gLite 3.1
lcg-CE - Update to version 3.1.12-0
|
Date |
13.05.08 |
Priority |
Normal |
Description
glite-security-voms (VOMS Core)
The new version of the gLite VOMS Core (1.8.3) contains several new features and bug fixes.
Examples of the bugs fixed:
- bug #31476: voms stops adding entries in log file (really, this time) (tracked)
- bug #33259: VOMS-CORE: misleading error message displayed by voms-proxy-init
- bug #33212: VOMS-CORE: missing user-level attribute value in the proxy
- bug #27431: [VOMS] 64 bit compatibility issue: comparison is always true due to limited range of data type
- bug #26832: VOMS incorrectly checks ownership of vomses file
- bug #22437: Problems with voms validation at tomcat startup
- bug #31476: voms stops adding entries in log file (tracked)
- bug #32689: Problem validating Short lived certificates with the new org.glite.voms package
- bug #32262: [voms-1.7.22] Regular crashes! (this turned out to be a duplicate of bug #31476)
- bug #33886: VOMS 1.8.returns roles in the AC even if roles are not requested
Furthermore, the following changes are present:
- Integrated patch from Apple for MacOSX compilation. From this version, VOMS supports MacOSX as a compilation platform. Patch from Patrick Carlisle.
- Integrated patch from compilation with OpenSSL 0.9.8. Patch from Eamon Kenny & others.
- Implemented the first step of the globus independence plan, as detailed at EGEE 07. Now the server is capable of accepting pure SSL requests as well as GSI requests.
- Implemented logging following requirements of the security logging document. --syslog option is required to activate it.
- The server component now requires versions 3.0.0 of either voms-mysql or voms-oracle, and will refuse to start otherwise.
- There has never been a version 2 of voms-mysql, the version number jumped directly to 3 to harmonize with voms-oracle.
- Now, if it recognizes that the client will be capable to handle it, the OpenSSL version of the base64 encoding is used rather then the homegrown one. voms-proxy-init 1.8.0 and above will be able to recognize it.
- Some backwards compatible changes to the client-server protocol have been made.
- removed segfault in oracle interface following problems in communication with the DB.
- fixed the performance problem found by dimitar in voms-oracle.
Configuration changes: No configuration changes are required. Adding --syslog to the server configuration is recommended.
Developer changes:
- New API added for the C and C++ APIs. VOMS_RetrieveFromFile() and VOMS_Retrieve(FILE*, recurse_type), respectively.
- In the Java APIs, the package name has been changed to org.glite.voms as agreed, to remove conflict with old versions. This will imply though that developers interested in using the Java API will have to change the package name in their import statements.
As usual, except where noted, everything is backwards-compatible with previous version,
both on the protocol level (i.e. client and server versions may be freely mixed) and
ABI level (API libraries can be upgraded with newer versions without needing
recompilation of the linking parties).
Dynamic Scheduler
The dynamic scheduler was changed in order to deal with the DENY
tags being used in the short-term solution for job priorities.
The dynamic scheduler does the following with ACBRs placed on VOViews:
- it discards any ACBR that does not begin with either "VO:" or "VOMS:"
- if there is more than one ACBR left in the list, it only uses the last one
in the list, and prints a warning message to standard error and to syslog
Other Updates
APEL is now working with external log4j and BouncyCastle. In gLite 3.1, log4j and BouncyCastle
are not bundled with APEL anymore. Instead, the log4j and BouncyCastle provided by JPackage
are used. APEL code needed to change the dependencies and the scripts to use JPackage.
The new version of the glite-security-trustmanager package fixes the problem of
log4j and BouncyCastle jars not being installed in the tomcat server/lib directory.
Please also have a look at the list of known issues.
This update fixes various bugs. For the full list of bugs, please see list below.
Fixed bugs
Number | Description |
#10729 |
VOMS API should return clean FQAN |
#15023 |
VOMS: bad oracle performance caused by storing AC SN in database |
#22437 |
Problems with voms validation at tomcat startup |
#23291 |
[ VOMS ] voms-proxy-info fails to analyse voms-proxy-fake proxy |
#26804 |
[VOMS 1.7.16-2] voms-proxy-init fails on some x86 platforms |
#26832 |
VOMS incorrectly checks ownership of vomses file |
#27431 |
[VOMS] 64 bit compatibility issue: comparison is always true due to limited range of data type |
#27496 |
A new voms's API is needed |
#28753 |
[VOMS 1.7.20-1] strange time offset on Mac OS X 10.4 |
#29510 |
APEL loads log4j under old path |
#31191 |
VOMS build errors on SL5 |
#31476 |
voms stops adding entries in log file |
#31800 |
voms-proxy-info returns 1 in v1.8.0 |
#32147 |
Include voms-ping and voms-admin-ping in the packaging |
#32310 |
VOMS: Segfault while processing signing_policy file |
#32353 |
VOMS Server error when trying to create a proxy |
#32661 |
Little bug on /opt/glite/etc/glite-security-trustmanager/configure.sh |
#32689 |
Problem validating Short lived certificates with the new org.glite.voms package |
#32694 |
VOMS on MySQL loses FQANs |
#33180 |
APEL in CE gLite3.1 is not publishing |
#33212 |
VOMS-CORE: missing user-level attribute value in the proxy |
#33259 |
VOMS-CORE: misleading error message displayed by voms-proxy-init |
#33886 |
VOMS 1.8.returns roles in the AC even if roles are not requested |
#33933 |
voms-mysql 3.0.2 returns uncorrect context for generic attributes |
Updated rpms
The RPMs can be updated using yum via
Service reconfiguration after update
Not needed.
Service restart after update
Not needed.
How to apply the fix
- Update the RPMs (see above)
- Update configuration (see above)
- Restart the service if necessary (see above)
|
|