Name: gssproxy Version: 0.7.0 Release: 4%{?dist} Summary: GSSAPI Proxy Group: System Environment/Libraries License: MIT URL: https://pagure.io/gssproxy Source0: https://releases.pagure.org/gssproxy/gssproxy-%{version}.tar.gz BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) %global servicename gssproxy %global pubconfpath %{_sysconfdir}/gssproxy %global gpstatedir %{_localstatedir}/lib/gssproxy ### Patches ### Patch0: Properly-renew-expired-credentials.patch Patch1: Change-impersonator-check-code.patch Patch2: Allow-connection-to-self-when-impersonator-set.patch Patch3: Make-proc-file-failure-loud-but-nonfatal.patch ### Dependencies ### Requires: krb5-libs >= 1.15 Requires: keyutils-libs Requires: libverto-module-base Requires(post): systemd-units Requires(preun): systemd-units Requires(postun): systemd-units ### Build Dependencies ### BuildRequires: autoconf BuildRequires: automake BuildRequires: coreutils BuildRequires: docbook-style-xsl BuildRequires: doxygen BuildRequires: findutils BuildRequires: gettext-devel BuildRequires: keyutils-libs-devel BuildRequires: krb5-devel >= 1.15 BuildRequires: libini_config-devel >= 1.0.0.1 BuildRequires: libselinux-devel BuildRequires: libtool BuildRequires: libverto-devel BuildRequires: libxml2 BuildRequires: libxslt BuildRequires: m4 BuildRequires: pkgconfig BuildRequires: popt-devel BuildRequires: sed BuildRequires: systemd-units %description A proxy for GSSAPI credential handling %prep %setup -q %patch0 -p2 -b .Properly-renew-expired-credentials %patch1 -p2 -b .Change-impersonator-check-code %patch2 -p2 -b .Allow-connection-to-self-when-impersonator-set %patch3 -p2 -b .Make-proc-file-failure-loud-but-nonfatal %build autoreconf -f -i %configure \ --with-pubconf-path=%{pubconfpath} \ --with-initscript=systemd \ --disable-static \ --disable-rpath \ --with-gpp-default-behavior=REMOTE_FIRST \ CFLAGS="$CFLAGS -fPIE -fstack-protector-all" \ LDFLAGS="$LDFLAGS -fPIE -pie -Wl,-z,now" make %{?_smp_mflags} all make test_proxymech %install rm -rf -- "%{buildroot}" make install DESTDIR=%{buildroot} rm -f -- %{buildroot}%{_libdir}/gssproxy/proxymech.la install -d -m755 %{buildroot}%{_sysconfdir}/gssproxy install -m644 examples/gssproxy.conf %{buildroot}%{_sysconfdir}/gssproxy/gssproxy.conf install -m644 examples/99-nfs-client.conf %{buildroot}%{_sysconfdir}/gssproxy/99-nfs-client.conf mkdir -p %{buildroot}%{_sysconfdir}/gss/mech.d install -m644 examples/mech %{buildroot}%{_sysconfdir}/gss/mech.d/gssproxy.conf mkdir -p %{buildroot}/var/lib/gssproxy/rcache %clean rm -rf -- "%{buildroot}" %files %defattr(-,root,root,-) %doc COPYING %{_unitdir}/gssproxy.service %{_sbindir}/gssproxy %attr(755,root,root) %dir %{pubconfpath} %attr(755,root,root) %dir %{gpstatedir} %attr(700,root,root) %dir %{gpstatedir}/clients %attr(0600,root,root) %config(noreplace) /%{_sysconfdir}/gssproxy/gssproxy.conf %attr(0600,root,root) %config(noreplace) /%{_sysconfdir}/gssproxy/99-nfs-client.conf %attr(0644,root,root) %config(noreplace) /%{_sysconfdir}/gss/mech.d/gssproxy.conf %attr(700,root,root) %dir /var/lib/gssproxy/rcache %{_libdir}/gssproxy/proxymech.so %{_mandir}/man5/gssproxy.conf.5* %{_mandir}/man8/gssproxy.8* %{_mandir}/man8/gssproxy-mech.8* %post %systemd_post gssproxy.service %preun %systemd_preun gssproxy.service %postun %systemd_postun_with_restart gssproxy.service %changelog * Wed May 31 2017 Robbie Harwood 0.7.0-4 - Make proc file failure loud but nonfatal - Resolves: #1449238 * Tue Mar 28 2017 Robbie Harwood 0.7.0-3 - Stop shipping NFS server snippet (nfs-utils takes it instead) - Resolves: #1379836 * Tue Mar 14 2017 Robbie Harwood 0.7.0-2 - Fix credential handling with mod_auth_gssapi that we broke - Resolves: #1379836 * Fri Mar 10 2017 Robbie Harwood 0.7.0-1 - New upstream version - 0.7.0 - Resolves: #1379836 * Tue Feb 28 2017 Robbie Harwood 0.6.2-4 - Include fixes for NULL-termination - Resolves: #1379836 * Thu Feb 23 2017 Robbie Harwood 0.6.2-3 - Document debug_level option - Resolves: #1379836 * Tue Feb 21 2017 Robbie Harwood 0.6.2-2 - Enable running the test suite - Resolves: #1379836 * Thu Feb 16 2017 Robbie Harwood 0.6.2-1 - Rebase to latest version since we have krb5-1.15 - Resolves: #1379836 - Resolves: #1344518 - Resolves: #1366782 - Resolves: #1379005 - Resolves: #1379482 - Resolves: #1379616 - Resolves: #1380490 - Resolves: #1378600 - Resolves: #1285012 - Resolves: #1333813 * Tue Sep 06 2016 Robbie Harwood 0.4.1-13 - Third try is the charm - Resolves: #1092515 * Tue Sep 06 2016 Robbie Harwood 0.4.1-12 - Restore _FORTIFY_SOURCE behavior - Resolves: #1092515 * Tue Sep 06 2016 Robbie Harwood 0.4.1-11 - Actually harden build with PIE and RELRO - Resolves: #1092515 * Fri Jun 10 2016 Robbie Harwood 0.4.1-10 - Fix behavior with multiple keys in a keytab - Resolves: #1285012 * Tue Jun 07 2016 Robbie Harwood 0.4.1-9 - Re-open socket in mechglue if client forks/changes privilege - Resolves: #1340259 * Wed Mar 30 2016 Robbie Harwood 0.4.1-8 - Make GSS-Proxy work with krb5-1.14 - resolves: #1292487 * Tue Sep 29 2015 Simo Sorce 0.4.1-7 - Fix loop cause by imporper EINTR handling - resolves: #1266564 * Mon Aug 24 2015 Roland Mainz 0.4.1-6 - Remove extra whitespaces from #1208640/#1194299 patches - spec file cleanup related: #1208640 #1194299 * Wed Aug 19 2015 Robbie Harwood 0.4.1-5 - Carry service/HTTP default conf section - resolves: #1208640 * Wed Aug 19 2015 Robbie Harwood 0.4.1-4 - Set default rcache location patch - resolves: #1194299 * Mon Jul 13 2015 Roland Mainz 0.4.1-3 - Bug #1213852 ("[gssproxy] NFS clients cannot mount with sec=krb5 if the NFS server is running gssproxy") was fixed by the rebase to 0.4.1 in bug ("[RFE] Rebase gssproxy to the latest to match expectations of other projects"). Note that the same bug was also fixed in the kernel with "9507271 svcrpc: fix potential GSSX_ACCEPT_SEC_CONTEXT decoding failures" (see https://bugzilla.redhat.com/show_bug.cgi?id=1213852#c2 and RH Bug #1120860 ("[NFS] NFS clients cannot mount with sec=krb5 if the NFS server is running gssproxy")) to handle various corner cases not covered by gssproxy, for example individual krb5 ticket fields exceeding the kernel's buffer size. * Thu Jul 9 2015 Roland Mainz 0.4.1-2 - The following bugs have been fixed by the rebase to 0.4.1 in bug ("[RFE] Rebase gssproxy to the latest to match expectations of other projects"): - Bug #1196371 ("rpc.gssd segfaults in gssproxy (proxymech.so)") Upstream tickets { #137, #144 } - Bug #1053730 ("KrbLocalUserMapping does not work with Apache & GSS-Proxy") Upstream ticket #101 - Bug #1168962 ("gssproxy is not working with httpd on ppc64 and s390x") Upstream ticket #146 * Thu Jul 9 2015 Roland Mainz 0.4.1-1 - Add patch to remove -fno-strict-aliasing (gssproxy ticket #140, a dependicy for the fix for bug #1092515 (see below)) - Add patch to fix bug #1092515 ("gssproxy - PIE and RELRO check") * Fri Jun 5 2015 Roland Mainz 