rpms/globus-gssapi-gsi/F-11 globus-gssapi-gsi-openssl.patch, 1.1, 1.2 globus-gssapi-gsi.spec, 1.4, 1.5 import.log, 1.3, 1.4
Mattias Ellert
ellert at fedoraproject.org
Thu Feb 11 14:39:04 UTC 2010
- Previous message: rpms/perl-Template-Tiny/devel perl-Template-Tiny.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Next message: rpms/globus-gssapi-gsi/EL-5 globus-gssapi-gsi-openssl.patch, 1.1, 1.2 globus-gssapi-gsi.spec, 1.4, 1.5 import.log, 1.3, 1.4
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: ellert
Update of /cvs/pkgs/rpms/globus-gssapi-gsi/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv21922/F-11
Modified Files:
globus-gssapi-gsi-openssl.patch globus-gssapi-gsi.spec
import.log
Log Message:
* Mon Feb 08 2010 Mattias Ellert <mattias.ellert at fysast.uu.se> - 7.0-2
- Update openssl 1.0.0 patch based on RIC-29 branch in upstream CVS
globus-gssapi-gsi-openssl.patch:
Makefile.am | 2
display_name.c | 4 -
export_sec_context.c | 2
get_mic.c | 4 +
globus_i_gsi_gss_utils.c | 138 +++++++----------------------------------------
globus_i_gsi_gss_utils.h | 9 ---
globus_ssl_locl.h | 54 ++++++++++++++++++
gssapi_openssl.h | 4 -
import_sec_context.c | 10 ---
unwrap.c | 2
verify_mic.c | 4 +
wrap.c | 4 +
12 files changed, 98 insertions(+), 139 deletions(-)
Index: globus-gssapi-gsi-openssl.patch
===================================================================
RCS file: /cvs/pkgs/rpms/globus-gssapi-gsi/F-11/globus-gssapi-gsi-openssl.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- globus-gssapi-gsi-openssl.patch 9 Feb 2010 08:03:36 -0000 1.1
+++ globus-gssapi-gsi-openssl.patch 11 Feb 2010 14:39:04 -0000 1.2
@@ -1,6 +1,54 @@
+diff -Nur globus_gssapi_gsi-7.0.orig/library/display_name.c globus_gssapi_gsi-7.0/library/display_name.c
+--- globus_gssapi_gsi-7.0.orig/library/display_name.c 2008-09-24 19:46:30.000000000 +0200
++++ globus_gssapi_gsi-7.0/library/display_name.c 2010-02-08 10:18:53.408153303 +0100
+@@ -122,7 +122,7 @@
+ {
+ int name_length;
+ GENERAL_NAME * name;
+- char * dns;
++ unsigned char * dns;
+ int i;
+
+ name_length = sk_GENERAL_NAME_num(input_name->subjectAltNames);
+@@ -133,7 +133,7 @@
+ if (name->type == GEN_DNS)
+ {
+ dns = ASN1_STRING_data(name->d.dNSName);
+- output_name->value = globus_common_create_string("/CN=%s", dns);
++ output_name->value = globus_common_create_string("/CN=%s", (char *) dns);
+ output_name->length = strlen(output_name->value);
+ break;
+ }
+diff -Nur globus_gssapi_gsi-7.0.orig/library/export_sec_context.c globus_gssapi_gsi-7.0/library/export_sec_context.c
+--- globus_gssapi_gsi-7.0.orig/library/export_sec_context.c 2006-01-19 06:56:09.000000000 +0100
