diff --git a/.gitignore b/.gitignore index 9e18cc7..dd6f2ce 100644 --- a/.gitignore +++ b/.gitignore @@ -26,3 +26,4 @@ /gssproxy-0.8.1.tar.gz.sha512sum.txt /gssproxy-0.8.2.tar.gz /gssproxy-0.8.2.tar.gz.sha512sum.txt +/gssproxy-0.8.3.tar.gz diff --git a/Avoid-uninitialized-free-when-allocating-buffers.patch b/Avoid-uninitialized-free-when-allocating-buffers.patch deleted file mode 100644 index 5ad2f09..0000000 --- a/Avoid-uninitialized-free-when-allocating-buffers.patch +++ /dev/null @@ -1,39 +0,0 @@ -From e19466d172e0fd6d86b98b1423e9d99e0be30313 Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Wed, 1 May 2019 11:27:13 -0400 -Subject: [PATCH] Avoid uninitialized free when allocating buffers - -Signed-off-by: Robbie Harwood -Reviewed-by: Simo Sorce -Resolves: #248 -(cherry picked from commit eafa3c9272c95646400123f8e4d6fb50cf36d36c) ---- - src/gp_export.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/gp_export.c b/src/gp_export.c -index dbfddeb..a5681c0 100644 ---- a/src/gp_export.c -+++ b/src/gp_export.c -@@ -300,6 +300,7 @@ static int gp_encrypt_buffer(krb5_context context, krb5_keyblock *key, - &data_in, - &enc_handle); - if (ret) { -+ free(enc_handle.ciphertext.data); - ret = EINVAL; - goto done; - } -@@ -308,12 +309,12 @@ static int gp_encrypt_buffer(krb5_context context, krb5_keyblock *key, - enc_handle.ciphertext.data, - out); - if (ret) { -+ free(enc_handle.ciphertext.data); - goto done; - } - - done: - free(padded); -- free(enc_handle.ciphertext.data); - return ret; - } - diff --git a/Delay-gssproxy-start-until-after-network.target.patch b/Delay-gssproxy-start-until-after-network.target.patch deleted file mode 100644 index 6e7ee62..0000000 --- a/Delay-gssproxy-start-until-after-network.target.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 004ac514cd238122b25e5bc5b493dc8d4964ad75 Mon Sep 17 00:00:00 2001 -From: Pat Riehecky -Date: Fri, 27 Dec 2019 13:33:42 -0600 -Subject: [PATCH] Delay gssproxy start until after network.target - -Systemd docs are unclear in this regard, but it appears that -network.target must be ready before domain sockets can be created. - -Signed-off-by: Pat Riehecky -[rharwood@redhat.com: rewrote commit message] -Reviewed-by: Robbie Harwood -Merges: #252 -(cherry picked from commit 153b2ed51c5059abee507ddd240b5abc288d722c) ---- - systemd/gssproxy.service.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/systemd/gssproxy.service.in b/systemd/gssproxy.service.in -index 9d3eef0..482fa4e 100644 ---- a/systemd/gssproxy.service.in -+++ b/systemd/gssproxy.service.in -@@ -1,7 +1,7 @@ - [Unit] - Description=GSSAPI Proxy Daemon - # GSSPROXY will not be started until syslog is --After=syslog.target -+After=syslog.target network.target - Before=rpc-gssd.service - - [Service] diff --git a/Make-syslog-of-call-status-configurable.patch b/Make-syslog-of-call-status-configurable.patch deleted file mode 100644 index 482cb71..0000000 --- a/Make-syslog-of-call-status-configurable.patch +++ /dev/null @@ -1,157 +0,0 @@ -From cc61409b7b20974332549dd028d889b87dbff98d Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Mon, 