6 changed files with 385 additions and 49 deletions
--- a/SOURCES/pegasus-2.14.1-add-pegwsmserver-to-ldd-libs.patch
+++ b/SOURCES/pegasus-2.14.1-add-pegwsmserver-to-ldd-libs.patch
@ -0,0 +1,10 @@
 diff -up pegasus/src/Pegasus/ExportClient/tests/libraries.mak.orig pegasus/src/Pegasus/ExportClient/tests/libraries.mak
 --- pegasus/src/Pegasus/ExportClient/tests/libraries.mak.orig	2020-11-26 10:20:13.938292092 +0100
 +++ pegasus/src/Pegasus/ExportClient/tests/libraries.mak	2020-11-26 10:25:30.248432039 +0100
@@ -35,4 +35,5 @@ LIBRARIES= \
     pegrepository \
     pegconfig \
     pegclient \
 -    pegcommon
 +    pegcommon \
 +    pegwsmserver
--- a/SOURCES/pegasus-2.14.1-fix-Wreserved-user-defined-literal.patch
+++ b/SOURCES/pegasus-2.14.1-fix-Wreserved-user-defined-literal.patch
@ -0,0 +1,22 @@
 --- pegasus/src/Pegasus/Common/InternalException.cpp.orig	2020-03-25 04:14:59.507215411 +0000
 +++ pegasus/src/Pegasus/Common/InternalException.cpp	2020-03-25 04:06:31.545770255 +0000
@@ -982,7 +982,7 @@ SocketWriteError::~SocketWriteError()
 //     PEGASUS_MAXELEMENTS_NUM HTTP header fields in a single HTTP message
 //==============================================================================
 TooManyHTTPHeadersException::TooManyHTTPHeadersException()
 -    : Exception("more than "PEGASUS_MAXELEMENTS
 +    : Exception("more than " PEGASUS_MAXELEMENTS
                     " header fields detected in HTTP message")
 {
 }
 --- pegasus/src/Pegasus/Client/tests/slp/slpclient.cpp.orig	2020-03-25 04:21:46.078970915 +0000
 +++ pegasus/src/Pegasus/Client/tests/slp/slpclient.cpp	2020-03-25 04:22:16.302878401 +0000
@@ -49,7 +49,7 @@ int main(int argc, char** argv)
         Array<Attribute> criteria;
         Attribute attr(
 -            PEG_WBEM_SLP_SERVICE_ID"="PEG_WBEM_SLP_SERVICE_ID_DEFAULT);
 +            PEG_WBEM_SLP_SERVICE_ID"=" PEG_WBEM_SLP_SERVICE_ID_DEFAULT);
         Array<CIMServerDescription> connections;
         SLPClientOptions* opts = (SLPClientOptions*)NULL;
         if (argc == 2)
--- a/SOURCES/pegasus-2.14.1-ssl-certs-gen-changes.patch
+++ b/SOURCES/pegasus-2.14.1-ssl-certs-gen-changes.patch
@ -0,0 +1,175 @@
 diff -up pegasus/Makefile.Release.orig pegasus/Makefile.Release
 --- pegasus/Makefile.Release.orig	2025-04-02 09:41:58.144585088 +0200
 +++ pegasus/Makefile.Release	2025-04-02 09:50:05.938271446 +0200
@@ -446,6 +446,10 @@ stage_genOpenPegasusSSLCertsFile: FORCE
              $(PEGASUS_STAGING_DIR)$(PEGASUS_SCRIPT_DIR)/genOpenPegasusSSLCerts
 	@$(ECHO-E) "#" >> \
              $(PEGASUS_STAGING_DIR)$(PEGASUS_SCRIPT_DIR)/genOpenPegasusSSLCerts
 +	@$(ECHO-E) "set -e" >> \
 +             $(PEGASUS_STAGING_DIR)$(PEGASUS_SCRIPT_DIR)/genOpenPegasusSSLCerts
