RHEL 9.0.0 Alpha bootstrap

The content of this branch was automatically imported from Fedora ELN
with the following as its source:
https://src.fedoraproject.org/rpms/gssproxy#eb409610a9506e22c1c590a47022f5d43e6817ba

.gitignore

@@ -0,0 +1,29 @@
+/gssproxy-0.0.2.tar.gz
+/gssproxy-0.0.3.tar.gz
+/gssproxy-0.1.0.tar.gz
+/gssproxy-0.1.1.tar.gz
+/gssproxy-0.2.0.tar.gz
+/gssproxy-0.2.1.tar.gz
+/gssproxy-0.2.2.tar.gz
+/gssproxy-0.2.3.tar.gz
+/gssproxy-0.3.0.tar.gz
+/gssproxy-0.3.1.tar.gz
+/gssproxy-0.4.0.tar.gz
+/gssproxy-0.4.1.tar.gz
+/gssproxy-0.5.0.tar.gz
+/gssproxy-0.5.1.tar.gz
+/gssproxy-0.6.0.tar.gz
+/gssproxy-0.6.1.tar.gz
+/gssproxy-0.6.1.tar.gz.sha512sum.txt
+/gssproxy-0.6.2.tar.gz
+/gssproxy-0.6.2.tar.gz.sha512sum.txt
+/gssproxy-0.7.0.tar.gz
+/gssproxy-0.7.0.tar.gz.sha512sum.txt
+/gssproxy-0.8.0.tar.gz
+/gssproxy-0.8.0.tar.gz.sha512sum.txt
+/rwtab
+/gssproxy-0.8.1.tar.gz
+/gssproxy-0.8.1.tar.gz.sha512sum.txt
+/gssproxy-0.8.2.tar.gz
+/gssproxy-0.8.2.tar.gz.sha512sum.txt
+/gssproxy-0.8.3.tar.gz

Avoid-leak-of-special-mechs-in-gss_mech_interposer.patch

@@ -0,0 +1,33 @@
+From 4b9e5f00d36d9b5c1f80835a989fa8865c045ff3 Mon Sep 17 00:00:00 2001
+From: Robbie Harwood <rharwood@redhat.com>
+Date: Fri, 31 Jul 2020 13:23:30 -0400
+Subject: [PATCH] Avoid leak of special mechs in gss_mech_interposer()
+
+Signed-off-by: Robbie Harwood <rharwood@redhat.com>
+(cherry picked from commit dc405df92173cceac2cafc09a70b1724bb2b97c8)
+---
+ src/mechglue/gss_plugin.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/mechglue/gss_plugin.c b/src/mechglue/gss_plugin.c
+index 69a9644..9ce3e15 100644
+--- a/src/mechglue/gss_plugin.c
++++ b/src/mechglue/gss_plugin.c
+@@ -76,6 +76,7 @@ gss_OID_set gss_mech_interposer(gss_OID mech_type)
+     gss_OID_set interposed_mechs;
+     OM_uint32 maj, min;
+     char *envval;
++    gss_OID_set special_mechs;
+ 
+     /* avoid looping in the gssproxy daemon by avoiding to interpose
+      * any mechanism */
+@@ -118,7 +119,8 @@ gss_OID_set gss_mech_interposer(gss_OID mech_type)
+     }
+ 
+     /* while there also initiaize special_mechs */
+-    (void)gpp_special_available_mechs(interposed_mechs);
++    special_mechs = gpp_special_available_mechs(interposed_mechs);
++    (void)gss_release_oid_set(&min, &special_mechs);
+ 
+ done:
+     if (maj != 0) {