++++ globus_gssapi_gsi-7.0/library/export_sec_context.c 2010-02-08 10:18:53.408153303 +0100
+@@ -179,7 +179,7 @@
+ goto unlock_mutex;
+ }
+
+- L2N(peer_cert_count, (char *)int_buffer);
++ L2N(peer_cert_count, int_buffer);
+ BIO_write(bp, (char *)int_buffer, 4);
+
+ local_result = globus_gsi_callback_get_cert_chain(
+diff -Nur globus_gssapi_gsi-7.0.orig/library/get_mic.c globus_gssapi_gsi-7.0/library/get_mic.c
+--- globus_gssapi_gsi-7.0.orig/library/get_mic.c 2006-01-19 06:56:09.000000000 +0100
++++ globus_gssapi_gsi-7.0/library/get_mic.c 2010-02-08 10:18:53.408153303 +0100
+@@ -146,7 +146,11 @@
+
+ mac_sec = context->gss_ssl->s3->write_mac_secret;
+ seq = context->gss_ssl->s3->write_sequence;
++ #if OPENSSL_VERSION_NUMBER < 0x10000000L
+ hash = context->gss_ssl->write_hash;
++ #else
++ hash = context->gss_ssl->write_hash->digest;
++ #endif
+
+ md_size = EVP_MD_size(hash);
+ message_token->value = (char *) malloc(GSS_SSL_MESSAGE_DIGEST_PADDING
diff -Nur globus_gssapi_gsi-7.0.orig/library/globus_i_gsi_gss_utils.c globus_gssapi_gsi-7.0/library/globus_i_gsi_gss_utils.c
--- globus_gssapi_gsi-7.0.orig/library/globus_i_gsi_gss_utils.c 2009-09-24 21:09:45.000000000 +0200
-+++ globus_gssapi_gsi-7.0/library/globus_i_gsi_gss_utils.c 2010-01-28 17:43:49.046763807 +0100
++++ globus_gssapi_gsi-7.0/library/globus_i_gsi_gss_utils.c 2010-02-08 10:18:53.409154337 +0100
@@ -37,7 +37,7 @@
#include <string.h>
#include <stdlib.h>
@@ -47,7 +95,127 @@ diff -Nur globus_gssapi_gsi-7.0.orig/lib
buff,256);
GLOBUS_I_GSI_GSSAPI_DEBUG_FPRINTF(
3, (globus_i_gsi_gssapi_debug_fstream, buff));
-@@ -1961,6 +1961,9 @@
+@@ -995,7 +995,7 @@
+ if (!GSS_ERROR(major_status)) {
+ if (rc > 0)
+ {
+- SSL_CIPHER * current_cipher;
++ const SSL_CIPHER * current_cipher;
+ major_status = GSS_S_COMPLETE;
+
+ /*
+@@ -1424,110 +1424,6 @@
+ /* @} */
+
+ /**
+- * @name Credential Set
+- * @ingroup globus_i_gsi_gss_utils
+- */
+-/* @{ */
+-/**
+- * Credential Set
+- *
+- * @param minor_status
+- * @param cred_usage
+- * @param cred_handle
+- * @param ucert
+- * @param upkey,
+- * @param cert_chain
+- *
+- * @return
+- */
+-OM_uint32
+-globus_i_gsi_gss_cred_set(
+- OM_uint32 * minor_status,
+- const gss_cred_usage_t cred_usage,
+- gss_cred_id_t * cred_handle,
+- X509 * ucert,
+- EVP_PKEY * upkey,
+- STACK_OF(X509) * cert_chain)
+-{
+- OM_uint32 major_status = GSS_S_COMPLETE;
+- OM_uint32 local_minor_status;
+- globus_result_t local_result;
+- globus_gsi_cred_handle_t local_cred_handle;
+- static char * _function_name_ =
+- "globus_i_gsi_gss_cred_set";
+-
+- GLOBUS_I_GSI_GSSAPI_DEBUG_ENTER;
+-
+- *minor_status = GLOBUS_SUCCESS;
+-
+- local_result = globus_gsi_cred_handle_init(&local_cred_handle, NULL);
