[globus-gridftp-server-control/el5] Backport security fix for JIRA ticket GT-195

Mattias Ellert ellert at fedoraproject.org
Fri May 25 17:36:03 UTC 2012 

commit aded0fc798573e872169968fddc87407213534b5
Author: Mattias Ellert <mattias.ellert at fysast.uu.se>
Date:   Fri May 25 19:35:34 2012 +0200

    Backport security fix for JIRA ticket GT-195

 globus-gridftp-server-control-pw195.patch |   12 ++++++++++++
 globus-gridftp-server-control.spec        |    7 ++++++-
 2 files changed, 18 insertions(+), 1 deletions(-)
---
diff --git a/globus-gridftp-server-control-pw195.patch b/globus-gridftp-server-control-pw195.patch
new file mode 100644
index 0000000..b0772d5
--- /dev/null
+++ b/globus-gridftp-server-control-pw195.patch
@@ -0,0 +1,12 @@
+diff -ur globus_gridftp_server_control-2.5.orig/globus_gridftp_server_control.c globus_gridftp_server_control-2.5/globus_gridftp_server_control.c
+--- globus_gridftp_server_control-2.5.orig/globus_gridftp_server_control.c	2012-03-06 06:28:30.000000000 +0100
++++ globus_gridftp_server_control-2.5/globus_gridftp_server_control.c	2012-05-25 17:11:55.894036918 +0200
+@@ -3764,7 +3764,7 @@
+             globus_calloc(1, sizeof(globus_l_libc_cached_pwent_t));
+         rc = globus_libc_getpwuid_r(
+             uid, &pwent->pw, pwent->buffer, GSU_MAX_PW_LENGTH, &result_pw);
+-        if(rc != 0)
++        if(rc != 0 || result_pw == NULL)
+         {
+             goto error_pwent;
+         }
diff --git a/globus-gridftp-server-control.spec b/globus-gridftp-server-control.spec
index 0a7e08c..594b029 100644
--- a/globus-gridftp-server-control.spec
+++ b/globus-gridftp-server-control.spec
@@ -7,7 +7,7 @@
 Name:		globus-gridftp-server-control
 %global _name %(tr - _ <<< %{name})
 Version:	2.5
-Release:	1%{?dist}
+Release:	2%{?dist}
 Summary:	Globus Toolkit - Globus GridFTP Server Library
 
 Group:		System Environment/Libraries
@@ -16,6 +16,7 @@ URL:		http://www.globus.org/
 Source:		http://www.globus.org/ftppub/gt5/5.2/5.2.1/packages/src/%{_name}-%{version}.tar.gz
 #		README file
 Source8:	GLOBUS-GRIDFTP
+Patch0:		%{name}-pw195.patch
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 Requires:	globus-gsi-openssl-error%{?_isa} >= 2
@@ -70,6 +71,7 @@ Globus GridFTP Server Library Development Files
 
 %prep
 %setup -q -n %{_name}-%{version}
+%patch0 -p1
 
 %build
 # Remove files that should be replaced during bootstrap
@@ -130,6 +132,9 @@ rm -rf $RPM_BUILD_ROOT
 %defattr(-,root,root,-)
 
 %changelog
+* Fri May 25 2012 Mattias Ellert <mattias.ellert at fysast.uu.se> - 2.5-2
+- Backport security fix for JIRA ticket GT-195
+
 * Fri Apr 27 2012 Mattias Ellert <mattias.ellert at fysast.uu.se> - 2.5-1
 - Update to Globus Toolkit 5.2.1
 - Drop patch globus-gridftp-server-control-deps.patch (fixed upstream)

More information about the scm-commits mailing list