commit 6da16387876825932a6b22e3e78d1d91011de911 Author: MSVSphere Packaging Team Date: Tue Nov 26 16:17:50 2024 +0300 import gssproxy-0.9.2-7.el10 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..940348e --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/gssproxy-0.9.2.tar.gz diff --git a/.gssproxy.metadata b/.gssproxy.metadata new file mode 100644 index 0000000..078f5ca --- /dev/null +++ b/.gssproxy.metadata @@ -0,0 +1 @@ +7e2f5f24964237d7dc5ccc0271052a689e21975b SOURCES/gssproxy-0.9.2.tar.gz diff --git a/SOURCES/0001-Fix-various-issues-detected-by-static-analysis.patch b/SOURCES/0001-Fix-various-issues-detected-by-static-analysis.patch new file mode 100644 index 0000000..123e087 --- /dev/null +++ b/SOURCES/0001-Fix-various-issues-detected-by-static-analysis.patch @@ -0,0 +1,173 @@ +From bc36b704fa426a6dcbd9ea0518697b4072a466e1 Mon Sep 17 00:00:00 2001 +From: Julien Rische +Date: Tue, 6 Aug 2024 10:38:01 +0200 +Subject: [PATCH] Fix various issues detected by static analysis + +Signed-off-by: Julien Rische +(cherry picked from commit be676f3c6338971d953c8da52f4172040c5e06a4) +--- + src/client/gpm_accept_sec_context.c | 1 + + src/gp_creds.c | 1 + + src/gp_rpc_init_sec_context.c | 2 ++ + tests/interposetest.c | 5 +++-- + tests/t_accept.c | 2 +- + tests/userproxytest.c | 35 +++++++++++++++++------------ + 6 files changed, 29 insertions(+), 17 deletions(-) + +diff --git a/src/client/gpm_accept_sec_context.c b/src/client/gpm_accept_sec_context.c +index ab20b03..d508615 100644 +--- a/src/client/gpm_accept_sec_context.c ++++ b/src/client/gpm_accept_sec_context.c +@@ -105,6 +105,7 @@ OM_uint32 gpm_accept_sec_context(OM_uint32 *minor_status, + if (outbuf) { + *output_token = *outbuf; + free(outbuf); ++ outbuf = NULL; + } + if (ret_flags) { + *ret_flags = ctx->ctx_flags; +diff --git a/src/gp_creds.c b/src/gp_creds.c +index 843d1a3..1a0258a 100644 +--- a/src/gp_creds.c ++++ b/src/gp_creds.c +@@ -800,6 +800,7 @@ done: + gss_release_cred(&discard, &user_cred); + gss_release_name(&discard, &target_name); + gss_delete_sec_context(&discard, &initiator_context, NULL); ++ gss_delete_sec_context(&discard, &acceptor_context, NULL); + gss_release_buffer(&discard, &init_token); + gss_release_buffer(&discard, &accept_token); + gss_release_name(&discard, &req_name); +diff --git a/src/gp_rpc_init_sec_context.c b/src/gp_rpc_init_sec_context.c +index f362dbc..7fe7365 100644 +--- a/src/gp_rpc_init_sec_context.c ++++ b/src/gp_rpc_init_sec_context.c +@@ -33,6 +33,7 @@ int gp_init_sec_context(struct gp_call_ctx *gpcall, + }; + uint32_t gccn_before = 0; + uint32_t gccn_after = 0; ++ uint32_t discard; + int ret; + + isca = &arg->init_sec_context; +@@ -192,6 +193,7 @@ done: + + GPRPCDEBUG(gssx_res_init_sec_context, iscr); + ++ gss_delete_sec_context(&discard, &ctx, NULL); + gss_release_name(&ret_min, &target_name); + gss_release_oid(&ret_min, &mech_type); + gss_release_cred(&ret_min, &ich); +diff --git a/tests/interposetest.c b/tests/interposetest.c +index 0cdd473..7ab8ecc 100644 +--- a/tests/interposetest.c ++++ b/tests/interposetest.c +@@ -377,7 +377,7 @@ void run_server(struct aproc *data) + uint32_t ret_min; + gss_ctx_id_t context_handle = GSS_C_NO_CONTEXT; + gss_cred_id_t cred_handle = GSS_C_NO_CREDENTIAL; +- gss_name_t src_name; ++ gss_name_t src_name = GSS_C_NO_NAME; + gss_buffer_desc out_token = GSS_C_EMPTY_BUFFER; + gss_cred_id_t deleg_cred = GSS_C_NO_CREDENTIAL; + gss_OID_set mech_set = GSS_C_NO_OID_SET; +@@ -591,7 +591,8 @@ void run_server(struct aproc *data) + goto done; + } + +- fprintf(stdout, "Server, RECV: %s\n", (char *)out_token.value); ++ fprintf(stdout, "Server, RECV: %*s\n", (int)out_token.length, ++ (char *)out_token.value); + + gss_release_buffer(&ret_min, &out_token); + +diff --git a/tests/t_accept.c b/tests/t_accept.c +index 3afb7ac..8a663fe 100644 +--- a/tests/t_accept.c ++++ b/tests/t_accept.c +@@ -9,7 +9,7 @@ int main(int argc, const char *argv[]) + gss_ctx_id_t context_handle = GSS_C_NO_CONTEXT; + gss_buffer_desc in_token = GSS_C_EMPTY_BUFFER; + gss_buffer_desc out_token = GSS_C_EMPTY_BUFFER; +- gss_name_t src_name; ++ gss_name_t src_name = GSS_C_NO_NAME; + uint32_t ret_maj; + uint32_t ret_min; + int ret = -1; +diff --git a/tests/userproxytest.c b/tests/userproxytest.c +index 8aea41a..8c863c6 100644 +--- a/tests/userproxytest.c ++++ b/tests/userproxytest.c +@@ -33,14 +33,19 @@ int mock_activation_sockets(void) + unlink(addr.sun_path); + + fd = socket(AF_UNIX, SOCK_STREAM, 0); +- if (fd == -1) return -1; ++ if (fd == -1) { ++ ret = -1; ++ goto done; ++ } + + ret = bind(fd, (struct sockaddr *)&addr, sizeof(addr)); +- if (ret == -1) return -1; ++ if (ret == -1) goto done; + + ret = listen(fd, 1); +- if (ret == -1) return -1; ++ if (ret == -1) goto done; + ++done: ++ if (ret == -1) close(fd); + return 0; + } + +@@ -75,19 +80,19 @@ int wait_and_check_output(int outfd, int timeout) + useconds_t interval = 100 * 1000; /* 100 msec */ + char outbuf[1024]; + char *line; +- FILE *out; +- int ret; ++ FILE *out = NULL; ++ int err, ret = -1; + + /* make pipe non blocking */ +- ret = fcntl(outfd, F_SETFL, O_NONBLOCK); +- if (ret) return -1; ++ err = fcntl(outfd, F_SETFL, O_NONBLOCK); ++ if (err) goto done; + + out = fdopen(outfd, "r"); +- if (!out) return -1; ++ if (!out) goto done; + + while (now < start + timeout) { +- ret = usleep(interval); +- if (ret) return -1; ++ err = usleep(interval); ++ if (err) goto done; + + line = fgets(outbuf, 1023, out); + if (line) { +@@ -101,13 +106,15 @@ int wait_and_check_output(int outfd, int timeout) + now = time(NULL); + } + +- fclose(out); +- + for (int i = 0; checks[i].match != NULL; i++) { +- if (checks[i].matched == false) return -1; ++ if (checks[i].matched == false) goto done; + } + +- return 0; ++ ret = 0; ++ ++done: ++ if (out) fclose(out); ++ return ret; + } + + int child(int outpipe[]) +-- +2.45.2 + diff --git a/SOURCES/0002-Make-systemd-use-0700-mode-on-cache-folders.patch b/SOURCES/0002-Make-systemd-use-0700-mode-on-cache-folders.patch new file mode 100644 index 0000000..b1fd196 --- /dev/null +++ b/SOURCES/0002-Make-systemd-use-0700-mode-on-cache-folders.patch @@ -0,0 +1,31 @@ +From 25147fe553525762f5dc9fcddb6ec92071fdcd3d Mon Sep 17 00:00:00 2001 +From: Julien Rische +Date: Wed, 7 Aug 2024 10:27:39 +0200 +Subject: [PATCH] Make systemd use 0700 mode on cache folders + +The provided gssproxy.service unit configures /var/lib/gssproxy/clients +and /var/lib/gssproxy/rcache as "StateDirectory". However, systemd +applies mode 