.gitignore

@@ -1,25 +1 @@
-/sscg-0.4.1.tar.gz
+SOURCES/sscg-3.0.0.tar.xz
-/sscg-1.0.0-a3fe426.tar.gz
-/sscg-1.0.1-6858b79.tar.gz
-/sscg-1.0.2-897a89a.tar.gz
-/sscg-1.0.3-ecdee74.tar.gz
-/sscg-1.0.4-024d20e.tar.gz
-/sscg-1.1.0-4f90b27.tar.gz
-/sscg-2.0.0.tar.gz
-/sscg-2.0.1.tar.gz
-/sscg-2.0.2.tar.gz
-/sscg-2.0.3.tar.gz
-/sscg-2.0.4.tar.gz
-/sscg-2.1.0.tar.gz
-/sscg-2.2.0.tar.gz
-/sscg-2.3.0.tar.xz
-/sscg-2.3.1.tar.xz
-/sscg-2.3.2.tar.xz
-/sscg-2.3.3.tar.xz
-/sscg-2.4.0.tar.xz
-/sscg-2.5.0.tar.xz
-/sscg-2.5.1.tar.xz
-/sscg-2.6.0.tar.xz
-/sscg-2.6.1.tar.xz
-/sscg-2.6.2.tar.xz
-/sscg-3.0.0.tar.xz

.sscg.metadata

@@ -0,0 +1 @@
+81e3b33e118edff96583314ceb4bfde9a1e6b45c SOURCES/sscg-3.0.0.tar.xz

0005-dhparams-Fix-the-FIPS_mode-call-for-OpenSSL-3.0.patch

@@ -1,32 +0,0 @@
-From e65a507c487a37dd5a8c90b7dbd1ff3274146239 Mon Sep 17 00:00:00 2001
-From: Simon Chopin <simon.chopin@canonical.com>
-Date: Mon, 13 Dec 2021 15:20:55 +0100
-Subject: [PATCH 5/5] dhparams: Fix the FIPS_mode() call for OpenSSL 3.0
-
-This function has been removed from OpenSSL 3.0, replaced by
-EVP_default_properties_is_fips_enabled().
-
-Closes #50
----
- src/dhparams.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/src/dhparams.c b/src/dhparams.c
-index 5c50128970d48790df910b9f9531e61e1d4c5758..61fd57aeedca47fba49f75d356cd5f42b9586696 100644
---- a/src/dhparams.c
-+++ b/src/dhparams.c
-@@ -231,7 +231,11 @@ is_valid_named_group (const char *group_name)
-     }
- 
-   /* Check non-FIPS groups */
-+#if OPENSSL_VERSION_NUMBER < 0x30000000L
-   if (!FIPS_mode ())
-+#else
-+  if (!EVP_default_properties_is_fips_enabled(NULL))
-+#endif
-     {
-       i = 0;
-       while (dh_nonfips_groups[i])
--- 
-2.31.1
-

SPECS/sscg.spec

@@ -26,11 +26,11 @@ BuildRequires:  ninja-build
 BuildRequires:  help2man
 
 
-Patch: 0001-Drop-usage-of-ERR_GET_FUNC.patch
+Patch0001: 0001-Drop-usage-of-ERR_GET_FUNC.patch
-Patch: 0002-Correct-certificate-lifetime-calculation.patch
+Patch0002: 0002-Correct-certificate-lifetime-calculation.patch
-Patch: 0003-Truncate-IP-address-in-SAN.patch
+Patch0003: 0003-Truncate-IP-address-in-SAN.patch
-Patch: 0004-dhparams-don-t-fail-if-default-file-can-t-be-created.patch
+Patch0004: 0004-dhparams-don-t-fail-if-default-file-can-t-be-created.patch
-Patch: 0005-dhparams-Fix-the-FIPS_mode-call-for-OpenSSL-3.0.patch
+
 
 %description
 A utility to aid in the creation of more secure "self-signed"
@@ -61,115 +61,69 @@ false signatures from the service certificate.
 %{_mandir}/man8/%{name}.8*
 
