Compare commits

...

No commits in common. "c8" and "c9-beta" have entirely different histories.
c8 ... c9-beta

12 changed files with 194 additions and 143 deletions

2
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/openwsmand.8.gz SOURCES/openwsmand.8.gz
SOURCES/v2.6.5.tar.gz SOURCES/v2.6.8.tar.gz

2
.openwsman.metadata Normal file
View File

@ -0,0 +1,2 @@
a6a8bbbfa71ce04bedae55f2f06ce97089b6c5e1 SOURCES/openwsmand.8.gz
e061a41b3d5f5fa4ee284726d283e15f4a0e8c46 SOURCES/v2.6.8.tar.gz

View File

@ -1,16 +1,13 @@
diff -up openwsman-2.6.1/etc/pam/openwsman.pamsetup openwsman-2.6.1/etc/pam/openwsman diff -up openwsman-2.6.8/etc/pam/openwsman.orig openwsman-2.6.8/etc/pam/openwsman
--- openwsman-2.6.1/etc/pam/openwsman.pamsetup 2015-08-27 15:46:46.000000000 +0200 --- openwsman-2.6.8/etc/pam/openwsman.orig 2018-11-21 13:51:52.776325243 +0100
+++ openwsman-2.6.1/etc/pam/openwsman 2015-08-31 16:08:28.166913889 +0200 +++ openwsman-2.6.8/etc/pam/openwsman 2018-11-21 13:54:17.066351134 +0100
@@ -1,7 +1,7 @@ @@ -2,6 +2,6 @@
#%PAM-1.0 auth required pam_unix.so nullok
-auth required pam_unix2.so nullok
+auth required pam_unix.so nullok
auth required pam_nologin.so auth required pam_nologin.so
-account required pam_unix2.so account required pam_unix.so
-password required pam_pwcheck.so nullok -password required pam_cracklib.so nullok
-password required pam_unix2.so nullok use_first_pass use_authtok -password required pam_unix.so nullok use_first_pass use_authtok nis shadow
-session required pam_unix2.so none -session required pam_unix.so none
+account required pam_unix.so
+password required pam_pwquality.so +password required pam_pwquality.so
+password required pam_unix.so nullok use_first_pass use_authtok +password required pam_unix.so nullok use_first_pass use_authtok
+session required pam_unix.so +session required pam_unix.so

View File

@ -6,7 +6,7 @@ diff -up openwsman-2.4.12/bindings/ruby/extconf.rb.orig openwsman-2.4.12/binding
major, minor, path = RUBY_VERSION.split(".") major, minor, path = RUBY_VERSION.split(".")
-raise "SWIG failed to run" unless system("#{swig} -ruby -autorename -DRUBY_VERSION=#{major}#{minor} -I. -I/usr/include/openwsman -o openwsman_wrap.c openwsman.i") -raise "SWIG failed to run" unless system("#{swig} -ruby -autorename -DRUBY_VERSION=#{major}#{minor} -I. -I/usr/include/openwsman -o openwsman_wrap.c openwsman.i")
+raise "SWIG failed to run" unless system("#{swig} -ruby -autorename -DRUBY_VERSION=#{major}#{minor} -I. -I/usr/include/openwsman -I/builddir/build/BUILD/openwsman-2.6.5/include/ -o openwsman_wrap.c openwsman.i") +raise "SWIG failed to run" unless system("#{swig} -ruby -autorename -DRUBY_VERSION=#{major}#{minor} -I. -I/usr/include/openwsman -I/builddir/build/BUILD/openwsman-2.6.8/include/ -o openwsman_wrap.c openwsman.i")
$CPPFLAGS = "-I/usr/include/openwsman -I.." $CPPFLAGS = "-I/usr/include/openwsman -I.."

