From 79ae81324dde37677385ef98a290c89aab044c51 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 28 Mar 2023 11:31:13 +0000 Subject: [PATCH] import openwsman-2.6.8-23.el9 --- .gitignore | 2 + .openwsman.metadata | 2 + SOURCES/openwsman-2.4.0-pamsetup.patch | 13 + .../openwsman-2.4.12-ruby-binding-build.patch | 12 + SOURCES/openwsman-2.6.2-openssl-1.1-fix.patch | 127 ++++ .../openwsman-2.6.5-http-status-line.patch | 39 + ...man-2.6.5-libcurl-error-codes-update.patch | 27 + SOURCES/openwsman-2.6.8-CVE-2019-3816.patch | 79 ++ SOURCES/openwsman-2.6.8-CVE-2019-3833.patch | 94 +++ ...sman-2.6.8-http-unauthorized-improve.patch | 56 ++ .../openwsman-2.6.8-update-ssleay-conf.patch | 15 + SOURCES/openwsmand.service | 12 + SOURCES/owsmantestcert.sh | 21 + SPECS/openwsman.spec | 691 ++++++++++++++++++ 14 files changed, 1190 insertions(+) create mode 100644 .gitignore create mode 100644 .openwsman.metadata create mode 100644 SOURCES/openwsman-2.4.0-pamsetup.patch create mode 100644 SOURCES/openwsman-2.4.12-ruby-binding-build.patch create mode 100644 SOURCES/openwsman-2.6.2-openssl-1.1-fix.patch create mode 100644 SOURCES/openwsman-2.6.5-http-status-line.patch create mode 100644 SOURCES/openwsman-2.6.5-libcurl-error-codes-update.patch create mode 100644 SOURCES/openwsman-2.6.8-CVE-2019-3816.patch create mode 100644 SOURCES/openwsman-2.6.8-CVE-2019-3833.patch create mode 100644 SOURCES/openwsman-2.6.8-http-unauthorized-improve.patch create mode 100644 SOURCES/openwsman-2.6.8-update-ssleay-conf.patch create mode 100644 SOURCES/openwsmand.service create mode 100644 SOURCES/owsmantestcert.sh create mode 100644 SPECS/openwsman.spec diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..b2157a1 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +SOURCES/openwsmand.8.gz +SOURCES/v2.6.8.tar.gz diff --git a/.openwsman.metadata b/.openwsman.metadata new file mode 100644 index 0000000..68fbfd5 --- /dev/null +++ b/.openwsman.metadata @@ -0,0 +1,2 @@ +a6a8bbbfa71ce04bedae55f2f06ce97089b6c5e1 SOURCES/openwsmand.8.gz +e061a41b3d5f5fa4ee284726d283e15f4a0e8c46 SOURCES/v2.6.8.tar.gz diff --git a/SOURCES/openwsman-2.4.0-pamsetup.patch b/SOURCES/openwsman-2.4.0-pamsetup.patch new file mode 100644 index 0000000..466b5df --- /dev/null +++ b/SOURCES/openwsman-2.4.0-pamsetup.patch @@ -0,0 +1,13 @@ +diff -up openwsman-2.6.8/etc/pam/openwsman.orig openwsman-2.6.8/etc/pam/openwsman +--- openwsman-2.6.8/etc/pam/openwsman.orig 2018-11-21 13:51:52.776325243 +0100 ++++ openwsman-2.6.8/etc/pam/openwsman 2018-11-21 13:54:17.066351134 +0100 +@@ -2,6 +2,6 @@ + auth required pam_unix.so nullok + auth required pam_nologin.so + account required pam_unix.so +-password required pam_cracklib.so nullok +-password required pam_unix.so nullok use_first_pass use_authtok nis shadow +-session required pam_unix.so none ++password required pam_pwquality.so ++password required pam_unix.so nullok use_first_pass use_authtok ++session required pam_unix.so diff --git a/SOURCES/openwsman-2.4.12-ruby-binding-build.patch b/SOURCES/openwsman-2.4.12-ruby-binding-build.patch new file mode 100644 index 0000000..1a4e76e --- /dev/null +++ b/SOURCES/openwsman-2.4.12-ruby-binding-build.patch @@ -0,0 +1,12 @@ +diff -up openwsman-2.4.12/bindings/ruby/extconf.rb.orig openwsman-2.4.12/bindings/ruby/extconf.rb +--- openwsman-2.4.12/bindings/ruby/extconf.rb.orig 2015-02-09 09:28:58.232581263 +0100 ++++ openwsman-2.4.12/bindings/ruby/extconf.rb 2015-02-09 09:38:22.836772879 +0100 +@@ -32,7 +32,7 @@ swig = find_executable("swig") + raise "SWIG not found" unless swig + + major, minor, path = RUBY_VERSION.split(".") +-raise "SWIG failed to run" unless system("#{swig} -ruby -autorename -DRUBY_VERSION=#{major}#{minor} -I. -I/usr/include/openwsman -o openwsman_wrap.c openwsman.i") ++raise "SWIG failed to run" unless system("#{swig} -ruby -autorename -DRUBY_VERSION=#{major}#{minor} -I. -I/usr/include/openwsman -I/builddir/build/BUILD/openwsman-2.6.8/include/ -o openwsman_wrap.c openwsman.i") + + $CPPFLAGS = "-I/usr/include/openwsman -I.." + diff --git a/SOURCES/openwsman-2.6.2-openssl-1.1-fix.patch b/SOURCES/openwsman-2.6.2-openssl-1.1-fix.patch new file mode 100644 index 0000000..98f6bc2 --- /dev/null +++ b/SOURCES/openwsman-2.6.2-openssl-1.1-fix.patch @@ -0,0 +1,127 @@ +diff -up openwsman-2.6.8/src/server/shttpd/compat_unix.h.orig openwsman-2.6.8/src/server/shttpd/compat_unix.h +--- openwsman-2.6.8/src/server/shttpd/compat_unix.h.orig 2018-10-12 12:06:26.000000000 +0200 ++++ openwsman-2.6.8/src/server/shttpd/compat_unix.h 2018-11-22 13:30:10.756423510 +0100 +@@ -27,10 +27,6 @@ + pthread_create(&tid, NULL, (void *(*)(void *))a, c); } while (0) + #endif /* !NO_THREADS */ + +-#ifndef SSL_LIB +-#define SSL_LIB "libssl.so" +-#endif +- + #define DIRSEP '/' + #define IS_DIRSEP_CHAR(c) ((c) == '/') + #define O_BINARY 0 +diff -up openwsman-2.6.8/src/server/shttpd/io_ssl.c.orig openwsman-2.6.8/src/server/shttpd/io_ssl.c +--- openwsman-2.6.8/src/server/shttpd/io_ssl.c.orig 2018-10-12 12:06:26.000000000 +0200 ++++ openwsman-2.6.8/src/server/shttpd/io_ssl.c 2018-11-22 13:30:10.757423510 +0100 +@@ -11,23 +11,6 @@ + #include "defs.h" + + #if !defined(NO_SSL) +-struct ssl_func ssl_sw[] = { +- {"SSL_free", {0}}, +- {"SSL_accept", {0}}, +- {"SSL_connect", {0}}, +- {"SSL_read", {0}}, +- {"SSL_write", {0}}, +- {"SSL_get_error", {0}}, +- {"SSL_set_fd", {0}}, +- {"SSL_new", {0}}, +- {"SSL_CTX_new", {0}}, +- {"SSLv23_server_method", {0}}, +- {"SSL_library_init", {0}}, +- {"SSL_CTX_use_PrivateKey_file", {0}}, +- {"SSL_CTX_use_certificate_file",{0}}, +- {NULL, {0}} +-}; +- + void + _shttpd_ssl_handshake(struct stream *stream) + { +diff -up openwsman-2.6.8/src/server/shttpd/shttpd.c.orig openwsman-2.6.8/src/server/shttpd/shttpd.c +--- openwsman-2.6.8/src/server/shttpd/shttpd.c.orig 2018-10-12 12:06:26.000000000 +0200 ++++ openwsman-2.6.8/src/server/shttpd/shttpd.c 2018-11-22 13:30:41.314416695 +0100 +@@ -1476,20 +1476,14 @@ set_ssl(struct shttpd_ctx *ctx, const ch + int retval = FALSE; + EC_KEY* key; + +- /* Load SSL library dynamically */ +- if ((lib = dlopen(SSL_LIB, RTLD_LAZY)) == NULL) { +- _shttpd_elog(E_LOG, NULL, "set_ssl: cannot load %s", SSL_LIB); +- return (FALSE); +- } +- +- for (fp = ssl_sw; fp->name != NULL; fp++) +- if ((fp->ptr.v_void = dlsym(lib, fp->name)) == NULL) { +- _shttpd_elog(E_LOG, NULL,"set_ssl: cannot find %s", fp->name); +- return (FALSE); +- } +- + /* Initialize SSL crap */ ++ debug("Initialize SSL"); ++ SSL_load_error_strings(); ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ OPENSSL_init_ssl(0, NULL); ++#else + SSL_library_init(); ++#endif + + if ((CTX = SSL_CTX_new(SSLv23_server_method())) == NULL) + _shttpd_elog(E_LOG, NULL, "SSL_CTX_new error"); +diff -up openwsman-2.6.8/src/server/shttpd/ssl.h.orig openwsman-2.6.8/src/server/shttpd/ssl.h +--- openwsman-2.6.8/src/server/shttpd/ssl.h.orig 2018-10-12 12:06:26.000000000 +0200 ++++ openwsman-2.6.8/src/server/shttpd/ssl.h 2018-11-22 13:30:10.757423510 +0100 +@@ -12,52 +12,4 @@ + + #include + +-#else +- +-/* +- * Snatched from OpenSSL includes. I put the prototypes here to be independent +- * from the OpenSSL source installation. Having this, shttpd + SSL can be +- * built on any system with binary SSL libraries installed. +- */ +- +-typedef struct ssl_st SSL; +-typedef struct ssl_method_st SSL_METHOD; +-typedef struct ssl_ctx_st SSL_CTX; +- +-#define SSL_ERROR_WANT_READ 2 +-#define SSL_ERROR_WANT_WRITE 3 +-#define SSL_ERROR_SYSCALL 5 +-#define SSL_FILETYPE_PEM 1 +- +-#endif +- +-/* +- * Dynamically loaded SSL functionality +- */ +-struct ssl_func { +- const char *name; /* SSL function name */ +- union variant ptr; /* Function pointer */ +-}; +- +-extern struct ssl_func ssl_sw[]; +- +-#define FUNC(x) ssl_sw[x].ptr.v_func +- +-#define SSL_free(x) (* (void (*)(SSL *)) FUNC(0))(x) +-#define SSL_accept(x) (* (int (*)(SSL *)) FUNC(1))(x) +-#define SSL_connect(x) (* (int (*)(SSL *)) FUNC(2))(x) +-#define SSL_read(x,y,z) (* (int (*)(SSL *, void *, int)) FUNC(3))((x),(y),(z)) +-#define SSL_write(x,y,z) \ +- (* (int (*)(SSL *, const void *,int)) FUNC(4))((x), (y), (z)) +-#define SSL_get_error(x,y)(* (int (*)(SSL *, int)) FUNC(5))((x), (y)) +-#define SSL_set_fd(x,y) (* (int (*)(SSL *, int)) FUNC(6))((x), (y)) +-#define SSL_new(x) (* (SSL * (*)(SSL_CTX *)) FUNC(7))(x) +-#define SSL_CTX_new(x) (* (SSL_CTX * (*)(const SSL_METHOD *)) FUNC(8))(x) +-#if OPENSSL_VERSION_NUMBER < 0x10100000L +-#define SSLv23_server_method() (* (SSL_METHOD * (*)(void)) FUNC(9))() +-#define SSL_library_init() (* (int (*)(void)) FUNC(10))() + #endif +-#define SSL_CTX_use_PrivateKey_file(x,y,z) (* (int (*)(SSL_CTX *, \ +- const char *, int)) FUNC(11))((x), (y), (z)) +-#define SSL_CTX_use_certificate_file(x,y,z) (* (int (*)(SSL_CTX *, \ +- const char *, int)) FUNC(12))((x), (y), (z)) diff --git a/SOURCES/openwsman-2.6.5-http-status-line.patch b/SOURCES/openwsman-2.6.5-http-status-line.patch new file mode 100644 index 0000000..f571508 --- /dev/null +++ b/SOURCES/openwsman-2.6.5-http-status-line.patch @@ -0,0 +1,39 @@ +diff -up openwsman-4391e5c68d99c6239e1672d1c8a5a16d7d8c4c2b/src/server/wsmand-listener.c.orig openwsman-4391e5c68d99c6239e1672d1c8a5a16d7d8c4c2b/src/server/wsmand-listener.c +--- openwsman-4391e5c68d99c6239e1672d1c8a5a16d7d8c4c2b/src/server/wsmand-listener.c.orig 2016-07-27 16:03:55.000000000 +0200 ++++ openwsman-4391e5c68d99c6239e1672d1c8a5a16d7d8c4c2b/src/server/wsmand-listener.c 2018-01-22 13:05:04.478923300 +0100 +@@ -344,6 +344,35 @@ DONE: + if (fault_reason == NULL) { + // this is a way to segfault, investigate + //fault_reason = shttpd_reason_phrase(status); ++ // ugly workaround follows... ++ switch (status) { ++ case 200: ++ fault_reason = "OK"; ++ break; ++ case 400: ++ fault_reason = "Bad request"; ++ break; ++ case 401: ++ fault_reason = "Unauthorized"; ++ break; ++ case 403: ++ fault_reason = "Forbidden"; ++ break; ++ case 404: ++ fault_reason = "Not found"; ++ break; ++ case 500: ++ fault_reason = "Internal Error"; ++ break; ++ case 501: ++ fault_reason = "Not implemented"; ++ break; ++ case 415: ++ fault_reason = "Unsupported Media Type"; ++ break; ++ default: ++ fault_reason = ""; ++ } + } + debug("Response status=%d (%s)", status, fault_reason); + diff --git a/SOURCES/openwsman-2.6.5-libcurl-error-codes-update.patch b/SOURCES/openwsman-2.6.5-libcurl-error-codes-update.patch new file mode 100644 index 0000000..82ee51f --- /dev/null +++ b/SOURCES/openwsman-2.6.5-libcurl-error-codes-update.patch @@ -0,0 +1,27 @@ +diff -up openwsman-2.6.5/src/lib/wsman-curl-client-transport.c.orig openwsman-2.6.5/src/lib/wsman-curl-client-transport.c +--- openwsman-2.6.5/src/lib/wsman-curl-client-transport.c.orig 2018-11-14 13:53:27.442138557 +0100 ++++ openwsman-2.6.5/src/lib/wsman-curl-client-transport.c 2018-11-14 14:11:28.508714204 +0100 +@@ -186,16 +186,23 @@ convert_to_last_error(CURLcode r) + return WS_LASTERR_SSL_CONNECT_ERROR; + case CURLE_BAD_FUNCTION_ARGUMENT: + return WS_LASTERR_CURL_BAD_FUNCTION_ARG; ++#if LIBCURL_VERSION_NUM < 0x073E00 + case CURLE_SSL_PEER_CERTIFICATE: + return WS_LASTERR_SSL_PEER_CERTIFICATE; ++#endif + case CURLE_SSL_ENGINE_NOTFOUND: + return WS_LASTERR_SSL_ENGINE_NOTFOUND; + case CURLE_SSL_ENGINE_SETFAILED: + return WS_LASTERR_SSL_ENGINE_SETFAILED; + case CURLE_SSL_CERTPROBLEM: + return WS_LASTERR_SSL_CERTPROBLEM; ++#if LIBCURL_VERSION_NUM < 0x073E00 + case CURLE_SSL_CACERT: + return WS_LASTERR_SSL_CACERT; ++#else ++ case CURLE_PEER_FAILED_VERIFICATION: ++ return WS_LASTERR_SSL_PEER_CERTIFICATE; ++#endif + #if LIBCURL_VERSION_NUM > 0x70C01 + case CURLE_SSL_ENGINE_INITFAILED: + return WS_LASTERR_SSL_ENGINE_INITFAILED; diff --git a/SOURCES/openwsman-2.6.8-CVE-2019-3816.patch b/SOURCES/openwsman-2.6.8-CVE-2019-3816.patch new file mode 100644 index 0000000..aa8835f --- /dev/null +++ b/SOURCES/openwsman-2.6.8-CVE-2019-3816.patch @@ -0,0 +1,79 @@ +diff -up openwsman-2.6.8/src/server/shttpd/shttpd.c.orig openwsman-2.6.8/src/server/shttpd/shttpd.c +--- openwsman-2.6.8/src/server/shttpd/shttpd.c.orig 2019-03-13 08:52:06.112090942 +0100 ++++ openwsman-2.6.8/src/server/shttpd/shttpd.c 2019-03-13 09:01:15.496156789 +0100 +@@ -336,10 +336,12 @@ date_to_epoch(const char *s) + } + + static void +-remove_double_dots(char *s) ++remove_all_leading_dots(char *s) + { + char *p = s; + ++ while (*s != '\0' && *s == '.') s++; ++ + while (*s != '\0') { + *p++ = *s++; + if (s[-1] == '/' || s[-1] == '\\') +@@ -546,7 +548,7 @@ decide_what_to_do(struct conn *c) + *c->query++ = '\0'; + + _shttpd_url_decode(c->uri, strlen(c->uri), c->uri, strlen(c->uri) + 1); +- remove_double_dots(c->uri); ++ remove_all_leading_dots(c->uri); + + root = c->ctx->options[OPT_ROOT]; + if (strlen(c->uri) + strlen(root) >= sizeof(path)) { +@@ -556,6 +558,7 @@ decide_what_to_do(struct conn *c) + + (void) _shttpd_snprintf(path, sizeof(path), "%s%s", root, c->uri); + ++ DBG(("decide_what_to_do -> processed path: [%s]", path)); + /* User may use the aliases - check URI for mount point */ + if (is_alias(c->ctx, c->uri, &alias_uri, &alias_path) != NULL) { + (void) _shttpd_snprintf(path, sizeof(path), "%.*s%s", +@@ -572,7 +575,10 @@ decide_what_to_do(struct conn *c) + if ((ruri = _shttpd_is_registered_uri(c->ctx, c->uri)) != NULL) { + _shttpd_setup_embedded_stream(c, + ruri->callback, ruri->callback_data); +- } else ++ } else { ++ _shttpd_send_server_error(c, 403, "Forbidden"); ++ } ++#if 0 + if (strstr(path, HTPASSWD)) { + /* Do not allow to view passwords files */ + _shttpd_send_server_error(c, 403, "Forbidden"); +@@ -656,6 +662,7 @@ decide_what_to_do(struct conn *c) + } else { + _shttpd_send_server_error(c, 500, "Internal Error"); + } ++#endif + } + + static int +diff -up openwsman-2.6.8/src/server/wsmand.c.orig openwsman-2.6.8/src/server/wsmand.c +--- openwsman-2.6.8/src/server/wsmand.c.orig 2018-10-12 12:06:26.000000000 +0200 ++++ openwsman-2.6.8/src/server/wsmand.c 2019-03-13 09:03:25.919181279 +0100 +@@ -198,6 +198,10 @@ static void daemonize(void) + int fd; + char *pid; + ++ /* Change our CWD to / */ ++ i = chdir("/"); ++ assert(i == 0); ++ + if (wsmand_options_get_foreground_debug() > 0) { + return; + } +@@ -214,10 +218,6 @@ static void daemonize(void) + log_pid = 0; + setsid(); + +- /* Change our CWD to / */ +- i=chdir("/"); +- assert(i == 0); +- + /* Close all file descriptors. */ + for (i = getdtablesize(); i >= 0; --i) + close(i); diff --git a/SOURCES/openwsman-2.6.8-CVE-2019-3833.patch b/SOURCES/openwsman-2.6.8-CVE-2019-3833.patch new file mode 100644 index 0000000..301724f --- /dev/null +++ b/SOURCES/openwsman-2.6.8-CVE-2019-3833.patch @@ -0,0 +1,94 @@ +diff -up openwsman-2.6.8/src/server/shttpd/shttpd.c.orig openwsman-2.6.8/src/server/shttpd/shttpd.c +--- openwsman-2.6.8/src/server/shttpd/shttpd.c.orig 2019-03-13 09:32:32.417633057 +0100 ++++ openwsman-2.6.8/src/server/shttpd/shttpd.c 2019-03-13 09:58:04.482486589 +0100 +@@ -705,11 +705,11 @@ parse_http_request(struct conn *c) + _shttpd_send_server_error(c, 500, "Cannot allocate request"); + } + ++ io_inc_tail(&c->rem.io, req_len); ++ + if (c->loc.flags & FLAG_CLOSED) + return; + +- io_inc_tail(&c->rem.io, req_len); +- + DBG(("Conn %d: parsing request: [%.*s]", c->rem.chan.sock, req_len, s)); + c->rem.flags |= FLAG_HEADERS_PARSED; + +@@ -975,7 +975,7 @@ write_stream(struct stream *from, struct + } + + +-static void ++static int + connection_desctructor(struct llhead *lp) + { + struct conn *c = LL_ENTRY(lp, struct conn, link); +@@ -999,7 +999,8 @@ connection_desctructor(struct llhead *lp + * Check the "Connection: " header before we free c->request + * If it its 'keep-alive', then do not close the connection + */ +- do_close = (c->ch.connection.v_vec.len >= vec.len && ++ do_close = c->rem.flags & FLAG_CLOSED || ++ (c->ch.connection.v_vec.len >= vec.len && + !_shttpd_strncasecmp(vec.ptr,c->ch.connection.v_vec.ptr,vec.len)) || + (c->major_version < 1 || + (c->major_version >= 1 && c->minor_version < 1)); +@@ -1021,7 +1022,7 @@ connection_desctructor(struct llhead *lp + io_clear(&c->loc.io); + c->birth_time = _shttpd_current_time; + if (io_data_len(&c->rem.io) > 0) +- process_connection(c, 0, 0); ++ return 1; + } else { + if (c->rem.io_class != NULL) + c->rem.io_class->close(&c->rem); +@@ -1032,6 +1033,8 @@ connection_desctructor(struct llhead *lp + + free(c); + } ++ ++ return 0; + } + + static void +@@ -1039,7 +1042,7 @@ worker_destructor(struct llhead *lp) + { + struct worker *worker = LL_ENTRY(lp, struct worker, link); + +- free_list(&worker->connections, connection_desctructor); ++ free_list(&worker->connections, (void (*)(struct llhead *))connection_desctructor); + free(worker); + } + +@@ -1072,6 +1075,8 @@ add_to_set(int fd, fd_set *set, int *max + static void + process_connection(struct conn *c, int remote_ready, int local_ready) + { ++again: ++ + /* Read from remote end if it is ready */ + if (remote_ready && io_space_len(&c->rem.io)) + read_stream(&c->rem); +@@ -1100,7 +1105,11 @@ process_connection(struct conn *c, int r + if ((_shttpd_current_time > c->expire_time) || + (c->rem.flags & FLAG_CLOSED) || + ((c->loc.flags & FLAG_CLOSED) && !io_data_len(&c->loc.io))) +- connection_desctructor(&c->link); ++ if (connection_desctructor(&c->link)) { ++ remote_ready = 0; ++ local_ready = 0; ++ goto again; ++ } + } + + static int +@@ -1642,7 +1651,7 @@ worker_function(void *param) + while (worker->exit_flag == 0) + poll_worker(worker, 1000 * 10); + +- free_list(&worker->connections, connection_desctructor); ++ free_list(&worker->connections, (void (*)(struct llhead *))connection_desctructor); + free(worker); + } + diff --git a/SOURCES/openwsman-2.6.8-http-unauthorized-improve.patch b/SOURCES/openwsman-2.6.8-http-unauthorized-improve.patch new file mode 100644 index 0000000..c9cdc45 --- /dev/null +++ b/SOURCES/openwsman-2.6.8-http-unauthorized-improve.patch @@ -0,0 +1,56 @@ +diff -up openwsman-2.6.8/src/lib/wsman-curl-client-transport.c.orig openwsman-2.6.8/src/lib/wsman-curl-client-transport.c +--- openwsman-2.6.8/src/lib/wsman-curl-client-transport.c.orig 2022-11-24 10:02:08.114053046 +0100 ++++ openwsman-2.6.8/src/lib/wsman-curl-client-transport.c 2022-11-24 10:02:08.119053046 +0100 +@@ -455,6 +455,7 @@ wsmc_handler( WsManClient *cl, + long http_code; + long auth_avail = 0; + char *_user = NULL, *_pass = NULL; ++ int _no_auth = 0; /* 0 if authentication is used, 1 if no authentication was used */ + u_buf_t *response = NULL; + //char *soapaction; + char *tmp_str = NULL; +@@ -554,6 +555,7 @@ wsmc_handler( WsManClient *cl, + _user = wsmc_get_user(cl); + _pass = wsmc_get_password(cl); + if (_user && _pass && cl->data.auth_set) { ++ _no_auth = 0; + r = curl_easy_setopt(curl, CURLOPT_HTTPAUTH, cl->data.auth_set); + if (r != CURLE_OK) { + cl->fault_string = u_strdup(curl_easy_strerror(r)); +@@ -574,6 +576,11 @@ wsmc_handler( WsManClient *cl, + curl_err("curl_easy_setopt(curl, CURLOPT_USERPWD, ..) failed"); + goto DONE; + } ++ } else { ++ /* request without user credentials, remember this for ++ * later use when it might become necessary to print an error message ++ */ ++ _no_auth = 1; + } + + if (wsman_debug_level_debugged(DEBUG_LEVEL_MESSAGE)) { +@@ -606,6 +613,24 @@ wsmc_handler( WsManClient *cl, + break; + case 401: + // The server requires authentication. ++ /* RFC 2616 states: ++ * ++ * If the request already included Authorization credentials, then the 401 ++ * response indicates that authorization has been refused for those ++ * credentials. If the 401 response contains the same challenge as the ++ * prior response, and the user agent has already attempted ++ * authentication at least once, then the user SHOULD be presented the ++ * entity that was given in the response, since that entity might ++ * include relevant diagnostic information. ++ */ ++ if (_no_auth == 0) { ++ /* no authentication credentials were used. It is only ++ * possible to write a message about the current situation. There ++ * is no information about the last attempt to access the resource. ++ * Maybe at a later point in time I will implement more state information. ++ */ ++ fprintf(stdout,"Authentication failed, please retry\n"); ++ } + break; + default: + // The status code does not indicate success. diff --git a/SOURCES/openwsman-2.6.8-update-ssleay-conf.patch b/SOURCES/openwsman-2.6.8-update-ssleay-conf.patch new file mode 100644 index 0000000..15c5c74 --- /dev/null +++ b/SOURCES/openwsman-2.6.8-update-ssleay-conf.patch @@ -0,0 +1,15 @@ +diff -up openwsman-2.6.8/etc/ssleay.cnf.orig openwsman-2.6.8/etc/ssleay.cnf +--- openwsman-2.6.8/etc/ssleay.cnf.orig 2018-10-12 12:06:26.000000000 +0200 ++++ openwsman-2.6.8/etc/ssleay.cnf 2020-09-22 14:27:56.216306882 +0200 +@@ -2,10 +2,8 @@ + # SSLeay example configuration file. + # + +-RANDFILE = /dev/random +- + [ req ] +-default_bits = 1024 ++default_bits = 2048 + default_keyfile = privkey.pem + distinguished_name = req_distinguished_name + diff --git a/SOURCES/openwsmand.service b/SOURCES/openwsmand.service new file mode 100644 index 0000000..e10c75d --- /dev/null +++ b/SOURCES/openwsmand.service @@ -0,0 +1,12 @@ +[Unit] +Description=Openwsman WS-Management Service +After=syslog.target + +[Service] +Type=forking +ExecStart=/usr/sbin/openwsmand -S +ExecStartPre=/etc/openwsman/owsmantestcert.sh +PIDFile=/var/run/wsmand.pid + +[Install] +WantedBy=multi-user.target diff --git a/SOURCES/owsmantestcert.sh b/SOURCES/owsmantestcert.sh new file mode 100644 index 0000000..8918f41 --- /dev/null +++ b/SOURCES/owsmantestcert.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +if [ ! -f "/etc/openwsman/serverkey.pem" ]; then + if [ -f "/etc/ssl/servercerts/servercert.pem" \ + -a -f "/etc/ssl/servercerts/serverkey.pem" ]; then + echo "Using common server certificate /etc/ssl/servercerts/servercert.pem" + ln -s /etc/ssl/servercerts/server{cert,key}.pem /etc/openwsman + exit 0 + else + echo "FAILED: Starting openwsman server" + echo "There is no ssl server key available for openwsman server to use." + echo -e "Please generate one with the following script and start the openwsman service again:\n" + echo "##################################" + echo "/etc/openwsman/owsmangencert.sh" + echo "=================================" + + echo "NOTE: The script uses /dev/random device for generating some random bits while generating the server key." + echo " If this takes too long, you can replace the value of \"RANDFILE\" in /etc/openwsman/ssleay.cnf with /dev/urandom. Please understand the implications of replacing the RNADFILE." + exit 1 + fi +fi diff --git a/SPECS/openwsman.spec b/SPECS/openwsman.spec new file mode 100644 index 0000000..6ce9b34 --- /dev/null +++ b/SPECS/openwsman.spec @@ -0,0 +1,691 @@ +# RubyGems's macros expect gem_name to exist. +%global gem_name %{name} + +Name: openwsman +Version: 2.6.8 +Release: 23%{?dist} +Summary: Open source Implementation of WS-Management + +License: BSD +URL: http://www.openwsman.org/ +Source0: https://github.com/Openwsman/openwsman/archive/v%{version}.tar.gz +# help2man generated manpage for openwsmand binary +Source1: openwsmand.8.gz +# service file for systemd +Source2: openwsmand.service +# script for testing presence of the certificates in ExecStartPre +Source3: owsmantestcert.sh +Patch1: openwsman-2.4.0-pamsetup.patch +Patch2: openwsman-2.4.12-ruby-binding-build.patch +Patch3: openwsman-2.6.2-openssl-1.1-fix.patch +Patch4: openwsman-2.6.5-http-status-line.patch +Patch5: openwsman-2.6.5-libcurl-error-codes-update.patch +Patch6: openwsman-2.6.8-CVE-2019-3816.patch +Patch7: openwsman-2.6.8-CVE-2019-3833.patch +Patch8: openwsman-2.6.8-update-ssleay-conf.patch +Patch9: openwsman-2.6.8-http-unauthorized-improve.patch +BuildRequires: make +BuildRequires: swig +BuildRequires: libcurl-devel libxml2-devel pam-devel sblim-sfcc-devel +BuildRequires: python3 python3-devel ruby ruby-devel rubygems-devel perl-interpreter +BuildRequires: perl-devel perl-generators pkgconfig openssl-devel +BuildRequires: cmake +BuildRequires: systemd-units +BuildRequires: gcc gcc-c++ + +%description +Openwsman is a project intended to provide an open-source +implementation of the Web Services Management specification +(WS-Management) and to expose system management information on the +Linux operating system using the WS-Management protocol. WS-Management +is based on a suite of web services specifications and usage +requirements that exposes a set of operations focused on and covers +all system management aspects. + +%package -n libwsman1 +License: BSD +Summary: Open source Implementation of WS-Management +Provides: %{name} = %{version}-%{release} +Obsoletes: %{name} < %{version}-%{release} + +%description -n libwsman1 +Openwsman library for packages dependent on openwsman. + +%package -n libwsman-devel +License: BSD +Summary: Open source Implementation of WS-Management +Provides: %{name}-devel = %{version}-%{release} +Obsoletes: %{name}-devel < %{version}-%{release} +Requires: libwsman1 = %{version}-%{release} +Requires: %{name}-server = %{version}-%{release} +Requires: %{name}-client = %{version}-%{release} +Requires: sblim-sfcc-devel libxml2-devel pam-devel +Requires: libcurl-devel + +%description -n libwsman-devel +Development files for openwsman. + +%package client +License: BSD +Summary: Openwsman Client libraries + +%description client +Openwsman Client libraries. + +%package server +License: BSD +Summary: Openwsman Server and service libraries +Requires: libwsman1 = %{version}-%{release} + +%description server +Openwsman Server and service libraries. + +%package python3 +License: BSD +Summary: Python bindings for openwsman client API +Requires: %{__python3} +Requires: libwsman1 = %{version}-%{release} +%{?python_provide:%python_provide python3-openwsman} + +%description python3 +This package provides Python3 bindings to access the openwsman client API. + +%package -n rubygem-%{gem_name} +License: BSD +Summary: Ruby client bindings for Openwsman +Obsoletes: %{name}-ruby < %{version}-%{release} +Requires: libwsman1 = %{version}-%{release} + +%description -n rubygem-%{gem_name} +The openwsman gem provides a Ruby API to manage systems using +the WS-Management protocol. + +%package -n rubygem-%{gem_name}-doc +Summary: Documentation for %{name} +Requires: rubygem-%{gem_name} = %{version}-%{release} +BuildArch: noarch + +%description -n rubygem-%{gem_name}-doc +Documentation for rubygem-%{gem_name} + +%package perl +License: BSD +Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) +Summary: Perl bindings for openwsman client API +Requires: libwsman1 = %{version}-%{release} + +%description perl +This package provides Perl bindings to access the openwsman client API. + +%package winrs +Summary: Windows Remote Shell +Requires: rubygem-%{gem_name} = %{version}-%{release} + +%description winrs +This is a command line tool for the Windows Remote Shell protocol. +You can use it to send shell commands to a remote Windows hosts. + +%prep +%setup -q + +%patch1 -p1 -b .pamsetup +%patch2 -p1 -b .ruby-binding-build +%patch3 -p1 -b .openssl-1.1-fix +%patch4 -p1 -b .http-status-line +%patch5 -p1 -b .libcurl-error-codes-update +%patch6 -p1 -b .CVE-2019-3816 +%patch7 -p1 -b .CVE-2019-3833 +%patch8 -p1 -b .update-ssleay-conf +%patch9 -p1 -b .http-unauthorized-improve + +%build +# Removing executable permissions on .c and .h files to fix rpmlint warnings. +chmod -x src/cpp/WsmanClient.h + +rm -rf build +mkdir build + +export RPM_OPT_FLAGS="$RPM_OPT_FLAGS -DFEDORA -DNO_SSL_CALLBACK" +export CFLAGS="$RPM_OPT_FLAGS -fPIC -pie -Wl,-z,relro -Wl,-z,now" +export CXXFLAGS="$RPM_OPT_FLAGS -fPIC -pie -Wl,-z,relro -Wl,-z,now" +cd build +cmake \ + -DCMAKE_INSTALL_PREFIX=/usr \ + -DCMAKE_VERBOSE_MAKEFILE=TRUE \ + -DCMAKE_BUILD_TYPE=Release \ + -DCMAKE_C_FLAGS_RELEASE:STRING="$RPM_OPT_FLAGS -fno-strict-aliasing" \ + -DCMAKE_CXX_FLAGS_RELEASE:STRING="$RPM_OPT_FLAGS" \ + -DCMAKE_SKIP_RPATH=1 \ + -DPACKAGE_ARCHITECTURE=`uname -m` \ + -DLIB=%{_lib} \ + -DBUILD_JAVA=no \ + -DBUILD_PYTHON=no \ + .. + +make + +# Make the freshly build openwsman libraries available to build the gem's +# binary extension. +export LIBRARY_PATH=%{_builddir}/%{name}-%{version}/build/src/lib +export CPATH=%{_builddir}/%{name}-%{version}/include/ +export LD_LIBRARY_PATH=%{_builddir}/%{name}-%{version}/build/src/lib/ + +%gem_install -n ./bindings/ruby/%{name}-%{version}.gem + +%install +cd build + +# Do not install the ruby extension, we are proviging the rubygem- instead. +echo -n > bindings/ruby/cmake_install.cmake + +%make_install +cd .. +rm -f %{buildroot}/%{_libdir}/*.la +rm -f %{buildroot}/%{_libdir}/openwsman/plugins/*.la +rm -f %{buildroot}/%{_libdir}/openwsman/authenticators/*.la +[ -d %{buildroot}/%{ruby_vendorlibdir} ] && rm -f %{buildroot}/%{ruby_vendorlibdir}/openwsmanplugin.rb +[ -d %{buildroot}/%{ruby_vendorlibdir} ] && rm -f %{buildroot}/%{ruby_vendorlibdir}/openwsman.rb +mkdir -p %{buildroot}%{_sysconfdir}/init.d +install -m 644 etc/openwsman.conf %{buildroot}/%{_sysconfdir}/openwsman +install -m 644 etc/openwsman_client.conf %{buildroot}/%{_sysconfdir}/openwsman +mkdir -p %{buildroot}/%{_unitdir} +install -p -m 644 %{SOURCE2} %{buildroot}/%{_unitdir}/openwsmand.service +install -m 644 etc/ssleay.cnf %{buildroot}/%{_sysconfdir}/openwsman +install -p -m 755 %{SOURCE3} %{buildroot}/%{_sysconfdir}/openwsman +# install manpage +mkdir -p %{buildroot}/%{_mandir}/man8/ +cp %SOURCE1 %{buildroot}/%{_mandir}/man8/ +# install missing headers +install -m 644 include/wsman-xml.h %{buildroot}/%{_includedir}/openwsman +install -m 644 include/wsman-xml-binding.h %{buildroot}/%{_includedir}/openwsman +install -m 644 include/wsman-dispatcher.h %{buildroot}/%{_includedir}/openwsman + +mkdir -p %{buildroot}%{gem_dir} +cp -pa ./build%{gem_dir}/* \ + %{buildroot}%{gem_dir}/ + +rm -rf %{buildroot}%{gem_instdir}/ext + +mkdir -p %{buildroot}%{gem_extdir_mri} +cp -a ./build%{gem_extdir_mri}/{gem.build_complete,*.so} %{buildroot}%{gem_extdir_mri}/ + +%ldconfig_scriptlets -n libwsman1 + +%post server +%{?ldconfig} +%systemd_post openwsmand.service + +%preun server +%systemd_preun openwsmand.service + +%postun server +rm -f /var/log/wsmand.log +%systemd_postun_with_restart openwsmand.service +%{?ldconfig} + +%ldconfig_scriptlets client + +%files -n libwsman1 +%doc AUTHORS COPYING ChangeLog README.md TODO +%{_libdir}/libwsman.so.* +%{_libdir}/libwsman_client.so.* +%{_libdir}/libwsman_curl_client_transport.so.* + +%files -n libwsman-devel +%doc AUTHORS COPYING ChangeLog README.md +%{_includedir}/* +%{_libdir}/pkgconfig/* +%{_libdir}/*.so + +%files python3 +%doc AUTHORS COPYING ChangeLog README.md +%{python3_sitearch}/*.so +%{python3_sitearch}/*.py +%{python3_sitearch}/__pycache__/* + +%files -n rubygem-%{gem_name} +%doc AUTHORS COPYING ChangeLog README.md +%dir %{gem_instdir} +%{gem_libdir} +%{gem_extdir_mri} +%exclude %{gem_cache} +%{gem_spec} + +%files -n rubygem-%{gem_name}-doc +%doc %{gem_docdir} + +%files perl +%doc AUTHORS COPYING ChangeLog README.md +%{perl_vendorarch}/openwsman.so +%{perl_vendorlib}/openwsman.pm + +%files server +%doc AUTHORS COPYING ChangeLog README.md +# Don't remove *.so files from the server package. +# the server fails to start without these files. +%dir %{_sysconfdir}/openwsman +%config(noreplace) %{_sysconfdir}/openwsman/openwsman.conf +%config(noreplace) %{_sysconfdir}/openwsman/ssleay.cnf +%attr(0755,root,root) %{_sysconfdir}/openwsman/owsmangencert.sh +%attr(0755,root,root) %{_sysconfdir}/openwsman/owsmantestcert.sh +%config(noreplace) %{_sysconfdir}/pam.d/openwsman +%{_unitdir}/openwsmand.service +%dir %{_libdir}/openwsman +%dir %{_libdir}/openwsman/authenticators +%{_libdir}/openwsman/authenticators/*.so +%{_libdir}/openwsman/authenticators/*.so.* +%dir %{_libdir}/openwsman/plugins +%{_libdir}/openwsman/plugins/*.so +%{_libdir}/openwsman/plugins/*.so.* +%{_sbindir}/openwsmand +%{_libdir}/libwsman_server.so.* +%{_mandir}/man8/* + +%files client +%doc AUTHORS COPYING ChangeLog README.md +%{_libdir}/libwsman_clientpp.so.* +%config(noreplace) %{_sysconfdir}/openwsman/openwsman_client.conf + +%files winrs +%{_bindir}/winrs + +%changelog +* Thu Nov 24 2022 Vitezslav Crhonek - 2.6.8-23 +- Improve handling of HTTP 401 Unauthorized + Resolves: #2127415 + +* Mon Aug 09 2021 Mohan Boddu - 2.6.8-22 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Wed Jun 16 2021 Mohan Boddu - 2.6.8-21 +- Rebuilt for RHEL 9 BETA for openssl 3.0 + Related: rhbz#1971065 + +* Fri Apr 16 2021 Mohan Boddu - 2.6.8-20 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Tue Jan 26 2021 Fedora Release Engineering - 2.6.8-19 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Wed Jan 06 2021 Mamoru TASAKA - 2.6.8-18 +- F-34: rebuild against ruby 3.0 + +* Tue Sep 22 2020 Vitezslav Crhonek - 2.6.8-17 +- Use make macros, patch by Tom Stellard + (https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro) +- Update flags, enable LTO +- Remove RANDFILE and increase default bits in ssleay.conf + +* Tue Jul 28 2020 Fedora Release Engineering - 2.6.8-16 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Wed Jul 08 2020 Jeff Law - 2.6.8-15 +- Disable LTO + +* Mon Jun 22 2020 Jitka Plesnikova - 2.6.8-14 +- Perl 5.32 rebuild + +* Tue May 26 2020 Miro Hrončok - 2.6.8-13 +- Rebuilt for Python 3.9 + +* Wed Jan 29 2020 Fedora Release Engineering - 2.6.8-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Sat Jan 18 2020 Mamoru TASAKA - 2.6.8-11 +- F-32: rebuild against ruby27 + +* Thu Oct 03 2019 Miro Hrončok - 2.6.8-10 +- Rebuilt for Python 3.8.0rc1 (#1748018) + +* Mon Aug 19 2019 Miro Hrončok - 2.6.8-9 +- Rebuilt for Python 