.gitignore

@@ -1,2 +1,2 @@
 SOURCES/openwsmand.8.gz
-SOURCES/v2.6.5.tar.gz
+SOURCES/v2.6.8.tar.gz

.openwsman.metadata

@@ -1,2 +1,2 @@
 a6a8bbbfa71ce04bedae55f2f06ce97089b6c5e1 SOURCES/openwsmand.8.gz
-51230beeaad4a94ab6eb3d390e2608c87b4d76fe SOURCES/v2.6.5.tar.gz
+e061a41b3d5f5fa4ee284726d283e15f4a0e8c46 SOURCES/v2.6.8.tar.gz

SOURCES/openwsman-2.4.0-pamsetup.patch

@@ -1,16 +1,13 @@
-diff -up openwsman-2.6.1/etc/pam/openwsman.pamsetup openwsman-2.6.1/etc/pam/openwsman
---- openwsman-2.6.1/etc/pam/openwsman.pamsetup	2015-08-27 15:46:46.000000000 +0200
-+++ openwsman-2.6.1/etc/pam/openwsman	2015-08-31 16:08:28.166913889 +0200
-@@ -1,7 +1,7 @@
- #%PAM-1.0
--auth       required	pam_unix2.so	nullok
-+auth       required	pam_unix.so		nullok
+diff -up openwsman-2.6.8/etc/pam/openwsman.orig openwsman-2.6.8/etc/pam/openwsman
+--- openwsman-2.6.8/etc/pam/openwsman.orig	2018-11-21 13:51:52.776325243 +0100
++++ openwsman-2.6.8/etc/pam/openwsman	2018-11-21 13:54:17.066351134 +0100
+@@ -2,6 +2,6 @@
+ auth       required	pam_unix.so	nullok
  auth       required	pam_nologin.so
--account    required	pam_unix2.so
--password   required	pam_pwcheck.so	nullok
--password   required	pam_unix2.so	nullok use_first_pass use_authtok
--session    required	pam_unix2.so	none
-+account    required	pam_unix.so
+ account    required	pam_unix.so
+-password   required	pam_cracklib.so	nullok
+-password   required	pam_unix.so	nullok use_first_pass use_authtok nis shadow
+-session    required	pam_unix.so	none
 +password   required	pam_pwquality.so
-+password   required	pam_unix.so		nullok use_first_pass use_authtok
++password   required	pam_unix.so	nullok use_first_pass use_authtok
 +session    required	pam_unix.so

SOURCES/openwsman-2.4.12-ruby-binding-build.patch

@@ -6,7 +6,7 @@ diff -up openwsman-2.4.12/bindings/ruby/extconf.rb.orig openwsman-2.4.12/binding
  
  major, minor, path = RUBY_VERSION.split(".")
 -raise "SWIG failed to run" unless system("#{swig} -ruby -autorename -DRUBY_VERSION=#{major}#{minor} -I. -I/usr/include/openwsman -o openwsman_wrap.c openwsman.i")
-+raise "SWIG failed to run" unless system("#{swig} -ruby -autorename -DRUBY_VERSION=#{major}#{minor} -I. -I/usr/include/openwsman -I/builddir/build/BUILD/openwsman-2.6.5/include/ -o openwsman_wrap.c openwsman.i")
++raise "SWIG failed to run" unless system("#{swig} -ruby -autorename -DRUBY_VERSION=#{major}#{minor} -I. -I/usr/include/openwsman -I/builddir/build/BUILD/openwsman-2.6.8/include/ -o openwsman_wrap.c openwsman.i")
  
  $CPPFLAGS = "-I/usr/include/openwsman -I.."
  

SOURCES/openwsman-2.6.2-openssl-1.1-fix.patch

@@ -1,31 +1,6 @@
-diff -up openwsman-2.6.5/src/lib/wsman-curl-client-transport.c.orig openwsman-2.6.5/src/lib/wsman-curl-client-transport.c
---- openwsman-2.6.5/src/lib/wsman-curl-client-transport.c.orig	2017-11-28 09:32:15.000000000 +0100
-+++ openwsman-2.6.5/src/lib/wsman-curl-client-transport.c	2018-01-23 13:14:59.357153453 +0100
-@@ -241,12 +241,20 @@ write_handler( void *ptr, size_t size, s
- static int ssl_certificate_thumbprint_verify_callback(X509_STORE_CTX *ctx, void *arg)
- {
- 	unsigned char *thumbprint = (unsigned char *)arg;
--	X509 *cert = ctx->cert;
- 	EVP_MD                                  *tempDigest;
- 
- 	unsigned char   tempFingerprint[EVP_MAX_MD_SIZE];
- 	unsigned int      tempFingerprintLen;
- 	tempDigest = (EVP_MD*)EVP_sha1( );
-+
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+	X509 *cert = X509_STORE_CTX_get_current_cert(ctx);
-+#else
-+	X509 *cert = ctx->cert;
-+#endif
-+	if(!cert)
-+		return 0;
-+
- 	if ( X509_digest(cert, tempDigest, tempFingerprint, &tempFingerprintLen ) <= 0)
- 		return 0;
- 	if(!memcmp(tempFingerprint, thumbprint, tempFingerprintLen))
-diff -up openwsman-2.6.5/src/server/shttpd/compat_unix.h.orig openwsman-2.6.5/src/server/shttpd/compat_unix.h
---- openwsman-2.6.5/src/server/shttpd/compat_unix.h.orig	2017-11-28 09:32:15.000000000 +0100
-+++ openwsman-2.6.5/src/server/shttpd/compat_unix.h	2018-01-23 13:14:59.357153453 +0100
+diff -up openwsman-2.6.8/src/server/shttpd/compat_unix.h.orig openwsman-2.6.8/src/server/shttpd/compat_unix.h
+--- openwsman-2.6.8/src/server/shttpd/compat_unix.h.orig	2018-10-12 12:06:26.000000000 +0200
++++ openwsman-2.6.8/src/server/shttpd/compat_unix.h	2018-11-22 13:30:10.756423510 +0100
 @@ -27,10 +27,6 @@
  	pthread_create(&tid, NULL, (void *(*)(void *))a, c); } while (0)
  #endif /* !NO_THREADS */
@@ -37,9 +12,9 @@ diff -up openwsman-2.6.5/src/server/shttpd/compat_unix.h.orig openwsman-2.6.5/sr
  #define	DIRSEP				'/'
  #define	IS_DIRSEP_CHAR(c)		((c) == '/')
  #define	O_BINARY			0
-diff -up openwsman-2.6.5/src/server/shttpd/io_ssl.c.orig openwsman-2.6.5/src/server/shttpd/io_ssl.c
---- openwsman-2.6.5/src/server/shttpd/io_ssl.c.orig	2017-11-28 09:32:15.000000000 +0100
-+++ openwsman-2.6.5/src/server/shttpd/io_ssl.c	2018-01-23 13:14:59.357153453 +0100
+diff -up openwsman-2.6.8/src/server/shttpd/io_ssl.c.orig openwsman-2.6.8/src/server/shttpd/io_ssl.c
+--- openwsman-2.6.8/src/server/shttpd/io_ssl.c.orig	2018-10-12 12:06:26.000000000 +0200
++++ openwsman-2.6.8/src/server/shttpd/io_ssl.c	2018-11-22 13:30:10.757423510 +0100
 @@ -11,23 +11,6 @@
  #include "defs.h"
  
@@ -64,9 +39,9 @@ diff -up openwsman-2.6.5/src/server/shttpd/io_ssl.c.orig openwsman-2.6.5/src/ser
  void
  _shttpd_ssl_handshake(struct stream *stream)
  {
-diff -up openwsman-2.6.5/src/server/shttpd/shttpd.c.orig openwsman-2.6.5/src/server/shttpd/shttpd.c
---- openwsman-2.6.5/src/server/shttpd/shttpd.c.orig	2017-11-28 09:32:15.000000000 +0100
-+++ openwsman-2.6.5/src/server/shttpd/shttpd.c	2018-01-23 13:16:13.738228773 +0100
+diff -up openwsman-2.6.8/src/server/shttpd/shttpd.c.orig openwsman-2.6.8/src/server/shttpd/shttpd.c
+--- openwsman-2.6.8/src/server/shttpd/shttpd.c.orig	2018-10-12 12:06:26.000000000 +0200
++++ openwsman-2.6.8/src/server/shttpd/shttpd.c	2018-11-22 13:30:41.314416695 +0100
 @@ -1476,20 +1476,14 @@ set_ssl(struct shttpd_ctx *ctx, const ch
  	int		retval = FALSE;
  	EC_KEY*		key;
@@ -94,22 +69,10 @@ diff -up openwsman-2.6.5/src/server/shttpd/shttpd.c.orig openwsman-2.6.5/src/ser
  
  	if ((CTX = SSL_CTX_new(SSLv23_server_method())) == NULL)
  		_shttpd_elog(E_LOG, NULL, "SSL_CTX_new error");
-@@ -1532,7 +1526,11 @@ set_ssl(struct shttpd_ctx *ctx, const ch
- 			if (strncasecmp(protocols[idx].name, ssl_disabled_protocols, blank_ptr-ssl_disabled_protocols) == 0) {
- 				//_shttpd_elog(E_LOG, NULL, "SSL: disable %s protocol", protocols[idx].name);
- 				debug("SSL: disable %s protocol", protocols[idx].name);
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+				SSL_CTX_set_options(CTX, protocols[idx].opt);
-+#else
- 				SSL_CTX_ctrl(CTX, SSL_CTRL_OPTIONS, protocols[idx].opt, NULL);
-+#endif
- 				break;
- 			}
- 		}
-diff -up openwsman-2.6.5/src/server/shttpd/ssl.h.orig openwsman-2.6.5/src/server/shttpd/ssl.h
---- openwsman-2.6.5/src/server/shttpd/ssl.h.orig	2017-11-28 09:32:15.000000000 +0100
-+++ openwsman-2.6.5/src/server/shttpd/ssl.h	2018-01-23 13:14:59.358153454 +0100
-@@ -12,50 +12,4 @@
+diff -up openwsman-2.6.8/src/server/shttpd/ssl.h.orig openwsman-2.6.8/src/server/shttpd/ssl.h
+--- openwsman-2.6.8/src/server/shttpd/ssl.h.orig	2018-10-12 12:06:26.000000000 +0200
++++ openwsman-2.6.8/src/server/shttpd/ssl.h	2018-11-22 13:30:10.757423510 +0100
+@@ -12,52 +12,4 @@
  
  #include <openssl/ssl.h>
  
@@ -130,7 +93,7 @@ diff -up openwsman-2.6.5/src/server/shttpd/ssl.h.orig openwsman-2.6.5/src/server
 -#define	SSL_ERROR_SYSCALL	5
 -#define	SSL_FILETYPE_PEM	1
 -
- #endif
+-#endif
 -
 -/*
 - * Dynamically loaded SSL functionality
@@ -153,9 +116,11 @@ diff -up openwsman-2.6.5/src/server/shttpd/ssl.h.orig openwsman-2.6.5/src/server
 -#define	SSL_get_error(x,y)(* (int (*)(SSL *, int)) FUNC(5))((x), (y))
 -#define	SSL_set_fd(x,y)	(* (int (*)(SSL *, int)) FUNC(6))((x), (y))
 -#define	SSL_new(x)	(* (SSL * (*)(SSL_CTX *)) FUNC(7))(x)
--#define	SSL_CTX_new(x)	(* (SSL_CTX * (*)(SSL_METHOD *)) FUNC(8))(x)
+-#define	SSL_CTX_new(x)	(* (SSL_CTX * (*)(const SSL_METHOD *)) FUNC(8))(x)
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
 -#define	SSLv23_server_method()	(* (SSL_METHOD * (*)(void)) FUNC(9))()
 -#define	SSL_library_init() (* (int (*)(void)) FUNC(10))()
+ #endif
 -#define	SSL_CTX_use_PrivateKey_file(x,y,z)	(* (int (*)(SSL_CTX *, \
 -		const char *, int)) FUNC(11))((x), (y), (z))
 -#define	SSL_CTX_use_certificate_file(x,y,z)	(* (int (*)(SSL_CTX *, \

SOURCES/openwsman-2.6.5-fix-set-cipher-list-retval-check.patch

@@ -1,12 +0,0 @@
-diff -up openwsman-2.6.5/src/server/shttpd/shttpd.c.orig openwsman-2.6.5/src/server/shttpd/shttpd.c
---- openwsman-2.6.5/src/server/shttpd/shttpd.c.orig	2018-02-21 10:53:24.964163710 +0100
-+++ openwsman-2.6.5/src/server/shttpd/shttpd.c	2018-02-21 10:53:31.854162875 +0100
-@@ -1541,7 +1541,7 @@ set_ssl(struct shttpd_ctx *ctx, const ch
- 
- 	if (ssl_cipher_list) {
-           int rc = SSL_CTX_set_cipher_list(CTX, ssl_cipher_list);
--          if (rc != 0) {
-+          if (rc != 1) {
-             _shttpd_elog(E_LOG, NULL, "Failed to set SSL cipher list \"%s\"", ssl_cipher_list);
-           }
-         }

SOURCES/openwsman-2.6.5-libcurl-error-codes-update.patch

@@ -0,0 +1,27 @@
+diff -up openwsman-2.6.5/src/lib/wsman-curl-client-transport.c.orig openwsman-2.6.5/src/lib/wsman-curl-client-transport.c
+--- openwsman-2.6.5/src/lib/wsman-curl-client-transport.c.orig	2018-11-14 13:53:27.442138557 +0100
++++ openwsman-2.6.5/src/lib/wsman-curl-client-transport.c	2018-11-14 14:11:28.508714204 +0100
+@@ -186,16 +186,23 @@ convert_to_last_error(CURLcode r)
+ 		return WS_LASTERR_SSL_CONNECT_ERROR;
+         case CURLE_BAD_FUNCTION_ARGUMENT:
+                 return WS_LASTERR_CURL_BAD_FUNCTION_ARG;
++#if LIBCURL_VERSION_NUM < 0x073E00
+ 	case CURLE_SSL_PEER_CERTIFICATE:
+ 		return WS_LASTERR_SSL_PEER_CERTIFICATE;
++#endif
+ 	case CURLE_SSL_ENGINE_NOTFOUND:
+ 		return WS_LASTERR_SSL_ENGINE_NOTFOUND;
+ 	case CURLE_SSL_ENGINE_SETFAILED:
+ 		return WS_LASTERR_SSL_ENGINE_SETFAILED;
+ 	case CURLE_SSL_CERTPROBLEM:
+ 		return WS_LASTERR_SSL_CERTPROBLEM;
++#if LIBCURL_VERSION_NUM < 0x073E00
+ 	case CURLE_SSL_CACERT:
+ 		return WS_LASTERR_SSL_CACERT;
++#else
++	case CURLE_PEER_FAILED_VERIFICATION:
++		return WS_LASTERR_SSL_PEER_CERTIFICATE;
++#endif
+ #if LIBCURL_VERSION_NUM > 0x70C01
+ 	case CURLE_SSL_ENGINE_INITFAILED:
+ 		return WS_LASTERR_SSL_ENGINE_INITFAILED;

SOURCES/openwsman-2.6.8-CVE-2019-3816.patch

@@ -1,6 +1,6 @@
-diff -up openwsman-2.6.5/src/server/shttpd/shttpd.c.orig openwsman-2.6.5/src/server/shttpd/shttpd.c
---- openwsman-2.6.5/src/server/shttpd/shttpd.c.orig	2019-03-13 10:20:07.376527798 +0100
-+++ openwsman-2.6.5/src/server/shttpd/shttpd.c	2019-03-13 10:20:07.380527801 +0100
+diff -up openwsman-2.6.8/src/server/shttpd/shttpd.c.orig openwsman-2.6.8/src/server/shttpd/shttpd.c
+--- openwsman-2.6.8/src/server/shttpd/shttpd.c.orig	2019-03-13 08:52:06.112090942 +0100
++++ openwsman-2.6.8/src/server/shttpd/shttpd.c	2019-03-13 09:01:15.496156789 +0100
 @@ -336,10 +336,12 @@ date_to_epoch(const char *s)
  }
  
