From c9caed71f65d617ee2664e6b117c798168bb59b7 Mon Sep 17 00:00:00 2001 From: MSVSphere Packaging Team Date: Tue, 26 Nov 2024 16:52:44 +0300 Subject: [PATCH] import ktls-utils-0.11-1.el10 --- .gitignore | 1 + .ktls-utils.metadata | 1 + SOURCES/ktls-utils-0.11-openscanhub.patch | 88 ++++++++++++++++ SPECS/ktls-utils.spec | 116 ++++++++++++++++++++++ 4 files changed, 206 insertions(+) create mode 100644 .gitignore create mode 100644 .ktls-utils.metadata create mode 100644 SOURCES/ktls-utils-0.11-openscanhub.patch create mode 100644 SPECS/ktls-utils.spec diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..6f36639 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/ktls-utils-0.11.tar.gz diff --git a/.ktls-utils.metadata b/.ktls-utils.metadata new file mode 100644 index 0000000..3d7035e --- /dev/null +++ b/.ktls-utils.metadata @@ -0,0 +1 @@ +47ca531793bca179280c02768e94a2f67f1ded07 SOURCES/ktls-utils-0.11.tar.gz diff --git a/SOURCES/ktls-utils-0.11-openscanhub.patch b/SOURCES/ktls-utils-0.11-openscanhub.patch new file mode 100644 index 0000000..891baca --- /dev/null +++ b/SOURCES/ktls-utils-0.11-openscanhub.patch @@ -0,0 +1,88 @@ +diff --git a/src/tlshd/config.c b/src/tlshd/config.c +index 7b6a533..fae83b3 100644 +--- a/src/tlshd/config.c ++++ b/src/tlshd/config.c +@@ -186,6 +186,7 @@ bool tlshd_config_get_client_truststore(char **bundle) + return false; + } else if (access(pathname, F_OK)) { + tlshd_log_debug("client x509.truststore pathname \"%s\" is not accessible", pathname); ++ g_free(pathname); + return false; + } + +@@ -222,6 +223,7 @@ bool tlshd_config_get_client_certs(gnutls_pcert_st *certs, + return false; + } else if (access(pathname, F_OK)) { + tlshd_log_debug("client x509.certificate pathname \"%s\" is not accessible", pathname); ++ g_free(pathname); + return false; + } + +@@ -268,7 +270,8 @@ bool tlshd_config_get_client_privkey(gnutls_privkey_t *privkey) + g_error_free(error); + return false; + } else if (access(pathname, F_OK)) { +- tlshd_log_debug("client x095.private_key pathname \"%s\" is not accessible", pathname); ++ tlshd_log_debug("client x509.private_key pathname \"%s\" is not accessible", pathname); ++ g_free(pathname); + return false; + } + +@@ -321,6 +324,7 @@ bool tlshd_config_get_server_truststore(char **bundle) + return false; + } else if (access(pathname, F_OK)) { + tlshd_log_debug("server x509.truststore pathname \"%s\" is not accessible", pathname); ++ g_free(pathname); + return false; + } + +@@ -357,6 +361,7 @@ bool tlshd_config_get_server_certs(gnutls_pcert_st *certs, + return false; + } else if (access(pathname, F_OK)) { + tlshd_log_debug("server x509.certificate pathname \"%s\" is not accessible", pathname); ++ g_free(pathname); + return false; + } + +@@ -378,6 +383,7 @@ bool tlshd_config_get_server_certs(gnutls_pcert_st *certs, + + tlshd_log_debug("Retrieved %u x.509 server certificate(s) from %s", + *certs_len, pathname); ++ g_free(pathname); + return true; + } + +@@ -403,6 +409,7 @@ bool tlshd_config_get_server_privkey(gnutls_privkey_t *privkey) + return false; + } else if (access(pathname, F_OK)) { + tlshd_log_debug("server x509.privkey pathname \"%s\" is not accessible", pathname); ++ g_free(pathname); + return false; + } + +diff --git a/src/tlshd/handshake.c b/src/tlshd/handshake.c +index 50c2f62..768dac2 100644 +--- a/src/tlshd/handshake.c ++++ b/src/tlshd/handshake.c +@@ -59,7 +59,7 @@ static void tlshd_save_nagle(gnutls_session_t session, int *saved) + int ret; + + +- len = sizeof(saved); ++ len = sizeof(*saved); + ret = getsockopt(gnutls_transport_get_int(session), + IPPROTO_TCP, TCP_NODELAY, saved, &len); + if (ret < 0) { +diff --git a/src/tlshd/netlink.c b/src/tlshd/netlink.c +index 2e206f6..439904c 100644 +--- a/src/tlshd/netlink.c ++++ b/src/tlshd/netlink.c +@@ -269,7 +269,7 @@ static int tlshd_genl_valid_handler(struct nl_msg *msg, void *arg) + tlshd_parse_certificate(parms, tb[HANDSHAKE_A_ACCEPT_CERTIFICATE]); + + if (peername) +- strcpy(tlshd_peername, peername); ++ strncpy(tlshd_peername, peername, sizeof(tlshd_peername) - 1); + else { + err = getnameinfo(parms->peeraddr, parms->peeraddr_len, + tlshd_peername, sizeof(tlshd_peername), diff --git a/SPECS/ktls-utils.spec b/SPECS/ktls-utils.spec new file mode 100644 index 0000000..a76983f --- /dev/null +++ b/SPECS/ktls-utils.spec @@ -0,0 +1,116 @@ +## START: Set by rpmautospec +## (rpmautospec version 0.6.5) +## RPMAUTOSPEC: autorelease, autochangelog +%define autorelease(e:s:pb:n) %{?-p:0.}%{lua: + release_number = 1; + base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}")); + print(release_number + base_release_number - 1); +}%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}} +## END: Set by rpmautospec + +%global forgeurl https://github.com/oracle/ktls-utils +%global baseversion 0.11 + +Name: ktls-utils +Version: %{baseversion} +# Using a base release of 3 to continue the sequence from the SRPM taken +# from Fedora ELN. +Release: %{autorelease} +Summary: TLS handshake agent for kernel sockets + +%forgemeta + +License: GPL-2.0-only AND (GPL-2.0-only OR BSD-3-Clause) +URL: %{forgeurl} + +# FIXME: is this a bug in the tagging scheme or forgesource macro? +Source0: %{forgeurl}/releases/download/%{name}-%{baseversion}/%{name}-%{baseversion}.tar.gz + +Patch0: ktls-utils-0.11-openscanhub.patch + +BuildRequires: bash systemd-rpm-macros +BuildRequires: gcc make coreutils +BuildRequires: pkgconfig(gnutls) >= 3.3.0 +BuildRequires: autoconf >= 2.69 +BuildRequires: automake +BuildRequires: pkgconfig(libkeyutils) +BuildRequires: pkgconfig(glib-2.0) >= 2.6 +BuildRequires: pkgconfig(libnl-3.0) >= 3.1 + +%description +In-kernel TLS consumers need a mechanism to perform TLS handshakes +on a connected socket to negotiate TLS session parameters that can +then be programmed into the kernel's TLS record protocol engine. + +This package of software provides a TLS handshake user agent that +listens for kernel requests and then materializes a user space +socket endpoint on which to perform these handshakes. The resulting +negotiated session parameters are passed back to the kernel via +standard kTLS socket options. + +%prep +%setup -q -n %{name}-%{baseversion} +%autopatch -p1 + +%build +./autogen.sh +%configure --with-systemd +%make_build + +%install +%make_install + +%files +%config(noreplace) %{_sysconfdir}/tlshd.conf +%{_sbindir}/tlshd +%{_mandir}/man5/tlshd.conf.5.gz +%{_mandir}/man8/tlshd.8.gz +%{_unitdir}/tlshd.service +%license COPYING +%doc README.md +%doc SECURITY.md + +%post +%systemd_post tlshd.service + +%preun +%systemd_preun tlshd.service + +%postun +%systemd_postun_with_restart tlshd.service + +%changelog +* Tue Nov 26 2024 MSVSphere Packaging Team - 0.11-1 +- Rebuilt for MSVSphere 10 + +## START: Generated by rpmautospec +* Wed Jul 17 2024 Scott Mayhew - 0.11-1 +- Update to 0.11 (RHEL-48604) +- Also fix some OpenScanHub warnings. + +* Mon Jun 24 2024 Troy Dawson - 0.10-6 +- Bump release for June 2024 mass rebuild + +* Thu Jun 13 2024 Scott Mayhew - 0.10-5 +- Add initial gating for RHEL 10 + +* Tue Jun 11 2024 Scott Mayhew - 0.10-4 +- spec: update autorelease to continue the sequence from the base SRPM + taken from Fedora ELN. + +* Thu Jan 25 2024 Fedora Release Engineering - 0.10-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Sun Jan 21 2024 Fedora Release Engineering - 0.10-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Sat Oct 07 2023 Steve Dickson - 0.10-1 +- Updated to the latest upstream release: 0.10 + +* Thu Jul 20 2023 Fedora Release Engineering - 0.9^20230627.g52ac9ff05a5e-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Tue Jun 27 2023 Jeff Layton - 0.9^20230627.g52ac9ff05a5e-1 +- Initial import (fedora#2182151) + +## END: Generated by rpmautospec