New upstream release v0.6.0

2017-01-18 23:38:16 +00:00 · 2017-01-18 23:38:16 +00:00 · 5068d17a09
commit 5068d17a09
parent d59e9cc267
4 changed files with 17 additions and 76 deletions
--- a/.gitignore
+++ b/.gitignore
@ -12,3 +12,4 @@
 /gssproxy-0.4.1.tar.gz
 /gssproxy-0.5.0.tar.gz
 /gssproxy-0.5.1.tar.gz
+/gssproxy-0.6.0.tar.gz
--- a/gssproxy-0.5.1-socket_permission_checking.patch
+++ b/gssproxy-0.5.1-socket_permission_checking.patch
@ -1,73 +0,0 @@
-From bbda272145ebbe0cbb65467c1573e583b9e1b7c7 Mon Sep 17 00:00:00 2001
-From: Robbie Harwood <rharwood@redhat.com>
-Date: Fri, 3 Jun 2016 14:30:36 +0000
-Subject: [PATCH] Use new socket if uid, pid, or gid changes
-
-The gssproxy daemon uses SO_PEERCRED to determine credentials of the
-connecting process.  However, these credentials are set only at the time
-connect has called.  Therefore they must be reset every time uid or pid
-changes.  For completeness, we check gid as well.
-
-Signed-off-by: Robbie Harwood <rharwood@redhat.com>
-Reviewed-by: Simo Sorce <simo@redhat.com>
-Closes #27
---
- proxy/src/client/gpm_common.c | 22 ++++++++++++++++++++++
- 1 file changed, 22 insertions(+)
-
-diff --git a/proxy/src/client/gpm_common.c b/proxy/src/client/gpm_common.c
-index cb4ccdb..0a54dbc 100644
--- a/proxy/src/client/gpm_common.c
-+++ b/proxy/src/client/gpm_common.c
-@@ -13,6 +13,12 @@
- struct gpm_ctx {
-     pthread_mutex_t lock;
-     int fd;
-+
-+    /* these are only meaningful if fd != -1 */
-+    pid_t pid;
-+    uid_t uid;
-+    gid_t gid;
-+
-     int next_xid;
- };
- 
-@@ -93,6 +99,9 @@ done:
-         }
-     }
-     gpmctx->fd = fd;
-+    gpmctx->pid = getpid();
-+    gpmctx->uid = geteuid();
-+    gpmctx->gid = getegid();
-     return ret;
- }
- 
-@@ -120,12 +129,25 @@ static void gpm_close_socket(struct gpm_ctx *gpmctx)
- static int gpm_grab_sock(struct gpm_ctx *gpmctx)
- {
-     int ret;
-+    pid_t p;
-+    uid_t u;
-+    gid_t g;
- 
-     ret = pthread_mutex_lock(&gpmctx->lock);
-     if (ret) {
-         return ret;
-     }
- 
-+    /* Detect fork / setresuid and friends */
-+    p = getpid();
-+    u = geteuid();
-+    g = getegid();
-+
-+    if (gpmctx->fd != -1 &&
-+        (p != gpmctx->pid || u != gpmctx->uid || g != gpmctx->gid)) {
-+        gpm_close_socket(gpmctx);
-+    }
-+
-     if (gpmctx->fd == -1) {
-         ret = gpm_open_socket(gpmctx);
-     }
-- 
-2.8.1
-
--- a/gssproxy.spec
+++ b/gssproxy.spec
@ -1,6 +1,6 @@
 Name:		gssproxy
-Version:	0.5.1
-Release:	3%{?dist}
+Version:	0.6.0
+Release:	1%{?dist}
 Summary:	GSSAPI Proxy

 Group:		System Environment/Libraries
@ -44,6 +44,13 @@ BuildRequires: popt-devel
 BuildRequires: findutils
 BuildRequires: systemd-units

+# Tests stuff
+# BuildRequires: openldap-clients
+# BuildRequires: openldap-servers
+# BuildRequires: krb5-server-ldap
+# BuildRequires: valgrind
+# BuildRequires: socket_wrapper
+# BuildRequires: nss_wrapper

 %description
 A proxy for GSSAPI credential handling
@ -65,6 +72,9 @@ autoreconf -f -i
 make %{?_smp_mflags} all
 make test_proxymech

+# %check
+# make check
+
 %install
 rm -rf %{buildroot}
 make install DESTDIR=%{buildroot}
@ -109,6 +119,9 @@ rm -rf %{buildroot}
 %systemd_postun_with_restart gssproxy.service

 %changelog
+* Wed Jan 18 2017 Robbie Harwood <rharwood@redhat.com> - 0.6.0-1
+- New upstream release v0.6.0
+
 * Tue Sep 27 2016 Robbie Harwood <rharwood@redhat.com> - 0.5.1-3
 - Adjust libverto dependency to not use a specific backend
 - Resolves: #1379812
--- a/2
+++ b/2
@ -1 +1 @@
-1d19da2c2fa4cd07d1200439019b7251  gssproxy-0.5.1.tar.gz
+SHA512 (gssproxy-0.6.0.tar.gz) = 6df20703b6fa0c19df61ef08505e54b0b4f5e9464c8112f2d0dc22b8c182f78a8e2bd02bb92158dbbb3a9eb2b04bae3e070d4f55956577f49ee2c1aa241a0617