 %changelog
-* Fri Dec 02 2022 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-6
+* Thu Dec 08 2022 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-7
-- Use EVP_default_properties_is_fips_enabled() on OpenSSL 3.0
+- Correctly apply the patch for default dhparams
-- Related: rhbz#2083879
+- Resolves: rhbz#2143206
 
 * Mon Nov 28 2022 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-6
 - Don't fail if default dhparams file can't be created
-- Resolves: rhbz#2149064
+- Resolves: rhbz#2143206
 
-* Wed Mar 09 2022 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-5
+* Thu Jul 14 2022 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-5
-- Handle IP addresses in subjectAlternativeName correctly
+- Rebase to sscg 3.0.0
-- Resolves: rhbz#2061923
+- Resolves: rhbz#2107369
+- Resolves: rhbz#2091525
 
-* Fri Oct 29 2021 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-4
+* Thu Jun 02 2022 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-15
-- Correct certificate lifetime calculation
+- Fix certificate lifetime calculation
-- Resolves: rhbz#2017667
+- Resolves: rhbz#2091525
 
-* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 3.0.0-3
+* Tue Jan 21 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-14
-- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+- Properly handling reading long passphrase files.
-  Related: rhbz#1991688
 
-* Sat Aug 07 2021 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-2
+* Tue Jan 21 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-13
-- Drop usage of removed macro ERR_GET_FUNC()
+- Fix missing error check for --*-key-passfile
-- Related: rhbz#1964837
 
-* Wed Jul 21 2021 Stephen Gallagher <sgallagh@redhat.com> - 3.0.0-1
+* Thu Jan 09 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-12
-- Release 3.0.0
+- Improve validation of command-line arguments
-- Support for OpenSSL 3.0
+- Resolves: rhbz#1784441
-- Support for outputting named Diffie-Hellman parameter groups
+- Resolves: rhbz#1784443
-- Support for CentOS Stream 9
-- Resolves: rhbz#1984468
 
-* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.6.2-8
+* Tue Jan 07 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-11
-- Rebuilt for RHEL 9 BETA for openssl 3.0
+- Further improve --client-key-file help message
-  Related: rhbz#1971065
+- Resolves: rhbz#1720667
 
-* Wed May 26 2021 Stephen Gallagher <sgallagh@redhat.com> - 2.6.2-7
+* Fri Dec 13 2019 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-10
-- OpenSSL 3.0 compatibility: fix RSA key-generation test
+- Fix incorrect help message
-- Resolves: rhbz#1964837
+- Resolves: rhbz#1720667
 
-* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.6.2-6
+* Fri Dec 13 2019 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-9
-- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+- Fix null-dereference and memory leak issues with client certs
+- Resolves: rhbz#1720667
 
-* Wed Mar 17 2021 Stephen Gallagher <sgallagh@redhat.com> - 2.6.2-5
+* Wed Dec 11 2019 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-8
-- Fixing incorrect license declaration
+- Add support for generating client authentication certificates
+- Resolves: rhbz#1720667
 
-* Wed Mar 17 2021 Stephen Gallagher <sgallagh@redhat.com> - 2.6.2-4
+* Fri Nov 01 2019 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-7
-- Updating to rebuild against the latest glibc
+- Add support for password-protecting the private key files
+- Resolves: rhbz#1717880
 
-* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.2-3
+* Wed Nov 28 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-6
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+- Fixes for issues detected by automated testing.
+- Resolves: rhbz#1653323
 
-* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.2-2
+* Wed Nov 28 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-5
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
-
-* Tue Jun 23 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.6.2-1
-- Update to 2.6.2
-- Handle very short and very long passphrases properly (fixes rhbz#1850183)
-- Drop upstreamed patch
-
-* Thu Apr 30 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.6.1-4
-- Rebuild with corrected ELN macro definitions
-
-* Thu Apr 30 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.6.1-3
-- Don't bother running clang-format in the RPM build
-- Lengthen the test timeout so ARM tests pass
-
-* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.1-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
-
-* Thu Jan 09 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.6.1-1
-- Bugfixes from upstream
-
-* Fri Dec 13 2019 Stephen Gallagher <sgallagh@redhat.com> - 2.6.0-2
-- Fix incorrect help description for --client-key-file
-
-* Fri Dec 13 2019 Stephen Gallagher <sgallagh@redhat.com> - 2.6.0-1
-- Update to 2.6.0
-- Can now generate an empty CRL file.
-- Can now create and store a Diffie-Hellman parameters (dhparams) file.
-- Support for setting a password on private keys.
-- Support for generating a client authentication certificate and key.
-- Better support for OpenSSL 1.0
-
-* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.1-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
-
-* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.1-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
-
-* Wed Nov 28 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.5.1-1
-- Update to 2.5.1
-- Fixes discovered by automated testing.
-
-* Wed Nov 28 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.5.0-1
-- Update to 2.5.0
-- Auto-detect the hash algorithm to use by default.
-
-* Tue Nov 27 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.4.0-1
-- Update to 2.4.0
 - Autodetect the minimum key strength from the system security level.
+- Autodetect the hash algorithm to use from the system security level.
 - Disallow setting a key strength below the system minimum.
-
+- Resolves: rhbz#1653323
-- Drop upstreamed patches
 
 * Mon Sep 17 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-4
-- Add a manpage.
+- Add a manpage for sscg.
 
-* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.3-3
+* Thu Jul 05 2018 Stephen Gallagher <sgallagh@redhat.com> - 2.3.3-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+- Strip out bundled popt since RHEL 8 has a new-enough version.
 
 * Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.3-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
@@ -312,4 +266,3 @@ false signatures from the service certificate.
 
 * Mon Mar 16 2015 Stephen Gallagher <sgallagh@redhat.com> 0.1-1
 - First packaging
-

gating.yaml

@@ -1,9 +0,0 @@
---- !Policy
-product_versions:
-  - rhel-9
-decision_context: osci_compose_gate
-rules:
-  - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}
-  - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier2.functional}
-  - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier3.functional}
-  - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.acceptance-tier.functional}

sources

@@ -1 +0,0 @@
-SHA512 (sscg-3.0.0.tar.xz) = d5bbd14c102bb11b387b6018dced09b23b053498c60befd916aa142ece8240f443e364d9a578b6b5aa15c68cb943725ed96ef44cce77eb01013e464a6d4dc0f1

test/help-usage/Makefile

@@ -1,14 +0,0 @@
-.PHONY: all install download clean
-
-BUILT_FILES=
-
-FILES=runtest.sh Makefile
-
-run: $(FILES) build
-	./runtest.sh
-
-build: $(BUILT_FILES)
-	chmod a+x ./runtest.sh
-
-clean:
-	rm -f *~ $(BUILT_FILES)

test/help-usage/README.rst

@@ -1,13 +0,0 @@
-help-usage
-==========
-
-This is an example task for `Taskotron <https://fedoraproject.org/wiki/Taskotron>`_
-that tests the basic functionality of 'sscg --help' to confirm it generates a usage message.
-
-Standalone you can run it like this::
-
-  $ make run
-
-Through taskotron runner you can run it like this::
-
-  $ runtask -i sscg-2.0.4-1.fc27 -t koji_build -a x86_64 runtask.yml

test/help-usage/runtask.yml

@@ -1,29 +0,0 @@
----
-name: help-usage
-desc: "Tests the basic functionality of 'sscg --help' to confirm it generates a usage message."
-maintainer: sgallagh
-
-input:
-    args:
-        - koji_build
-        - arch
-
-environment:
-    rpm:
-        - make
-
-actions:
-    - name: download the build
-      koji:
-          action: download
-          koji_build: ${koji_build}
-          arch: $arch
-          target_dir: ${workdir}/rpms
-
-    - name: install the build
-      shell:
-          - dnf install -y ${workdir}/rpms/*.rpm
-
-    - name: run test
-      shell:
-          - make run

test/help-usage/runtest.sh

@@ -1,13 +0,0 @@
-#!/bin/sh
-
-PACKAGE=sscg
-
-# Assume the test will pass.
-result=PASS
-
-sscg --help | grep -q -i '^usage:'
-if [ $? -ne 0 ]; then
-        result=FAIL
-fi
-
-echo $result