From 68bf20b9f5bbb3996c318e8567def02e26768561 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Oct 30 2018 05:09:56 +0000 Subject: import gssproxy-0.7.0-21.el7 --- diff --git a/SOURCES/Add-Client-ID-to-debug-messages.patch b/SOURCES/Add-Client-ID-to-debug-messages.patch index 63e6a08..a8394a5 100644 --- a/SOURCES/Add-Client-ID-to-debug-messages.patch +++ b/SOURCES/Add-Client-ID-to-debug-messages.patch @@ -1,4 +1,4 @@ -From 9e9b8597c09605438a6d880b6df5aaa4696f4b21 Mon Sep 17 00:00:00 2001 +From 20ddb6f200f61332ff43aca7ad9421303d0a3138 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 25 May 2017 15:22:37 -0400 Subject: [PATCH] Add Client ID to debug messages diff --git a/SOURCES/Allow-connection-to-self-when-impersonator-set.patch b/SOURCES/Allow-connection-to-self-when-impersonator-set.patch index cbfbeec..995ed4a 100644 --- a/SOURCES/Allow-connection-to-self-when-impersonator-set.patch +++ b/SOURCES/Allow-connection-to-self-when-impersonator-set.patch @@ -14,10 +14,10 @@ Reviewed-by: Robbie Harwood Merges: #172 (cherry picked from commit eada55e831d12b42d3be3a555ff4e133bed7f594) --- - proxy/src/gp_creds.c | 57 ++++++++++++++++++++++++++++++++----- + proxy/src/gp_creds.c | 57 +++++++++++++++++++++++++---- proxy/src/gp_rpc_creds.h | 3 +- proxy/src/gp_rpc_init_sec_context.c | 2 +- - proxy/tests/t_impersonate.py | 35 ++++++++++++++++------- + proxy/tests/t_impersonate.py | 35 +++++++++++++----- 4 files changed, 78 insertions(+), 19 deletions(-) diff --git a/proxy/src/gp_creds.c b/proxy/src/gp_creds.c diff --git a/SOURCES/Always-choose-highest-requested-debug-level.patch b/SOURCES/Always-choose-highest-requested-debug-level.patch new file mode 100644 index 0000000..0517c64 --- /dev/null +++ b/SOURCES/Always-choose-highest-requested-debug-level.patch @@ -0,0 +1,107 @@ +From 08fab6898a9937fbc39de6222cd33167707cd763 Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Wed, 11 Apr 2018 16:15:00 -0400 +Subject: [PATCH] Always choose highest requested debug level + +Allowing the CLI to lower the debug level specified in a config file +is dubious, and previously broken since we don't distinguish "default +value" from "explicitly requested value of 0" in popt. This resulted +in "Debug Enabled (level: 0)" even when the log level was not actually +0, which is confusing for users. + +Remove the gp_debug_args() function since it is no longer used. + +Signed-off-by: Robbie Harwood +Reviewed-by: Simo Sorce +Merges: #229 +(cherry picked from commit 5a714768aec776dc875237dd729c85389932a688) +--- + proxy/src/gp_debug.c | 34 ++++++++-------------------------- + proxy/src/gp_debug.h | 3 +-- + proxy/src/gssproxy.c | 2 +- + 3 files changed, 10 insertions(+), 29 deletions(-) + +diff --git a/proxy/src/gp_debug.c b/proxy/src/gp_debug.c +index 4a141fc..a0f51f0 100644 +--- a/proxy/src/gp_debug.c ++++ b/proxy/src/gp_debug.c +@@ -1,4 +1,4 @@ +-/* Copyright (C) 2011 the GSS-PROXY contributors, see COPYING for license */ ++/* Copyright (C) 2011,2018 the GSS-PROXY contributors, see COPYING for license */ + + #include "config.h" + #include +@@ -7,35 +7,17 @@ + #include "gp_log.h" + + /* global debug switch */ +-int gp_debug; +- +-int gp_debug_args(int level) { +- static int args_level = 0; +- +- if (level != 0) { +- args_level = level; +- } +- return args_level; +-} ++int gp_debug = 0; + + void gp_debug_toggle(int level) + { +- static bool krb5_trace_set = false; ++ if (level <= gp_debug) ++ return; + +- /* Command line and environment options override config file */ +- gp_debug = gp_debug_args(0); +- if (gp_debug == 0) { +- gp_debug = level; +- } +- if (level >= 3) { +- if (!getenv("KRB5_TRACE")) { +- setenv("KRB5_TRACE", "/dev/stderr", 1); +- krb5_trace_set = true; +- } +- } else if (krb5_trace_set) { +- unsetenv("KRB5_TRACE"); +- krb5_trace_set = false; +- } ++ if (level >= 3 && !getenv("KRB5_TRACE")) ++ setenv("KRB5_TRACE", "/dev/stderr", 1); ++ ++ gp_debug = level; + GPDEBUG("Debug Enabled (level: %d)\n", level); + } + +diff --git a/proxy/src/gp_debug.h b/proxy/src/gp_debug.h +index 1c2f8a3..4932bfd 100644 +--- a/proxy/src/gp_debug.h ++++ b/proxy/src/gp_debug.h +@@ -1,4 +1,4 @@ +-/* Copyright (C) 2011 the GSS-PROXY contributors, see COPYING for license */ ++/* Copyright (C) 2011,2018 the GSS-PROXY contributors, see COPYING for license */ + + #ifndef _GP_DEBUG_H_ + #define _GP_DEBUG_H_ +@@ -10,7 +10,6 @@ + + extern int gp_debug; + +-int gp_debug_args(int level); + void gp_debug_toggle(int); + void gp_debug_printf(const char *format, ...); + void gp_debug_time_printf(const char *format, ...); +diff --git a/proxy/src/gssproxy.c b/proxy/src/gssproxy.c +index 5fc4f8d..3b6a16e 100644 +--- a/proxy/src/gssproxy.c ++++ b/proxy/src/gssproxy.c +@@ -209,7 +209,7 @@ int main(int argc, const char *argv[]) + + if (opt_debug || opt_debug_level > 0) { + if (opt_debug_level == 0) opt_debug_level = 1; +- gp_debug_args(opt_debug_level); ++ gp_debug_toggle(opt_debug_level); + } + + if (opt_daemon && opt_interactive) { diff --git a/SOURCES/Always-use-the-encype-we-selected.patch b/SOURCES/Always-use-the-encype-we-selected.patch new file mode 100644 index 0000000..ccc1d69 --- /dev/null +++ b/SOURCES/Always-use-the-encype-we-selected.patch @@ -0,0 +1,43 @@ +From d8166808a98fd1c3772de5d75e27656ed2ab124d Mon Sep 17 00:00:00 2001 +From: Simo Sorce +Date: Tue, 27 Feb 2018 11:59:25 -0500 +Subject: [PATCH] Always use the encype we selected + +The enctype is selected from the keytab or from the fallback code. +Either way make sure to use the enctype stored in the key block. + +Signed-off-by: Simo Sorce +Reviewed-by: Robbie Harwood +Merges: #226 +(cherry picked from commit d73c96d658059ce64ecd41ff2924071d86f2b54f) +--- + proxy/src/gp_export.c | 7 +++---- + 1 file changed, 3 insertions(+), 4 deletions(-) + +diff --git a/proxy/src/gp_export.c b/proxy/src/gp_export.c +index c9f5fd4..5e8e160 100644 +--- a/proxy/src/gp_export.c ++++ b/proxy/src/gp_export.c +@@ -168,11 +168,10 @@ uint32_t gp_init_creds_handle(uint32_t *min, const char *svc_name, + GP_CREDS_HANDLE_KEY_ENCTYPE, 0, + &handle->key); + if (ret == 0) { +- ret = krb5_c_make_random_key(handle->context, +- GP_CREDS_HANDLE_KEY_ENCTYPE, ++ ret = krb5_c_make_random_key(handle->context, handle->key->enctype, + handle->key); + GPDEBUG("Service: %s, Enckey: [ephemeral], Enctype: %d\n", +- svc_name, GP_CREDS_HANDLE_KEY_ENCTYPE); ++ svc_name, handle->key->enctype); + } + if (ret) { + ret_min = ret; +@@ -254,7 +253,7 @@ static int gp_decrypt_buffer(krb5_context context, krb5_keyblock *key, + + memset(&enc_handle, '\0', sizeof(krb5_enc_data)); + +- enc_handle.enctype = GP_CREDS_HANDLE_KEY_ENCTYPE; ++ enc_handle.enctype = key->enctype; + enc_handle.ciphertext.data = in->octet_string_val; + enc_handle.ciphertext.length = in->octet_string_len; + diff --git a/SOURCES/Change-impersonator-check-code.patch b/SOURCES/Change-impersonator-check-code.patch index 9a29862..27cf421 100644 --- a/SOURCES/Change-impersonator-check-code.patch +++ b/SOURCES/Change-impersonator-check-code.patch @@ -12,8 +12,8 @@ Reviewed-by: Robbie Harwood Merges: #172 (cherry picked from commit 73b50c0b2799f0aed53337a6516b8e1a27279ebf) --- - proxy/configure.ac | 3 ++ - proxy/src/gp_creds.c | 147 ++++++++++++++++++++++++++++++++++++++------------- + proxy/configure.ac | 3 + + proxy/src/gp_creds.c | 147 ++++++++++++++++++++++++++++++++----------- 2 files changed, 112 insertions(+), 38 deletions(-) diff --git a/proxy/configure.ac b/proxy/configure.ac diff --git a/SOURCES/Clarify-debug-and-debug_level-in-man-pages.patch b/SOURCES/Clarify-debug-and-debug_level-in-man-pages.patch new file mode 100644 index 0000000..242ebe5 --- /dev/null +++ b/SOURCES/Clarify-debug-and-debug_level-in-man-pages.patch @@ -0,0 +1,74 @@ +From 384a1cff4855ad612ca71d3831a0c2c19a355c49 Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Wed, 11 Apr 2018 16:01:21 -0400 +Subject: [PATCH] Clarify debug and debug_level in man pages + +In particular, add debug_level to gssproxy(5) since it was previously +accepted but not documented. + +Signed-off-by: Robbie Harwood +Reviewed-by: Simo Sorce +Merges: #229 +(cherry picked from commit e0e96e46be03102903533a9816b4deefe1adfaf8) +--- + proxy/man/gssproxy.8.xml | 24 +++++++++++++++++++++++- + proxy/man/gssproxy.conf.5.xml | 5 ++++- + 2 files changed, 27 insertions(+), 2 deletions(-) + +diff --git a/proxy/man/gssproxy.8.xml b/proxy/man/gssproxy.8.xml +index 1df4b0d..21f7e6a 100644 +--- a/proxy/man/gssproxy.8.xml ++++ b/proxy/man/gssproxy.8.xml +@@ -118,13 +118,35 @@ + + + ++ + + + , + + + +- Turn on debugging. ++ Turn on debugging. This option is identical to ++ --debug-level=1. ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ Turn on debugging at the specified level. 0 ++ corresponds to no logging, while 1 turns on basic ++ debug logging. Level 2 increases verbosity, including ++ more detailed credential verification. ++ ++ ++ At level 3 and above, KRB5_TRACE output is logged. If ++ KRB5_TRACE was already set in the execution ++ environment, trace output is sent to its value ++ instead. + + + +diff --git a/proxy/man/gssproxy.conf.5.xml b/proxy/man/gssproxy.conf.5.xml +index ad9d96f..abb6745 100644 +--- a/proxy/man/gssproxy.conf.5.xml ++++ b/proxy/man/gssproxy.conf.5.xml +@@ -191,7 +191,10 @@ + + debug (boolean) + +- Enable debugging to syslog. ++ ++ Enable debugging to syslog. Setting to true is ++ identical to setting debug_level to 1. ++ + Default: debug = false + + diff --git a/SOURCES/Conditionally-reload-kernel-interface-on-SIGHUP.patch b/SOURCES/Conditionally-reload-kernel-interface-on-SIGHUP.patch index 4495bc1..42286f6 100644 --- a/SOURCES/Conditionally-reload-kernel-interface-on-SIGHUP.patch +++ b/SOURCES/Conditionally-reload-kernel-interface-on-SIGHUP.patch @@ -1,4 +1,4 @@ -From 70d500d0dcc26ff3a87c1dd4bd6ab0c591ed4cf9 Mon Sep 17 00:00:00 2001 +From 8a5ba5feb98ecc3c57ee865604799fc4e4a90c61 Mon Sep 17 00:00:00 2001 From: Alexander Scheel Date: Mon, 26 Jun 2017 17:04:16 -0400 Subject: [PATCH] Conditionally reload kernel interface on SIGHUP diff --git a/SOURCES/Don-t-leak-mech_type-when-CONTINUE_NEEDED-from-init_.patch b/SOURCES/Don-t-leak-mech_type-when-CONTINUE_NEEDED-from-init_.patch new file mode 100644 index 0000000..bcad8ca --- /dev/null +++ b/SOURCES/Don-t-leak-mech_type-when-CONTINUE_NEEDED-from-init_.patch @@ -0,0 +1,27 @@ +From dd1699810efe933858badce463bece239d19e886 Mon Sep 17 00:00:00 2001 +From: Alexander Scheel +Date: Tue, 8 Aug 2017 11:36:56 -0400 +Subject: [PATCH] Don't leak mech_type when CONTINUE_NEEDED from + init_sec_context + +Signed-off-by: Alexander Scheel +Reviewed-by: Simo Sorce +Reviewed-by: Robbie Harwood +Merges: #207 +(cherry picked from commit ca26c0f58ac961a16b06c3fb93b985d574116b2c) +--- + proxy/src/gp_export.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/proxy/src/gp_export.c b/proxy/src/gp_export.c +index 0c39045..c9f5fd4 100644 +--- a/proxy/src/gp_export.c ++++ b/proxy/src/gp_export.c +@@ -687,6 +687,7 @@ export: + case EXP_CTX_PARTIAL: + /* this happens only when a init_sec_context call returns a partially + * initialized context so we return only what we have, not much */ ++ xdr_free((xdrproc_t)xdr_gssx_OID, (char *)&out->mech); + ret = gp_conv_oid_to_gssx(mech, &out->mech); + if (ret) { + ret_maj = GSS_S_FAILURE; diff --git a/SOURCES/Emit-debug-on-queue-errors.patch b/SOURCES/Emit-debug-on-queue-errors.patch index c9593c4..99e7690 100644 --- a/SOURCES/Emit-debug-on-queue-errors.patch +++ b/SOURCES/Emit-debug-on-queue-errors.patch @@ -1,4 +1,4 @@ -From 25ad523713559f8c875377383ffbd6f7b367d95e Mon Sep 17 00:00:00 2001 +From f1f89ef85b65b95f568d46fea85c7e7834e3a101 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 26 Oct 2017 11:47:54 -0400 Subject: [PATCH] Emit debug on queue errors diff --git a/SOURCES/Fix-error-handling-in-gpm_send_buffer-gpm_recv_buffe.patch b/SOURCES/Fix-error-handling-in-gpm_send_buffer-gpm_recv_buffe.patch index f51d589..3dad153 100644 --- a/SOURCES/Fix-error-handling-in-gpm_send_buffer-gpm_recv_buffe.patch +++ b/SOURCES/Fix-error-handling-in-gpm_send_buffer-gpm_recv_buffe.patch @@ -1,4 +1,4 @@ -From accc0e772b126d251ca853a080b25466ebc528a3 Mon Sep 17 00:00:00 2001 +From 027596a3df85d11948f4fb3a28d27d6523645589 Mon Sep 17 00:00:00 2001 From: Alexander Scheel Date: Thu, 14 Sep 2017 11:24:39 -0500 Subject: [PATCH] Fix error handling in gpm_send_buffer/gpm_recv_buffer diff --git a/SOURCES/Fix-error-message-handling-in-gp_config_from_dir.patch b/SOURCES/Fix-error-message-handling-in-gp_config_from_dir.patch deleted file mode 100644 index 6eaf495..0000000 --- a/SOURCES/Fix-error-message-handling-in-gp_config_from_dir.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 298fb49c32d9bf709f14445c1848a3b2419cd3fd Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Fri, 27 Oct 2017 14:39:35 -0400 -Subject: [PATCH] Fix error message handling in gp_config_from_dir() - -Resolves a potential double free if we ever get both a return value -and error message back from ini_config_augment(). - -Commit c0d85387fc38f9554d601ec2ddb111031a694387 exposes a misbehavior -in libini wherein merge failures are presented as nonfatal errors. -Paper around this. - -Signed-off-by: Robbie Harwood -(cherry picked from commit 49708ddde8c58d8197e1f7dfc2b2d097c6b278d5) ---- - proxy/src/gp_config.c | 17 ++++++++++------- - 1 file changed, 10 insertions(+), 7 deletions(-) - -diff --git a/proxy/src/gp_config.c b/proxy/src/gp_config.c -index cd057a0..cb13b46 100644 ---- a/proxy/src/gp_config.c -+++ b/proxy/src/gp_config.c -@@ -798,20 +798,23 @@ static int gp_config_from_dir(const char *config_dir, - &error_list, - NULL); - if (error_list) { -- uint32_t len; -- len = ref_array_len(error_list); -+ uint32_t len = ref_array_len(error_list); - for (uint32_t i = 0; i < len; i++) { - /* libini has an unfixable bug where error strings are (char **) */ -- GPAUDIT("Error when reading config directory: %s\n", -- *(char **)ref_array_get(error_list, i, NULL)); -+ char *errmsg = *(char **)ref_array_get(error_list, i, NULL); -+ -+ /* libini reports pattern match failure as (non-fatal) error -+ * https://pagure.io/SSSD/ding-libs/issue/3182 */ -+ if (strstr(errmsg, "did not match provided patterns. Skipping")) { -+ continue; -+ } -+ -+ GPAUDIT("Error when reading config directory: %s\n", errmsg); - } - ref_array_destroy(error_list); - } -- - if (ret && ret != EEXIST) { - GPERROR("Error when reading config directory number: %d\n", ret); -- -- ref_array_destroy(error_list); - return ret; - } - diff --git a/SOURCES/Fix-handling-of-non-EPOLLIN-EPOLLOUT-events.patch b/SOURCES/Fix-handling-of-non-EPOLLIN-EPOLLOUT-events.patch index 7c40244..6f1aea5 100644 --- a/SOURCES/Fix-handling-of-non-EPOLLIN-EPOLLOUT-events.patch +++ b/SOURCES/Fix-handling-of-non-EPOLLIN-EPOLLOUT-events.patch @@ -1,4 +1,4 @@ -From 8e9756f3cf0d03e5ca43f5212e3d4245ad1d9a00 Mon Sep 17 00:00:00 2001 +From a2a5789d6410e12469ea0f81c9a31ce70bac9ede Mon Sep 17 00:00:00 2001 From: Alexander Scheel Date: Thu, 14 Sep 2017 11:16:42 -0500 Subject: [PATCH] Fix handling of non-EPOLLIN/EPOLLOUT events @@ -8,7 +8,7 @@ Reviewed-by: Robbie Harwood Merges: #213 (cherry picked from commit b8f5b2f75612a11753cf742ee0477b98df8e6b02) --- - proxy/src/client/gpm_common.c | 49 ++++++++++++++++++++++++++++++------------- + proxy/src/client/gpm_common.c | 49 +++++++++++++++++++++++++---------- 1 file changed, 35 insertions(+), 14 deletions(-) diff --git a/proxy/src/client/gpm_common.c b/proxy/src/client/gpm_common.c diff --git a/SOURCES/Fix-mismatched-sign-comparisons.patch b/SOURCES/Fix-mismatched-sign-comparisons.patch index 675b7e7..8d27612 100644 --- a/SOURCES/Fix-mismatched-sign-comparisons.patch +++ b/SOURCES/Fix-mismatched-sign-comparisons.patch @@ -11,21 +11,21 @@ Reviewed-by: Simo Sorce Merges: #173 (cherry picked from commit 377e92c7ead312c530b233a1e023493ecde033d6) --- - proxy/src/client/gpm_acquire_cred.c | 11 +++------- - proxy/src/client/gpm_common.c | 4 ++-- - proxy/src/client/gpm_import_and_canon_name.c | 7 +++--- - proxy/src/client/gpm_indicate_mechs.c | 33 ++++++++++++---------------- - proxy/src/gp_common.h | 3 +-- - proxy/src/gp_config.c | 9 +++----- - proxy/src/gp_conv.c | 6 ++--- - proxy/src/gp_creds.c | 3 +-- - proxy/src/gp_export.c | 9 +++----- - proxy/src/gp_rpc_acquire_cred.c | 5 ++--- - proxy/src/gp_rpc_debug.c | 26 +++++++++++----------- - proxy/src/gp_rpc_indicate_mechs.c | 15 +++++-------- - proxy/src/gp_socket.c | 4 ++-- - proxy/src/gp_util.c | 4 ++-- - proxy/tests/t_utils.c | 4 ++-- + proxy/src/client/gpm_acquire_cred.c | 11 ++----- + proxy/src/client/gpm_common.c | 4 +-- + proxy/src/client/gpm_import_and_canon_name.c | 7 ++--- + proxy/src/client/gpm_indicate_mechs.c | 33 +++++++++----------- + proxy/src/gp_common.h | 3 +- + proxy/src/gp_config.c | 9 ++---- + proxy/src/gp_conv.c | 6 ++-- + proxy/src/gp_creds.c | 3 +- + proxy/src/gp_export.c | 9 ++---- + proxy/src/gp_rpc_acquire_cred.c | 5 ++- + proxy/src/gp_rpc_debug.c | 26 +++++++-------- + proxy/src/gp_rpc_indicate_mechs.c | 15 +++------ + proxy/src/gp_socket.c | 4 +-- + proxy/src/gp_util.c | 4 +-- + proxy/tests/t_utils.c | 4 +-- 15 files changed, 58 insertions(+), 85 deletions(-) diff --git a/proxy/src/client/gpm_acquire_cred.c b/proxy/src/client/gpm_acquire_cred.c diff --git a/SOURCES/Fix-most-memory-leaks.patch b/SOURCES/Fix-most-memory-leaks.patch index c4a8d75..f4a83d3 100644 --- a/SOURCES/Fix-most-memory-leaks.patch +++ b/SOURCES/Fix-most-memory-leaks.patch @@ -14,8 +14,8 @@ Related: #176 proxy/src/gp_config.c | 1 + proxy/src/gp_creds.c | 2 ++ proxy/src/gp_export.c | 3 ++- - proxy/src/gp_rpc_acquire_cred.c | 17 ++++++++++------ - proxy/src/gssproxy.c | 42 ++++++++++++++++++++++++++++------------ + proxy/src/gp_rpc_acquire_cred.c | 17 ++++++++----- + proxy/src/gssproxy.c | 42 +++++++++++++++++++++++--------- proxy/src/mechglue/gpp_context.c | 2 ++ proxy/tests/t_acquire.c | 3 +++ 7 files changed, 51 insertions(+), 19 deletions(-) diff --git a/SOURCES/Fix-potential-free-of-non-heap-address.patch b/SOURCES/Fix-potential-free-of-non-heap-address.patch index 11a572d..699307b 100644 --- a/SOURCES/Fix-potential-free-of-non-heap-address.patch +++ b/SOURCES/Fix-potential-free-of-non-heap-address.patch @@ -1,4 +1,4 @@ -From 9c35e3e40f63e3bc98c258810abd422e5149d0ee Mon Sep 17 00:00:00 2001 +From e087470af1a51b58fbac434ff2e30bc3f2a1f9ac Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Mon, 11 Sep 2017 10:52:03 -0400 Subject: [PATCH] Fix potential free of non-heap address diff --git a/SOURCES/Fix-silent-crash-with-duplicate-config-sections.patch b/SOURCES/Fix-silent-crash-with-duplicate-config-sections.patch index ce4f3fb..5496f74 100644 --- a/SOURCES/Fix-silent-crash-with-duplicate-config-sections.patch +++ b/SOURCES/Fix-silent-crash-with-duplicate-config-sections.patch @@ -9,8 +9,8 @@ Resolves: #194 Merges: #202 (cherry picked from commit c0d85387fc38f9554d601ec2ddb111031a694387) --- - proxy/configure.ac | 125 ++++++++++++++++++++++++++++++++++++++++++++++++++ - proxy/src/gp_config.c | 27 +++++------ + proxy/configure.ac | 125 ++++++++++++++++++++++++++++++++++++++++++ + proxy/src/gp_config.c | 27 ++++----- 2 files changed, 137 insertions(+), 15 deletions(-) diff --git a/proxy/configure.ac b/proxy/configure.ac diff --git a/SOURCES/Handle-outdated-encrypted-ccaches.patch b/SOURCES/Handle-outdated-encrypted-ccaches.patch index e73ba8d..c9c35d9 100644 --- a/SOURCES/Handle-outdated-encrypted-ccaches.patch +++ b/SOURCES/Handle-outdated-encrypted-ccaches.patch @@ -1,4 +1,4 @@ -From 044f2224ca5c86b51b2f2ce2878ede9e236e41d3 Mon Sep 17 00:00:00 2001 +From 24d776205605f3c113fdc2cb356d4c28b8033676 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Fri, 15 Sep 2017 18:07:28 -0400 Subject: [PATCH] Handle outdated encrypted ccaches @@ -13,7 +13,7 @@ Merges: #214 (cherry picked from commit 657d3c8339309dd8e2bfa4ee10f005e0f0c055e8) --- proxy/src/gp_export.c | 11 ++++++----- - proxy/src/gp_rpc_accept_sec_context.c | 28 ++++++++++++++++++++++++++++ + proxy/src/gp_rpc_accept_sec_context.c | 28 +++++++++++++++++++++++++++ proxy/src/gp_rpc_init_sec_context.c | 2 +- 3 files changed, 35 insertions(+), 6 deletions(-) diff --git a/SOURCES/Include-header-for-writev.patch b/SOURCES/Include-header-for-writev.patch index 111e0e8..1b6c36e 100644 --- a/SOURCES/Include-header-for-writev.patch +++ b/SOURCES/Include-header-for-writev.patch @@ -1,4 +1,4 @@ -From 3b912a01fa9b483fbbf3ef91df061bc5bc0c0db0 Mon Sep 17 00:00:00 2001 +From 26b5ff6b802b6a24b23ea774b0305f6f2031d4da Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Wed, 17 May 2017 12:21:37 -0400 Subject: [PATCH] Include header for writev() diff --git a/SOURCES/Only-empty-FILE-ccaches-when-storing-remote-creds.patch b/SOURCES/Only-empty-FILE-ccaches-when-storing-remote-creds.patch index 2118807..06edf09 100644 --- a/SOURCES/Only-empty-FILE-ccaches-when-storing-remote-creds.patch +++ b/SOURCES/Only-empty-FILE-ccaches-when-storing-remote-creds.patch @@ -1,4 +1,4 @@ -From f2d1472f1557ceee70f2eaacf790c0222a36c4a1 Mon Sep 17 00:00:00 2001 +From 1fa33903be640f8d22757d21da294e70f0812698 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Tue, 10 Oct 2017 18:00:45 -0400 Subject: [PATCH] Only empty FILE ccaches when storing remote creds diff --git a/SOURCES/Prevent-uninitialized-read-in-error-path-of-XDR-cont.patch b/SOURCES/Prevent-uninitialized-read-in-error-path-of-XDR-cont.patch index 853ee9f..e922183 100644 --- a/SOURCES/Prevent-uninitialized-read-in-error-path-of-XDR-cont.patch +++ b/SOURCES/Prevent-uninitialized-read-in-error-path-of-XDR-cont.patch @@ -1,4 +1,4 @@ -From 7b7de309a059ab1f770f9a1192be9299ab0e38f2 Mon Sep 17 00:00:00 2001 +From 8a7fc8e280e31fd8c277adc4f74cc26c341a71b4 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Tue, 12 Sep 2017 12:40:27 -0400 Subject: [PATCH] Prevent uninitialized read in error path of XDR contexts diff --git a/SOURCES/Properly-initialize-ccaches-before-storing-into-them.patch b/SOURCES/Properly-initialize-ccaches-before-storing-into-them.patch index 6e76cea..617c6e2 100644 --- a/SOURCES/Properly-initialize-ccaches-before-storing-into-them.patch +++ b/SOURCES/Properly-initialize-ccaches-before-storing-into-them.patch @@ -1,4 +1,4 @@ -From 7a343088a7b716532b1b5c32965fa9ef02c1987a Mon Sep 17 00:00:00 2001 +From 2d91093925c8546d68f9314546353226b4f41569 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Tue, 5 Dec 2017 13:14:29 -0500 Subject: [PATCH] Properly initialize ccaches before storing into them diff --git a/SOURCES/Properly-locate-credentials-in-collection-caches-in-.patch b/SOURCES/Properly-locate-credentials-in-collection-caches-in-.patch index 53bad4d..f1099e8 100644 --- a/SOURCES/Properly-locate-credentials-in-collection-caches-in-.patch +++ b/SOURCES/Properly-locate-credentials-in-collection-caches-in-.patch @@ -1,4 +1,4 @@ -From 51721282ae021e57888b38720a4acd69e88a8f4f Mon Sep 17 00:00:00 2001 +From 5fa4e2d5d484df17ebd9a585a6dfdf4522320426 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Mon, 20 Nov 2017 14:09:04 -0500 Subject: [PATCH] Properly locate credentials in collection caches in mechglue @@ -11,7 +11,7 @@ Reviewed-by: Simo Sorce Merges: #221 (cherry picked from commit 670240a6cd4d5e2ecf13e481621098693cdbaa89) --- - proxy/src/mechglue/gpp_creds.c | 81 +++++++++++++++++++++++++++++------------ + proxy/src/mechglue/gpp_creds.c | 81 +++++++++++++++++++++++---------- proxy/src/mechglue/gss_plugin.h | 2 +- 2 files changed, 59 insertions(+), 24 deletions(-) diff --git a/SOURCES/Separate-cred-and-ccache-manipulation-in-gpp_store_r.patch b/SOURCES/Separate-cred-and-ccache-manipulation-in-gpp_store_r.patch index d9afad8..dbc8dd4 100644 --- a/SOURCES/Separate-cred-and-ccache-manipulation-in-gpp_store_r.patch +++ b/SOURCES/Separate-cred-and-ccache-manipulation-in-gpp_store_r.patch @@ -1,4 +1,4 @@ -From dfddf297c5876d9a5764a83aa7d436b8df020af9 Mon Sep 17 00:00:00 2001 +From 1451b65fec69ff35e029b4770dcb4927ba57060a Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Fri, 17 Nov 2017 13:53:37 -0500 Subject: [PATCH] Separate cred and ccache manipulation in @@ -8,7 +8,7 @@ Signed-off-by: Robbie Harwood Reviewed-by: Simo Sorce (cherry picked from commit 221b553bfb4082085d05b40da9a04c1f7e4af533) --- - proxy/src/mechglue/gpp_creds.c | 62 ++++++++++++++++++++++++++---------------- + proxy/src/mechglue/gpp_creds.c | 62 +++++++++++++++++++++------------- 1 file changed, 39 insertions(+), 23 deletions(-) diff --git a/proxy/src/mechglue/gpp_creds.c b/proxy/src/mechglue/gpp_creds.c diff --git a/SOURCES/Simplify-setting-NONBLOCK-on-socket.patch b/SOURCES/Simplify-setting-NONBLOCK-on-socket.patch index ba874f4..1762d69 100644 --- a/SOURCES/Simplify-setting-NONBLOCK-on-socket.patch +++ b/SOURCES/Simplify-setting-NONBLOCK-on-socket.patch @@ -1,4 +1,4 @@ -From 4a857676879caa636ccbb3fb5c4601fff8afdee0 Mon Sep 17 00:00:00 2001 +From 6d12deeb19cc2e231463427db27f8755649450d1 Mon Sep 17 00:00:00 2001 From: Alexander Scheel Date: Thu, 14 Sep 2017 10:57:12 -0500 Subject: [PATCH] Simplify setting NONBLOCK on socket diff --git a/SOURCES/Tolerate-NULL-pointers-in-gp_same.patch b/SOURCES/Tolerate-NULL-pointers-in-gp_same.patch index 15e2f97..9f2a147 100644 --- a/SOURCES/Tolerate-NULL-pointers-in-gp_same.patch +++ b/SOURCES/Tolerate-NULL-pointers-in-gp_same.patch @@ -1,4 +1,4 @@ -From ea57f8351e8f1ec2ed4a628b5c235498e65fba0f Mon Sep 17 00:00:00 2001 +From 05a2677920f0240ea302e67d699546665687dd14 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Tue, 13 Jun 2017 14:22:44 -0400 Subject: [PATCH] Tolerate NULL pointers in gp_same diff --git a/SOURCES/client-Switch-to-non-blocking-sockets.patch b/SOURCES/client-Switch-to-non-blocking-sockets.patch index 015d555..2d0b34b 100644 --- a/SOURCES/client-Switch-to-non-blocking-sockets.patch +++ b/SOURCES/client-Switch-to-non-blocking-sockets.patch @@ -1,4 +1,4 @@ -From 3d08f71f576a381955f07a91198f5dcb320026ba Mon Sep 17 00:00:00 2001 +From 1962e6128a4d86a7c54977577e1e4224cadbb5f7 Mon Sep 17 00:00:00 2001 From: Alexander Scheel Date: Wed, 2 Aug 2017 15:11:49 -0400 Subject: [PATCH] [client] Switch to non-blocking sockets @@ -15,7 +15,7 @@ Reviewed-by: Simo Sorce Reviewed-by: Robbie Harwood (cherry picked from commit d035646c8feb0b78f0c157580ca02c46cd00dd7e) --- - proxy/src/client/gpm_common.c | 317 +++++++++++++++++++++++++++++++++++++++--- + proxy/src/client/gpm_common.c | 317 +++++++++++++++++++++++++++++++--- 1 file changed, 295 insertions(+), 22 deletions(-) diff --git a/proxy/src/client/gpm_common.c b/proxy/src/client/gpm_common.c diff --git a/SOURCES/server-Add-detailed-request-logging.patch b/SOURCES/server-Add-detailed-request-logging.patch index 6c86058..778c755 100644 --- a/SOURCES/server-Add-detailed-request-logging.patch +++ b/SOURCES/server-Add-detailed-request-logging.patch @@ -1,4 +1,4 @@ -From a45cb6a67530fe2224e2aaeb73808f9e1e99bfa9 Mon Sep 17 00:00:00 2001 +From f413cc257c6c1e60090c72163152ae7fd2180c41 Mon Sep 17 00:00:00 2001 From: Alexander Scheel Date: Fri, 4 Aug 2017 16:09:20 -0400 Subject: [PATCH] [server] Add detailed request logging diff --git a/SPECS/gssproxy.spec b/SPECS/gssproxy.spec index 8d37e7c..b46584a 100644 --- a/SPECS/gssproxy.spec +++ b/SPECS/gssproxy.spec @@ -1,6 +1,6 @@ Name: gssproxy Version: 0.7.0 -Release: 17%{?dist} +Release: 21%{?dist} Summary: GSSAPI Proxy Group: System Environment/Libraries @@ -31,7 +31,6 @@ Patch13: Update-systemd-file.patch Patch14: Fix-error-handling-in-gp_config_from_dir.patch Patch15: Fix-silent-crash-with-duplicate-config-sections.patch Patch16: Do-not-call-gpm_grab_sock-twice.patch -Patch17: Fix-error-message-handling-in-gp_config_from_dir.patch Patch18: Only-empty-FILE-ccaches-when-storing-remote-creds.patch Patch19: Handle-outdated-encrypted-ccaches.patch Patch20: Separate-cred-and-ccache-manipulation-in-gpp_store_r.patch @@ -49,11 +48,15 @@ Patch31: Fix-handling-of-non-EPOLLIN-EPOLLOUT-events.patch Patch32: Fix-error-handling-in-gpm_send_buffer-gpm_recv_buffe.patch Patch33: Emit-debug-on-queue-errors.patch Patch34: Conditionally-reload-kernel-interface-on-SIGHUP.patch +Patch35: Don-t-leak-mech_type-when-CONTINUE_NEEDED-from-init_.patch +Patch36: Always-use-the-encype-we-selected.patch +Patch37: Clarify-debug-and-debug_level-in-man-pages.patch +Patch38: Always-choose-highest-requested-debug-level.patch ### Dependencies ### -# From rhbz#1458913 and friends -Requires: libini_config >= 1.3.1-28 +# From rhbz#1458913 and rhbz#1507607 (and friends) +Requires: libini_config >= 1.3.1-31 Requires: krb5-libs >= 1.15 Requires: keyutils-libs @@ -112,7 +115,6 @@ A proxy for GSSAPI credential handling %patch14 -p2 -b .Fix-error-handling-in-gp_config_from_dir %patch15 -p2 -b .Fix-silent-crash-with-duplicate-config-sections %patch16 -p2 -b .Do-not-call-gpm_grab_sock-twice -%patch17 -p2 -b .Fix-error-message-handling-in-gp_config_from_dir %patch18 -p2 -b .Only-empty-FILE-ccaches-when-storing-remote-creds %patch19 -p2 -b .Handle-outdated-encrypted-ccaches %patch20 -p2 -b .Separate-cred-and-ccache-manipulation-in-gpp_store_r @@ -130,6 +132,10 @@ A proxy for GSSAPI credential handling %patch32 -p2 -b .Fix-error-handling-in-gpm_send_buffer-gpm_recv_buffe %patch33 -p2 -b .Emit-debug-on-queue-errors %patch34 -p2 -b .Conditionally-reload-kernel-interface-on-SIGHUP +%patch35 -p2 -b .Don-t-leak-mech_type-when-CONTINUE_NEEDED-from-init_ +%patch36 -p2 -b .Always-use-the-encype-we-selected +%patch37 -p2 -b .Clarify-debug-and-debug_level-in-man-pages +%patch38 -p2 -b .Always-choose-highest-requested-debug-level %build autoreconf -f -i @@ -190,6 +196,22 @@ rm -rf -- "%{buildroot}" %changelog +* Fri Jun 08 2018 Robbie Harwood 0.7.0-21 +- Always choose highest requested debug level +- Resolves: #1505741 + +* Fri Apr 27 2018 Robbie Harwood 0.7.0-20 +- Clean up debug man page + behavior +- Resolves: #1554249 + +* Fri Apr 27 2018 Robbie Harwood 0.7.0-19 +- Always use the encype we selected +- Resolves: #1549684 + +* Fri Apr 27 2018 Robbie Harwood 0.7.0-18 +- Don't leak mech_type when CONTINUE_NEEDED from init_sec_context +- Resolves: #1553819 + * Wed Dec 13 2017 Robbie Harwood 0.7.0-17 - Conditionally reload kernel interface on SIGHUP - Resolves: #1507817