!1 package init

Merge pull request !1 from lkx690/master

CVE-2019-3833.patch

@@ -0,0 +1,169 @@
+--- a/src/server/shttpd/shttpd.c
++++ b/src/server/shttpd/shttpd.c
+@@ -336,10 +336,12 @@ date_to_epoch(const char *s)
+ }
+ 
+ static void
+-remove_double_dots(char *s)
++remove_all_leading_dots(char *s)
+ {
+ 	char	*p = s;
+ 
++	while (*s != '\0' && *s == '.') s++;
++
+ 	while (*s != '\0') {
+ 		*p++ = *s++;
+ 		if (s[-1] == '/' || s[-1] == '\\')
+@@ -546,7 +548,7 @@ decide_what_to_do(struct conn *c)
+ 		*c->query++ = '\0';
+ 
+ 	_shttpd_url_decode(c->uri, strlen(c->uri), c->uri, strlen(c->uri) + 1);
+-	remove_double_dots(c->uri);
++	remove_all_leading_dots(c->uri);
+ 
+ 	root = c->ctx->options[OPT_ROOT];
+ 	if (strlen(c->uri) + strlen(root) >= sizeof(path)) {
+@@ -556,6 +558,7 @@ decide_what_to_do(struct conn *c)
+ 
+ 	(void) _shttpd_snprintf(path, sizeof(path), "%s%s", root, c->uri);
+ 
++	DBG(("decide_what_to_do -> processed path: [%s]", path));
+ 	/* User may use the aliases - check URI for mount point */
+ 	if (is_alias(c->ctx, c->uri, &alias_uri, &alias_path) != NULL) {
+ 		(void) _shttpd_snprintf(path, sizeof(path), "%.*s%s",
+@@ -572,7 +575,10 @@ decide_what_to_do(struct conn *c)
+ 	if ((ruri = _shttpd_is_registered_uri(c->ctx, c->uri)) != NULL) {
+ 		_shttpd_setup_embedded_stream(c,
+ 		    ruri->callback, ruri->callback_data);
+-	} else
++	} else {
++		_shttpd_send_server_error(c, 403, "Forbidden");
++	}
++#if 0
+ 	if (strstr(path, HTPASSWD)) {
+ 		/* Do not allow to view passwords files */
+ 		_shttpd_send_server_error(c, 403, "Forbidden");
+@@ -656,6 +662,7 @@ decide_what_to_do(struct conn *c)
+ 	} else {
+ 		_shttpd_send_server_error(c, 500, "Internal Error");
+ 	}
++#endif
+ }
+ 
+ static int
+@@ -698,11 +705,11 @@ parse_http_request(struct conn *c)
+ 		_shttpd_send_server_error(c, 500, "Cannot allocate request");
+ 	}
+ 
++	io_inc_tail(&c->rem.io, req_len);
++
+ 	if (c->loc.flags & FLAG_CLOSED)
+ 		return;
+ 
+-	io_inc_tail(&c->rem.io, req_len);
+-
+ 	DBG(("Conn %d: parsing request: [%.*s]", c->rem.chan.sock, req_len, s));
+ 	c->rem.flags |= FLAG_HEADERS_PARSED;
+ 
+@@ -968,7 +975,7 @@ write_stream(struct stream *from, struct
+ }
+ 
+ 
+-static void
++static int
+ connection_desctructor(struct llhead *lp)
+ {
+ 	struct conn		*c = LL_ENTRY(lp, struct conn, link);
+@@ -992,7 +999,8 @@ connection_desctructor(struct llhead *lp
+ 	 * Check the "Connection: " header before we free c->request
+ 	 * If it its 'keep-alive', then do not close the connection
+ 	 */
+-	do_close = (c->ch.connection.v_vec.len >= vec.len &&
++	do_close = c->rem.flags & FLAG_CLOSED ||
++	    (c->ch.connection.v_vec.len >= vec.len &&
+ 	    !_shttpd_strncasecmp(vec.ptr,c->ch.connection.v_vec.ptr,vec.len)) ||
+ 	    (c->major_version < 1 ||
+ 	    (c->major_version >= 1 && c->minor_version < 1));
+@@ -1014,7 +1022,7 @@ connection_desctructor(struct llhead *lp
+ 		io_clear(&c->loc.io);
+ 		c->birth_time = _shttpd_current_time;
+ 		if (io_data_len(&c->rem.io) > 0)
+-			process_connection(c, 0, 0);
++			return 1;
+ 	} else {
+ 		if (c->rem.io_class != NULL)
+ 			c->rem.io_class->close(&c->rem);
+@@ -1025,6 +1033,8 @@ connection_desctructor(struct llhead *lp
+ 
+ 		free(c);
+ 	}
++
++	return 0;
+ }
+ 
+ static void
+@@ -1032,7 +1042,7 @@ worker_destructor(struct llhead *lp)
+ {
+ 	struct worker	*worker = LL_ENTRY(lp, struct worker, link);
+ 
+-	free_list(&worker->connections, connection_desctructor);
++	free_list(&worker->connections, (void (*)(struct llhead *))connection_desctructor);
+ 	free(worker);
+ }
+ 
+@@ -1065,6 +1075,8 @@ add_to_set(int fd, fd_set *set, int *max
+ static void
+ process_connection(struct conn *c, int remote_ready, int local_ready)
+ {
++again:
++
+ 	/* Read from remote end if it is ready */
+ 	if (remote_ready && io_space_len(&c->rem.io))
+ 		read_stream(&c->rem);
+@@ -1093,7 +1105,11 @@ process_connection(struct conn *c, int r
+ 	if ((_shttpd_current_time > c->expire_time) ||
+ 	    (c->rem.flags & FLAG_CLOSED) ||
+ 	    ((c->loc.flags & FLAG_CLOSED) && !io_data_len(&c->loc.io)))
+-		connection_desctructor(&c->link);
++		if (connection_desctructor(&c->link)) {
++			remote_ready = 0;
++			local_ready = 0;
++			goto again;
++		}
+ }
+ 
+ static int
+@@ -1650,7 +1666,7 @@ worker_function(void *param)
+ 	while (worker->exit_flag == 0)
+ 		poll_worker(worker, 1000 * 10);
+ 
+-	free_list(&worker->connections, connection_desctructor);
++	free_list(&worker->connections, (void (*)(struct llhead *))connection_desctructor);
+ 	free(worker);
+ }
+
+--- a/src/server/wsmand.c
++++ b/src/server/wsmand.c
+@@ -198,6 +198,11 @@ static void daemonize(void)
+ 	int fd;
+ 	char *pid;
+ 
++	/* Change our CWD to service_path */
++	i=chdir("/");
++	// i=chdir(wsmand_options_get_service_path());
++        assert(i == 0);
++
+ 	if (wsmand_options_get_foreground_debug() > 0) {
+ 		return;
+ 	}
+@@ -214,10 +219,6 @@ static void daemonize(void)
+ 	log_pid = 0;
+ 	setsid();
+ 
+-	/* Change our CWD to / */
+-	i=chdir("/");
+-        assert(i == 0);
+-
+ 	/* Close all file descriptors. */
+ 	for (i = getdtablesize(); i >= 0; --i)
+ 		close(i);

