit ed11717978
parent 2893dc0506
8 changed files with 40 additions and 234 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,2 @@
 /openwsmand.8.gz
-/v2.6.8.tar.gz
+/v2.7.0.tar.gz
--- a/openwsman-2.4.12-ruby-binding-build.patch
+++ b/openwsman-2.4.12-ruby-binding-build.patch
@ -6,7 +6,7 @@ diff -up openwsman-2.4.12/bindings/ruby/extconf.rb.orig openwsman-2.4.12/binding
 
 major, minor, path = RUBY_VERSION.split(".")
 -raise "SWIG failed to run" unless system("#{swig} -ruby -autorename -DRUBY_VERSION=#{major}#{minor} -I. -I/usr/include/openwsman -o openwsman_wrap.c openwsman.i")
-+raise "SWIG failed to run" unless system("#{swig} -ruby -autorename -DRUBY_VERSION=#{major}#{minor} -I. -I/usr/include/openwsman -I/builddir/build/BUILD/openwsman-2.6.8/include/ -o openwsman_wrap.c openwsman.i")
+raise "SWIG failed to run" unless system("#{swig} -ruby -autorename -DRUBY_VERSION=#{major}#{minor} -I. -I/usr/include/openwsman -I/builddir/build/BUILD/openwsman-2.7.0/include/ -o openwsman_wrap.c openwsman.i")
 
 $CPPFLAGS = "-I/usr/include/openwsman -I.."
 
--- a/openwsman-2.6.2-openssl-1.1-fix.patch
+++ b/openwsman-2.6.2-openssl-1.1-fix.patch
@ -1,6 +1,6 @@
-diff -up openwsman-2.6.8/src/server/shttpd/compat_unix.h.orig openwsman-2.6.8/src/server/shttpd/compat_unix.h
--- openwsman-2.6.8/src/server/shttpd/compat_unix.h.orig	2018-10-12 12:06:26.000000000 +0200
-+++ openwsman-2.6.8/src/server/shttpd/compat_unix.h	2018-11-22 13:30:10.756423510 +0100
+diff -up openwsman-2.7.0/src/server/shttpd/compat_unix.h.orig openwsman-2.7.0/src/server/shttpd/compat_unix.h
+--- openwsman-2.7.0/src/server/shttpd/compat_unix.h.orig	2020-05-25 15:16:28.000000000 +0200
+++ openwsman-2.7.0/src/server/shttpd/compat_unix.h	2021-03-09 09:15:26.750942006 +0100
@@ -27,10 +27,6 @@
 	pthread_create(&tid, NULL, (void *(*)(void *))a, c); } while (0)
 #endif /* !NO_THREADS */
@ -12,10 +12,10 @@ diff -up openwsman-2.6.8/src/server/shttpd/compat_unix.h.orig openwsman-2.6.8/sr
 #define	DIRSEP				'/'
 #define	IS_DIRSEP_CHAR(c)		((c) == '/')
 #define	O_BINARY			0
-diff -up openwsman-2.6.8/src/server/shttpd/io_ssl.c.orig openwsman-2.6.8/src/server/shttpd/io_ssl.c
--- openwsman-2.6.8/src/server/shttpd/io_ssl.c.orig	2018-10-12 12:06:26.000000000 +0200
-+++ openwsman-2.6.8/src/server/shttpd/io_ssl.c	2018-11-22 13:30:10.757423510 +0100
-@@ -11,23 +11,6 @@
+diff -up openwsman-2.7.0/src/server/shttpd/io_ssl.c.orig openwsman-2.7.0/src/server/shttpd/io_ssl.c
+--- openwsman-2.7.0/src/server/shttpd/io_ssl.c.orig	2020-05-25 15:16:28.000000000 +0200
+++ openwsman-2.7.0/src/server/shttpd/io_ssl.c	2021-03-09 09:15:26.750942006 +0100
+@@ -11,28 +11,6 @@
 #include "defs.h"
 