30 Sep 2019 15:00:56 -0400 -Subject: [PATCH] Make syslog of call status configurable - -Add a parameter (syslog_status) to configuration and -CLI (--syslog-status). This logs the results of GSSAPI calls at -LOG_DEBUG. Typically these calls resemble: - - gssproxy[28914]: (OID: { 1 2 840 113554 1 2 2 }) Unspecified GSS - failure. Minor code may provide more information, No credentials - cache found - -Since these messages worry some admins, turn them off by default. - -Signed-off-by: Robbie Harwood -(cherry picked from commit 116618e1523038691fcb481107ba15ffd42942ac) ---- - man/gssproxy.8.xml | 8 ++++++++ - man/gssproxy.conf.5.xml | 10 ++++++++++ - src/gp_config.c | 6 ++++++ - src/gp_log.c | 9 +++++++-- - src/gp_log.h | 3 +++ - src/gssproxy.c | 6 ++++++ - 6 files changed, 40 insertions(+), 2 deletions(-) - -diff --git a/man/gssproxy.8.xml b/man/gssproxy.8.xml -index 5038411..70f2fd5 100644 ---- a/man/gssproxy.8.xml -+++ b/man/gssproxy.8.xml -@@ -148,6 +148,14 @@ - - - -+ -+ -+ -+ -+ -+ Enable additional logging to syslog. -+ -+ - - - -diff --git a/man/gssproxy.conf.5.xml b/man/gssproxy.conf.5.xml -index 04059a8..3400e67 100644 ---- a/man/gssproxy.conf.5.xml -+++ b/man/gssproxy.conf.5.xml -@@ -370,6 +370,16 @@ - - - -+ -+ syslog_status (boolean) -+ -+ Enable per-call debugging output to the syslog. -+ This may be useful for investigating problems in -+ applications using gssproxy. -+ Default: syslog_status = false -+ -+ -+ - - trusted (boolean) - Defines whether this service is considered trusted. Use with caution, this enables impersonation. -diff --git a/src/gp_config.c b/src/gp_config.c -index 78474ed..88d5f29 100644 ---- a/src/gp_config.c -+++ b/src/gp_config.c -@@ -611,6 +611,12 @@ int load_config(struct gp_config *cfg) - goto done; - } - -+ ret = gp_config_get_string(ctx, "gssproxy", "syslog_status", &tmpstr); -+ if (ret == 0) -+ gp_syslog_status = gp_boolean_is_true(tmpstr); -+ else if (ret != ENOENT) -+ goto done; -+ - ret = gp_config_get_string(ctx, "gssproxy", "run_as_user", &tmpstr); - if (ret == 0) { - cfg->proxy_user = strdup(tmpstr); -diff --git a/src/gp_log.c b/src/gp_log.c -index b6eb161..e67e8d3 100644 ---- a/src/gp_log.c -+++ b/src/gp_log.c -@@ -5,6 +5,9 @@ - #include - #include - -+/* global logging switch */ -+bool gp_syslog_status = false; -+ - void gp_logging_init(void) - { - openlog("gssproxy", -@@ -55,7 +58,9 @@ void gp_log_status(gss_OID mech, uint32_t maj, uint32_t min) - { - char buf[MAX_LOG_LINE]; - -- gp_fmt_status(mech, maj, min, buf, MAX_LOG_LINE); -+ if (!gp_syslog_status) -+ return; - -- GPERROR("%s\n", buf); -+ gp_fmt_status(mech, maj, min, buf, MAX_LOG_LINE); -+ syslog(LOG_DEBUG, "%s\n", buf); - } -diff --git a/src/gp_log.h b/src/gp_log.h -index fc8cbdb..31ad648 100644 ---- a/src/gp_log.h -+++ b/src/gp_log.h -@@ -3,9 +3,12 @@ - #ifndef _GP_LOG_H_ - #define _GP_LOG_H_ - -+#include - #include - #include - -+extern bool gp_syslog_status; -+ - #define MAX_LOG_LINE 1024 - #define GPERROR(...) syslog(LOG_ERR, __VA_ARGS__); - #define GPAUDIT(...) syslog(LOG_INFO, __VA_ARGS__); -diff --git a/src/gssproxy.c b/src/gssproxy.c -index 01d4ef9..e58b5db 100644 ---- a/src/gssproxy.c -+++ b/src/gssproxy.c -@@ -158,6 +158,7 @@ int main(int argc, const char *argv[]) - int opt_version = 0; - int opt_debug = 0; - int opt_debug_level = 0; -+ int opt_syslog_status = 0; - verto_ctx *vctx; - verto_ev *ev; - int wait_fd; -@@ -183,6 +184,8 @@ int main(int argc, const char *argv[]) - _("Enable debugging"), NULL}, \ - {"debug-level", '\0', POPT_ARG_INT, &opt_debug_level, 0, \ - _("Set debugging level"), NULL}, \ -+ {"syslog-status", '\0', POPT_ARG_NONE, &opt_syslog_status, 0, \ -+ _("Enable GSSAPI status logging to syslog"), NULL}, \ - {"version", '\0', POPT_ARG_NONE, &opt_version, 0, \ - _("Print version number and exit"), NULL }, \ - POPT_TABLEEND -@@ -212,6 +215,9 @@ int main(int argc, const char *argv[]) - gp_debug_toggle(opt_debug_level); - } - -+ if (opt_syslog_status) -+ gp_syslog_status = true; -+ - if (opt_daemon && opt_interactive) { - fprintf(stderr, "Option -i|--interactive is not allowed together with -D|--daemon\n"); - poptPrintUsage(pc, stderr, 0); diff --git a/Replace-var-run-run-in-gssproxy.service.patch b/Replace-var-run-run-in-gssproxy.service.patch deleted file mode 100644 index 4d97098..0000000 --- a/Replace-var-run-run-in-gssproxy.service.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 0109ba1868f7c585eca5f41139a7bf43444f5986 Mon Sep 17 00:00:00 2001 -From: Orion Poplawski -Date: Wed, 8 May 2019 08:31:39 -0600 -Subject: [PATCH] Replace /var/run -> /run in gssproxy.service - -Signed-off-by: Orion Poplawski -Reviewed-by: Simo Sorce -Reviewed-by: Robbie Harwood -Merges: #249 -(cherry picked from commit fc17445edc78b9393d26ca6a253fbeb9ed316c1a) ---- - systemd/gssproxy.service.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/systemd/gssproxy.service.in b/systemd/gssproxy.service.in -index ac37df6..9d3eef0 100644 ---- a/systemd/gssproxy.service.in -+++ b/systemd/gssproxy.service.in -@@ -10,7 +10,7 @@ ExecStart=@sbindir@/gssproxy -D - # These two should be used with traditional UNIX forking daemons - # consult systemd.service(5) for more details - Type=forking --PIDFile=@localstatedir@/run/gssproxy.pid -+PIDFile=/run/gssproxy.pid - ExecReload=/bin/kill -HUP $MAINPID - - [Install] diff --git a/Update-NFS-service-name-in-systemd-unit.patch b/Update-NFS-service-name-in-systemd-unit.patch deleted file mode 100644 index 24e8a69..0000000 --- a/Update-NFS-service-name-in-systemd-unit.patch +++ /dev/null @@ -1,26 +0,0 @@ -From aa4f43049d1037d1c23becd78ad2f7dd601132f4 Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Wed, 24 Apr 2019 12:07:47 -0400 -Subject: [PATCH] Update NFS service name in systemd unit - -Signed-off-by: Robbie Harwood -Reviewed-by: Simo Sorce -Merges: #247 -(cherry picked from commit 1a789a645175d5aea109a3c0831806b94337b20e) ---- - systemd/gssproxy.service.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/systemd/gssproxy.service.in b/systemd/gssproxy.service.in -index f50f526..ac37df6 100644 ---- a/systemd/gssproxy.service.in -+++ b/systemd/gssproxy.service.in -@@ -2,7 +2,7 @@ - Description=GSSAPI Proxy Daemon - # GSSPROXY will not be started until syslog is - After=syslog.target --Before=nfs-secure.service nfs-secure-server.service -+Before=rpc-gssd.service - - [Service] - Environment=KRB5RCACHEDIR=/var/lib/gssproxy/rcache diff --git a/gssproxy.spec b/gssproxy.spec index e8f9fb3..d45173d 100644 --- a/gssproxy.spec +++ b/gssproxy.spec @@ -1,12 +1,12 @@ Name: gssproxy -Version: 0.8.2 -Release: 8%{?dist} +Version: 0.8.3 +Release: 1%{?dist} Summary: GSSAPI Proxy License: MIT -URL: https://pagure.io/gssproxy -Source0: https://releases.pagure.org/%{name}/%{name}-%{version}.tar.gz +URL: https://github.com/gssapi/gssproxy +Source0: https://github.com/gssapi/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.gz Source1: rwtab %global servicename gssproxy @@ -14,11 +14,6 @@ Source1: rwtab %global gpstatedir %{_localstatedir}/lib/gssproxy ### Patches ### -Patch0: Avoid-uninitialized-free-when-allocating-buffers.patch -Patch1: Update-NFS-service-name-in-systemd-unit.patch -Patch2: Replace-var-run-run-in-gssproxy.service.patch -Patch3: Make-syslog-of-call-status-configurable.patch -Patch4: Delay-gssproxy-start-until-after-network.target.patch ### Dependencies ### Requires: krb5-libs >= 1.12.0 @@ -114,6 +109,9 @@ install -m644 %{SOURCE1} $RPM_BUILD_ROOT/%{_sysconfdir}/rwtab.d/gssproxy %systemd_postun_with_restart gssproxy.service %changelog +* Fri Apr 17 2020 Robbie Harwood - 0.8.3-1 +- New upstream release (0.8.3) + * Wed Jan 29 2020 Fedora Release Engineering - 0.8.2-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild diff --git a/sources b/sources index 182977c..ca50c2c 100644 --- a/sources +++ b/sources @@ -1,7 +1 @@ -SHA512 (gssproxy-0.8.0.tar.gz) = f3b8f053d6750d7ee6ab2bfb6bfc4dc1ac2e2f354f923590340bb3c522f57cc881df5a2850750bc00c0dcacf2ae173549dc3bb9ece4512cf2f39869527afc2ec -SHA512 (gssproxy-0.8.0.tar.gz.sha512sum.txt) = e31628602f6b4261c1f828c31b30649075c9016088371e82d09daf70461f82f329cc9f2e49d5cd5199b2d7c319829f572251ab7f83bbe0eee104021879518385 -SHA512 (rwtab) = 35bf5dda822a025fa4f3c94095abd3ff5279dc263ec870e74517a3eb1a3b331bb71d8894f65dc1b129aefcc3eae9c38033ba6ec41289b5b1abeffeddfb1ac86f -SHA512 (gssproxy-0.8.1.tar.gz) = 31c6fdf8bb4a65d3d538b65d9fc1924dab7ffa48900ad646e93eae3cb99384c40b54da4863000a8550c4f4dcd490720930ddce446f1b6a5fa245cf91522ce7f1 -SHA512 (gssproxy-0.8.1.tar.gz.sha512sum.txt) = d4742783b2f16b8c80994d963b94bafb19ce19d65d0e4d2f8c387fc37705308cce6215165afaceaf593a6568b9f848ca049dcfa3091c516b2f45fb7d9479d7bb -SHA512 (gssproxy-0.8.2.tar.gz) = 68ce39b36ee83d77da19e9a9fb322ba901366999828a2b427bc2275c4187b4d2291de140c202cce02bdf53eb5cf64da2fafa022ea482258c102f28b0af5d7c63 -SHA512 (gssproxy-0.8.2.tar.gz.sha512sum.txt) = 3839f6ec0a3303d76efb3b7009f85b0f348f0d4c66cfaa11ad736a4cc0a7637429dd5d6ac68325944fe4166c4bee3b568965ec371f12a9361bd1202b0434c3c1 +SHA512 (gssproxy-0.8.3.tar.gz) = 144b10ec4e19ad2ded5ae57adf1ca311e2fc6c2b97e202eedde69d82c8d50afc0459ac36c7fc5d5290184eb68547a696b33e8a069fde43478104ac26b2c98bc2