diff -Nru globus-gridftp-server-6.5/debian/changelog globus-gridftp-server-6.5/debian/changelog --- globus-gridftp-server-6.5/debian/changelog 2011-12-30 03:54:01.000000000 +0100 +++ globus-gridftp-server-6.5/debian/changelog 2012-07-21 03:49:54.000000000 +0200 @@ -1,3 +1,15 @@ +globus-gridftp-server (6.5-1ubuntu0.1) precise-security; urgency=low + + * SECURITY UPDATE: Wrong user mapping on badly configured server + (LP: #1027324) + - debian/patches/globus-gridftp-server-pw195.patch: backported from + upstream + - CVE-2012-3292 + - debian/patches/globus-gridftp-server-compat.patch: backported + backward compatibility fix from upstream + + -- Mattias Ellert Thu, 19 Jul 2012 17:11:55 +0200 + globus-gridftp-server (6.5-1) unstable; urgency=low * Update to Globus Toolkit 5.2.0 diff -Nru globus-gridftp-server-6.5/debian/patches/globus-gridftp-server-compat.patch globus-gridftp-server-6.5/debian/patches/globus-gridftp-server-compat.patch --- globus-gridftp-server-6.5/debian/patches/globus-gridftp-server-compat.patch 1970-01-01 01:00:00.000000000 +0100 +++ globus-gridftp-server-6.5/debian/patches/globus-gridftp-server-compat.patch 2012-07-19 17:09:04.000000000 +0200 @@ -0,0 +1,242 @@ +diff -ur globus_gridftp_server-6.5.orig/globus_gridftp_server.h globus_gridftp_server-6.5/globus_gridftp_server.h +--- globus_gridftp_server-6.5.orig/globus_gridftp_server.h 2012-03-12 16:32:26.350466253 +0100 ++++ globus_gridftp_server-6.5/globus_gridftp_server.h 2012-03-12 18:51:03.092785110 +0100 +@@ -87,12 +87,14 @@ + GLOBUS_GFS_OP_DESTROY, + GLOBUS_GFS_OP_TRANSFER, + GLOBUS_GFS_OP_STAT, +- GLOBUS_GFS_OP_STAT_PARTIAL, + GLOBUS_GFS_OP_BUFFER_SEND, + GLOBUS_GFS_OP_HANDSHAKE, +- GLOBUS_GFS_OP_SESSION_START_REPLY ++ GLOBUS_GFS_OP_SESSION_START_REPLY, ++ GLOBUS_GFS_OP_INTERMEDIATE_REPLY + } globus_gfs_operation_type_t; + ++#define GLOBUS_GFS_OP_STAT_PARTIAL GLOBUS_GFS_OP_INTERMEDIATE_REPLY ++ + /* + * globus_gfs_command_type_t + * +@@ -111,14 +113,14 @@ + GLOBUS_GFS_CMD_CKSM, + GLOBUS_GFS_CMD_SITE_CHMOD, + GLOBUS_GFS_CMD_SITE_DSI, +- GLOBUS_GFS_CMD_SITE_CHGRP, +- GLOBUS_GFS_CMD_SITE_UTIME, +- GLOBUS_GFS_CMD_SITE_SYMLINKFROM, +- GLOBUS_GFS_CMD_SITE_SYMLINK, + GLOBUS_GFS_CMD_SITE_SETNETSTACK, + GLOBUS_GFS_CMD_SITE_SETDISKSTACK, + GLOBUS_GFS_CMD_SITE_CLIENTINFO, +- GLOBUS_GFS_CMD_DCSC ++ GLOBUS_GFS_CMD_DCSC, ++ GLOBUS_GFS_CMD_SITE_CHGRP, ++ GLOBUS_GFS_CMD_SITE_UTIME, ++ GLOBUS_GFS_CMD_SITE_SYMLINKFROM, ++ GLOBUS_GFS_CMD_SITE_SYMLINK + } globus_gfs_command_type_t; + + /* +@@ -232,6 +234,15 @@ + */ + typedef globus_gridftp_server_control_stat_t globus_gfs_stat_t; + ++ ++/* ++ * globus_gfs_operation_info_t ++ * ++ * Internal operation info. This handle is passed with the info structs ++ * Its data should not be accessed. ++ */ ++typedef struct globus_l_gfs_data_op_info_s * globus_gfs_op_info_t; ++ + /* + * globus_gfs_data_finished_info_t + * +@@ -299,7 +310,6 @@ + char * username; + /** home directory of authenticated user */ + char * home_dir; +- + } globus_gfs_session_finished_info_t; + + /* +@@ -341,6 +351,9 @@ + globus_gfs_stat_finished_info_t stat; + globus_gfs_transfer_finished_info_t transfer; + } info; ++ ++ /** op info */ ++ globus_gfs_op_info_t op_info; + } globus_gfs_finished_info_t; + + /* +@@ -376,6 +389,9 @@ + int * eof_count; + /** number of nodes (size of eof_count array) */ + int node_count; ++ ++ /** op info */ ++ globus_gfs_op_info_t op_info; + } globus_gfs_event_info_t; + + /* +@@ -392,10 +408,6 @@ + char * module_args; + /** type of list requested */ + char * list_type; +- /** levels to descend