9 changed files with 1335 additions and 86 deletions
--- a/SOURCES/0001-Drop-usage-of-ERR_GET_FUNC.patch
+++ b/SOURCES/0001-Drop-usage-of-ERR_GET_FUNC.patch
@ -1,7 +1,7 @@
-From d2277e711bb16e3b98f43565e71b7865b5fed423 Mon Sep 17 00:00:00 2001
+From 67ef8f036f7324fe37bc7a7e31a38e7088d21df2 Mon Sep 17 00:00:00 2001
 From: Stephen Gallagher <sgallagh@redhat.com>
 Date: Sat, 7 Aug 2021 11:48:04 -0400
-Subject: [PATCH 1/2] Drop usage of ERR_GET_FUNC()
+Subject: [PATCH 1/6] Drop usage of ERR_GET_FUNC()

 This macro was dropped in OpenSSL 3.0 and has actually not been
 providing a valid return code for some time.
@ -17,9 +17,7 @@ diff --git a/include/sscg.h b/include/sscg.h
 index faf86ba4f68e186bd35c7bc3ec77b98b8e37d253..851dc93175607e5223a70ef40a5feb24b7b69215 100644
 --- a/include/sscg.h
 +++ b/include/sscg.h
-@@ -94,11 +94,10 @@
-       if (_sslret != 1)                                                       \
-         {                                                                     \
+@@ -96,7 +96,6 @@
           /* Get information about error from OpenSSL */                      \
           unsigned long _ssl_error = ERR_get_error ();                        \
           if ((ERR_GET_LIB (_ssl_error) == ERR_LIB_UI) &&                     \
@ -27,8 +25,6 @@ index faf86ba4f68e186bd35c7bc3ec77b98b8e37d253..851dc93175607e5223a70ef40a5feb24
               ((ERR_GET_REASON (_ssl_error) == UI_R_RESULT_TOO_LARGE) ||      \
                (ERR_GET_REASON (_ssl_error) == UI_R_RESULT_TOO_SMALL)))       \
             {                                                                 \
-               fprintf (                                                       \
-                 stderr,                                                       \
 -- 
-2.33.0
+2.49.0

--- a/SOURCES/0002-Correct-certificate-lifetime-calculation.patch
+++ b/SOURCES/0002-Correct-certificate-lifetime-calculation.patch
@ -1,7 +1,7 @@
-From 87604820a935f87a8f533e3f294419d27c0514eb Mon Sep 17 00:00:00 2001
+From 5852d74f338bb6de3f303275aa73024f082b47bf Mon Sep 17 00:00:00 2001
 From: Allison Karlitskaya <allison.karlitskaya@redhat.com>
 Date: Tue, 26 Oct 2021 12:32:13 +0200
-Subject: [PATCH 2/2] Correct certificate lifetime calculation
+Subject: [PATCH 2/6] Correct certificate lifetime calculation

 sscg allows passing the certificate lifetime, as a number of days, as a
 commandline argument.  It converts this value to seconds using the
@ -28,9 +28,7 @@ diff --git a/src/x509.c b/src/x509.c
 index dc1594a4bdcb9d81607f0fe5ad2d4562e5edb533..7c7e4dfe56d5756862f3e0f851941e846ce96f31 100644
 --- a/src/x509.c
 +++ b/src/x509.c
-@@ -416,11 +416,11 @@ sscg_sign_x509_csr (TALLOC_CTX *mem_ctx,
-       X509_set_issuer_name (cert, X509_REQ_get_subject_name (csr));
-     }
+@@ -418,7 +418,7 @@ sscg_sign_x509_csr (TALLOC_CTX *mem_ctx,
 
   /* set time */
   X509_gmtime_adj (X509_get_notBefore (cert), 0);
@ -39,8 +37,6 @@ index dc1594a4bdcb9d81607f0fe5ad2d4562e5edb533..7c7e4dfe56d5756862f3e0f851941e84
 
   /* set subject */
   subject = X509_NAME_dup (X509_REQ_get_subject_name (csr));
-   sslret = X509_set_subject_name (cert, subject);
-   CHECK_SSL (sslret, X509_set_subject_name);
 -- 
-2.33.0
+2.49.0

--- a/SOURCES/0003-Truncate-IP-address-in-SAN.patch
+++ b/SOURCES/0003-Truncate-IP-address-in-SAN.patch
@ -1,7 +1,7 @@
-From 0875cd6169e876c4296a307631d49b801fc686dc Mon Sep 17 00:00:00 2001
+From c633de3d77987cef5b652c861aa646774c6f1167 Mon Sep 17 00:00:00 2001
 From: Stephen Gallagher <sgallagh@redhat.com>
 Date: Tue, 8 Mar 2022 16:33:35 -0500
-Subject: [PATCH] Truncate IP address in SAN
+Subject: [PATCH 3/6] Truncate IP address in SAN

 In OpenSSL 1.1, this was done automatically when addind a SAN extension,
 but in OpenSSL 3.0 it is rejected as an invalid input.
@ -15,9 +15,7 @@ diff --git a/src/x509.c b/src/x509.c
 index 7c7e4dfe56d5756862f3e0f851941e846ce96f31..e828ec725b23d7ea79393151e7bb436e2f61bdb8 100644
 --- a/src/x509.c
 +++ b/src/x509.c
-@@ -131,10 +131,11 @@ sscg_x509v3_csr_new (TALLOC_CTX *mem_ctx,
-   size_t i;
-   X509_NAME *subject;
+@@ -133,6 +133,7 @@ sscg_x509v3_csr_new (TALLOC_CTX *mem_ctx,
   char *alt_name = NULL;
   char *tmp = NULL;
   char *san = NULL;
@ -25,11 +23,7 @@ index 7c7e4dfe56d5756862f3e0f851941e846ce96f31..e828ec725b23d7ea79393151e7bb436e
   TALLOC_CTX *tmp_ctx;
   X509_EXTENSION *ex = NULL;
   struct sscg_x509_req *csr;
- 
-   /* Make sure we have a key available */
-@@ -265,10 +266,16 @@ sscg_x509v3_csr_new (TALLOC_CTX *mem_ctx,
-                 tmp_ctx, "DNS:%s", certinfo->subject_alt_names[i]);
-             }
+@@ -267,6 +268,12 @@ sscg_x509v3_csr_new (TALLOC_CTX *mem_ctx,
           else
             {
               san = talloc_strdup (tmp_ctx, certinfo->subject_alt_names[i]);
@ -42,11 +36,7 @@ index 7c7e4dfe56d5756862f3e0f851941e846ce96f31..e828ec725b23d7ea79393151e7bb436e
             }
           CHECK_MEM (san);
 
-           if (strnlen (san, MAXHOSTNAMELEN + 5) > MAXHOSTNAMELEN + 4)
-             {
-@@ -287,11 +294,17 @@ sscg_x509v3_csr_new (TALLOC_CTX *mem_ctx,
-           alt_name = tmp;
-         }
+@@ -289,7 +296,13 @@ sscg_x509v3_csr_new (TALLOC_CTX *mem_ctx,
     }
 
   ex = X509V3_EXT_conf_nid (NULL, NULL, NID_subject_alt_name, alt_name);
@ -61,8 +51,6 @@ index 7c7e4dfe56d5756862f3e0f851941e846ce96f31..e828ec725b23d7ea79393151e7bb436e
   sk_X509_EXTENSION_push (certinfo->extensions, ex);
 
   /* Set the public key for the certificate */
-   sslret = X509_REQ_set_pubkey (csr->x509_req, spkey->evp_pkey);
-   CHECK_SSL (sslret, X509_REQ_set_pubkey (OU));
 -- 
-2.35.1
+2.49.0

--- a/SOURCES/0004-dhparams-don-t-fail-if-default-file-can-t-be-created.patch
+++ b/SOURCES/0004-dhparams-don-t-fail-if-default-file-can-t-be-created.patch
@ -1,7 +1,7 @@
-From 282f819bc39c9557ee34f73c6f6623182f680792 Mon Sep 17 00:00:00 2001
+From 259c4c83307273551fd267585ec8854896a168bd Mon Sep 17 00:00:00 2001
 From: Stephen Gallagher <sgallagh@redhat.com>
 Date: Wed, 16 Nov 2022 15:27:58 -0500
-Subject: [PATCH] dhparams: don't fail if default file can't be created
+Subject: [PATCH 4/6] dhparams: don't fail if default file can't be created

 Resolves: rhbz#2143206

@ -135,5 +135,5 @@ index 1bf8019c2dda136abe56acd101dfe8ad0b3d725d..dcff4cd2b8dfd2e11c8612d36ecc94b1
   sscg_io_utils_finalize_output_files (options->streams);
 
 -- 
-2.38.1
+2.49.0

--- a/SOURCES/0005-dhparams-Fix-the-FIPS_mode-call-for-OpenSSL-3.0.patch
+++ b/SOURCES/0005-dhparams-Fix-the-FIPS_mode-call-for-OpenSSL-3.0.patch
@ -0,0 +1,32 @@
+From 7abb9f7f929eb85fa3ab66a150978bbc5e198e5c Mon Sep 17 00:00:00 2001
+From: Simon Chopin <simon.chopin@canonical.com>
+Date: Mon, 13 Dec 2021 15:20:55 +0100
+Subject: [PATCH 5/6] dhparams: Fix the FIPS_mode() call for OpenSSL 3.0
+
+This function has been removed from OpenSSL 3.0, replaced by
+EVP_default_properties_is_fips_enabled().
+
+Closes #50
+---
+ src/dhparams.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/dhparams.c b/src/dhparams.c
+index 5c50128970d48790df910b9f9531e61e1d4c5758..61fd57aeedca47fba49f75d356cd5f42b9586696 100644
+--- a/src/dhparams.c
+++ b/src/dhparams.c
+@@ -231,7 +231,11 @@ is_valid_named_group (const char *group_name)
+     }
+ 
+   /* Check non-FIPS groups */
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
+   if (!FIPS_mode ())
+#else
+  if (!EVP_default_properties_is_fips_enabled(NULL))
+#endif
+     {
+       i = 0;
+       while (dh_nonfips_groups[i])
+-- 
+2.49.0
+
--- a/SOURCES/0006-x509-Use-proper-version-for-CSR.patch
+++ b/SOURCES/0006-x509-Use-proper-version-for-CSR.patch
@ -0,0 +1,31 @@
+From 6b48b480d57f75fc93ea646fbe6a457c4afd319f Mon Sep 17 00:00:00 2001
+From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
+Date: Sat, 19 Oct 2024 15:43:20 +0200
+Subject: [PATCH 6/6] x509: Use proper version for CSR.
+
+RFC 2986 only defines a single version for CSRs: X509_VERSION_1 (0).
+OpenSSL starting with 3.4 rejects everything else.
+
+Use X509_VERSION_1 as version for X509_REQ_set_version.
+
+Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
+---
+ src/x509.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/x509.c b/src/x509.c
+index e828ec725b23d7ea79393151e7bb436e2f61bdb8..22f8163ec5a6b20bcb16177edf8088cf148a8661 100644
+--- a/src/x509.c
+++ b/src/x509.c
+@@ -156,7 +156,7 @@ sscg_x509v3_csr_new (TALLOC_CTX *mem_ctx,
+   talloc_set_destructor ((TALLOC_CTX *)csr, _sscg_csr_destructor);
+ 
+   /* We will generate only x509v3 certificates */
+-  sslret = X509_REQ_set_version (csr->x509_req, 2);
+  sslret = X509_REQ_set_version (csr->x509_req, X509_VERSION_1);
+   CHECK_SSL (sslret, X509_REQ_set_version);
+ 
+   subject = X509_REQ_get_subject_name (csr->x509_req);
+-- 
+2.49.0
+
--- a/SOURCES/0007-Ensure-critical-basicConstraint-for-CA-cert.patch
+++ b/SOURCES/0007-Ensure-critical-basicConstraint-for-CA-cert.patch
@ -0,0 +1,29 @@
+From 499ce83c85d14dd8cbc52f6431e775f1d00578d6 Mon Sep 17 00:00:00 2001
+From: Stephen Gallagher <sgallagh@redhat.com>
+Date: Tue, 22 Apr 2025 13:09:32 -0400
+Subject: [PATCH 7/7] Ensure 'critical' basicConstraint for CA cert
+
+Fixes: https://github.com/sgallagher/sscg/issues/74
+
+Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
+---
+ src/authority.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/authority.c b/src/authority.c
+index af60e1a93023c32e3fdf6da920fba4464256ed81..044c62f5192e75a9f7d3f49616f852a97da7505a 100644
+--- a/src/authority.c
+++ b/src/authority.c
+@@ -89,7 +89,8 @@ create_private_CA (TALLOC_CTX *mem_ctx,
+   sk_X509_EXTENSION_push (ca_certinfo->extensions, ex);
+ 
+   /* Mark it as a CA */
+-  ex = X509V3_EXT_conf_nid (NULL, NULL, NID_basic_constraints, "CA:TRUE");
+  ex = X509V3_EXT_conf_nid (
+    NULL, NULL, NID_basic_constraints, "critical,CA:TRUE");
+   CHECK_MEM (ex);
+   sk_X509_EXTENSION_push (ca_certinfo->extensions, ex);
+ 
+-- 
+2.49.0
+
--- a/SOURCES/0008-Fix-IP-address-handling-in-CA-certificate-SAN-constr.patch
+++ b/SOURCES/0008-Fix-IP-address-handling-in-CA-certificate-SAN-constr.patch
--- a/SPECS/sscg.spec
+++ b/SPECS/sscg.spec
@ -9,7 +9,7 @@

 Name:           sscg
 Version:        3.0.0
-Release:        7%{?dist}
+Release:        10%{?dist}
 Summary:        Simple SSL certificate generator

 License:        GPLv3+ with exceptions
@ -26,11 +26,14 @@ BuildRequires:  ninja-build
 BuildRequires:  help2man


-Patch0001: 0001-Drop-usage-of-ERR_GET_FUNC.patch
-Patch0002: 0002-Correct-certificate-lifetime-calculation.patch
-Patch0003: 0003-Truncate-IP-address-in-SAN.patch
-Patch0004: 0004-dhparams-don-t-fail-if-default-file-can-t-be-created.patch
-
+Patch: 0001-Drop-usage-of-ERR_GET_FUNC.patch
+Patch: 0002-Correct-certificate-lifetime-calculation.patch
+Patch: 0003-Truncate-IP-address-in-SAN.patch
+Patch: 0004-dhparams-don-t-fail-if-default-file-can-t-be-created.patch
+Patch: 0005-dhparams-Fix-the-FIPS_mode-call-for-OpenSSL-3.0.patch
+Patch: 0006-x509-Use-proper-version-for-CSR.patch
+Patch: 0007-Ensure-critical-basicConstraint-for-CA-cert.patch
+Patch: 0008-Fix-IP-address-handling-in-CA-certificate-SAN-constr.patch

 %description
 A utility to aid in the creation of more secure "self-signed"
@ -61,69 +64,127 @@ false signatures from the service certificate.
 %{_mandir}/man8/%{name}.8*

 %changelog
-* Thu Dec 08 2022 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-7
- Correctly apply the patch for default dhparams
- Resolves: rhbz#2143206
+* Mon Aug 11 2025 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-10
+- Fix IP address handling in CA certificate SAN constraints
+- Resolves: RHEL-107289
+
+* Tue Apr 22 2025 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-9
+- Ensure 'critical' basicConstraint for CA cert
+- Resolves: RHEL-88119
+
+* Wed Apr 02 2025 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-8
+- x509: Use proper version for CSR
+- Resolves: RHEL-85851
+
+* Fri Dec 02 2022 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-7
+- Use EVP_default_properties_is_fips_enabled() on OpenSSL 3.0
+- Related: rhbz#2083879

 * Mon Nov 28 2022 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-6
 - Don't fail if default dhparams file can't be created
- Resolves: rhbz#2143206
+- Resolves: rhbz#2149064

-* Thu Jul 14 2022 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-5
- Rebase to sscg 3.0.0
- Resolves: rhbz#2107369
- Resolves: rhbz#2091525
+* Wed Mar 09 2022 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-5
+- Handle IP addresses in subjectAlternativeName correctly
+- Resolves: rhbz#2061923

-* Thu Jun 02 2022 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-15
- Fix certificate lifetime calculation
- Resolves: rhbz#2091525
+* Fri Oct 29 2021 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-4
+- Correct certificate lifetime calculation
+- Resolves: rhbz#2017667

-* Tue Jan 21 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-14
- Properly handling reading long passphrase files.
+* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 3.0.0-3
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688

-* Tue Jan 21 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-13
- Fix missing error check for --*-key-passfile
+* Sat Aug 07 2021 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-2
+- Drop usage of removed macro ERR_GET_FUNC()
+- Related: rhbz#1964837

-* Thu Jan 09 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-12
- Improve validation of command-line arguments
- Resolves: rhbz#1784441
- Resolves: rhbz#1784443
+* Wed Jul 21 2021 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-1
+- Release 3.0.0
+- Support for OpenSSL 3.0
+- Support for outputting named Diffie-Hellman parameter groups
+- Support for CentOS Stream 9
+- Resolves: rhbz#1984468

-* Tue Jan 07 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-11
- Further improve --client-key-file help message
- Resolves: rhbz#1720667
+* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.6.2-8
+- Rebuilt for RHEL 9 BETA for openssl 3.0
+  Related: rhbz#1971065

-* Fri Dec 13 2019 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-10
- Fix incorrect help message
- Resolves: rhbz#1720667
+* Wed May 26 2021 Stephen Gallagher <sgallagh@redhat.com> - 2.6.2-7
+- OpenSSL 3.0 compatibility: fix RSA key-generation test
+- Resolves: rhbz#1964837

-* Fri Dec 13 2019 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-9
- Fix null-dereference and memory leak issues with client certs
- Resolves: rhbz#1720667
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.6.2-6
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937

-* Wed Dec 11 2019 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-8
- Add support for generating client authentication certificates
- Resolves: rhbz#1720667
+* Wed Mar 17 2021 Stephen Gallagher <sgallagh@redhat.com> - 2.6.2-5
+- Fixing incorrect license declaration

-* Fri Nov 01 2019 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-7
- Add support for password-protecting the private key files
- Resolves: rhbz#1717880
+* Wed Mar 17 2021 Stephen Gallagher <sgallagh@redhat.com> - 2.6.2-4
+- Updating to rebuild against the latest glibc

-* Wed Nov 28 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-6
- Fixes for issues detected by automated testing.
- Resolves: rhbz#1653323
+* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.2-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild

-* Wed Nov 28 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-5
+* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.2-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Tue Jun 23 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.6.2-1
+- Update to 2.6.2
+- Handle very short and very long passphrases properly (fixes rhbz#1850183)
+- Drop upstreamed patch
+
+* Thu Apr 30 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.6.1-4
+- Rebuild with corrected ELN macro definitions
+
+* Thu Apr 30 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.6.1-3
+- Don't bother running clang-format in the RPM build
+- Lengthen the test timeout so ARM tests pass
+
+* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Thu Jan 09 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.6.1-1
+- Bugfixes from upstream
+
+* Fri Dec 13 2019 Stephen Gallagher <sgallagh@redhat.com> - 2.6.0-2
+- Fix incorrect help description for --client-key-file
+
+* Fri Dec 13 2019 Stephen Gallagher <sgallagh@redhat.com> - 2.6.0-1
+- Update to 2.6.0
+- Can now generate an empty CRL file.
+- Can now create and store a Diffie-Hellman parameters (dhparams) file.
+- Support for setting a password on private keys.
+- Support for generating a client authentication certificate and key.
+- Better support for OpenSSL 1.0
+
+* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.1-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Wed Nov 28 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.5.1-1
+- Update to 2.5.1
+- Fixes discovered by automated testing.
+
+* Wed Nov 28 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.5.0-1
+- Update to 2.5.0
+- Auto-detect the hash algorithm to use by default.
+
+* Tue Nov 27 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.4.0-1
+- Update to 2.4.0
 - Autodetect the minimum key strength from the system security level.
- Autodetect the hash algorithm to use from the system security level.
 - Disallow setting a key strength below the system minimum.
- Resolves: rhbz#1653323
+
+- Drop upstreamed patches

 * Mon Sep 17 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-4
- Add a manpage for sscg.
+- Add a manpage.

-* Thu Jul 05 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-3
- Strip out bundled popt since RHEL 8 has a new-enough version.
+* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.3-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild

 * Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.3-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
@ -266,3 +327,4 @@ false signatures from the service certificate.

 * Mon Mar 16 2015 Stephen Gallagher <sgallagh@redhat.com> 0.1-1
 - First packaging
+