 #if !defined(NO_SSL)
@ -29,8 +29,13 @@ diff -up openwsman-2.6.8/src/server/shttpd/io_ssl.c.orig openwsman-2.6.8/src/ser
 -	{"SSL_set_fd",			{0}},
 -	{"SSL_new",			{0}},
 -	{"SSL_CTX_new",			{0}},
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
 -	{"SSLv23_server_method",	{0}},
 -	{"SSL_library_init",		{0}},
+-#else
+-	{"TLS_server_method",	{0}},
+-	{"OPENSSL_init_ssl",		{0}},
+-#endif
 -	{"SSL_CTX_use_PrivateKey_file",	{0}},
 -	{"SSL_CTX_use_certificate_file",{0}},
 -	{NULL,				{0}}
@ -39,10 +44,10 @@ diff -up openwsman-2.6.8/src/server/shttpd/io_ssl.c.orig openwsman-2.6.8/src/ser
 void
 _shttpd_ssl_handshake(struct stream *stream)
 {
-diff -up openwsman-2.6.8/src/server/shttpd/shttpd.c.orig openwsman-2.6.8/src/server/shttpd/shttpd.c
--- openwsman-2.6.8/src/server/shttpd/shttpd.c.orig	2018-10-12 12:06:26.000000000 +0200
-+++ openwsman-2.6.8/src/server/shttpd/shttpd.c	2018-11-22 13:30:41.314416695 +0100
-@@ -1476,20 +1476,14 @@ set_ssl(struct shttpd_ctx *ctx, const ch
+diff -up openwsman-2.7.0/src/server/shttpd/shttpd.c.orig openwsman-2.7.0/src/server/shttpd/shttpd.c
+--- openwsman-2.7.0/src/server/shttpd/shttpd.c.orig	2020-05-25 15:16:28.000000000 +0200
+++ openwsman-2.7.0/src/server/shttpd/shttpd.c	2021-03-09 09:16:58.843241510 +0100
+@@ -1489,25 +1489,13 @@ set_ssl(struct shttpd_ctx *ctx, const ch
 	int		retval = FALSE;
 	EC_KEY*		key;
 
@ -59,20 +64,20 @@ diff -up openwsman-2.6.8/src/server/shttpd/shttpd.c.orig openwsman-2.6.8/src/ser
 -		}
 -
 	/* Initialize SSL crap */
-+	debug("Initialize SSL");
-+	SSL_load_error_strings();
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+	OPENSSL_init_ssl(0, NULL);
-+#else
- 	SSL_library_init();
-+#endif
 
+ #if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 	SSL_library_init();
 	if ((CTX = SSL_CTX_new(SSLv23_server_method())) == NULL)
+ #else
+-        OPENSSL_init_ssl();
+        OPENSSL_init_ssl(0, NULL);
+ 	if ((CTX = SSL_CTX_new(TLS_server_method())) == NULL)
+ #endif
 		_shttpd_elog(E_LOG, NULL, "SSL_CTX_new error");
-diff -up openwsman-2.6.8/src/server/shttpd/ssl.h.orig openwsman-2.6.8/src/server/shttpd/ssl.h
--- openwsman-2.6.8/src/server/shttpd/ssl.h.orig	2018-10-12 12:06:26.000000000 +0200
-+++ openwsman-2.6.8/src/server/shttpd/ssl.h	2018-11-22 13:30:10.757423510 +0100
-@@ -12,52 +12,4 @@
+diff -up openwsman-2.7.0/src/server/shttpd/ssl.h.orig openwsman-2.7.0/src/server/shttpd/ssl.h
+--- openwsman-2.7.0/src/server/shttpd/ssl.h.orig	2020-05-25 15:16:28.000000000 +0200
+++ openwsman-2.7.0/src/server/shttpd/ssl.h	2021-03-09 09:15:26.750942006 +0100
+@@ -12,55 +12,4 @@
 
 #include <openssl/ssl.h>
 
@ -120,6 +125,9 @@ diff -up openwsman-2.6.8/src/server/shttpd/ssl.h.orig openwsman-2.6.8/src/server
 -#if OPENSSL_VERSION_NUMBER < 0x10100000L
 -#define	SSLv23_server_method()	(* (SSL_METHOD * (*)(void)) FUNC(9))()
 -#define	SSL_library_init() (* (int (*)(void)) FUNC(10))()
+-#else
+-#define	TLS_server_method()	(* (SSL_METHOD * (*)(void)) FUNC(9))()
+-#define	OPENSSL_init_ssl() (* (int (*)(void)) FUNC(10))()
 #endif
 -#define	SSL_CTX_use_PrivateKey_file(x,y,z)	(* (int (*)(SSL_CTX *, \
 -		const char *, int)) FUNC(11))((x), (y), (z))
--- a/openwsman-2.6.5-libcurl-error-codes-update.patch
+++ b/openwsman-2.6.5-libcurl-error-codes-update.patch
@ -1,27 +0,0 @@
-diff -up openwsman-2.6.5/src/lib/wsman-curl-client-transport.c.orig openwsman-2.6.5/src/lib/wsman-curl-client-transport.c
--- openwsman-2.6.5/src/lib/wsman-curl-client-transport.c.orig	2018-11-14 13:53:27.442138557 +0100
-+++ openwsman-2.6.5/src/lib/wsman-curl-client-transport.c	2018-11-14 14:11:28.508714204 +0100
-@@ -186,16 +186,23 @@ convert_to_last_error(CURLcode r)
- 		return WS_LASTERR_SSL_CONNECT_ERROR;
-         case CURLE_BAD_FUNCTION_ARGUMENT:
-                 return WS_LASTERR_CURL_BAD_FUNCTION_ARG;
-+#if LIBCURL_VERSION_NUM < 0x073E00
- 	case CURLE_SSL_PEER_CERTIFICATE:
- 		return WS_LASTERR_SSL_PEER_CERTIFICATE;
-+#endif
- 	case CURLE_SSL_ENGINE_NOTFOUND:
- 		return WS_LASTERR_SSL_ENGINE_NOTFOUND;
- 	case CURLE_SSL_ENGINE_SETFAILED:
- 		return WS_LASTERR_SSL_ENGINE_SETFAILED;
- 	case CURLE_SSL_CERTPROBLEM:
- 		return WS_LASTERR_SSL_CERTPROBLEM;
-+#if LIBCURL_VERSION_NUM < 0x073E00
- 	case CURLE_SSL_CACERT:
- 		return WS_LASTERR_SSL_CACERT;
-+#else
-+	case CURLE_PEER_FAILED_VERIFICATION:
-+		return WS_LASTERR_SSL_PEER_CERTIFICATE;
-+#endif
- #if LIBCURL_VERSION_NUM > 0x70C01
- 	case CURLE_SSL_ENGINE_INITFAILED:
- 		return WS_LASTERR_SSL_ENGINE_INITFAILED;
--- a/openwsman-2.6.8-CVE-2019-3816.patch
+++ b/openwsman-2.6.8-CVE-2019-3816.patch
@ -1,79 +0,0 @@
-diff -up openwsman-2.6.8/src/server/shttpd/shttpd.c.orig openwsman-2.6.8/src/server/shttpd/shttpd.c
--- openwsman-2.6.8/src/server/shttpd/shttpd.c.orig	2019-03-13 08:52:06.112090942 +0100
-+++ openwsman-2.6.8/src/server/shttpd/shttpd.c	2019-03-13 09:01:15.496156789 +0100
-@@ -336,10 +336,12 @@ date_to_epoch(const char *s)
- }
- 
- static void
-remove_double_dots(char *s)
-+remove_all_leading_dots(char *s)
- {
- 	char	*p = s;
- 
-+	while (*s != '\0' && *s == '.') s++;
-+
- 	while (*s != '\0') {
- 		*p++ = *s++;
- 		if (s[-1] == '/' || s[-1] == '\\')
-@@ -546,7 +548,7 @@ decide_what_to_do(struct conn *c)
- 		*c->query++ = '\0';
- 
- 	_shttpd_url_decode(c->uri, strlen(c->uri), c->uri, strlen(c->uri) + 1);
-	remove_double_dots(c->uri);
-+	remove_all_leading_dots(c->uri);
- 
- 	root = c->ctx->options[OPT_ROOT];
- 	if (strlen(c->uri) + strlen(root) >= sizeof(path)) {
-@@ -556,6 +558,7 @@ decide_what_to_do(struct conn *c)
- 
- 	(void) _shttpd_snprintf(path, sizeof(path), "%s%s", root, c->uri);
- 
-+	DBG(("decide_what_to_do -> processed path: [%s]", path));
- 	/* User may use the aliases - check URI for mount point */
- 	if (is_alias(c->ctx, c->uri, &alias_uri, &alias_path) != NULL) {
- 		(void) _shttpd_snprintf(path, sizeof(path), "%.*s%s",
-@@ -572,7 +575,10 @@ decide_what_to_do(struct conn *c)
- 	if ((ruri = _shttpd_is_registered_uri(c->ctx, c->uri)) != NULL) {
- 		_shttpd_setup_embedded_stream(c,
- 		    ruri->callback, ruri->callback_data);
-	} else
-+	} else {
-+		_shttpd_send_server_error(c, 403, "Forbidden");
-+	}
-+#if 0
- 	if (strstr(path, HTPASSWD)) {
- 		/* Do not allow to view passwords files */
- 		_shttpd_send_server_error(c, 403, "Forbidden");
-@@ -656,6 +662,7 @@ decide_what_to_do(struct conn *c)
- 	} else {
- 		_shttpd_send_server_error(c, 500, "Internal Error");
- 	}
-+#endif
- }
- 
- static int
-diff -up openwsman-2.6.8/src/server/wsmand.c.orig openwsman-2.6.8/src/server/wsmand.c
