Your message dated Sat, 10 Nov 2018 10:42:56 +0000 with message-id <1541846576.3542.38.ca...@adam-barratt.org.uk> and subject line Closing bugs for updates included in 9.6 has caused the Debian Bug report #908893, regarding stretch-pu: package globus-gsi-credential_7.11-1+deb9u1 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 908893: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908893 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: release.debian.org Severity: normal Tags: stretch User: release.debian....@packages.debian.org Usertags: pu This is a proposed update to the globus-gsi-credential package in Debian 9 (stretch). I have created it in response to a request that was sent to me via e-mail (included below). Mattias -------- Vidarebefordrat meddelande -------- Från: Dave Dykstra <d...@fnal.gov> Till: Mattias Ellert <mattias.ell...@physics.uu.se> Ämne: libglobus-gsi-credential1 fix for stretch Datum: Fri, 14 Sep 2018 15:56:24 -0500 Hi Mattias, There's been a fix https://github.com/globus/globus-toolkit/issues/115 affecting cvmfs-x509-helper in Debian testing libglobus-gsi-credential1 version 7.14-1 since last November, but it still hasn't made it into Debian 9 stretch or stretch-updates. Could you backport it there? Meanwhile I have been maintaining a patched copy in the cvmfs-contrib repository (https://cvmfs-contrib.github.io). Davediff -Nru globus-gsi-credential-7.11/debian/changelog globus-gsi-credential-7.11/debian/changelog --- globus-gsi-credential-7.11/debian/changelog 2016-11-08 23:25:05.000000000 +0100 +++ globus-gsi-credential-7.11/debian/changelog 2018-09-15 16:15:42.000000000 +0200 @@ -1,3 +1,11 @@ +globus-gsi-credential (7.11-1+deb9u1) stretch; urgency=medium + + * Fix issue with voms proxy and openssl 1.1 + * https://github.com/globus/globus-toolkit/issues/115 + * https://github.com/globus/globus-toolkit/pull/116 + + -- Mattias Ellert <mattias.ell...@physics.uu.se> Sat, 15 Sep 2018 16:15:42 +0200 + globus-gsi-credential (7.11-1) unstable; urgency=medium * GT6 update diff -Nru globus-gsi-credential-7.11/debian/patches/globus-gsi-credential-voms-openssl-1.1.patch globus-gsi-credential-7.11/debian/patches/globus-gsi-credential-voms-openssl-1.1.patch --- globus-gsi-credential-7.11/debian/patches/globus-gsi-credential-voms-openssl-1.1.patch 1970-01-01 01:00:00.000000000 +0100 +++ globus-gsi-credential-7.11/debian/patches/globus-gsi-credential-voms-openssl-1.1.patch 2018-09-15 16:09:00.000000000 +0200 @@ -0,0 +1,70 @@ +From 924cb64dda4dae571456772bd1db62d5bbe25ccf Mon Sep 17 00:00:00 2001 +From: Mischa Salle <msa...@nikhef.nl> +Date: Mon, 23 Oct 2017 20:16:26 +0200 +Subject: [PATCH] Simple patch for GT issue #115 + +This patch reorders the the setting of the check_issued and the initialization +of the X509_STORE_CTX object with the X509_STORE thereby solving +https://github.com/globus/globus-toolkit/issues/115 +--- + .../source/library/globus_gsi_cred_handle.c | 28 +++++++++---------- + 1 file changed, 14 insertions(+), 14 deletions(-) + +diff --git a/library/globus_gsi_cred_handle.c b/library/globus_gsi_cred_handle.c +index 9877ad603d..e890f56abf 100644 +--- a/library/globus_gsi_cred_handle.c ++++ b/library/globus_gsi_cred_handle.c +@@ -1745,19 +1745,19 @@ globus_gsi_cred_verify_cert_chain( + + if (X509_STORE_load_locations(cert_store, NULL, cert_dir)) + { ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ /* override the check_issued with our version */ ++ cert_store->check_issued = globus_gsi_callback_check_issued; ++#else ++ X509_STORE_set_check_issued(cert_store, globus_gsi_callback_check_issued); ++#endif ++ + store_context = X509_STORE_CTX_new(); + X509_STORE_CTX_init(store_context, cert_store, cert, + cred_handle->cert_chain); + X509_STORE_CTX_set_depth(store_context, + GLOBUS_GSI_CALLBACK_VERIFY_DEPTH); + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L +- /* override the check_issued with our version */ +- store_context->check_issued = globus_gsi_callback_check_issued; +-#else +- X509_STORE_set_check_issued(X509_STORE_CTX_get0_store(store_context), globus_gsi_callback_check_issued); +-#endif +- + globus_gsi_callback_get_X509_STORE_callback_data_index( + &callback_data_index); + +@@ -1937,19 +1937,19 @@ globus_gsi_cred_verify_cert_chain_when( + + if (X509_STORE_load_locations(cert_store, NULL, cert_dir)) + { ++ /* override the check_issued with our version */ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ cert_store->check_issued = globus_gsi_callback_check_issued; ++#else ++ X509_STORE_set_check_issued(cert_store, globus_gsi_callback_check_issued); ++#endif ++ + store_context = X509_STORE_CTX_new(); + X509_STORE_CTX_init(store_context, cert_store, cert, + cred_handle->cert_chain); + X509_STORE_CTX_set_depth(store_context, + GLOBUS_GSI_CALLBACK_VERIFY_DEPTH); + +- /* override the check_issued with our version */ +-#if OPENSSL_VERSION_NUMBER < 0x10100000L +- store_context->check_issued = globus_gsi_callback_check_issued; +-#else +- X509_STORE_set_check_issued(X509_STORE_CTX_get0_store(store_context), globus_gsi_callback_check_issued); +-#endif +- + globus_gsi_callback_get_X509_STORE_callback_data_index( + &callback_data_index); + diff -Nru globus-gsi-credential-7.11/debian/patches/series globus-gsi-credential-7.11/debian/patches/series --- globus-gsi-credential-7.11/debian/patches/series 1970-01-01 01:00:00.000000000 +0100 +++ globus-gsi-credential-7.11/debian/patches/series 2018-09-15 16:14:04.000000000 +0200 @@ -0,0 +1,4 @@ +# Fix issue with voms proxy and openssl 1.1 +# https://github.com/globus/globus-toolkit/issues/115 +# https://github.com/globus/globus-toolkit/pull/116 +globus-gsi-credential-voms-openssl-1.1.patchsmime.p7s
Description: S/MIME cryptographic signature
--- End Message ---
--- Begin Message ---Version: 9.6 Hi, The update referenced by each of these bugs was included in this morning's stretch point release. Regards, Adam
--- End Message ---