Your message dated Sat, 10 Nov 2018 10:42:56 +0000
with message-id <[email protected]>
and subject line Closing bugs for updates included in 9.6
has caused the Debian Bug report #908893,
regarding stretch-pu: package globus-gsi-credential_7.11-1+deb9u1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
908893: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908893
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: stretch
User: [email protected]
Usertags: pu
This is a proposed update to the globus-gsi-credential package in
Debian 9 (stretch). I have created it in response to a request that was
sent to me via e-mail (included below).
Mattias
-------- Vidarebefordrat meddelande --------
Från: Dave Dykstra <[email protected]>
Till: Mattias Ellert <[email protected]>
Ämne: libglobus-gsi-credential1 fix for stretch
Datum: Fri, 14 Sep 2018 15:56:24 -0500
Hi Mattias,
There's been a fix
https://github.com/globus/globus-toolkit/issues/115
affecting cvmfs-x509-helper in Debian testing libglobus-gsi-credential1
version 7.14-1 since last November, but it still hasn't made it into
Debian 9 stretch or stretch-updates. Could you backport it there?
Meanwhile I have been maintaining a patched copy in the cvmfs-contrib
repository (https://cvmfs-contrib.github.io).
Dave
diff -Nru globus-gsi-credential-7.11/debian/changelog globus-gsi-credential-7.11/debian/changelog
--- globus-gsi-credential-7.11/debian/changelog 2016-11-08 23:25:05.000000000 +0100
+++ globus-gsi-credential-7.11/debian/changelog 2018-09-15 16:15:42.000000000 +0200
@@ -1,3 +1,11 @@
+globus-gsi-credential (7.11-1+deb9u1) stretch; urgency=medium
+
+ * Fix issue with voms proxy and openssl 1.1
+ * https://github.com/globus/globus-toolkit/issues/115
+ * https://github.com/globus/globus-toolkit/pull/116
+
+ -- Mattias Ellert <[email protected]> Sat, 15 Sep 2018 16:15:42 +0200
+
globus-gsi-credential (7.11-1) unstable; urgency=medium
* GT6 update
diff -Nru globus-gsi-credential-7.11/debian/patches/globus-gsi-credential-voms-openssl-1.1.patch globus-gsi-credential-7.11/debian/patches/globus-gsi-credential-voms-openssl-1.1.patch
--- globus-gsi-credential-7.11/debian/patches/globus-gsi-credential-voms-openssl-1.1.patch 1970-01-01 01:00:00.000000000 +0100
+++ globus-gsi-credential-7.11/debian/patches/globus-gsi-credential-voms-openssl-1.1.patch 2018-09-15 16:09:00.000000000 +0200
@@ -0,0 +1,70 @@
+From 924cb64dda4dae571456772bd1db62d5bbe25ccf Mon Sep 17 00:00:00 2001
+From: Mischa Salle <[email protected]>
+Date: Mon, 23 Oct 2017 20:16:26 +0200
+Subject: [PATCH] Simple patch for GT issue #115
+
+This patch reorders the the setting of the check_issued and the initialization
+of the X509_STORE_CTX object with the X509_STORE thereby solving
+https://github.com/globus/globus-toolkit/issues/115
+---
+ .../source/library/globus_gsi_cred_handle.c | 28 +++++++++----------
+ 1 file changed, 14 insertions(+), 14 deletions(-)
+
+diff --git a/library/globus_gsi_cred_handle.c b/library/globus_gsi_cred_handle.c
+index 9877ad603d..e890f56abf 100644
+--- a/library/globus_gsi_cred_handle.c
++++ b/library/globus_gsi_cred_handle.c
+@@ -1745,19 +1745,19 @@ globus_gsi_cred_verify_cert_chain(
+
+ if (X509_STORE_load_locations(cert_store, NULL, cert_dir))
+ {
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++ /* override the check_issued with our version */
++ cert_store->check_issued = globus_gsi_callback_check_issued;
++#else
++ X509_STORE_set_check_issued(cert_store, globus_gsi_callback_check_issued);
++#endif
++
+ store_context = X509_STORE_CTX_new();
+ X509_STORE_CTX_init(store_context, cert_store, cert,
+ cred_handle->cert_chain);
+ X509_STORE_CTX_set_depth(store_context,
+ GLOBUS_GSI_CALLBACK_VERIFY_DEPTH);
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+- /* override the check_issued with our version */
+- store_context->check_issued = globus_gsi_callback_check_issued;
+-#else
+- X509_STORE_set_check_issued(X509_STORE_CTX_get0_store(store_context), globus_gsi_callback_check_issued);
+-#endif
+-
+ globus_gsi_callback_get_X509_STORE_callback_data_index(
+ &callback_data_index);
+
+@@ -1937,19 +1937,19 @@ globus_gsi_cred_verify_cert_chain_when(
+
+ if (X509_STORE_load_locations(cert_store, NULL, cert_dir))
+ {
++ /* override the check_issued with our version */
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++ cert_store->check_issued = globus_gsi_callback_check_issued;
++#else
++ X509_STORE_set_check_issued(cert_store, globus_gsi_callback_check_issued);
++#endif
++
+ store_context = X509_STORE_CTX_new();
+ X509_STORE_CTX_init(store_context, cert_store, cert,
+ cred_handle->cert_chain);
+ X509_STORE_CTX_set_depth(store_context,
+ GLOBUS_GSI_CALLBACK_VERIFY_DEPTH);
+
+- /* override the check_issued with our version */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+- store_context->check_issued = globus_gsi_callback_check_issued;
+-#else
+- X509_STORE_set_check_issued(X509_STORE_CTX_get0_store(store_context), globus_gsi_callback_check_issued);
+-#endif
+-
+ globus_gsi_callback_get_X509_STORE_callback_data_index(
+ &callback_data_index);
+
diff -Nru globus-gsi-credential-7.11/debian/patches/series globus-gsi-credential-7.11/debian/patches/series
--- globus-gsi-credential-7.11/debian/patches/series 1970-01-01 01:00:00.000000000 +0100
+++ globus-gsi-credential-7.11/debian/patches/series 2018-09-15 16:14:04.000000000 +0200
@@ -0,0 +1,4 @@
+# Fix issue with voms proxy and openssl 1.1
+# https://github.com/globus/globus-toolkit/issues/115
+# https://github.com/globus/globus-toolkit/pull/116
+globus-gsi-credential-voms-openssl-1.1.patch
smime.p7s
Description: S/MIME cryptographic signature
--- End Message ---
--- Begin Message ---
Version: 9.6
Hi,
The update referenced by each of these bugs was included in this
morning's stretch point release.
Regards,
Adam
--- End Message ---
