EGEE > gLite > gLite 3.1 > glite-WMS > Update to glite-WMS 3.1.9-0

gLite 3.1

glite-WMS - Update to version 3.1.9-0

Date	14.11.2008
Priority	Normal

Description

VOMS

An updated documentation can be found here:
VOMS Core Services User Guide: https://edms.cern.ch/file/973684/1/voms-guide.pdf
VOMS Admin User Guide: https://edms.cern.ch/file/974094/1/voms-admin-user-guide.pdf
VOMS Installation and Configuration Guide: https://edms.cern.ch/file/974982/1/voms-installation-configuration-guide.pdf

Contains a fix for bug #38506 (Previous Predictable Order with --voms flags was lost.). Now the order of FQANs in the VOMS proxy follows the order in which FQANs are specified on the command line as values of the "-voms" options. This does _not_ apply to the shorthand "<voname>:/Role=<role>" syntax.

Developer changes:
New API added for the C and C++ APIs. VOMS_SetVerificationTim(time_t time).

As usually, except where noted, everything is backwards-compatible with previous version, both on the protocol level (i.e. client and server versions may be freely mixed) and ABI level (API libraries can be upgraded with newer versions without needing recompilation of the linking parties)

Please also have a look at the list of known issues.

This update fixes various bugs. For the full list of bugs, please see list below.

Fixed bugs

Number	Description
#33902	VOMS MySQL replication: adapt for 2.x schema, add encryption
#35569	glite-security-voms-api-noglobus-1.8.3-3 and glite-security-voms-api-cpp-1.8.3-3 contain the same files
#35854	GT4 lcas-lcmaps plugin rpm with wrong name ended up in production
#35981	Globus gatekeeper crash due to incoming connection from rb121.cern.ch.
#36052	voms-proxy-info shouldn't require AC check in all cases
#36092	[VOMS 1.8.3] VOMS server log file created with bizarre permissions
#36573	voms-proxy-info has bad return codes
#37008	VOMS server is always returning a short FQAN
#37071	VOMS api should specify in error cases whether the voms AC is expired or not yet valid.
#37303	glexec certificate verification chain is broken
#37704	There is a possible vulnerability concerning proxies
#38506	Previous Predictable Order with --voms flags was lost.
#38824	VOMS doesn't build with VDT globus 1.10.1-1 because it uses system OpenSSL
#39622	voms_replica_master_setup.sh forces use of SSL connections
#39625	VOMS-CORE: Cannot specify two or more --voms options for the same VO in the command line
#41094	VOMS-CORE: requesting an unassigned role does not return an error
#41095	VOMS-CORE: request fails when requesting a role that is not assigned
#41116	VOMS-CORE: -noregen functionality is broken
#41773	[VOMS-CORE] No error reported when non-existent group requested

Updated rpms

Name	Version	Full RPM name	Description
glite-WMS	3.1.9-0	glite-WMS-3.1.9-0.i386.rpm	gLite metapackage (glite-WMS)
glite-security-lcas-interface	1.3.6-3.slc4	glite-security-lcas-interface-1.3.6-3.slc4.i386.rpm	org.glite.security.lcas-interface v. 1.3.6-3
glite-security-lcas-lcmaps-gt4-interface	0.0.14-2.slc4	glite-security-lcas-lcmaps-gt4-interface-0.0.14-2.slc4.i386.rpm	This component implements the GT4 mapping_and_authz interface for the globus gatekeeper, gridftpd and gsi-opensshd to use the LCAS and LCMAPS frameworks
glite-security-lcas-plugins-basic	1.3.2-3.slc4	glite-security-lcas-plugins-basic-1.3.2-3.slc4.i386.rpm	This package contains three basic authorization plugins for LCAS: 1) allow-user module (currently the gridmapfile is used) 2) ban-user module 3) timeslots availability module
glite-security-lcas-plugins-voms	1.3.4-5.slc4	glite-security-lcas-plugins-voms-1.3.4-5.slc4.i386.rpm	org.glite.security.lcas-plugins-voms v. 1.3.4-5
glite-security-lcas	1.3.7-2.slc4	glite-security-lcas-1.3.7-2.slc4.i386.rpm	org.glite.security.lcas v. 1.3.7-2
glite-security-lcmaps-plugins-basic	1.3.8-2.slc4	glite-security-lcmaps-plugins-basic-1.3.8-2.slc4.i386.rpm	This package provides the timeslot (fabric openings hours), poolaccount selection, localaccount selection, LDAP enforcement and POSIX enforcement (changing the process ownership to the mapped user
glite-security-lcmaps-plugins-voms	1.3.7-5.slc4	glite-security-lcmaps-plugins-voms-1.3.7-5.slc4.i386.rpm	This package provides the LCMAPS plugins for specialised VOMS handling: voms_localaccount, voms_localgroup, voms_poolgroup and voms_poolacount. (It is recommended to use the voms_localgroup and voms_poolaccount)
glite-security-lcmaps	1.4.3-4.slc4	glite-security-lcmaps-1.4.3-4.slc4.i386.rpm	org.glite.security.lcmaps v. 1.4.3-4
glite-security-voms-api-cpp	1.8.8-3.slc4	glite-security-voms-api-cpp-1.8.8-3.slc4.i386.rpm	org.glite.security.voms-api-cpp v. 1.8.8.3
glite-security-voms-api-c	1.8.8-2.slc4	glite-security-voms-api-c-1.8.8-2.slc4.i386.rpm	org.glite.security.voms-api-c v. 1.8.8.2
glite-security-voms-api-noglobus	1.8.8-2.slc4	glite-security-voms-api-noglobus-1.8.8-2.slc4.i386.rpm	voms-api-noglobus

The RPMs can be updated using yum via

via apt: yum update
or via a download from:

http://glitesoft.cern.ch/EGEE/gLite/R3.1/glite-WMS/sl4/i386/RPMS.updates/

Service reconfiguration after update

Not needed.

Service restart after update

Not needed.

How to apply the fix

Update the RPMs (see above)
Update configuration (see above)
Restart the service if necessary (see above)