3.8 + +* Thu Jul 25 2019 Fedora Release Engineering - 2.6.8-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Thu May 30 2019 Jitka Plesnikova - 2.6.8-7 +- Perl 5.30 rebuild + +* Mon Apr 01 2019 Vitezslav Crhonek - 2.6.8-6 +- Add requires libwsman1 for rubygem-openwsman + +* Wed Mar 13 2019 Vitezslav Crhonek - 2.6.8-5 +- Fix CVE-2019-3816 + Resolves: #1687760 +- Fix CVE-2019-3833 + Resolves: #1687762 +- Remove Dist Tag from the oldest changelog entry + +* Fri Feb 01 2019 Fedora Release Engineering +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Mon Jan 21 2019 Mamoru TASAKA - 2.6.8-3 +- F-30: rebuild against ruby26 + +* Mon Jan 14 2019 Björn Esser - 2.6.8-2 +- Rebuilt for libcrypt.so.2 (#1666033) + +* Thu Nov 22 2018 Vitezslav Crhonek - 2.6.8-1 +- Update to openwsman-2.6.8 + +* Wed Nov 14 2018 Vitezslav Crhonek - 2.6.5-10 +- Reflect changes in libcurl error codes + Resolves: #1649393 + +* Mon Oct 01 2018 Vitezslav Crhonek - 2.6.5-9 +- Require the Python interpreter directly instead of using the package name + +* Fri Jul 13 2018 Fedora Release Engineering - 2.6.5-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Tue Jul 03 2018 Petr Pisar - 2.6.5-7 +- Perl 5.28 rebuild + +* Thu Jun 28 2018 Jitka Plesnikova - 2.6.5-6 +- Perl 5.28 rebuild + +* Tue Jun 19 2018 Miro Hrončok - 2.6.5-5 +- Rebuilt for Python 3.7 + +* Tue Jun 19 2018 Miro Hrončok - 2.6.5-4 +- Rebuilt for Python 3.7 + +* Thu Feb 22 2018 Vitezslav Crhonek - 2.6.5-3 +- Fix wrong SSL_CTX_set_cipher_list() retval check +- Add BuildRequires gcc and gcc-c++ +- Explicitly disable build of java bindings (build fails if java-devel is installed) + +* Thu Feb 08 2018 Fedora Release Engineering - 2.6.5-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Tue Jan 23 2018 Vitezslav Crhonek - 2.6.5-1 +- Update to openwsman-2.6.5 +- Simplify python binding build and drop python2 subpackage +- Fix malformed HTTP 200 status line + +* Sat Jan 20 2018 Björn Esser - 2.6.3-11.git4391e5c +- Rebuilt for switch to libxcrypt + +* Sat Jan 6 2018 Mamoru TASAKA - 2.6.3-10.git4391e5c +- F-28: rebuild for ruby 2.5 +- Backport git patches to support ruby 2.5 + +* Wed Oct 04 2017 Vitezslav Crhonek - 2.6.3-9.git +- Remove unnecessary net-tools requirement + Resolves: #1496142 + +* Tue Sep 12 2017 Vitezslav Crhonek - 2.6.3-8.git4391e5c +- Spec file clean up (removed RPM Groups tags, removed obsolete chkconfig/initscripts + dependencies, improved readability, fixed indentation) +- Updated openssl-1.1 patch to support builds with older openssl versions + +* Sun Aug 20 2017 Zbigniew Jędrzejewski-Szmek - 2.6.3-7.git4391e5c +- Add Provides for the old name without %%_isa + +* Sat Aug 19 2017 Zbigniew Jędrzejewski-Szmek - 2.6.3-6.git4391e5c +- Python 2 binary package renamed to python2-openwsman + See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3 + +* Thu Aug 03 2017 Fedora Release Engineering - 2.6.3-5.git4391e5c +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Thu Jul 27 2017 Fedora Release Engineering - 2.6.3-4.git4391e5c +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Sun Jun 04 2017 Jitka Plesnikova - 2.6.3-3.git4391e5c +- Perl 5.26 rebuild + +* Sat Feb 11 2017 Fedora Release Engineering - 2.6.3-2.git4391e5c +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Tue Jan 17 2017 Vitezslav Crhonek - 2.6.3-1.git4391e5c +- Update to openwsman-2.6.3 from upstream VCS + (because it contains shttpd 1.42) + +* Thu Jan 12 2017 Vít Ondruch - 2.6.2-11 +- Rebuilt for https://fedoraproject.org/wiki/Changes/Ruby_2.4 + +* Mon Jan 09 2017 Vitezslav Crhonek - 2.6.2-10 +- Disable SSL protocols listed in config file + +* Tue Jan 03 2017 Vitezslav Crhonek - 2.6.2-9 +- Port to openssl 1.1.0 + Resolves: #1383992 + +* Mon Dec 19 2016 Miro Hrončok - 2.6.2-8 +- Rebuild for Python 3.6 + +* Thu Aug 11 2016 Vitezslav Crhonek - 2.6.2-7 +- Add openwsman-python3 subpackage + Resolves: #1354481 + +* Tue Jul 19 2016 Fedora Release Engineering - 2.6.2-6 +- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages + +* Sun May 15 2016 Jitka Plesnikova - 2.6.2-5 +- Perl 5.24 rebuild + +* Tue Mar 22 2016 Vitezslav Crhonek - 2.6.2-4 +- Remove SSL_LIB acquired by readlink from CFLAGS + +* Thu Feb 04 2016 Fedora Release Engineering - 2.6.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Tue Jan 12 2016 Vít Ondruch - 2.6.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Changes/Ruby_2.3 + +* Thu Nov 05 2015 Vitezslav Crhonek - 2.6.2-1 +- Update to openwsman-2.6.2 + +* Mon Aug 31 2015 Vitezslav Crhonek - 2.6.1-1 +- Update to openwsman-2.6.1 +- Review PAM rules + (pam_pwcheck is replaced by pam_pwquality, pam_unix has no 'none' option) + +* Tue Jun 16 2015 Vitezslav Crhonek - 2.6.0-1 +- Update to openwsman-2.6.0 + +* Wed Jun 03 2015 Jitka Plesnikova - 2.4.15-2 +- Perl 5.22 rebuild + +* Thu May 21 2015 Vitezslav Crhonek - 2.4.15-1 +- Update to openwsman-2.4.15 + +* Sat May 02 2015 Kalev Lember - 2.4.14-2 +- Rebuilt for GCC 5 C++11 ABI change + +* Thu Feb 26 2015 Vitezslav Crhonek - 2.4.14-1 +- Update to openwsman-2.4.14 + +* Mon Feb 09 2015 Vitezslav Crhonek - 2.4.12-1 +- Update to openwsman-2.4.12 + +* Sat Jan 17 2015 Mamoru TASAKA - 2.4.6-5 +- Rebuild for https://fedoraproject.org/wiki/Changes/Ruby_2.2 + +* Tue Aug 26 2014 Jitka Plesnikova - 2.4.6-4 +- Perl 5.20 rebuild + +* Sun Aug 17 2014 Fedora Release Engineering - 2.4.6-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sat Jun 07 2014 Fedora Release Engineering - 2.4.6-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Tue May 20 2014 Vitezslav Crhonek - 2.4.6-1 +- Update to openwsman-2.4.6 + +* Fri Apr 25 2014 Vít Ondruch - 2.4.