Updated dependencies (3.24.x)

build-scripts/compile-options

@@ -38,19 +38,6 @@ if [ x"$SYSTEM_SSL" = x ]
 then
     # default to using cfengine openssl
     SYSTEM_SSL=0
-    # We don't bundle OpenSSL on some redhat-derived systems due to incompatability with libpam and our openssl.
-    _OS_MAJOR_VERSION="$(echo "$OS_VERSION" | cut -d. -f1)"
-    if [ "$OS" = "rhel" ] && expr "$_OS_MAJOR_VERSION" ">=" "8" >/dev/null
-    then
-        SYSTEM_SSL=1
-    fi
-    if [ "$OS" = "opensuse" ] || [ "$OS" = "sles" ]
-    then
-        if expr "$_OS_MAJOR_VERSION" ">=" "15"
-        then
-            SYSTEM_SSL=1
-        fi
-    fi
     # Detect using system ssl when running a Jenkins job
     if expr x"$label" ":" ".*systemssl" >/dev/null
     then

build-scripts/configure

@@ -63,10 +63,22 @@ case "$WITH_SYSTEMD" in
   *)    var_append ARGS "--without-systemd-service" ;;
 esac
 
-# RHEL 8 requires an SELinux policy
+# RHEL 8+ requires an SELinux policy and --without-pam to use vendored openssl
 if [ "x$OS" = "xrhel" ] && [ "${VER%\.*}" -gt "7" ]; then
   var_append ARGS "--with-selinux-policy"
 fi
+# rhel >= 7 or opensuse >= 15 need --without-pam in order to use vendored openssl
+if [ "$OS" = "rhel" ] && expr "$_OS_MAJOR_VERSION" ">=" "8" >/dev/null
+then
+    var_append ARGS "--without-pam"
+fi
+if [ "$OS" = "opensuse" ] || [ "$OS" = "sles" ]
+then
+    if expr "$_OS_MAJOR_VERSION" ">=" "15"
+    then
+        var_append ARGS "--without-pam"
+    fi
+fi
 
 # Cross-compiling Windows?
 case "$ARCH-${OS_FAMILY}" in

deps-packaging/git/cfbuild-git.spec

@@ -1,4 +1,4 @@
-%define git_version 2.52.0
+%define git_version 2.53.0
 
 Summary: CFEngine Build Automation -- git
 Name: cfbuild-git

deps-packaging/git/distfiles

@@ -1 +1 @@
-6880cb1e737e26f81cf7db9957ab2b5bb2aa1490d87619480b860816e0c10c32  git-2.52.0.tar.gz
+429dc0f5fe5f14109930cdbbb588c5d6ef5b8528910f0d738040744bebdc6275  git-2.53.0.tar.gz

deps-packaging/libcurl-hub/cfbuild-libcurl-hub.spec

@@ -1,4 +1,4 @@
-%define curl_version 8.17.0
+%define curl_version 8.18.0
 
 Summary: CFEngine Build Automation -- libcurl
 Name: cfbuild-libcurl-hub
@@ -19,11 +19,11 @@ mkdir -p %{_builddir}
 %setup -q -n curl-%{curl_version}
 
 # we don't bundle OpenSSL on RHEL 8 (and newer in the future)
-%if %{?rhel}%{!?rhel:0} > 7
-%define ssl_prefix /usr
-%else
+#%if %{?rhel}%{!?rhel:0} > 7
+#%define ssl_prefix /usr
+#%else
 %define ssl_prefix %{prefix}
-%endif
+#%endif
 
 ./configure \
     --with-sysroot=%{prefix} \

deps-packaging/libcurl-hub/distfiles

@@ -1 +1 @@
-e8e74cdeefe5fb78b3ae6e90cd542babf788fa9480029cfcee6fd9ced42b7910  curl-8.17.0.tar.gz
+e9274a5f8ab5271c0e0e6762d2fce194d5f98acc568e4ce816845b2dcc0cf88f  curl-8.18.0.tar.gz

deps-packaging/libcurl/cfbuild-libcurl.spec

@@ -1,4 +1,4 @@
-%define curl_version 8.17.0
+%define curl_version 8.18.0
 
 Summary: CFEngine Build Automation -- libcurl
 Name: cfbuild-libcurl

deps-packaging/libcurl/distfiles

@@ -1 +1 @@
-e8e74cdeefe5fb78b3ae6e90cd542babf788fa9480029cfcee6fd9ced42b7910  curl-8.17.0.tar.gz
+e9274a5f8ab5271c0e0e6762d2fce194d5f98acc568e4ce816845b2dcc0cf88f  curl-8.18.0.tar.gz

deps-packaging/libexpat/cfbuild-libexpat.spec

@@ -1,4 +1,4 @@
-%define expat_version 2.7.3
+%define expat_version 2.7.4
 
 Summary: CFEngine Build Automation -- libexpat
 Name: cfbuild-libexpat

deps-packaging/libexpat/distfiles

@@ -1 +1 @@
-71df8f40706a7bb0a80a5367079ea75d91da4f8c65c58ec59bcdfbf7decdab9f  expat-2.7.3.tar.xz
+9e9cabb457c1e09de91db2706d8365645792638eb3be1f94dbb2149301086ac0  expat-2.7.4.tar.xz

deps-packaging/libexpat/source

@@ -1 +1 @@
-https://github.com/libexpat/libexpat/releases/download/R_2_7_3/
+https://github.com/libexpat/libexpat/releases/download/R_2_7_4/

deps-packaging/libiconv/cfbuild-libiconv.spec

@@ -2,7 +2,7 @@ Summary: CFEngine Build Automation -- libiconv
 Name: cfbuild-libiconv
 Version: %{version}
 Release: 1
-Source0: libiconv-1.18.tar.gz
+Source0: libiconv-1.19.tar.gz
 License: MIT
 Group: Other
 Url: https://cfengine.com
@@ -14,7 +14,7 @@ AutoReqProv: no
 
 %prep
 mkdir -p %{_builddir}
-%setup -q -n libiconv-1.18
+%setup -q -n libiconv-1.19
 
 ./configure --prefix=%{prefix} --disable-shared --enable-static
 

deps-packaging/libiconv/distfiles

@@ -1 +1 @@
-3b08f5f4f9b4eb82f151a7040bfd6fe6c6fb922efe4b1659c66ea933276965e8  libiconv-1.18.tar.gz
+88dd96a8c0464eca144fc791ae60cd31cd8ee78321e67397e25fc095c4a19aa6  libiconv-1.19.tar.gz

deps-packaging/libxml2/cfbuild-libxml2.spec

@@ -1,4 +1,4 @@
-%define libxml_version 2.15.1
+%define libxml_version 2.15.2
 
 Summary: CFEngine Build Automation -- libxml2
 Name: cfbuild-libxml2

deps-packaging/libxml2/distfiles

@@ -1 +1 @@
-c008bac08fd5c7b4a87f7b8a71f283fa581d80d80ff8d2efd3b26224c39bc54c  libxml2-2.15.1.tar.xz
+c8b9bc81f8b590c33af8cc6c336dbff2f53409973588a351c95f1c621b13d09d  libxml2-2.15.2.tar.xz

deps-packaging/lmdb/cfbuild-lmdb.spec

@@ -1,4 +1,4 @@
-%define lmdb_version 0.9.33
+%define lmdb_version 0.9.35
 
 Summary: CFEngine Build Automation -- lmdb
 Name: cfbuild-lmdb

deps-packaging/lmdb/distfiles

@@ -1 +1 @@
-476801f5239c88c7de61c3390502a5d13965ecedef80105b5fb0fcb8373d1e53  openldap-LMDB_0.9.33.tar.gz
+0d090c6a7c85a4f31a2ab0d734554c21097f24752393a190b0e51996b08f48c4  openldap-LMDB_0.9.35.tar.gz

deps-packaging/lmdb/source

@@ -1 +1 @@
-https://git.openldap.org/openldap/openldap/-/archive/LMDB_0.9.33/
+https://git.openldap.org/openldap/openldap/-/archive/LMDB_0.9.35/

deps-packaging/openldap/cfbuild-openldap-aix.spec

@@ -1,4 +1,4 @@
-%define openldap_version 2.6.10
+%define openldap_version 2.6.12
 
 Summary: CFEngine Build Automation -- openldap
 Name: cfbuild-openldap

deps-packaging/openldap/cfbuild-openldap.spec

@@ -1,4 +1,4 @@
-%define openldap_version 2.6.10
+%define openldap_version 2.6.12
 
 Summary: CFEngine Build Automation -- openldap
 Name: cfbuild-openldap
@@ -21,12 +21,12 @@ mkdir -p %{_builddir}
 
