FEDORA-EPEL-2017-52b6bc17c1

security update in Fedora EPEL 7 for globus-ftp-client, globus-ftp-control, & 15 more

Status: stable a year ago

globus-ftp-client

  • Adapt to Perl 5.26 - POSIX::tmpnam() no longer available
  • Remove some redundant tests to reduce test time

globus-ftp-control

  • Fix hang/failure when using udt driver with local client transfer

globus-gass-cache-program

  • GT6 update

globus-gass-copy

  • Don't attempt sshftp data protection without creds (9.24)
  • Checksum verification based on contribution from IBM (9.24)
  • Fix uninitialized field related crash (9.25)
  • Remove checksum data from public handle (9.26)
  • Prevent some race conditions (9.27)

globus-gram-client

  • GT6 update

globus-gram-job-manager

  • Default to running personal gatekeeper on an ephemeral port

globus-gram-job-manager-condor

  • Make noarch build arch independent

globus-gridftp-server

  • New error message format (12.0)
  • Configuration database (12.0)
  • Better delay for end of session ref check (12.1)
  • Fix tests when getgroups() does not return effective gid (12.2)

globus-gridftp-server-control

  • Fix mem error on empty mlsc responses

globus-gssapi-gsi

  • Don't unlock unlocked mutex (12.14)
  • Remove legacy SSLv3 support (12.15)
  • Test fixes (12.16/12.17)
  • Put back use of SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS for compatibility with Bestman (12.17-3)
  • Drop patch globus-gssapi-gsi-mutex-unlock.patch (fixed upstream 12.14)

globus-io

  • Remove legacy SSLv3 support

globus-net-manager

  • Fix .pc typo
  • Drop patch globus-net-manager-pkgconfig.patch (fixed upstream)

globus-xio

  • Don't rely on globus_error_put(NULL) to be GLOBUS_SUCCESS (5.15)
  • Fix crash in error handling in http driver (5.16)

globus-xio-gsi-driver

  • Fix crash when checking for anonymous GSS name when name comparison fails

globus-xio-pipe-driver

  • Fix .pc typo

globus-xio-udt-driver

  • Don't force --static flag to pkg-config
  • Drop some BuildRequires no longer needed with above change
  • Fix undefined symbols during linking

myproxy

  • Fix error check (6.1.26)
  • Remove legacy SSLv3 support (6.1.27)

Comments 21

This update has been submitted for testing by ellert.

This update has been pushed to testing.

ellert edited this update.

New build(s):

  • globus-gssapi-gsi-12.17-1.el7
  • globus-gram-client-13.18-1.el7
  • globus-xio-udt-driver-1.28-1.el7
  • globus-ftp-client-8.36-1.el7

Removed build(s):

  • globus-ftp-client-8.35-2.el7
  • globus-gssapi-gsi-12.16-1.el7
  • globus-xio-udt-driver-1.27-1.el7

Karma has been reset.

This update has been submitted for testing by ellert.

This update has been pushed to testing.

ellert edited this update.

New build(s):

  • globus-gram-job-manager-condor-2.6-5.el7

Karma has been reset.

This update has been submitted for testing by ellert.

This update has been pushed to testing.

Hello again,

Sorry I need to downvote this update, but it looks like the commit 34813cc29eaa519482626a3c3576f5f7708653a6 introduced a change that breaks the interaction with Bestman endpoints.

Specifically these lines https://github.com/globus/globus-toolkit/commit/34813cc29eaa519482626a3c3576f5f7708653a6#diff-3a9f71c771ae39d522a3ef8e9dbe4162L519

They removed SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS, and Bestman doesn't seem to like empty fragments. It ends with a "0" prepended to the actual payload, which results on things like

HTTP/1.1 501 Method 0POST is not defined in RFC 2068 and is not supported by the Servlet API

Granted, this is an issue with Bestman, no the package itself, but if this goes into production, then all transfers to/from Bestman endpoints are going to break.

Also, Bestman is on it's EOL, so it is unlikely this will get patched. Do you think this could be re-enabled for the moment being?

Regards.

karma: -1

Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

ellert edited this update.

New build(s):

  • globus-gridftp-server-control-5.1-1.el7
  • globus-gram-client-13.19-1.el7
  • globus-ftp-control-7.8-1.el7

Removed build(s):

  • globus-gram-client-13.18-1.el7

Karma has been reset.

This update has been submitted for testing by ellert.

Hi Alejandro.

Thank you for your feedback and for investigating the issue and suggesting a solution. I have made a scratch build that implements your fix. Could you confirm that it restores functionality for you.

EPEL7: https://koji.fedoraproject.org/koji/taskinfo?taskID=20921540

Looks alright now, thanks!

ellert edited this update.

New build(s):

  • globus-gssapi-gsi-12.17-3.el7

Removed build(s):

  • globus-gssapi-gsi-12.17-1.el7

Karma has been reset.

This update has been pushed to testing.

Ran the Open Science Grid test suite on it and nothing broke for us.

karma: +1

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

This update has been submitted for stable by ellert.

This update has been pushed to stable.


Add Comment & Feedback
Toggle Preview

Comment fields support Fedora-Flavored Markdown. Comments are governed under this privacy policy.

-1 0 +1 Feedback Guidelines

Is the update generally functional? (karma)

You need to be logged in to add karma!

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
unspecified
Karma
+1
stable threshold: 3
unstable threshold: -3
Autopush
Enabled
Dates
submitted 2 years ago
in testing a year ago
in stable a year ago
modified a year ago

Automated Test Results