openwsman-2.4.0-pamsetup.patch

@@ -0,0 +1,16 @@
+diff -up openwsman-2.6.1/etc/pam/openwsman.pamsetup openwsman-2.6.1/etc/pam/openwsman
+--- openwsman-2.6.1/etc/pam/openwsman.pamsetup	2015-08-27 15:46:46.000000000 +0200
++++ openwsman-2.6.1/etc/pam/openwsman	2015-08-31 16:08:28.166913889 +0200
+@@ -1,7 +1,7 @@
+ #%PAM-1.0
+-auth       required	pam_unix2.so	nullok
++auth       required	pam_unix.so		nullok
+ auth       required	pam_nologin.so
+-account    required	pam_unix2.so
+-password   required	pam_pwcheck.so	nullok
+-password   required	pam_unix2.so	nullok use_first_pass use_authtok
+-session    required	pam_unix2.so	none
++account    required	pam_unix.so
++password   required	pam_pwquality.so
++password   required	pam_unix.so		nullok use_first_pass use_authtok
++session    required	pam_unix.so

openwsman-2.4.12-ruby-binding-build.patch

@@ -0,0 +1,12 @@
+diff -up openwsman-2.4.12/bindings/ruby/extconf.rb.orig openwsman-2.4.12/bindings/ruby/extconf.rb
+--- openwsman-2.4.12/bindings/ruby/extconf.rb.orig	2015-02-09 09:28:58.232581263 +0100
++++ openwsman-2.4.12/bindings/ruby/extconf.rb	2015-02-09 09:38:22.836772879 +0100
+@@ -32,7 +32,7 @@ swig = find_executable("swig")
+ raise "SWIG not found" unless swig
+ 
+ major, minor, path = RUBY_VERSION.split(".")
+-raise "SWIG failed to run" unless system("#{swig} -ruby -autorename -DRUBY_VERSION=#{major}#{minor} -I. -I/usr/include/openwsman -o openwsman_wrap.c openwsman.i")
++raise "SWIG failed to run" unless system("#{swig} -ruby -autorename -DRUBY_VERSION=#{major}#{minor} -I. -I/usr/include/openwsman -I/builddir/build/BUILD/openwsman-2.6.5/include/ -o openwsman_wrap.c openwsman.i")
+ 
+ $CPPFLAGS = "-I/usr/include/openwsman -I.."
+ 