0755 by default on such folders. "StateDirectoryMode" has +to be set too to restrict access to root only. + +Signed-off-by: Julien Rische +(cherry picked from commit b954728937c09a40409279d1247679aa5d39c7c8) +--- + systemd/gssproxy.service.in | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/systemd/gssproxy.service.in b/systemd/gssproxy.service.in +index 14d2185..b8f1f77 100644 +--- a/systemd/gssproxy.service.in ++++ b/systemd/gssproxy.service.in +@@ -6,6 +6,7 @@ Before=rpc-gssd.service + + [Service] + StateDirectory=gssproxy/clients gssproxy/rcache ++StateDirectoryMode=0700 + Environment=KRB5RCACHEDIR=/var/lib/gssproxy/rcache + ExecStart=@sbindir@/gssproxy -D + # These two should be used with traditional UNIX forking daemons +-- +2.45.2 + diff --git a/SOURCES/gssproxy.sock.compat.conf b/SOURCES/gssproxy.sock.compat.conf new file mode 100644 index 0000000..264b4d4 --- /dev/null +++ b/SOURCES/gssproxy.sock.compat.conf @@ -0,0 +1 @@ +L /var/lib/gssproxy/default.sock - - - - /run/gssproxy.default.sock diff --git a/SOURCES/rwtab b/SOURCES/rwtab new file mode 100644 index 0000000..f4cdfb5 --- /dev/null +++ b/SOURCES/rwtab @@ -0,0 +1 @@ +dirs /var/lib/gssproxy diff --git a/SPECS/gssproxy.spec b/SPECS/gssproxy.spec new file mode 100644 index 0000000..8364fd6 --- /dev/null +++ b/SPECS/gssproxy.spec @@ -0,0 +1,569 @@ +## START: Set by rpmautospec +## (rpmautospec version 0.6.5) +## RPMAUTOSPEC: autorelease, autochangelog +%define autorelease(e:s:pb:n) %{?-p:0.}%{lua: + release_number = 7; + base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}")); + print(release_number + base_release_number - 1); +}%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}} +## END: Set by rpmautospec + +Name: gssproxy + +Version: 0.9.2 +Release: %autorelease +Summary: GSSAPI Proxy + +License: MIT +URL: https://github.com/gssapi/gssproxy +Source0: https://github.com/gssapi/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.gz +Source1: rwtab +Source2: gssproxy.sock.compat.conf + +%global servicename gssproxy +%global pubconfpath %{_sysconfdir}/gssproxy +%global gpstatedir %{_localstatedir}/lib/gssproxy +%global gpsockpath %{_rundir}/gssproxy.default.sock + +### Patches ### +Patch0001: 0001-Fix-various-issues-detected-by-static-analysis.patch +Patch0002: 0002-Make-systemd-use-0700-mode-on-cache-folders.patch + +### Dependencies ### +Requires: krb5-libs >= 1.12.0 +Requires: keyutils-libs +Requires: libverto-module-base +Requires: libini_config >= 1.2.0 +Requires(post): systemd-units +Requires(preun): systemd-units +Requires(postun): systemd-units + +# We use a Conflicts: here so as not to interfere with users who make +# their own policy. The version is the last time someone has filed a +# bug about gssproxy being broken with selinux. +Conflicts: selinux-policy < 3.13.1-283.5 + +### Build Dependencies ### +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: docbook-style-xsl +BuildRequires: doxygen +BuildRequires: findutils +BuildRequires: gettext-devel +BuildRequires: git +BuildRequires: keyutils-libs-devel +BuildRequires: krb5-devel >= 1.12.0 +BuildRequires: libini_config-devel >= 1.2.0 +BuildRequires: libselinux-devel +BuildRequires: libtool +BuildRequires: libverto-devel +BuildRequires: libxml2 +BuildRequires: libxslt +BuildRequires: make +BuildRequires: m4 +BuildRequires: pkgconfig +BuildRequires: popt-devel +BuildRequires: systemd-units + +%description +A proxy for GSSAPI credential handling + +%prep +%autosetup -S git + +%build +autoreconf -f -i +%configure \ + --with-pubconf-path=%{pubconfpath} \ + --with-socket-name=%{gpsockpath} \ + --with-initscript=systemd \ + --disable-static \ + --disable-rpath \ + --with-gpp-default-behavior=REMOTE_FIRST + +make %{?_smp_mflags} all +make test_proxymech + +%install +rm -rf %{buildroot} +make install DESTDIR=%{buildroot} +rm -f %{buildroot}%{_libdir}/gssproxy/proxymech.la +install -d -m755 %{buildroot}%{_sysconfdir}/gssproxy +install -m644 examples/gssproxy.conf %{buildroot}%{_sysconfdir}/gssproxy/gssproxy.conf +install -m644 examples/99-network-fs-clients.conf %{buildroot}%{_sysconfdir}/gssproxy/99-network-fs-clients.conf +mkdir -p -m755 %{buildroot}%{_sysconfdir}/gss/mech.d +install -m644 examples/proxymech.conf %{buildroot}%{_sysconfdir}/gss/mech.d/proxymech.conf +mkdir -p %{buildroot}%{gpstatedir}/rcache +mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/rwtab.d +mkdir -p $RPM_BUILD_ROOT/%{_tmpfilesdir} +install -m644 %{SOURCE1} $RPM_BUILD_ROOT/%{_sysconfdir}/rwtab.d/gssproxy +install -m644 %{SOURCE2} $RPM_BUILD_ROOT/%{_tmpfilesdir}/%{name}.conf +ln -s %{gpsockpath} %{buildroot}%{gpstatedir}/default.sock + +%files +%license COPYING +%{_unitdir}/gssproxy.service +%{_userunitdir}/gssuserproxy.service +%{_userunitdir}/gssuserproxy.socket +%{_sbindir}/gssproxy +%attr(755,root,root) %dir %{pubconfpath} +%attr(755,root,root) %dir %{gpstatedir} +%attr(700,root,root) %dir %{gpstatedir}/clients +%attr(700,root,root) %dir %{gpstatedir}/rcache +%attr(0600,root,root) %config(noreplace) /%{_sysconfdir}/gssproxy/gssproxy.conf +%attr(0600,root,root) %config(noreplace) /%{_sysconfdir}/gssproxy/99-network-fs-clients.conf +%attr(0644,root,root) %config(noreplace) /%{_sysconfdir}/gss/mech.d/proxymech.conf +%dir %{_libdir}/gssproxy +%{_libdir}/gssproxy/proxymech.so +%{_mandir}/man5/gssproxy.conf.5* +%{_mandir}/man8/gssproxy.8* +%{_mandir}/man8/gssproxy-mech.8* +%config(noreplace) %{_sysconfdir}/rwtab.d/gssproxy +%{gpstatedir}/default.sock +%{_tmpfilesdir}/%{name}.conf + +%pre +if [ -S %{gpstatedir}/default.sock ]; then + rm -f %{gpstatedir}/default.sock +fi + +%post +%systemd_post gssproxy.service + +%preun +%systemd_preun gssproxy.service + +%postun +%systemd_postun_with_restart gssproxy.service + +%changelog +## START: Generated by rpmautospec +* Thu Aug 08 2024 Julien Rische - 0.9.2-7 +- Make systemd use 0700 mode on cache folders + +* Thu Aug 08 2024 Julien Rische - 0.9.2-6 +- Fix various issues detected by static analysis + +* Tue Jul 02 2024 Sudhir Menon - 0.9.2-5 +- Added tests and gating.yaml for gssproxy + +* Mon Jun 24 2024 Troy Dawson - 0.9.2-4 +- Bump release for June 2024 mass rebuild + +* Wed Jan 24 2024 Fedora Release Engineering - 0.9.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Sat Jan 20 2024 Fedora Release Engineering - 0.9.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Thu Oct 19 2023 Simo Sorce - 0.9.2-1 +- Update to 0.9.2 + +* Thu Jul 20 2023 Fedora Release Engineering - 0.9.1-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Thu Jan 19 2023 Fedora Release Engineering - 0.9.1-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Thu Jul 21 2022 Fedora Release Engineering - 0.9.