Package: release.debian.org Severity: normal Tags: stretch User: release.debian.org@packages.debian.org Usertags: pu This is a proposed update to the globus-gsi-credential package in Debian 9 (stretch). I have created it in response to a request that was sent to me via e-mail (included below). Mattias -------- Vidarebefordrat meddelande -------- Från: Dave Dykstra <dwd@fnal.gov> Till: Mattias Ellert <mattias.ellert@physics.uu.se> Ämne: libglobus-gsi-credential1 fix for stretch Datum: Fri, 14 Sep 2018 15:56:24 -0500 Hi Mattias, There's been a fix https://github.com/globus/globus-toolkit/issues/115 affecting cvmfs-x509-helper in Debian testing libglobus-gsi-credential1 version 7.14-1 since last November, but it still hasn't made it into Debian 9 stretch or stretch-updates. Could you backport it there? Meanwhile I have been maintaining a patched copy in the cvmfs-contrib repository (https://cvmfs-contrib.github.io). Dave
diff -Nru globus-gsi-credential-7.11/debian/changelog globus-gsi-credential-7.11/debian/changelog --- globus-gsi-credential-7.11/debian/changelog 2016-11-08 23:25:05.000000000 +0100 +++ globus-gsi-credential-7.11/debian/changelog 2018-09-15 16:15:42.000000000 +0200 @@ -1,3 +1,11 @@ +globus-gsi-credential (7.11-1+deb9u1) stretch; urgency=medium + + * Fix issue with voms proxy and openssl 1.1 + * https://github.com/globus/globus-toolkit/issues/115 + * https://github.com/globus/globus-toolkit/pull/116 + + -- Mattias Ellert <mattias.ellert@physics.uu.se> Sat, 15 Sep 2018 16:15:42 +0200 + globus-gsi-credential (7.11-1) unstable; urgency=medium * GT6 update diff -Nru globus-gsi-credential-7.11/debian/patches/globus-gsi-credential-voms-openssl-1.1.patch globus-gsi-credential-7.11/debian/patches/globus-gsi-credential-voms-openssl-1.1.patch --- globus-gsi-credential-7.11/debian/patches/globus-gsi-credential-voms-openssl-1.1.patch 1970-01-01 01:00:00.000000000 +0100 +++ globus-gsi-credential-7.11/debian/patches/globus-gsi-credential-voms-openssl-1.1.patch 2018-09-15 16:09:00.000000000 +0200 @@ -0,0 +1,70 @@ +From 924cb64dda4dae571456772bd1db62d5bbe25ccf Mon Sep 17 00:00:00 2001 +From: Mischa Salle <msalle@nikhef.nl> +Date: Mon, 23 Oct 2017 20:16:26 +0200 +Subject: [PATCH] Simple patch for GT issue #115 + +This patch reorders the the setting of the check_issued and the initialization +of the X509_STORE_CTX object with the X509_STORE thereby solving +https://github.com/globus/globus-toolkit/issues/115 +--- + .../source/library/globus_gsi_cred_handle.c | 28 +++++++++---------- + 1 file changed, 14 insertions(+), 14 deletions(-) + +diff --git a/library/globus_gsi_cred_handle.c b/library/globus_gsi_cred_handle.c +index 9877ad603d..e890f56abf 100644 +--- a/library/globus_gsi_cred_handle.c ++++ b/library/globus_gsi_cred_handle.c +@@ -1745,19 +1745,19 @@ globus_gsi_cred_verify_cert_chain( + + if (X509_STORE_load_locations(cert_store, NULL, cert_dir)) + { ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ /* override the check_issued with our version */ ++ cert_store->check_issued = globus_gsi_callback_check_issued; ++#else ++ X509_STORE_set_check_issued(cert_store, globus_gsi_callback_check_issued); ++#endif ++ + store_context = X509_STORE_CTX_new(); + X509_STORE_CTX_init(store_context, cert_store, cert, + cred_handle->cert_chain); + X509_STORE_CTX_set_depth(store_context, + GLOBUS_GSI_CALLBACK_VERIFY_DEPTH); + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L +- /* override the check_issued with our version */ +- store_context->check_issued = globus_gsi_callback_check_issued; +-#else +- X509_STORE_set_check_issued(X509_STORE_CTX_get0_store(store_context), globus_gsi_callback_check_issued); +-#endif +- + globus_gsi_callback_get_X509_STORE_callback_data_index( + &callback_data_index); + +@@ -1937,19 +1937,19 @@ globus_gsi_cred_verify_cert_chain_when( + + if (X509_STORE_load_locations(cert_store, NULL, cert_dir)) + { ++ /* override the check_issued with our version */ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ cert_store->check_issued = globus_gsi_callback_check_issued; ++#else ++ X509_STORE_set_check_issued(cert_store, globus_gsi_callback_check_issued); ++#endif ++ + store_context = X509_STORE_CTX_new(); + X509_STORE_CTX_init(store_context, cert_store, cert, + cred_handle->cert_chain); + X509_STORE_CTX_set_depth(store_context, + GLOBUS_GSI_CALLBACK_VERIFY_DEPTH); + +- /* override the check_issued with our version */ +-#if OPENSSL_VERSION_NUMBER < 0x10100000L +- store_context->check_issued = globus_gsi_callback_check_issued; +-#else +- X509_STORE_set_check_issued(X509_STORE_CTX_get0_store(store_context), globus_gsi_callback_check_issued); +-#endif +- + globus_gsi_callback_get_X509_STORE_callback_data_index( + &callback_data_index); + diff -Nru globus-gsi-credential-7.11/debian/patches/series globus-gsi-credential-7.11/debian/patches/series --- globus-gsi-credential-7.11/debian/patches/series 1970-01-01 01:00:00.000000000 +0100 +++ globus-gsi-credential-7.11/debian/patches/series 2018-09-15 16:14:04.000000000 +0200 @@ -0,0 +1,4 @@ +# Fix issue with voms proxy and openssl 1.1 +# https://github.com/globus/globus-toolkit/issues/115 +# https://github.com/globus/globus-toolkit/pull/116 +globus-gsi-credential-voms-openssl-1.1.patch
Attachment:
smime.p7s
Description: S/MIME cryptographic signature