 +	@$(ECHO-E) "#" >> \
 +             $(PEGASUS_STAGING_DIR)$(PEGASUS_SCRIPT_DIR)/genOpenPegasusSSLCerts
 	@$(ECHO-E) "PEGASUS_PEM_DIR=$(PEGASUS_PEM_DIR)" >> \
              $(PEGASUS_STAGING_DIR)$(PEGASUS_SCRIPT_DIR)/genOpenPegasusSSLCerts
 	@$(ECHO-E) "PEGASUS_CONFIG_DIR=$(PEGASUS_CONFIG_DIR)" >> \
@@ -458,6 +462,8 @@ stage_genOpenPegasusSSLCertsFile: FORCE
              $(PEGASUS_STAGING_DIR)$(PEGASUS_SCRIPT_DIR)/genOpenPegasusSSLCerts
 	@$(ECHO-E) "PEGASUS_SSL_TRUSTSTORE=$(PEGASUS_SSL_TRUSTSTORE)" >> \
              $(PEGASUS_STAGING_DIR)$(PEGASUS_SCRIPT_DIR)/genOpenPegasusSSLCerts
 +	@$(ECHO-E) "DAYS=3650" >> \
 +             $(PEGASUS_STAGING_DIR)$(PEGASUS_SCRIPT_DIR)/genOpenPegasusSSLCerts
 	@$(CAT) $(ROOT)/rpm/tog-specfiles/tog-pegasus-genSSLCerts.spec >> \
              $(PEGASUS_STAGING_DIR)$(PEGASUS_SCRIPT_DIR)/genOpenPegasusSSLCerts
 diff -up pegasus/rpm/tog-specfiles/tog-pegasus-genSSLCerts.spec.orig pegasus/rpm/tog-specfiles/tog-pegasus-genSSLCerts.spec
 --- pegasus/rpm/tog-specfiles/tog-pegasus-genSSLCerts.spec.orig	2014-09-10 18:15:40.000000000 +0200
 +++ pegasus/rpm/tog-specfiles/tog-pegasus-genSSLCerts.spec	2025-04-02 09:54:27.678967236 +0200
@@ -29,16 +29,6 @@ function create_ssl_cnf #(config_file, C
             $PEGASUS_CONFIG_DIR/$SSL_CFG
     echo "OU                     = The OpenPegasus Project" >> \
             $PEGASUS_CONFIG_DIR/$SSL_CFG
 -    DN=`hostname`;
 -    if [ -z "$DN" ] || [ "$DN" = "(none)" ]; then
 -            DN='localhost.localdomain';
 -    fi;
 -    FQDN=`{ host -W1 $DN 2>/dev/null || echo "$DN has address "; } |\
 -            grep 'has address' | head -1 | sed 's/\ .*$//'`;
 -    if [ -z "$FQDN" ] ; then
 -        FQDN="$DN";
 -    fi;
 -    # cannot use 'hostname --fqdn' because this can hang indefinitely
     # Hack the $CA onto the end of the CN so we differentiate the issuer
     # of the signature from the subject
     echo "CN                     = $FQDN$CA"  >> $PEGASUS_CONFIG_DIR/$SSL_CFG
@@ -52,27 +42,26 @@ function create_ssl_cnf #(config_file, C
     echo "basicConstraints = CA:TRUE" >> $PEGASUS_CONFIG_DIR/$SSL_CFG
 }
 -cnfChanged=0;
 -if [ ! -e $PEGASUS_CONFIG_DIR/ssl-ca.cnf ] ||
 -   [ ! -e $PEGASUS_CONFIG_DIR/ssl-service.cnf ] ||
 -   [ ! -e $PEGASUS_CONFIG_DIR/server.pem ] ||
 -   [ ! -e $PEGASUS_CONFIG_DIR/file.pem ]  ||
 -   [ ! -e $PEGASUS_CONFIG_DIR/client.pem ]; then
 -
 -    mkdir -p ${PEGASUS_INSTALL_LOG%/*}
 -    mkdir -p $PEGASUS_CONFIG_DIR
 +function selfsign_sscg()
 +{
 +    sscg --quiet \
 +         --lifetime "${DAYS}" \
 +         --cert-key-file "${PEGASUS_PEM_DIR}"/"${PEGASUS_SSL_KEY_FILE}" \
 +         --cert-file "${PEGASUS_PEM_DIR}/${PEGASUS_SSL_CERT_FILE}" \
 +         --ca-file "${PEGASUS_PEM_DIR}"/ca.crt \
 +         --hostname "${FQDN}" \
 +         --country "UK" \
 +         --state "Berkshire" \
 +         --locality "Reading" \
 +         --organization "The Open Group" \
 +         --organizational-unit "The OpenPegasus Project"
 +}
 -    create_ssl_cnf ssl-ca.cnf CA
 -    create_ssl_cnf ssl-service.cnf
 -
 -    chmod 400 $PEGASUS_CONFIG_DIR/ssl-*.cnf
 -    chown root $PEGASUS_CONFIG_DIR/ssl-*.cnf
 -    chgrp root $PEGASUS_CONFIG_DIR/ssl-*.cnf
 -    cnfChanged=1;
 -fi
 -if [ $cnfChanged -eq 1 ] || \
 -         [ ! -e $PEGASUS_PEM_DIR/$PEGASUS_SSL_CERT_FILE ] || \
 -         [ ! -e $PEGASUS_PEM_DIR/$PEGASUS_SSL_KEY_FILE ]; then
 +function selfsign_openssl()
 +{
 +    # Get minimum RSA key length at current security level
 +    # This workarounds openssl not enforcing min. key length enforced by current security level
 +    KEYSIZE=`grep min_rsa_size /etc/crypto-policies/state/CURRENT.pol | cut -d ' ' -f 3`
     # Restrict access of the key to root
     OLDUMASK=`umask`
@@ -81,28 +70,34 @@ if [ $cnfChanged -eq 1 ] || \
     # Create private key for the CA certificate
     TMPKEY=`mktemp --tmpdir=$PEGASUS_PEM_DIR XXXXXXXXXXXX`
 -    /usr/bin/openssl genrsa -out $TMPKEY 2048
 +    /usr/bin/openssl genrsa -out $TMPKEY $KEYSIZE
     # Restore the umask for the other files
     umask $OLDUMASK
     # Create CA certificate:
 -    /usr/bin/openssl req -new -x509 -days 3650 \
 -                         -config $PEGASUS_CONFIG_DIR/ssl-ca.cnf \
 +    # Hack the $CA onto the end of the CN so we differentiate the issuer
 +    # of the signature from the subject
 +    /usr/bin/openssl req -new -x509 -days $DAYS \
 +                         -subj "/C=UK/ST=Berkshire/L=Reading/O=The Open Group/OU=The OpenPegasus Project/CN=${FQDN}CA" \
 +                         -addext "subjectKeyIdentifier = hash" \
 +                         -addext "authorityKeyIdentifier = keyid:always,issuer" \
 +                         -addext "basicConstraints = CA:TRUE" \
                          -key $TMPKEY \
                          -out $PEGASUS_PEM_DIR/ca.crt \
     # Create private key for the service certificate
 -    /usr/bin/openssl genrsa -out $PEGASUS_PEM_DIR/$PEGASUS_SSL_KEY_FILE 2048
 +    /usr/bin/openssl genrsa -out $PEGASUS_PEM_DIR/$PEGASUS_SSL_KEY_FILE $KEYSIZE
     # Create a signing request for the service certificate
     /usr/bin/openssl req -new \
 -                         -config $PEGASUS_CONFIG_DIR/ssl-service.cnf \
 +                         -subj "/C=UK/ST=Berkshire/L=Reading/O=The Open Group/OU=The OpenPegasus Project/CN=$FQDN" \
 +                         -addext "basicConstraints = CA:FALSE" \
                          -key $PEGASUS_PEM_DIR/$PEGASUS_SSL_KEY_FILE \
                          -out $PEGASUS_PEM_DIR/server.csr
     # Sign the request with the CA certificate
 -    /usr/bin/openssl x509 -req -days 3650 \
 +    /usr/bin/openssl x509 -req -days $DAYS \
                           -in $PEGASUS_PEM_DIR/server.csr \
                           -CA $PEGASUS_PEM_DIR/ca.crt \
                           -CAkey $TMPKEY \
@@ -128,6 +123,43 @@ if [ $cnfChanged -eq 1 ] || \
     # long race here between the key generation and its deletion.
     # The random filename should significantly mitigate this.
     rm -f $TMPKEY
 +}
 +
 +cnfChanged=0;
 +if [ ! -e $PEGASUS_CONFIG_DIR/ssl-ca.cnf ] ||
 +   [ ! -e $PEGASUS_CONFIG_DIR/ssl-service.cnf ] ||
 +   [ ! -e $PEGASUS_CONFIG_DIR/server.pem ] ||
 +   [ ! -e $PEGASUS_CONFIG_DIR/file.pem ]  ||
 +   [ ! -e $PEGASUS_CONFIG_DIR/client.pem ]; then
 +
 +    mkdir -p ${PEGASUS_INSTALL_LOG%/*}
 +    mkdir -p $PEGASUS_CONFIG_DIR
 +
 +    DN=`hostname`;
 +    if [ -z "$DN" ] || [ "$DN" = "(none)" ]; then
 +            DN='localhost.localdomain';
 +    fi;
 +    FQDN=`{ host -W1 $DN 2>/dev/null || echo "$DN has address "; } |\
 +            grep 'has address' | head -1 | sed 's/\ .*$//'`;
 +    if [ -z "$FQDN" ] ; then
 +        FQDN="$DN";
 +    fi;
 +    # cannot use 'hostname --fqdn' because this can hang indefinitely
 +
 +    create_ssl_cnf ssl-ca.cnf CA
 +    create_ssl_cnf ssl-service.cnf
 +
 +    chmod 400 $PEGASUS_CONFIG_DIR/ssl-*.cnf
 +    chown root $PEGASUS_CONFIG_DIR/ssl-*.cnf
 +    chgrp root $PEGASUS_CONFIG_DIR/ssl-*.cnf
 +    cnfChanged=1;
 +fi
 +if [ $cnfChanged -eq 1 ] || \
 +         [ ! -e $PEGASUS_PEM_DIR/$PEGASUS_SSL_CERT_FILE ] || \
 +         [ ! -e $PEGASUS_PEM_DIR/$PEGASUS_SSL_KEY_FILE ]; then
 +
 +    # If sscg fails, try openssl
 +    selfsign_sscg || selfsign_openssl
 fi;
 if [ ! -e $PEGASUS_PEM_DIR/$PEGASUS_SSL_TRUSTSTORE ]; then
--- a/SOURCES/pegasus-snmp-disable-des.patch
+++ b/SOURCES/pegasus-snmp-disable-des.patch
@ -0,0 +1,55 @@
 This patch is required because net-smp is not build with DES support,
 so usmDESPrivProtocol is not available.
 diff -up pegasus/src/Pegasus/Handler/snmpIndicationHandler/snmpDeliverTrap_netsnmp.cpp.orig pegasus/src/Pegasus/Handler/snmpIndicationHandler/snmpDeliverTrap_netsnmp.cpp
 --- pegasus/src/Pegasus/Handler/snmpIndicationHandler/snmpDeliverTrap_netsnmp.cpp.orig	2021-06-23 09:57:12.052712533 +0200
 +++ pegasus/src/Pegasus/Handler/snmpIndicationHandler/snmpDeliverTrap_netsnmp.cpp	2021-06-23 10:06:19.893857294 +0200
@@ -247,6 +247,16 @@ void snmpDeliverTrap_netsnmp::_createSes
 #ifdef PEGASUS_ENABLE_NET_SNMPV3 
         case _SNMPv3_TRAP:
         {
 +            if(snmpSecPrivProto == 1)
 +            {
 +                //DES is no longer supported.
