rpms
/
gssproxy
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

import gssproxy-0.8.4-6.el9

Browse Source
c9-beta imports/c9-beta/gssproxy-0.8.4-6.el9
MSVSphere Packaging Team 1 year ago
commit fd17c2e700
5 changed files with 643 additions and 0 deletions
Show Stats Download Patch File Download Diff File

1
.gitignore vendored
Unescape View File

@ -0,0 +1 @@
SOURCES/gssproxy-0.8.4.tar.gz

1
.gssproxy.metadata
Unescape View File

@ -0,0 +1 @@
6a20883849aff4de0aa57c4beca5af8a2a1d685e SOURCES/gssproxy-0.8.4.tar.gz

139
SOURCES/0001-Add-an-option-for-minimum-lifetime.patch
Unescape View File

@ -0,0 +1,139 @@
From 7945bd756c5e41ec223c058b2c698809f04f3c77 Mon Sep 17 00:00:00 2001
From: Scott Mayhew <smayhew@redhat.com>
Date: Thu, 2 Sep 2021 12:44:27 -0400
Subject: [PATCH] Add an option for minimum lifetime
It's possible for gssproxy to return a cached credential with a very
small remaining lifetime. This can be problematic for NFS clients since
it requires a round trip to the NFS server to establish a GSS context.
Add a min_lifetime option that represents the lowest value that the
lifetime of the cached credential can be. Any lower than that, and
gp_check_cred() returns GSS_S_CREDENTIALS_EXPIRED, so that
gp_add_krb5_creds() is forced to try to obtain a new credential.
Signed-off-by: Scott Mayhew <smayhew@redhat.com>
---
examples/99-nfs-client.conf.in | 1 +
man/gssproxy.conf.5.xml | 15 +++++++++++++++
src/gp_config.c | 12 ++++++++++++
src/gp_creds.c | 12 ++++++++++--
src/gp_proxy.h | 1 +
5 files changed, 39 insertions(+), 2 deletions(-)
diff --git a/examples/99-nfs-client.conf.in b/examples/99-nfs-client.conf.in
index c0985d9..9dd1891 100644
--- a/examples/99-nfs-client.conf.in
+++ b/examples/99-nfs-client.conf.in
@@ -7,3 +7,4 @@
allow_any_uid = yes
trusted = yes
euid = 0
+ min_lifetime = 60
diff --git a/man/gssproxy.conf.5.xml b/man/gssproxy.conf.5.xml
index 67dce68..f02b1d3 100644
--- a/man/gssproxy.conf.5.xml
+++ b/man/gssproxy.conf.5.xml
@@ -331,6 +331,21 @@
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>min_lifetime (integer)</term>
+ <listitem>
+ <para>Minimum lifetime of a cached credential, in seconds.</para>
+ <para>If non-zero, when gssproxy is deciding whether to use
+ a cached credential, it will compare the lifetime of the
+ cached credential to this value. If the lifetime of the
+ cached credential is lower, gssproxy will treat the cached