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Changes/Ruby_2.1 + +* Tue Mar 11 2014 Vitezslav Crhonek - 2.4.4-1 +- Update to openwsman-2.4.4 +- Provide rubygem-openwsman instead of openwsman-ruby (patch by Vit Ondruch) + +* Wed Feb 05 2014 Vitezslav Crhonek - 2.4.3-2 +- Update openwsmand man page + +* Thu Jan 23 2014 Vitezslav Crhonek - 2.4.3-1 +- Update to openwsman-2.4.3 + +* Tue Jan 07 2014 Vitezslav Crhonek - 2.4.0-3 +- Start the service using SSL by default + +* Mon Sep 30 2013 Vitezslav Crhonek - 2.4.0-2 +- Build with full relro +- Fix provides/requires +- Fix pam.d config (patch by Ales Ledvinka) + Resolves: #1013018 + +* Tue Sep 17 2013 Vitezslav Crhonek - 2.4.0-1 +- Update to openwsman-2.4.0 +- Fix bogus date in %%changelog + +* Sat Aug 03 2013 Fedora Release Engineering - 2.3.6-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Wed Jul 17 2013 Petr Pisar - 2.3.6-7 +- Perl 5.18 rebuild + +* Tue Mar 19 2013 Vít Ondruch - 2.3.6-6 +- Rebuild for https://fedoraproject.org/wiki/Features/Ruby_2.0.0 + +* Mon Mar 18 2013 Praveen K Paladugu - 2.3.6-4 +- Updated the dependency for ruby bindings and introduced the java bindings. + +* Wed Mar 13 2013 Peter Robinson 2.3.6-3 +- rebuild for ruby 2 + +* Thu Feb 14 2013 Fedora Release Engineering - 2.3.6-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Thu Nov 08 2012 Vitezslav Crhonek - 2.3.6-1 +- Update to openwsman-2.3.6 + +* Mon Sep 17 2012 Vitezslav Crhonek - 2.3.5-1 +- Update to openwsman-2.3.5 +- Enable ruby subpackage again + +* Tue Aug 28 2012 Vitezslav Crhonek - 2.3.0-7 +- Fix issues found by fedora-review utility in the spec file + +* Thu Aug 23 2012 Vitezslav Crhonek - 2.3.0-6 +- Use new systemd-rpm macros + Resolves: #850405 + +* Fri Jul 20 2012 Fedora Release Engineering - 2.3.0-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Sun Jun 10 2012 Petr Pisar - 2.3.0-4 +- Perl 5.16 rebuild + +* Mon May 28 2012 Vitezslav Crhonek - 2.3.0-3 +- Rename service file + +* Wed May 23 2012 Vitezslav Crhonek - 2.3.0-2 +- Add systemd support + +* Tue Mar 27 2012 Vitezslav Crhonek - 2.3.0-1 +- Update to openwsman-2.3.0 + +* Thu Feb 09 2012 Vitezslav Crhonek - 2.2.7-4 +- Fix libssl loading + +* Thu Feb 09 2012 Vitezslav Crhonek - 2.2.7-3 +- Temporarily disable ruby subpackage + +* Thu Jan 26 2012 Vitezslav Crhonek - 2.2.7-2 +- Remove unnecessary net-tools requirement + Resolves: #784787 + +* Wed Jan 11 2012 Vitezslav Crhonek - 2.2.7-1 +- Update to openwsman-2.2.7 + +* Mon Jun 20 2011 Marcela Mašláňová - 2.2.5-3 +- Perl mass rebuild + +* Fri Jun 10 2011 Marcela Mašláňová - 2.2.5-2 +- Perl 5.14 mass rebuild + +* Wed Mar 23 2011 Vitezslav Crhonek - 2.2.5-1 +- Update to openwsman-2.2.5 + +* Tue Feb 08 2011 Fedora Release Engineering - 2.2.4-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Thu Dec 9 2010 Vitezslav Crhonek - 2.2.4-2 +- Recompile with -DNO_SSL_CALLBACK + +* Tue Nov 16 2010 Vitezslav Crhonek - 2.2.4-1 +- Update to openwsman-2.2.4 +- Add help2man generated manpage for openwsmand binary +- Add missing openwsman headers to libwsman-devel +- Add configuration file to openwsman-client + +* Wed Sep 29 2010 jkeating - 2.2.3-9 +- Rebuilt for gcc bug 634757 + +* Mon Sep 13 2010 Vitezslav Crhonek - 2.2.3-8 +- Move initscript to the right place +- Fix return values from initscript according to guidelines + +* Tue Aug 10 2010 Praveen K Paladugu - 2.2.3-7 +- Moved the certificate generation from init script. The user will have to +- generate the certificate manually. + +* Mon Aug 2 2010 Praveen K Paladugu - 2.2.3-6 +- Fixed the version checking of swig and forced all the ruby files to be +- installed into site{lib,arch} dirs + +* Wed Jul 21 2010 David Malcolm - 2.2.3-5 +- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild + +* Tue Jun 01 2010 Marcela Maslanova - 2.2.3-4 +- Mass rebuild with perl-5.12.0 + +* Thu Apr 22 2010 Praveen K Paladugu - 2.2.3-3 +- authors.patch: Moved all the AUTHORS info to AUTHORS file. +- Corrected the Source tag. +- Corrected the package dependencies to break cyclic dependencies. +- Fixed the default attributes. +- Fixed the preun & postun scripts, to make sure the openwsmand service +- is stopped before the package is removed. +- Added 'condrestart' function to the init script. +- Had to let the *.so files be part of the openwsman-server becuase +- some of the source files explicitly call out for *.so files. + + +* Thu Apr 15 2010 Praveen K Paladugu - 2.2.3-2 +- Updated the spec file to adhere to the upstream standard of breaking +- the package in server, client, lib modules +- randfile.patch: when openwsmand daemon creates a certificate the +- first time it needs a file which have random content it. This +- is pointed to $HOME/.rnd in /etc/openwsman/ssleay.cnf. Changed this +- random file to /dev/urandom. +- initscript.patch: patch to edit the init script so that the services +- are not started by default. + + +* Wed Mar 3 2010 Vitezslav Crhonek - 2.2.3-1 +- Update to openwsman-2.2.3 + + +* Wed Sep 23 2009 Praveen K Paladugu - 2.2.0-1 +- Added the new 2.2.0 sources. +- Changed the release and version numbers. + +* Fri Aug 21 2009 Tomas Mraz - 2.1.0-4 +- rebuilt with new openssl + +* Sat Jul 25 2009 Fedora Release Engineering - 2.1.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Thu Feb 26 2009 Fedora Release Engineering - 2.1.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Mon Sep 22 2008 Matt Domsch - 2.1.0-1 +- update to 2.1.0, resolves security issues + +* Tue Aug 19 2008 - 2.0.0-1 +- Modified the spec file to adhere to fedora packaging guidelines.