 %patch0 -p0
 
-# we don't bundle OpenSSL on RHEL 8 (and newer in the future)
-%if %{?rhel}%{!?rhel:0} > 7
-CPPFLAGS=-I%{buildprefix}/include:/usr/include
-%else
+## we don't bundle OpenSSL on RHEL 8 (and newer in the future)
+#%if %{?rhel}%{!?rhel:0} > 7
+#CPPFLAGS=-I%{buildprefix}/include:/usr/include
+#%else
 CPPFLAGS=-I%{buildprefix}/include
-%endif
+#%endif
 
 #
 # glibc-2.8 errorneously hides peercred(3) under #ifdef __USE_GNU.

deps-packaging/openldap/distfiles

@@ -1 +1 @@
-c065f04aad42737aebd60b2fe4939704ac844266bc0aeaa1609f0cad987be516  openldap-2.6.10.tgz
+1716ad779e85d743694c3e3b05277fb71b6a5eadca43c7a958aa62683b22208e  openldap-2.6.12.tgz

deps-packaging/openssl/0008-Define-_XOPEN_SOURCE_EXTENDED-as-1.patch

@@ -25,9 +25,9 @@ index 97454a4b81..299323390c 100644
 @@ -11,7 +11,7 @@
 
  #ifdef OPENSSL_SYS_VMS
-   /* So fd_set and friends get properly defined on OpenVMS */
--# define _XOPEN_SOURCE_EXTENDED
-+# define _XOPEN_SOURCE_EXTENDED 1
+ /* So fd_set and friends get properly defined on OpenVMS */
+-#define _XOPEN_SOURCE_EXTENDED
++#define _XOPEN_SOURCE_EXTENDED 1
  #endif
 
  #include <stdio.h>

deps-packaging/openssl/cfbuild-openssl.spec

@@ -1,4 +1,4 @@
-%define openssl_version 3.6.0
+%define openssl_version 3.6.1
 
 Summary: CFEngine Build Automation -- openssl
 Name: cfbuild-openssl

deps-packaging/openssl/distfiles

@@ -1 +1 @@
-b6a5f44b7eb69e3fa35dbf15524405b44837a481d43d81daddde3ff21fcbb8e9  openssl-3.6.0.tar.gz
+b1bfedcd5b289ff22aee87c9d600f515767ebf45f77168cb6d64f231f518a82e  openssl-3.6.1.tar.gz

deps-packaging/openssl/source

@@ -1 +1 @@
-https://github.com/openssl/openssl/releases/download/openssl-3.6.0/
+https://github.com/openssl/openssl/releases/download/openssl-3.6.1/

deps-packaging/php/cfbuild-php.spec

@@ -1,4 +1,4 @@
-%define php_version 8.3.29
+%define php_version 8.3.30
 
 Summary: CFEngine Build Automation -- php
 Name: cfbuild-php

deps-packaging/php/distfiles

@@ -1 +1 @@
-8565fa8733c640b60da5ab4944bf2d4081f859915b39e29b3af26cf23443ed97  php-8.3.29.tar.gz
+e587dc95fb7f62730299fa7b36b6e4f91e6708aaefa2fff68a0098d320c16386  php-8.3.30.tar.gz

deps-packaging/postgresql/cfbuild-postgresql.spec

@@ -1,4 +1,4 @@
-%define postgresql_version 16.11
+%define postgresql_version 16.13
 
 Summary: CFEngine Build Automation -- postgresql
 Name: cfbuild-postgresql

deps-packaging/postgresql/distfiles

@@ -1 +1 @@
-6deb08c23d03d77d8f8bd1c14049eeef64aef8968fd8891df2dfc0b42f178eac  postgresql-16.11.tar.bz2
+dc2ddbbd245c0265a689408e3d2f2f3f9ba2da96bd19318214b313cdd9797287  postgresql-16.13.tar.bz2

deps-packaging/postgresql/source

@@ -1 +1 @@
-https://ftp.postgresql.org/pub/source/v16.11/
+https://ftp.postgresql.org/pub/source/v16.13/

deps-packaging/zlib/cfbuild-zlib.spec

@@ -2,8 +2,7 @@ Summary: CFEngine Build Automation -- zlib
 Name: cfbuild-zlib
 Version: %{version}
 Release: 1
-Source0: zlib-1.3.1.tar.gz
-Patch0: AIX_LDSHARED.patch
+Source0: zlib-1.3.2.tar.gz
 License: MIT
 Group: Other
 Url: https://cfengine.com
@@ -15,9 +14,8 @@ AutoReqProv: no
 