openwsman-2.6.2-openssl-1.1-fix.patch

@@ -0,0 +1,162 @@
+diff -up openwsman-2.6.5/src/lib/wsman-curl-client-transport.c.orig openwsman-2.6.5/src/lib/wsman-curl-client-transport.c
+--- openwsman-2.6.5/src/lib/wsman-curl-client-transport.c.orig	2017-11-28 09:32:15.000000000 +0100
++++ openwsman-2.6.5/src/lib/wsman-curl-client-transport.c	2018-01-23 13:14:59.357153453 +0100
+@@ -241,12 +241,20 @@ write_handler( void *ptr, size_t size, s
+ static int ssl_certificate_thumbprint_verify_callback(X509_STORE_CTX *ctx, void *arg)
+ {
+ 	unsigned char *thumbprint = (unsigned char *)arg;
+-	X509 *cert = ctx->cert;
+ 	EVP_MD                                  *tempDigest;
+ 
+ 	unsigned char   tempFingerprint[EVP_MAX_MD_SIZE];
+ 	unsigned int      tempFingerprintLen;
+ 	tempDigest = (EVP_MD*)EVP_sha1( );
++
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++	X509 *cert = X509_STORE_CTX_get_current_cert(ctx);
++#else
++	X509 *cert = ctx->cert;
++#endif
++	if(!cert)
++		return 0;
++
+ 	if ( X509_digest(cert, tempDigest, tempFingerprint, &tempFingerprintLen ) <= 0)
+ 		return 0;
+ 	if(!memcmp(tempFingerprint, thumbprint, tempFingerprintLen))
+diff -up openwsman-2.6.5/src/server/shttpd/compat_unix.h.orig openwsman-2.6.5/src/server/shttpd/compat_unix.h
+--- openwsman-2.6.5/src/server/shttpd/compat_unix.h.orig	2017-11-28 09:32:15.000000000 +0100
++++ openwsman-2.6.5/src/server/shttpd/compat_unix.h	2018-01-23 13:14:59.357153453 +0100
+@@ -27,10 +27,6 @@
+ 	pthread_create(&tid, NULL, (void *(*)(void *))a, c); } while (0)
+ #endif /* !NO_THREADS */
+ 
+-#ifndef SSL_LIB
+-#define	SSL_LIB				"libssl.so"
+-#endif
+-
+ #define	DIRSEP				'/'
+ #define	IS_DIRSEP_CHAR(c)		((c) == '/')
+ #define	O_BINARY			0
+diff -up openwsman-2.6.5/src/server/shttpd/io_ssl.c.orig openwsman-2.6.5/src/server/shttpd/io_ssl.c
+--- openwsman-2.6.5/src/server/shttpd/io_ssl.c.orig	2017-11-28 09:32:15.000000000 +0100
++++ openwsman-2.6.5/src/server/shttpd/io_ssl.c	2018-01-23 13:14:59.357153453 +0100
+@@ -11,23 +11,6 @@
+ #include "defs.h"
+ 
+ #if !defined(NO_SSL)
+-struct ssl_func	ssl_sw[] = {
+-	{"SSL_free",			{0}},
+-	{"SSL_accept",			{0}},
+-	{"SSL_connect",			{0}},
+-	{"SSL_read",			{0}},
+-	{"SSL_write",			{0}},
+-	{"SSL_get_error",		{0}},
+-	{"SSL_set_fd",			{0}},
+-	{"SSL_new",			{0}},
+-	{"SSL_CTX_new",			{0}},
+-	{"SSLv23_server_method",	{0}},
+-	{"SSL_library_init",		{0}},
+-	{"SSL_CTX_use_PrivateKey_file",	{0}},
+-	{"SSL_CTX_use_certificate_file",{0}},
+-	{NULL,				{0}}
+-};
+-
+ void
+ _shttpd_ssl_handshake(struct stream *stream)
+ {
+diff -up openwsman-2.6.5/src/server/shttpd/shttpd.c.orig openwsman-2.6.5/src/server/shttpd/shttpd.c
+--- openwsman-2.6.5/src/server/shttpd/shttpd.c.orig	2017-11-28 09:32:15.000000000 +0100
++++ openwsman-2.6.5/src/server/shttpd/shttpd.c	2018-01-23 13:16:13.738228773 +0100
+@@ -1476,20 +1476,14 @@ set_ssl(struct shttpd_ctx *ctx, const ch
+ 	int		retval = FALSE;
+ 	EC_KEY*		key;
+ 
+-	/* Load SSL library dynamically */
+-	if ((lib = dlopen(SSL_LIB, RTLD_LAZY)) == NULL) {
+-		_shttpd_elog(E_LOG, NULL, "set_ssl: cannot load %s", SSL_LIB);
+-		return (FALSE);
+-	}
+-