for listing (0 = no descent) */ +- int list_depth; +- /** directory traversal options */ +- int traversal_options; + + /** offset of partial transfer */ + globus_off_t partial_offset; +@@ -424,8 +436,22 @@ + char * expected_checksum; + /** expected checksum algorithm */ + char * expected_checksum_alg; ++ ++ /** levels to descend for listing (0 = no descent) */ ++ int list_depth; ++ /** directory traversal options */ ++ int traversal_options; ++ ++ /** op info */ ++ globus_gfs_op_info_t op_info; + } globus_gfs_transfer_info_t; + ++ ++/* ++* maintain backward source compatibility after member rename ++*/ ++#define rnfr_pathname from_pathname ++ + /* + * globus_gfs_command_info_t + * +@@ -448,18 +474,21 @@ + /** mode argument to the chmod command */ + mode_t chmod_mode; + +- /** group argument to the chgrp command */ +- char * chgrp_group; +- +- /** time argument to the utime command */ +- time_t utime_time; +- + /** pathname to rename from (to the above pathname) OR + * pathname to link to */ + char * from_pathname; + + /** Authorization assertion */ + char * authz_assert; ++ ++ /** group argument to the chgrp command */ ++ char * chgrp_group; ++ ++ /** time argument to the utime command */ ++ time_t utime_time; ++ ++ /** op info */ ++ globus_gfs_op_info_t op_info; + } globus_gfs_command_info_t; + + /* +@@ -507,6 +536,9 @@ + /* if this is set, the data channel will use it instead + of the default session credential */ + gss_cred_id_t del_cred; ++ ++ /** op info */ ++ globus_gfs_op_info_t op_info; + } globus_gfs_data_info_t; + + /* +@@ -518,14 +550,17 @@ + { + /** if pathname is a directory, should stat report its info or its contents */ + globus_bool_t file_only; +- /** whether to return symbolic link info or target info */ +- globus_bool_t use_symlink_info; +- /** if pathname is a directory, should its stat info be included? */ +- globus_bool_t include_path_stat; + /** this stat is requested internally -- bypasses authorization checks */ + globus_bool_t internal; + /** pathname to stat */ + char * pathname; ++ /** whether to return symbolic link info or target info */ ++ globus_bool_t use_symlink_info; ++ /** if pathname is a directory, should its stat info be included? */ ++ globus_bool_t include_path_stat; ++ ++ /** op info */ ++ globus_gfs_op_info_t op_info; + } globus_gfs_stat_info_t; + + typedef struct globus_gfs_session_info_s +@@ -538,6 +573,9 @@ + char * subject; + char * cookie; + char * host_id; ++ ++ /** op info */ ++ globus_gfs_op_info_t op_info; + } globus_gfs_session_info_t; + + typedef enum globus_gfs_brain_reason_e +@@ -697,7 +735,9 @@ + * realpath + * + * This defines the function that will be called to determine a true path +- * free of symlinks or other obsfucation. ++ * free of symlinks or other obsfucation. ++ * if you define this, add GLOBUS_GFS_DSI_DESCRIPTOR_HAS_REALPATH to your ++ * globus_gfs_storage_iface_t interface definition. + */ + + typedef globus_result_t +@@ -709,6 +749,8 @@ + + #define GLOBUS_GFS_DSI_DESCRIPTOR_SENDER 0x01 + #define GLOBUS_GFS_DSI_DESCRIPTOR_BLOCKING 0x02 ++#define GLOBUS_GFS_DSI_DESCRIPTOR_HAS_REALPATH 0x04 ++ + /* + * globus_gfs_storage_iface_t + * +@@ -1801,6 +1843,8 @@ + * value is FALSE when not known or not used. */ + globus_bool_t final; + ++ /** op info */ ++ globus_gfs_op_info_t op_info; + } globus_gfs_acl_object_desc_t; + + /* return values for authorization functions */ +diff -ur globus_gridftp_server-6.5.orig/globus_i_gfs_data.c globus_gridftp_server-6.5/globus_i_gfs_data.c +--- globus_gridftp_server-6.5.orig/globus_i_gfs_data.c 