diff --git a/.gitignore b/.gitignore index e69de29..dd6f2ce 100644 --- a/.gitignore +++ b/.gitignore @@ -0,0 +1,29 @@ +/gssproxy-0.0.2.tar.gz +/gssproxy-0.0.3.tar.gz +/gssproxy-0.1.0.tar.gz +/gssproxy-0.1.1.tar.gz +/gssproxy-0.2.0.tar.gz +/gssproxy-0.2.1.tar.gz +/gssproxy-0.2.2.tar.gz +/gssproxy-0.2.3.tar.gz +/gssproxy-0.3.0.tar.gz +/gssproxy-0.3.1.tar.gz +/gssproxy-0.4.0.tar.gz +/gssproxy-0.4.1.tar.gz +/gssproxy-0.5.0.tar.gz +/gssproxy-0.5.1.tar.gz +/gssproxy-0.6.0.tar.gz +/gssproxy-0.6.1.tar.gz +/gssproxy-0.6.1.tar.gz.sha512sum.txt +/gssproxy-0.6.2.tar.gz +/gssproxy-0.6.2.tar.gz.sha512sum.txt +/gssproxy-0.7.0.tar.gz +/gssproxy-0.7.0.tar.gz.sha512sum.txt +/gssproxy-0.8.0.tar.gz +/gssproxy-0.8.0.tar.gz.sha512sum.txt +/rwtab +/gssproxy-0.8.1.tar.gz +/gssproxy-0.8.1.tar.gz.sha512sum.txt +/gssproxy-0.8.2.tar.gz +/gssproxy-0.8.2.tar.gz.sha512sum.txt +/gssproxy-0.8.3.tar.gz diff --git a/Avoid-leak-of-special-mechs-in-gss_mech_interposer.patch b/Avoid-leak-of-special-mechs-in-gss_mech_interposer.patch new file mode 100644 index 0000000..b29e948 --- /dev/null +++ b/Avoid-leak-of-special-mechs-in-gss_mech_interposer.patch @@ -0,0 +1,33 @@ +From 4b9e5f00d36d9b5c1f80835a989fa8865c045ff3 Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Fri, 31 Jul 2020 13:23:30 -0400 +Subject: [PATCH] Avoid leak of special mechs in gss_mech_interposer() + +Signed-off-by: Robbie Harwood +(cherry picked from commit dc405df92173cceac2cafc09a70b1724bb2b97c8) +--- + src/mechglue/gss_plugin.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/mechglue/gss_plugin.c b/src/mechglue/gss_plugin.c +index 69a9644..9ce3e15 100644 +--- a/src/mechglue/gss_plugin.c ++++ b/src/mechglue/gss_plugin.c +@@ -76,6 +76,7 @@ gss_OID_set gss_mech_interposer(gss_OID mech_type) + gss_OID_set interposed_mechs; + OM_uint32 maj, min; + char *envval; ++ gss_OID_set special_mechs; + + /* avoid looping in the gssproxy daemon by avoiding to interpose + * any mechanism */ +@@ -118,7 +119,8 @@ gss_OID_set gss_mech_interposer(gss_OID mech_type) + } + + /* while there also initiaize special_mechs */ +- (void)gpp_special_available_mechs(interposed_mechs); ++ special_mechs = gpp_special_available_mechs(interposed_mechs); ++ (void)gss_release_oid_set(&min, &special_mechs); + + done: + if (maj != 0) { diff --git a/Document-config-file-non-merging.patch b/Document-config-file-non-merging.patch new file mode 100644 index 0000000..d209430 --- /dev/null +++ b/Document-config-file-non-merging.patch @@ -0,0 +1,29 @@ +From 2592d32c5c6d39f30dc0bfdb78b5c292ed0af2ae Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Wed, 10 Jun 2020 15:50:36 -0400 +Subject: [PATCH] Document config file non-merging + +Merges: #4 +Signed-off-by: Robbie Harwood +Reviewed-by: Simo Sorce +(cherry picked from commit a05b876badd52ba99d95c981f5f8b0e50de28c63) +--- + man/gssproxy.conf.5.xml | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/man/gssproxy.conf.5.xml b/man/gssproxy.conf.5.xml +index 04059a8..5e240ab 100644 +--- a/man/gssproxy.conf.5.xml ++++ b/man/gssproxy.conf.5.xml +@@ -37,7 +37,10 @@ + of the form "##-foo.conf" (that is, start with two numbers + followed by a dash, and end in ".conf"). Files not conforming to + this will be ignored unless specifically requested through command +- line parameters. ++ line parameters. Within a single file, any duplicate values or ++ sections will be merged. Across multiple files, duplicates will ++ generate a warning, and the first value encountered will take ++ precedence (i.e., there is no merging). + + + diff --git a/Fix-leak-of-mech-OID-in-gssi_inquire_context.patch b/Fix-leak-of-mech-OID-in-gssi_inquire_context.patch new file mode 100644 index 0000000..2ea0938 --- /dev/null +++ b/Fix-leak-of-mech-OID-in-gssi_inquire_context.patch @@ -0,0 +1,26 @@ +From ce271e38be223a9442efd406c9a8fa961930e35b Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Wed, 26 Aug 2020 13:36:50 -0400 +Subject: [PATCH] Fix leak of mech OID in gssi_inquire_context() + +The name it creates holds a copy of the OID, which we need to release. + +Signed-off-by: Robbie Harwood +(cherry picked from commit 482349fa6bd536471216a898713c83260c78c08d) +--- + src/mechglue/gpp_import_and_canon_name.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/mechglue/gpp_import_and_canon_name.c b/src/mechglue/gpp_import_and_canon_name.c +index 745be20..7d6829f 100644 +--- a/src/mechglue/gpp_import_and_canon_name.c ++++ b/src/mechglue/gpp_import_and_canon_name.c +@@ -257,6 +257,8 @@ OM_uint32 gssi_release_name(OM_uint32 *minor_status, + return GSS_S_BAD_NAME; + } + ++ (void)gss_release_oid(&rmin, &name->mech_type); ++ + rmaj = gpm_release_name(&rmin, &name->remote); + + if (name->local) { diff --git a/Initialize-our-epoll_event-structures.patch b/Initialize-our-epoll_event-structures.patch new file mode 100644 index 0000000..459b9f7 --- /dev/null +++ b/Initialize-our-epoll_event-structures.patch @@ -0,0 +1,37 @@ +From 35579d9de1d3f295fb4548c73fc6a729d04128c6 Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Thu, 30 Jul 2020 16:43:30 -0400 +Subject: [PATCH] Initialize our epoll_event structures + +Fixes a valgrind error for the other fields of epoll_event. + +Signed-off-by: Robbie Harwood +(cherry picked from commit 48bfadc538bca3b9ca478c711af75245163d0b67) +--- + src/client/gpm_common.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/client/gpm_common.c b/src/client/gpm_common.c +index 60b1fdc..786a77b 100644 +--- a/src/client/gpm_common.c ++++ b/src/client/gpm_common.c +@@ -199,6 +199,8 @@ static int gpm_epoll_setup(struct gpm_ctx *gpmctx) + struct epoll_event ev; + int ret; + ++ memset(&ev, 0, sizeof(ev)); ++ + if (gpmctx->epollfd >= 0) { + gpm_epoll_close(gpmctx); + } +@@ -280,6 +282,10 @@ static int gpm_epoll_wait(struct gpm_ctx *gpmctx, uint32_t event_flags) + struct epoll_event events[2]; + uint64_t timer_read; + ++ memset(&ev, 0, sizeof(ev)); ++ memset(&events[0], 0, sizeof(events[0])); ++ memset(&events[1], 0, sizeof(events[1])); ++ + if (gpmctx->epollfd < 0) { + ret = gpm_epoll_setup(gpmctx); + if (ret) diff --git a/gssproxy.spec b/gssproxy.spec new file mode 100644 index 0000000..c47383b --- /dev/null +++ b/gssproxy.spec @@ -0,0 +1,478 @@ +Name: gssproxy + +Version: 0.8.3 +Release: 5%{?dist} +Summary: GSSAPI Proxy + +License: MIT +URL: https://github.com/gssapi/gssproxy +Source0: https://github.com/gssapi/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.gz +Source1: rwtab + +Patch0: Initialize-our-epoll_event-structures.patch +Patch1: Avoid-leak-of-special-mechs-in-gss_mech_interposer.patch +Patch2: Fix-leak-of-mech-OID-in-gssi_inquire_context.patch +Patch3: Document-config-file-non-merging.patch + +%global servicename gssproxy +%global pubconfpath %{_sysconfdir}/gssproxy +%global gpstatedir %{_localstatedir}/lib/gssproxy + +### Patches ### + +### Dependencies ### +Requires: krb5-libs >= 1.12.0 +Requires: keyutils-libs +Requires: libverto-module-base +Requires: libini_config >= 1.2.0 +Requires(post): systemd-units +Requires(preun): systemd-units +Requires(postun): systemd-units + +# We use a Conflicts: here so as not to interfere with users who make +# their own policy. The version is the last time someone has filed a +# bug about gssproxy being broken with selinux. +Conflicts: selinux-policy < 3.13.1-283.5 + +### Build Dependencies ### +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: libtool +BuildRequires: m4 +BuildRequires: libxslt +BuildRequires: libxml2 +BuildRequires: docbook-style-xsl +BuildRequires: doxygen +BuildRequires: gettext-devel +BuildRequires: pkgconfig +BuildRequires: krb5-devel >= 1.12.0 +BuildRequires: libselinux-devel +BuildRequires: keyutils-libs-devel +BuildRequires: libini_config-devel >= 1.2.0 +BuildRequires: libverto-devel +BuildRequires: popt-devel +BuildRequires: findutils +BuildRequires: systemd-units +BuildRequires: git + +%description +A proxy for GSSAPI credential handling + +%prep +%autosetup -S git + +%build +autoreconf -f -i +%configure \ + --with-pubconf-path=%{pubconfpath} \ + --with-initscript=systemd \ + --disable-static \ + --disable-rpath \ + --with-gpp-default-behavior=REMOTE_FIRST + +make %{?_smp_mflags} all +make test_proxymech + +%install +rm -rf %{buildroot} +make install DESTDIR=%{buildroot} +rm -f %{buildroot}%{_libdir}/gssproxy/proxymech.la +install -d -m755 %{buildroot}%{_sysconfdir}/gssproxy +install -m644 examples/gssproxy.conf %{buildroot}%{_sysconfdir}/gssproxy/gssproxy.conf +install -m644 examples/99-nfs-client.conf %{buildroot}%{_sysconfdir}/gssproxy/99-nfs-client.conf +mkdir -p %{buildroot}%{_sysconfdir}/gss/mech.d +install -m644 examples/mech %{buildroot}%{_sysconfdir}/gss/mech.d/gssproxy.conf +mkdir -p %{buildroot}%{gpstatedir}/rcache +mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/rwtab.d +install -m644 %{SOURCE1} $RPM_BUILD_ROOT/%{_sysconfdir}/rwtab.d/gssproxy + +%files +%license COPYING +%{_unitdir}/gssproxy.service +%{_sbindir}/gssproxy +%attr(755,root,root) %dir %{pubconfpath} +%attr(755,root,root) %dir %{gpstatedir} +%attr(700,root,root) %dir %{gpstatedir}/clients +%attr(700,root,root) %dir %{gpstatedir}/rcache +%attr(0600,root,root) %config(noreplace) /%{_sysconfdir}/gssproxy/gssproxy.conf +%attr(0600,root,root) %config(noreplace) /%{_sysconfdir}/gssproxy/99-nfs-client.conf +%attr(0644,root,root) %config(noreplace) /%{_sysconfdir}/gss/mech.d/gssproxy.conf +%dir %{_libdir}/gssproxy +%{_libdir}/gssproxy/proxymech.so +%{_mandir}/man5/gssproxy.conf.5* +%{_mandir}/man8/gssproxy.8* +%{_mandir}/man8/gssproxy-mech.8* +%config(noreplace) %{_sysconfdir}/rwtab.d/gssproxy + +%post +%systemd_post gssproxy.service + +%preun +%systemd_preun gssproxy.service + +%postun +%systemd_postun_with_restart gssproxy.service + +%changelog +* Mon Oct 12 2020 Robbie Harwood - 0.8.3-5 +- Document config file non-merging + +* Wed Aug 26 2020 Robbie Harwood - 0.8.3-4 +- Fix leak of mech OID in gssi_inquire_context() + +* Fri Jul 31 2020 Robbie Harwood - 0.8.3-3 +- Avoid leak of special mechs in gss_mech_interposer() + +* Tue Jul 28 2020 Fedora Release Engineering - 0.8.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Fri Apr 17 2020 Robbie Harwood - 0.8.3-1 +- New upstream release (0.8.3) + +* Wed Jan 29 2020 Fedora Release Engineering - 0.8.2-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Tue Jan 07 2020 Robbie Harwood - 0.8.2-7 +- Delay gssproxy start until after network.target + +* Thu Oct 31 2019 Robbie Harwood - 0.8.2-6 +- Make syslog of call status configurable + +* Thu Jul 25 2019 Fedora Release Engineering - 0.8.2-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Mon Jul 15 2019 Robbie Harwood - 0.8.2-4 +- Replace /var/run -> /run in gssproxy.service +- Resolves: #1729739 + +* Fri May 03 2019 Robbie Harwood - 0.8.2-3 +- Update NFS service name in systemd unit +- Resolves: #1702443 + +* Wed May 01 2019 Robbie Harwood - 0.8.2-2 +- Avoid uninitialized free when allocating buffers + +* Thu Apr 18 2019 Robbie Harwood - 0.8.2-1 +- New usptream version (0.8.2) + +* Tue Apr 16 2019 Robbie Harwood - 0.8.1-11 +- New upstream version (0.8.1) +- Resolves: #1700541 + +* Mon Mar 18 2019 Robbie Harwood - 0.8.0-11 +- Fix gssproxy blocking inside epoll_wait() due to kernel race + +* Fri Feb 01 2019 Fedora Release Engineering - 0.8.0-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Tue Dec 11 2018 Robbie Harwood - 0.8.0-9 +- Add hack to support read-only root + +* Tue Oct 02 2018 Robbie Harwood - 0.8.0-8 +- Update docs to reflect actual behavior of krb5_principal + +* Thu Sep 20 2018 Robbie Harwood - 0.8.0-7 +- Use pthread keys for thread local storage + +* Fri Aug 03 2018 Robbie Harwood - 0.8.0-6 +- Don't leak sock_ctx if verto_add_io() fails + +* Fri Jul 13 2018 Fedora Release Engineering - 0.8.0-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Thu Apr 12 2018 Robbie Harwood - 0.8.0-4 +- Drop patch level by one (woo!) + +* Thu Apr 12 2018 Robbie Harwood - 0.8.0-3 +- Always choose highest requested debug level +- Update man pages about debugging + +* Tue Feb 27 2018 Robbie Harwood - 0.8.0-2 +- Always use the encype we selected + +* Fri Feb 09 2018 Robbie Harwood - 0.8.0-1 +- Release version 0.8.0 + +* Wed Feb 07 2018 Fedora Release Engineering - 0.7.0-30 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Wed Dec 13 2017 Robbie Harwood - 0.7.0-29 +- Conditionally reload kernel interface on SIGHUP + +* Tue Dec 12 2017 Robbie Harwood - 0.7.0-28 +- Fixup previous + +* Tue Dec 12 2017 Robbie Harwood - 0.7.0-27 +- More code hygeine fixes from upstream +- Reorder patches to match el7 + +* Tue Dec 05 2017 Robbie Harwood - 0.7.0-26 +- Properly initialize ccaches before storing into them + +* Fri Dec 01 2017 Robbie Harwood - 0.7.0-25 +- Properly locate credentials in collection caches in mechglue + +* Tue Oct 31 2017 Robbie Harwood - 0.7.0-24 +- Only empty FILE ccaches when storing remote creds + +* Mon Oct 30 2017 Robbie Harwood - 0.7.0-23 +- Fix error message handling in gp_config_from_dir() + +* Fri Oct 27 2017 Robbie Harwood - 0.7.0-22 +- Fix concurrency issue in server socket handling + +* Mon Oct 02 2017 Robbie Harwood - 0.7.0-21 +- Off-by-one error fix in selinux-policy version + +* Mon Oct 02 2017 Robbie Harwood - 0.7.0-20 +- Change selinux-policy versioning to Conflicts + +* Fri Sep 29 2017 Robbie Harwood - 0.7.0-19 +- Add explicit selinux-policy dependency after some fixes + +* Fri Sep 29 2017 Robbie Harwood - 0.7.0-18 +- Fix silent death if config file has duplicate sections + +* Thu Sep 21 2017 Robbie Harwood - 0.7.0-17 +- Handle outdated encrypted ccaches + +* Fri Sep 15 2017 Robbie Harwood - 0.7.0-16 +- Backport updates to epoll logic + +* Tue Sep 12 2017 Robbie Harwood - 0.7.0-15 +- Backport two security fixes + +* Tue Aug 22 2017 Robbie Harwood - 0.7.0-14 +- Non-blocking IO + Extended request debug logging + +* Sun Aug 20 2017 Ville Skyttä - 0.7.0-13 +- Own the %%{_libdir}/gssproxy dir +- Mark COPYING as %%license + +* Mon Jul 31 2017 Robbie Harwood - 0.7.0-12 +- Add client ID to debug messages +- Move packaging to autosetup + +* Wed Jul 26 2017 Fedora Release Engineering - 0.7.0-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Mon Jun 19 2017 Robbie Harwood - 0.7.0-10 + - Fix potential explicit NULL deref of program name + +* Thu May 25 2017 Robbie Harwood - 0.7.0-9 +- Make proc failure loud but nonfatal + +* Wed May 24 2017 Robbie Harwood - 0.7.0-8 +- Remove (buggy?) logic around NFS snippet. + +* Wed May 17 2017 Robbie Harwood - 0.7.0-7 +- Remove NFS server stanza if nfs-utils not present +- Also update gcc7 patch to match upstream + +* Tue May 16 2017 Robbie Harwood - 0.7.0-6 +- Fix segfault when no configuration files are found +- Various build fixes for gcc7 + +* Mon May 01 2017 Robbie Harwood - 0.7.0-5 +- Update systemd unit file (nfs removal, reload capability) + +* Mon Apr 03 2017 Robbie Harwood - 0.7.0-4 +- Backport fix for double unlock + +* Tue Mar 28 2017 Robbie Harwood - 0.7.0-3 +- Drop NFS server snippet (removes dependency on nfs kernel component) + +* Tue Mar 14 2017 Robbie Harwood - 0.7.0-2 +- Fix credential renewal and impersonator checking for m_a_g + +* Tue Mar 07 2017 Robbie Harwood - 0.7.0-1 +- New upstream release - 0.7.0 + +* Mon Mar 06 2017 Robbie Harwood - 0.6.2-4 +- Actually apply the patches I just added +- Also include a Coverity fix. + +* Tue Feb 28 2017 Robbie Harwood - 0.6.2-2 +- Include other non-null fix and various things from master + +* Thu Feb 23 2017 Robbie Harwood - 0.6.2-1 +- Fix incorrect use of non-null string in xdr +- Also move version number to better reflect what is inside + +* Fri Feb 10 2017 Fedora Release Engineering - 0.6.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Mon Jan 23 2017 Robbie Harwood - 0.6.1-2 +- Fix allocation issue of cred store +- Resolves: #1415400 + +* Fri Jan 20 2017 Robbie Harwood - 0.6.1-1 +- New upstream release v0.6.1 +- Resolves: #1415090 + +* Wed Jan 18 2017 Robbie Harwood - 0.6.0-1 +- New upstream release v0.6.0 + +* Tue Sep 27 2016 Robbie Harwood - 0.5.1-3 +- Adjust libverto dependency to not use a specific backend +- Resolves: #1379812 + +* Tue Jun 14 2016 Robbie Harwood - 0.5.1-2 +- Own /var/lib/gssproxy/rcache + +* Mon Jun 13 2016 Robbie Harwood - 0.5.1-1 +- Update to upstream release v0.5.1 +- Resolves: #1345871 + +* Tue Jun 07 2016 Robbie Harwood - 0.5.0-5 +- Acquire new socket for fork/permission drops on clients + +* Mon May 09 2016 Robbie Harwood - 0.5.0-4 +- Do not package mod_auth_gssapi conf file + - This ensures gssproxy works even when the apache user does not exist + +* Thu May 05 2016 Robbie Harwood - 0.5.0-3 +- Ensure we actually package the config files + +* Thu May 05 2016 Simo Sorce - 0.5.0-2 +- Fix typo in requires + +* Wed May 04 2016 Robbie Harwood - 0.5.0-1 +- Release new upstream version +- Bump ini_config version for `ini_config_augment()` + +* Wed Feb 03 2016 Fedora Release Engineering - 0.4.1-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Dec 16 2015 Robbie Harwood - 0.4.1-4 +- Fix issues with 1.14 +- Fix bogus date in changelog (March 30 2015 was a Monday) + +* Wed Oct 21 2015 Robbie Harwood - 0.4.1-3 +- Clear message buffer to fix segfault on arm +- resolves: #1235902 + +* Wed Jun 17 2015 Fedora Release Engineering - 0.4.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Mon Mar 30 2015 Simo Sorce 0.4.1-1 +- New upstream release +- Fix issues with paths in config files + +* Tue Mar 24 2015 Simo Sorce 0.4.0-2 +- Workaround rawhide bug (bz1204646) with krb5-config by switching to + pkg-config (patch from upstream) + +* Tue Mar 24 2015 Simo Sorce 0.4.0-1 +- New upstream realease + Added optional support for running GSS-Proxy as an unprivileged user + Uses new /etc/gss/mech.d configuration directory for gss mechanisms + Kernel related fixes + General bug fixing, many minor errors or incorrect behaviours have been corrected +- drop all patches, they are all included upstream + +* Sat Aug 16 2014 Fedora Release Engineering - 0.3.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sat Jun 07 2014 Fedora Release Engineering - 0.3.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Thu May 29 2014 Simo Sorce 0.3.1-2 +- Rebuild as new ding-libs brings in soname bump + +* Thu Mar 13 2014 Guenther Deschner 0.3.1-1 +- Fix flags handling in gss_init_sec_context() +- resolves: https://fedorahosted.org/gss-proxy/ticket/112 +- Fix nfsd startup +- resolves: https://fedorahosted.org/gss-proxy/ticket/114 +- Fix potential mutex deadlock +- resolves: https://fedorahosted.org/gss-proxy/ticket/120 +- Fix segfault in gssi_inquire_context +- resolves: https://fedorahosted.org/gss-proxy/ticket/117 +- resolves: #1061133 + +* Tue Nov 26 2013 Guenther Deschner 0.3.1-0 +- New upstream release 0.3.1: + * Fix use of gssproxy for client initiation + * Add new enforcing and filtering options for context initialization + * Fix potential thread safety issues +- resolves: https://fedorahosted.org/gss-proxy/ticket/110 +- resolves: https://fedorahosted.org/gss-proxy/ticket/111 + +* Tue Nov 19 2013 Guenther Deschner 0.3.0-3 +- Fix flags handling in gss_init_sec_context() +- resolves: https://fedorahosted.org/gss-proxy/ticket/106 +- Fix OID handling in gss_inquire_cred_by_mech() +- resolves: https://fedorahosted.org/gss-proxy/ticket/107 +- Fix continuation processing for not yet fully established contexts. +- resolves: https://fedorahosted.org/gss-proxy/ticket/108 +- Add flags filtering and flags enforcing. +- resolves: https://fedorahosted.org/gss-proxy/ticket/109 + +* Wed Oct 23 2013 Guenther Deschner 0.3.0-0 +- New upstream release 0.3.0: + * Add support for impersonation (depends on s4u2self/s4u2proxy on the KDC) + * Add support for new rpc.gssd mode of operation that forks and changes uid + * Add 2 new options allow_any_uid and cred_usage + +* Fri Oct 18 2013 Guenther Deschner 0.2.3-8 +- Fix default proxymech documentation and fix LOCAL_FIRST implementation +- resolves: https://fedorahosted.org/gss-proxy/ticket/105 + +* Sat Aug 03 2013 Fedora Release Engineering - 0.2.3-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Wed Jul 24 2013 Guenther Deschner 0.2.3-6 +- Add better default gssproxy.conf file for nfs client and server usage + +* Thu Jun 06 2013 Guenther Deschner 0.2.3-5 +- New upstream release + +* Fri May 31 2013 Guenther Deschner 0.2.2-5 +- Require libverto-tevent to make sure libverto initialization succeeds + +* Wed May 29 2013 Guenther Deschner 0.2.2-4 +- Modify systemd unit files for nfs-secure services + +* Wed May 22 2013 Guenther Deschner 0.2.2-3 +- Fix cred_store handling w/o client keytab + +* Thu May 16 2013 Guenther Deschner 0.2.2-2 +- New upstream release + +* Tue May 07 2013 Guenther Deschner 0.2.1-2 +- New upstream release + +* Wed Apr 24 2013 Guenther Deschner 0.2.0-1 +- New upstream release + +* Mon Apr 01 2013 Simo Sorce - 0.1.0-0 +- New upstream release + +* Thu Feb 14 2013 Fedora Release Engineering - 0.0.3-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Tue Nov 06 2012 Guenther Deschner 0.0.3-7 +- Update to 0.0.3 + +* Wed Aug 22 2012 Guenther Deschner 0.0.2-6 +- Use new systemd-rpm macros +- resolves: #850139 + +* Wed Jul 18 2012 Guenther Deschner 0.0.2-5 +- More spec file fixes + +* Mon Jul 16 2012 Guenther Deschner 0.0.2-4 +- Fix systemd service file + +* Fri Jul 13 2012 Guenther Deschner 0.0.2-3 +- Fix various packaging issues + +* Mon Jul 02 2012 Guenther Deschner 0.0.1-2 +- Add systemd packaging + +* Wed Mar 28 2012 Guenther Deschner 0.0.1-1 +- Various fixes + +* Mon Dec 12 2011 Simo Sorce - 0.0.2-0 +- Automated build of the gssproxy daemon diff --git a/sources b/sources new file mode 100644 index 0000000..3ebe8f7 --- /dev/null +++ b/sources @@ -0,0 +1,2 @@ +SHA512 (rwtab) = 35bf5dda822a025fa4f3c94095abd3ff5279dc263ec870e74517a3eb1a3b331bb71d8894f65dc1b129aefcc3eae9c38033ba6ec41289b5b1abeffeddfb1ac86f +SHA512 (gssproxy-0.8.3.tar.gz) = 144b10ec4e19ad2ded5ae57adf1ca311e2fc6c2b97e202eedde69d82c8d50afc0459ac36c7fc5d5290184eb68547a696b33e8a069fde43478104ac26b2c98bc2