import ktls-utils-0.11-1.el10

.gitignore

@@ -0,0 +1 @@
+SOURCES/ktls-utils-0.11.tar.gz

.ktls-utils.metadata

@@ -0,0 +1 @@
+47ca531793bca179280c02768e94a2f67f1ded07 SOURCES/ktls-utils-0.11.tar.gz

SOURCES/ktls-utils-0.11-openscanhub.patch

@@ -0,0 +1,88 @@
+diff --git a/src/tlshd/config.c b/src/tlshd/config.c
+index 7b6a533..fae83b3 100644
+--- a/src/tlshd/config.c
++++ b/src/tlshd/config.c
+@@ -186,6 +186,7 @@ bool tlshd_config_get_client_truststore(char **bundle)
+ 		return false;
+ 	} else if (access(pathname, F_OK)) {
+ 		tlshd_log_debug("client x509.truststore pathname \"%s\" is not accessible", pathname);
++		g_free(pathname);
+ 		return false;
+ 	}
+ 
+@@ -222,6 +223,7 @@ bool tlshd_config_get_client_certs(gnutls_pcert_st *certs,
+ 		return false;
+ 	} else if (access(pathname, F_OK)) {
+ 		tlshd_log_debug("client x509.certificate pathname \"%s\" is not accessible", pathname);
++		g_free(pathname);
+ 		return false;
+ 	}
+ 
+@@ -268,7 +270,8 @@ bool tlshd_config_get_client_privkey(gnutls_privkey_t *privkey)
+ 		g_error_free(error);
+ 		return false;
+ 	} else if (access(pathname, F_OK)) {
+-		tlshd_log_debug("client x095.private_key pathname \"%s\" is not accessible", pathname);
++		tlshd_log_debug("client x509.private_key pathname \"%s\" is not accessible", pathname);
++		g_free(pathname);
+ 		return false;
+ 	}
+ 
+@@ -321,6 +324,7 @@ bool tlshd_config_get_server_truststore(char **bundle)
+ 		return false;
+ 	} else if (access(pathname, F_OK)) {
+ 		tlshd_log_debug("server x509.truststore pathname \"%s\" is not accessible", pathname);
++		g_free(pathname);
+ 		return false;
+ 	}
+ 
+@@ -357,6 +361,7 @@ bool tlshd_config_get_server_certs(gnutls_pcert_st *certs,
+ 		return false;
+ 	} else if (access(pathname, F_OK)) {
+ 		tlshd_log_debug("server x509.certificate pathname \"%s\" is not accessible", pathname);
++		g_free(pathname);
+ 		return false;
+ 	}
+ 
+@@ -378,6 +383,7 @@ bool tlshd_config_get_server_certs(gnutls_pcert_st *certs,
+ 
+ 	tlshd_log_debug("Retrieved %u x.509 server certificate(s) from %s",
+ 			*certs_len, pathname);
++	g_free(pathname);
+ 	return true;
+ }
+ 
+@@ -403,6 +409,7 @@ bool tlshd_config_get_server_privkey(gnutls_privkey_t *privkey)
+ 		return false;
+ 	} else if (access(pathname, F_OK)) {
+ 		tlshd_log_debug("server x509.privkey pathname \"%s\" is not accessible", pathname);
++		g_free(pathname);
+ 		return false;
+ 	}
+ 
+diff --git a/src/tlshd/handshake.c b/src/tlshd/handshake.c
+index 50c2f62..768dac2 100644
+--- a/src/tlshd/handshake.c
++++ b/src/tlshd/handshake.c
+@@ -59,7 +59,7 @@ static void tlshd_save_nagle(gnutls_session_t session, int *saved)
+ 	int ret;
+ 
+ 
+-	len = sizeof(saved);
++	len = sizeof(*saved);
+ 	ret = getsockopt(gnutls_transport_get_int(session),
+ 			 IPPROTO_TCP, TCP_NODELAY, saved, &len);
+ 	if (ret < 0) {
+diff --git a/src/tlshd/netlink.c b/src/tlshd/netlink.c
+index 2e206f6..439904c 100644
+--- a/src/tlshd/netlink.c
++++ b/src/tlshd/netlink.c
+@@ -269,7 +269,7 @@ static int tlshd_genl_valid_handler(struct nl_msg *msg, void *arg)
+ 	tlshd_parse_certificate(parms, tb[HANDSHAKE_A_ACCEPT_CERTIFICATE]);
+ 
+ 	if (peername)
+-		strcpy(tlshd_peername, peername);
++		strncpy(tlshd_peername, peername, sizeof(tlshd_peername) - 1);
+ 	else {
+ 		err = getnameinfo(parms->peeraddr, parms->peeraddr_len,
+ 				  tlshd_peername, sizeof(tlshd_peername),

SPECS/ktls-utils.spec

@@ -0,0 +1,116 @@
+## START: Set by rpmautospec
+## (rpmautospec version 0.6.5)
+## RPMAUTOSPEC: autorelease, autochangelog
+%define autorelease(e:s:pb:n) %{?-p:0.}%{lua:
+    release_number = 1;
+    base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}"));
+    print(release_number + base_release_number - 1);
+}%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}}
+## END: Set by rpmautospec
+
+%global forgeurl https://github.com/oracle/ktls-utils
+%global baseversion 0.11
+
+Name:           ktls-utils
+Version:        %{baseversion}
+# Using a base release of 3 to continue the sequence from the SRPM taken
+# from Fedora ELN.
+Release:        %{autorelease}
+Summary:        TLS handshake agent for kernel sockets
+
+%forgemeta
+
+License:        GPL-2.0-only AND (GPL-2.0-only OR BSD-3-Clause)
+URL:            %{forgeurl}
+
+# FIXME: is this a bug in the tagging scheme or forgesource macro?
+Source0:        %{forgeurl}/releases/download/%{name}-%{baseversion}/%{name}-%{baseversion}.tar.gz
+
+Patch0:		ktls-utils-0.11-openscanhub.patch
+
+BuildRequires:  bash systemd-rpm-macros
+BuildRequires:  gcc make coreutils
+BuildRequires:  pkgconfig(gnutls) >= 3.3.0
+BuildRequires:  autoconf >= 2.69
+BuildRequires:  automake
+BuildRequires:  pkgconfig(libkeyutils)
+BuildRequires:  pkgconfig(glib-2.0) >= 2.6
+BuildRequires:  pkgconfig(libnl-3.0) >= 3.1
+
+%description
+In-kernel TLS consumers need a mechanism to perform TLS handshakes
+on a connected socket to negotiate TLS session parameters that can
+then be programmed into the kernel's TLS record protocol engine.
+
+This package of software provides a TLS handshake user agent that
+listens for kernel requests and then materializes a user space
+socket endpoint on which to perform these handshakes. The resulting
+negotiated session parameters are passed back to the kernel via
+standard kTLS socket options.
+
+%prep
+%setup -q -n %{name}-%{baseversion}
+%autopatch -p1
+
+%build
+./autogen.sh
+%configure --with-systemd
+%make_build
+
+%install
+%make_install
+
+%files
+%config(noreplace) %{_sysconfdir}/tlshd.conf
+%{_sbindir}/tlshd
+%{_mandir}/man5/tlshd.conf.5.gz
+%{_mandir}/man8/tlshd.8.gz
+%{_unitdir}/tlshd.service
+%license COPYING
+%doc README.md
+%doc SECURITY.md
+
+%post
+%systemd_post tlshd.service
+
+%preun
+%systemd_preun tlshd.service
+
+%postun
+%systemd_postun_with_restart tlshd.service
+
+%changelog
+* Tue Nov 26 2024 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 0.11-1
+- Rebuilt for MSVSphere 10
+
+## START: Generated by rpmautospec
+* Wed Jul 17 2024 Scott Mayhew <smayhew@redhat.com> - 0.11-1
+- Update to 0.11 (RHEL-48604)
+- Also fix some OpenScanHub warnings.
+
+* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 0.10-6
+- Bump release for June 2024 mass rebuild
+
+* Thu Jun 13 2024 Scott Mayhew <smayhew@redhat.com> - 0.10-5
+- Add initial gating for RHEL 10
+
+* Tue Jun 11 2024 Scott Mayhew <smayhew@redhat.com> - 0.10-4
+- spec: update autorelease to continue the sequence from the base SRPM
+  taken from Fedora ELN.
+
+* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.10-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.10-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Sat Oct 07 2023 Steve Dickson <steved@redhat.com> - 0.10-1
+- Updated to the latest upstream release: 0.10
+
+* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.9^20230627.g52ac9ff05a5e-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Tue Jun 27 2023 Jeff Layton <jlayton@kernel.org> - 0.9^20230627.g52ac9ff05a5e-1
+- Initial import (fedora#2182151)
+
+## END: Generated by rpmautospec