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Tue Jun 07 2022 Simo Sorce - 0.9.1-3 +- Move rwtab to git + +* Tue Jun 07 2022 Simo Sorce - 0.9.1-2 +- Drop unused patches + +* Mon Jun 06 2022 Simo Sorce - 0.9.1-1 +- Update to new 0.9.1 relase + +* Thu Jan 20 2022 Fedora Release Engineering - 0.8.4-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Mon Nov 1 2021 Simo Sorce - 0.8.4-6 +- Fix tmpfiles conf file + +* Mon Sep 20 2021 Simo Sorce - 0.8.4-5 +- Move default socket to the rundir +- Resolves: #1853293 + +* Thu Jul 22 2021 Fedora Release Engineering - 0.8.4-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek - 0.8.4-3 +- Rebuilt for updated systemd-rpm-macros + See https://pagure.io/fesco/issue/2583. + +* Tue Jan 26 2021 Fedora Release Engineering - 0.8.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Wed Jan 13 2021 Robbie Harwood - 0.8.4-1 +- New upstream release (0.8.4) + +* Thu Oct 29 2020 Robbie Harwood - 0.8.3-6 +- Leak fix pullup + +* Mon Oct 12 2020 Robbie Harwood - 0.8.3-5 +- Document config file non-merging + +* Wed Aug 26 2020 Robbie Harwood - 0.8.3-4 +- Fix leak of mech OID in gssi_inquire_context() + +* Fri Jul 31 2020 Robbie Harwood - 0.8.3-3 +- Avoid leak of special mechs in gss_mech_interposer() + +* Tue Jul 28 2020 Fedora Release Engineering - 0.8.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Fri Apr 17 2020 Robbie Harwood - 0.8.3-1 +- New upstream release (0.8.3) + +* Wed Jan 29 2020 Fedora Release Engineering - 0.8.2-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Tue Jan 07 2020 Robbie Harwood - 0.8.2-7 +- Delay gssproxy start until after network.target + +* Thu Oct 31 2019 Robbie Harwood - 0.8.2-6 +- Make syslog of call status configurable + +* Thu Jul 25 2019 Fedora Release Engineering - 0.8.2-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Mon Jul 15 2019 Robbie Harwood - 0.8.2-4 +- Replace /var/run -> /run in gssproxy.service +- Resolves: #1729739 + +* Fri May 03 2019 Robbie Harwood - 0.8.2-3 +- Update NFS service name in systemd unit +- Resolves: #1702443 + +* Wed May 01 2019 Robbie Harwood - 0.8.2-2 +- Avoid uninitialized free when allocating buffers + +* Thu Apr 18 2019 Robbie Harwood - 0.8.2-1 +- New usptream version (0.8.2) + +* Tue Apr 16 2019 Robbie Harwood - 0.8.1-11 +- New upstream version (0.8.1) +- Resolves: #1700541 + +* Mon Mar 18 2019 Robbie Harwood - 0.8.0-11 +- Fix gssproxy blocking inside epoll_wait() due to kernel race + +* Fri Feb 01 2019 Fedora Release Engineering - 0.8.0-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Tue Dec 11 2018 Robbie Harwood - 0.8.0-9 +- Add hack to support read-only root + +* Tue Oct 02 2018 Robbie Harwood - 0.8.0-8 +- Update docs to reflect actual behavior of krb5_principal + +* Thu Sep 20 2018 Robbie Harwood - 0.8.0-7 +- Use pthread keys for thread local storage + +* Fri Aug 03 2018 Robbie Harwood - 0.8.0-6 +- Don't leak sock_ctx if verto_add_io() fails + +* Fri Jul 13 2018 Fedora Release Engineering - 0.8.0-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Thu Apr 12 2018 Robbie Harwood - 