Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package gssproxy for openSUSE:Factory checked in at 2026-06-25 17:14:13 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gssproxy (Old) and /work/SRC/openSUSE:Factory/.gssproxy.new.2088 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gssproxy" Thu Jun 25 17:14:13 2026 rev:9 rq:1361730 version:0.9.2 Changes: -------- --- /work/SRC/openSUSE:Factory/gssproxy/gssproxy.changes 2024-02-28 19:47:01.309595956 +0100 +++ /work/SRC/openSUSE:Factory/.gssproxy.new.2088/gssproxy.changes 2026-06-25 17:14:22.315538025 +0200 @@ -1,0 +2,26 @@ +Thu Jun 25 10:24:54 UTC 2026 - Anthony Iliopoulos <[email protected]> + +- Add package runtime requirement to libverto-module-base (bsc#1268795) + + Require libverto-module-base so that at least one of the event loop + backend implementations will be installed alongside the package, + otherwise gssproxy cannot start without explicitly installing the + libverto-libev1 package. + +------------------------------------------------------------------- +Thu Jun 25 08:20:35 UTC 2026 - Anthony Iliopoulos <[email protected]> + +- Update to 0.9.2 + +- Added upstream patches to address libini compilation issues: + * Remove-unneeded-include-in-configure-script.patch + * Don-t-check-for-libref_array-explicitly.patch + * Fix-cross-compilation.patch + +- Added upstream patch to address failing failing tests + * gssproxy-Modernize-systemd.m4-macro.patch + +- Updated systemd service hardening patch to match upstream + * harden_gssproxy.service.patch + +------------------------------------------------------------------- Old: ---- gssproxy-0.8.4.tar.gz New: ---- Don-t-check-for-libref_array-explicitly.patch Fix-cross-compilation.patch Remove-unneeded-include-in-configure-script.patch gssproxy-0.9.2.tar.gz gssproxy-Modernize-systemd.m4-macro.patch ----------(New B)---------- New: * Remove-unneeded-include-in-configure-script.patch * Don-t-check-for-libref_array-explicitly.patch * Fix-cross-compilation.patch New: * Don-t-check-for-libref_array-explicitly.patch * Fix-cross-compilation.patch New:- Added upstream patches to address libini compilation issues: * Remove-unneeded-include-in-configure-script.patch * Don-t-check-for-libref_array-explicitly.patch New:- Added upstream patch to address failing failing tests * gssproxy-Modernize-systemd.m4-macro.patch ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gssproxy.spec ++++++ --- /var/tmp/diff_new_pack.mNBYAV/_old 2026-06-25 17:14:23.243570038 +0200 +++ /var/tmp/diff_new_pack.mNBYAV/_new 2026-06-25 17:14:23.247570176 +0200 @@ -1,7 +1,7 @@ # # spec file for package gssproxy # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2026 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: gssproxy -Version: 0.8.4 +Version: 0.9.2 Release: 0 Summary: Daemon for managing gss-api requests License: MIT @@ -25,6 +25,10 @@ URL: https://github.com/gssapi/gssproxy Source0: https://github.com/gssapi/gssproxy/releases/download/v%{version}/gssproxy-%{version}.tar.gz Patch0: harden_gssproxy.service.patch +Patch1: Remove-unneeded-include-in-configure-script.patch +Patch2: Don-t-check-for-libref_array-explicitly.patch +Patch3: Fix-cross-compilation.patch +Patch4: gssproxy-Modernize-systemd.m4-macro.patch BuildRequires: docbook-xsl-stylesheets BuildRequires: doxygen BuildRequires: krb5-client @@ -50,6 +54,7 @@ %if 0%{?suse_version} > 1315 # in earlier versions, libverto is in krb5-devel BuildRequires: pkgconfig(libverto) >= 0.2.2 +Requires: libverto-module-base >= 0.2.2 %endif %description @@ -103,10 +108,15 @@ %dir %{_localstatedir}/lib/gssproxy %dir %{_localstatedir}/lib/gssproxy/rcache %{_unitdir}/gssproxy.service +%{_userunitdir}/gssuserproxy.service +%{_userunitdir}/gssuserproxy.socket %{_mandir}/man5/gssproxy.conf.5%{?ext_man} %{_mandir}/man8/gssproxy-mech.8%{?ext_man} %{_mandir}/man8/gssproxy.8%{?ext_man} %dir %{_sysconfdir}/gssproxy %config %{_sysconfdir}/gssproxy/gssproxy.conf %config %{_sysconfdir}/gssproxy/24-nfs-server.conf +%dir %{_sysconfdir}/gss/ +%dir %{_sysconfdir}/gss/mech.d +%config %{_sysconfdir}/gss/mech.d/proxymech.conf ++++++ Don-t-check-for-libref_array-explicitly.patch ++++++ From: Alexey Tikhonov <[email protected]> Date: Thu, 29 Jan 2026 09:34:50 +0100 Subject: Don't check for libref_array explicitly Git-repo: https://github.com/gssapi/gssproxy Git-commit: bd4518ea977244643ac9d4970164e10bc372572c LIBINI_CONFIG_LIBS contains '-lref_array' and there is no lib version that wouldn't provide `ref_array_destroy()`, so this change won't break anything now. On the other hand, it can help to avoid breaking later, when 'ref_array' will be merged in 'ini_config'. Signed-off-by: Alexey Tikhonov <[email protected]> Acked-by: Anthony Iliopoulos <[email protected]> --- configure.ac | 1 - external/dinglibs.m4 | 249 +++++++++++++++++++++++++-------------------------- 2 files changed, 121 insertions(+), 129 deletions(-) diff --git a/configure.ac b/configure.ac index 3e0b0368660e..fccad922a434 100644 --- a/configure.ac +++ b/configure.ac @@ -147,7 +147,6 @@ if test x$only_gss_module != xyes; then WITH_LIBINI_CONFIG - WITH_REF_ARRAY INI_CFLAGS="$INI_CONFIG_CFLAGS" INI_LIBS="$INI_CONFIG_LIBS" diff --git a/external/dinglibs.m4 b/external/dinglibs.m4 index b1abf8ecac87..d7a478b29c1a 100644 --- a/external/dinglibs.m4 +++ b/external/dinglibs.m4 @@ -10,137 +10,130 @@ AC_DEFUN([WITH_LIBINI_CONFIG], AC_CHECK_LIB(ini_config, ini_config_augment, [], [AC_MSG_ERROR([ini_config library must support ini_config_augment])], [$INI_CONFIG_LIBS]) - have_libini_config=yes - ], [ - AC_MSG_ERROR([Could not find LIBINI_CONFIG headers]) - have_libini_config=no - ]) -]) - -AC_DEFUN([WITH_REF_ARRAY], [ - -AC_CHECK_LIB(ref_array, ref_array_destroy, [], - [AC_MSG_ERROR([library must support ref_array_destroy])], - [$INI_CONFIG_LIBS]) - -AC_RUN_IFELSE([AC_LANG_SOURCE([[ -/* See: https://pagure.io/SSSD/ding-libs/pull-request/3172 */ -#include <linux/limits.h> -#include <string.h> -#include <errno.h> -#include <stdio.h> -#include <stdlib.h> -#include <stdint.h> -#include <ini_configobj.h> - -static int write_to_file(char *path, char *text) -{ - FILE *f = fopen(path, "w"); - int bytes = 0; - if (f == NULL) - return 1; - - bytes = fprintf(f, "%s", text); - if (bytes < 0 || (size_t)bytes != strlen(text)) - return 1; - - return fclose(f); -} - -int main(void) -{ - char base_path[PATH_MAX]; - char augment_path[PATH_MAX]; - - char config_base[] = - "[section]\n" - "key1 = first\n" - "key2 = exists\n"; - char config_augment[] = - "[section]\n" - "key1 = augment\n" - "key3 = exists\n"; - - char *builddir; - - struct ini_cfgobj *in_cfg, *result_cfg; - struct ini_cfgfile *file_ctx; - - uint32_t merge_flags = INI_MS_DETECT | INI_MS_PRESERVE; - - int ret; - - builddir = getenv("builddir"); - if (builddir == NULL) { - builddir = strdup("."); - } - - snprintf(base_path, PATH_MAX, "%s/tmp_augment_base.conf", builddir); - snprintf(augment_path, PATH_MAX, "%s/tmp_augment_augment.conf", builddir); - - ret = write_to_file(base_path, config_base); - if (ret != 0) { - ret = 1; - goto cleanup; + AC_RUN_IFELSE([AC_LANG_SOURCE([[ + /* See: https://pagure.io/SSSD/ding-libs/pull-request/3172 */ + #include <linux/limits.h> + #include <string.h> + #include <errno.h> + #include <stdio.h> + #include <stdlib.h> + #include <stdint.h> + #include <ini_configobj.h> + + static int write_to_file(char *path, char *text) + { + FILE *f = fopen(path, "w"); + int bytes = 0; + if (f == NULL) + return 1; + + bytes = fprintf(f, "%s", text); + if (bytes < 0 || (size_t)bytes != strlen(text)) + return 1; + + return fclose(f); } - ret = write_to_file(augment_path, config_augment); - if (ret != 0) { - goto cleanup; + int main(void) + { + char base_path[PATH_MAX]; + char augment_path[PATH_MAX]; + + char config_base[] = + "[section]\n" + "key1 = first\n" + "key2 = exists\n"; + + char config_augment[] = + "[section]\n" + "key1 = augment\n" + "key3 = exists\n"; + + char *builddir; + + struct ini_cfgobj *in_cfg, *result_cfg; + struct ini_cfgfile *file_ctx; + + uint32_t merge_flags = INI_MS_DETECT | INI_MS_PRESERVE; + + int ret; + + builddir = getenv("builddir"); + if (builddir == NULL) { + builddir = strdup("."); + } + + snprintf(base_path, PATH_MAX, "%s/tmp_augment_base.conf", builddir); + snprintf(augment_path, PATH_MAX, "%s/tmp_augment_augment.conf", builddir); + + ret = write_to_file(base_path, config_base); + if (ret != 0) { + ret = 1; + goto cleanup; + } + + ret = write_to_file(augment_path, config_augment); + if (ret != 0) { + goto cleanup; + } + + /* Match only augment.conf */ + const char *m_patterns[] = { "^tmp_augment_augment.conf$", NULL }; + + /* Match all sections */ + const char *m_sections[] = { ".*", NULL }; + + /* Create config collection */ + ret = ini_config_create(&in_cfg); + if (ret != EOK) + goto cleanup; + + /* Open base.conf */ + ret = ini_config_file_open(base_path, 0, &file_ctx); + if (ret != EOK) + goto cleanup; + + /* Seed in_cfg with base.conf */ + ret = ini_config_parse(file_ctx, 1, 0, 0, in_cfg); + if (ret != EOK) + goto cleanup; + + /* Update base.conf with augment.conf */ + ret = ini_config_augment(in_cfg, + builddir, + m_patterns, + m_sections, + NULL, + INI_STOP_ON_NONE, + 0, + INI_PARSE_NOSPACE|INI_PARSE_NOTAB, + merge_flags, + &result_cfg, + NULL, + NULL); + /* We always expect EEXIST due to DETECT being set. */ + if (ret != EEXIST) + goto cleanup; + + ret = 0; + + cleanup: + remove(base_path); + remove(augment_path); + + /* Per autoconf guidelines */ + if (ret != 0) + ret = 1; + + return ret; } + ]])] + ,, [AC_MSG_ERROR(["ini_config library must support extended INI_MS_DETECT. See: https://pagure.io/SSSD/ding-libs/pull-request/3172";])]) - /* Match only augment.conf */ - const char *m_patterns[] = { "^tmp_augment_augment.conf$", NULL }; - - /* Match all sections */ - const char *m_sections[] = { ".*", NULL }; - - /* Create config collection */ - ret = ini_config_create(&in_cfg); - if (ret != EOK) - goto cleanup; - - /* Open base.conf */ - ret = ini_config_file_open(base_path, 0, &file_ctx); - if (ret != EOK) - goto cleanup; - - /* Seed in_cfg with base.conf */ - ret = ini_config_parse(file_ctx, 1, 0, 0, in_cfg); - if (ret != EOK) - goto cleanup; - - /* Update base.conf with augment.conf */ - ret = ini_config_augment(in_cfg, - builddir, - m_patterns, - m_sections, - NULL, - INI_STOP_ON_NONE, - 0, - INI_PARSE_NOSPACE|INI_PARSE_NOTAB, - merge_flags, - &result_cfg, - NULL, - NULL); - /* We always expect EEXIST due to DETECT being set. */ - if (ret != EEXIST) - goto cleanup; - - ret = 0; - -cleanup: - remove(base_path); - remove(augment_path); - - /* Per autoconf guidelines */ - if (ret != 0) - ret = 1; - - return ret; -} -]])] -,, [AC_MSG_ERROR(["ini_config library must support extended INI_MS_DETECT. See: https://pagure.io/SSSD/ding-libs/pull-request/3172";])]) - + have_libini_config=yes + ], [ + AC_MSG_ERROR([Could not find LIBINI_CONFIG headers]) + have_libini_config=no + ]) ]) ++++++ Fix-cross-compilation.patch ++++++ From: Sietse <[email protected]> Date: Fri, 25 Oct 2024 09:23:23 +0000 Subject: Fix cross compilation Git-repo: https://github.com/gssapi/gssproxy Git-commit: 9516730337e7501397ed3efe3ca2e42db1254976 Fixes Issue 106 (https://github.com/gssapi/gssproxy/issues/106) modified: external/dinglibs.m4 A warning message is displayed to the user to make sure lib_ini_config supprts extenden INI_MS_DETECT, since the test cannot be run in a cross compilation scenario. modified: external/docbook.m4 Autoconf Macro AC_CHECK_FILE has been replaced by an explicit if ! test -e ..., as AC_CHECK_FILE is not available in cross compilation scenario. Signed-off-by: Sietse <[email protected]> Acked-by: Anthony Iliopoulos <[email protected]> --- external/dinglibs.m4 | 2 +- external/docbook.m4 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/external/dinglibs.m4 b/external/dinglibs.m4 index d7a478b29c1a..5836e994750c 100644 --- a/external/dinglibs.m4 +++ b/external/dinglibs.m4 @@ -129,7 +129,7 @@ AC_DEFUN([WITH_LIBINI_CONFIG], return ret; } ]])] - ,, [AC_MSG_ERROR(["ini_config library must support extended INI_MS_DETECT. See: https://pagure.io/SSSD/ding-libs/pull-request/3172";])]) + ,, [AC_MSG_ERROR(["ini_config library must support extended INI_MS_DETECT."])], AC_MSG_WARN(["Cross Compiling. Make sure your ini_config library supports extended INI_MS_DETECT"])) have_libini_config=yes ], [ diff --git a/external/docbook.m4 b/external/docbook.m4 index cae89feb1fec..b5c128a935ee 100644 --- a/external/docbook.m4 +++ b/external/docbook.m4 @@ -23,7 +23,7 @@ dnl Checks if the XML catalog given by FILE exists and dnl if a particular URI appears in the XML catalog AC_DEFUN([CHECK_STYLESHEET], [ - AC_CHECK_FILE($1, [], [AC_MSG_ERROR([could not find XML catalog])]) + if ! test -e $1; then AC_MSG_ERROR([could not find XML catalog]); fi AC_MSG_CHECKING([for ifelse([$3],,[$2],[$3]) in XML catalog]) if AC_RUN_LOG([$XMLCATALOG --noout "$1" "$2" >&2]); then ++++++ Remove-unneeded-include-in-configure-script.patch ++++++ From: Alexey Tikhonov <[email protected]> Date: Wed, 28 Jan 2026 19:36:24 +0100 Subject: Remove unneeded include in configure script Git-repo: https://github.com/gssapi/gssproxy Git-commit: 75362245304c43715d50743d3e37dc1ce66b704b Deprecated 'ini_config.h' is going to be removed from public API. Signed-off-by: Alexey Tikhonov <[email protected]> Acked-by: Anthony Iliopoulos <[email protected]> --- external/dinglibs.m4 | 1 - 1 file changed, 1 deletion(-) diff --git a/external/dinglibs.m4 b/external/dinglibs.m4 index 04b3acc8ad21..b1abf8ecac87 100644 --- a/external/dinglibs.m4 +++ b/external/dinglibs.m4 @@ -32,7 +32,6 @@ AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <stdlib.h> #include <stdint.h> #include <ini_configobj.h> -#include <ini_config.h> static int write_to_file(char *path, char *text) { ++++++ gssproxy-0.8.4.tar.gz -> gssproxy-0.9.2.tar.gz ++++++ ++++ 28046 lines of diff (skipped) ++++++ gssproxy-Modernize-systemd.m4-macro.patch ++++++ From: =?utf-8?q?David_H=C3=A4rdeman_=3Cdavid=40hardeman=2Enu=3E?= Date: Thu, 19 Oct 2023 23:54:18 +0200 Subject: [gssproxy] Modernize systemd.m4 macro MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Git-repo: https://github.com/gssapi/gssproxy Git-commit: b70043186e4d323d29663783572ecf8fcbaf30d4 libsystemd-daemon hasn't been a thing since systemd 209 was released (February 2014, before RHEL 7). And the thing we really want to look for is libsystemd, that's it. Signed-off-by: David Härdeman <[email protected]> Acked-by: Anthony Iliopoulos <[email protected]> --- external/systemd.m4 | 37 +++++++++++-------------------------- 1 file changed, 11 insertions(+), 26 deletions(-) diff --git a/external/systemd.m4 b/external/systemd.m4 index 4aa18cf74cf7..81953d7f14fc 100644 --- a/external/systemd.m4 +++ b/external/systemd.m4 @@ -1,29 +1,14 @@ -dnl A macro to check presence of systemd on the system +dnl A macro to check presence of libsystemd on the system AC_DEFUN([AM_CHECK_SYSTEMD], [ - PKG_CHECK_EXISTS([systemd], - [HAVE_SYSTEMD=yes], - [HAVE_SYSTEMD=no]) - - dnl older system uses libsystemd - PKG_CHECK_EXISTS([libsystemd], - [HAVE_LIBSYSTEMD=yes], - [HAVE_LIBSYSTEMD=no]) - dnl newer systemd splits libsystemd in slaler libs - AS_IF([test x$HAVE_LIBSYSTEMD = xyes], - [daemon_lib_name=libsystemd], - [daemon_lib_name=libsystemd-daemon]) - - AS_IF([test x$HAVE_SYSTEMD = xyes], - [PKG_CHECK_MODULES( - [SYSTEMD_DAEMON], - [$daemon_lib_name], - [AC_DEFINE_UNQUOTED([HAVE_SYSTEMD_DAEMON], 1, - [Build with $daemon_lib_name support]) - - AC_MSG_NOTICE([Will enable systemd socket activation])], - [AC_MSG_NOTICE([Build without $daemon_lib_name support])])], - [AC_MSG_NOTICE([Build without $daemon_lib_name support])]) - - AM_CONDITIONAL([HAVE_SYSTEMD_DAEMON], [test x"$daemon_lib_name" != x]) + PKG_CHECK_MODULES([SYSTEMD_DAEMON], + [libsystemd], + [AC_DEFINE_UNQUOTED([HAVE_SYSTEMD_DAEMON], 1, + [Build with libsystemd support]) + HAVE_SYSTEMD_DAEMON=yes + AC_MSG_NOTICE([Build with libsystemd support])], + [HAVE_SYSTEMD_DAEMON=no + AC_MSG_NOTICE([Build without libsystemd support])]) + + AM_CONDITIONAL([HAVE_SYSTEMD_DAEMON], [test x"$HAVE_SYSTEMD_DAEMON" = xyes]) ]) ++++++ harden_gssproxy.service.patch ++++++ --- /var/tmp/diff_new_pack.mNBYAV/_old 2026-06-25 17:14:23.727586735 +0200 +++ /var/tmp/diff_new_pack.mNBYAV/_new 2026-06-25 17:14:23.735587010 +0200 @@ -1,25 +1,14 @@ -Index: gssproxy-0.8.4/systemd/gssproxy.service.in +Index: gssproxy-0.9.2/systemd/gssproxy.service.in =================================================================== ---- gssproxy-0.8.4.orig/systemd/gssproxy.service.in -+++ gssproxy-0.8.4/systemd/gssproxy.service.in -@@ -5,6 +5,19 @@ After=syslog.target network.target - Before=rpc-gssd.service - - [Service] -+# added automatically, for details please see -+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort -+ProtectSystem=full -+ProtectHome=true +--- gssproxy-0.9.2.orig/systemd/gssproxy.service.in ++++ gssproxy-0.9.2/systemd/gssproxy.service.in +@@ -19,6 +19,8 @@ ProtectClock=true + ProtectKernelLogs=true + ProtectControlGroups=true + RestrictRealtime=true +PrivateDevices=true -+ProtectHostname=true -+ProtectClock=true -+ProtectKernelTunables=true +ProtectKernelModules=true -+ProtectKernelLogs=true -+ProtectControlGroups=true -+RestrictRealtime=true -+# end of automatic additions - Environment=KRB5RCACHEDIR=/var/lib/gssproxy/rcache - ExecStart=@sbindir@/gssproxy -D - # These two should be used with traditional UNIX forking daemons + # NoNewPrivileges: when true breaks the ability to open a socket + # under /var/lib/gssproxy so no NoNewPrivileges + # PrivateTmp: can't be used as it hides ccaches stored in /tmp
