.fmf/version

@@ -0,0 +1 @@
+1

.gitignore

@@ -1,2 +1,2 @@
-SOURCES/openwsmand.8.gz
-SOURCES/v2.6.5.tar.gz
+/openwsmand.8.gz
+/v2.7.2.tar.gz

SOURCES/openwsman-2.4.0-pamsetup.patch

@@ -1,16 +0,0 @@
-diff -up openwsman-2.6.1/etc/pam/openwsman.pamsetup openwsman-2.6.1/etc/pam/openwsman
---- openwsman-2.6.1/etc/pam/openwsman.pamsetup	2015-08-27 15:46:46.000000000 +0200
-+++ openwsman-2.6.1/etc/pam/openwsman	2015-08-31 16:08:28.166913889 +0200
-@@ -1,7 +1,7 @@
- #%PAM-1.0
--auth       required	pam_unix2.so	nullok
-+auth       required	pam_unix.so		nullok
- auth       required	pam_nologin.so
--account    required	pam_unix2.so
--password   required	pam_pwcheck.so	nullok
--password   required	pam_unix2.so	nullok use_first_pass use_authtok
--session    required	pam_unix2.so	none
-+account    required	pam_unix.so
-+password   required	pam_pwquality.so
-+password   required	pam_unix.so		nullok use_first_pass use_authtok
-+session    required	pam_unix.so

SOURCES/openwsman-2.6.5-CVE-2019-3816.patch

@@ -1,79 +0,0 @@
-diff -up openwsman-2.6.5/src/server/shttpd/shttpd.c.orig openwsman-2.6.5/src/server/shttpd/shttpd.c
---- openwsman-2.6.5/src/server/shttpd/shttpd.c.orig	2019-03-13 10:20:07.376527798 +0100
-+++ openwsman-2.6.5/src/server/shttpd/shttpd.c	2019-03-13 10:20:07.380527801 +0100
-@@ -336,10 +336,12 @@ date_to_epoch(const char *s)
- }
- 
- static void
--remove_double_dots(char *s)
-+remove_all_leading_dots(char *s)
- {
- 	char	*p = s;
- 
-+	while (*s != '\0' && *s == '.') s++;
-+
- 	while (*s != '\0') {
- 		*p++ = *s++;
- 		if (s[-1] == '/' || s[-1] == '\\')
-@@ -546,7 +548,7 @@ decide_what_to_do(struct conn *c)
- 		*c->query++ = '\0';
- 
- 	_shttpd_url_decode(c->uri, strlen(c->uri), c->uri, strlen(c->uri) + 1);
--	remove_double_dots(c->uri);
-+	remove_all_leading_dots(c->uri);
- 
- 	root = c->ctx->options[OPT_ROOT];
- 	if (strlen(c->uri) + strlen(root) >= sizeof(path)) {
-@@ -556,6 +558,7 @@ decide_what_to_do(struct conn *c)
- 
- 	(void) _shttpd_snprintf(path, sizeof(path), "%s%s", root, c->uri);
- 
-+	DBG(("decide_what_to_do -> processed path: [%s]", path));
- 	/* User may use the aliases - check URI for mount point */
- 	if (is_alias(c->ctx, c->uri, &alias_uri, &alias_path) != NULL) {
- 		(void) _shttpd_snprintf(path, sizeof(path), "%.*s%s",
-@@ -572,7 +575,10 @@ decide_what_to_do(struct conn *c)
- 	if ((ruri = _shttpd_is_registered_uri(c->ctx, c->uri)) != NULL) {
- 		_shttpd_setup_embedded_stream(c,
- 		    ruri->callback, ruri->callback_data);
--	} else
-+	} else {
-+		_shttpd_send_server_error(c, 403, "Forbidden");
-+	}
-+#if 0
- 	if (strstr(path, HTPASSWD)) {
- 		/* Do not allow to view passwords files */
- 		_shttpd_send_server_error(c, 403, "Forbidden");
-@@ -656,6 +662,7 @@ decide_what_to_do(struct conn *c)
- 	} else {
- 		_shttpd_send_server_error(c, 500, "Internal Error");
- 	}
-+#endif
- }
- 
- static int
-diff -up openwsman-2.6.5/src/server/wsmand.c.orig openwsman-2.6.5/src/server/wsmand.c
---- openwsman-2.6.5/src/server/wsmand.c.orig	2017-11-28 09:32:15.000000000 +0100
-+++ openwsman-2.6.5/src/server/wsmand.c	2019-03-13 10:20:07.380527801 +0100
-@@ -198,6 +198,10 @@ static void daemonize(void)
- 	int fd;
- 	char *pid;
- 
-+	/* Change our CWD to / */
-+	i = chdir("/");
-+	assert(i == 0);
-+
- 	if (wsmand_options_get_foreground_debug() > 0) {
- 		return;
- 	}
-@@ -214,10 +218,6 @@ static void daemonize(void)
- 	log_pid = 0;
- 	setsid();
- 
--	/* Change our CWD to / */
--	i=chdir("/");
--        assert(i == 0);
--
- 	/* Close all file descriptors. */
- 	for (i = getdtablesize(); i >= 0; --i)
- 		close(i);

SOURCES/openwsman-2.6.5-CVE-2019-3833.patch

@@ -1,94 +0,0 @@
-diff -up openwsman-2.6.5/src/server/shttpd/shttpd.c.orig openwsman-2.6.5/src/server/shttpd/shttpd.c
---- openwsman-2.6.5/src/server/shttpd/shttpd.c.orig	2020-05-11 11:10:04.783971915 +0200
-+++ openwsman-2.6.5/src/server/shttpd/shttpd.c	2020-05-11 11:10:04.786971932 +0200
-@@ -705,11 +705,11 @@ parse_http_request(struct conn *c)
- 		_shttpd_send_server_error(c, 500, "Cannot allocate request");
- 	}
- 
-+	io_inc_tail(&c->rem.io, req_len);
-+
- 	if (c->loc.flags & FLAG_CLOSED)
- 		return;
- 
--	io_inc_tail(&c->rem.io, req_len);
--
- 	DBG(("Conn %d: parsing request: [%.*s]", c->rem.chan.sock, req_len, s));
- 	c->rem.flags |= FLAG_HEADERS_PARSED;
- 
-@@ -975,7 +975,7 @@ write_stream(struct stream *from, struct
- }
- 
- 
--static void
-+static int
- connection_desctructor(struct llhead *lp)
- {
- 	struct conn		*c = LL_ENTRY(lp, struct conn, link);
-@@ -999,7 +999,8 @@ connection_desctructor(struct llhead *lp
- 	 * Check the "Connection: " header before we free c->request
- 	 * If it its 'keep-alive', then do not close the connection
- 	 */
--	do_close = (c->ch.connection.v_vec.len >= vec.len &&
-+	do_close = c->rem.flags & FLAG_CLOSED ||
-+	    (c->ch.connection.v_vec.len >= vec.len &&
- 	    !_shttpd_strncasecmp(vec.ptr,c->ch.connection.v_vec.ptr,vec.len)) ||
- 	    (c->major_version < 1 ||
- 	    (c->major_version >= 1 && c->minor_version < 1));
-@@ -1021,7 +1022,7 @@ connection_desctructor(struct llhead *lp
- 		io_clear(&c->loc.io);
- 		c->birth_time = _shttpd_current_time;
- 		if (io_data_len(&c->rem.io) > 0)
--			process_connection(c, 0, 0);
-+			return 1;
- 	} else {
- 		if (c->rem.io_class != NULL)
- 			c->rem.io_class->close(&c->rem);
-@@ -1032,6 +1033,8 @@ connection_desctructor(struct llhead *lp
- 
- 		free(c);
- 	}
-+
-+	return 0;
- }
- 
- static void
-@@ -1039,7 +1042,7 @@ worker_destructor(struct llhead *lp)
- {
- 	struct worker	*worker = LL_ENTRY(lp, struct worker, link);
- 
--	free_list(&worker->connections, connection_desctructor);
-+	free_list(&worker->connections, (void (*)(struct llhead *))connection_desctructor);
- 	free(worker);
- }
- 
-@@ -1072,6 +1075,8 @@ add_to_set(int fd, fd_set *set, int *max
- static void
- process_connection(struct conn *c, int remote_ready, int local_ready)
- {
-+again:
-+
- 	/* Read from remote end if it is ready */
- 	if (remote_ready && io_space_len(&c->rem.io))
- 		read_stream(&c->rem);
-@@ -1100,7 +1105,11 @@ process_connection(struct conn *c, int r
- 	if ((_shttpd_current_time > c->expire_time) ||
- 	    (c->rem.flags & FLAG_CLOSED) ||
- 	    ((c->loc.flags & FLAG_CLOSED) && !io_data_len(&c->loc.io)))
--		connection_desctructor(&c->link);
-+		if (connection_desctructor(&c->link)) {
-+			remote_ready = 0;
-+			local_ready = 0;
-+			goto again;
-+		}
- }
- 
- static int
-@@ -1640,7 +1649,7 @@ worker_function(void *param)
- 	while (worker->exit_flag == 0)
- 		poll_worker(worker, 1000 * 10);
- 
--	free_list(&worker->connections, connection_desctructor);
-+	free_list(&worker->connections, (void (*)(struct llhead *))connection_desctructor);
- 	free(worker);
- }
- 