+ credential as expired and will attempt to obtain a new
+ credential.
+ </para>
+ <para>Default: min_lifetime = 15</para>
+ </listitem>
+ </varlistentry>
+
<varlistentry>
<term>program (string)</term>
<listitem>
diff --git a/src/gp_config.c b/src/gp_config.c
index 88d5f29..6a6aa90 100644
--- a/src/gp_config.c
+++ b/src/gp_config.c
@@ -32,6 +32,7 @@ struct gp_flag_def flag_names[] = {
#define DEFAULT_FILTERED_FLAGS GSS_C_DELEG_FLAG
#define DEFAULT_ENFORCED_FLAGS 0
+#define DEFAULT_MIN_LIFETIME 15
static void free_str_array(const char ***a, int *count)
{
@@ -538,6 +539,17 @@ static int load_services(struct gp_config *cfg, struct gp_ini_context *ctx)
goto done;
}
}
+
+ cfg->svcs[n]->min_lifetime = DEFAULT_MIN_LIFETIME;
+ ret = gp_config_get_int(ctx, secname, "min_lifetime", &valnum);
+ if (ret == 0) {
+ if (valnum >= 0) {
+ cfg->svcs[n]->min_lifetime = valnum;
+ } else {
+ GPDEBUG("Invalid value '%d' for min_lifetime in [%s], ignoring.\n",
+ valnum, secname);
+ }
+ }
}
safefree(secname);
}
diff --git a/src/gp_creds.c b/src/gp_creds.c
index 92a6f13..843d1a3 100644
--- a/src/gp_creds.c
+++ b/src/gp_creds.c
@@ -492,6 +492,7 @@ done:
}
static uint32_t gp_check_cred(uint32_t *min,
+ struct gp_service *svc,
gss_cred_id_t in_cred,
gssx_name *desired_name,
gss_cred_usage_t cred_usage)
@@ -563,7 +564,14 @@ static uint32_t gp_check_cred(uint32_t *min,
if (lifetime == 0) {
ret_maj = GSS_S_CREDENTIALS_EXPIRED;
} else {
- ret_maj = GSS_S_COMPLETE;
+ if (svc->min_lifetime && lifetime < svc->min_lifetime) {
+ GPDEBUG("%s: lifetime (%u) less than min_lifetime (%u) "
+ "for service \"%s\" - returning\n",
+ __func__, lifetime, svc->min_lifetime, svc->name);
+ ret_maj = GSS_S_CREDENTIALS_EXPIRED;
+ } else {
+ ret_maj = GSS_S_COMPLETE;
+ }
}
done:
@@ -622,7 +630,7 @@ uint32_t gp_add_krb5_creds(uint32_t *min,
* function completely */
/* just check if it is a valid krb5 cred */
- ret_maj = gp_check_cred(&ret_min, in_cred, desired_name, cred_usage);
+ ret_maj = gp_check_cred(&ret_min, gpcall->service, in_cred, desired_name, cred_usage);
if (ret_maj == GSS_S_COMPLETE) {
return GSS_S_COMPLETE;
} else if (ret_maj == GSS_S_CREDENTIALS_EXPIRED ||
diff --git a/src/gp_proxy.h b/src/gp_proxy.h
index 3f58a43..f56d640 100644
--- a/src/gp_proxy.h
+++ b/src/gp_proxy.h
@@ -45,6 +45,7 @@ struct gp_service {
gss_cred_usage_t cred_usage;
uint32_t filter_flags;
uint32_t enforce_flags;
+ uint32_t min_lifetime;
char *program;
uint32_t mechs;
--
2.39.2

1
SOURCES/rwtab
Unescape View File

@ -0,0 +1 @@
dirs /var/lib/gssproxy

501
SPECS/gssproxy.spec
Unescape View File

@ -0,0 +1,501 @@
Name: gssproxy
Version: 0.8.4
Release: 6%{?dist}
Summary: GSSAPI Proxy
License: MIT
URL: https://github.com/gssapi/gssproxy
Source0: https://github.com/gssapi/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.gz
Source1: rwtab
%global servicename gssproxy
%global pubconfpath %{_sysconfdir}/gssproxy
%global gpstatedir %{_localstatedir}/lib/gssproxy
### Patches ###
Patch0001: 0001-Add-an-option-for-minimum-lifetime.patch
### Dependencies ###
Requires: krb5-libs >= 1.12.0
Requires: keyutils-libs
Requires: libverto-module-base
Requires: libini_config >= 1.2.0
Requires(post): systemd-units
Requires(preun): systemd-units
Requires(postun): systemd-units
# We use a Conflicts: here so as not to interfere with users who make
# their own policy. The version is the last time someone has filed a
# bug about gssproxy being broken with selinux.
Conflicts: selinux-policy < 3.13.1-283.5
### Build Dependencies ###
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: docbook-style-xsl
BuildRequires: doxygen
BuildRequires: findutils
BuildRequires: gettext-devel
BuildRequires: git
BuildRequires: keyutils-libs-devel
BuildRequires: krb5-devel >= 1.12.0
BuildRequires: libini_config-devel >= 1.2.0
BuildRequires: libselinux-devel
BuildRequires: libtool
BuildRequires: libverto-devel
BuildRequires: libxml2
BuildRequires: libxslt
BuildRequires: make
BuildRequires: m4
BuildRequires: pkgconfig
BuildRequires: popt-devel
BuildRequires: systemd-units
%description
A proxy for GSSAPI credential handling
%prep
%autosetup -S git
%build
autoreconf -f -i
%configure \
--with-pubconf-path=%{pubconfpath} \
--with-initscript=systemd \
--disable-static \
--disable-rpath \
--with-gpp-default-behavior=REMOTE_FIRST
make %{?_smp_mflags} all
make test_proxymech
%install
rm -rf %{buildroot}
make install DESTDIR=%{buildroot}
rm -f %{buildroot}%{_libdir}/gssproxy/proxymech.la
install -d -m755 %{buildroot}%{_sysconfdir}/gssproxy
install -m644 examples/gssproxy.conf %{buildroot}%{_sysconfdir}/gssproxy/gssproxy.conf
install -m644 examples/99-nfs-client.conf %{buildroot}%{_sysconfdir}/gssproxy/99-nfs-client.conf
mkdir -p %{buildroot}%{_sysconfdir}/gss/mech.d
install -m644 examples/mech %{buildroot}%{_sysconfdir}/gss/mech.d/gssproxy.conf
mkdir -p %{buildroot}%{gpstatedir}/rcache
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/rwtab.d
install -m644 %{SOURCE1} $RPM_BUILD_ROOT/%{_sysconfdir}/rwtab.d/gssproxy
%files
%license COPYING
%{_unitdir}/gssproxy.service
%{_sbindir}/gssproxy
%attr(755,root,root) %dir %{pubconfpath}
%attr(755,root,root) %dir %{gpstatedir}
%attr(700,root,root) %dir %{gpstatedir}/clients
%attr(700,root,root) %dir %{gpstatedir}/rcache
%attr(0600,root,root) %config(noreplace) /%{_sysconfdir}/gssproxy/gssproxy.conf
%attr(0600,root,root) %config(noreplace) /%{_sysconfdir}/gssproxy/99-nfs-client.conf
%attr(0644,root,root) %config(noreplace) /%{_sysconfdir}/gss/mech.d/gssproxy.conf
%dir %{_libdir}/gssproxy
%{_libdir}/gssproxy/proxymech.so
%{_mandir}/man5/gssproxy.conf.5*
%{_mandir}/man8/gssproxy.8*
%{_mandir}/man8/gssproxy-mech.8*
%config(noreplace) %{_sysconfdir}/rwtab.d/gssproxy
%post
%systemd_post gssproxy.service
%preun
%systemd_preun gssproxy.service
%postun
%systemd_postun_with_restart gssproxy.service
%changelog
* Wed Apr 05 2023 Julien Rische <jrische@redhat.com> - 0.8.4-6
- Use openldap-servers from EPEL repo for testing
- Resolves: rhbz#2187634
* Mon Apr 03 2023 Julien Rische <jrische@redhat.com> - 0.8.4-5
- Add an option for minimum lifetime
- Resolves: rhbz#2184333
- Remove unused patch files
- Fix date typographical error in changelog
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com>
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com>
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Wed Jan 13 2021 Robbie Harwood <rharwood@redhat.com> - 0.8.4-1
- New upstream release (0.8.4)
* Thu Oct 29 2020 Robbie Harwood <rharwood@redhat.com> - 0.8.3-6
- Leak fix pullup
* Mon Oct 12 2020 Robbie Harwood <rharwood@redhat.com> - 0.8.3-5
- Document config file non-merging
* Wed Aug 26 2020 Robbie Harwood <rharwood@redhat.com> - 0.8.3-4
- Fix leak of mech OID in gssi_inquire_context()
* Fri Jul 31 2020 Robbie Harwood <rharwood@redhat.com> - 0.8.3-3