View File

@ -1,31 +1,6 @@
diff -up openwsman-2.6.5/src/lib/wsman-curl-client-transport.c.orig openwsman-2.6.5/src/lib/wsman-curl-client-transport.c diff -up openwsman-2.6.8/src/server/shttpd/compat_unix.h.orig openwsman-2.6.8/src/server/shttpd/compat_unix.h
--- openwsman-2.6.5/src/lib/wsman-curl-client-transport.c.orig 2017-11-28 09:32:15.000000000 +0100 --- openwsman-2.6.8/src/server/shttpd/compat_unix.h.orig 2018-10-12 12:06:26.000000000 +0200
+++ openwsman-2.6.5/src/lib/wsman-curl-client-transport.c 2018-01-23 13:14:59.357153453 +0100 +++ openwsman-2.6.8/src/server/shttpd/compat_unix.h 2018-11-22 13:30:10.756423510 +0100
@@ -241,12 +241,20 @@ write_handler( void *ptr, size_t size, s
static int ssl_certificate_thumbprint_verify_callback(X509_STORE_CTX *ctx, void *arg)
{
unsigned char *thumbprint = (unsigned char *)arg;
- X509 *cert = ctx->cert;
EVP_MD *tempDigest;
unsigned char tempFingerprint[EVP_MAX_MD_SIZE];
unsigned int tempFingerprintLen;
tempDigest = (EVP_MD*)EVP_sha1( );
+
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ X509 *cert = X509_STORE_CTX_get_current_cert(ctx);
+#else
+ X509 *cert = ctx->cert;
+#endif
+ if(!cert)
+ return 0;
+
if ( X509_digest(cert, tempDigest, tempFingerprint, &tempFingerprintLen ) <= 0)
return 0;
if(!memcmp(tempFingerprint, thumbprint, tempFingerprintLen))
diff -up openwsman-2.6.5/src/server/shttpd/compat_unix.h.orig openwsman-2.6.5/src/server/shttpd/compat_unix.h
--- openwsman-2.6.5/src/server/shttpd/compat_unix.h.orig 2017-11-28 09:32:15.000000000 +0100
+++ openwsman-2.6.5/src/server/shttpd/compat_unix.h 2018-01-23 13:14:59.357153453 +0100
@@ -27,10 +27,6 @@ @@ -27,10 +27,6 @@
pthread_create(&tid, NULL, (void *(*)(void *))a, c); } while (0) pthread_create(&tid, NULL, (void *(*)(void *))a, c); } while (0)
#endif /* !NO_THREADS */ #endif /* !NO_THREADS */
@ -37,9 +12,9 @@ diff -up openwsman-2.6.5/src/server/shttpd/compat_unix.h.orig openwsman-2.6.5/sr
#define DIRSEP '/' #define DIRSEP '/'
#define IS_DIRSEP_CHAR(c) ((c) == '/') #define IS_DIRSEP_CHAR(c) ((c) == '/')
#define O_BINARY 0 #define O_BINARY 0
diff -up openwsman-2.6.5/src/server/shttpd/io_ssl.c.orig openwsman-2.6.5/src/server/shttpd/io_ssl.c diff -up openwsman-2.6.8/src/server/shttpd/io_ssl.c.orig openwsman-2.6.8/src/server/shttpd/io_ssl.c
--- openwsman-2.6.5/src/server/shttpd/io_ssl.c.orig 2017-11-28 09:32:15.000000000 +0100 --- openwsman-2.6.8/src/server/shttpd/io_ssl.c.orig 2018-10-12 12:06:26.000000000 +0200
+++ openwsman-2.6.5/src/server/shttpd/io_ssl.c 2018-01-23 13:14:59.357153453 +0100 +++ openwsman-2.6.8/src/server/shttpd/io_ssl.c 2018-11-22 13:30:10.757423510 +0100
@@ -11,23 +11,6 @@ @@ -11,23 +11,6 @@
#include "defs.h" #include "defs.h"
@ -64,9 +39,9 @@ diff -up openwsman-2.6.5/src/server/shttpd/io_ssl.c.orig openwsman-2.6.5/src/ser
void void
_shttpd_ssl_handshake(struct stream *stream) _shttpd_ssl_handshake(struct stream *stream)
{ {
diff -up openwsman-2.6.5/src/server/shttpd/shttpd.c.orig openwsman-2.6.5/src/server/shttpd/shttpd.c diff -up openwsman-2.6.8/src/server/shttpd/shttpd.c.orig openwsman-2.6.8/src/server/shttpd/shttpd.c
--- openwsman-2.6.5/src/server/shttpd/shttpd.c.orig 2017-11-28 09:32:15.000000000 +0100 --- openwsman-2.6.8/src/server/shttpd/shttpd.c.orig 2018-10-12 12:06:26.000000000 +0200
