diff --git a/.gitignore b/.gitignore index ef6bd9a..a182818 100644 --- a/.gitignore +++ b/.gitignore @@ -10,3 +10,4 @@ /gssproxy-0.3.1.tar.gz /gssproxy-0.4.0.tar.gz /gssproxy-0.4.1.tar.gz +/gssproxy-0.5.0.tar.gz diff --git a/clear_message_structure.patch b/clear_message_structure.patch deleted file mode 100644 index 5e0582a..0000000 --- a/clear_message_structure.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 4382a40e5edc631957542790f9d691a38814d0de Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Wed, 21 Oct 2015 12:46:29 -0400 -Subject: [PATCH] Clear message structure before decoding into it - -This resolves a segfault appearing on ARM. - -Ticket: https://bugzilla.redhat.com/show_bug.cgi?id=1235902 -Signed-off-by: Robbie Harwood ---- - proxy/src/client/gpm_common.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/proxy/src/client/gpm_common.c b/proxy/src/client/gpm_common.c -index 6d626e8..93d6c24 100644 ---- a/proxy/src/client/gpm_common.c -+++ b/proxy/src/client/gpm_common.c -@@ -454,6 +454,7 @@ int gpm_make_call(int proc, union gp_rpc_arg *arg, union gp_rpc_res *res) - sockgrab = false; - - /* decode header */ -+ memset(&msg, 0, sizeof(gp_rpc_msg)); - xdrok = xdr_gp_rpc_msg(&xdr_reply_ctx, &msg); - if (!xdrok) { - ret = EINVAL; --- -2.6.1 - diff --git a/gssproxy.spec b/gssproxy.spec index ae9cd5b..df2ab07 100644 --- a/gssproxy.spec +++ b/gssproxy.spec @@ -1,6 +1,6 @@ Name: gssproxy -Version: 0.4.1 -Release: 5%{?dist} +Version: 0.5.0 +Release: 1%{?dist} Summary: GSSAPI Proxy Group: System Environment/Libraries @@ -14,14 +14,13 @@ BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) %global gpstatedir %{_localstatedir}/lib/gssproxy ### Patches ### -Patch0: clear_message_structure.patch -Patch1: krb5-1.14-inquire_context_no_name.patch -Patch2: krb5-1.14-inquire_attrs_accept_null.patch + ### Dependencies ### Requires: krb5-libs >= 1.12.0 Requires: keyutils-libs Requires: libverto-tevent +Requires: libini_onfig Requires(post): systemd-units Requires(preun): systemd-units Requires(postun): systemd-units @@ -40,7 +39,7 @@ BuildRequires: pkgconfig BuildRequires: krb5-devel >= 1.12.0 BuildRequires: libselinux-devel BuildRequires: keyutils-libs-devel -BuildRequires: libini_config-devel >= 1.0.0.1 +BuildRequires: libini_config-devel >= 1.2.0 BuildRequires: libverto-devel BuildRequires: popt-devel BuildRequires: findutils @@ -53,9 +52,7 @@ A proxy for GSSAPI credential handling %prep %setup -q -%patch0 -p2 -b .clear_message_structure -%patch1 -p2 -b .krb5-1.14-inquire_context_no_name -%patch2 -p2 -b .krb5-1.14-inquire_attrs_accept_null +# patch %build autoreconf -f -i @@ -107,6 +104,10 @@ rm -rf %{buildroot} %systemd_postun_with_restart gssproxy.service %changelog +* Wed May 04 2016 Robbie Harwood - 0.5.0-1 +- Release new upstream version +- Bump ini_config version for `ini_config_augment()` + * Wed Feb 03 2016 Fedora Release Engineering - 0.4.1-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild diff --git a/krb5-1.14-inquire_attrs_accept_null.patch b/krb5-1.14-inquire_attrs_accept_null.patch deleted file mode 100644 index 97cd609..0000000 --- a/krb5-1.14-inquire_attrs_accept_null.patch +++ /dev/null @@ -1,82 +0,0 @@ -From 14e33b725c991d6c500ca93e241ed64e1a755843 Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Wed, 16 Dec 2015 17:48:11 -0500 -Subject: [PATCH 2/2] Fix for gss_inquire_attrs_for_mech accepting NULLs - -As per rfc5587, gss_inquire_attrs_for_mech must accept NULL mech_attrs -and known_mech_attrs arguments. Up until 1.14, MIT krb5 was not ever -passing NULLs in these fields. - -This fixes an interposer loop (and subsequent segmentation fault) due -to our previous assumption that these arguments not be NULL. - -See also: https://tools.ietf.org/html/rfc5587#section-3.4.3 - -Signed-off-by: Robbie Harwood -Reviewed-by: Simo Sorce ---- - proxy/src/client/gpm_indicate_mechs.c | 38 ++++++++++++++++++++--------------- - 1 file changed, 22 insertions(+), 16 deletions(-) - -diff --git a/proxy/src/client/gpm_indicate_mechs.c b/proxy/src/client/gpm_indicate_mechs.c -index 35ce3bb..d4df923 100644 ---- a/proxy/src/client/gpm_indicate_mechs.c -+++ b/proxy/src/client/gpm_indicate_mechs.c -@@ -444,10 +444,6 @@ OM_uint32 gpm_inquire_attrs_for_mech(OM_uint32 *minor_status, - if (!minor_status) { - return GSS_S_CALL_INACCESSIBLE_WRITE; - } -- if (!mech_attrs || !known_mech_attrs) { -- *minor_status = 0; -- return GSS_S_CALL_INACCESSIBLE_WRITE; -- } - - ret_min = gpmint_init_global_mechs(); - if (ret_min) { -@@ -459,21 +455,31 @@ OM_uint32 gpm_inquire_attrs_for_mech(OM_uint32 *minor_status, - if (!gpm_equal_oids(global_mechs.info[i].mech, mech)) { - continue; - } -- ret_maj = gpm_copy_gss_OID_set(&ret_min, -- global_mechs.info[i].mech_attrs, -- mech_attrs); -- if (ret_maj) { -+ -+ if (mech_attrs != NULL) { -+ ret_maj = gpm_copy_gss_OID_set(&ret_min, -+ global_mechs.info[i].mech_attrs, -+ mech_attrs); -+ if (ret_maj) { -+ *minor_status = ret_min; -+ return ret_maj; -+ } -+ } -+ -+ if (known_mech_attrs != NULL) { -+ ret_maj = gpm_copy_gss_OID_set(&ret_min, -+ global_mechs.info[i].known_mech_attrs, -+ known_mech_attrs); -+ if (ret_maj) { -+ gss_release_oid_set(&discard, known_mech_attrs); -+ } - *minor_status = ret_min; - return ret_maj; - } -- ret_maj = gpm_copy_gss_OID_set(&ret_min, -- global_mechs.info[i].known_mech_attrs, -- known_mech_attrs); -- if (ret_maj) { -- gss_release_oid_set(&discard, known_mech_attrs); -- } -- *minor_status = ret_min; -- return ret_maj; -+ -+ /* all requested attributes copied successfully */ -+ *minor_status = 0; -+ return GSS_S_COMPLETE; - } - - *minor_status = 0; --- -2.6.4 - diff --git a/krb5-1.14-inquire_context_no_name.patch b/krb5-1.14-inquire_context_no_name.patch deleted file mode 100644 index 865d301..0000000 --- a/krb5-1.14-inquire_context_no_name.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 14ecfa9fe9e843bdb2eb09c60a5ec592c8de4cdc Mon Sep 17 00:00:00 2001 -From: Simo Sorce -Date: Mon, 14 Dec 2015 17:38:36 -0500 -Subject: [PATCH 1/2] Since krb5 1.14 inquire_context may return no name - -In 1.14 a patch to more officially support partially established contexts -has been intrdouced. With this patch names are not returned. - -Cope with that by checking if a name is provided before trying to convert. - -Signed-off-by: Simo Sorce -Reviewed-by: Robbie Harwood ---- - proxy/src/gp_export.c | 16 ++++++++++------ - 1 file changed, 10 insertions(+), 6 deletions(-) - -diff --git a/proxy/src/gp_export.c b/proxy/src/gp_export.c -index 0ef3128..3b9a23b 100644 ---- a/proxy/src/gp_export.c -+++ b/proxy/src/gp_export.c -@@ -526,14 +526,18 @@ uint32_t gp_export_ctx_id_to_gssx(uint32_t *min, int type, gss_OID mech, - goto done; - } - -- ret_maj = gp_conv_name_to_gssx(&ret_min, src_name, &out->src_name); -- if (ret_maj) { -- goto done; -+ if (src_name != GSS_C_NO_NAME) { -+ ret_maj = gp_conv_name_to_gssx(&ret_min, src_name, &out->src_name); -+ if (ret_maj) { -+ goto done; -+ } - } - -- ret_maj = gp_conv_name_to_gssx(&ret_min, targ_name, &out->targ_name); -- if (ret_maj) { -- goto done; -+ if (targ_name != GSS_C_NO_NAME) { -+ ret_maj = gp_conv_name_to_gssx(&ret_min, targ_name, &out->targ_name); -+ if (ret_maj) { -+ goto done; -+ } - } - - out->lifetime = lifetime_rec; --- -2.6.4 - diff --git a/sources b/sources index 6d86215..ffcfdfc 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -9336697a45f970d085b6b03fe725fa1e gssproxy-0.4.1.tar.gz +66feb990fac0c3a51837d4f8daccacfd gssproxy-0.5.0.tar.gz