Globus Toolkit Advisories

Advisories

The following update packages have been created to deal with the issues described below. Installation instructions are included after the package list.

Date Package Toolkit
Version
Description
2013-05-15 globus_proxy_utils-5.1.tar.gz
5.2.4
GT-272: Increase default proxy key size
2013-04-03 globus_ftp_control-4.6.tar.gz
5.2.4
GT-366: GridFTP clients do not delegate by default
2013-04-02 gsi_openssh-5.6-src.tar.gz
5.2.4
pamuserchange-2013-01.adv
2013-02-19 globus_gram_job_manager_sge-1.6.tar.gz
5.2.4
GT-359: SGE SEG hangs when log_path points to directory
2013-02-19 globus_simple_ca-3.3.tar.gz
5.2.4
GT-362: simple ca loses spaces in dn in signing policy
2012-07-26 globus_gsi_callback-4.4.tar.gz
5.2.2

GT-235: GSI does not reload CRLs if they are replaced
2012-07-26 myproxy-5.9.tar.gz
5.2.2
myproxy-get-delegation: corrupted double-linked list in get_vomses() (bug 7261)
2012-05-25 globus_gatekeeper-9.13.tar.gz
5.2.1
GT-205: gatekeeper should log a message when it exits due to the presence of /etc/nologin
2012-05-25 globus_gram_client_tools-10.4.tar.gz
5.2.1
GT-198: globusrun crashes when authentication fails for status check
2012-05-25 globus_gram_job_manager-13.42.tar.gz
5.2.1
GT-192: Segfault in globus-gram-streamer
GT-199: GRAM audit checks result username incorrectly
GT-209: job manager crash in query
2012-05-25 globus_simple_ca-3.1.tar.gz
5.2.1
GT-151: port to SuSE 11
2012-05-18 globus_gssapi_gsi-10.7.tar.gz
5.2.1
GT-149 Memory leaks in globus-job-manager
RIC-265: (GT-161): Memory leak in gss_accept_delegation()
2012-05-18 globus_gsi_sysconfig-5.3.tar.gz
5.2.1
GT-149 Memory leaks in globus-job-manager
GT-188: gsi sysconfig leaves internal results in the error cache
2012-05-18 globus_gridftp_server-6.11.tar.gz
5.2.1
Fix for GT-195: GridFTP acts as wrong user when user doesn't exist.
See Security Advisory 2012-01
2012-05-18 globus_gram_job_manager-13.40.tar.gz
5.2.1
GRAM-288: Kill off perl processes when idle
GT-149: Memory leaks in globus-job-manager
GT-185: globus-personal-gatekeeper creates too-long paths on MacOS
GT-186: GRAM job manager leaks condor log path
GT-187: GRAM job manager leaks during stdio update
GT-189: GRAM job manager regular expression storage grows
GT-190: GRAM job manager leaks callback contact
GT-65: GRAM records datagram socket failure, but doesn't record socket name
GT-155: Job manager deletes job dir sometimes
2012-05-18 globus_gatekeeper-9.12.tar.gz
5.2.1
GT-159: globus-gatekeeper init script should report errors better

 What's this?

Installing Updates on RPM-based systems

To update to the latest stable RPM packages of globus, use the command

# yum update

To install the version of a specific package for an RPM-based install, use the command

# yum update package-name
For RPM packages, the base package name matches the globus package name, but with hyphens replacing underscores, and without the extension. There may be multiple RPM packages associated with a source package, so add an asterix after the package name to indicate other installed subpackages. Thus, for the update package globus_openssl_module-0.2.tar.gz, the yum update command would be
# yum update 'globus-openssl-module*'
Loading mirror speeds from cached hostfile
 * base: mirror.cogentco.com

 ....

Updated:
  globus-openssl-module.i386 0:0.2-1    globus-openssl-module-doc.i386 0:0.2-1   
  globus-openssl-module.x86_64 0:0.2-1  globus-openssl-module-doc.x86_64 0:0.2-1   

Complete!

Installing updates on Debian-based systems

To install all available debian update packages use the commands

# apt-get update
# apt-get upgrade

To install the version of a specific package for an Debian-based install, use the command

# apt-get update
# apt-get install package-name
For Debian packages, the base package name matches the globus package name, but with hyphens replacing underscores, and without the extension. There may be multiple Debian packages associated with a source package, so add an asterix after the package name to indicate other installed subpackages. Thus, for the update package globus_openssl_module-0.2.tar.gz, the apt-get install command would be
# apt-get --only-upgrade install 'globus-openssl-module*'

Installing updates from source

To install update packages, use the command

% gpt-build -update package-name flavors

To find the flavors of the package which are already installed, use the command

% gpt-query package-name

Note: This can be quite slow to return the output, so please be patient.

As an example:

% gpt-query globus_openssl_module
7 packages were found in /opt/globus that matched your query:

packages found that matched your query 
    globus_openssl_module-gcc64dbg-dev pkg version: 0.1.0
    globus_openssl_module-gcc64dbg-pgm pkg version: 0.1.0
    globus_openssl_module-gcc64dbg-rtl pkg version: 0.1.0
    globus_openssl_module-gcc64dbgpthr-dev pkg version: 0.1.0
    globus_openssl_module-gcc64dbgpthr-pgm pkg version: 0.1.0
    globus_openssl_module-gcc64dbgpthr-rtl pkg version: 0.1.0
    globus_openssl_module-noflavor-doc pkg version: 0.1.0
In this case, the gcc64dbg, gcc64dbgpthr, and noflavor flavors of the package are installed. You do not have to specify the noflavor version to update a build, so you can ignore that.

Thus, to install the update named globus_openssl_module-0.2.tar.gz, you would run

% gpt-build -update globus_openssl_module-0.2.tar.gz gcc64dbgpthr gcc64dbg
gpt-build ====> CHECKING BUILD DEPENDENCIES FOR globus_openssl_module
gpt-build ====> Changing to /home/juser/BUILD/globus_openssl_module-0.2
gpt-build ====> BUILDING FLAVOR gcc64dbgpthr
gpt-build ====> Changing to /home/juser/BUILD
gpt-build ====> CHECKING BUILD DEPENDENCIES FOR globus_openssl_module
gpt-build ====> Changing to /home/juser/BUILD/globus_openssl_module-0.2
gpt-build ====> BUILDING FLAVOR gcc64dbg
gpt-build ====> Changing to /home/juser/BUILD

After installing the update package, restart all globus services.



Security
Bug Fix
Enhancement