- Avoid leak of special mechs in gss_mech_interposer()
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Fri Apr 17 2020 Robbie Harwood <rharwood@redhat.com> - 0.8.3-1
- New upstream release (0.8.3)
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.2-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Tue Jan 07 2020 Robbie Harwood <rharwood@redhat.com> - 0.8.2-7
- Delay gssproxy start until after network.target
* Thu Oct 31 2019 Robbie Harwood <rharwood@redhat.com> - 0.8.2-6
- Make syslog of call status configurable
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.2-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Mon Jul 15 2019 Robbie Harwood <rharwood@redhat.com> - 0.8.2-4
- Replace /var/run -> /run in gssproxy.service
- Resolves: #1729739
* Fri May 03 2019 Robbie Harwood <rharwood@redhat.com> - 0.8.2-3
- Update NFS service name in systemd unit
- Resolves: #1702443
* Wed May 01 2019 Robbie Harwood <rharwood@redhat.com> - 0.8.2-2
- Avoid uninitialized free when allocating buffers
* Thu Apr 18 2019 Robbie Harwood <rharwood@redhat.com> - 0.8.2-1
- New usptream version (0.8.2)
* Tue Apr 16 2019 Robbie Harwood <rharwood@redhat.com> - 0.8.1-11
- New upstream version (0.8.1)
- Resolves: #1700541
* Mon Mar 18 2019 Robbie Harwood <rharwood@redhat.com> - 0.8.0-11
- Fix gssproxy blocking inside epoll_wait() due to kernel race
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.0-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Tue Dec 11 2018 Robbie Harwood <rharwood@redhat.com> - 0.8.0-9
- Add hack to support read-only root
* Tue Oct 02 2018 Robbie Harwood <rharwood@redhat.com> - 0.8.0-8
- Update docs to reflect actual behavior of krb5_principal
* Thu Sep 20 2018 Robbie Harwood <rharwood@redhat.com> - 0.8.0-7
- Use pthread keys for thread local storage
* Fri Aug 03 2018 Robbie Harwood <rharwood@redhat.com> - 0.8.0-6
- Don't leak sock_ctx if verto_add_io() fails
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Thu Apr 12 2018 Robbie Harwood <rharwood@redhat.com> - 0.8.0-4
- Drop patch level by one (woo!)
* Thu Apr 12 2018 Robbie Harwood <rharwood@redhat.com> - 0.8.0-3
- Always choose highest requested debug level
- Update man pages about debugging
* Tue Feb 27 2018 Robbie Harwood <rharwood@redhat.com> - 0.8.0-2
- Always use the encype we selected
* Fri Feb 09 2018 Robbie Harwood <rharwood@redhat.com> - 0.8.0-1
- Release version 0.8.0
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.0-30
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Wed Dec 13 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-29
- Conditionally reload kernel interface on SIGHUP
* Tue Dec 12 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-28
- Fixup previous
* Tue Dec 12 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-27
- More code hygeine fixes from upstream
- Reorder patches to match el7
* Tue Dec 05 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-26
- Properly initialize ccaches before storing into them
* Fri Dec 01 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-25
- Properly locate credentials in collection caches in mechglue
* Tue Oct 31 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-24
- Only empty FILE ccaches when storing remote creds
* Mon Oct 30 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-23
- Fix error message handling in gp_config_from_dir()
* Fri Oct 27 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-22
- Fix concurrency issue in server socket handling
* Mon Oct 02 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-21
- Off-by-one error fix in selinux-policy version
* Mon Oct 02 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-20
- Change selinux-policy versioning to Conflicts
* Fri Sep 29 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-19
- Add explicit selinux-policy dependency after some fixes
* Fri Sep 29 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-18
- Fix silent death if config file has duplicate sections
* Thu Sep 21 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-17
- Handle outdated encrypted ccaches
* Fri Sep 15 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-16
- Backport updates to epoll logic
* Tue Sep 12 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-15
- Backport two security fixes
* Tue Aug 22 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-14
- Non-blocking IO + Extended request debug logging
* Sun Aug 20 2017 Ville Skyttä <ville.skytta@iki.fi> - 0.7.0-13
- Own the %%{_libdir}/gssproxy dir
- Mark COPYING as %%license
* Mon Jul 31 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-12
- Add client ID to debug messages
- Move packaging to autosetup
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.0-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Mon Jun 19 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-10
- Fix potential explicit NULL deref of program name
* Thu May 25 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-9
- Make proc failure loud but nonfatal
* Wed May 24 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-8
- Remove (buggy?) logic around NFS snippet.
* Wed May 17 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-7
- Remove NFS server stanza if nfs-utils not present
- Also update gcc7 patch to match upstream
* Tue May 16 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-6
- Fix segfault when no configuration files are found
- Various build fixes for gcc7
* Mon May 01 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-5
- Update systemd unit file (nfs removal, reload capability)
* Mon Apr 03 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-4
- Backport fix for double unlock
* Tue Mar 28 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-3
- Drop NFS server snippet (removes dependency on nfs kernel component)
* Tue Mar 14 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-2
- Fix credential renewal and impersonator checking for m_a_g
* Tue Mar 07 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-1
- New upstream release - 0.7.0
* Mon Mar 06 2017 Robbie Harwood <rharwood@redhat.com> - 0.6.2-4
- Actually apply the patches I just added
- Also include a Coverity fix.
* Tue Feb 28 2017 Robbie Harwood <rharwood@redhat.com> - 0.6.2-2
- Include other non-null fix and various things from master
* Thu Feb 23 2017 Robbie Harwood <rharwood@redhat.com> - 0.6.2-1
- Fix incorrect use of non-null string in xdr
- Also move version number to better reflect what is inside
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Mon Jan 23 2017 Robbie Harwood <rharwood@redhat.com> - 0.6.1-2
- Fix allocation issue of cred store
- Resolves: #1415400
* Fri Jan 20 2017 Robbie Harwood <rharwood@redhat.com> - 0.6.1-1
- New upstream release v0.6.1
- Resolves: #1415090
* Wed Jan 18 2017 Robbie Harwood <rharwood@redhat.com> - 0.6.0-1
- New upstream release v0.6.0
* Tue Sep 27 2016 Robbie Harwood <rharwood@redhat.com> - 0.5.1-3
- Adjust libverto dependency to not use a specific backend
- Resolves: #1379812
* Tue Jun 14 2016 Robbie Harwood <rharwood@redhat.com> - 0.5.1-2
- Own /var/lib/gssproxy/rcache
* Mon Jun 13 2016 Robbie Harwood <rharwood@redhat.com> - 0.5.1-1
- Update to upstream release v0.5.1
- Resolves: #1345871
* Tue Jun 07 2016 Robbie Harwood <rharwood@redhat.com> - 0.5.0-5
- Acquire new socket for fork/permission drops on clients
* Mon May 09 2016 Robbie Harwood <rharwood@redhat.com> - 0.5.0-4
- Do not package mod_auth_gssapi conf file
- This ensures gssproxy works even when the apache user does not exist
* Thu May 05 2016 Robbie Harwood <rharwood@redhat.com> - 0.5.0-3
- Ensure we actually package the config files
* Thu May 05 2016 Simo Sorce <simo@redhat.com> - 0.5.0-2
- Fix typo in requires
* Wed May 04 2016 Robbie Harwood <rharwood@redhat.com> - 0.5.0-1
- Release new upstream version
- Bump ini_config version for `ini_config_augment()`
* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.4.1-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Wed Dec 16 2015 Robbie Harwood <rharwood@redhat.com> - 0.4.1-4
- Fix issues with 1.14
- Fix bogus date in changelog (March 30 2015 was a Monday)
* Wed Oct 21 2015 Robbie Harwood <rharwood@redhat.com> - 0.4.1-3
- Clear message buffer to fix segfault on arm
- resolves: #1235902
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.4.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Mon Mar 30 2015 Simo Sorce <simo@redhat.com> 0.4.1-1
- New upstream release
- Fix issues with paths in config files
* Tue Mar 24 2015 Simo Sorce <simo@redhat.com> 0.4.0-2
- Workaround rawhide bug (bz1204646) with krb5-config by switching to
pkg-config (patch from upstream)
* Tue Mar 24 2015 Simo Sorce <simo@redhat.com> 0.4.0-1
- New upstream realease
Added optional support for running GSS-Proxy as an unprivileged user
Uses new /etc/gss/mech.d configuration directory for gss mechanisms
Kernel related fixes
General bug fixing, many minor errors or incorrect behaviours have been corrected
- drop all patches, they are all included upstream
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Thu May 29 2014 Simo Sorce <simo@redhat.com> 0.3.1-2
- Rebuild as new ding-libs brings in soname bump
* Thu Mar 13 2014 Guenther Deschner <gdeschner@redhat.com> 0.3.1-1
- Fix flags handling in gss_init_sec_context()
- resolves: https://fedorahosted.org/gss-proxy/ticket/112
- Fix nfsd startup
- resolves: https://fedorahosted.org/gss-proxy/ticket/114
- Fix potential mutex deadlock
- resolves: https://fedorahosted.org/gss-proxy/ticket/120
- Fix segfault in gssi_inquire_context
- resolves: https://fedorahosted.org/gss-proxy/ticket/117
- resolves: #1061133
* Tue Nov 26 2013 Guenther Deschner <gdeschner@redhat.com> 0.3.1-0
- New upstream release 0.3.1:
* Fix use of gssproxy for client initiation
* Add new enforcing and filtering options for context initialization
* Fix potential thread safety issues
- resolves: https://fedorahosted.org/gss-proxy/ticket/110
- resolves: https://fedorahosted.org/gss-proxy/ticket/111
* Tue Nov 19 2013 Guenther Deschner <gdeschner@redhat.com> 0.3.0-3
- Fix flags handling in gss_init_sec_context()
- resolves: https://fedorahosted.org/gss-proxy/ticket/106
- Fix OID handling in gss_inquire_cred_by_mech()
- resolves: https://fedorahosted.org/gss-proxy/ticket/107
- Fix continuation processing for not yet fully established contexts.
- resolves: https://fedorahosted.org/gss-proxy/ticket/108
- Add flags filtering and flags enforcing.
- resolves: https://fedorahosted.org/gss-proxy/ticket/109
* Wed Oct 23 2013 Guenther Deschner <gdeschner@redhat.com> 0.3.0-0
- New upstream release 0.3.0:
* Add support for impersonation (depends on s4u2self/s4u2proxy on the KDC)
* Add support for new rpc.gssd mode of operation that forks and changes uid
* Add 2 new options allow_any_uid and cred_usage
* Fri Oct 18 2013 Guenther Deschner <gdeschner@redhat.com> 0.2.3-8
- Fix default proxymech documentation and fix LOCAL_FIRST implementation
- resolves: https://fedorahosted.org/gss-proxy/ticket/105
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.2.3-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Wed Jul 24 2013 Guenther Deschner <gdeschner@redhat.com> 0.2.3-6
- Add better default gssproxy.conf file for nfs client and server usage
* Thu Jun 06 2013 Guenther Deschner <gdeschner@redhat.com> 0.2.3-5
- New upstream release
* Fri May 31 2013 Guenther Deschner <gdeschner@redhat.com> 0.2.2-5
- Require libverto-tevent to make sure libverto initialization succeeds
* Wed May 29 2013 Guenther Deschner <gdeschner@redhat.com> 0.2.2-4
- Modify systemd unit files for nfs-secure services
* Wed May 22 2013 Guenther Deschner <gdeschner@redhat.com> 0.2.2-3
- Fix cred_store handling w/o client keytab
* Thu May 16 2013 Guenther Deschner <gdeschner@redhat.com> 0.2.2-2
- New upstream release
* Tue May 07 2013 Guenther Deschner <gdeschner@redhat.com> 0.2.1-2
- New upstream release
* Wed Apr 24 2013 Guenther Deschner <gdeschner@redhat.com> 0.2.0-1
- New upstream release
* Mon Apr 01 2013 Simo Sorce <simo@redhat.com> - 0.1.0-0
- New upstream release
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.0.3-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Tue Nov 06 2012 Guenther Deschner <gdeschner@redhat.com> 0.0.3-7
- Update to 0.0.3
* Wed Aug 22 2012 Guenther Deschner <gdeschner@redhat.com> 0.0.2-6
- Use new systemd-rpm macros
- resolves: #850139
* Wed Jul 18 2012 Guenther Deschner <gdeschner@redhat.com> 0.0.2-5
- More spec file fixes
* Mon Jul 16 2012 Guenther Deschner <gdeschner@redhat.com> 0.0.2-4
- Fix systemd service file
* Fri Jul 13 2012 Guenther Deschner <gdeschner@redhat.com> 0.0.2-3
- Fix various packaging issues
* Mon Jul 02 2012 Guenther Deschner <gdeschner@redhat.com> 0.0.1-2
- Add systemd packaging
* Wed Mar 28 2012 Guenther Deschner <gdeschner@redhat.com> 0.0.1-1
- Various fixes
* Mon Dec 12 2011 Simo Sorce <simo@redhat.com> - 0.0.2-0
- Automated build of the gssproxy daemon
Write Preview
Loading…
Cancel
Save