SOURCES/openwsman-2.6.5-fix-set-cipher-list-retval-check.patch

@@ -1,12 +0,0 @@
-diff -up openwsman-2.6.5/src/server/shttpd/shttpd.c.orig openwsman-2.6.5/src/server/shttpd/shttpd.c
---- openwsman-2.6.5/src/server/shttpd/shttpd.c.orig	2018-02-21 10:53:24.964163710 +0100
-+++ openwsman-2.6.5/src/server/shttpd/shttpd.c	2018-02-21 10:53:31.854162875 +0100
-@@ -1541,7 +1541,7 @@ set_ssl(struct shttpd_ctx *ctx, const ch
- 
- 	if (ssl_cipher_list) {
-           int rc = SSL_CTX_set_cipher_list(CTX, ssl_cipher_list);
--          if (rc != 0) {
-+          if (rc != 1) {
-             _shttpd_elog(E_LOG, NULL, "Failed to set SSL cipher list \"%s\"", ssl_cipher_list);
-           }
-         }

SOURCES/openwsman-2.6.5-http-unauthorized-improve.patch

@@ -1,56 +0,0 @@
-diff -up openwsman-2.6.5/src/lib/wsman-curl-client-transport.c.orig openwsman-2.6.5/src/lib/wsman-curl-client-transport.c
---- openwsman-2.6.5/src/lib/wsman-curl-client-transport.c.orig	2022-09-08 10:36:46.265107915 +0200
-+++ openwsman-2.6.5/src/lib/wsman-curl-client-transport.c	2022-09-08 10:36:46.273107919 +0200
-@@ -452,6 +452,7 @@ wsmc_handler( WsManClient *cl,
- 	long http_code;
- 	long auth_avail = 0;
- 	char *_user = NULL, *_pass = NULL;
-+	int _no_auth = 0; /* 0 if authentication is used, 1 if no authentication was used */
- 	u_buf_t *response = NULL;
- 	//char *soapaction;
- 	char *tmp_str = NULL;
-@@ -551,6 +552,7 @@ wsmc_handler( WsManClient *cl,
- 		_user = wsmc_get_user(cl);
- 		_pass = wsmc_get_password(cl);
- 		if (_user && _pass && cl->data.auth_set) {
-+			_no_auth = 0;
- 			r = curl_easy_setopt(curl, CURLOPT_HTTPAUTH, cl->data.auth_set);
- 			if (r != CURLE_OK) {
- 				cl->fault_string = u_strdup(curl_easy_strerror(r));
-@@ -571,6 +573,11 @@ wsmc_handler( WsManClient *cl,
- 				curl_err("curl_easy_setopt(curl, CURLOPT_USERPWD, ..) failed");
- 				goto DONE;
- 			}
-+        } else {
-+            /* request without user credentials, remember this for
-+             * later use when it might become necessary to print an error message
-+             */
-+            _no_auth = 1;
- 		}
- 
- 		if (wsman_debug_level_debugged(DEBUG_LEVEL_MESSAGE)) {
-@@ -603,6 +610,24 @@ wsmc_handler( WsManClient *cl,
- 				break;
- 			case 401:
- 				// The server requires authentication.
-+                /* RFC 2616 states:
-+                 *
-+                 * If the request already included Authorization credentials, then the 401
-+                 * response indicates that authorization has been refused for those
-+                 * credentials. If the 401 response contains the same challenge as the
-+                 * prior response, and the user agent has already attempted
-+                 * authentication at least once, then the user SHOULD be presented the
-+                 * entity that was given in the response, since that entity might
-+                 * include relevant diagnostic information.
-+                 */
-+                if (_no_auth == 0) {
-+                    /* no authentication credentials were used. It is only
-+                     * possible to write a message about the current situation. There
-+                     * is no information about the last attempt to access the resource.
-+                     * Maybe at a later point in time I will implement more state information.
-+                     */
-+                    fprintf(stdout,"Authentication failed, please retry\n");
-+                }
- 				break;
- 			default:
- 				// The status code does not indicate success.

SOURCES/openwsman-2.6.5-update-ssleay-conf.patch

@@ -1,15 +0,0 @@
-diff -up openwsman-2.6.5/etc/ssleay.cnf.orig openwsman-2.6.5/etc/ssleay.cnf
---- openwsman-2.6.5/etc/ssleay.cnf.orig	2017-11-28 09:32:15.000000000 +0100
-+++ openwsman-2.6.5/etc/ssleay.cnf	2023-07-10 10:00:44.713426317 +0200
-@@ -2,10 +2,8 @@
- # SSLeay example configuration file.
- #
- 
--RANDFILE                = /dev/random
--
- [ req ]
--default_bits            = 1024
-+default_bits            = 2048
- default_keyfile         = privkey.pem
- distinguished_name      = req_distinguished_name
- 

gating.yaml

@@ -0,0 +1,6 @@
+--- !Policy
+product_versions:
+  - rhel-10
+decision_context: osci_compose_gate
+rules:
+  - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}

openwsman-2.4.0-pamsetup.patch

@@ -0,0 +1,13 @@
+diff -up openwsman-2.6.8/etc/pam/openwsman.orig openwsman-2.6.8/etc/pam/openwsman
+--- openwsman-2.6.8/etc/pam/openwsman.orig	2018-11-21 13:51:52.776325243 +0100
++++ openwsman-2.6.8/etc/pam/openwsman	2018-11-21 13:54:17.066351134 +0100
+@@ -2,6 +2,6 @@
+ auth       required	pam_unix.so	nullok
+ auth       required	pam_nologin.so
+ account    required	pam_unix.so
+-password   required	pam_cracklib.so	nullok
+-password   required	pam_unix.so	nullok use_first_pass use_authtok nis shadow
+-session    required	pam_unix.so	none
++password   required	pam_pwquality.so
++password   required	pam_unix.so	nullok use_first_pass use_authtok
++session    required	pam_unix.so

openwsman-2.4.12-ruby-binding-build.patch

@@ -1,12 +1,12 @@
-diff -up openwsman-2.4.12/bindings/ruby/extconf.rb.orig openwsman-2.4.12/bindings/ruby/extconf.rb
---- openwsman-2.4.12/bindings/ruby/extconf.rb.orig	2015-02-09 09:28:58.232581263 +0100
-+++ openwsman-2.4.12/bindings/ruby/extconf.rb	2015-02-09 09:38:22.836772879 +0100
+diff -up openwsman-2.7.2/bindings/ruby/extconf.rb.orig openwsman-2.7.2/bindings/ruby/extconf.rb
+--- openwsman-2.7.2/bindings/ruby/extconf.rb.orig	2022-12-28 16:43:03.000000000 +0100
++++ openwsman-2.7.2/bindings/ruby/extconf.rb	2023-08-09 12:50:21.361216733 +0200
 @@ -32,7 +32,7 @@ swig = find_executable("swig")
  raise "SWIG not found" unless swig
  
  major, minor, path = RUBY_VERSION.split(".")
 -raise "SWIG failed to run" unless system("#{swig} -ruby -autorename -DRUBY_VERSION=#{major}#{minor} -I. -I/usr/include/openwsman -o openwsman_wrap.c openwsman.i")
-+raise "SWIG failed to run" unless system("#{swig} -ruby -autorename -DRUBY_VERSION=#{major}#{minor} -I. -I/usr/include/openwsman -I/builddir/build/BUILD/openwsman-2.6.5/include/ -o openwsman_wrap.c openwsman.i")
++raise "SWIG failed to run" unless system("#{swig} -ruby -autorename -DRUBY_VERSION=#{major}#{minor} -I. -I/usr/include/openwsman -I/builddir/build/BUILD/openwsman-2.7.2/include/ -o openwsman_wrap.c openwsman.i")
  
  $CPPFLAGS = "-I/usr/include/openwsman -I.."
  

openwsman-2.6.2-openssl-1.1-fix.patch

@@ -1,31 +1,6 @@
-diff -up openwsman-2.6.5/src/lib/wsman-curl-client-transport.c.orig openwsman-2.6.5/src/lib/wsman-curl-client-transport.c
---- openwsman-2.6.5/src/lib/wsman-curl-client-transport.c.orig	2017-11-28 09:32:15.000000000 +0100
-+++ openwsman-2.6.5/src/lib/wsman-curl-client-transport.c	2018-01-23 13:14:59.357153453 +0100
-@@ -241,12 +241,20 @@ write_handler( void *ptr, size_t size, s
- static int ssl_certificate_thumbprint_verify_callback(X509_STORE_CTX *ctx, void *arg)
- {
- 	unsigned char *thumbprint = (unsigned char *)arg;
--	X509 *cert = ctx->cert;
- 	EVP_MD                                  *tempDigest;
- 
- 	unsigned char   tempFingerprint[EVP_MAX_MD_SIZE];
- 	unsigned int      tempFingerprintLen;
- 	tempDigest = (EVP_MD*)EVP_sha1( );
-+
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+	X509 *cert = X509_STORE_CTX_get_current_cert(ctx);
-+#else
-+	X509 *cert = ctx->cert;
-+#endif
-+	if(!cert)
-+		return 0;
-+
- 	if ( X509_digest(cert, tempDigest, tempFingerprint, &tempFingerprintLen ) <= 0)
- 		return 0;
- 	if(!memcmp(tempFingerprint, thumbprint, tempFingerprintLen))
-diff -up openwsman-2.6.5/src/server/shttpd/compat_unix.h.orig openwsman-2.6.5/src/server/shttpd/compat_unix.h
---- openwsman-2.6.5/src/server/shttpd/compat_unix.h.orig	2017-11-28 09:32:15.000000000 +0100
-+++ openwsman-2.6.5/src/server/shttpd/compat_unix.h	2018-01-23 13:14:59.357153453 +0100
+diff -up openwsman-2.7.0/src/server/shttpd/compat_unix.h.orig openwsman-2.7.0/src/server/shttpd/compat_unix.h
+--- openwsman-2.7.0/src/server/shttpd/compat_unix.h.orig	2020-05-25 15:16:28.000000000 +0200
++++ openwsman-2.7.0/src/server/shttpd/compat_unix.h	2021-03-09 09:15:26.750942006 +0100
 @@ -27,10 +27,6 @@
  	pthread_create(&tid, NULL, (void *(*)(void *))a, c); } while (0)
  #endif /* !NO_THREADS */
@@ -37,10 +12,10 @@ diff -up openwsman-2.6.5/src/server/shttpd/compat_unix.h.orig openwsman-2.6.5/sr
  #define	DIRSEP				'/'
  #define	IS_DIRSEP_CHAR(c)		((c) == '/')
  #define	O_BINARY			0
-diff -up openwsman-2.6.5/src/server/shttpd/io_ssl.c.orig openwsman-2.6.5/src/server/shttpd/io_ssl.c
---- openwsman-2.6.5/src/server/shttpd/io_ssl.c.orig	2017-11-28 09:32:15.000000000 +0100
-+++ openwsman-2.6.5/src/server/shttpd/io_ssl.c	2018-01-23 13:14:59.357153453 +0100
-@@ -11,23 +11,6 @@
+diff -up openwsman-2.7.0/src/server/shttpd/io_ssl.c.orig openwsman-2.7.0/src/server/shttpd/io_ssl.c
+--- openwsman-2.7.0/src/server/shttpd/io_ssl.c.orig	2020-05-25 15:16:28.000000000 +0200
++++ openwsman-2.7.0/src/server/shttpd/io_ssl.c	2021-03-09 09:15:26.750942006 +0100
+@@ -11,28 +11,6 @@
  #include "defs.h"
  
  #if !defined(NO_SSL)
@@ -54,8 +29,13 @@ diff -up openwsman-2.6.5/src/server/shttpd/io_ssl.c.orig openwsman-2.6.5/src/ser
 -	{"SSL_set_fd",			{0}},
 -	{"SSL_new",			{0}},
 -	{"SSL_CTX_new",			{0}},
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
 -	{"SSLv23_server_method",	{0}},
 -	{"SSL_library_init",		{0}},
+-#else
+-	{"TLS_server_method",	{0}},
+-	{"OPENSSL_init_ssl",		{0}},
+-#endif
 -	{"SSL_CTX_use_PrivateKey_file",	{0}},
 -	{"SSL_CTX_use_certificate_file",{0}},
 -	{NULL,				{0}}
@@ -64,10 +44,10 @@ diff -up openwsman-2.6.5/src/server/shttpd/io_ssl.c.orig openwsman-2.6.5/src/ser
  void
  _shttpd_ssl_handshake(struct stream *stream)
  {
-diff -up openwsman-2.6.5/src/server/shttpd/shttpd.c.orig openwsman-2.6.5/src/server/shttpd/shttpd.c
---- openwsman-2.6.5/src/server/shttpd/shttpd.c.orig	2017-11-28 09:32:15.000000000 +0100
-+++ openwsman-2.6.5/src/server/shttpd/shttpd.c	2018-01-23 13:16:13.738228773 +0100
-@@ -1476,20 +1476,14 @@ set_ssl(struct shttpd_ctx *ctx, const ch
+diff -up openwsman-2.7.0/src/server/shttpd/shttpd.c.orig openwsman-2.7.0/src/server/shttpd/shttpd.c
+--- openwsman-2.7.0/src/server/shttpd/shttpd.c.orig	2020-05-25 15:16:28.000000000 +0200
++++ openwsman-2.7.0/src/server/shttpd/shttpd.c	2021-03-09 09:16:58.843241510 +0100
+@@ -1489,25 +1489,13 @@ set_ssl(struct shttpd_ctx *ctx, const ch
  	int		retval = FALSE;
  	EC_KEY*		key;
  
@@ -84,32 +64,20 @@ diff -up openwsman-2.6.5/src/server/shttpd/shttpd.c.orig openwsman-2.6.5/src/ser
 -		}
 -
  	/* Initialize SSL crap */
-+	debug("Initialize SSL");
-+	SSL_load_error_strings();
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+	OPENSSL_init_ssl(0, NULL);
-+#else
- 	SSL_library_init();
-+#endif
  
+ #if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 	SSL_library_init();
  	if ((CTX = SSL_CTX_new(SSLv23_server_method())) == NULL)
+ #else
+-        OPENSSL_init_ssl();
++        OPENSSL_init_ssl(0, NULL);
+ 	if ((CTX = SSL_CTX_new(TLS_server_method())) == NULL)
+ #endif
  		_shttpd_elog(E_LOG, NULL, "SSL_CTX_new error");
-@@ -1532,7 +1526,11 @@ set_ssl(struct shttpd_ctx *ctx, const ch
- 			if (strncasecmp(protocols[idx].name, ssl_disabled_protocols, blank_ptr-ssl_disabled_protocols) == 0) {
- 				//_shttpd_elog(E_LOG, NULL, "SSL: disable %s protocol", protocols[idx].name);
- 				debug("SSL: disable %s protocol", protocols[idx].name);
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+				SSL_CTX_set_options(CTX, protocols[idx].opt);
-+#else
- 				SSL_CTX_ctrl(CTX, SSL_CTRL_OPTIONS, protocols[idx].opt, NULL);
-+#endif
- 				break;
- 			}
- 		}
-diff -up openwsman-2.6.5/src/server/shttpd/ssl.h.orig openwsman-2.6.5/src/server/shttpd/ssl.h
---- openwsman-2.6.5/src/server/shttpd/ssl.h.orig	2017-11-28 09:32:15.000000000 +0100
-+++ openwsman-2.6.5/src/server/shttpd/ssl.h	2018-01-23 13:14:59.358153454 +0100
-@@ -12,50 +12,4 @@
+diff -up openwsman-2.7.0/src/server/shttpd/ssl.h.orig openwsman-2.7.0/src/server/shttpd/ssl.h
+--- openwsman-2.7.0/src/server/shttpd/ssl.h.orig	2020-05-25 15:16:28.000000000 +0200
++++ openwsman-2.7.0/src/server/shttpd/ssl.h	2021-03-09 09:15:26.750942006 +0100
+@@ -12,55 +12,4 @@
  
  #include <openssl/ssl.h>
  
@@ -130,7 +98,7 @@ diff -up openwsman-2.6.5/src/server/shttpd/ssl.h.orig openwsman-2.6.5/src/server
 -#define	SSL_ERROR_SYSCALL	5
 -#define	SSL_FILETYPE_PEM	1
 -
- #endif
+-#endif
 -
 -/*
 - * Dynamically loaded SSL functionality
@@ -153,9 +121,14 @@ diff -up openwsman-2.6.5/src/server/shttpd/ssl.h.orig openwsman-2.6.5/src/server
 -#define	SSL_get_error(x,y)(* (int (*)(SSL *, int)) FUNC(5))((x), (y))
 -#define	SSL_set_fd(x,y)	(* (int (*)(SSL *, int)) FUNC(6))((x), (y))
 -#define	SSL_new(x)	(* (SSL * (*)(SSL_CTX *)) FUNC(7))(x)
--#define	SSL_CTX_new(x)	(* (SSL_CTX * (*)(SSL_METHOD *)) FUNC(8))(x)
+-#define	SSL_CTX_new(x)	(* (SSL_CTX * (*)(const SSL_METHOD *)) FUNC(8))(x)
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
 -#define	SSLv23_server_method()	(* (SSL_METHOD * (*)(void)) FUNC(9))()
 -#define	SSL_library_init() (* (int (*)(void)) FUNC(10))()
+-#else
+-#define	TLS_server_method()	(* (SSL_METHOD * (*)(void)) FUNC(9))()
+-#define	OPENSSL_init_ssl() (* (int (*)(void)) FUNC(10))()
+ #endif
 -#define	SSL_CTX_use_PrivateKey_file(x,y,z)	(* (int (*)(SSL_CTX *, \
 -		const char *, int)) FUNC(11))((x), (y), (z))
 -#define	SSL_CTX_use_certificate_file(x,y,z)	(* (int (*)(SSL_CTX *, \

openwsman-2.6.8-update-ssleay-conf.patch

@@ -0,0 +1,12 @@
+diff -up openwsman-2.7.1/etc/ssleay.cnf.orig openwsman-2.7.1/etc/ssleay.cnf
+--- openwsman-2.7.1/etc/ssleay.cnf.orig	2021-11-09 08:27:48.577749509 +0100
++++ openwsman-2.7.1/etc/ssleay.cnf	2021-11-09 08:28:10.499967010 +0100
+@@ -3,7 +3,7 @@
+ #
+ 
+ [ req ]
+-default_bits            = 1024
++default_bits            = 2048
+ default_keyfile         = privkey.pem
+ distinguished_name      = req_distinguished_name
+ 

openwsman-2.7.2-fix-ftbfs.patch

@@ -0,0 +1,12 @@
+diff -up openwsman-2.7.2/bindings/openwsman.i.orig openwsman-2.7.2/bindings/openwsman.i
+--- openwsman-2.7.2/bindings/openwsman.i.orig	2024-01-22 09:36:42.764721705 +0100
++++ openwsman-2.7.2/bindings/openwsman.i	2024-01-22 09:37:29.970817151 +0100
+@@ -109,7 +109,7 @@ SWIGINTERNINLINE SV *SWIG_From_double  S
+ 
+ %typemap(in) FILE* {
+ #if RUBY_VERSION > 18
+-  struct rb_io_t *fptr;
++  struct rb_io *fptr;
+ #else
+   struct OpenFile *fptr;
+ #endif

openwsman.fc

@@ -0,0 +1,7 @@
+/usr/lib/systemd/system/openwsmand.*		--	gen_context(system_u:object_r:openwsman_unit_file_t,s0)
+
+/usr/sbin/openwsmand		--	gen_context(system_u:object_r:openwsman_exec_t,s0)
+
+/var/log/wsmand.*	--	gen_context(system_u:object_r:openwsman_log_t,s0)
+
+/var/run/wsmand.*	--	gen_context(system_u:object_r:openwsman_run_t,s0)

openwsman.if

@@ -0,0 +1,79 @@
+## <summary>WS-Management Server</summary>
+
+########################################
+## <summary>
+##	Execute openwsman in the openwsman domin.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+interface(`openwsman_domtrans',`
+	gen_require(`
+		type openwsman_t, openwsman_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, openwsman_exec_t, openwsman_t)
+')
+########################################
+## <summary>
+##	Execute openwsman server in the openwsman domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+interface(`openwsman_systemctl',`
+	gen_require(`
+		type openwsman_t;
+		type openwsman_unit_file_t;
+	')
+
+	systemd_exec_systemctl($1)
+	init_reload_services($1)
+    systemd_read_fifo_file_passwd_run($1)
+	allow $1 openwsman_unit_file_t:file read_file_perms;
+	allow $1 openwsman_unit_file_t:service manage_service_perms;
+
+	ps_process_pattern($1, openwsman_t)
+')
+
+
+########################################
+## <summary>
+##	All of the rules required to administrate
+##	an openwsman environment
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`openwsman_admin',`
+	gen_require(`
+		type openwsman_t;
+	    type openwsman_unit_file_t;
+	')
+
+	allow $1 openwsman_t:process { signal_perms };
+	ps_process_pattern($1, openwsman_t)
+
+    tunable_policy(`deny_ptrace',`',`
+        allow $1 openwsman_t:process ptrace;
+    ')
+
+	openwsman_systemctl($1)
+	admin_pattern($1, openwsman_unit_file_t)
+	allow $1 openwsman_unit_file_t:service all_service_perms;
+	optional_policy(`
+		systemd_passwd_agent_exec($1)
+		systemd_read_fifo_file_passwd_run($1)
+	')
+')

openwsman.spec

@@ -1,12 +1,34 @@
 # RubyGems's macros expect gem_name to exist.
 %global		gem_name %{name}
 
+# defining macros needed by SELinux
+# unless running a flatpak build.
+%if 0%{?flatpak}
+%global with_selinux 0
+%else
+%global with_selinux 1
+%global selinuxtype targeted
+%global modulename openwsman
+%endif
+
+# Bindings install in the wrong path for a flatpak build; this could be fixed, but
+# we don't currently need the bindings for any Flatpak'ed application
+%if 0%{?flatpak}
+%global with_ruby 0
+%global with_perl 0
+%global with_python 0
+%else
+%global with_ruby 1
+%global with_perl 1
+%global with_python 1
+%endif
+
 Name:		openwsman
-Version:	2.6.5
-Release:	10%{?dist}
+Version:	2.7.2
+Release:	9%{?dist}
 Summary:	Open source Implementation of WS-Management
 
-License:	BSD
+License:	BSD-3-Clause AND MIT
 URL:		http://www.openwsman.org/
 Source0:	https://github.com/Openwsman/openwsman/archive/v%{version}.tar.gz
 # help2man generated manpage for openwsmand binary
@@ -15,23 +37,35 @@ Source1:	openwsmand.8.gz
 Source2:	openwsmand.service
 # script for testing presence of the certificates in ExecStartPre
 Source3:	owsmantestcert.sh
+# Source100-102: selinux policy for openwsman, extracted
+# from https://github.com/fedora-selinux/selinux-policy
+%if 0%{with_selinux}
+Source100: %{modulename}.te
+Source101: %{modulename}.if
+Source102: %{modulename}.fc
+%endif
 Patch1:		openwsman-2.4.0-pamsetup.patch
 Patch2:		openwsman-2.4.12-ruby-binding-build.patch
 Patch3:		openwsman-2.6.2-openssl-1.1-fix.patch
 Patch4:		openwsman-2.6.5-http-status-line.patch
-Patch5:		openwsman-2.6.5-fix-set-cipher-list-retval-check.patch
-Patch6:		openwsman-2.6.5-CVE-2019-3816.patch
-# Patch7: fixes CVE-2019-3833, rhbz#1687865
-Patch7:		openwsman-2.6.5-CVE-2019-3833.patch
-Patch8:		openwsman-2.6.5-http-unauthorized-improve.patch
-# Patch9: fixes cert issue, rhbz#2220821
-Patch9:         openwsman-2.6.5-update-ssleay-conf.patch
+Patch5:		openwsman-2.6.8-update-ssleay-conf.patch
+Patch6:		openwsman-2.7.2-fix-ftbfs.patch
+BuildRequires:	make
 BuildRequires:	swig
 BuildRequires:	libcurl-devel libxml2-devel pam-devel sblim-sfcc-devel
-BuildRequires:	python3 python3-devel ruby ruby-devel rubygems-devel perl-interpreter
-BuildRequires:	perl-devel perl-generators pkgconfig openssl-devel
+%if %{with_python}
+BuildRequires:	python3 python3-devel
+%endif
+%if %{with_ruby}
+BuildRequires:	ruby ruby-devel rubygems-devel
+%endif
+%if %{with_perl}
+BuildRequires:	perl-interpreter perl-devel perl-generators
+%endif
+BuildRequires:	pkgconfig openssl-devel
 BuildRequires:	cmake
 BuildRequires:	systemd-units
+BuildRequires:	gcc gcc-c++
 
 %description
 Openwsman is a project intended to provide an open-source
@@ -43,7 +77,7 @@ requirements that exposes a set of operations focused on and covers
 all system management aspects.
 
 %package -n libwsman1
-License:	BSD
+License:	BSD-3-Clause AND MIT
 Summary:	Open source Implementation of WS-Management
 Provides:	%{name} = %{version}-%{release}
 Obsoletes:	%{name} < %{version}-%{release}
@@ -52,7 +86,7 @@ Obsoletes:	%{name} < %{version}-%{release}
 Openwsman library for packages dependent on openwsman.
 
 %package -n libwsman-devel
-License:	BSD
+License:	BSD-3-Clause AND MIT
 Summary:	Open source Implementation of WS-Management
 Provides:	%{name}-devel = %{version}-%{release}
 Obsoletes:	%{name}-devel < %{version}-%{release}
@@ -66,22 +100,28 @@ Requires:	libcurl-devel
 Development files for openwsman.
 
 %package client
-License:	BSD
+License:	BSD-3-Clause AND MIT
 Summary:	Openwsman Client libraries
 
 %description client
 Openwsman Client libraries.
 
 %package server
-License:	BSD
+License:	BSD-3-Clause AND MIT
 Summary:	Openwsman Server and service libraries
 Requires:	libwsman1 = %{version}-%{release}
+%if 0%{?with_selinux}
+# This ensures that the *-selinux package and all it’s dependencies are not pulled
+# into containers and other systems that do not use SELinux
+Requires:  (%{name}-selinux if selinux-policy-%{selinuxtype})
+%endif
 
 %description server
 Openwsman Server and service libraries.
 
+%if %{with_python}
 %package python3
-License:	BSD
+License:	BSD-3-Clause AND MIT
 Summary:	Python bindings for openwsman client API
 Requires:	%{__python3}
 Requires:	libwsman1 = %{version}-%{release}
@@ -89,11 +129,14 @@ Requires:	libwsman1 = %{version}-%{release}
 
 %description python3
 This package provides Python3 bindings to access the openwsman client API.
+%endif
 
+%if %{with_ruby}
 %package -n rubygem-%{gem_name}
-License:	BSD
+License:	BSD-3-Clause AND MIT
 Summary:	Ruby client bindings for Openwsman
 Obsoletes:	%{name}-ruby < %{version}-%{release}
+Requires:	libwsman1 = %{version}-%{release}
 
 %description -n rubygem-%{gem_name}
 The openwsman gem provides a Ruby API to manage systems using
@@ -106,15 +149,17 @@ BuildArch:	noarch
 
 %description -n rubygem-%{gem_name}-doc
 Documentation for rubygem-%{gem_name}
+%endif
 
+%if %{with_perl}
 %package perl
-License:	BSD
-Requires:	perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
+License:	BSD-3-Clause AND MIT
 Summary:	Perl bindings for openwsman client API
 Requires:	libwsman1 = %{version}-%{release}
 
 %description perl
 This package provides Perl bindings to access the openwsman client API.
+%endif
 
 %package winrs
 Summary:	Windows Remote Shell
@@ -124,18 +169,24 @@ Requires:	rubygem-%{gem_name} = %{version}-%{release}
 This is a command line tool for the Windows Remote Shell protocol.
 You can use it to send shell commands to a remote Windows hosts.
 
