4 changed files with 53 additions and 61 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/mod_auth_gssapi-1.6.5.tar.gz
+SOURCES/mod_auth_gssapi-1.6.3.tar.gz
--- a/.mod_auth_gssapi.metadata
+++ b/.mod_auth_gssapi.metadata
@ -1 +1 @@
-14391c699e76887a1ecfd532efad73ea9b2050f0 SOURCES/mod_auth_gssapi-1.6.5.tar.gz
+7ee7ca772b2fbfedbb98a7dc59edeb7bede27bf0 SOURCES/mod_auth_gssapi-1.6.3.tar.gz
--- a/SOURCES/crypto-Handle-EVP-changes-in-OpenSSL-3.patch
+++ b/SOURCES/crypto-Handle-EVP-changes-in-OpenSSL-3.patch
@ -0,0 +1,36 @@
 From 74fd6dc6c3ba65e48c625d4724878721c46a5e6f Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Tue, 24 Aug 2021 15:04:13 -0400
 Subject: [PATCH] crypto: Handle EVP changes in OpenSSL 3
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 OpenSSL 3 changes the padding behavior of EVP_DecryptFinal_ex(), which
 causes our decryption to fail.  It is the opnion of the OpenSSL
 developers that mod_auth_gssapi's use of this function was incorrect.
 Patch suggested by Tomáš Mráz.
 Related: https://github.com/openssl/openssl/issues/16351
 Signed-off-by: Robbie Harwood <rharwood@redhat.com>
 (cherry picked from commit 06d1f7d36d2455747e6e8231d28e6524ea1181f1)
 (cherry picked from commit 915a3d7fca3beefadd751562abe2d481354a2a9c)
 ---
 src/crypto.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/src/crypto.c b/src/crypto.c
 index 3f372a0..b3f7fd9 100644
 --- a/src/crypto.c
 +++ b/src/crypto.c
@@ -262,7 +262,7 @@ apr_status_t UNSEAL_BUFFER(apr_pool_t *p, struct seal_key *skey,
     totlen += outlen;
     outlen = plain->length - totlen;
 -    ret = EVP_DecryptFinal_ex(ctx, plain->value, &outlen);
 +    ret = EVP_DecryptFinal_ex(ctx, plain->value + totlen, &outlen);
     if (ret == 0) goto done;
     totlen += outlen;
--- a/SPECS/mod_auth_gssapi.spec
+++ b/SPECS/mod_auth_gssapi.spec
@ -1,16 +1,6 @@
 ## START: Set by rpmautospec
 ## (rpmautospec version 0.6.5)
 ## RPMAUTOSPEC: autorelease, autochangelog
 %define autorelease(e:s:pb:n) %{?-p:0.}%{lua:
    release_number = 8;
    base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}"));
    print(release_number + base_release_number - 1);
 }%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}}
 ## END: Set by rpmautospec
 Name:           mod_auth_gssapi
-Version:        1.6.5
+Version:        1.6.3
-Release:        %autorelease
+Release:        7%{?dist}
 Summary:        A GSSAPI Authentication module for Apache
 License:        MIT
@ -23,6 +13,8 @@ BuildRequires:  git
 Requires:       httpd-mmn = %{_httpd_mmn}
 Requires:       krb5-libs >= 1.11.5
 Patch0: crypto-Handle-EVP-changes-in-OpenSSL-3.patch
 # If you're reading this: NTLM is insecure.  Migrate off it.
 %if 0%{?rhel}
 %else
@ -59,54 +51,20 @@ install -m 644 10-auth_gssapi.conf %{buildroot}%{_httpd_modconfdir}
 %{_httpd_moddir}/mod_auth_gssapi.so
 %changelog
-## START: Generated by rpmautospec
+* Wed Aug 25 2021 Robbie Harwood <rharwood@redhat.com> - 1.6.3-7
-* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 1.6.5-8
+- crypto: Handle EVP changes in OpenSSL 3
- Bump release for October 2024 mass rebuild:
+- Resolves: #1992648
 * Fri Jul 05 2024 Florence Blanc-Renaud <flo@redhat.com> - 1.6.5-7
 - Fix gating
 * Fri Jul 05 2024 Sudhir Menon <sumenon@redhat.com> - 1.6.5-6
 - Added gating.yaml and test for mod_auth_gssapi
 * Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 1.6.5-5
 - Bump release for June 2024 mass rebuild
 * Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.5-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
 * Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.5-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
 * Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.5-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
 * Mon Aug 29 2022 Simo Sorce <simo@redhat.com> - 1.6.5-1
 - Update to release 1.6.5
 * Sat Aug 27 2022 Adam Williamson <awilliam@redhat.com> - 1.6.4-2
 - Disable a check added in 1.6.4 which causes crashes (#2121952)
 * Fri Aug 26 2022 Simo Sorce <simo@redhat.com> - 1.6.4-1
 - Update to new 1.6.4 release
 * Fri Aug 26 2022 Simo Sorce <simo@redhat.com> - 1.6.3-11
 - Use %%autorelease going forward
 * Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.3-8
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
 * Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.3-7
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
-* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 1.6.3-6
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.6.3-6
- Rebuilt with OpenSSL 3.0.0
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
  Related: rhbz#1991688
-* Tue Aug 24 2021 Robbie Harwood <rharwood@redhat.com> - 1.6.3-5
+* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.6.3-5
- crypto: Handle EVP changes in OpenSSL 3
+- Rebuilt for RHEL 9 BETA for openssl 3.0
  Related: rhbz#1971065
-* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.3-4
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.6.3-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
 * Tue Mar 16 2021 Robbie Harwood <rharwood@redhat.com> - 1.6.3-3
 - Build dep adjustments; no Fedora code changes
@ -245,5 +203,3 @@ install -m 644 10-auth_gssapi.conf %{buildroot}%{_httpd_modconfdir}
 * Mon Aug  4 2014 Simo Sorce <simo@redhat.com> 1.0.0-1
 - First release
 ## END: Generated by rpmautospec
`@ -1 +1 @@`
	`SOURCES/mod_auth_gssapi-1.6.5.tar.gz`	`SOURCES/mod_auth_gssapi-1.6.3.tar.gz`
`@ -1 +1 @@`
	`14391c699e76887a1ecfd532efad73ea9b2050f0 SOURCES/mod_auth_gssapi-1.6.5.tar.gz`	`7ee7ca772b2fbfedbb98a7dc59edeb7bede27bf0 SOURCES/mod_auth_gssapi-1.6.3.tar.gz`