Document-config-file-non-merging.patch

@@ -0,0 +1,29 @@
+From 2592d32c5c6d39f30dc0bfdb78b5c292ed0af2ae Mon Sep 17 00:00:00 2001
+From: Robbie Harwood <rharwood@redhat.com>
+Date: Wed, 10 Jun 2020 15:50:36 -0400
+Subject: [PATCH] Document config file non-merging
+
+Merges: #4
+Signed-off-by: Robbie Harwood <rharwood@redhat.com>
+Reviewed-by: Simo Sorce <simo@redhat.com>
+(cherry picked from commit a05b876badd52ba99d95c981f5f8b0e50de28c63)
+---
+ man/gssproxy.conf.5.xml | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/man/gssproxy.conf.5.xml b/man/gssproxy.conf.5.xml
+index 04059a8..5e240ab 100644
+--- a/man/gssproxy.conf.5.xml
++++ b/man/gssproxy.conf.5.xml
+@@ -37,7 +37,10 @@
+             of the form "##-foo.conf" (that is, start with two numbers
+             followed by a dash, and end in ".conf").  Files not conforming to
+             this will be ignored unless specifically requested through command
+-            line parameters.
++            line parameters.  Within a single file, any duplicate values or
++            sections will be merged.  Across multiple files, duplicates will
++            generate a warning, and the first value encountered will take
++            precedence (i.e., there is no merging).
+         </para>
+     </refsect1>
+ 

Fix-leak-of-mech-OID-in-gssi_inquire_context.patch

@@ -0,0 +1,26 @@
+From ce271e38be223a9442efd406c9a8fa961930e35b Mon Sep 17 00:00:00 2001
+From: Robbie Harwood <rharwood@redhat.com>
+Date: Wed, 26 Aug 2020 13:36:50 -0400
+Subject: [PATCH] Fix leak of mech OID in gssi_inquire_context()
+
+The name it creates holds a copy of the OID, which we need to release.
+
+Signed-off-by: Robbie Harwood <rharwood@redhat.com>
+(cherry picked from commit 482349fa6bd536471216a898713c83260c78c08d)
+---
+ src/mechglue/gpp_import_and_canon_name.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/mechglue/gpp_import_and_canon_name.c b/src/mechglue/gpp_import_and_canon_name.c
+index 745be20..7d6829f 100644
+--- a/src/mechglue/gpp_import_and_canon_name.c
++++ b/src/mechglue/gpp_import_and_canon_name.c
+@@ -257,6 +257,8 @@ OM_uint32 gssi_release_name(OM_uint32 *minor_status,
+         return GSS_S_BAD_NAME;
+     }
+ 
++    (void)gss_release_oid(&rmin, &name->mech_type);
++
+     rmaj = gpm_release_name(&rmin, &name->remote);
+ 
+     if (name->local) {

Initialize-our-epoll_event-structures.patch

@@ -0,0 +1,37 @@
+From 35579d9de1d3f295fb4548c73fc6a729d04128c6 Mon Sep 17 00:00:00 2001
+From: Robbie Harwood <rharwood@redhat.com>
+Date: Thu, 30 Jul 2020 16:43:30 -0400
+Subject: [PATCH] Initialize our epoll_event structures
+
+Fixes a valgrind error for the other fields of epoll_event.
+
+Signed-off-by: Robbie Harwood <rharwood@redhat.com>
+(cherry picked from commit 48bfadc538bca3b9ca478c711af75245163d0b67)
+---
+ src/client/gpm_common.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/client/gpm_common.c b/src/client/gpm_common.c
+index 60b1fdc..786a77b 100644
+--- a/src/client/gpm_common.c
++++ b/src/client/gpm_common.c
+@@ -199,6 +199,8 @@ static int gpm_epoll_setup(struct gpm_ctx *gpmctx)
+     struct epoll_event ev;
+     int ret;
+ 
++    memset(&ev, 0, sizeof(ev));
++
+     if (gpmctx->epollfd >= 0) {
+         gpm_epoll_close(gpmctx);
+     }
+@@ -280,6 +282,10 @@ static int gpm_epoll_wait(struct gpm_ctx *gpmctx, uint32_t event_flags)
+     struct epoll_event events[2];
+     uint64_t timer_read;
+ 
++    memset(&ev, 0, sizeof(ev));
++    memset(&events[0], 0, sizeof(events[0]));
++    memset(&events[1], 0, sizeof(events[1]));
++
+     if (gpmctx->epollfd < 0) {
+         ret = gpm_epoll_setup(gpmctx);
+         if (ret)

gssproxy.spec

@@ -0,0 +1,478 @@
+Name:		gssproxy
+
+Version:	0.8.3
+Release:	5%{?dist}
+Summary:	GSSAPI Proxy
+
+License:	MIT
+URL:		https://github.com/gssapi/gssproxy
+Source0:	https://github.com/gssapi/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.gz
+Source1:	rwtab
+
+Patch0: Initialize-our-epoll_event-structures.patch
+Patch1: Avoid-leak-of-special-mechs-in-gss_mech_interposer.patch
+Patch2: Fix-leak-of-mech-OID-in-gssi_inquire_context.patch
+Patch3: Document-config-file-non-merging.patch
+
+%global servicename gssproxy
+%global pubconfpath %{_sysconfdir}/gssproxy
+%global gpstatedir %{_localstatedir}/lib/gssproxy
+
+### Patches ###
+
+### Dependencies ###
+Requires: krb5-libs >= 1.12.0
+Requires: keyutils-libs
+Requires: libverto-module-base
+Requires: libini_config >= 1.2.0
+Requires(post): systemd-units
+Requires(preun): systemd-units
+Requires(postun): systemd-units
+
+# We use a Conflicts: here so as not to interfere with users who make
+# their own policy.  The version is the last time someone has filed a
+# bug about gssproxy being broken with selinux.
+Conflicts: selinux-policy < 3.13.1-283.5
+
+### Build Dependencies ###
+BuildRequires: autoconf
+BuildRequires: automake
+BuildRequires: libtool
+BuildRequires: m4
+BuildRequires: libxslt
+BuildRequires: libxml2
+BuildRequires: docbook-style-xsl
+BuildRequires: doxygen
+BuildRequires: gettext-devel
+BuildRequires: pkgconfig
+BuildRequires: krb5-devel >= 1.12.0
+BuildRequires: libselinux-devel
+BuildRequires: keyutils-libs-devel
+BuildRequires: libini_config-devel >= 1.2.0
+BuildRequires: libverto-devel
+BuildRequires: popt-devel
+BuildRequires: findutils
+BuildRequires: systemd-units
+BuildRequires: git
+
+%description
+A proxy for GSSAPI credential handling
+
+%prep
+%autosetup -S git
+
+%build
+autoreconf -f -i
+%configure \
+    --with-pubconf-path=%{pubconfpath} \
+    --with-initscript=systemd \
+    --disable-static \
+    --disable-rpath \
+    --with-gpp-default-behavior=REMOTE_FIRST
+
+make %{?_smp_mflags} all
+make test_proxymech
+
+%install
+rm -rf %{buildroot}
+make install DESTDIR=%{buildroot}
+rm -f %{buildroot}%{_libdir}/gssproxy/proxymech.la
+install -d -m755 %{buildroot}%{_sysconfdir}/gssproxy
+install -m644 examples/gssproxy.conf %{buildroot}%{_sysconfdir}/gssproxy/gssproxy.conf
+install -m644 examples/99-nfs-client.conf %{buildroot}%{_sysconfdir}/gssproxy/99-nfs-client.conf
+mkdir -p %{buildroot}%{_sysconfdir}/gss/mech.d
+install -m644 examples/mech %{buildroot}%{_sysconfdir}/gss/mech.d/gssproxy.conf
+mkdir -p %{buildroot}%{gpstatedir}/rcache
+mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/rwtab.d
+install -m644 %{SOURCE1} $RPM_BUILD_ROOT/%{_sysconfdir}/rwtab.d/gssproxy
+
+%files
+%license COPYING
+%{_unitdir}/gssproxy.service
+%{_sbindir}/gssproxy
+%attr(755,root,root) %dir %{pubconfpath}
+%attr(755,root,root) %dir %{gpstatedir}
+%attr(700,root,root) %dir %{gpstatedir}/clients
+%attr(700,root,root) %dir %{gpstatedir}/rcache
+%attr(0600,root,root) %config(noreplace) /%{_sysconfdir}/gssproxy/gssproxy.conf
+%attr(0600,root,root) %config(noreplace) /%{_sysconfdir}/gssproxy/99-nfs-client.conf
+%attr(0644,root,root) %config(noreplace) /%{_sysconfdir}/gss/mech.d/gssproxy.conf
+%dir %{_libdir}/gssproxy
+%{_libdir}/gssproxy/proxymech.so
+%{_mandir}/man5/gssproxy.conf.5*
+%{_mandir}/man8/gssproxy.8*
+%{_mandir}/man8/gssproxy-mech.8*
+%config(noreplace) %{_sysconfdir}/rwtab.d/gssproxy
+
+%post
+%systemd_post gssproxy.service
+
+%preun
+%systemd_preun gssproxy.service
+
+%postun
+%systemd_postun_with_restart gssproxy.service
+
+%changelog
+* Mon Oct 12 2020 Robbie Harwood <rharwood@redhat.com> - 0.8.3-5
+- Document config file non-merging
+
+* Wed Aug 26 2020 Robbie Harwood <rharwood@redhat.com> - 0.8.3-4
+- Fix leak of mech OID in gssi_inquire_context()
+
+* Fri Jul 31 2020 Robbie Harwood <rharwood@redhat.com> - 0.8.3-3
+- Avoid leak of special mechs in gss_mech_interposer()
+
+* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.3-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Fri Apr 17 2020 Robbie Harwood <rharwood@redhat.com> - 0.8.3-1
+- New upstream release (0.8.3)
+
+* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.2-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Tue Jan 07 2020 Robbie Harwood <rharwood@redhat.com> - 0.8.2-7
+- Delay gssproxy start until after network.target
+
+* Thu Oct 31 2019 Robbie Harwood <rharwood@redhat.com> - 0.8.2-6
+- Make syslog of call status configurable
+
+* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.2-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Mon Jul 15 2019 Robbie Harwood <rharwood@redhat.com> - 0.8.2-4
+- Replace /var/run -> /run in gssproxy.service
+- Resolves: #1729739
+
+* Fri May 03 2019 Robbie Harwood <rharwood@redhat.com> - 0.8.2-3
+- Update NFS service name in systemd unit
+- Resolves: #1702443
+
+* Wed May 01 2019 Robbie Harwood <rharwood@redhat.com> - 0.8.2-2
+- Avoid uninitialized free when allocating buffers
+
+* Thu Apr 18 2019 Robbie Harwood <rharwood@redhat.com> - 0.8.2-1
+- New usptream version (0.8.2)
+
+* Tue Apr 16 2019 Robbie Harwood <rharwood@redhat.com> - 0.8.1-11
+- New upstream version (0.8.1)
+- Resolves: #1700541
+
+* Mon Mar 18 2019 Robbie Harwood <rharwood@redhat.com> - 0.8.0-11
+- Fix gssproxy blocking inside epoll_wait() due to kernel race
+
+* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.0-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Tue Dec 11 2018 Robbie Harwood <rharwood@redhat.com> - 0.8.0-9
+- Add hack to support read-only root
+
+* Tue Oct 02 2018 Robbie Harwood <rharwood@redhat.com> - 0.8.0-8
+- Update docs to reflect actual behavior of krb5_principal
+
+* Thu Sep 20 2018 Robbie Harwood <rharwood@redhat.com> - 0.8.0-7
+- Use pthread keys for thread local storage
+
+* Fri Aug 03 2018 Robbie Harwood <rharwood@redhat.com> - 0.8.0-6
+- Don't leak sock_ctx if verto_add_io() fails
+
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.0-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Thu Apr 12 2018 Robbie Harwood <rharwood@redhat.com> - 0.8.0-4
+- Drop patch level by one (woo!)
+
+* Thu Apr 12 2018 Robbie Harwood <rharwood@redhat.com> - 0.8.0-3
+- Always choose highest requested debug level
+- Update man pages about debugging
+
+* Tue Feb 27 2018 Robbie Harwood <rharwood@redhat.com> - 0.8.0-2
+- Always use the encype we selected
+
+* Fri Feb 09 2018 Robbie Harwood <rharwood@redhat.com> - 0.8.0-1
+- Release version 0.8.0
+
+* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.0-30
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Wed Dec 13 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-29
+- Conditionally reload kernel interface on SIGHUP
+
+* Tue Dec 12 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-28
+- Fixup previous
+
+* Tue Dec 12 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-27
+- More code hygeine fixes from upstream
+- Reorder patches to match el7
+
+* Tue Dec 05 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-26
+- Properly initialize ccaches before storing into them
+
+* Fri Dec 01 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-25