+%if 0%{?with_selinux}
+# SELinux subpackage
+%package selinux
+Summary:   openwsman SELinux policy
+BuildArch: noarch
+Requires:  selinux-policy-%{selinuxtype}
+Requires(post): selinux-policy-%{selinuxtype}
+BuildRequires: selinux-policy-devel
+%{?selinux_requires}
+
+%description selinux
+Custom SELinux policy module
+%endif
+
 %prep
 %setup -q
 
-%patch1 -p1 -b .pamsetup
-%patch2 -p1 -b .ruby-binding-build
-%patch3 -p1 -b .openssl-1.1-fix
-%patch4 -p1 -b .http-status-line
-%patch5 -p1 -b .fix-set-cipher-list-retval-check
-%patch6 -p1 -b .CVE-2019-3816
-%patch7 -p1 -b .CVE-2019-3833
-%patch8 -p1 -b .http-unauthorized-improve
-%patch9 -p1 -b .update-ssleay-conf
+%autopatch -p1
 
 %build
 # Removing executable permissions on .c and .h files to fix rpmlint warnings. 
@@ -145,11 +196,11 @@ rm -rf build
 mkdir build
 
 export RPM_OPT_FLAGS="$RPM_OPT_FLAGS -DFEDORA -DNO_SSL_CALLBACK"
-export CFLAGS="-D_GNU_SOURCE -fPIE -DPIE"
-export LDFLAGS="$LDFLAGS -Wl,-z,now -pie"
+export CFLAGS="$RPM_OPT_FLAGS -fPIC -pie -Wl,-z,relro -Wl,-z,now"
+export CXXFLAGS="$RPM_OPT_FLAGS -fPIC -pie -Wl,-z,relro -Wl,-z,now"
 cd build
 cmake \
-	-DCMAKE_INSTALL_PREFIX=/usr \
+	-DCMAKE_INSTALL_PREFIX=%{_prefix} \
 	-DCMAKE_VERBOSE_MAKEFILE=TRUE \
 	-DCMAKE_BUILD_TYPE=Release \
 	-DCMAKE_C_FLAGS_RELEASE:STRING="$RPM_OPT_FLAGS -fno-strict-aliasing" \
@@ -158,10 +209,21 @@ cmake \
 	-DPACKAGE_ARCHITECTURE=`uname -m` \
 	-DLIB=%{_lib} \
 	-DBUILD_JAVA=no \
+	-DBUILD_PYTHON=no \
+%if ! %{with_python}
+	-DBUILD_PYTHON3=no \
+%endif
+%if ! %{with_perl}
+	-DBUILD_PERL=no \
+%endif
+%if ! %{with_ruby}
+	-DBUILD_RUBY=no \
+%endif
 	..
 
 make
 
+%if %{with_ruby}
 # Make the freshly build openwsman libraries available to build the gem's
 # binary extension.
 export LIBRARY_PATH=%{_builddir}/%{name}-%{version}/build/src/lib
@@ -169,20 +231,34 @@ export CPATH=%{_builddir}/%{name}-%{version}/include/
 export LD_LIBRARY_PATH=%{_builddir}/%{name}-%{version}/build/src/lib/
 
 %gem_install -n ./bindings/ruby/%{name}-%{version}.gem
+%endif
+
+%if 0%{?with_selinux}
+# SELinux policy (originally from selinux-policy-contrib)
+# this policy module will override the production module
+mkdir selinux
+cp -p %{SOURCE100} %{SOURCE101} %{SOURCE102} selinux/
+make -f %{_datadir}/selinux/devel/Makefile %{modulename}.pp
+bzip2 -9 %{modulename}.pp
+%endif
 
 %install
 cd build
 
+%if %{with_ruby}
 # Do not install the ruby extension, we are proviging the rubygem- instead.
 echo -n > bindings/ruby/cmake_install.cmake
+%endif
 
-make DESTDIR=%{buildroot} install
+%make_install
 cd ..
 rm -f %{buildroot}/%{_libdir}/*.la
 rm -f %{buildroot}/%{_libdir}/openwsman/plugins/*.la
 rm -f %{buildroot}/%{_libdir}/openwsman/authenticators/*.la
+%if %{with_ruby}
 [ -d %{buildroot}/%{ruby_vendorlibdir} ] && rm -f %{buildroot}/%{ruby_vendorlibdir}/openwsmanplugin.rb
 [ -d %{buildroot}/%{ruby_vendorlibdir} ] && rm -f %{buildroot}/%{ruby_vendorlibdir}/openwsman.rb
+%endif
 mkdir -p %{buildroot}%{_sysconfdir}/init.d
 install -m 644 etc/openwsman.conf %{buildroot}/%{_sysconfdir}/openwsman
 install -m 644 etc/openwsman_client.conf %{buildroot}/%{_sysconfdir}/openwsman
@@ -198,6 +274,7 @@ install -m 644 include/wsman-xml.h %{buildroot}/%{_includedir}/openwsman
 install -m 644 include/wsman-xml-binding.h %{buildroot}/%{_includedir}/openwsman
 install -m 644 include/wsman-dispatcher.h %{buildroot}/%{_includedir}/openwsman
 
+%if %{with_ruby}
 mkdir -p %{buildroot}%{gem_dir}
 cp -pa ./build%{gem_dir}/* \
 	%{buildroot}%{gem_dir}/
@@ -206,13 +283,17 @@ rm -rf %{buildroot}%{gem_instdir}/ext
 
 mkdir -p %{buildroot}%{gem_extdir_mri}
 cp -a ./build%{gem_extdir_mri}/{gem.build_complete,*.so} %{buildroot}%{gem_extdir_mri}/
+%endif
 
-%post -n libwsman1 -p /sbin/ldconfig
+%if 0%{?with_selinux}
+install -D -m 0644 build/%{modulename}.pp.bz2 %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp.bz2
+install -D -p -m 0644 build/selinux/%{modulename}.if %{buildroot}%{_datadir}/selinux/devel/include/distributed/%{name}.if
+%endif
 
-%postun -n libwsman1 -p /sbin/ldconfig
+%ldconfig_scriptlets -n libwsman1
 
 %post server
-/sbin/ldconfig
+%{?ldconfig}
 %systemd_post openwsmand.service
 
 %preun server
@@ -221,11 +302,31 @@ cp -a ./build%{gem_extdir_mri}/{gem.build_complete,*.so} %{buildroot}%{gem_extdi
 %postun server
 rm -f /var/log/wsmand.log
 %systemd_postun_with_restart openwsmand.service
-/sbin/ldconfig
+%{?ldconfig}
 
-%post client -p /sbin/ldconfig
+%ldconfig_scriptlets client
 
-%postun client -p /sbin/ldconfig
+%if 0%{?with_selinux}
+# SELinux contexts are saved so that only affected files can be
+# relabeled after the policy module installation
+%pre selinux
+%selinux_relabel_pre -s %{selinuxtype}
+
+%post selinux
+%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp.bz2
+%selinux_relabel_post -s %{selinuxtype}
+
+if [ "$1" -le "1" ]; then # First install
+   # the service needs to be restarted for the custom label to be applied
+   %systemd_postun_with_restart openwsmand.service
+fi
+
+%postun selinux
+if [ $1 -eq 0 ]; then
+    %selinux_modules_uninstall -s %{selinuxtype} %{modulename}
+    %selinux_relabel_post -s %{selinuxtype}
+fi
+%endif
 