0.4.1-0 - Rebase gssproxy to 0.4.1 per bug #1132389 ("[RFE] Rebase gssproxy to the latest to match expectations of other projects"). * Fri Jan 23 2015 Simo Sorce 0.3.0-10 - Fix crash bug affecting updated rpc.gssd - resolves: #1184531 * Wed Mar 12 2014 Guenther Deschner 0.3.0-9 - Fix potential mutex deadlock - resolves: #1075268 * Fri Jan 24 2014 Daniel Mach - 0.3.0-8 - Mass rebuild 2014-01-24 * Thu Jan 16 2014 Guenther Deschner 0.3.0-7 - Fix nfsd startup - resolves: https://fedorahosted.org/gss-proxy/ticket/114 - resolves: #1053710 * Fri Dec 27 2013 Daniel Mach - 0.3.0-6 - Mass rebuild 2013-12-27 * Tue Dec 17 2013 Guenther Deschner 0.3.0-5 - Fix flags handling. - resolves: https://fedorahosted.org/gss-proxy/ticket/112 - related: #1031710 * Wed Nov 27 2013 Guenther Deschner 0.3.0-4 - Use secure_getenv - resolves: https://fedorahosted.org/gss-proxy/ticket/110 - resolves: #1032684 - Use strerror_r instead of strerror - resolves: https://fedorahosted.org/gss-proxy/ticket/111 - resolves: #1033350 * Tue Nov 19 2013 Guenther Deschner 0.3.0-3 - Fix flags handling in gss_init_sec_context() - resolves: https://fedorahosted.org/gss-proxy/ticket/106 - resolves: #1031713 - Fix OID handling in gss_inquire_cred_by_mech() - resolves: https://fedorahosted.org/gss-proxy/ticket/107 - resolves: #1031712 - Fix continuation processing for not yet fully established contexts. - resolves: https://fedorahosted.org/gss-proxy/ticket/108 - resolves: #1031711 - Add flags filtering and flags enforcing. - resolves: https://fedorahosted.org/gss-proxy/ticket/109 - resolves: #1031710 * Wed Oct 23 2013 Guenther Deschner 0.3.0-0 - New upstream release 0.3.0: * Add support for impersonation (depends on s4u2self/s4u2proxy on the KDC) * Add support for new rpc.gssd mode of operation that forks and changes uid * Add 2 new options allow_any_uid and cred_usage * Fri Oct 18 2013 Guenther Deschner 0.2.3-8 - Fix default proxymech documentation and fix LOCAL_FIRST implementation - resolves: https://fedorahosted.org/gss-proxy/ticket/105 * Wed Jul 24 2013 Guenther Deschner 0.2.3-6 - Add better default gssproxy.conf file for nfs client and server usage * Thu Jun 06 2013 Guenther Deschner 0.2.3-5 - New upstream release * Fri May 31 2013 Guenther Deschner 0.2.2-5 - Require libverto-tevent to make sure libverto initialization succeeds * Wed May 29 2013 Guenther Deschner 0.2.2-4 - Modify systemd unit files for nfs-secure services * Wed May 22 2013 Guenther Deschner 0.2.2-3 - Fix cred_store handling w/o client keytab * Thu May 16 2013 Guenther Deschner 0.2.2-2 - New upstream release * Tue May 07 2013 Guenther Deschner 0.2.1-2 - New upstream release * Wed Apr 24 2013 Guenther Deschner 0.2.0-1 - New upstream release * Mon Apr 01 2013 Simo Sorce - 0.1.0-0 - New upstream release * Thu Feb 14 2013 Fedora Release Engineering - 0.0.3-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Tue Nov 06 2012 Guenther Deschner 0.0.3-7 - Update to 0.0.3 * Wed Aug 22 2012 Guenther Deschner 0.0.2-6 - Use new systemd-rpm macros - resolves: #850139 * Wed Jul 18 2012 Guenther Deschner 0.0.2-5 - More spec file fixes * Mon Jul 16 2012 Guenther Deschner 0.0.2-4 - Fix systemd service file * Fri Jul 13 2012 Guenther Deschner 0.0.2-3 - Fix various packaging issues * Mon Jul 02 2012 Guenther Deschner 0.0.1-2 - Add systemd packaging * Wed Mar 28 2012 Guenther Deschner 0.0.1-1 - Various fixes * Mon Dec 12 2011 Simo Sorce - 0.0.2-0 - Automated build of the gssproxy daemon