From 5357387c12d7f1deeac9c994de5bd47bbc6ca7b6 Mon Sep 17 00:00:00 2001 From: Mattias Ellert Date: Mar 12 2022 21:31:51 +0000 Subject: Use sha256 when signing request Fix some compiler warnings --- diff --git a/globus-gsi-proxy-core-sha256.patch b/globus-gsi-proxy-core-sha256.patch new file mode 100644 index 0000000..0d49fc2 --- /dev/null +++ b/globus-gsi-proxy-core-sha256.patch @@ -0,0 +1,13 @@ +diff --git a/gsi/proxy/proxy_core/source/library/globus_gsi_proxy.c b/gsi/proxy/proxy_core/source/library/globus_gsi_proxy.c +index 5784c9ff8c..0a4878436e 100644 +--- a/gsi/proxy/proxy_core/source/library/globus_gsi_proxy.c ++++ b/gsi/proxy/proxy_core/source/library/globus_gsi_proxy.c +@@ -597,7 +597,7 @@ globus_gsi_proxy_create_req( + if (!X509_REQ_sign(handle->req, handle->proxy_key, + handle->attrs->signing_algorithm + ? handle->attrs->signing_algorithm +- : EVP_sha1())) ++ : EVP_sha256())) + { + GLOBUS_GSI_PROXY_OPENSSL_ERROR_RESULT( + result, diff --git a/globus-gsi-proxy-core-warn.patch b/globus-gsi-proxy-core-warn.patch new file mode 100644 index 0000000..78ac1c7 --- /dev/null +++ b/globus-gsi-proxy-core-warn.patch @@ -0,0 +1,96 @@ +diff --git a/gsi/proxy/proxy_core/source/test/proxy-handle-compat-test.c b/gsi/proxy/proxy_core/source/test/proxy-handle-compat-test.c +index 6630233b97..22829bfbdd 100644 +--- a/gsi/proxy/proxy_core/source/test/proxy-handle-compat-test.c ++++ b/gsi/proxy/proxy_core/source/test/proxy-handle-compat-test.c +@@ -29,44 +29,6 @@ struct test_case + static int test_policy_nid; + + #define TEST_CASE_INITIALIZER(c) { #c, c } +-#if OPENSSL_VERSION_NUMBER < 0x10000000L +-#define GENERAL_NAME_set0_value(gn, t, dns) \ +- do \ +- { \ +- GENERAL_NAME *g = (gn); \ +- g->type = (t); \ +- g->d.dNSName = (dns);\ +- } \ +- while (0) +-#endif +- +-#define DEFINE_ASN1_CMP_OF(type, i2d) \ +- static int \ +- type##_cmp(type *A, type *B) \ +- { \ +- int res = 1; \ +- int alen = i2d(A, NULL); \ +- int blen = i2d(B, NULL); \ +- if (alen != blen) \ +- { \ +- res = 0; \ +- } \ +- else \ +- { \ +- unsigned char ader[alen]; \ +- unsigned char bder[blen]; \ +- unsigned char *aderptr = ader; \ +- unsigned char *bderptr = bder; \ +- i2d(A, &aderptr); \ +- i2d(B, &bderptr); \ +- res = !memcmp(ader, bder, alen); \ +- } \ +- return res; \ +- } +- +-DEFINE_ASN1_CMP_OF(X509_REQ, i2d_X509_REQ) +-DEFINE_ASN1_CMP_OF(X509_EXTENSION, i2d_X509_EXTENSION) +- + + static + bool +@@ -74,7 +36,6 @@ proxy_handle_set_proxy_cert_info_compat_null_test(void) + { + bool ok = true; + globus_result_t result = GLOBUS_SUCCESS; +- globus_gsi_proxy_handle_t handle = NULL; + + result = globus_gsi_proxy_handle_set_proxy_cert_info(NULL, NULL); + if (result == GLOBUS_SUCCESS) +diff --git a/gsi/proxy/proxy_core/source/test/proxy-handle-test.c b/gsi/proxy/proxy_core/source/test/proxy-handle-test.c +index c1945ea7b0..de892f0ccd 100644 +--- a/gsi/proxy/proxy_core/source/test/proxy-handle-test.c ++++ b/gsi/proxy/proxy_core/source/test/proxy-handle-test.c +@@ -85,8 +85,6 @@ static + bool + proxy_handle_destroy_null_test(void) + { +- globus_result_t result = GLOBUS_SUCCESS; +- + globus_gsi_proxy_handle_destroy(NULL); + + return true; +@@ -1061,9 +1059,7 @@ bool + proxy_handle_set_pathlen_null_test(void) + { + globus_result_t result = GLOBUS_SUCCESS; +- globus_gsi_proxy_handle_t handle = NULL; + bool ok = true; +- STACK_OF(X509_EXTENSION) *extensions = NULL; + + result = globus_gsi_proxy_handle_set_pathlen(NULL, 0); + if (result == GLOBUS_SUCCESS) +@@ -1240,7 +1236,6 @@ proxy_handle_set_proxy_cert_info_null_test(void) + { + bool ok = true; + globus_result_t result = GLOBUS_SUCCESS; +- globus_gsi_proxy_handle_t handle = NULL; + + result = globus_gsi_proxy_handle_set_proxy_cert_info(NULL, NULL); + if (result == GLOBUS_SUCCESS) +@@ -1489,7 +1484,6 @@ proxy_handle_set_is_limited_null_test(void) + } + + globus_gsi_proxy_handle_destroy(handle); +-no_handle: + return ok; + } + diff --git a/globus-gsi-proxy-core.spec b/globus-gsi-proxy-core.spec index 682d2f2..7239a72 100644 --- a/globus-gsi-proxy-core.spec +++ b/globus-gsi-proxy-core.spec @@ -1,13 +1,19 @@ Name: globus-gsi-proxy-core %global _name %(tr - _ <<< %{name}) Version: 9.6 -Release: 3%{?dist} +Release: 4%{?dist} Summary: Grid Community Toolkit - Globus GSI Proxy Core Library License: ASL 2.0 URL: https://github.com/gridcf/gct/ Source: https://repo.gridcf.org/gct6/sources/%{_name}-%{version}.tar.gz Source8: README +# Use sha256 when signing request +# https://github.com/gridcf/gct/pull/178 +Patch0: %{name}-sha256.patch +# Fix some compiler warnings +# https://github.com/gridcf/gct/pull/179 +Patch1: %{name}-warn.patch BuildRequires: make BuildRequires: gcc @@ -61,6 +67,8 @@ Globus GSI Proxy Core Library Documentation Files %prep %setup -q -n %{_name}-%{version} +%patch0 -p5 +%patch1 -p5 %build # Reduce overlinking @@ -113,6 +121,10 @@ rm %{buildroot}%{_pkgdocdir}/GLOBUS_LICENSE %license GLOBUS_LICENSE %changelog +* Sat Mar 12 2022 Mattias Ellert - 9.6-4 +- Use sha256 when signing request +- Fix some compiler warnings + * Thu Jan 20 2022 Fedora Release Engineering - 9.6-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild