[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#908893: marked as done (stretch-pu: package globus-gsi-credential_7.11-1+deb9u1)

Your message dated Sat, 10 Nov 2018 10:42:56 +0000
with message-id <1541846576.3542.38.camel@adam-barratt.org.uk>
and subject line Closing bugs for updates included in 9.6
has caused the Debian Bug report #908893,
regarding stretch-pu: package globus-gsi-credential_7.11-1+deb9u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
908893: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908893
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org@packages.debian.org
Usertags: pu

This is a proposed update to the globus-gsi-credential package in
Debian 9 (stretch). I have created it in response to a request that was
sent to me via e-mail (included below).

	Mattias

-------- Vidarebefordrat meddelande --------
Från: Dave Dykstra <dwd@fnal.gov>
Till: Mattias Ellert <mattias.ellert@physics.uu.se>
Ämne: libglobus-gsi-credential1 fix for stretch
Datum: Fri, 14 Sep 2018 15:56:24 -0500

Hi Mattias,

There's been a fix
    https://github.com/globus/globus-toolkit/issues/115
affecting cvmfs-x509-helper in Debian testing libglobus-gsi-credential1
version 7.14-1 since last November, but it still hasn't made it into
Debian 9 stretch or stretch-updates.  Could you backport it there?
Meanwhile I have been maintaining a patched copy in the cvmfs-contrib
repository (https://cvmfs-contrib.github.io).

Dave


diff -Nru globus-gsi-credential-7.11/debian/changelog globus-gsi-credential-7.11/debian/changelog
--- globus-gsi-credential-7.11/debian/changelog	2016-11-08 23:25:05.000000000 +0100
+++ globus-gsi-credential-7.11/debian/changelog	2018-09-15 16:15:42.000000000 +0200
@@ -1,3 +1,11 @@
+globus-gsi-credential (7.11-1+deb9u1) stretch; urgency=medium
+
+  * Fix issue with voms proxy and openssl 1.1
+  * https://github.com/globus/globus-toolkit/issues/115
+  * https://github.com/globus/globus-toolkit/pull/116
+
+ -- Mattias Ellert <mattias.ellert@physics.uu.se>  Sat, 15 Sep 2018 16:15:42 +0200
+
 globus-gsi-credential (7.11-1) unstable; urgency=medium
 
   * GT6 update
diff -Nru globus-gsi-credential-7.11/debian/patches/globus-gsi-credential-voms-openssl-1.1.patch globus-gsi-credential-7.11/debian/patches/globus-gsi-credential-voms-openssl-1.1.patch
--- globus-gsi-credential-7.11/debian/patches/globus-gsi-credential-voms-openssl-1.1.patch	1970-01-01 01:00:00.000000000 +0100
+++ globus-gsi-credential-7.11/debian/patches/globus-gsi-credential-voms-openssl-1.1.patch	2018-09-15 16:09:00.000000000 +0200
@@ -0,0 +1,70 @@
+From 924cb64dda4dae571456772bd1db62d5bbe25ccf Mon Sep 17 00:00:00 2001
+From: Mischa Salle <msalle@nikhef.nl>
+Date: Mon, 23 Oct 2017 20:16:26 +0200
+Subject: [PATCH] Simple patch for GT issue #115
+
+This patch reorders the the setting of the check_issued and the initialization
+of the X509_STORE_CTX object with the X509_STORE thereby solving
+https://github.com/globus/globus-toolkit/issues/115
+---
+ .../source/library/globus_gsi_cred_handle.c   | 28 +++++++++----------
+ 1 file changed, 14 insertions(+), 14 deletions(-)
+
+diff --git a/library/globus_gsi_cred_handle.c b/library/globus_gsi_cred_handle.c
+index 9877ad603d..e890f56abf 100644
+--- a/library/globus_gsi_cred_handle.c
++++ b/library/globus_gsi_cred_handle.c
+@@ -1745,19 +1745,19 @@ globus_gsi_cred_verify_cert_chain(
+     
+     if (X509_STORE_load_locations(cert_store, NULL, cert_dir))
+     {
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++        /* override the check_issued with our version */
++        cert_store->check_issued = globus_gsi_callback_check_issued;
++#else
++        X509_STORE_set_check_issued(cert_store, globus_gsi_callback_check_issued);
++#endif
++
+         store_context = X509_STORE_CTX_new();
+         X509_STORE_CTX_init(store_context, cert_store, cert,
+                             cred_handle->cert_chain);
+         X509_STORE_CTX_set_depth(store_context,
+                                  GLOBUS_GSI_CALLBACK_VERIFY_DEPTH);
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+-        /* override the check_issued with our version */
+-        store_context->check_issued = globus_gsi_callback_check_issued;
+-#else
+-        X509_STORE_set_check_issued(X509_STORE_CTX_get0_store(store_context), globus_gsi_callback_check_issued);
+-#endif
+-
+         globus_gsi_callback_get_X509_STORE_callback_data_index(
+             &callback_data_index);
+ 
+@@ -1937,19 +1937,19 @@ globus_gsi_cred_verify_cert_chain_when(
+     
+     if (X509_STORE_load_locations(cert_store, NULL, cert_dir))
+     {
++        /* override the check_issued with our version */
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++        cert_store->check_issued = globus_gsi_callback_check_issued;
++#else
++        X509_STORE_set_check_issued(cert_store, globus_gsi_callback_check_issued);
++#endif
++
+         store_context = X509_STORE_CTX_new();
+         X509_STORE_CTX_init(store_context, cert_store, cert,
+                             cred_handle->cert_chain);
+         X509_STORE_CTX_set_depth(store_context,
+                                  GLOBUS_GSI_CALLBACK_VERIFY_DEPTH);
+ 
+-        /* override the check_issued with our version */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+-        store_context->check_issued = globus_gsi_callback_check_issued;
+-#else
+-        X509_STORE_set_check_issued(X509_STORE_CTX_get0_store(store_context), globus_gsi_callback_check_issued);
+-#endif
+-
+         globus_gsi_callback_get_X509_STORE_callback_data_index(
+             &callback_data_index);
+ 
diff -Nru globus-gsi-credential-7.11/debian/patches/series globus-gsi-credential-7.11/debian/patches/series
--- globus-gsi-credential-7.11/debian/patches/series	1970-01-01 01:00:00.000000000 +0100
+++ globus-gsi-credential-7.11/debian/patches/series	2018-09-15 16:14:04.000000000 +0200
@@ -0,0 +1,4 @@
+# Fix issue with voms proxy and openssl 1.1
+# https://github.com/globus/globus-toolkit/issues/115
+# https://github.com/globus/globus-toolkit/pull/116
+globus-gsi-credential-voms-openssl-1.1.patch

Attachment: smime.p7s
Description: S/MIME cryptographic signature


--- End Message ---
--- Begin Message --- 
Version: 9.6

Hi,

The update referenced by each of these bugs was included in this
morning's stretch point release.

Regards,

Adam

--- End Message ---
Reply to: