Fedora EPEL 4 updates-testing report

updates at fedoraproject.org updates at fedoraproject.org
Wed Jan 19 18:28:12 UTC 2011 

The following Fedora EPEL 4 Security updates need testing:

    https://admin.fedoraproject.org/updates/myproxy-5.3-1.el4


The following builds have been pushed to Fedora EPEL 4 updates-testing

    myproxy-5.3-1.el4

Details about builds:


================================================================================
 myproxy-5.3-1.el4 (FEDORA-EPEL-2011-0092)
 Manage X.509 Public Key Infrastructure (PKI) security credentials
--------------------------------------------------------------------------------
Update Information:

Release 5.3 fixes a myproxy-logon security bug in MyProxy versions
5.0-5.2 that disabled server identity verification:

The myproxy-logon program in MyProxy versions 5.0 through 5.2 does not
enforce the check that the myproxy-server's certificate contains the
expected hostname or identity. The impacted MyProxy versions are
included in Globus Toolkit releases 5.0.0-5.0.2. This issue is
addressed in MyProxy 5.3.

Full details are available:
http://grid.ncsa.illinois.edu/myproxy/security/myproxy-adv-2011-01.txt

Other changes in this release:
* if myproxy-logon GSI mutual authentication with the myproxy-server fails, try again with client-side anonymous authentication, in case the client-side GSI credentials are unacceptable to the myproxy-server (for example, signed by an untrusted CA), but the myproxy-server would accept an anonymous client (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=7103)
* fix configure checks for globus_usage_stats_send, globus_usage_stats_send_array, and globus_gsi_proxy_handle_set_extensions when installing without existing Globus libraries in LD_LIBRARY_PATH (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=7098)
* in myproxy-server-setup, look in /sbin and /usr/sbin for chkconfig or update-rc.d in case they're not in PATH
* add certificate_issuer_subca_certfile option in myproxy-server.config (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=7119)
* make all Globus Usage library errors non-fatal (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=7111)
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 18 2011 Steve Traylen <steve.traylen at cern.ch> - 5.3-1
- New upstream 5.3.
--------------------------------------------------------------------------------

More information about the epel-devel-list mailing list