+- if(local_result != GLOBUS_SUCCESS)
+- {
+- local_cred_handle = NULL;
+- GLOBUS_GSI_GSSAPI_ERROR_CHAIN_RESULT(
+- minor_status, local_result,
+- GLOBUS_GSI_GSSAPI_ERROR_WITH_GSI_CREDENTIAL);
+- major_status = GSS_S_FAILURE;
+- goto exit;
+- }
+-
+- local_result = globus_gsi_cred_set_cert(local_cred_handle, ucert);
+- if(local_result != GLOBUS_SUCCESS)
+- {
+- GLOBUS_GSI_GSSAPI_ERROR_CHAIN_RESULT(
+- minor_status, local_result,
+- GLOBUS_GSI_GSSAPI_ERROR_WITH_GSI_CREDENTIAL);
+- major_status = GSS_S_FAILURE;
+- goto exit;
+- }
+-
+- local_result = globus_gsi_cred_set_key(local_cred_handle, upkey);
+- if(local_result != GLOBUS_SUCCESS)
+- {
+- GLOBUS_GSI_GSSAPI_ERROR_CHAIN_RESULT(
+- minor_status, local_result,
+- GLOBUS_GSI_GSSAPI_ERROR_WITH_GSI_CREDENTIAL);
+- major_status = GSS_S_FAILURE;
+- goto exit;
+- }
+-
+- local_result = globus_gsi_cred_set_cert_chain(local_cred_handle,
+- cert_chain);
+- if(local_result != GLOBUS_SUCCESS)
+- {
+- GLOBUS_GSI_GSSAPI_ERROR_CHAIN_RESULT(
+- minor_status, local_result,
+- GLOBUS_GSI_GSSAPI_ERROR_WITH_GSI_CREDENTIAL);
+- major_status = GSS_S_FAILURE;
+- goto exit;
+- }
+-
+- major_status = globus_i_gsi_gss_create_cred(&local_minor_status,
+- cred_usage,
+- cred_handle,
+- &local_cred_handle);
+- if(GSS_ERROR(major_status))
+- {
+- GLOBUS_GSI_GSSAPI_ERROR_CHAIN_RESULT(
+- minor_status, local_minor_status,
+- GLOBUS_GSI_GSSAPI_ERROR_WITH_GSS_CREDENTIAL);
+- major_status = GSS_S_FAILURE;
+- goto exit;
+- }
+-
+- exit:
+-
+- if(local_cred_handle != NULL)
+- {
+- globus_gsi_cred_handle_destroy(local_cred_handle);
+- }
+-
+- GLOBUS_I_GSI_GSSAPI_DEBUG_EXIT;
+- return major_status;
+-}
+-/* @} */
+-
+-/**
+ * @name Create Cred
+ * @ingroup globus_i_gsi_gss_utils
+ */
+@@ -1961,6 +1857,9 @@
ssl_handle->session,
&ssl_handle->s3->tmp.new_sym_enc,
&ssl_handle->s3->tmp.new_hash,
@@ -57,7 +225,7 @@ diff -Nur globus_gssapi_gsi-7.0.orig/lib
(SSL_COMP **) &ssl_handle->s3->tmp.new_compression);
if (!ssl_result)
{
-@@ -1989,6 +1992,9 @@
+@@ -1989,6 +1888,9 @@
ssl_handle->session,
&ssl_handle->s3->tmp.new_sym_enc,
&ssl_handle->s3->tmp.new_hash,
@@ -67,9 +235,75 @@ diff -Nur globus_gssapi_gsi-7.0.orig/lib
(SSL_COMP **) &ssl_handle->s3->tmp.new_compression);
if (!ssl_result)
{
+@@ -2325,6 +2227,11 @@
+ for(index = 0; index < sk_X509_num(client_cert_chain); ++index)
+ {
+ tmp_cert = X509_dup(sk_X509_value(client_cert_chain, index));
++ #if OPENSSL_VERSION_NUMBER >= 0x10000000L
++ SSL_CTX_add_extra_chain_cert(
++ cred_handle->ssl_context,
++ tmp_cert);
++ #else
+ if(!X509_STORE_add_cert(
+ SSL_CTX_get_cert_store(cred_handle->ssl_context),
+ tmp_cert))
+@@ -2350,6 +2257,7 @@
+ }
+ /* need to free to reduce ref count */
+ X509_free(tmp_cert);
++ #endif
+ }
+ }
+ }
+@@ -2545,7 +2453,7 @@
+
+ goto out;
+ }
+- strncpy(name->service_name, data, p-data);
++ strncpy(name->service_name, (char *) data, p-data);
+ name->service_name[p-data] = 0;
+
+ name->host_name = malloc(length - (p-data));
+@@ -2556,7 +2464,7 @@
+
+ goto free_service_name_out;
+ }
+- strncpy(name->host_name, p+1, length - (p+1-data));
++ strncpy(name->host_name, (char *) p+1, length - (p+1-data));
+ name->host_name[length - (p+1-data)] = 0;
+ }
+ else
+@@ -2583,7 +2491,7 @@
+ goto free_service_name_out;
+ }
+
+- strncpy(name->host_name, data, length);
++ strncpy(name->host_name, (char *) data, length);
+ name->host_name[length] = 0;
+ }
+ break;
+diff -Nur globus_gssapi_gsi-7.0.orig/library/globus_i_gsi_gss_utils.h globus_gssapi_gsi-7.0/library/globus_i_gsi_gss_utils.h
+--- globus_gssapi_gsi-7.0.orig/library/globus_i_gsi_gss_utils.h 2008-11-21 16:04:49.000000000 +0100
++++ globus_gssapi_gsi-7.0/library/globus_i_gsi_gss_utils.h 2010-02-08 10:18:53.410152925 +0100
+@@ -254,15 +254,6 @@
+ const X509_NAME * desired_subject);
+
+ OM_uint32
+-globus_i_gsi_gss_cred_set(
+- OM_uint32 * minor_status,
+- const gss_cred_usage_t cred_usage,
+- gss_cred_id_t * cred_handle,
+- X509 * ucert,
+- EVP_PKEY * upkey,
+- STACK_OF(X509) * cert_chain);
+-
+-OM_uint32
+ globus_i_gsi_gss_create_cred(
+ OM_uint32 * minor_status,
+ const gss_cred_usage_t cred_usage,
diff -Nur globus_gssapi_gsi-7.0.orig/library/globus_ssl_locl.h globus_gssapi_gsi-7.0/library/globus_ssl_locl.h
--- globus_gssapi_gsi-7.0.orig/library/globus_ssl_locl.h 1970-01-01 01:00:00.000000000 +0100
-+++ globus_gssapi_gsi-7.0/library/globus_ssl_locl.h 2010-01-28 17:41:46.262764435 +0100
++++ globus_gssapi_gsi-7.0/library/globus_ssl_locl.h 2010-02-08 10:21:44.762160547 +0100
@@ -0,0 +1,54 @@
+#ifndef GLOBUS_SSL_LOCL_H
+#define GLOBUS_SSL_LOCL_H
@@ -125,9 +359,30 @@ diff -Nur globus_gssapi_gsi-7.0.orig/lib
+#endif
+
+#endif
+diff -Nur globus_gssapi_gsi-7.0.orig/library/gssapi_openssl.h globus_gssapi_gsi-7.0/library/gssapi_openssl.h
+--- globus_gssapi_gsi-7.0.orig/library/gssapi_openssl.h 2008-09-09 18:46:21.000000000 +0200
++++ globus_gssapi_gsi-7.0/library/gssapi_openssl.h 2010-02-08 10:18:53.410152925 +0100
+@@ -86,7 +86,7 @@
+
+ #define L2N(LONG_VAL, CHAR_ARRAY) \
+ { \
+- char * _char_array_ = CHAR_ARRAY; \
++ unsigned char * _char_array_ = CHAR_ARRAY; \
+ *(_char_array_++) = (unsigned char) (((LONG_VAL) >> 24) & 0xff); \
+ *(_char_array_++) = (unsigned char) (((LONG_VAL) >> 16) & 0xff); \
+ *(_char_array_++) = (unsigned char) (((LONG_VAL) >> 8) & 0xff); \
+@@ -95,7 +95,7 @@
+
+ #define N2L(CHAR_ARRAY, LONG_VAL) \
+ { \
+- char * _char_array_ = CHAR_ARRAY; \
++ unsigned char * _char_array_ = CHAR_ARRAY; \
+ (LONG_VAL) = ((*(_char_array_++)) << 24) & 0xff000000; \
+ (LONG_VAL) |= ((*(_char_array_++)) << 16) & 0xff0000; \
+ (LONG_VAL) |= ((*(_char_array_++)) << 8) & 0xff00; \
diff -Nur globus_gssapi_gsi-7.0.orig/library/import_sec_context.c globus_gssapi_gsi-7.0/library/import_sec_context.c
--- globus_gssapi_gsi-7.0.orig/library/import_sec_context.c 2009-09-24 21:09:45.000000000 +0200
-+++ globus_gssapi_gsi-7.0/library/import_sec_context.c 2010-01-28 17:43:46.166763360 +0100
++++ globus_gssapi_gsi-7.0/library/import_sec_context.c 2010-02-08 10:18:53.413154559 +0100
@@ -33,16 +33,10 @@
#include "openssl/crypto.h"
#include "openssl/rand.h"
@@ -147,3 +402,57 @@ diff -Nur globus_gssapi_gsi-7.0.orig/lib
/**
* @name Import Security Context
* @ingroup globus_gsi_gssapi
+diff -Nur globus_gssapi_gsi-7.0.orig/library/Makefile.am globus_gssapi_gsi-7.0/library/Makefile.am
+--- globus_gssapi_gsi-7.0.orig/library/Makefile.am 2008-10-20 18:04:33.000000000 +0200
++++ globus_gssapi_gsi-7.0/library/Makefile.am 2010-02-08 10:19:49.643153482 +0100
+@@ -46,7 +46,7 @@
+ set_sec_context_option.c
+
+ Sources_OPENSSL_INTERNALS = \
+- ssl_locl.h
++ globus_ssl_locl.h
+
+ flavorinclude_HEADERS = \
+ gssapi.h
+diff -Nur globus_gssapi_gsi-7.0.orig/library/unwrap.c globus_gssapi_gsi-7.0/library/unwrap.c
+--- globus_gssapi_gsi-7.0.orig/library/unwrap.c 2008-01-14 16:58:52.000000000 +0100
++++ globus_gssapi_gsi-7.0/library/unwrap.c 2010-02-08 10:18:53.415153902 +0100
+@@ -160,7 +160,7 @@
+ input_value += GSS_SSL3_WRITE_SEQUENCE_SIZE;
+
+ /* get data length */
+- N2L((char *) input_value, data_buf->length);
++ N2L(input_value, data_buf->length);
+ input_value += 4;
+
+ GLOBUS_I_GSI_GSSAPI_DEBUG_FPRINTF(
+diff -Nur globus_gssapi_gsi-7.0.orig/library/verify_mic.c globus_gssapi_gsi-7.0/library/verify_mic.c
+--- globus_gssapi_gsi-7.0.orig/library/verify_mic.c 2006-01-19 06:56:09.000000000 +0100
++++ globus_gssapi_gsi-7.0/library/verify_mic.c 2010-02-08 10:18:53.415153902 +0100
+@@ -183,7 +183,11 @@
+
+ mac_sec = context->gss_ssl->s3->read_mac_secret;
+ seq = context->gss_ssl->s3->read_sequence;
++ #if OPENSSL_VERSION_NUMBER < 0x10000000L
+ hash = context->gss_ssl->read_hash;
++ #else
++ hash = context->gss_ssl->read_hash->digest;
++ #endif
+
+ md_size = EVP_MD_size(hash);
+ if (token_buffer->length != (GSS_SSL_MESSAGE_DIGEST_PADDING + md_size))
+diff -Nur globus_gssapi_gsi-7.0.orig/library/wrap.c globus_gssapi_gsi-7.0/library/wrap.c
+--- globus_gssapi_gsi-7.0.orig/library/wrap.c 2008-10-16 17:58:08.000000000 +0200
++++ globus_gssapi_gsi-7.0/library/wrap.c 2010-02-08 10:18:53.417152686 +0100
+@@ -92,7 +92,11 @@
+ if (conf_req_flag == 0
+ && qop_req == GSS_C_QOP_GLOBUS_GSSAPI_OPENSSL_BIG)
+ {
++ #if OPENSSL_VERSION_NUMBER < 0x10000000L
+ overhead = 17 + EVP_MD_size(context->gss_ssl->write_hash);
++ #else
++ overhead = 17 + EVP_MD_size(context->gss_ssl->write_hash->digest);
++ #endif
+ max = req_output_size - overhead;
+ *max_input_size = max;
+
Index: globus-gssapi-gsi.spec
===================================================================
RCS file: /cvs/pkgs/rpms/globus-gssapi-gsi/F-11/globus-gssapi-gsi.spec,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -p -r1.4 -r1.5
--- globus-gssapi-gsi.spec 9 Feb 2010 08:03:37 -0000 1.4
+++ globus-gssapi-gsi.spec 11 Feb 2010 14:39:04 -0000 1.5
@@ -7,13 +7,11 @@
Name: globus-gssapi-gsi
%global _name %(tr - _ <<< %{name})
Version: 7.0
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: Globus Toolkit - GSSAPI library
Group: System Environment/Libraries
-# The library/ssl_locl.h file is licensed under OpenSSL license
-# The rest is licenced under Apache 2.0 license
-License: ASL 2.0 and OpenSSL
+License: ASL 2.0
URL: http://www.globus.org/
# Source is extracted from the globus toolkit installer:
# wget -N http://www-unix.globus.org/ftppub/gt5/5.0/5.0.0/installers/src/gt5.0.0-all-source-installer.tar.bz2
@@ -212,6 +210,9 @@ rm -rf $RPM_BUILD_ROOT
%dir %{_docdir}/%{name}-%{version}/html
%changelog
+* Mon Feb 08 2010 Mattias Ellert <mattias.ellert at fysast.uu.se> - 7.0-2
+- Update openssl 1.0.0 patch based on RIC-29 branch in upstream CVS
+
* Fri Jan 22 2010 Mattias Ellert <mattias.ellert at fysast.uu.se> - 7.0-1
- Update to Globus Toolkit 5.0.0
Index: import.log
===================================================================
RCS file: /cvs/pkgs/rpms/globus-gssapi-gsi/F-11/import.log,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -p -r1.3 -r1.4
--- import.log 9 Feb 2010 08:03:37 -0000 1.3
+++ import.log 11 Feb 2010 14:39:04 -0000 1.4
@@ -1,3 +1,4 @@
globus-gssapi-gsi-5_9-2_fc9:F-11:globus-gssapi-gsi-5.9-2.fc9.src.rpm:1242710665
globus-gssapi-gsi-5_9-3_fc9:F-11:globus-gssapi-gsi-5.9-3.fc9.src.rpm:1245087137
globus-gssapi-gsi-7_0-1_fc12:F-11:globus-gssapi-gsi-7.0-1.fc12.src.rpm:1265702600
+globus-gssapi-gsi-7_0-2_fc12:F-11:globus-gssapi-gsi-7.0-2.fc12.src.rpm:1265899129
- Previous message: rpms/perl-Template-Tiny/devel perl-Template-Tiny.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Next message: rpms/globus-gssapi-gsi/EL-5 globus-gssapi-gsi-openssl.patch, 1.1, 1.2 globus-gssapi-gsi.spec, 1.4, 1.5 import.log, 1.3, 1.4
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list