+++ openwsman-2.6.5/src/server/shttpd/shttpd.c 2018-01-23 13:16:13.738228773 +0100 +++ openwsman-2.6.8/src/server/shttpd/shttpd.c 2018-11-22 13:30:41.314416695 +0100
@@ -1476,20 +1476,14 @@ set_ssl(struct shttpd_ctx *ctx, const ch @@ -1476,20 +1476,14 @@ set_ssl(struct shttpd_ctx *ctx, const ch
int retval = FALSE; int retval = FALSE;
EC_KEY* key; EC_KEY* key;
@ -94,22 +69,10 @@ diff -up openwsman-2.6.5/src/server/shttpd/shttpd.c.orig openwsman-2.6.5/src/ser
if ((CTX = SSL_CTX_new(SSLv23_server_method())) == NULL) if ((CTX = SSL_CTX_new(SSLv23_server_method())) == NULL)
_shttpd_elog(E_LOG, NULL, "SSL_CTX_new error"); _shttpd_elog(E_LOG, NULL, "SSL_CTX_new error");
@@ -1532,7 +1526,11 @@ set_ssl(struct shttpd_ctx *ctx, const ch diff -up openwsman-2.6.8/src/server/shttpd/ssl.h.orig openwsman-2.6.8/src/server/shttpd/ssl.h
if (strncasecmp(protocols[idx].name, ssl_disabled_protocols, blank_ptr-ssl_disabled_protocols) == 0) { --- openwsman-2.6.8/src/server/shttpd/ssl.h.orig 2018-10-12 12:06:26.000000000 +0200
//_shttpd_elog(E_LOG, NULL, "SSL: disable %s protocol", protocols[idx].name); +++ openwsman-2.6.8/src/server/shttpd/ssl.h 2018-11-22 13:30:10.757423510 +0100
debug("SSL: disable %s protocol", protocols[idx].name); @@ -12,52 +12,4 @@
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ SSL_CTX_set_options(CTX, protocols[idx].opt);
+#else
SSL_CTX_ctrl(CTX, SSL_CTRL_OPTIONS, protocols[idx].opt, NULL);
+#endif
break;
}
}
diff -up openwsman-2.6.5/src/server/shttpd/ssl.h.orig openwsman-2.6.5/src/server/shttpd/ssl.h
--- openwsman-2.6.5/src/server/shttpd/ssl.h.orig 2017-11-28 09:32:15.000000000 +0100
+++ openwsman-2.6.5/src/server/shttpd/ssl.h 2018-01-23 13:14:59.358153454 +0100
@@ -12,50 +12,4 @@
#include <openssl/ssl.h> #include <openssl/ssl.h>
@ -130,7 +93,7 @@ diff -up openwsman-2.6.5/src/server/shttpd/ssl.h.orig openwsman-2.6.5/src/server
-#define SSL_ERROR_SYSCALL 5 -#define SSL_ERROR_SYSCALL 5
-#define SSL_FILETYPE_PEM 1 -#define SSL_FILETYPE_PEM 1
- -
#endif -#endif
- -
-/* -/*
- * Dynamically loaded SSL functionality - * Dynamically loaded SSL functionality
@ -153,9 +116,11 @@ diff -up openwsman-2.6.5/src/server/shttpd/ssl.h.orig openwsman-2.6.5/src/server
-#define SSL_get_error(x,y)(* (int (*)(SSL *, int)) FUNC(5))((x), (y)) -#define SSL_get_error(x,y)(* (int (*)(SSL *, int)) FUNC(5))((x), (y))
-#define SSL_set_fd(x,y) (* (int (*)(SSL *, int)) FUNC(6))((x), (y)) -#define SSL_set_fd(x,y) (* (int (*)(SSL *, int)) FUNC(6))((x), (y))
-#define SSL_new(x) (* (SSL * (*)(SSL_CTX *)) FUNC(7))(x) -#define SSL_new(x) (* (SSL * (*)(SSL_CTX *)) FUNC(7))(x)
-#define SSL_CTX_new(x) (* (SSL_CTX * (*)(SSL_METHOD *)) FUNC(8))(x) -#define SSL_CTX_new(x) (* (SSL_CTX * (*)(const SSL_METHOD *)) FUNC(8))(x)
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-#define SSLv23_server_method() (* (SSL_METHOD * (*)(void)) FUNC(9))() -#define SSLv23_server_method() (* (SSL_METHOD * (*)(void)) FUNC(9))()
-#define SSL_library_init() (* (int (*)(void)) FUNC(10))() -#define SSL_library_init() (* (int (*)(void)) FUNC(10))()
#endif
-#define SSL_CTX_use_PrivateKey_file(x,y,z) (* (int (*)(SSL_CTX *, \ -#define SSL_CTX_use_PrivateKey_file(x,y,z) (* (int (*)(SSL_CTX *, \
- const char *, int)) FUNC(11))((x), (y), (z)) - const char *, int)) FUNC(11))((x), (y), (z))
-#define SSL_CTX_use_certificate_file(x,y,z) (* (int (*)(SSL_CTX *, \ -#define SSL_CTX_use_certificate_file(x,y,z) (* (int (*)(SSL_CTX *, \