2012-03-10 10:40:12.709038086 +0100 ++++ globus_gridftp_server-6.5/globus_i_gfs_data.c 2012-03-12 16:34:29.838868109 +0100 +@@ -608,7 +608,8 @@ + + if(!globus_list_empty(globus_l_gfs_path_alias_list)) + { +- if(!globus_i_gfs_config_bool("rp_follow_symlinks") && ++ if(session_handle->dsi->descriptor & GLOBUS_GFS_DSI_DESCRIPTOR_HAS_REALPATH && ++ !globus_i_gfs_config_bool("rp_follow_symlinks") && + strcmp(in_path, "/") != 0 && + session_handle->dsi->realpath_func != NULL) + { +diff -ur globus_gridftp_server-6.5.orig/modules/file/globus_gridftp_server_file.c globus_gridftp_server-6.5/modules/file/globus_gridftp_server_file.c +--- globus_gridftp_server-6.5.orig/modules/file/globus_gridftp_server_file.c 2011-10-10 20:20:05.000000000 +0200 ++++ globus_gridftp_server-6.5/modules/file/globus_gridftp_server_file.c 2012-03-12 16:34:29.840868084 +0100 +@@ -3068,7 +3068,7 @@ + + static globus_gfs_storage_iface_t globus_l_gfs_file_dsi_iface = + { +- GLOBUS_GFS_DSI_DESCRIPTOR_SENDER, ++ GLOBUS_GFS_DSI_DESCRIPTOR_SENDER | GLOBUS_GFS_DSI_DESCRIPTOR_HAS_REALPATH, + globus_l_gfs_file_init, + globus_l_gfs_file_destroy, + NULL, /* list */ diff -Nru globus-gridftp-server-6.5/debian/patches/globus-gridftp-server-pw195.patch globus-gridftp-server-6.5/debian/patches/globus-gridftp-server-pw195.patch --- globus-gridftp-server-6.5/debian/patches/globus-gridftp-server-pw195.patch 1970-01-01 01:00:00.000000000 +0100 +++ globus-gridftp-server-6.5/debian/patches/globus-gridftp-server-pw195.patch 2012-05-25 19:23:36.000000000 +0200 @@ -0,0 +1,47 @@ +diff -ur globus_gridftp_server-6.10.orig/globus_i_gfs_control.c globus_gridftp_server-6.10/globus_i_gfs_control.c +--- globus_gridftp_server-6.10.orig/globus_i_gfs_control.c 2012-03-23 01:37:49.000000000 +0100 ++++ globus_gridftp_server-6.10/globus_i_gfs_control.c 2012-05-25 17:18:32.853986132 +0200 +@@ -348,7 +348,7 @@ + MAXPATHLEN, + &res_pwd); + free(hd_name); +- if(sc != 0) ++ if(sc != 0 || res_pwd == NULL) + { + /* XXX expand other usernames here */ + result = GlobusGFSErrorGeneric( +diff -ur globus_gridftp_server-6.10.orig/globus_i_gfs_data.c globus_gridftp_server-6.10/globus_i_gfs_data.c +--- globus_gridftp_server-6.10.orig/globus_i_gfs_data.c 2012-03-26 22:53:59.000000000 +0200 ++++ globus_gridftp_server-6.10/globus_i_gfs_data.c 2012-05-25 17:18:32.856986094 +0200 +@@ -1058,13 +1058,13 @@ + + rc = globus_libc_getpwuid_r(getuid(), &pwent_mem, pw_buffer, + pw_buflen, &pw_result); +- if(rc != 0) ++ if(rc != 0 || pw_result == NULL) + { + globus_free(pw_buffer); + return NULL; + } + +- pwent = globus_l_gfs_pw_copy(&pwent_mem); ++ pwent = globus_l_gfs_pw_copy(pw_result); + globus_free(pw_buffer); + + return pwent; +@@ -1099,13 +1099,13 @@ + + rc = globus_libc_getpwnam_r( + (char *)name, &pwent_mem, pw_buffer, pw_buflen, &pw_result); +- if(rc != 0) ++ if(rc != 0 || pw_result == NULL) + { + globus_free(pw_buffer); + return NULL; + } + +- pwent = globus_l_gfs_pw_copy(&pwent_mem); ++ pwent = globus_l_gfs_pw_copy(pw_result); + globus_free(pw_buffer); + + return pwent; diff -Nru globus-gridftp-server-6.5/debian/patches/series globus-gridftp-server-6.5/debian/patches/series --- globus-gridftp-server-6.5/debian/patches/series 2011-12-30 04:00:13.000000000 +0100 +++ globus-gridftp-server-6.5/debian/patches/series 2012-07-19 17:11:44.000000000 +0200 @@ -1,2 +1,8 @@ globus-gridftp-server-deps.patch globus-gridftp-server-funcgrp.patch + +# Restore backward compatibility +globus-gridftp-server-compat.patch + +# Fix for CVE-2012-3292 +globus-gridftp-server-pw195.patch