0.8.0-4 +- Drop patch level by one (woo!) + +* Thu Apr 12 2018 Robbie Harwood - 0.8.0-3 +- Always choose highest requested debug level +- Update man pages about debugging + +* Tue Feb 27 2018 Robbie Harwood - 0.8.0-2 +- Always use the encype we selected + +* Fri Feb 09 2018 Robbie Harwood - 0.8.0-1 +- Release version 0.8.0 + +* Wed Feb 07 2018 Fedora Release Engineering - 0.7.0-30 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Wed Dec 13 2017 Robbie Harwood - 0.7.0-29 +- Conditionally reload kernel interface on SIGHUP + +* Tue Dec 12 2017 Robbie Harwood - 0.7.0-28 +- Fixup previous + +* Tue Dec 12 2017 Robbie Harwood - 0.7.0-27 +- More code hygeine fixes from upstream +- Reorder patches to match el7 + +* Tue Dec 05 2017 Robbie Harwood - 0.7.0-26 +- Properly initialize ccaches before storing into them + +* Fri Dec 01 2017 Robbie Harwood - 0.7.0-25 +- Properly locate credentials in collection caches in mechglue + +* Tue Oct 31 2017 Robbie Harwood - 0.7.0-24 +- Only empty FILE ccaches when storing remote creds + +* Mon Oct 30 2017 Robbie Harwood - 0.7.0-23 +- Fix error message handling in gp_config_from_dir() + +* Fri Oct 27 2017 Robbie Harwood - 0.7.0-22 +- Fix concurrency issue in server socket handling + +* Mon Oct 02 2017 Robbie Harwood - 0.7.0-21 +- Off-by-one error fix in selinux-policy version + +* Mon Oct 02 2017 Robbie Harwood - 0.7.0-20 +- Change selinux-policy versioning to Conflicts + +* Fri Sep 29 2017 Robbie Harwood - 0.7.0-19 +- Add explicit selinux-policy dependency after some fixes + +* Fri Sep 29 2017 Robbie Harwood - 0.7.0-18 +- Fix silent death if config file has duplicate sections + +* Thu Sep 21 2017 Robbie Harwood - 0.7.0-17 +- Handle outdated encrypted ccaches + +* Fri Sep 15 2017 Robbie Harwood - 0.7.0-16 +- Backport updates to epoll logic + +* Tue Sep 12 2017 Robbie Harwood - 0.7.0-15 +- Backport two security fixes + +* Tue Aug 22 2017 Robbie Harwood - 0.7.0-14 +- Non-blocking IO + Extended request debug logging + +* Sun Aug 20 2017 Ville Skyttä - 0.7.0-13 +- Own the %%{_libdir}/gssproxy dir +- Mark COPYING as %%license + +* Mon Jul 31 2017 Robbie Harwood - 0.7.0-12 +- Add client ID to debug messages +- Move packaging to autosetup + +* Wed Jul 26 2017 Fedora Release Engineering - 0.7.0-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Mon Jun 19 2017 Robbie Harwood - 0.7.0-10 + - Fix potential explicit NULL deref of program name + +* Thu May 25 2017 Robbie Harwood - 0.7.0-9 +- Make proc failure loud but nonfatal + +* Wed May 24 2017 Robbie Harwood - 0.7.0-8 +- Remove (buggy?) logic around NFS snippet. + +* Wed May 17 2017 Robbie Harwood - 0.7.0-7 +- Remove NFS server stanza if nfs-utils not present +- Also update gcc7 patch to match upstream + +* Tue May 16 2017 Robbie Harwood - 0.7.0-6 +- Fix segfault when no configuration files are found +- Various build fixes for gcc7 + +* Mon May 01 2017 Robbie Harwood - 0.7.0-5 +- Update systemd unit file (nfs removal, reload capability) + +* Mon Apr 03 2017 Robbie Harwood - 0.7.0-4 +- Backport fix for double unlock + +* Tue Mar 28 2017 Robbie Harwood - 0.7.0-3 +- Drop NFS server snippet (removes dependency on nfs kernel component) + +* Tue Mar 14 2017 Robbie Harwood - 0.7.0-2 +- Fix credential renewal and impersonator