@@ -52,9 +52,9 @@ diff -up openwsman-2.6.5/src/server/shttpd/shttpd.c.orig openwsman-2.6.5/src/ser
  }
  
  static int
-diff -up openwsman-2.6.5/src/server/wsmand.c.orig openwsman-2.6.5/src/server/wsmand.c
---- openwsman-2.6.5/src/server/wsmand.c.orig	2017-11-28 09:32:15.000000000 +0100
-+++ openwsman-2.6.5/src/server/wsmand.c	2019-03-13 10:20:07.380527801 +0100
+diff -up openwsman-2.6.8/src/server/wsmand.c.orig openwsman-2.6.8/src/server/wsmand.c
+--- openwsman-2.6.8/src/server/wsmand.c.orig	2018-10-12 12:06:26.000000000 +0200
++++ openwsman-2.6.8/src/server/wsmand.c	2019-03-13 09:03:25.919181279 +0100
 @@ -198,6 +198,10 @@ static void daemonize(void)
  	int fd;
  	char *pid;

SOURCES/openwsman-2.6.8-CVE-2019-3833.patch

@@ -1,6 +1,6 @@
-diff -up openwsman-2.6.5/src/server/shttpd/shttpd.c.orig openwsman-2.6.5/src/server/shttpd/shttpd.c
---- openwsman-2.6.5/src/server/shttpd/shttpd.c.orig	2020-05-11 11:10:04.783971915 +0200
-+++ openwsman-2.6.5/src/server/shttpd/shttpd.c	2020-05-11 11:10:04.786971932 +0200
+diff -up openwsman-2.6.8/src/server/shttpd/shttpd.c.orig openwsman-2.6.8/src/server/shttpd/shttpd.c
+--- openwsman-2.6.8/src/server/shttpd/shttpd.c.orig	2019-03-13 09:32:32.417633057 +0100
++++ openwsman-2.6.8/src/server/shttpd/shttpd.c	2019-03-13 09:58:04.482486589 +0100
 @@ -705,11 +705,11 @@ parse_http_request(struct conn *c)
  		_shttpd_send_server_error(c, 500, "Cannot allocate request");
  	}
@@ -83,7 +83,7 @@ diff -up openwsman-2.6.5/src/server/shttpd/shttpd.c.orig openwsman-2.6.5/src/ser
  }
  
  static int
-@@ -1640,7 +1649,7 @@ worker_function(void *param)
+@@ -1642,7 +1651,7 @@ worker_function(void *param)
  	while (worker->exit_flag == 0)
  		poll_worker(worker, 1000 * 10);
  

SOURCES/openwsman-2.6.8-http-unauthorized-improve.patch

@@ -1,7 +1,7 @@
-diff -up openwsman-2.6.5/src/lib/wsman-curl-client-transport.c.orig openwsman-2.6.5/src/lib/wsman-curl-client-transport.c
---- openwsman-2.6.5/src/lib/wsman-curl-client-transport.c.orig	2022-09-08 10:36:46.265107915 +0200
-+++ openwsman-2.6.5/src/lib/wsman-curl-client-transport.c	2022-09-08 10:36:46.273107919 +0200
-@@ -452,6 +452,7 @@ wsmc_handler( WsManClient *cl,
+diff -up openwsman-2.6.8/src/lib/wsman-curl-client-transport.c.orig openwsman-2.6.8/src/lib/wsman-curl-client-transport.c
+--- openwsman-2.6.8/src/lib/wsman-curl-client-transport.c.orig	2022-11-24 10:02:08.114053046 +0100
++++ openwsman-2.6.8/src/lib/wsman-curl-client-transport.c	2022-11-24 10:02:08.119053046 +0100
+@@ -455,6 +455,7 @@ wsmc_handler( WsManClient *cl,
  	long http_code;
  	long auth_avail = 0;
  	char *_user = NULL, *_pass = NULL;
@@ -9,7 +9,7 @@ diff -up openwsman-2.6.5/src/lib/wsman-curl-client-transport.c.orig openwsman-2.
  	u_buf_t *response = NULL;
  	//char *soapaction;
  	char *tmp_str = NULL;
-@@ -551,6 +552,7 @@ wsmc_handler( WsManClient *cl,
+@@ -554,6 +555,7 @@ wsmc_handler( WsManClient *cl,
  		_user = wsmc_get_user(cl);
  		_pass = wsmc_get_password(cl);
  		if (_user && _pass && cl->data.auth_set) {
@@ -17,7 +17,7 @@ diff -up openwsman-2.6.5/src/lib/wsman-curl-client-transport.c.orig openwsman-2.
  			r = curl_easy_setopt(curl, CURLOPT_HTTPAUTH, cl->data.auth_set);
  			if (r != CURLE_OK) {
  				cl->fault_string = u_strdup(curl_easy_strerror(r));
-@@ -571,6 +573,11 @@ wsmc_handler( WsManClient *cl,
+@@ -574,6 +576,11 @@ wsmc_handler( WsManClient *cl,
  				curl_err("curl_easy_setopt(curl, CURLOPT_USERPWD, ..) failed");
  				goto DONE;
  			}
@@ -29,7 +29,7 @@ diff -up openwsman-2.6.5/src/lib/wsman-curl-client-transport.c.orig openwsman-2.
  		}
  
  		if (wsman_debug_level_debugged(DEBUG_LEVEL_MESSAGE)) {
-@@ -603,6 +610,24 @@ wsmc_handler( WsManClient *cl,
+@@ -606,6 +613,24 @@ wsmc_handler( WsManClient *cl,
  				break;
  			case 401:
  				// The server requires authentication.

SOURCES/openwsman-2.6.8-update-ssleay-conf.patch

@@ -0,0 +1,15 @@
+diff -up openwsman-2.6.8/etc/ssleay.cnf.orig openwsman-2.6.8/etc/ssleay.cnf
+--- openwsman-2.6.8/etc/ssleay.cnf.orig	2018-10-12 12:06:26.000000000 +0200
++++ openwsman-2.6.8/etc/ssleay.cnf	2020-09-22 14:27:56.216306882 +0200
+@@ -2,10 +2,8 @@
+ # SSLeay example configuration file.
+ #
+ 
+-RANDFILE                = /dev/random
+-
+ [ req ]
+-default_bits            = 1024
++default_bits            = 2048
+ default_keyfile         = privkey.pem
+ distinguished_name      = req_distinguished_name
+ 

SPECS/openwsman.spec

@@ -2,8 +2,8 @@
 %global		gem_name %{name}
 
 Name:		openwsman
-Version:	2.6.5
-Release:	9%{?dist}
+Version:	2.6.8
+Release:	23%{?dist}
 Summary:	Open source Implementation of WS-Management
 
 License:	BSD
@@ -19,17 +19,19 @@ Patch1:		openwsman-2.4.0-pamsetup.patch
 Patch2:		openwsman-2.4.12-ruby-binding-build.patch
 Patch3:		openwsman-2.6.2-openssl-1.1-fix.patch
 Patch4:		openwsman-2.6.5-http-status-line.patch
-Patch5:		openwsman-2.6.5-fix-set-cipher-list-retval-check.patch
-Patch6:		openwsman-2.6.5-CVE-2019-3816.patch
-# Patch7: fixes CVE-2019-3833, rhbz#1687865
-Patch7:		openwsman-2.6.5-CVE-2019-3833.patch
-Patch8:		openwsman-2.6.5-http-unauthorized-improve.patch
+Patch5:		openwsman-2.6.5-libcurl-error-codes-update.patch
+Patch6:		openwsman-2.6.8-CVE-2019-3816.patch
+Patch7:		openwsman-2.6.8-CVE-2019-3833.patch
+Patch8:		openwsman-2.6.8-update-ssleay-conf.patch
+Patch9:		openwsman-2.6.8-http-unauthorized-improve.patch
+BuildRequires: make
 BuildRequires:	swig
 BuildRequires:	libcurl-devel libxml2-devel pam-devel sblim-sfcc-devel
 BuildRequires:	python3 python3-devel ruby ruby-devel rubygems-devel perl-interpreter
 BuildRequires:	perl-devel perl-generators pkgconfig openssl-devel
 BuildRequires:	cmake
 BuildRequires:	systemd-units
+BuildRequires:	gcc gcc-c++
 
 %description
 Openwsman is a project intended to provide an open-source
@@ -92,6 +94,7 @@ This package provides Python3 bindings to access the openwsman client API.
 License:	BSD
 Summary:	Ruby client bindings for Openwsman
 Obsoletes:	%{name}-ruby < %{version}-%{release}
+Requires:	libwsman1 = %{version}-%{release}
 
 %description -n rubygem-%{gem_name}
 The openwsman gem provides a Ruby API to manage systems using
@@ -129,10 +132,11 @@ You can use it to send shell commands to a remote Windows hosts.
 %patch2 -p1 -b .ruby-binding-build
 %patch3 -p1 -b .openssl-1.1-fix
 %patch4 -p1 -b .http-status-line
-%patch5 -p1 -b .fix-set-cipher-list-retval-check
+%patch5 -p1 -b .libcurl-error-codes-update
 %patch6 -p1 -b .CVE-2019-3816
 %patch7 -p1 -b .CVE-2019-3833
-%patch8 -p1 -b .http-unauthorized-improve
+%patch8 -p1 -b .update-ssleay-conf
+%patch9 -p1 -b .http-unauthorized-improve
 
 %build
 # Removing executable permissions on .c and .h files to fix rpmlint warnings. 
@@ -142,8 +146,8 @@ rm -rf build
 mkdir build
 
 export RPM_OPT_FLAGS="$RPM_OPT_FLAGS -DFEDORA -DNO_SSL_CALLBACK"
-export CFLAGS="-D_GNU_SOURCE -fPIE -DPIE"
-export LDFLAGS="$LDFLAGS -Wl,-z,now -pie"
+export CFLAGS="$RPM_OPT_FLAGS -fPIC -pie -Wl,-z,relro -Wl,-z,now"
+export CXXFLAGS="$RPM_OPT_FLAGS -fPIC -pie -Wl,-z,relro -Wl,-z,now"
 cd build
 cmake \
 	-DCMAKE_INSTALL_PREFIX=/usr \
@@ -155,6 +159,7 @@ cmake \
 	-DPACKAGE_ARCHITECTURE=`uname -m` \
 	-DLIB=%{_lib} \
 	-DBUILD_JAVA=no \
+	-DBUILD_PYTHON=no \
 	..
 
 make
@@ -173,7 +178,7 @@ cd build
 # Do not install the ruby extension, we are proviging the rubygem- instead.
 echo -n > bindings/ruby/cmake_install.cmake
 
-make DESTDIR=%{buildroot} install
+%make_install
 cd ..
 rm -f %{buildroot}/%{_libdir}/*.la
 rm -f %{buildroot}/%{_libdir}/openwsman/plugins/*.la
@@ -204,12 +209,10 @@ rm -rf %{buildroot}%{gem_instdir}/ext
 mkdir -p %{buildroot}%{gem_extdir_mri}
 cp -a ./build%{gem_extdir_mri}/{gem.build_complete,*.so} %{buildroot}%{gem_extdir_mri}/
 
-%post -n libwsman1 -p /sbin/ldconfig
-
-%postun -n libwsman1 -p /sbin/ldconfig
+%ldconfig_scriptlets -n libwsman1
 
 %post server
-/sbin/ldconfig
+%{?ldconfig}
 %systemd_post openwsmand.service
 
 %preun server
@@ -218,11 +221,9 @@ cp -a ./build%{gem_extdir_mri}/{gem.build_complete,*.so} %{buildroot}%{gem_extdi
 %postun server
 rm -f /var/log/wsmand.log
 %systemd_postun_with_restart openwsmand.service
-/sbin/ldconfig
+%{?ldconfig}
 
-%post client -p /sbin/ldconfig
-
-%postun client -p /sbin/ldconfig
+%ldconfig_scriptlets client
 
 %files -n libwsman1
 %doc AUTHORS COPYING ChangeLog README.md TODO
@@ -289,32 +290,110 @@ rm -f /var/log/wsmand.log
 %{_bindir}/winrs
 
 %changelog
-* Tue Sep 20 2022 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.5-9
-- Rebuild
-  Related: #2124894
-
-* Thu Sep 08 2022 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.5-8
+* Thu Nov 24 2022 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.8-23
 - Improve handling of HTTP 401 Unauthorized
-  Resolves: #2124894
+  Resolves: #2127415
 
-* Mon May 11 2020 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.5-7
-- Fix CVE-2019-3833
-  Resolves: #1687865
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.6.8-22
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688
 
-* Wed Jul 17 2019 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.5-6
-- Fix name of Patch6
+* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.6.8-21
+- Rebuilt for RHEL 9 BETA for openssl 3.0
+  Related: rhbz#1971065
 
-* Wed Mar 13 2019 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.5-5
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.6.8-20
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.8-19
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Wed Jan 06 2021 Mamoru TASAKA <mtasaka@fedoraproject.org> - 2.6.8-18
+- F-34: rebuild against ruby 3.0
+
+* Tue Sep 22 2020 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.8-17
+- Use make macros, patch by Tom Stellard <tstellar@redhat.com>
+  (https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro)
+- Update flags, enable LTO
+- Remove RANDFILE and increase default bits in ssleay.conf
+
+* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.8-16
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Wed Jul 08 2020 Jeff Law <law@redhat.com> - 2.6.8-15
+- Disable LTO
+
+* Mon Jun 22 2020 Jitka Plesnikova <jplesnik@redhat.com> - 2.6.8-14
+- Perl 5.32 rebuild
+
+* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 2.6.8-13
+- Rebuilt for Python 3.9
+
+* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.8-12
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Sat Jan 18 2020 Mamoru TASAKA <mtasaka@fedoraproject.org> - 2.6.8-11
+- F-32: rebuild against ruby27
+
+* Thu Oct 03 2019 Miro Hrončok <mhroncok@redhat.com> - 2.6.8-10
+- Rebuilt for Python 3.8.0rc1 (#1748018)
+
+* Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 2.6.8-9
+- Rebuilt for Python 3.8
+
+* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.8-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Thu May 30 2019 Jitka Plesnikova <jplesnik@redhat.com> - 2.6.8-7
+- Perl 5.30 rebuild
+
+* Mon Apr 01 2019 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.8-6
+- Add requires libwsman1 for rubygem-openwsman
+
+* Wed Mar 13 2019 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.8-5
 - Fix CVE-2019-3816
-  Resolves: #1687864
+  Resolves: #1687760
+- Fix CVE-2019-3833
+  Resolves: #1687762
 - Remove Dist Tag from the oldest changelog entry
 
-* Thu Sep 20 2018 Tomas Orsava <torsava@redhat.com> - 2.6.5-4
-- Require the Python interpreter directly instead of using the package name
-- Related: rhbz#1619153
+* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org>
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
 
-* Wed Feb 21 2018 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.5-3
+* Mon Jan 21 2019 Mamoru TASAKA <mtasaka@fedoraproject.org> - 2.6.8-3
+- F-30: rebuild against ruby26
+
+* Mon Jan 14 2019 Björn Esser <besser82@fedoraproject.org> - 2.6.8-2
+- Rebuilt for libcrypt.so.2 (#1666033)
+
+* Thu Nov 22 2018 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.8-1
+- Update to openwsman-2.6.8
+
+* Wed Nov 14 2018 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.5-10
+- Reflect changes in libcurl error codes
+  Resolves: #1649393
+
+* Mon Oct 01 2018 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.5-9
+- Require the Python interpreter directly instead of using the package name
+
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.5-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Tue Jul 03 2018 Petr Pisar <ppisar@redhat.com> - 2.6.5-7
+- Perl 5.28 rebuild
+
+* Thu Jun 28 2018 Jitka Plesnikova <jplesnik@redhat.com> - 2.6.5-6
+- Perl 5.28 rebuild
+
+* Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com> - 2.6.5-5
+- Rebuilt for Python 3.7
+
+* Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com> - 2.6.5-4
+- Rebuilt for Python 3.7
+
+* Thu Feb 22 2018 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.5-3
 - Fix wrong SSL_CTX_set_cipher_list() retval check
+- Add BuildRequires gcc and gcc-c++
 - Explicitly disable build of java bindings (build fails if java-devel is installed)
 
 * Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.5-2