+- Properly locate credentials in collection caches in mechglue
+
+* Tue Oct 31 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-24
+- Only empty FILE ccaches when storing remote creds
+
+* Mon Oct 30 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-23
+- Fix error message handling in gp_config_from_dir()
+
+* Fri Oct 27 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-22
+- Fix concurrency issue in server socket handling
+
+* Mon Oct 02 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-21
+- Off-by-one error fix in selinux-policy version
+
+* Mon Oct 02 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-20
+- Change selinux-policy versioning to Conflicts
+
+* Fri Sep 29 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-19
+- Add explicit selinux-policy dependency after some fixes
+
+* Fri Sep 29 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-18
+- Fix silent death if config file has duplicate sections
+
+* Thu Sep 21 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-17
+- Handle outdated encrypted ccaches
+
+* Fri Sep 15 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-16
+- Backport updates to epoll logic
+
+* Tue Sep 12 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-15
+- Backport two security fixes
+
+* Tue Aug 22 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-14
+- Non-blocking IO + Extended request debug logging
+
+* Sun Aug 20 2017 Ville Skyttä <ville.skytta@iki.fi> - 0.7.0-13
+- Own the %%{_libdir}/gssproxy dir
+- Mark COPYING as %%license
+
+* Mon Jul 31 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-12
+- Add client ID to debug messages
+- Move packaging to autosetup
+
+* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.0-11
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Mon Jun 19 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-10
+ - Fix potential explicit NULL deref of program name
+
+* Thu May 25 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-9
+- Make proc failure loud but nonfatal
+
+* Wed May 24 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-8
+- Remove (buggy?) logic around NFS snippet.
+
+* Wed May 17 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-7
+- Remove NFS server stanza if nfs-utils not present
+- Also update gcc7 patch to match upstream
+
+* Tue May 16 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-6
+- Fix segfault when no configuration files are found
+- Various build fixes for gcc7
+
+* Mon May 01 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-5
+- Update systemd unit file (nfs removal, reload capability)
+
+* Mon Apr 03 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-4
+- Backport fix for double unlock
+
+* Tue Mar 28 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-3
+- Drop NFS server snippet (removes dependency on nfs kernel component)
+
+* Tue Mar 14 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-2
+- Fix credential renewal and impersonator checking for m_a_g
+
+* Tue Mar 07 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-1
+- New upstream release - 0.7.0
+
+* Mon Mar 06 2017 Robbie Harwood <rharwood@redhat.com> - 0.6.2-4
+- Actually apply the patches I just added
+- Also include a Coverity fix.
+
+* Tue Feb 28 2017 Robbie Harwood <rharwood@redhat.com> - 0.6.2-2
+- Include other non-null fix and various things from master
+
+* Thu Feb 23 2017 Robbie Harwood <rharwood@redhat.com> - 0.6.2-1
+- Fix incorrect use of non-null string in xdr
+- Also move version number to better reflect what is inside
+
+* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.1-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Mon Jan 23 2017 Robbie Harwood <rharwood@redhat.com> - 0.6.1-2
+- Fix allocation issue of cred store
+- Resolves: #1415400
+
+* Fri Jan 20 2017 Robbie Harwood <rharwood@redhat.com> - 0.6.1-1
+- New upstream release v0.6.1
+- Resolves: #1415090
+
+* Wed Jan 18 2017 Robbie Harwood <rharwood@redhat.com> - 0.6.0-1
+- New upstream release v0.6.0
+
+* Tue Sep 27 2016 Robbie Harwood <rharwood@redhat.com> - 0.5.1-3
+- Adjust libverto dependency to not use a specific backend
+- Resolves: #1379812
+
+* Tue Jun 14 2016 Robbie Harwood <rharwood@redhat.com> - 0.5.1-2
+- Own /var/lib/gssproxy/rcache
+
+* Mon Jun 13 2016 Robbie Harwood <rharwood@redhat.com> - 0.5.1-1
+- Update to upstream release v0.5.1
+- Resolves: #1345871
+
+* Tue Jun 07 2016 Robbie Harwood <rharwood@redhat.com> - 0.5.0-5
+- Acquire new socket for fork/permission drops on clients
+
+* Mon May 09 2016 Robbie Harwood <rharwood@redhat.com> - 0.5.0-4
+- Do not package mod_auth_gssapi conf file
+  - This ensures gssproxy works even when the apache user does not exist
+
+* Thu May 05 2016 Robbie Harwood <rharwood@redhat.com> - 0.5.0-3
+- Ensure we actually package the config files
+
+* Thu May 05 2016 Simo Sorce <simo@redhat.com> - 0.5.0-2
+- Fix typo in requires
+
+* Wed May 04 2016 Robbie Harwood <rharwood@redhat.com> - 0.5.0-1
+- Release new upstream version
+- Bump ini_config version for `ini_config_augment()`
+
+* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.4.1-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Wed Dec 16 2015 Robbie Harwood <rharwood@redhat.com> - 0.4.1-4
+- Fix issues with 1.14
+- Fix bogus date in changelog (March 30 2015 was a Monday)
+
+* Wed Oct 21 2015 Robbie Harwood <rharwood@redhat.com> - 0.4.1-3
+- Clear message buffer to fix segfault on arm
+- resolves: #1235902
+
+* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.4.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Mon Mar 30 2015 Simo Sorce <simo@redhat.com> 0.4.1-1
+- New upstream release
+- Fix issues with paths in config files
+
+* Tue Mar 24 2015 Simo Sorce <simo@redhat.com> 0.4.0-2
+- Workaround rawhide bug (bz1204646) with krb5-config by switching to
+  pkg-config (patch from upstream)
+
+* Tue Mar 24 2015 Simo Sorce <simo@redhat.com> 0.4.0-1
+- New upstream realease
+  Added optional support for running GSS-Proxy as an unprivileged user
+  Uses new /etc/gss/mech.d configuration directory for gss mechanisms
+  Kernel related fixes
+  General bug fixing, many minor errors or incorrect behaviours have been corrected
+- drop all patches, they are all included upstream
+
+* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.1-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
+
+* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.1-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Thu May 29 2014 Simo Sorce <simo@redhat.com> 0.3.1-2
+- Rebuild as new ding-libs brings in soname bump
+
+* Thu Mar 13 2014 Guenther Deschner <gdeschner@redhat.com> 0.3.1-1
+- Fix flags handling in gss_init_sec_context()
+- resolves: https://fedorahosted.org/gss-proxy/ticket/112
+- Fix nfsd startup
+- resolves: https://fedorahosted.org/gss-proxy/ticket/114
+- Fix potential mutex deadlock
+- resolves: https://fedorahosted.org/gss-proxy/ticket/120
+- Fix segfault in gssi_inquire_context
+- resolves: https://fedorahosted.org/gss-proxy/ticket/117
+- resolves: #1061133
+
+* Tue Nov 26 2013 Guenther Deschner <gdeschner@redhat.com> 0.3.1-0
+- New upstream release 0.3.1:
+  * Fix use of gssproxy for client initiation
+  * Add new enforcing and filtering options for context initialization
+  * Fix potential thread safety issues
+- resolves: https://fedorahosted.org/gss-proxy/ticket/110
+- resolves: https://fedorahosted.org/gss-proxy/ticket/111
+
+* Tue Nov 19 2013 Guenther Deschner <gdeschner@redhat.com> 0.3.0-3
+- Fix flags handling in gss_init_sec_context()
+- resolves: https://fedorahosted.org/gss-proxy/ticket/106
+- Fix OID handling in gss_inquire_cred_by_mech()
+- resolves: https://fedorahosted.org/gss-proxy/ticket/107
+- Fix continuation processing for not yet fully established contexts.
+- resolves: https://fedorahosted.org/gss-proxy/ticket/108
+- Add flags filtering and flags enforcing.
+- resolves: https://fedorahosted.org/gss-proxy/ticket/109
+
+* Wed Oct 23 2013 Guenther Deschner <gdeschner@redhat.com> 0.3.0-0
+- New upstream release 0.3.0:
+  * Add support for impersonation (depends on s4u2self/s4u2proxy on the KDC)
+  * Add support for new rpc.gssd mode of operation that forks and changes uid
+  * Add 2 new options allow_any_uid and cred_usage
+
+* Fri Oct 18 2013 Guenther Deschner <gdeschner@redhat.com> 0.2.3-8
+- Fix default proxymech documentation and fix LOCAL_FIRST implementation
+- resolves: https://fedorahosted.org/gss-proxy/ticket/105
+
+* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.2.3-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
+
+* Wed Jul 24 2013 Guenther Deschner <gdeschner@redhat.com> 0.2.3-6
+- Add better default gssproxy.conf file for nfs client and server usage
+
+* Thu Jun 06 2013 Guenther Deschner <gdeschner@redhat.com> 0.2.3-5
+- New upstream release
+
+* Fri May 31 2013 Guenther Deschner <gdeschner@redhat.com> 0.2.2-5
+- Require libverto-tevent to make sure libverto initialization succeeds
+
+* Wed May 29 2013 Guenther Deschner <gdeschner@redhat.com> 0.2.2-4
+- Modify systemd unit files for nfs-secure services
+
+* Wed May 22 2013 Guenther Deschner <gdeschner@redhat.com> 0.2.2-3
+- Fix cred_store handling w/o client keytab
+
+* Thu May 16 2013 Guenther Deschner <gdeschner@redhat.com> 0.2.2-2
+- New upstream release
+
+* Tue May 07 2013 Guenther Deschner <gdeschner@redhat.com> 0.2.1-2
+- New upstream release
+
+* Wed Apr 24 2013 Guenther Deschner <gdeschner@redhat.com> 0.2.0-1
+- New upstream release
+
+* Mon Apr 01 2013 Simo Sorce <simo@redhat.com> - 0.1.0-0
+- New upstream release
+
+* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.0.3-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+
+* Tue Nov 06 2012 Guenther Deschner <gdeschner@redhat.com> 0.0.3-7
+- Update to 0.0.3
+
+* Wed Aug 22 2012 Guenther Deschner <gdeschner@redhat.com> 0.0.2-6
+- Use new systemd-rpm macros
+- resolves: #850139
+
+* Wed Jul 18 2012 Guenther Deschner <gdeschner@redhat.com> 0.0.2-5
+- More spec file fixes
+
+* Mon Jul 16 2012 Guenther Deschner <gdeschner@redhat.com> 0.0.2-4
+- Fix systemd service file
+
+* Fri Jul 13 2012 Guenther Deschner <gdeschner@redhat.com> 0.0.2-3
+- Fix various packaging issues
+
+* Mon Jul 02 2012 Guenther Deschner <gdeschner@redhat.com> 0.0.1-2
+- Add systemd packaging
+
+* Wed Mar 28 2012 Guenther Deschner <gdeschner@redhat.com> 0.0.1-1
+- Various fixes
+
+* Mon Dec 12 2011 Simo Sorce <simo@redhat.com> - 0.0.2-0
+- Automated build of the gssproxy daemon

sources

@@ -0,0 +1,2 @@
+SHA512 (rwtab) = 35bf5dda822a025fa4f3c94095abd3ff5279dc263ec870e74517a3eb1a3b331bb71d8894f65dc1b129aefcc3eae9c38033ba6ec41289b5b1abeffeddfb1ac86f
+SHA512 (gssproxy-0.8.3.tar.gz) = 144b10ec4e19ad2ded5ae57adf1ca311e2fc6c2b97e202eedde69d82c8d50afc0459ac36c7fc5d5290184eb68547a696b33e8a069fde43478104ac26b2c98bc2