View File

@ -1,12 +0,0 @@
diff -up openwsman-2.6.5/src/server/shttpd/shttpd.c.orig openwsman-2.6.5/src/server/shttpd/shttpd.c
--- openwsman-2.6.5/src/server/shttpd/shttpd.c.orig 2018-02-21 10:53:24.964163710 +0100
+++ openwsman-2.6.5/src/server/shttpd/shttpd.c 2018-02-21 10:53:31.854162875 +0100
@@ -1541,7 +1541,7 @@ set_ssl(struct shttpd_ctx *ctx, const ch
if (ssl_cipher_list) {
int rc = SSL_CTX_set_cipher_list(CTX, ssl_cipher_list);
- if (rc != 0) {
+ if (rc != 1) {
_shttpd_elog(E_LOG, NULL, "Failed to set SSL cipher list \"%s\"", ssl_cipher_list);
}
}

View File

@ -0,0 +1,27 @@
diff -up openwsman-2.6.5/src/lib/wsman-curl-client-transport.c.orig openwsman-2.6.5/src/lib/wsman-curl-client-transport.c
--- openwsman-2.6.5/src/lib/wsman-curl-client-transport.c.orig 2018-11-14 13:53:27.442138557 +0100
+++ openwsman-2.6.5/src/lib/wsman-curl-client-transport.c 2018-11-14 14:11:28.508714204 +0100
@@ -186,16 +186,23 @@ convert_to_last_error(CURLcode r)
return WS_LASTERR_SSL_CONNECT_ERROR;
case CURLE_BAD_FUNCTION_ARGUMENT:
return WS_LASTERR_CURL_BAD_FUNCTION_ARG;
+#if LIBCURL_VERSION_NUM < 0x073E00
case CURLE_SSL_PEER_CERTIFICATE:
return WS_LASTERR_SSL_PEER_CERTIFICATE;
+#endif
case CURLE_SSL_ENGINE_NOTFOUND:
return WS_LASTERR_SSL_ENGINE_NOTFOUND;
case CURLE_SSL_ENGINE_SETFAILED:
return WS_LASTERR_SSL_ENGINE_SETFAILED;
case CURLE_SSL_CERTPROBLEM:
return WS_LASTERR_SSL_CERTPROBLEM;
+#if LIBCURL_VERSION_NUM < 0x073E00
case CURLE_SSL_CACERT:
return WS_LASTERR_SSL_CACERT;
+#else
+ case CURLE_PEER_FAILED_VERIFICATION:
+ return WS_LASTERR_SSL_PEER_CERTIFICATE;
+#endif
#if LIBCURL_VERSION_NUM > 0x70C01
case CURLE_SSL_ENGINE_INITFAILED:
return WS_LASTERR_SSL_ENGINE_INITFAILED;

View File

@ -1,6 +1,6 @@
diff -up openwsman-2.6.5/src/server/shttpd/shttpd.c.orig openwsman-2.6.5/src/server/shttpd/shttpd.c diff -up openwsman-2.6.8/src/server/shttpd/shttpd.c.orig openwsman-2.6.8/src/server/shttpd/shttpd.c
--- openwsman-2.6.5/src/server/shttpd/shttpd.c.orig 2019-03-13 10:20:07.376527798 +0100 --- openwsman-2.6.8/src/server/shttpd/shttpd.c.orig 2019-03-13 08:52:06.112090942 +0100
+++ openwsman-2.6.5/src/server/shttpd/shttpd.c 2019-03-13 10:20:07.380527801 +0100 +++ openwsman-2.6.8/src/server/shttpd/shttpd.c 2019-03-13 09:01:15.496156789 +0100
@@ -336,10 +336,12 @@ date_to_epoch(const char *s) @@ -336,10 +336,12 @@ date_to_epoch(const char *s)
} }
@ -52,9 +52,9 @@ diff -up openwsman-2.6.5/src/server/shttpd/shttpd.c.orig openwsman-2.6.5/src/ser
} }
static int static int
diff -up openwsman-2.6.5/src/server/wsmand.c.orig openwsman-2.6.5/src/server/wsmand.c diff -up openwsman-2.6.8/src/server/wsmand.c.orig openwsman-2.6.8/src/server/wsmand.c
--- openwsman-2.6.5/src/server/wsmand.c.orig 2017-11-28 09:32:15.000000000 +0100 --- openwsman-2.6.8/src/server/wsmand.c.orig 2018-10-12 12:06:26.000000000 +0200
+++ openwsman-2.6.5/src/server/wsmand.c 2019-03-13 10:20:07.380527801 +0100 +++ openwsman-2.6.8/src/server/wsmand.c 2019-03-13 09:03:25.919181279 +0100
@@ -198,6 +198,10 @@ static void daemonize(void) @@ -198,6 +198,10 @@ static void daemonize(void)
int fd; int fd;
char *pid; char *pid;

View File

@ -1,6 +1,6 @@
diff -up openwsman-2.6.5/src/server/shttpd/shttpd.c.orig openwsman-2.6.5/src/server/shttpd/shttpd.c diff -up openwsman-2.6.8/src/server/shttpd/shttpd.c.orig openwsman-2.6.8/src/server/shttpd/shttpd.c
--- openwsman-2.6.5/src/server/shttpd/shttpd.c.orig 2020-05-11 11:10:04.783971915 +0200 --- openwsman-2.6.8/src/server/shttpd/shttpd.c.orig 2019-03-13 09:32:32.417633057 +0100
+++ openwsman-2.6.5/src/server/shttpd/shttpd.c 2020-05-11 11:10:04.786971932 +0200 +++ openwsman-2.6.8/src/server/shttpd/shttpd.c 2019-03-13 09:58:04.482486589 +0100
@@ -705,11 +705,11 @@ parse_http_request(struct conn *c) @@ -705,11 +705,11 @@ parse_http_request(struct conn *c)
_shttpd_send_server_error(c, 500, "Cannot allocate request"); _shttpd_send_server_error(c, 500, "Cannot allocate request");
} }
@ -83,7 +83,7 @@ diff -up openwsman-2.6.5/src/server/shttpd/shttpd.c.orig openwsman-2.6.5/src/ser
} }
static int static int
@@ -1640,7 +1649,7 @@ worker_function(void *param) @@ -1642,7 +1651,7 @@ worker_function(void *param)
while (worker->exit_flag == 0) while (worker->exit_flag == 0)
poll_worker(worker, 1000 * 10); poll_worker(worker, 1000 * 10);

View File

@ -1,7 +1,7 @@
diff -up openwsman-2.6.5/src/lib/wsman-curl-client-transport.c.orig openwsman-2.6.5/src/lib/wsman-curl-client-transport.c diff -up openwsman-2.6.8/src/lib/wsman-curl-client-transport.c.orig openwsman-2.6.8/src/lib/wsman-curl-client-transport.c
--- openwsman-2.6.5/src/lib/wsman-curl-client-transport.c.orig 2022-09-08 10:36:46.265107915 +0200 --- openwsman-2.6.8/src/lib/wsman-curl-client-transport.c.orig 2022-11-24 10:02:08.114053046 +0100
+++ openwsman-2.6.5/src/lib/wsman-curl-client-transport.c 2022-09-08 10:36:46.273107919 +0200 +++ openwsman-2.6.8/src/lib/wsman-curl-client-transport.c 2022-11-24 10:02:08.119053046 +0100
@@ -452,6 +452,7 @@ wsmc_handler( WsManClient *cl, @@ -455,6 +455,7 @@ wsmc_handler( WsManClient *cl,
long http_code; long http_code;
long auth_avail = 0; long auth_avail = 0;
char *_user = NULL, *_pass = NULL; char *_user = NULL, *_pass = NULL;
@ -9,7 +9,7 @@ diff -up openwsman-2.6.5/src/lib/wsman-curl-client-transport.c.orig openwsman-2.
u_buf_t *response = NULL; u_buf_t *response = NULL;
//char *soapaction; //char *soapaction;
char *tmp_str = NULL; char *tmp_str = NULL;
@@ -551,6 +552,7 @@ wsmc_handler( WsManClient *cl, @@ -554,6 +555,7 @@ wsmc_handler( WsManClient *cl,
_user = wsmc_get_user(cl); _user = wsmc_get_user(cl);
_pass = wsmc_get_password(cl); _pass = wsmc_get_password(cl);
if (_user && _pass && cl->data.auth_set) { if (_user && _pass && cl->data.auth_set) {
@ -17,7 +17,7 @@ diff -up openwsman-2.6.5/src/lib/wsman-curl-client-transport.c.orig openwsman-2.
r = curl_easy_setopt(curl, CURLOPT_HTTPAUTH, cl->data.auth_set); r = curl_easy_setopt(curl, CURLOPT_HTTPAUTH, cl->data.auth_set);
if (r != CURLE_OK) { if (r != CURLE_OK) {
cl->fault_string = u_strdup(curl_easy_strerror(r)); cl->fault_string = u_strdup(curl_easy_strerror(r));
@@ -571,6 +573,11 @@ wsmc_handler( WsManClient *cl, @@ -574,6 +576,11 @@ wsmc_handler( WsManClient *cl,
curl_err("curl_easy_setopt(curl, CURLOPT_USERPWD, ..) failed"); curl_err("curl_easy_setopt(curl, CURLOPT_USERPWD, ..) failed");
goto DONE; goto DONE;
} }
@ -29,7 +29,7 @@ diff -up openwsman-2.6.5/src/lib/wsman-curl-client-transport.c.orig openwsman-2.
} }
if (wsman_debug_level_debugged(DEBUG_LEVEL_MESSAGE)) { if (wsman_debug_level_debugged(DEBUG_LEVEL_MESSAGE)) {
@@ -603,6 +610,24 @@ wsmc_handler( WsManClient *cl, @@ -606,6 +613,24 @@ wsmc_handler( WsManClient *cl,
break; break;
case 401: case 401:
// The server requires authentication. // The server requires authentication.