--- openwsman-2.6.8/src/server/wsmand.c.orig	2018-10-12 12:06:26.000000000 +0200
-+++ openwsman-2.6.8/src/server/wsmand.c	2019-03-13 09:03:25.919181279 +0100
-@@ -198,6 +198,10 @@ static void daemonize(void)
- 	int fd;
- 	char *pid;
- 
-+	/* Change our CWD to / */
-+	i = chdir("/");
-+	assert(i == 0);
-+
- 	if (wsmand_options_get_foreground_debug() > 0) {
- 		return;
- 	}
-@@ -214,10 +218,6 @@ static void daemonize(void)
- 	log_pid = 0;
- 	setsid();
- 
-	/* Change our CWD to / */
-	i=chdir("/");
-        assert(i == 0);
-
- 	/* Close all file descriptors. */
- 	for (i = getdtablesize(); i >= 0; --i)
- 		close(i);
--- a/openwsman-2.6.8-CVE-2019-3833.patch
+++ b/openwsman-2.6.8-CVE-2019-3833.patch
@ -1,94 +0,0 @@
-diff -up openwsman-2.6.8/src/server/shttpd/shttpd.c.orig openwsman-2.6.8/src/server/shttpd/shttpd.c
--- openwsman-2.6.8/src/server/shttpd/shttpd.c.orig	2019-03-13 09:32:32.417633057 +0100
-+++ openwsman-2.6.8/src/server/shttpd/shttpd.c	2019-03-13 09:58:04.482486589 +0100
-@@ -705,11 +705,11 @@ parse_http_request(struct conn *c)
- 		_shttpd_send_server_error(c, 500, "Cannot allocate request");
- 	}
- 
-+	io_inc_tail(&c->rem.io, req_len);
-+
- 	if (c->loc.flags & FLAG_CLOSED)
- 		return;
- 
-	io_inc_tail(&c->rem.io, req_len);
-
- 	DBG(("Conn %d: parsing request: [%.*s]", c->rem.chan.sock, req_len, s));
- 	c->rem.flags |= FLAG_HEADERS_PARSED;
- 
-@@ -975,7 +975,7 @@ write_stream(struct stream *from, struct
- }
- 
- 
-static void
-+static int
- connection_desctructor(struct llhead *lp)
- {
- 	struct conn		*c = LL_ENTRY(lp, struct conn, link);
-@@ -999,7 +999,8 @@ connection_desctructor(struct llhead *lp
- 	 * Check the "Connection: " header before we free c->request
- 	 * If it its 'keep-alive', then do not close the connection
- 	 */
-	do_close = (c->ch.connection.v_vec.len >= vec.len &&
-+	do_close = c->rem.flags & FLAG_CLOSED ||
-+	    (c->ch.connection.v_vec.len >= vec.len &&
- 	    !_shttpd_strncasecmp(vec.ptr,c->ch.connection.v_vec.ptr,vec.len)) ||
- 	    (c->major_version < 1 ||
- 	    (c->major_version >= 1 && c->minor_version < 1));
-@@ -1021,7 +1022,7 @@ connection_desctructor(struct llhead *lp
- 		io_clear(&c->loc.io);
- 		c->birth_time = _shttpd_current_time;
- 		if (io_data_len(&c->rem.io) > 0)
-			process_connection(c, 0, 0);
-+			return 1;
- 	} else {
- 		if (c->rem.io_class != NULL)
- 			c->rem.io_class->close(&c->rem);
-@@ -1032,6 +1033,8 @@ connection_desctructor(struct llhead *lp
- 
- 		free(c);
- 	}
-+
-+	return 0;
- }
- 
- static void
-@@ -1039,7 +1042,7 @@ worker_destructor(struct llhead *lp)
- {
- 	struct worker	*worker = LL_ENTRY(lp, struct worker, link);
- 
-	free_list(&worker->connections, connection_desctructor);
-+	free_list(&worker->connections, (void (*)(struct llhead *))connection_desctructor);
- 	free(worker);
- }
- 
-@@ -1072,6 +1075,8 @@ add_to_set(int fd, fd_set *set, int *max
- static void
- process_connection(struct conn *c, int remote_ready, int local_ready)
- {
-+again:
-+
- 	/* Read from remote end if it is ready */
- 	if (remote_ready && io_space_len(&c->rem.io))
- 		read_stream(&c->rem);
-@@ -1100,7 +1105,11 @@ process_connection(struct conn *c, int r
- 	if ((_shttpd_current_time > c->expire_time) ||
- 	    (c->rem.flags & FLAG_CLOSED) ||
- 	    ((c->loc.flags & FLAG_CLOSED) && !io_data_len(&c->loc.io)))
-		connection_desctructor(&c->link);
-+		if (connection_desctructor(&c->link)) {
-+			remote_ready = 0;
-+			local_ready = 0;
-+			goto again;
-+		}
- }
- 
- static int
-@@ -1642,7 +1651,7 @@ worker_function(void *param)
- 	while (worker->exit_flag == 0)
- 		poll_worker(worker, 1000 * 10);
- 
-	free_list(&worker->connections, connection_desctructor);
-+	free_list(&worker->connections, (void (*)(struct llhead *))connection_desctructor);
- 	free(worker);
- }
- 
--- a/openwsman.spec
+++ b/openwsman.spec
@ -2,8 +2,8 @@
 %global		gem_name %{name}