checking for m_a_g + +* Tue Mar 07 2017 Robbie Harwood - 0.7.0-1 +- New upstream release - 0.7.0 + +* Mon Mar 06 2017 Robbie Harwood - 0.6.2-4 +- Actually apply the patches I just added +- Also include a Coverity fix. + +* Tue Feb 28 2017 Robbie Harwood - 0.6.2-2 +- Include other non-null fix and various things from master + +* Thu Feb 23 2017 Robbie Harwood - 0.6.2-1 +- Fix incorrect use of non-null string in xdr +- Also move version number to better reflect what is inside + +* Fri Feb 10 2017 Fedora Release Engineering - 0.6.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Mon Jan 23 2017 Robbie Harwood - 0.6.1-2 +- Fix allocation issue of cred store +- Resolves: #1415400 + +* Fri Jan 20 2017 Robbie Harwood - 0.6.1-1 +- New upstream release v0.6.1 +- Resolves: #1415090 + +* Wed Jan 18 2017 Robbie Harwood - 0.6.0-1 +- New upstream release v0.6.0 + +* Tue Sep 27 2016 Robbie Harwood - 0.5.1-3 +- Adjust libverto dependency to not use a specific backend +- Resolves: #1379812 + +* Tue Jun 14 2016 Robbie Harwood - 0.5.1-2 +- Own /var/lib/gssproxy/rcache + +* Mon Jun 13 2016 Robbie Harwood - 0.5.1-1 +- Update to upstream release v0.5.1 +- Resolves: #1345871 + +* Tue Jun 07 2016 Robbie Harwood - 0.5.0-5 +- Acquire new socket for fork/permission drops on clients + +* Mon May 09 2016 Robbie Harwood - 0.5.0-4 +- Do not package mod_auth_gssapi conf file + - This ensures gssproxy works even when the apache user does not exist + +* Thu May 05 2016 Robbie Harwood - 0.5.0-3 +- Ensure we actually package the config files + +* Thu May 05 2016 Simo Sorce - 0.5.0-2 +- Fix typo in requires + +* Wed May 04 2016 Robbie Harwood - 0.5.0-1 +- Release new upstream version +- Bump ini_config version for `ini_config_augment()` + +* Wed Feb 03 2016 Fedora Release Engineering - 0.4.1-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Dec 16 2015 Robbie Harwood - 0.4.1-4 +- Fix issues with 1.14 +- Fix bogus date in changelog (March 30 2015 was a Monday) + +* Wed Oct 21 2015 Robbie Harwood - 0.4.1-3 +- Clear message buffer to fix segfault on arm +- resolves: #1235902 + +* Wed Jun 17 2015 Fedora Release Engineering - 0.4.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Mon Mar 30 2015 Simo Sorce 0.4.1-1 +- New upstream release +- Fix issues with paths in config files + +* Tue Mar 24 2015 Simo Sorce 0.4.0-2 +- Workaround rawhide bug (bz1204646) with krb5-config by switching to + pkg-config (patch from upstream) + +* Tue Mar 24 2015 Simo Sorce 0.4.0-1 +- New upstream realease + Added optional support for running GSS-Proxy as an unprivileged user + Uses new /etc/gss/mech.d configuration directory for gss mechanisms + Kernel related fixes + General bug fixing, many minor errors or incorrect behaviours have been corrected +- drop all patches, they are all included upstream + +* Sat Aug 16 2014 Fedora Release Engineering - 0.3.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sat Jun 07 2014 Fedora Release Engineering - 0.3.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Thu May 29 2014 Simo Sorce 0.3.1-2 +- Rebuild as new ding-libs brings in soname bump + +* Thu Mar 13 2014 Guenther Deschner 0.3.1-1 +- Fix flags handling in gss_init_sec_context() +- resolves: https://fedorahosted.org/gss-proxy/ticket/112 +- Fix nfsd startup +- resolves: https://fedorahosted.org/gss-proxy/ticket/114 +- Fix potential mutex deadlock +- resolves: https://fedorahosted.org/gss-proxy/ticket/120 +- Fix segfault in gssi_inquire_context +- resolves: https://fedorahosted.org/gss-proxy/ticket/117 +- resolves: #1061133 + +* Tue Nov 26 2013 Guenther Deschner 0.3.1-0 +- New upstream release 0.3.1: + * Fix use of gssproxy for client initiation + * Add new enforcing and filtering options for context initialization + * Fix potential thread safety issues +- resolves: https://fedorahosted.org/gss-proxy/ticket/110 +- resolves: https://fedorahosted.org/gss-proxy/ticket/111 + +* Tue Nov 19 2013 Guenther Deschner 0.3.0-3 +- Fix flags handling in gss_init_sec_context() +- resolves: https://fedorahosted.org/gss-proxy/ticket/106 +- Fix OID handling in gss_inquire_cred_by_mech() +- resolves: https://fedorahosted.org/gss-proxy/ticket/107 +- Fix continuation processing for not yet fully established contexts. +- resolves: https://fedorahosted.org/gss-proxy/ticket/108 +- Add flags filtering and flags enforcing. +- resolves: https://fedorahosted.org/gss-proxy/ticket/109 + +* Wed Oct 23 2013 Guenther Deschner 0.3.0-0 +- New upstream release 0.3.0: + * Add support for impersonation (depends on s4u2self/s4u2proxy on the KDC) + * Add support for new rpc.gssd mode of operation that forks and changes uid + * Add 2 new options allow_any_uid and cred_usage + +* Fri Oct 18 2013 Guenther Deschner 0.2.3-8 +- Fix default proxymech documentation and fix LOCAL_FIRST implementation +- resolves: https://fedorahosted.org/gss-proxy/ticket/105 + +* Sat Aug 03 2013 Fedora Release Engineering - 0.2.3-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Wed Jul 24 2013 Guenther Deschner 0.2.3-6 +- Add better default gssproxy.conf file for nfs client and server usage + +* Thu Jun 06 2013 Guenther Deschner 0.2.3-5 +- New upstream release + +* Fri May 31 2013 Guenther Deschner 0.2.2-5 +- Require libverto-tevent to make sure libverto initialization succeeds + +* Wed May 29 2013 Guenther Deschner 0.2.2-4 +- Modify systemd unit files for nfs-secure services + +* Wed May 22 2013 Guenther Deschner 0.2.2-3 +- Fix cred_store handling w/o client keytab + +* Thu May 16 2013 Guenther Deschner 0.2.2-2 +- New upstream release + +* Tue May 07 2013 Guenther Deschner 0.2.1-2 +- New upstream release + +* Wed Apr 24 2013 Guenther Deschner 0.2.0-1 +- New upstream release + +* Mon Apr 01 2013 Simo Sorce - 0.1.0-0 +- New upstream release + +* Thu Feb 14 2013 Fedora Release Engineering - 0.0.3-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Tue Nov 06 2012 Guenther Deschner 0.0.3-7 +- Update to 0.0.3 + +* Wed Aug 22 2012 Guenther Deschner 0.0.2-6 +- Use new systemd-rpm macros +- resolves: #850139 + +* Wed Jul 18 2012 Guenther Deschner 0.0.2-5 +- More spec file fixes + +* Mon Jul 16 2012 Guenther Deschner 0.0.2-4 +- Fix systemd service file + +* Fri Jul 13 2012 Guenther Deschner 0.0.2-3 +- Fix various packaging issues + +* Mon Jul 02 2012 Guenther Deschner 0.0.1-2 +- Add systemd packaging + +* Wed Mar 28 2012 Guenther Deschner 0.0.1-1 +- Various fixes + +* Mon Dec 12 2011 Simo Sorce - 0.0.2-0 +- Automated build of the gssproxy daemon + +## END: Generated by rpmautospec