View File

@ -1,6 +1,6 @@
diff -up openwsman-2.6.5/etc/ssleay.cnf.orig openwsman-2.6.5/etc/ssleay.cnf diff -up openwsman-2.6.8/etc/ssleay.cnf.orig openwsman-2.6.8/etc/ssleay.cnf
--- openwsman-2.6.5/etc/ssleay.cnf.orig 2017-11-28 09:32:15.000000000 +0100 --- openwsman-2.6.8/etc/ssleay.cnf.orig 2018-10-12 12:06:26.000000000 +0200
+++ openwsman-2.6.5/etc/ssleay.cnf 2023-07-10 10:00:44.713426317 +0200 +++ openwsman-2.6.8/etc/ssleay.cnf 2020-09-22 14:27:56.216306882 +0200
@@ -2,10 +2,8 @@ @@ -2,10 +2,8 @@
# SSLeay example configuration file. # SSLeay example configuration file.
# #

View File

@ -2,8 +2,8 @@
%global gem_name %{name} %global gem_name %{name}
Name: openwsman Name: openwsman
Version: 2.6.5 Version: 2.6.8
Release: 10%{?dist} Release: 23%{?dist}
Summary: Open source Implementation of WS-Management Summary: Open source Implementation of WS-Management
License: BSD License: BSD
@ -19,19 +19,19 @@ Patch1: openwsman-2.4.0-pamsetup.patch
Patch2: openwsman-2.4.12-ruby-binding-build.patch Patch2: openwsman-2.4.12-ruby-binding-build.patch
Patch3: openwsman-2.6.2-openssl-1.1-fix.patch Patch3: openwsman-2.6.2-openssl-1.1-fix.patch
Patch4: openwsman-2.6.5-http-status-line.patch Patch4: openwsman-2.6.5-http-status-line.patch
Patch5: openwsman-2.6.5-fix-set-cipher-list-retval-check.patch Patch5: openwsman-2.6.5-libcurl-error-codes-update.patch
Patch6: openwsman-2.6.5-CVE-2019-3816.patch Patch6: openwsman-2.6.8-CVE-2019-3816.patch
# Patch7: fixes CVE-2019-3833, rhbz#1687865 Patch7: openwsman-2.6.8-CVE-2019-3833.patch
Patch7: openwsman-2.6.5-CVE-2019-3833.patch Patch8: openwsman-2.6.8-update-ssleay-conf.patch
Patch8: openwsman-2.6.5-http-unauthorized-improve.patch Patch9: openwsman-2.6.8-http-unauthorized-improve.patch
# Patch9: fixes cert issue, rhbz#2220821 BuildRequires: make
Patch9: openwsman-2.6.5-update-ssleay-conf.patch
BuildRequires: swig BuildRequires: swig
BuildRequires: libcurl-devel libxml2-devel pam-devel sblim-sfcc-devel BuildRequires: libcurl-devel libxml2-devel pam-devel sblim-sfcc-devel
BuildRequires: python3 python3-devel ruby ruby-devel rubygems-devel perl-interpreter BuildRequires: python3 python3-devel ruby ruby-devel rubygems-devel perl-interpreter
BuildRequires: perl-devel perl-generators pkgconfig openssl-devel BuildRequires: perl-devel perl-generators pkgconfig openssl-devel
BuildRequires: cmake BuildRequires: cmake
BuildRequires: systemd-units BuildRequires: systemd-units
BuildRequires: gcc gcc-c++
%description %description
Openwsman is a project intended to provide an open-source Openwsman is a project intended to provide an open-source
@ -94,6 +94,7 @@ This package provides Python3 bindings to access the openwsman client API.
License: BSD License: BSD
Summary: Ruby client bindings for Openwsman Summary: Ruby client bindings for Openwsman
Obsoletes: %{name}-ruby < %{version}-%{release} Obsoletes: %{name}-ruby < %{version}-%{release}
Requires: libwsman1 = %{version}-%{release}
%description -n rubygem-%{gem_name} %description -n rubygem-%{gem_name}
The openwsman gem provides a Ruby API to manage systems using The openwsman gem provides a Ruby API to manage systems using
@ -131,11 +132,11 @@ You can use it to send shell commands to a remote Windows hosts.
%patch2 -p1 -b .ruby-binding-build %patch2 -p1 -b .ruby-binding-build
%patch3 -p1 -b .openssl-1.1-fix %patch3 -p1 -b .openssl-1.1-fix
%patch4 -p1 -b .http-status-line %patch4 -p1 -b .http-status-line
%patch5 -p1 -b .fix-set-cipher-list-retval-check %patch5 -p1 -b .libcurl-error-codes-update
%patch6 -p1 -b .CVE-2019-3816 %patch6 -p1 -b .CVE-2019-3816
%patch7 -p1 -b .CVE-2019-3833 %patch7 -p1 -b .CVE-2019-3833
%patch8 -p1 -b .http-unauthorized-improve %patch8 -p1 -b .update-ssleay-conf
%patch9 -p1 -b .update-ssleay-conf %patch9 -p1 -b .http-unauthorized-improve
%build %build
# Removing executable permissions on .c and .h files to fix rpmlint warnings. # Removing executable permissions on .c and .h files to fix rpmlint warnings.
@ -145,8 +146,8 @@ rm -rf build
mkdir build mkdir build
export RPM_OPT_FLAGS="$RPM_OPT_FLAGS -DFEDORA -DNO_SSL_CALLBACK" export RPM_OPT_FLAGS="$RPM_OPT_FLAGS -DFEDORA -DNO_SSL_CALLBACK"
export CFLAGS="-D_GNU_SOURCE -fPIE -DPIE" export CFLAGS="$RPM_OPT_FLAGS -fPIC -pie -Wl,-z,relro -Wl,-z,now"
export LDFLAGS="$LDFLAGS -Wl,-z,now -pie" export CXXFLAGS="$RPM_OPT_FLAGS -fPIC -pie -Wl,-z,relro -Wl,-z,now"
cd build cd build
cmake \ cmake \
-DCMAKE_INSTALL_PREFIX=/usr \ -DCMAKE_INSTALL_PREFIX=/usr \
@ -158,6 +159,7 @@ cmake \
-DPACKAGE_ARCHITECTURE=`uname -m` \ -DPACKAGE_ARCHITECTURE=`uname -m` \
-DLIB=%{_lib} \ -DLIB=%{_lib} \
-DBUILD_JAVA=no \ -DBUILD_JAVA=no \
-DBUILD_PYTHON=no \
.. ..
make make
@ -176,7 +178,7 @@ cd build
# Do not install the ruby extension, we are proviging the rubygem- instead. # Do not install the ruby extension, we are proviging the rubygem- instead.
echo -n > bindings/ruby/cmake_install.cmake echo -n > bindings/ruby/cmake_install.cmake
make DESTDIR=%{buildroot} install %make_install
cd .. cd ..
rm -f %{buildroot}/%{_libdir}/*.la rm -f %{buildroot}/%{_libdir}/*.la
rm -f %{buildroot}/%{_libdir}/openwsman/plugins/*.la rm -f %{buildroot}/%{_libdir}/openwsman/plugins/*.la
@ -207,12 +209,10 @@ rm -rf %{buildroot}%{gem_instdir}/ext
mkdir -p %{buildroot}%{gem_extdir_mri} mkdir -p %{buildroot}%{gem_extdir_mri}
cp -a ./build%{gem_extdir_mri}/{gem.build_complete,*.so} %{buildroot}%{gem_extdir_mri}/ cp -a ./build%{gem_extdir_mri}/{gem.build_complete,*.so} %{buildroot}%{gem_extdir_mri}/
%post -n libwsman1 -p /sbin/ldconfig %ldconfig_scriptlets -n libwsman1
%postun -n libwsman1 -p /sbin/ldconfig
%post server %post server
/sbin/ldconfig %{?ldconfig}
%systemd_post openwsmand.service %systemd_post openwsmand.service
%preun server %preun server
@ -221,11 +221,9 @@ cp -a ./build%{gem_extdir_mri}/{gem.build_complete,*.so} %{buildroot}%{gem_extdi
%postun server %postun server
rm -f /var/log/wsmand.log rm -f /var/log/wsmand.log
%systemd_postun_with_restart openwsmand.service %systemd_postun_with_restart openwsmand.service
/sbin/ldconfig %{?ldconfig}
%post client -p /sbin/ldconfig %ldconfig_scriptlets client
%postun client -p /sbin/ldconfig
%files -n libwsman1 %files -n libwsman1
%doc AUTHORS COPYING ChangeLog README.md TODO %doc AUTHORS COPYING ChangeLog README.md TODO
@ -292,36 +290,110 @@ rm -f /var/log/wsmand.log
%{_bindir}/winrs %{_bindir}/winrs
%changelog %changelog
* Thu Jul 27 2023 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.5-10 * Thu Nov 24 2022 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.8-23
- Remove RANDFILE and increase default bits in ssleay.conf
Resolves: #2220821
* Tue Feb 14 2023 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.5-9
- Add rpminspect.yaml
Related: #2105315
* Thu Sep 08 2022 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.5-8
- Improve handling of HTTP 401 Unauthorized - Improve handling of HTTP 401 Unauthorized
Resolves: #2105315 Resolves: #2127415
* Mon May 11 2020 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.5-7 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.6.8-22
- Fix CVE-2019-3833 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Resolves: #1687865 Related: rhbz#1991688
* Wed Jul 17 2019 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.5-6 * Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.6.8-21
- Fix name of Patch6 - Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065
* Wed Mar 13 2019 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.5-5 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.6.8-20
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.8-19
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Wed Jan 06 2021 Mamoru TASAKA <mtasaka@fedoraproject.org> - 2.6.8-18
- F-34: rebuild against ruby 3.0
* Tue Sep 22 2020 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.8-17
- Use make macros, patch by Tom Stellard <tstellar@redhat.com>
(https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro)
- Update flags, enable LTO
- Remove RANDFILE and increase default bits in ssleay.conf
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.8-16
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jul 08 2020 Jeff Law <law@redhat.com> - 2.6.8-15
- Disable LTO
* Mon Jun 22 2020 Jitka Plesnikova <jplesnik@redhat.com> - 2.6.8-14
- Perl 5.32 rebuild
* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 2.6.8-13
- Rebuilt for Python 3.9
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.8-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Sat Jan 18 2020 Mamoru TASAKA <mtasaka@fedoraproject.org> - 2.6.8-11
- F-32: rebuild against ruby27
* Thu Oct 03 2019 Miro Hrončok <mhroncok@redhat.com> - 2.6.8-10
- Rebuilt for Python 3.8.0rc1 (#1748018)
* Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 2.6.8-9
- Rebuilt for Python 3.8
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.8-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Thu May 30 2019 Jitka Plesnikova <jplesnik@redhat.com> - 2.6.8-7
- Perl 5.30 rebuild
* Mon Apr 01 2019 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.8-6
- Add requires libwsman1 for rubygem-openwsman
* Wed Mar 13 2019 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.8-5
- Fix CVE-2019-3816 - Fix CVE-2019-3816
Resolves: #1687864 Resolves: #1687760
- Fix CVE-2019-3833
Resolves: #1687762
- Remove Dist Tag from the oldest changelog entry - Remove Dist Tag from the oldest changelog entry
* Thu Sep 20 2018 Tomas Orsava <torsava@redhat.com> - 2.6.5-4 * Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org>
- Require the Python interpreter directly instead of using the package name - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
- Related: rhbz#1619153
* Wed Feb 21 2018 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.5-3 * Mon Jan 21 2019 Mamoru TASAKA <mtasaka@fedoraproject.org> - 2.6.8-3
- F-30: rebuild against ruby26
* Mon Jan 14 2019 Björn Esser <besser82@fedoraproject.org> - 2.6.8-2
- Rebuilt for libcrypt.so.2 (#1666033)
* Thu Nov 22 2018 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.8-1
- Update to openwsman-2.6.8
* Wed Nov 14 2018 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.5-10
- Reflect changes in libcurl error codes
Resolves: #1649393
* Mon Oct 01 2018 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.5-9
- Require the Python interpreter directly instead of using the package name
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.5-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Tue Jul 03 2018 Petr Pisar <ppisar@redhat.com> - 2.6.5-7
- Perl 5.28 rebuild
* Thu Jun 28 2018 Jitka Plesnikova <jplesnik@redhat.com> - 2.6.5-6
- Perl 5.28 rebuild
* Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com> - 2.6.5-5
- Rebuilt for Python 3.7
* Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com> - 2.6.5-4
- Rebuilt for Python 3.7
* Thu Feb 22 2018 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.5-3
- Fix wrong SSL_CTX_set_cipher_list() retval check - Fix wrong SSL_CTX_set_cipher_list() retval check
- Add BuildRequires gcc and gcc-c++
- Explicitly disable build of java bindings (build fails if java-devel is installed) - Explicitly disable build of java bindings (build fails if java-devel is installed)
* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.5-2 * Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.5-2