+-	for (fp = ssl_sw; fp->name != NULL; fp++)
+-		if ((fp->ptr.v_void = dlsym(lib, fp->name)) == NULL) {
+-			_shttpd_elog(E_LOG, NULL,"set_ssl: cannot find %s", fp->name);
+-			return (FALSE);
+-		}
+-
+ 	/* Initialize SSL crap */
++	debug("Initialize SSL");
++	SSL_load_error_strings();
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++	OPENSSL_init_ssl(0, NULL);
++#else
+ 	SSL_library_init();
++#endif
+ 
+ 	if ((CTX = SSL_CTX_new(SSLv23_server_method())) == NULL)
+ 		_shttpd_elog(E_LOG, NULL, "SSL_CTX_new error");
+@@ -1532,7 +1526,11 @@ set_ssl(struct shttpd_ctx *ctx, const ch
+ 			if (strncasecmp(protocols[idx].name, ssl_disabled_protocols, blank_ptr-ssl_disabled_protocols) == 0) {
+ 				//_shttpd_elog(E_LOG, NULL, "SSL: disable %s protocol", protocols[idx].name);
+ 				debug("SSL: disable %s protocol", protocols[idx].name);
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++				SSL_CTX_set_options(CTX, protocols[idx].opt);
++#else
+ 				SSL_CTX_ctrl(CTX, SSL_CTRL_OPTIONS, protocols[idx].opt, NULL);
++#endif
+ 				break;
+ 			}
+ 		}
+diff -up openwsman-2.6.5/src/server/shttpd/ssl.h.orig openwsman-2.6.5/src/server/shttpd/ssl.h
+--- openwsman-2.6.5/src/server/shttpd/ssl.h.orig	2017-11-28 09:32:15.000000000 +0100
++++ openwsman-2.6.5/src/server/shttpd/ssl.h	2018-01-23 13:14:59.358153454 +0100
+@@ -12,50 +12,4 @@
+ 
+ #include <openssl/ssl.h>
+ 
+-#else
+-
+-/*
+- * Snatched from OpenSSL includes. I put the prototypes here to be independent
+- * from the OpenSSL source installation. Having this, shttpd + SSL can be
+- * built on any system with binary SSL libraries installed.
+- */
+-
+-typedef struct ssl_st SSL;
+-typedef struct ssl_method_st SSL_METHOD;
+-typedef struct ssl_ctx_st SSL_CTX;
+-
+-#define	SSL_ERROR_WANT_READ	2
+-#define	SSL_ERROR_WANT_WRITE	3
+-#define	SSL_ERROR_SYSCALL	5
+-#define	SSL_FILETYPE_PEM	1
+-
+ #endif
+-
+-/*
+- * Dynamically loaded SSL functionality
+- */
+-struct ssl_func {
+-	const char	*name;		/* SSL function name	*/
+-	union variant	ptr;		/* Function pointer	*/
+-};
+-
+-extern struct ssl_func	ssl_sw[];
+-
+-#define	FUNC(x)	ssl_sw[x].ptr.v_func
+-
+-#define	SSL_free(x)	(* (void (*)(SSL *)) FUNC(0))(x)
+-#define	SSL_accept(x)	(* (int (*)(SSL *)) FUNC(1))(x)
+-#define	SSL_connect(x)	(* (int (*)(SSL *)) FUNC(2))(x)
+-#define	SSL_read(x,y,z)	(* (int (*)(SSL *, void *, int)) FUNC(3))((x),(y),(z))
+-#define	SSL_write(x,y,z) \
+-	(* (int (*)(SSL *, const void *,int)) FUNC(4))((x), (y), (z))
+-#define	SSL_get_error(x,y)(* (int (*)(SSL *, int)) FUNC(5))((x), (y))
+-#define	SSL_set_fd(x,y)	(* (int (*)(SSL *, int)) FUNC(6))((x), (y))
+-#define	SSL_new(x)	(* (SSL * (*)(SSL_CTX *)) FUNC(7))(x)
+-#define	SSL_CTX_new(x)	(* (SSL_CTX * (*)(SSL_METHOD *)) FUNC(8))(x)
+-#define	SSLv23_server_method()	(* (SSL_METHOD * (*)(void)) FUNC(9))()
+-#define	SSL_library_init() (* (int (*)(void)) FUNC(10))()
+-#define	SSL_CTX_use_PrivateKey_file(x,y,z)	(* (int (*)(SSL_CTX *, \
+-		const char *, int)) FUNC(11))((x), (y), (z))
+-#define	SSL_CTX_use_certificate_file(x,y,z)	(* (int (*)(SSL_CTX *, \
+-		const char *, int)) FUNC(12))((x), (y), (z))

openwsman-2.6.5-fix-set-cipher-list-retval-check.patch

@@ -0,0 +1,12 @@
+diff -up openwsman-2.6.5/src/server/shttpd/shttpd.c.orig openwsman-2.6.5/src/server/shttpd/shttpd.c
+--- openwsman-2.6.5/src/server/shttpd/shttpd.c.orig	2018-02-21 10:53:24.964163710 +0100
++++ openwsman-2.6.5/src/server/shttpd/shttpd.c	2018-02-21 10:53:31.854162875 +0100
+@@ -1541,7 +1541,7 @@ set_ssl(struct shttpd_ctx *ctx, const ch
+ 
+ 	if (ssl_cipher_list) {
+           int rc = SSL_CTX_set_cipher_list(CTX, ssl_cipher_list);
+-          if (rc != 0) {
++          if (rc != 1) {
+             _shttpd_elog(E_LOG, NULL, "Failed to set SSL cipher list \"%s\"", ssl_cipher_list);
+           }
+         }

openwsman-2.6.5-libcurl-error-codes-update.patch

@@ -0,0 +1,28 @@
+diff -up openwsman-2.6.5/src/lib/wsman-curl-client-transport.c.orig openwsman-2.6.5/src/lib/wsman-curl-client-transport.c
+--- openwsman-2.6.5/src/lib/wsman-curl-client-transport.c.orig	2018-11-14 13:53:27.442138557 +0100
++++ openwsman-2.6.5/src/lib/wsman-curl-client-transport.c	2018-11-14 14:11:28.508714204 +0100
+@@ -186,16 +186,23 @@ convert_to_last_error(CURLcode r)
+ 		return WS_LASTERR_SSL_CONNECT_ERROR;
+         case CURLE_BAD_FUNCTION_ARGUMENT:
+                 return WS_LASTERR_CURL_BAD_FUNCTION_ARG;
++#if LIBCURL_VERSION_NUM < 0x073E00
+ 	case CURLE_SSL_PEER_CERTIFICATE:
+ 		return WS_LASTERR_SSL_PEER_CERTIFICATE;
++#endif
+ 	case CURLE_SSL_ENGINE_NOTFOUND:
+ 		return WS_LASTERR_SSL_ENGINE_NOTFOUND;
+ 	case CURLE_SSL_ENGINE_SETFAILED:
+ 		return WS_LASTERR_SSL_ENGINE_SETFAILED;
+ 	case CURLE_SSL_CERTPROBLEM:
+ 		return WS_LASTERR_SSL_CERTPROBLEM;
++#if LIBCURL_VERSION_NUM < 0x073E00
+ 	case CURLE_SSL_CACERT:
+ 		return WS_LASTERR_SSL_CACERT;
++#else
++	case CURLE_PEER_FAILED_VERIFICATION:
++		return WS_LASTERR_SSL_PEER_CERTIFICATE;
++#endif
+ #if LIBCURL_VERSION_NUM > 0x70C01
+ 	case CURLE_SSL_ENGINE_INITFAILED:
+ 		return WS_LASTERR_SSL_ENGINE_INITFAILED;
+

openwsman.spec

@@ -0,0 +1,315 @@
+%bcond_with pam
+
+# RubyGems's macros expect gem_name to exist.
+%global		gem_name %{name}
+
+Name:		openwsman
+Version:	2.6.5
+Release:	10
+Summary:	Opensource Implementation of WS-Management
+License:	BSD
+URL:		http://www.openwsman.org/
+Source0:	https://github.com/Openwsman/openwsman/archive/v%{version}.tar.gz
+Source1:	openwsmand.8.gz
+Source2:	openwsmand.service
+Source3:	owsmantestcert.sh
+%if %{with pam}
+Patch1:		openwsman-2.4.0-pamsetup.patch
+%endif
+Patch2:		openwsman-2.4.12-ruby-binding-build.patch
+Patch3:		openwsman-2.6.2-openssl-1.1-fix.patch
+Patch4:		openwsman-2.6.5-fix-set-cipher-list-retval-check.patch
+Patch5:		openwsman-2.6.5-libcurl-error-codes-update.patch
+Patch6000:     CVE-2019-3833.patch
+
+BuildRequires:	swig libcurl-devel libxml2-devel pam-devel sblim-sfcc-devel python3
+BuildRequires:	python3-devel ruby ruby-devel rubygems-devel perl-interpreter
+BuildRequires:	perl-devel perl-generators pkgconfig openssl-devel
+BuildRequires:	cmake systemd-units gcc gcc-c++ python2 python2-devel
+
+
+%description
+Opensource Implementation of WS-Management protocol stack
+
+%package -n libwsman1
+License:	BSD
+Summary:	Opensource Implementation of WS-Management
+Provides:	%{name} = %{version}-%{release}
+Obsoletes:	%{name} < %{version}-%{release}
+
+%description -n libwsman1
+Opensource Implementation of WS-Management protocol stack
+(Common libraries)
+
+%package -n libwsman-devel
+License:	BSD
+Summary:	Opensource Implementation of WS-Management
+Provides:	%{name}-devel = %{version}-%{release}
+Obsoletes:	%{name}-devel < %{version}-%{release}
+Requires:	libwsman1 = %{version}-%{release}
+Requires:	%{name}-server = %{version}-%{release}
+Requires:	%{name}-client = %{version}-%{release}
+Requires:	sblim-sfcc-devel libxml2-devel libcurl-devel
+
+%if %{with pam}
+Requires:	pam-devel
+%endif
+%description -n libwsman-devel
+Opensource Implementation of WS-Management stack
+(Development files)
+
+%package client
+License:	BSD
+Summary:	Openwsman Client libraries
+
+%description client
+Openwsman Client libraries.
+
+%package server
+License:	BSD
+Summary:	Openwsman Server and service libraries
+Requires:	libwsman1 = %{version}-%{release}
+
+%description server
+Openwsman Server and service libraries.
+
+%package python3
+License:	BSD
+Summary:	Python bindings for openwsman client API
+Requires:	python3
+Requires:	libwsman1 = %{version}-%{release}
+%{?python_provide:%python_provide python3-openwsman}
+
+%description python3
+This package provides Python3 bindings to access the openwsman client API.
+
+%if %{with pam}
+%package ruby
+License:	BSD
+Summary:	Ruby bindings for openwsman client API
+Obsoletes:	%{name}-ruby < %{version}-%{release}
+
+%description -n rubygem-%{gem_name}
+This package provides Ruby bindings to access the openwsman client API.
+
+%package ruby-docs
+Summary:	HTML documentation for Opendwsman Ruby bindings
+BuildArch:	noarch
+
+%description ruby-docs
+This package provides HTML documentation for the Openwsman Ruby
+bindings.
+
+%endif
+
+%package perl
+License:	BSD
+Requires:	perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
+Summary:	Perl bindings for openwsman client API
+Requires:	libwsman1 = %{version}-%{release}
+
+%description perl
+This package provides Perl bindings to access the openwsman client API.
+
+%package winrs
+Summary:	Windows Remote Shell
+Requires:	rubygem-%{gem_name} = %{version}-%{release}
+
+%description winrs
+This is a command line tool for the Windows Remote Shell protocol.
+You can use it to send shell commands to a remote Windows hosts.
+
+%package_help
+
+%prep
+%autosetup -p1
+
+%build
+# Removing executable permissions on .c and .h files to fix rpmlint warnings. 
+chmod -x src/cpp/WsmanClient.h
+
+mkdir build
+
+export RPM_OPT_FLAGS="$RPM_OPT_FLAGS -DNO_SSL_CALLBACK"
+export CFLAGS="-D_GNU_SOURCE -fPIE -DPIE"
+export LDFLAGS="$LDFLAGS -Wl,-z,now -pie"
+cd build
+cmake \
+	-DCMAKE_INSTALL_PREFIX=/usr \
+	-DCMAKE_VERBOSE_MAKEFILE=TRUE \
+	-DCMAKE_BUILD_TYPE=Release \
+	-DCMAKE_C_FLAGS_RELEASE:STRING="$RPM_OPT_FLAGS -fno-strict-aliasing" \
+	-DCMAKE_CXX_FLAGS_RELEASE:STRING="$RPM_OPT_FLAGS" \
+	-DCMAKE_SKIP_RPATH=1 \
+	-DPACKAGE_ARCHITECTURE=`uname -m` \
+	-DLIB=%{_lib} \
+	-DBUILD_JAVA=no \
+%if %{without pam}
+	-DBUILD_RUBY_GEM=no \
+%endif
+	..
+
+make
+
+%if %{with pam}
+# Make the freshly build openwsman libraries available to build the gem's
+# binary extension.
+export LIBRARY_PATH=%{_builddir}/%{name}-%{version}/build/src/lib
+export CPATH=%{_builddir}/%{name}-%{version}/include/
+export LD_LIBRARY_PATH=%{_builddir}/%{name}-%{version}/build/src/lib/
+%endif
+
+%if %{with pam}
+%gem_install -n ./bindings/ruby/%{name}-%{version}.gem
+%endif
+
+%install
+cd build
+
+%if %{with pam}
+# Do not install the ruby extension, we are proviging the rubygem- instead.
+echo -n > bindings/ruby/cmake_install.cmake
+%endif
+
+%make_install
+cd ..
+rm -f %{buildroot}/%{_libdir}/*.la
+rm -f %{buildroot}/%{_libdir}/openwsman/plugins/*.la
+rm -f %{buildroot}/%{_libdir}/openwsman/authenticators/*.la
+[ -d %{buildroot}/%{ruby_vendorlibdir} ] && rm -f %{buildroot}/%{ruby_vendorlibdir}/openwsmanplugin.rb
+[ -d %{buildroot}/%{ruby_vendorlibdir} ] && rm -f %{buildroot}/%{ruby_vendorlibdir}/openwsman.rb
+install -d %{buildroot}%{_sysconfdir}/init.d
+install -m 644 etc/openwsman.conf %{buildroot}/%{_sysconfdir}/openwsman
+install -m 644 etc/openwsman_client.conf %{buildroot}/%{_sysconfdir}/openwsman
+install -d %{buildroot}/%{_unitdir}
+install -p -m 644 %{SOURCE2} %{buildroot}/%{_unitdir}/openwsmand.service
+install -m 644 etc/ssleay.cnf %{buildroot}/%{_sysconfdir}/openwsman
+install -p -m 755 %{SOURCE3} %{buildroot}/%{_sysconfdir}/openwsman
+install -d %{buildroot}/%{_mandir}/man8/
+cp %SOURCE1 %{buildroot}/%{_mandir}/man8/
+install -m 644 include/wsman-xml.h %{buildroot}/%{_includedir}/openwsman
+install -m 644 include/wsman-xml-binding.h %{buildroot}/%{_includedir}/openwsman
+install -m 644 include/wsman-dispatcher.h %{buildroot}/%{_includedir}/openwsman
+
+%if %{with pam}
+install -d %{buildroot}%{gem_dir}
+cp -pa ./build%{gem_dir}/* %{buildroot}%{gem_dir}/
+install -d %{buildroot}%{gem_extdir_mri}
+cp -a ./build%{gem_extdir_mri}/{gem.build_complete,*.so} %{buildroot}%{gem_extdir_mri}/
+%endif
+
+%post -n libwsman1 -p /sbin/ldconfig
+
+%postun -n libwsman1 -p /sbin/ldconfig
+
+%post server
+/sbin/ldconfig
+%systemd_post openwsmand.service
+
+%preun server
+%systemd_preun openwsmand.service
+
+%postun server
+rm -f /var/log/wsmand.log
+%systemd_postun_with_restart openwsmand.service
+/sbin/ldconfig
+
+%post client -p /sbin/ldconfig
+
+%postun client -p /sbin/ldconfig
+
+%files -n libwsman1
+%doc COPYING
+%{_libdir}/libwsman.so.*
+%{_libdir}/libwsman_client.so.*
+%{_libdir}/libwsman_curl_client_transport.so.*
+
+%if %{without pam}
+%exclude %{_exec_prefix}/lib/debug/usr/lib64/ruby/vendor_ruby/_openwsman.so*
+%exclude %{_libdir}/ruby/vendor_ruby/_openwsman.so
+%exclude %{_datadir}/ruby/vendor_ruby/%{name}/%{name}.rb
+%exclude %{_datadir}/ruby/vendor_ruby/%{name}/version.rb
+%exclude %{_datadir}/ruby/vendor_ruby/%{name}/xmldoc.rb
+%exclude %{_datadir}/ruby/vendor_ruby/%{name}/xmlnode.rb
+%{_sysconfdir}/pam.d/openwsman
+%{_exec_prefix}/lib/debug%{python2_sitearch}/_pywsman.so*
+%{python2_sitearch}/_pywsman.so
+%{python2_sitearch}/pywsman.py
+%{python2_sitearch}/pywsman.pyc
+%{python2_sitearch}/pywsman.pyo
+
+%endif
+
+%files -n libwsman-devel
+%{_includedir}/*
+%{_libdir}/pkgconfig/*
+%{_libdir}/*.so
+
+%files python3
+%if %{with pam}
+%{python3_sitearch}/*.so
+%{python3_sitearch}/*.py
+%{python3_sitearch}/__pycache__/*
+%endif
+
+%if %{with pam}
+%files ruby
+%dir %{gem_instdir}
+%exclude %{gem_instdir}/ext
+%{gem_libdir}
+%{gem_extdir_mri}
+%exclude %{gem_cache}
+%{gem_spec}
+
+%files ruby-docs
+%doc %{gem_docdir}
+
+%endif
+
+
+%files perl
+%{perl_vendorarch}/openwsman.so
+%{perl_vendorlib}/openwsman.pm
+
+%files server
+# Don't remove *.so files from the server package.
+# the server fails to start without these files.
+%dir %{_sysconfdir}/openwsman
+%config(noreplace) %{_sysconfdir}/openwsman/openwsman.conf
+%config(noreplace) %{_sysconfdir}/openwsman/ssleay.cnf
+%attr(0755,root,root) %{_sysconfdir}/openwsman/owsmangencert.sh
+%attr(0755,root,root) %{_sysconfdir}/openwsman/owsmantestcert.sh
+%if %{with pam}
+%config(noreplace) %{_sysconfdir}/pam.d/openwsman
+%endif
+%{_unitdir}/openwsmand.service
+%dir %{_libdir}/openwsman
+%dir %{_libdir}/openwsman/authenticators
+%{_libdir}/openwsman/authenticators/*.so
+%{_libdir}/openwsman/authenticators/*.so.*
+%dir %{_libdir}/openwsman/plugins
+%{_libdir}/openwsman/plugins/*.so
+%{_libdir}/openwsman/plugins/*.so.*
+%{_sbindir}/openwsmand
+%{_libdir}/libwsman_server.so.*
+
+%files client
+%{_libdir}/libwsman_clientpp.so.*
+%config(noreplace) %{_sysconfdir}/openwsman/openwsman_client.conf
+
+%files winrs
+%{_bindir}/winrs
+
+%files help
+%doc AUTHORS ChangeLog README.md TODO
+%{_mandir}/man8/*
+
+%changelog
+* Thu Feb 13 2020 fengbing <fengbing7@huawei.com> - 2.6.5-10
+- Type:N/A
+- ID:N/A
+- SUG:N/A
+- DESC:fix build fail
+
+* Fri Nov 29 2019 mengxian <mengxian@huawei.com> - 2.6.5-9
+- OpenEuler package init