 %files -n libwsman1
 %doc AUTHORS COPYING ChangeLog README.md TODO
@@ -239,12 +340,15 @@ rm -f /var/log/wsmand.log
 %{_libdir}/pkgconfig/*
 %{_libdir}/*.so
 
+%if %{with_python}
 %files python3
 %doc AUTHORS COPYING ChangeLog README.md
 %{python3_sitearch}/*.so
 %{python3_sitearch}/*.py
 %{python3_sitearch}/__pycache__/*
+%endif
 
+%if %{with_ruby}
 %files -n rubygem-%{gem_name}
 %doc AUTHORS COPYING ChangeLog README.md
 %dir %{gem_instdir}
@@ -252,14 +356,19 @@ rm -f /var/log/wsmand.log
 %{gem_extdir_mri}
 %exclude %{gem_cache}
 %{gem_spec}
+%endif
 
+%if %{with_ruby}
 %files -n rubygem-%{gem_name}-doc
 %doc %{gem_docdir}
+%endif
 
+%if %{with_perl}
 %files perl
 %doc AUTHORS COPYING ChangeLog README.md
 %{perl_vendorarch}/openwsman.so
 %{perl_vendorlib}/openwsman.pm
+%endif
 
 %files server
 %doc AUTHORS COPYING ChangeLog README.md
@@ -291,37 +400,199 @@ rm -f /var/log/wsmand.log
 %files winrs
 %{_bindir}/winrs
 
+%if 0%{?with_selinux}
+%files selinux
+%{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp.*
+%{_datadir}/selinux/devel/include/distributed/%{modulename}.if
+%ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename}
+%endif
+
 %changelog
-* Thu Jul 27 2023 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.5-10
-- Remove RANDFILE and increase default bits in ssleay.conf
-  Resolves: #2220821
+* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 2.7.2-9
+- Bump release for October 2024 mass rebuild:
+  Resolves: RHEL-64018
 
-* Tue Feb 14 2023 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.5-9
-- Add rpminspect.yaml
-  Related: #2105315
+* Thu Aug 08 2024 Troy Dawson <tdawson@redhat.com> - 2.7.2-8
+- Bump release for Aug 2024 java mass rebuild
 
-* Thu Sep 08 2022 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.5-8
+* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 2.7.2-7
+- Bump release for June 2024 mass rebuild
+
+* Thu May 09 2024 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.7.2-6
+- Update license tags in subpackages to SPDX format
+
+* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.2-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Mon Jan 22 2024 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.7.2-4
+- Fix FTBFS
+  Resolves: #2259165
+
+* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.2-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Wed Jan 03 2024 Mamoru TASAKA <mtasaka@fedoraproject.org> - 2.7.2-2
+- Rebuild for https://fedoraproject.org/wiki/Changes/Ruby_3.3
+
+* Thu Aug 31 2023 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.7.2-1
+- Update to openwsman-2.7.2
+
+* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.1-14
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Tue Jul 11 2023 Jitka Plesnikova <jplesnik@redhat.com> - 2.7.1-13
+- Perl 5.38 rebuild
+
+* Wed Jun 14 2023 Python Maint <python-maint@redhat.com> - 2.7.1-12
+- Rebuilt for Python 3.12
+
+* Tue Feb 14 2023 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.7.1-11
+- SPDX migration
+
+* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.1-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Wed Jan 04 2023 Mamoru TASAKA <mtasaka@fedoraproject.org> - 2.7.1-9
+- Rebuild for https://fedoraproject.org/wiki/Changes/Ruby_3.2
+
+* Fri Oct 21 2022 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.7.1-8
+- Fix Ruby bindings for swig 4.1 (backported from upstream)
+  Resolves: #2136510
+- Remove mixed use of spaces and tabs from spec file
+
+* Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.1-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Wed Jul 20 2022 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.7.1-6
 - Improve handling of HTTP 401 Unauthorized
-  Resolves: #2105315
 
-* Mon May 11 2020 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.5-7
-- Fix CVE-2019-3833
-  Resolves: #1687865
+* Wed Jun 15 2022 Python Maint <python-maint@redhat.com> - 2.7.1-5
+- Rebuilt for Python 3.11
 
-* Wed Jul 17 2019 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.5-6
-- Fix name of Patch6
+* Mon May 30 2022 Jitka Plesnikova <jplesnik@redhat.com> - 2.7.1-4
+- Perl 5.36 rebuild
 
-* Wed Mar 13 2019 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.5-5
+* Thu Jan 27 2022 Mamoru TASAKA <mtasaka@fedoraproject.org> - 2.7.1-3
+- F-36: rebuild against ruby31
+
+* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Thu Nov 11 2021 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.7.1-1
+- Update to openwsman-2.7.1
+
+* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 2.7.0-6
+- Rebuilt with OpenSSL 3.0.0
+
+* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.0-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Tue Jun 08 2021 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.7.0-4
+- Incorporate -selinux subpackage
+  See https://fedoraproject.org/wiki/SELinux/IndependentPolicy
+
+* Fri Jun 04 2021 Python Maint <python-maint@redhat.com> - 2.7.0-3
+- Rebuilt for Python 3.10
+
+* Fri May 21 2021 Jitka Plesnikova <jplesnik@redhat.com> - 2.7.0-2
+- Perl 5.34 rebuild
+
+* Tue Mar 09 2021 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.7.0-1
+- Update to openwsman-2.7.0 (thanks for a patch to Bastian Germann)
+
+* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 2.6.8-20
+- Rebuilt for updated systemd-rpm-macros
+  See https://pagure.io/fesco/issue/2583.
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.8-19
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Wed Jan 06 2021 Mamoru TASAKA <mtasaka@fedoraproject.org> - 2.6.8-18
+- F-34: rebuild against ruby 3.0
+
+* Tue Sep 22 2020 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.8-17
+- Use make macros, patch by Tom Stellard <tstellar@redhat.com>
+  (https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro)
+- Update flags, enable LTO
+- Remove RANDFILE and increase default bits in ssleay.conf
+
+* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.8-16
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Wed Jul 08 2020 Jeff Law <law@redhat.com> - 2.6.8-15
+- Disable LTO
+
+* Mon Jun 22 2020 Jitka Plesnikova <jplesnik@redhat.com> - 2.6.8-14
+- Perl 5.32 rebuild
+
+* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 2.6.8-13
+- Rebuilt for Python 3.9
+
+* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.8-12
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Sat Jan 18 2020 Mamoru TASAKA <mtasaka@fedoraproject.org> - 2.6.8-11
+- F-32: rebuild against ruby27
+
+* Thu Oct 03 2019 Miro Hrončok <mhroncok@redhat.com> - 2.6.8-10
+- Rebuilt for Python 3.8.0rc1 (#1748018)
+
+* Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 2.6.8-9
+- Rebuilt for Python 3.8
+
+* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.8-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Thu May 30 2019 Jitka Plesnikova <jplesnik@redhat.com> - 2.6.8-7
+- Perl 5.30 rebuild
+
+* Mon Apr 01 2019 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.8-6
+- Add requires libwsman1 for rubygem-openwsman
+
+* Wed Mar 13 2019 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.8-5
 - Fix CVE-2019-3816
-  Resolves: #1687864
+  Resolves: #1687760
+- Fix CVE-2019-3833
+  Resolves: #1687762
 - Remove Dist Tag from the oldest changelog entry
 
-* Thu Sep 20 2018 Tomas Orsava <torsava@redhat.com> - 2.6.5-4
-- Require the Python interpreter directly instead of using the package name
-- Related: rhbz#1619153
+* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org>
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
 
-* Wed Feb 21 2018 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.5-3
+* Mon Jan 21 2019 Mamoru TASAKA <mtasaka@fedoraproject.org> - 2.6.8-3
+- F-30: rebuild against ruby26
+
+* Mon Jan 14 2019 Björn Esser <besser82@fedoraproject.org> - 2.6.8-2
+- Rebuilt for libcrypt.so.2 (#1666033)
+
+* Thu Nov 22 2018 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.8-1
+- Update to openwsman-2.6.8
+
+* Wed Nov 14 2018 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.5-10
+- Reflect changes in libcurl error codes
+  Resolves: #1649393
+
+* Mon Oct 01 2018 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.5-9
+- Require the Python interpreter directly instead of using the package name
+
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.5-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Tue Jul 03 2018 Petr Pisar <ppisar@redhat.com> - 2.6.5-7
+- Perl 5.28 rebuild
+
+* Thu Jun 28 2018 Jitka Plesnikova <jplesnik@redhat.com> - 2.6.5-6
+- Perl 5.28 rebuild
+
+* Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com> - 2.6.5-5
+- Rebuilt for Python 3.7
+
+* Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com> - 2.6.5-4
+- Rebuilt for Python 3.7
+
+* Thu Feb 22 2018 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.5-3
 - Fix wrong SSL_CTX_set_cipher_list() retval check
+- Add BuildRequires gcc and gcc-c++
 - Explicitly disable build of java bindings (build fails if java-devel is installed)
 
 * Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.5-2

openwsman.te

@@ -0,0 +1,74 @@
+policy_module(openwsman, 1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+type openwsman_t;
+type openwsman_exec_t;
+init_daemon_domain(openwsman_t, openwsman_exec_t)
+
+type openwsman_tmp_t;
+files_tmp_file(openwsman_tmp_t)
+
+type openwsman_tmpfs_t;
+files_tmpfs_file(openwsman_tmpfs_t)
+
+type openwsman_log_t;
+logging_log_file(openwsman_log_t)
+
+type openwsman_run_t;
+files_pid_file(openwsman_run_t)
+
+type openwsman_unit_file_t;
+systemd_unit_file(openwsman_unit_file_t)
+
+########################################
+#
+# openwsman local policy
+#
+
+allow openwsman_t self:capability setuid;
+
+allow openwsman_t self:process { fork };
+allow openwsman_t self:fifo_file rw_fifo_file_perms;
+allow openwsman_t self:unix_stream_socket create_stream_socket_perms;
+allow openwsman_t self:tcp_socket { accept create_socket_perms listen };
+
+manage_files_pattern(openwsman_t, openwsman_tmp_t, openwsman_tmp_t)
+manage_dirs_pattern(openwsman_t, openwsman_tmp_t, openwsman_tmp_t)
+files_tmp_filetrans(openwsman_t, openwsman_tmp_t, { dir file })
+
+manage_files_pattern(openwsman_t, openwsman_tmpfs_t, openwsman_tmpfs_t)
+manage_dirs_pattern(openwsman_t, openwsman_tmpfs_t, openwsman_tmpfs_t)
+fs_tmpfs_filetrans(openwsman_t, openwsman_tmpfs_t, { dir file })
+
+manage_files_pattern(openwsman_t, openwsman_log_t, openwsman_log_t)
+logging_log_filetrans(openwsman_t, openwsman_log_t, { file })
+
+manage_files_pattern(openwsman_t, openwsman_run_t, openwsman_run_t)
+files_pid_filetrans(openwsman_t, openwsman_run_t, { file })
+
+auth_use_nsswitch(openwsman_t)
+auth_domtrans_chkpwd(openwsman_t)
+
+corenet_tcp_connect_pegasus_https_port(openwsman_t)
+corenet_tcp_bind_vnc_port(openwsman_t)
+corenet_tcp_bind_http_port(openwsman_t)
+
+dev_read_urand(openwsman_t)
+
+logging_send_syslog_msg(openwsman_t)
+logging_send_audit_msgs(openwsman_t)
+
+optional_policy(`
+    sblim_stream_connect_sfcbd(openwsman_t)
+    sblim_rw_semaphores_sfcbd(openwsman_t)
+    sblim_getattr_exec_sfcbd(openwsman_t)
+')
+
+optional_policy(`
+    unconfined_domain(openwsman_t)
+')
+

plans/tier1.fmf

@@ -0,0 +1,38 @@
+---
+
+summary: Tier1 plan for openwsman
+
+discover:
+  how: fmf
+  url: https://pkgs.devel.redhat.com/git/tests/openwsman
+  ref: master
+  filter: tier:1
+
+prepare:
+  - how: shell
+    script: |
+      set -euxo pipefail
+
+      ENABLE_REPO_CMD="yum-config-manager --enable"
+      if command -v dnf >/dev/null 2>&1; then
+        ENABLE_REPO_CMD="dnf config-manager --set-enabled"
+      fi
+
+      ${ENABLE_REPO_CMD} beaker-tasks || :
+  - how: shell
+    script: |
+        set -exuo pipefail
+
+        if [[ -f /etc/os-release ]]; then
+          . /etc/os-release
+          if [[ "${ID:-}" == "rhel" && "${VERSION_ID%%.*}" -ge 8 ]]; then
+            dnf config-manager --enable rhel-CRB
+          fi
+        fi
+
+execute:
+  how: tmt
+
+adjust:
+    enabled: false
+    when: distro == centos-stream or distro == fedora

sources

@@ -0,0 +1,2 @@
+SHA512 (openwsmand.8.gz) = 751c40060781e8b5a847e09aee94833ed1e4fbe966f052e5023cb209361acc312078d0d75c0806bd9990da061d3048566418135d3670dd620c6b809e5d0e594c
+SHA512 (v2.7.2.tar.gz) = ffd6a0d00a00b00e321b2b55e0c77326f5943ca3224eee74c706e53a1c5c44ef0e8b1cfde5d631966769eefd4e567b0db8713085b7a8b386c2871ab4ada83046

tests/tests-DSP.yml

@@ -0,0 +1,37 @@
+- hosts: localhost
+
+  roles:
+  - role: standard-test-beakerlib
+    tags:
+    - classic
+    repositories:
+      - repo: https://pagure.io/DSP_test.git
+        dest: DSP_test
+        version: master
+
+    tests:
+    - DSP_test
+    environment:
+      # RPM package containing the policy module
+      TEST_RPM: openwsman-selinux
+      # policy module name
+      TEST_POLICY: openwsman
+      # policy sources will be extracted from corresponding .src.rpm
+      # policy tar filename regexp (e.g. "usbguard-selinux*.tar.gz")
+      # or empty string if policy sources are not inside a tar archive
+      POLICY_TAR: ''
+      # path to policy sources (in of the tar archive) -- <POLICY_TAR>/<POLICY_PATH>/<TEST_POLICY>.(te|if|fc)
+      # or path in the src.rpm if there is no tar archive -- <src.rpm>/<POLICY_PATH>/<TEST_POLICY>.(te|if|fc)
+      # can contain wildcards (e.g. for versions etc.)
+      POLICY_PATH: .
+
+    required_packages:
+    - policycoreutils
+    - selinux-policy
+    - selinux-policy-targeted
+    - setools-console
+    - libselinux-utils
+    - rpm
+    - tar
+    - git
+    - openwsman-server