 %prep
 mkdir -p %{_builddir}
-%setup -q -n zlib-1.3.1
+%setup -q -n zlib-1.3.2
 
-%patch0 -p1
 
 %build
 
@@ -65,7 +63,7 @@ CFEngine Build Automation -- zlib -- development files
 %dir %{prefix}/lib
 %{prefix}/lib/libz.so
 %{prefix}/lib/libz.so.1
-%{prefix}/lib/libz.so.1.3.1
+%{prefix}/lib/libz.so.1.3.2
 
 %files devel
 %defattr(-,root,root)

deps-packaging/zlib/distfiles

@@ -1 +1 @@
-9a93b2b7dfdac77ceba5a558a580e74667dd6fede4585b91eefb60f03b72df23  zlib-1.3.1.tar.gz
+bb329a0a2cd0274d05519d61c667c062e06990d72e125ee2dfa8de64f0119d16  zlib-1.3.2.tar.gz

packaging/cfengine-nova-hub/cfengine-nova-hub.spec.in

@@ -27,21 +27,6 @@ Requires(post): /usr/sbin/usermod, /bin/sed
 Requires: selinux-policy >= @@SELINUX_POLICY_VERSION@@
 %endif
 
-# we don't bundle OpenSSL on RHEL 8 (and newer in the future)
-%if %{?rhel}%{!?rhel:0} == 8
-Requires: libssl.so.1.1()(64bit) libssl.so.1.1(OPENSSL_1_1_0)(64bit) libssl.so.1.1(OPENSSL_1_1_1)(64bit)
-Requires: libcrypto.so.1.1()(64bit) libcrypto.so.1.1(OPENSSL_1_1_0)(64bit)
-%endif
-
-# We build against systems with the latest available dependencies such as OpenSSL.
-# We use rpm -q --provides to determine the highest API present in OpenSSL and then use that as a Requires.
-# OPENSSL_VERSION is determined in build-scripts/package script.
-# This should ensure that when packages are installed with yum/dnf any required OpenSSL package upgrades will be performed or the installation will fail.
-%if %{?rhel}%{!?rhel:0} > 8
-Requires: libcrypto.so.3()(64bit) libcrypto.so.3(OPENSSL_@@OPENSSL_VERSION@@)(64bit)
-Requires: libssl.so.3()(64bit) libssl.so.3(OPENSSL_@@OPENSSL_VERSION@@)(64bit)
-%endif
-
 # cfbs/Build requires Python 3.5+ (not available on RHEL 6)
 %if %{?rhel}%{!?rhel:0} == 7
 Requires: python3 >= 3.5
@@ -98,11 +83,6 @@ rm -f %{prefix}/ssl/misc/tsget
 rm -f %{prefix}/ssl/openssl.cnf.dist
 rm -f %{prefix}/ssl/misc/tsget.pl
 
-# Add an openssl symlink if openssl binary doesn't exist
-if ! [ -f $RPM_BUILD_ROOT%{prefix}/bin/openssl ]; then
-  ln -s `which openssl` $RPM_BUILD_ROOT%{prefix}/bin/openssl
-fi
-
 # Hub does not need cf-upgrade, it is only present in host packages
 rm -f $RPM_BUILD_ROOT%{prefix}/bin/cf-upgrade
 

packaging/cfengine-nova/cfengine-nova.spec.in

@@ -23,21 +23,6 @@ Recommends: gzip
 Requires: selinux-policy >= @@SELINUX_POLICY_VERSION@@
 %endif
 
-# we don't bundle OpenSSL on RHEL 8 (and newer in the future)
-%if %{?rhel}%{!?rhel:0} == 8
-Requires: libssl.so.1.1()(64bit) libssl.so.1.1(OPENSSL_1_1_0)(64bit) libssl.so.1.1(OPENSSL_1_1_1)(64bit)
-Requires: libcrypto.so.1.1()(64bit) libcrypto.so.1.1(OPENSSL_1_1_0)(64bit)
-%endif
-
-# We build against systems with the latest available dependencies such as OpenSSL.
-# We use rpm -q --provides to determine the highest API present in OpenSSL and then use that as a Requires.
-# OPENSSL_VERSION is determined in build-scripts/package script.
-# This should ensure that when packages are installed with yum/dnf any required OpenSSL package upgrades will be performed or the installation will fail.
-%if %{?rhel}%{!?rhel:0} > 8
-Requires: libcrypto.so.3()(64bit) libcrypto.so.3(OPENSSL_@@OPENSSL_VERSION@@)(64bit)
-Requires: libssl.so.3()(64bit) libssl.so.3(OPENSSL_@@OPENSSL_VERSION@@)(64bit)
-%endif
-
 AutoReqProv: no
 
 %if %{?with_debugsym}%{!?with_debugsym:0}