From b1d7b19319fc03800bdad945143ae7f1567b6533 Mon Sep 17 00:00:00 2001 From: Mattias Ellert Date: Jul 17 2010 16:48:20 +0000 Subject: - Update to Globus Toolkit 5.0.2 - Drop patch globus-gsi-proxy-core-oid.patch (fixed upstream) --- diff --git a/.cvsignore b/.cvsignore index 1e1fddf..f41075a 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1,2 +1,2 @@ epstopdf-2.9.5gw -globus_gsi_proxy_core-4.4.tar.gz +globus_gsi_proxy_core-4.5.tar.gz diff --git a/globus-gsi-proxy-core-oid.patch b/globus-gsi-proxy-core-oid.patch deleted file mode 100644 index a1328a9..0000000 --- a/globus-gsi-proxy-core-oid.patch +++ /dev/null @@ -1,350 +0,0 @@ -diff -ur globus_gsi_proxy_core-4.4.orig/library/globus_gsi_proxy.c globus_gsi_proxy_core-4.4/library/globus_gsi_proxy.c ---- globus_gsi_proxy_core-4.4.orig/library/globus_gsi_proxy.c 2010-01-04 23:03:15.000000000 +0100 -+++ globus_gsi_proxy_core-4.4/library/globus_gsi_proxy.c 2010-06-02 11:34:26.412124609 +0200 -@@ -355,11 +355,11 @@ - - if(GLOBUS_GSI_CERT_UTILS_IS_GSI_3_PROXY(handle->type)) - { -- pci_NID = OBJ_sn2nid(PROXYCERTINFO_OLD_SN); -+ pci_NID = OBJ_txt2nid(PROXYCERTINFO_OLD_OID); - } - else if(!GLOBUS_GSI_CERT_UTILS_IS_GSI_2_PROXY(handle->type)) - { -- pci_NID = OBJ_sn2nid(PROXYCERTINFO_SN); -+ pci_NID = OBJ_txt2nid(PROXYCERTINFO_OID); - } - - if(pci_NID != NID_undef) -@@ -370,9 +370,12 @@ - unsigned char * der_data; - X509_EXTENSION * pci_ext; - STACK_OF(X509_EXTENSION) * extensions; -- X509V3_EXT_METHOD * ext_method; -+ const X509V3_EXT_METHOD * ext_method; - - ext_method = X509V3_EXT_get_nid(pci_NID); -+ -+ if (ext_method->i2d) -+ { - - length = ext_method->i2d(handle->proxy_cert_info, NULL); - if(length < 0) -@@ -440,6 +443,95 @@ - - ASN1_OCTET_STRING_free(ext_data); - -+ } -+ else -+ { -+ X509V3_CTX ctx; -+ X509V3_CONF_METHOD method = { NULL, NULL, NULL, NULL }; -+ long db = 0; -+ -+ char language[80]; -+ int pathlen; -+ unsigned char *policy = NULL; -+ int policy_len; -+ char *value; -+ char *tmp; -+ -+ OBJ_obj2txt(language, 80, -+ handle->proxy_cert_info->policy->policy_language, 1); -+ value = globus_common_create_string("language:%s", language); -+ if (!value) -+ { -+ GLOBUS_GSI_PROXY_OPENSSL_ERROR_RESULT( -+ result, -+ GLOBUS_GSI_PROXY_ERROR_WITH_PROXYCERTINFO, -+ (_PCSL("Couldn't create PROXYCERTINFO extension"))); -+ goto error_exit; -+ } -+ -+ pathlen = ASN1_INTEGER_get(handle->proxy_cert_info->path_length); -+ if (pathlen > 0) -+ { -+ tmp = globus_common_create_string("%s,pathlen:%d", -+ value, pathlen); -+ if (!tmp) -+ { -+ GLOBUS_GSI_PROXY_OPENSSL_ERROR_RESULT( -+ result, -+ GLOBUS_GSI_PROXY_ERROR_WITH_PROXYCERTINFO, -+ (_PCSL("Couldn't create PROXYCERTINFO extension"))); -+ globus_libc_free(value); -+ goto error_exit; -+ } -+ globus_libc_free(value); -+ value = tmp; -+ } -+ -+ if (handle->proxy_cert_info->policy->policy) -+ { -+ policy_len = M_ASN1_STRING_length( -+ handle->proxy_cert_info->policy->policy); -+ policy = globus_malloc(policy_len + 1); -+ if(!policy) -+ { -+ GLOBUS_GSI_PROXY_MALLOC_ERROR(policy_len + 1); -+ goto error_exit; -+ } -+ memcpy( -+ policy, -+ M_ASN1_STRING_data(handle->proxy_cert_info->policy->policy), -+ policy_len); -+ policy[policy_len] = '\0'; -+ tmp = globus_common_create_string("%s,policy:text:%s", -+ value, policy); -+ if (!tmp) -+ { -+ GLOBUS_GSI_PROXY_OPENSSL_ERROR_RESULT( -+ result, -+ GLOBUS_GSI_PROXY_ERROR_WITH_PROXYCERTINFO, -+ (_PCSL("Couldn't create PROXYCERTINFO extension"))); -+ globus_libc_free(value); -+ globus_libc_free(policy); -+ goto error_exit; -+ } -+ globus_libc_free(value); -+ globus_libc_free(policy); -+ value = tmp; -+ } -+ -+ X509V3_set_ctx(&ctx, NULL, NULL, NULL, NULL, 0L); -+ ctx.db_meth = &method; -+ ctx.db = &db; -+ pci_ext = X509V3_EXT_conf_nid(NULL, &ctx, pci_NID, value); -+ -+ globus_libc_free(value); -+ -+ if(GLOBUS_GSI_CERT_UTILS_IS_RFC_PROXY(handle->type)) -+ { -+ X509_EXTENSION_set_critical(pci_ext, 1); -+ } -+ } -+ - extensions = sk_X509_EXTENSION_new_null(); - - sk_X509_EXTENSION_push(extensions, pci_ext); -@@ -588,8 +680,8 @@ - - req_extensions = X509_REQ_get_extensions(handle->req); - -- pci_NID = OBJ_sn2nid(PROXYCERTINFO_SN); -- pci_old_NID = OBJ_sn2nid(PROXYCERTINFO_OLD_SN); -+ pci_NID = OBJ_txt2nid(PROXYCERTINFO_OID); -+ pci_old_NID = OBJ_txt2nid(PROXYCERTINFO_OLD_OID); - - for(i=0;itype= - GLOBUS_GSI_CERT_UTILS_TYPE_GSI_3_IMPERSONATION_PROXY; - } -- else if(policy_nid == OBJ_sn2nid(INDEPENDENT_PROXY_SN)) -+ else if(policy_nid == OBJ_txt2nid(INDEPENDENT_PROXY_OID)) - { - handle->type = - GLOBUS_GSI_CERT_UTILS_TYPE_GSI_3_INDEPENDENT_PROXY; - } -- else if(policy_nid == OBJ_sn2nid(LIMITED_PROXY_SN)) -+ else if(policy_nid == OBJ_txt2nid(LIMITED_PROXY_OID)) - { - handle->type = - GLOBUS_GSI_CERT_UTILS_TYPE_GSI_3_LIMITED_PROXY; -@@ -668,17 +760,17 @@ - } - else - { -- if(policy_nid == OBJ_sn2nid(IMPERSONATION_PROXY_SN)) -+ if(policy_nid == OBJ_txt2nid(IMPERSONATION_PROXY_OID)) - { - handle->type= - GLOBUS_GSI_CERT_UTILS_TYPE_RFC_IMPERSONATION_PROXY; - } -- else if(policy_nid == OBJ_sn2nid(INDEPENDENT_PROXY_SN)) -+ else if(policy_nid == OBJ_txt2nid(INDEPENDENT_PROXY_OID)) - { - handle->type = - GLOBUS_GSI_CERT_UTILS_TYPE_RFC_INDEPENDENT_PROXY; - } -- else if(policy_nid == OBJ_sn2nid(LIMITED_PROXY_SN)) -+ else if(policy_nid == OBJ_txt2nid(LIMITED_PROXY_OID)) - { - handle->type = - GLOBUS_GSI_CERT_UTILS_TYPE_RFC_LIMITED_PROXY; -@@ -1156,11 +1248,11 @@ - - if(GLOBUS_GSI_CERT_UTILS_IS_GSI_3_PROXY(proxy_type)) - { -- pci_NID = OBJ_sn2nid(PROXYCERTINFO_OLD_SN); -+ pci_NID = OBJ_txt2nid(PROXYCERTINFO_OLD_OID); - } - else if(GLOBUS_GSI_CERT_UTILS_IS_RFC_PROXY(proxy_type)) - { -- pci_NID = OBJ_sn2nid(PROXYCERTINFO_SN); -+ pci_NID = OBJ_txt2nid(PROXYCERTINFO_OID); - } - - if(pci_NID != NID_undef) -@@ -1169,7 +1261,7 @@ - unsigned char md[SHA_DIGEST_LENGTH]; - long sub_hash; - unsigned int len; -- X509V3_EXT_METHOD * ext_method; -+ const X509V3_EXT_METHOD * ext_method; - - ext_method = X509V3_EXT_get_nid(pci_NID); - -@@ -1205,6 +1297,9 @@ - - ASN1_INTEGER_set(serial_number, sub_hash); - -+ if(ext_method->i2d) -+ { -+ - pci_DER_length = ext_method->i2d(handle->proxy_cert_info, - NULL); - if(pci_DER_length < 0) -@@ -1268,6 +1363,95 @@ - goto done; - } - -+ } -+ else -+ { -+ X509V3_CTX ctx; -+ X509V3_CONF_METHOD method = { NULL, NULL, NULL, NULL }; -+ long db = 0; -+ -+ char language[80]; -+ int pathlen; -+ unsigned char *policy = NULL; -+ int policy_len; -+ char *value; -+ char *tmp; -+ -+ OBJ_obj2txt(language, 80, -+ handle->proxy_cert_info->policy->policy_language, 1); -+ value = globus_common_create_string("language:%s", language); -+ if (!value) -+ { -+ GLOBUS_GSI_PROXY_OPENSSL_ERROR_RESULT( -+ result, -+ GLOBUS_GSI_PROXY_ERROR_WITH_PROXYCERTINFO, -+ (_PCSL("Couldn't create PROXYCERTINFO extension"))); -+ goto done; -+ } -+ -+ pathlen = ASN1_INTEGER_get(handle->proxy_cert_info->path_length); -+ if (pathlen > 0) -+ { -+ tmp = globus_common_create_string("%s,pathlen:%d", -+ value, pathlen); -+ if (!tmp) -+ { -+ GLOBUS_GSI_PROXY_OPENSSL_ERROR_RESULT( -+ result, -+ GLOBUS_GSI_PROXY_ERROR_WITH_PROXYCERTINFO, -+ (_PCSL("Couldn't create PROXYCERTINFO extension"))); -+ globus_libc_free(value); -+ goto done; -+ } -+ globus_libc_free(value); -+ value = tmp; -+ } -+ -+ if (handle->proxy_cert_info->policy->policy) -+ { -+ policy_len = M_ASN1_STRING_length( -+ handle->proxy_cert_info->policy->policy); -+ policy = globus_malloc(policy_len + 1); -+ if(!policy) -+ { -+ GLOBUS_GSI_PROXY_MALLOC_ERROR(policy_len + 1); -+ goto done; -+ } -+ memcpy( -+ policy, -+ M_ASN1_STRING_data(handle->proxy_cert_info->policy->policy), -+ policy_len); -+ policy[policy_len] = '\0'; -+ tmp = globus_common_create_string("%s,policy:text:%s", -+ value, policy); -+ if (!tmp) -+ { -+ GLOBUS_GSI_PROXY_OPENSSL_ERROR_RESULT( -+ result, -+ GLOBUS_GSI_PROXY_ERROR_WITH_PROXYCERTINFO, -+ (_PCSL("Couldn't create PROXYCERTINFO extension"))); -+ globus_libc_free(value); -+ globus_libc_free(policy); -+ goto done; -+ } -+ globus_libc_free(value); -+ globus_libc_free(policy); -+ value = tmp; -+ } -+ -+ X509V3_set_ctx(&ctx, NULL, NULL, NULL, NULL, 0L); -+ ctx.db_meth = &method; -+ ctx.db = &db; -+ pci_ext = X509V3_EXT_conf_nid(NULL, &ctx, pci_NID, value); -+ -+ globus_libc_free(value); -+ -+ if(GLOBUS_GSI_CERT_UTILS_IS_RFC_PROXY(proxy_type)) -+ { -+ X509_EXTENSION_set_critical(pci_ext, 1); -+ } -+ } -+ - if(!X509_add_ext(*signed_cert, pci_ext, 0)) - { - GLOBUS_GSI_PROXY_OPENSSL_ERROR_RESULT( -@@ -1618,12 +1802,12 @@ - if(pci_DER) - { - free(pci_DER); -- pci_DER = NULL; -+ pci_DER = NULL; - } - pci_DER_string->data = NULL; - pci_DER_string->length = 0; - ASN1_OCTET_STRING_free(pci_DER_string); -- pci_DER_string = NULL; -+ pci_DER_string = NULL; - } - #else - -diff -ur globus_gsi_proxy_core-4.4.orig/library/globus_gsi_proxy_handle.c globus_gsi_proxy_core-4.4/library/globus_gsi_proxy_handle.c ---- globus_gsi_proxy_core-4.4.orig/library/globus_gsi_proxy_handle.c 2008-09-15 17:06:26.000000000 +0200 -+++ globus_gsi_proxy_core-4.4/library/globus_gsi_proxy_handle.c 2010-05-15 20:32:02.694503160 +0200 -@@ -646,19 +646,19 @@ - case GLOBUS_GSI_CERT_UTILS_TYPE_GSI_3_IMPERSONATION_PROXY: - case GLOBUS_GSI_CERT_UTILS_TYPE_RFC_IMPERSONATION_PROXY: - result = globus_gsi_proxy_handle_set_policy( -- handle, NULL, 0, OBJ_sn2nid(IMPERSONATION_PROXY_SN)); -+ handle, NULL, 0, OBJ_txt2nid(IMPERSONATION_PROXY_OID)); - break; - - case GLOBUS_GSI_CERT_UTILS_TYPE_GSI_3_INDEPENDENT_PROXY: - case GLOBUS_GSI_CERT_UTILS_TYPE_RFC_INDEPENDENT_PROXY: - result = globus_gsi_proxy_handle_set_policy( -- handle, NULL, 0, OBJ_sn2nid(INDEPENDENT_PROXY_SN)); -+ handle, NULL, 0, OBJ_txt2nid(INDEPENDENT_PROXY_OID)); - break; - - case GLOBUS_GSI_CERT_UTILS_TYPE_GSI_3_LIMITED_PROXY: - case GLOBUS_GSI_CERT_UTILS_TYPE_RFC_LIMITED_PROXY: - result = globus_gsi_proxy_handle_set_policy( -- handle, NULL, 0, OBJ_sn2nid(LIMITED_PROXY_SN)); -+ handle, NULL, 0, OBJ_txt2nid(LIMITED_PROXY_OID)); - break; - default: - break; diff --git a/globus-gsi-proxy-core.spec b/globus-gsi-proxy-core.spec index 61fdb80..a61b2e5 100644 --- a/globus-gsi-proxy-core.spec +++ b/globus-gsi-proxy-core.spec @@ -6,26 +6,23 @@ Name: globus-gsi-proxy-core %global _name %(tr - _ <<< %{name}) -Version: 4.4 -Release: 2%{?dist} +Version: 4.5 +Release: 1%{?dist} Summary: Globus Toolkit - Globus GSI Proxy Core Library Group: System Environment/Libraries License: ASL 2.0 URL: http://www.globus.org/ # Source is extracted from the globus toolkit installer: -# wget -N http://www-unix.globus.org/ftppub/gt5/5.0/5.0.1/installers/src/gt5.0.1-all-source-installer.tar.bz2 -# tar -jxf gt5.0.1-all-source-installer.tar.bz2 -# mv gt5.0.1-all-source-installer/source-trees/gsi/proxy/proxy_core/source globus_gsi_proxy_core-4.4 -# cp -p gt5.0.1-all-source-installer/source-trees/core/source/GLOBUS_LICENSE globus_gsi_proxy_core-4.4 +# wget -N http://www-unix.globus.org/ftppub/gt5/5.0/5.0.2/installers/src/gt5.0.2-all-source-installer.tar.bz2 +# tar -jxf gt5.0.2-all-source-installer.tar.bz2 +# mv gt5.0.2-all-source-installer/source-trees/gsi/proxy/proxy_core/source globus_gsi_proxy_core-4.4 +# cp -p gt5.0.2-all-source-installer/source-trees/core/source/GLOBUS_LICENSE globus_gsi_proxy_core-4.4 # tar -zcf globus_gsi_proxy_core-4.4.tar.gz globus_gsi_proxy_core-4.4 Source: %{_name}-%{version}.tar.gz # This is a workaround for the broken epstopdf script in RHEL5 # See: https://bugzilla.redhat.com/show_bug.cgi?id=450388 Source9: epstopdf-2.9.5gw -# Fix duplicate OID registrations: -# http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=7032 -Patch0: %{name}-oid.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Requires: globus-openssl%{?_isa} >= 1 @@ -102,7 +99,6 @@ Globus GSI Proxy Core Library Documentation Files %prep %setup -q -n %{_name}-%{version} -%patch0 -p1 %if "%{rhel}" == "5" mkdir bin @@ -204,6 +200,10 @@ rm -rf $RPM_BUILD_ROOT %dir %{_docdir}/%{name}-%{version}/html %changelog +* Sat Jul 17 2010 Mattias Ellert - 4.5-1 +- Update to Globus Toolkit 5.0.2 +- Drop patch globus-gsi-proxy-core-oid.patch (fixed upstream) + * Mon May 31 2010 Mattias Ellert - 4.4-2 - Fix OID registration pollution diff --git a/import.log b/import.log index 4630021..0a4cdf3 100644 --- a/import.log +++ b/import.log @@ -3,3 +3,4 @@ globus-gsi-proxy-core-3_4-2_fc9:HEAD:globus-gsi-proxy-core-3.4-2.fc9.src.rpm:124 globus-gsi-proxy-core-4_3-1_fc12:HEAD:globus-gsi-proxy-core-4.3-1.fc12.src.rpm:1265702076 globus-gsi-proxy-core-4_4-1_fc12:F-13:globus-gsi-proxy-core-4.4-1.fc12.src.rpm:1271429963 globus-gsi-proxy-core-4_4-2_fc12:F-13:globus-gsi-proxy-core-4.4-2.fc12.src.rpm:1275752968 +globus-gsi-proxy-core-4_5-1_fc12:F-13:globus-gsi-proxy-core-4.5-1.fc12.src.rpm:1279385284 diff --git a/sources b/sources index 1d5c8ac..3fb4e62 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ 44ec158f5ca5f60310cca74a3aaaea2b epstopdf-2.9.5gw -41be94733a23ef75ecf126870c0bdbc2 globus_gsi_proxy_core-4.4.tar.gz +74f56254dad92b51a82131832e02b978 globus_gsi_proxy_core-4.5.tar.gz