 Name:		openwsman
-Version:	2.6.8
-Release:	20%{?dist}
+Version:	2.7.0
+Release:	1%{?dist}
 Summary:	Open source Implementation of WS-Management

 License:	BSD
@ -19,10 +19,7 @@ Patch1:		openwsman-2.4.0-pamsetup.patch
 Patch2:		openwsman-2.4.12-ruby-binding-build.patch
 Patch3:		openwsman-2.6.2-openssl-1.1-fix.patch
 Patch4:		openwsman-2.6.5-http-status-line.patch
-Patch5:		openwsman-2.6.5-libcurl-error-codes-update.patch
-Patch6:		openwsman-2.6.8-CVE-2019-3816.patch
-Patch7:		openwsman-2.6.8-CVE-2019-3833.patch
-Patch8:		openwsman-2.6.8-update-ssleay-conf.patch
+Patch5:		openwsman-2.6.8-update-ssleay-conf.patch
 BuildRequires: make
 BuildRequires:	swig
 BuildRequires:	libcurl-devel libxml2-devel pam-devel sblim-sfcc-devel
@ -131,10 +128,7 @@ You can use it to send shell commands to a remote Windows hosts.
 %patch2 -p1 -b .ruby-binding-build
 %patch3 -p1 -b .openssl-1.1-fix
 %patch4 -p1 -b .http-status-line
-%patch5 -p1 -b .libcurl-error-codes-update
-%patch6 -p1 -b .CVE-2019-3816
-%patch7 -p1 -b .CVE-2019-3833
-%patch8 -p1 -b .update-ssleay-conf
+%patch5 -p1 -b .update-ssleay-conf

 %build
 # Removing executable permissions on .c and .h files to fix rpmlint warnings. 
@ -288,6 +282,9 @@ rm -f /var/log/wsmand.log
 %{_bindir}/winrs

 %changelog
+* Tue Mar 09 2021 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.7.0-1
+- Update to openwsman-2.7.0 (thanks for a patch to Bastian Germann)
+
 * Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 2.6.8-20
 - Rebuilt for updated systemd-rpm-macros
  See https://pagure.io/fesco/issue/2583.
--- a/1
+++ b/1
@ -1,2 +1,3 @@
 SHA512 (openwsmand.8.gz) = 751c40060781e8b5a847e09aee94833ed1e4fbe966f052e5023cb209361acc312078d0d75c0806bd9990da061d3048566418135d3670dd620c6b809e5d0e594c
 SHA512 (v2.6.8.tar.gz) = 49e8ac9267602e3bedc5cca78f270798cd16cfb6ddf2fc5f2feb8539bb3eba3bbce09931a18c96cd231c4beeffda5c3ae5bb9e8531662c49ca6fd9681538ea31
+SHA512 (v2.7.0.tar.gz) = e61792eafd09e3608c736091d2742049086adaf5fffcda9391e4712ed1dedf3a533546a6af61ea6ce49d4cf4fb3649cb168f20260c4e975797395d6e565c6c37