openwsmand.service

@@ -0,0 +1,12 @@
+[Unit]
+Description=Openwsman WS-Management Service
+After=syslog.target
+
+[Service]
+Type=forking
+ExecStart=/usr/sbin/openwsmand -S
+ExecStartPre=/etc/openwsman/owsmantestcert.sh
+PIDFile=/var/run/wsmand.pid
+
+[Install]
+WantedBy=multi-user.target

owsmantestcert.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+
+if [ ! -f "/etc/openwsman/serverkey.pem" ]; then
+  if [ -f "/etc/ssl/servercerts/servercert.pem" \
+       -a -f "/etc/ssl/servercerts/serverkey.pem" ]; then
+    echo "Using common server certificate /etc/ssl/servercerts/servercert.pem"
+    ln -s /etc/ssl/servercerts/server{cert,key}.pem /etc/openwsman
+    exit 0
+  else
+    echo "FAILED: Starting openwsman server"
+    echo "There is no ssl server key available for openwsman server to use."
+    echo -e "Please generate one with the following script and start the openwsman service again:\n"
+    echo "##################################"
+    echo "/etc/openwsman/owsmangencert.sh"
+    echo "================================="
+    
+    echo "NOTE: The script uses /dev/random device for generating some random bits while generating the server key."
+    echo "      If this takes too long, you can replace the value of \"RANDFILE\" in /etc/openwsman/ssleay.cnf with /dev/urandom. Please understand the implications of replacing the RNADFILE."
+    exit 1
+  fi
+fi