 +                PEG_METHOD_EXIT();
 +                throw PEGASUS_CIM_EXCEPTION_L(CIM_ERR_NOT_SUPPORTED,
 +                    MessageLoaderParms(
 +                        _MSG_DES_NOT_SUPPORTED_KEY,
 +                        _MSG_DES_NOT_SUPPORTED));
 +            }
 +
             snmpSession.version = SNMP_VERSION_3;
             CString securityNameCStr = securityName.getCString();
             size_t securityNameLen = strlen(securityNameCStr);
@@ -321,14 +331,7 @@ void snmpDeliverTrap_netsnmp::_createSes
             SNMP_FREE(snmpSession.securityPrivProto);
             //Privacy
 -            if(snmpSecPrivProto == 1) //DES
 -            {
 -                snmpSession.securityPrivProto = snmp_duplicate_objid(
 -                    usmDESPrivProtocol,
 -                    USM_PRIV_PROTO_DES_LEN);
 -                snmpSession.securityPrivProtoLen = USM_PRIV_PROTO_DES_LEN;
 -            }
 -            else if(snmpSecPrivProto == 2) // AES
 +            if(snmpSecPrivProto == 2) // AES
             {
                 snmpSession.securityPrivProto = snmp_duplicate_objid(
                     usmAESPrivProtocol,
 diff -up pegasus/src/Pegasus/Handler/snmpIndicationHandler/snmpDeliverTrap_netsnmp.h.orig pegasus/src/Pegasus/Handler/snmpIndicationHandler/snmpDeliverTrap_netsnmp.h
 --- pegasus/src/Pegasus/Handler/snmpIndicationHandler/snmpDeliverTrap_netsnmp.h.orig	2021-06-23 09:57:54.014119384 +0200
 +++ pegasus/src/Pegasus/Handler/snmpIndicationHandler/snmpDeliverTrap_netsnmp.h	2021-06-23 10:05:04.489320833 +0200
@@ -64,6 +64,12 @@ static const char _MSG_VERSION_NOT_SUPPO
     "Handler.snmpIndicationHandler.snmpDeliverTrap_netsnmp."
         "_MSG_VERSION_NOT_SUPPORTED";
 +static const char _MSG_DES_NOT_SUPPORTED[] =
 +    "DES support is disabled in SNMP.";
 +static const char _MSG_DES_NOT_SUPPORTED_KEY[] =
 +    "Handler.snmpIndicationHandler.snmpDeliverTrap_netsnmp."
 +        "_MSG_DES_NOT_SUPPORTED";
 +
 static const char _MSG_SESSION_SEND_FAILED[] =
     "Snmp Indication Handler failed to send the trap: ";
 static const char _MSG_SESSION_SEND_FAILED_KEY[] =
--- a/SOURCES/tog-pegasus.service
+++ b/SOURCES/tog-pegasus.service
@ -6,7 +6,7 @@ After=syslog.target slpd.service
 Type=forking
 ExecStartPre=/usr/share/Pegasus/scripts/generate-certs
 ExecStart=/usr/sbin/cimserver
-PIDFile=/var/run/tog-pegasus/cimserver.pid
+PIDFile=/run/tog-pegasus/cimserver.pid
 [Install]
 WantedBy=multi-user.target
--- a/SPECS/tog-pegasus.spec
+++ b/SPECS/tog-pegasus.spec
@ -8,11 +8,10 @@
 Name:           tog-pegasus
 Version:        %{major_ver}.1
-Release:        46%{?dist}
+Release:        65%{?dist}
 Epoch:          2
 Summary:        OpenPegasus WBEM Services for Linux
 Group:          System Environment/Daemons
 License:        MIT
 URL:            http://www.openpegasus.org
 Source0:        https://collaboration.opengroup.org/pegasus/documents/27211/pegasus-%{version}.tar.gz
@ -98,9 +97,18 @@ Patch40:        pegasus-2.14.1-tesid.patch
 Patch41:        pegasus-2.14.1-ssl-cert-path.patch
 # 42: port to openssl-1.1
 Patch42:        pegasus-2.14.1-openssl-1.1-fix.patch
-# 43: comply with system crypto policy
+# 43: fix -Wreserved-user-defined-literal warnings which prevents building with clang
 Patch43:        pegasus-2.14.1-fix-Wreserved-user-defined-literal.patch
 # 44: comply with Fedora crypto policy
 #  (use 'PROFILE=SYSTEM' instead of 'DEFAULT' in SSL_CTX_set_cipher_list calls)
-Patch43:        pegasus-2.14.1-crypto-policy-compliance.patch
+Patch44:        pegasus-2.14.1-crypto-policy-compliance.patch
 # 45: add required lib to fix FTBS
 Patch45:        pegasus-2.14.1-add-pegwsmserver-to-ldd-libs.patch
 # 46: Remove DES support.
 Patch46:        pegasus-snmp-disable-des.patch
 # 47: use sscg to generate cert, openssl as fallback, obtain correct key length
 #  based upon crypto policy level
 Patch47:        pegasus-2.14.1-ssl-certs-gen-changes.patch
 BuildRequires:  procps, libstdc++, pam-devel
 BuildRequires:  openssl, openssl-devel
@ -126,7 +134,6 @@ sources.
 %package devel
 Summary:        The OpenPegasus Software Development Kit
 Group:          Development/Tools
 Requires:       tog-pegasus >= %{version}-%{release}
 Obsoletes:      tog-pegasus-sdk
@ -138,7 +145,6 @@ supports C provider developers via the CMPI interface.
 %package libs
 Summary:        The OpenPegasus Libraries
 Group:          System Environment/Libraries
 Conflicts:      libcmpiCppImpl0
 Requires(pre):  /usr/sbin/useradd
 Requires(pre):  /usr/sbin/groupadd
@ -150,7 +156,6 @@ The OpenPegasus libraries.
 %if %{PEGASUS_BUILD_TEST_RPM}
 %package test
 Summary:        The OpenPegasus Tests
 Group:          Development/Debug
 Requires:       tog-pegasus >= %{version}-%{release}, make
 Requires:       %{name}-libs = %{epoch}:%{version}-%{release}
@ -228,33 +233,37 @@ The OpenPegasus WBEM tests for the OpenPegasus %{version} Linux rpm.
 # convert DMTF schema for Pegasus
 export PEGASUS_ROOT=%PEGASUS_RPM_ROOT
 yes | mak/CreateDmtfSchema 238 %{SOURCE9} cim_schema_2.38.0
-%patch1 -p1 -b .no-rpath
+%patch -P1 -p1 -b .no-rpath
-%patch2 -p1 -b .PIE
+%patch -P2 -p1 -b .PIE
-%patch3 -p1 -b .redhat-config
+%patch -P3 -p1 -b .redhat-config
-%patch4 -p1 -b .cmpi-provider-lib
+%patch -P4 -p1 -b .cmpi-provider-lib
-%patch6 -p1 -b .pam-wbem
+%patch -P6 -p1 -b .pam-wbem
-%patch12 -p1 -b .snmp-tests
+%patch -P12 -p1 -b .snmp-tests
-%patch5 -p1 -b .local-or-remote-auth
+%patch -P5 -p1 -b .local-or-remote-auth
-%patch13 -p1 -b .sparc
+%patch -P13 -p1 -b .sparc
-%patch16 -p1 -b .getpagesize
+%patch -P16 -p1 -b .getpagesize
-%patch19 -p1 -b .dont-strip
+%patch -P19 -p1 -b .dont-strip
-%patch20 -p1 -b .sparc-locks
+%patch -P20 -p1 -b .sparc-locks
-%patch22 -p1 -b .null_value
+%patch -P22 -p1 -b .null_value
-%patch24 -p1 -b .empty_arrays
+%patch -P24 -p1 -b .empty_arrays
-%patch25 -p1 -b .cimmofl-allow-experimental
+%patch -P25 -p1 -b .cimmofl-allow-experimental
-%patch26 -p1 -b .schema-version-and-includes
+%patch -P26 -p1 -b .schema-version-and-includes
-%patch29 -p1 -b .enable-subscriptions-for-nonprivileged-users
+%patch -P29 -p1 -b .enable-subscriptions-for-nonprivileged-users
-%patch33 -p1 -b .gcc5-build
+%patch -P33 -p1 -b .gcc5-build
-%patch34 -p1 -b .build-fixes
+%patch -P34 -p1 -b .build-fixes
-%patch35 -p1 -b .ssl-include
+%patch -P35 -p1 -b .ssl-include
-%patch36 -p1 -b .snmpv3-trap
+%patch -P36 -p1 -b .snmpv3-trap
-%patch37 -p1 -b .fix-setup-sdk
+%patch -P37 -p1 -b .fix-setup-sdk
-%patch38 -p1 -b .cimconfig-man-page-fixes
+%patch -P38 -p1 -b .cimconfig-man-page-fixes
-%patch39 -p1 -b .fix-setup-sdk-ppc64le
+%patch -P39 -p1 -b .fix-setup-sdk-ppc64le
-%patch40 -p1 -b .testid
+%patch -P40 -p1 -b .testid
-%patch41 -p1 -b .ssl-cert-path
+%patch -P41 -p1 -b .ssl-cert-path
-%patch42 -p1 -b .openssl-1.1-fix
+%patch -P42 -p1 -b .openssl-1.1-fix
-%patch43 -p1 -b .crypto-policy-compliance
+%patch -P43 -p1 -b .Wreserved-user-defined-literal-fix
 %patch -P44 -p1 -b .crypto-policy-compliance
 %patch -P45 -p1 -b .add-pegwsmserver-to-ldd-libs
 %patch -P46 -p1 -b .snmp-disable-des
 %patch -P47 -p1 -b .ssl-certs-gen-changes
 %build
@ -275,16 +284,16 @@ export LD_LIBRARY_PATH=$PEGASUS_HOME/lib
 export PATH=$PEGASUS_HOME/bin:$PATH
 export PEGASUS_EXTRA_C_FLAGS="$RPM_OPT_FLAGS -fPIC -g -Wall -Wno-unused -fno-strict-aliasing"
-export PEGASUS_EXTRA_CXX_FLAGS="$PEGASUS_EXTRA_C_FLAGS"
+export PEGASUS_EXTRA_CXX_FLAGS="$PEGASUS_EXTRA_C_FLAGS -std=c++14"
-export PEGASUS_EXTRA_LINK_FLAGS="$RPM_OPT_FLAGS"
+export PEGASUS_EXTRA_LINK_FLAGS="$RPM_OPT_FLAGS -Wl,-z,now"
 export PEGASUS_EXTRA_PROGRAM_LINK_FLAGS="-g -pie -Wl,-z,relro,-z,now,-z,nodlopen,-z,noexecstack"
 export SYS_INCLUDES=-I/usr/kerberos/include
-make %{?_smp_mflags} -f ${PEGASUS_ROOT}/Makefile.Release create_ProductVersionFile
+%make_build -f ${PEGASUS_ROOT}/Makefile.Release create_ProductVersionFile
-make %{?_smp_mflags} -f ${PEGASUS_ROOT}/Makefile.Release create_CommonProductDirectoriesInclude
+%make_build -f ${PEGASUS_ROOT}/Makefile.Release create_CommonProductDirectoriesInclude
-make %{?_smp_mflags} -f ${PEGASUS_ROOT}/Makefile.Release create_ConfigProductDirectoriesInclude
+%make_build -f ${PEGASUS_ROOT}/Makefile.Release create_ConfigProductDirectoriesInclude
-make %{?_smp_mflags} -f ${PEGASUS_ROOT}/Makefile.Release all
+%make_build -f ${PEGASUS_ROOT}/Makefile.Release all
-make %{?_smp_mflags} -f ${PEGASUS_ROOT}/Makefile.Release repository
+%make_build -f ${PEGASUS_ROOT}/Makefile.Release repository
 %install
@ -488,7 +497,7 @@ fi
 :;
 %preun
-%systemd_preun stop tog-pegasus.service
+%systemd_preun tog-pegasus.service
 if [ $1 -eq 0 ]; then                  
   # Package removal, not upgrade     
   rm -rf /var/run/tog-pegasus
@ -556,17 +565,82 @@ fi
 %changelog
-* Mon Jun 29 2020 Vitezslav Crhonek <vcrhonek@redhat.com> - 2:2.14.1-46
+* Fri Apr 11 2025 Vitezslav Crhonek <vcrhonek@redhat.com> - 2:2.14.1-65
- Comply with system crypto policy
+- Update OpenSSL certificates set up
-  Resolves: #1842838
+  Resolves: RHEL-81721
 - Remove deprecated path from systemd service file
  Resolves: RHEL-81716
-* Tue May 05 2020 Vitezslav Crhonek <vcrhonek@redhat.com> - 2:2.14.1-45
+* Tue Feb 01 2022 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.14.1-64
 - Fix build flags
  Resolves: #2044895
 - Fix preun systemd macro call
  Resolves: #2048002
 * Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 2:2.14.1-63
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
  Related: rhbz#1991688
 * Thu Jul 22 2021 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.14.1-62
 - Improve error message without DES support in SNMP
  Resolves: rhbz#1972623
 * Wed Jun 16 2021 Florian Weimer <fweimer@redhat.com> - 2:2.14.1-61
 - Port to net-snmp without DES support (#1958073)
 * Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 2:2.14.1-60
 - Rebuilt for RHEL 9 BETA for openssl 3.0
  Related: rhbz#1971065
 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2:2.14.1-59
 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
 * Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2:2.14.1-58
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
 * Thu Nov 26 2020 Vitezslav Crhonek <vcrhonek@redhat.com> - 2:2.14.1-57
 - Fix FTBFS
 - Use make macros, patch by Tom Stellard <tstellar@redhat.com>
 * Thu Aug 27 2020 Josef Řídký <jridky@redhat.com> - 2:2.14.1-56
 - Rebuilt for new net-snmp release
 * Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2:2.14.1-55
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 * Tue Jul 28 2020 Jeff Law <law@redhat.com> - 2:2.14.1-54
 - Force C++14 as this code is not C++17 ready
 * Thu Jun 25 2020 Vitezslav Crhonek <vcrhonek@redhat.com> - 2:2.14.1-53
 - Comply with Fedora crypto policy
 * Wed Mar 25 2020 Tom Stellard <tstellar@redhat.com> - 2:2.14.1-52
 - Fix -Wreserved-user-defined-literal warnings
 * Thu Feb 27 2020 Vitezslav Crhonek <vcrhonek@redhat.com> - 2:2.14.1-51
 - Fix tmpfiles path
  Resolves: #1805977
-* Wed Aug 01 2018 Vitezslav Crhonek <vcrhonek@redhat.com> - 2:2.14.1-44
+* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2:2.14.1-50
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
 * Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2:2.14.1-49
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
 * Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2:2.14.1-48
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
 * Mon Jan 14 2019 Björn Esser <besser82@fedoraproject.org> - 2:2.14.1-47
 - Rebuilt for libcrypt.so.2 (#1666033)
 * Wed Aug 01 2018 Vitezslav Crhonek <vcrhonek@redhat.com> - 2:2.14.1-46
 - Review and fix %%files section because of failing rpm -V
 * Tue Jul 24 2018 Adam Williamson <awilliam@redhat.com> - 2:2.14.1-45
 - Rebuild for new net-snmp
 * Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2:2.14.1-44
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
 * Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2:2.14.1-43
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild