From 6c196918ce21975d4af58e237b1d38010bf4dad3218ea31c49d9e3dab47f65ec Mon Sep 17 00:00:00 2001 From: Christof Hanke Date: Wed, 23 Oct 2019 13:54:43 +0000 Subject: [PATCH] - update to security-release 1.8.5, adresses: * OPENAFS-SA-2019-001: Skip server OUT args on error * OPENAFS-SA-2019-002: Zero all server RPC args * OPENAFS-SA-2019-003: ubik: Avoid unlocked ubik_currentTrans deref OBS-URL: https://build.opensuse.org/package/show/filesystems/openafs?expand=0&rev=53 --- ChangeLog | 1915 +++--------------------------- RELNOTES-1.8.4 | 90 -- RELNOTES-1.8.5 | 29 + openafs-1.8.4-doc.tar.bz2 | 3 - openafs-1.8.4-doc.tar.bz2.md5 | 1 - openafs-1.8.4-doc.tar.bz2.sha256 | 1 - openafs-1.8.4-src.tar.bz2 | 3 - openafs-1.8.4-src.tar.bz2.md5 | 1 - openafs-1.8.4-src.tar.bz2.sha256 | 1 - openafs-1.8.5-doc.tar.bz2 | 3 + openafs-1.8.5-doc.tar.bz2.md5 | 1 + openafs-1.8.5-doc.tar.bz2.sha256 | 1 + openafs-1.8.5-src.tar.bz2 | 3 + openafs-1.8.5-src.tar.bz2.md5 | 1 + openafs-1.8.5-src.tar.bz2.sha256 | 1 + openafs.changes | 8 + openafs.spec | 4 +- 17 files changed, 204 insertions(+), 1862 deletions(-) delete mode 100644 RELNOTES-1.8.4 create mode 100644 RELNOTES-1.8.5 delete mode 100644 openafs-1.8.4-doc.tar.bz2 delete mode 100644 openafs-1.8.4-doc.tar.bz2.md5 delete mode 100644 openafs-1.8.4-doc.tar.bz2.sha256 delete mode 100644 openafs-1.8.4-src.tar.bz2 delete mode 100644 openafs-1.8.4-src.tar.bz2.md5 delete mode 100644 openafs-1.8.4-src.tar.bz2.sha256 create mode 100644 openafs-1.8.5-doc.tar.bz2 create mode 100644 openafs-1.8.5-doc.tar.bz2.md5 create mode 100644 openafs-1.8.5-doc.tar.bz2.sha256 create mode 100644 openafs-1.8.5-src.tar.bz2 create mode 100644 openafs-1.8.5-src.tar.bz2.md5 create mode 100644 openafs-1.8.5-src.tar.bz2.sha256 diff --git a/ChangeLog b/ChangeLog index fe95120..600c5fe 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,1795 +1,190 @@ -commit 501dbbe4e2fbcb8e71af9f695e8e34911c44d581 -Author: Stephan Wiesand -Date: Sun Sep 8 13:23:23 2019 +0200 - - Make OpenAFS 1.8.4 - - Update version strings for the 1.8.4 release. - - Change-Id: I85102e0be54cf0ff28b706d35dba8e3601447cba - Reviewed-on: https://gerrit.openafs.org/13841 - Reviewed-by: Michael Meffie - Reviewed-by: Stephan Wiesand - Tested-by: Stephan Wiesand - -commit ae39aa202ec9133e6cec6aaf4e214157fad9b1aa -Author: Stephan Wiesand -Date: Fri Aug 16 17:55:48 2019 +0200 - - Update NEWS for OpenAFS 1.8.4 - - Finalize the 1.8.4 release notes. - - Change-Id: Ida85451cdec65b2fe736d66572671293f30a6508 - Reviewed-on: https://gerrit.openafs.org/13785 - Reviewed-by: Michael Meffie - Reviewed-by: Stephan Wiesand - Tested-by: Stephan Wiesand - -commit 9fa11cd961e283234ea351085cf45a24182db81f -Author: Stephan Wiesand -Date: Fri Sep 6 16:17:39 2019 +0200 - - Make OpenAFS 1.8.4pre2 - - Update version strings for the second 1.8.4 prerelease. - - Change-Id: I83ebb06aaae9484e0773b68f336e6d8752069824 - Reviewed-on: https://gerrit.openafs.org/13839 - Reviewed-by: Michael Meffie - Reviewed-by: Stephan Wiesand - Tested-by: Stephan Wiesand - -commit cf7ee9a76dbf16b0aa44f737aca8448870824098 -Author: Stephan Wiesand -Date: Sun Sep 8 13:16:35 2019 +0200 - - Update NEWS for 1.8.4pre2 - - Release notes for the OpenAFS 1.8.4 prerelease 2. - - Change-Id: Iad2098f56c9e5a9025761e21f609aa3c1584b4aa - Reviewed-on: https://gerrit.openafs.org/13840 - Reviewed-by: Michael Meffie - Reviewed-by: Stephan Wiesand - Tested-by: Stephan Wiesand - -commit 676c57f5551fb18cf8485a0e945bc15b78eb1051 -Author: Andrew Deason -Date: Wed Oct 17 16:35:36 2018 -0500 - - Remove one more automake VERSION reference - - The configure summary was still referencing the old automake-specific - VERSION var. Use the autoconf PACKAGE_VERSION var instead, so this - actually shows our version. - - Reviewed-on: https://gerrit.openafs.org/13360 - Reviewed-by: Benjamin Kaduk - Tested-by: BuildBot - (cherry picked from commit 0f65b40b24599d58cf30bfd47fae83ab54e1416a) - - Change-Id: I5bd9399acc6e4c6dd19b94198354b600f35bee15 - Reviewed-on: https://gerrit.openafs.org/13790 - Tested-by: BuildBot - Reviewed-by: Andrew Deason - Reviewed-by: Stephan Wiesand - -commit 4ccc332ab61cfc4d33fdc48a7d57e93cf9cecb91 -Author: Andrew Deason -Date: Thu Oct 11 00:18:17 2018 -0500 - - Remove automake autoconf vars - - Commit 4706854f (autoconf: updates and cleanup) removed our invocation - of AM_INIT_AUTOMAKE, which defines the output variables PACKAGE and - VERSION. Several files in our build system are still referencing - @PACKAGE@ and @VERSION@, though, leaving them un-substituted. This - most easily is seen as the AFSVersion version string remaining as - "@VERSION@" when the tree is built without git, but it also affects - some packaging in the tree. - - Remove references to @VERSION@ and @PACKAGE@, replacing them with - their autoconf equivalents @PACKAGE_VERSION@ and @PACKAGE_TARNAME@. - - Reviewed-on: https://gerrit.openafs.org/13357 - Tested-by: BuildBot - Reviewed-by: Benjamin Kaduk - (cherry picked from commit 2f2c2ce62aa17ecac3651d64c1168af926f7458b) - - Change-Id: If2b98b8930bc687170f53f852417fb9374bf6c60 - Reviewed-on: https://gerrit.openafs.org/13789 - Tested-by: BuildBot - Reviewed-by: Andrew Deason - Reviewed-by: Stephan Wiesand - -commit 4330e16a47e76ea6c1f35467a1ddbe97bded7a92 -Author: Cheyenne Wills -Date: Fri Aug 9 14:25:03 2019 -0600 - - LINUX 5.3.0: Use send_sig instead of force_sig - - Linux 5.3.0 commit 3cf5d076fb4d48979f382bc9452765bf8b79e740 "signal - Remove task parameter from force_sig" (part of siginfo-linus branch) - changes the parameters for the Linux kernel function force_sig. See LKML - thread starting at https://lkml.org/lkml/2019/5/22/1351 - - According to the LKML discussion and the above commit message force_sig - is only safe to deliver a synchronous signal to the current task. To - send a signal to another task, we're supposed to use send_sig instead, - which has been available since at least linux 2.6.12-rc12. - - Currently, rx_knet calls force_sig to kill the rxk_ListenerTask. With - the Linux 5.3.0 kernel, this module fails to compile due to the above - noted changes. - - Replace the force_sig call with send_sig. In order to use send_sig, the - rxk_listener thread must allow SIGKILL and during shutdown (umount) - SIGKILL must be unblocked for the rxk_listener thread. - - Note that SIGKILL is initially blocked on rxk_listener and is only - unblocked when shutting down the thread. Having the signal blocked is - sufficient to prevent unwanted signals from reaching the rxk_listener - thread during normal operation. - - Reviewed-on: https://gerrit.openafs.org/13753 - Reviewed-by: Benjamin Kaduk - Tested-by: BuildBot - (cherry picked from commit 2b7af1243f46496c0b5973b3fa2a6396243f7613) - - Change-Id: I6eb44311fbcc63adb6ebeb85a8e076922befd645 - Reviewed-on: https://gerrit.openafs.org/13788 - Tested-by: BuildBot - Reviewed-by: Michael Meffie - Reviewed-by: Mark Vitale - Reviewed-by: Benjamin Kaduk - Reviewed-by: Stephan Wiesand - -commit 6e8674ef07cae2f62a9dc646d9f6e7e2e6307aab -Author: Cheyenne Wills -Date: Thu Aug 8 16:53:13 2019 -0600 - - LINUX 5.3.0: Check for 'recurse' arg in keyring_search - - Linux 5.3.0 commit dcf49dbc8077e278ddd1bc7298abc781496e8a08 "keys: Add a - 'recurse' flag for keyring searches" adds a new parameter to - Linux kernel keyring_search function. - - Update the call to keyring_search to include the recurse parameter if - available. Setting the parameter to true (1) maintains the current - search behavior. - - Change-Id: I038117d1bccdf619a42132fba7d8d61b3ce3c14b - Reviewed-on: https://gerrit.openafs.org/13752 - Tested-by: BuildBot - Reviewed-by: Benjamin Kaduk - Reviewed-by: Andrew Deason - Reviewed-on: https://gerrit.openafs.org/13787 - Reviewed-by: Michael Meffie - Reviewed-by: Stephan Wiesand - -commit 6ab27a5cf3292a20ab807b7bc4dca43f305f14de -Author: Stephan Wiesand -Date: Fri May 17 16:52:21 2019 +0200 - - Make OpenAFS 1.8.4pre1 - - Update version strings for the first 1.8.4 prerelease. - - Change-Id: I9aa05d7bce308780a1dc815341856e2291579039 - Reviewed-on: https://gerrit.openafs.org/13596 - Tested-by: BuildBot - Reviewed-by: Mark Vitale - Reviewed-by: Michael Meffie - Reviewed-by: Cheyenne Wills - Reviewed-by: Stephan Wiesand - -commit 1bebe1155e850389ace35a3e4b3f7d77b58758bd -Author: Michael Meffie -Date: Fri Jun 14 09:30:14 2019 -0400 - - Update NEWS for 1.8.4pre1 - - Release notes for the OpenAFS 1.8.4 prerelease 1. - - Change-Id: I3976919660ff6a0eda82b71806e116f4322fb38a - Reviewed-on: https://gerrit.openafs.org/13643 - Reviewed-by: Michael Meffie - Reviewed-by: Benjamin Kaduk - Reviewed-by: Mark Vitale - Tested-by: BuildBot - Reviewed-by: Stephan Wiesand - -commit a6ee134f7f5da47022145bdb4a8bceff08414465 -Author: Cheyenne Wills -Date: Fri Jul 5 08:23:10 2019 -0600 - - libadmin: overlap warning in strcpy with gcc9 - - GCC 9 with --enable-checking produces a new warning/error in - afs_utilAdmin.c associated with a strcpy with the potential of an - overlap. The index used is signed which triggers the new warning. The - source and target of the strcpy are contained within the same higher - level structure. - - Change the variable 'index' from signed to unsigned to resolve the - warning/error. Change the variable 'total' in the same structure to - unsigned to be consistent with it's usage with 'index'. - - Reviewed-on: https://gerrit.openafs.org/13660 - Reviewed-by: Andrew Deason - Tested-by: BuildBot - Reviewed-by: Benjamin Kaduk - (cherry picked from commit 79dffe29c8a0ec55c4231a18077efdfa7c1edf53) - - Change-Id: I19a192ecea86314851e6889274eb030c5caff8cb - Reviewed-on: https://gerrit.openafs.org/13724 - Reviewed-by: Michael Meffie - Reviewed-by: Benjamin Kaduk - Reviewed-by: Andrew Deason - Tested-by: BuildBot - Reviewed-by: Stephan Wiesand - -commit 033b66b0d688dd12f929475a0686149df63f8a70 -Author: Andrew Deason -Date: Tue Oct 30 15:41:22 2018 -0500 - - aklog: Avoid misleading AFSCELL message - - Currently, if the AFSCELL environment variable is set, aklog (and - other libauth-using utilities) print out a message when - afsconf_GetLocalCell is called: - - Note: Operation is performed on cell env.example.com - - However, this message is also printed (with the AFSCELL cell) when - aklog is given the -cell command-line argument, even though aklog - actually uses the cell given on the command line. For example: - - $ AFSCELL=env.example.com aklog -cell cli.example.com -d - Note: Operation is performed on cell env.example.com - Authenticating to cell cli.example.com (server srv1.example.com). - [...] - - libauth will normally not print the "Operation" message if we're not - using the default cell, but it determines this by checking if someone - called afsconf_GetCellInfo before calling afsconf_GetLocalCell. And - currently, aklog calls afsconf_GetLocalCell before - afsconf_GetCellInfo, so the message gets printed because libauth has - no way of knowing that we're actually using a different cell. - - klog gets around this by making an additional ignored call to - afsconf_GetCellInfo before afsconf_GetLocalCell, but we can fix this - in aklog by just changing the order of the calls. So, just call - afsconf_GetCellInfo first; if we're using the local cell, we can just - give a NULL cell parameter, instead of looking up the local cellname - first. - - Reviewed-on: https://gerrit.openafs.org/13371 - Reviewed-by: Benjamin Kaduk - Tested-by: BuildBot - (cherry picked from commit 877d9d79a32b9e81911cb567f844b11c693229f0) - - Change-Id: I67350be8c25fb93975442175a64098123503b40c - Reviewed-on: https://gerrit.openafs.org/13676 - Tested-by: BuildBot - Reviewed-by: Michael Meffie - Reviewed-by: Benjamin Kaduk - Reviewed-by: Cheyenne Wills - Reviewed-by: Stephan Wiesand - -commit 61e3663a18899898bef8c95e804cf6980651fbf5 -Author: Andrew Deason -Date: Mon Mar 25 16:33:39 2019 -0500 - - afs: Avoid non-dir ENOENT errors in afs_lookup - - Historically, there have been many subsystems in libafs that can - generate ENOENT errors for a variety of reasons. In addition to the - expected case where we lookup a name that doesn't exist, other - scenarios have caused ENOENT error codes to be generated, such as: - internal inconsistencies, I/O errors, or even abort codes from the - network. - - When one of these scenarios cause an ENOENT error code in one of those - situations during afs_lookup() when the target name does actually - exist, it can be confusing to a user, or even result in incorrect - application behavior. On Linux in particular, ENOENT results from a - lookup are cached in negative dcache entries, and so can cause future - lookups for the same name to yield ENOENT errors. - - Various commits have tried to avoid this abuse of the ENOENT error - code, such as 2aa4cb04 (afs: Stop abusing ENOENT). But we cannot - prevent receiving ENOENT abort codes from the network, and mistakes in - the future may cause more scenarios incorrectly yielding ENOENTs. - - However, in afs_lookup, we do know that legitimate ENOENT errors can - only occur in one situation: when we have a valid directory blob, and the - afs_dir_Lookup() operation itself returns an ENOENT error for the - target name. For all other areas of afs_lookup(), we know that an - ENOENT error is not legitimate, since we may not be sure if the target - name exists or not. - - So to proactively avoid incorrect ENOENT results, prevent afs_lookup - from returning ENOENT, except in the specific code path where - afs_dir_Lookup is called. - - Reviewed-on: https://gerrit.openafs.org/13537 - Reviewed-by: Cheyenne Wills - Reviewed-by: Benjamin Kaduk - Tested-by: BuildBot - (cherry picked from commit 5f48367f2bd5bf1c0e689c79508177b649b9113b) - - Change-Id: I2698c26d7b75146d92e1763d49dce135ad66f672 - Reviewed-on: https://gerrit.openafs.org/13692 - Tested-by: BuildBot - Reviewed-by: Michael Meffie - Reviewed-by: Benjamin Kaduk - Reviewed-by: Stephan Wiesand - -commit bb886044d8d2b309ed5d0bd6f3d0c7c71909d6c8 -Author: Mark Vitale -Date: Wed May 22 22:50:00 2019 -0400 - - auth: make PGetTokens2 work with 3-char cellnames - - PGetTokens2 accepts two different types of input: - - an integer 'iterator' to request the nth token set for a user - - a string cellname to request the user's token set for that cell - - Unfortunately, it distinguishes between these by assuming if the input - length is sizeof(afs_int32) (4 bytes), it must be an integer. This - assumption is incorrect if the cellname is three (3) characters long - plus a nul terminator. - - The result is that the cellname string is interpreted as a very large - "n"; the subsequent search for the user's "very-large-nth-token" fails, - making it appear that the user has no valid token for this cell. - - Improve on this heuristic by double-checking any putative integer input. - If it is actually a 3-character string, then process the input as a - cellname instead. - - Introduced by commit 5ec5ad5dcca84e99e5f55987cc4f787cd482fdde 'New - GetToken pioctl'. - - While here, add doxygen comments. - - Reviewed-on: https://gerrit.openafs.org/13599 - Reviewed-by: Michael Meffie - Tested-by: BuildBot - Reviewed-by: Cheyenne Wills - Reviewed-by: Benjamin Kaduk - Reviewed-by: Andrew Deason - (cherry picked from commit b0278994826f6bd1dfebc39f26282b8fbdadf1a0) - - Change-Id: Ib64749d65f03fc564b1d987b426832442be8d5bd - Reviewed-on: https://gerrit.openafs.org/13679 - Reviewed-by: Michael Meffie - Reviewed-by: Andrew Deason - Tested-by: BuildBot - Reviewed-by: Stephan Wiesand - -commit 5b0ca2e4ebdd7f86c52926700099e3654f826ccc -Author: Andrew Deason -Date: Sat Nov 3 01:04:43 2018 -0500 - - ptserver: Check for -restricted in SPR_Delete - - Currently, all prdb write operations, except for SPR_Delete, will fail - with PRPERM if called by a non-system:administrators caller while - restricted mode is active. SPR_Delete is missing this check, and so - is not affected by the -restricted option. - - Fix this by inserting the same check for -restricted as all other code - paths that check for -restricted. - - Reviewed-on: https://gerrit.openafs.org/13374 - Reviewed-by: Benjamin Kaduk - Tested-by: BuildBot - (cherry picked from commit 2e556c0f23ae439c804352cf51fcf30878b03c7a) - - Change-Id: I9a31cf4e6490aa13dc0c239d2660fc146553ee75 - Reviewed-on: https://gerrit.openafs.org/13688 - Reviewed-by: Michael Meffie - Reviewed-by: Andrew Deason - Tested-by: Andrew Deason - Reviewed-by: Benjamin Kaduk - Reviewed-by: Stephan Wiesand - -commit d47904684afb8402b692c9f7a4bb5f32cc3da5d7 -Author: Andrew Deason -Date: Sat Nov 3 00:58:58 2018 -0500 - - ptserver: Fix AccessOK -restricted for SYSADMINID - - According to the documentation, as well as other code paths that check - for -restricted, the -restricted option does not affect members of - system:administrators. Currently, though, AccessOK only bypasses the - -restricted check if the caller is SYSADMINID itself (i.e. localauth). - - Fix AccessOK to only do the -restricted checks if the caller is not in - system:administrators, to match the documentation as well as other - ptserver operations. - - Reviewed-on: https://gerrit.openafs.org/13373 - Tested-by: BuildBot - Reviewed-by: Mark Vitale - Reviewed-by: Benjamin Kaduk - (cherry picked from commit 3a8fa4ecd65d5d743fdc573c9f0f261aee2063b6) - - Change-Id: I786830efab229a50a521daf3efc624e949475030 - Reviewed-on: https://gerrit.openafs.org/13687 - Reviewed-by: Michael Meffie - Reviewed-by: Andrew Deason - Tested-by: Andrew Deason - Reviewed-by: Benjamin Kaduk - Reviewed-by: Stephan Wiesand - -commit a33468b8d596fa45224b447bde90e3606a2fd5b9 -Author: Andrew Deason -Date: Tue Oct 30 14:29:24 2018 -0500 - - ptserver: Fix AccessOK -restricted for addToGroup - - The function AccessOK is used by all of ptserver RPC handlers that - need to do an authorization check, and the last two arguments are set - as such: - - - When adding a member to a group, 'mem' is PRP_ADD_MEM and 'any' is - PRP_ADD_ANY - - - When removing a member from a group, 'mem' is PRP_REMOVE_MEM and - 'any' is 0 - - - When modifying an entry (setFieldsEntry) or modifying some global - database fields, 'mem' and 'any' are both set to 0 - - - When reading an entry and not modifying it, 'mem' and/or 'any' are - set to other values (depending on if we're checking membership, - examining the entry itself, etc) - - Commit 93ece98c (ptserver-restricted-mode-20050415) added a check to - AccessOK to make it return false for -restricted mode when we are - adding a member to a group, or when 'mem' and 'any' are both 0. This - didn't catch the case when we are removing a member from a group, - though, when 'mem' is PRP_REMOVE_MEM. - - It looks like commit a614a8d9 (ptutils-restricted-accessok-20081025) - tried to fix this by adding a check for PRP_REMOVE_MEM, but it also - required 'any' to be set to 0 for the conditional to succeed. This is - true when removing a member from a group, but when adding a member to - a group, 'any' is PRP_ADD_ANY, and so this check fails. - - This means that currently, when restricted mode is turned on, - non-admins can still run addToGroup and setFieldsEntry successfully. - - Fix this by checking for PRP_ADD_MEM/PRP_REMOVE_MEM separately from - checking if 'mem'/'any' are set to 0. Break up this conditional into - separate if() statements with comments to try to make the checks - more clear. - - Reviewed-on: https://gerrit.openafs.org/13370 - Tested-by: BuildBot - Reviewed-by: Mark Vitale - Reviewed-by: Benjamin Kaduk - (cherry picked from commit dfc78d533ef64c8d6daf134e2a0f67c5c16f7369) - - Change-Id: I7f53570b42e2700a33dd5e72a31f6f7f8b876e79 - Reviewed-on: https://gerrit.openafs.org/13686 - Reviewed-by: Michael Meffie - Reviewed-by: Andrew Deason - Tested-by: Andrew Deason - Reviewed-by: Benjamin Kaduk - Reviewed-by: Stephan Wiesand - -commit 8733253e2f61bf33a2fea5724b7cd6a8de50a10f -Author: Mark Vitale -Date: Wed May 22 23:03:11 2019 -0400 - - auth: eliminate pointless retries in ktc_ListTokensEx - - ktc_ListTokensEx is an iterator to provide the names of each cell for - which a user has a token set. It does this by looking for the 1 through - nth token set for a given user. However, as currently implemented, - it always continues searching up to the 100x safety limit even when - there are no more token sets for the user. - - Instead, return immediately when VIOC_GETTOK2 returns EDOM (no more - tokens for this user). - - Introduced by commit a86ad262d2a8be36f43ab0885a84dde37ddfc464 'auth: Add - the ktc_ListTokensEx function'. - - Reviewed-on: https://gerrit.openafs.org/13598 - Reviewed-by: Andrew Deason - Tested-by: BuildBot - Reviewed-by: Benjamin Kaduk - (cherry picked from commit 95ae30c30d98a3219fd021e0ed83200c1b6c266f) - - Change-Id: Ib0489b78b92861ae25b625b3054caf68f3b0a074 - Reviewed-on: https://gerrit.openafs.org/13678 - Reviewed-by: Michael Meffie - Tested-by: BuildBot - Reviewed-by: Andrew Deason - Reviewed-by: Stephan Wiesand - -commit 1e6c4502de6bd8d6201ee7042a364a8a04e577d6 -Author: Mark Vitale -Date: Thu Oct 25 10:27:41 2018 -0400 - - viced: correct option parsing for -vlru*, -novbc - - Commit a5effd9f1011aa319fdf432c67aec604053b8656 "viced: Use libcmd for - command line options" modernized the option parsing for (da)fileserver, - but introduced a few errors for the following options: - - -vlruthresh - -vlruinterval - -vlrumax - -novbc - - Correct the errors. - - Reviewed-on: https://gerrit.openafs.org/13365 - Reviewed-by: Benjamin Kaduk - Tested-by: BuildBot - (cherry picked from commit d058acb354cab9856303cc341a1f439e4f7f3454) - - Change-Id: I5eceb3cc77cfca5c9ec68efdbaabd069c3690c5a - Reviewed-on: https://gerrit.openafs.org/13680 - Reviewed-by: Michael Meffie - Tested-by: BuildBot - Reviewed-by: Mark Vitale - Reviewed-by: Cheyenne Wills - Reviewed-by: Andrew Deason - Reviewed-by: Stephan Wiesand - -commit 5d84f2a10f61e8b68b4bff18784efeb91845eef8 -Author: Cheyenne Wills -Date: Tue Jun 25 10:40:53 2019 -0600 - - util: serverLog using memory after free - - clang's scan-build detected a "use of memory after it is freed" - condition. - - The function OpenLogFile frees the variable ourName before creating a - duplicate of the name passed to it. However there is a call that uses - ourName as the parameter: OpenLogFile(ourName). This results in freeing - ourName then doing a strdup of the same memory location. - - Test the passed parameter and if it's the same as ourName already skip - the free and strdup. - - This bug was introduced in commit - 340ec2f79208ee21c3130c4b1c13995947ce426c - "util: allocate log filename buffers" - - Reviewed-on: https://gerrit.openafs.org/13659 - Tested-by: BuildBot - Reviewed-by: Benjamin Kaduk - (cherry picked from commit f5f59cd8d336b153e2b762bb7afd16e6ab1b1ee2) - - Change-Id: Ia1ae1144493fa682595b365324322d8d273c0cbb - Reviewed-on: https://gerrit.openafs.org/13675 - Reviewed-by: Michael Meffie - Tested-by: BuildBot - Reviewed-by: Benjamin Kaduk - Reviewed-by: Stephan Wiesand - -commit 7a613798620f16998b1f8dd636f3bb3ad7a541e1 -Author: khm -Date: Tue Jun 25 12:51:21 2019 -0700 - - add dkms dependency in Red Hat unit file - - Currently, there is no explicit relationship between OpenAFS and dkms. - If dkms needs to rebuild the kernel module, OpenAFS will fail to mount - because modprobe will not load the module. This change specifies that - OpenAFS should run after dkms if dkms is present. - - Reviewed-on: https://gerrit.openafs.org/13654 - Tested-by: BuildBot - Reviewed-by: Michael Laß - Reviewed-by: Andrew Deason - Reviewed-by: Michael Meffie - Reviewed-by: Cheyenne Wills - Reviewed-by: Benjamin Kaduk - (cherry picked from commit fbe2a03aa69bc19768302685d902a25e4d6e157a) - - Change-Id: If08df50128a29642e9cdfc311811b99a7889a158 - Reviewed-on: https://gerrit.openafs.org/13674 - Reviewed-by: Cheyenne Wills - Tested-by: BuildBot - Reviewed-by: Michael Meffie - Reviewed-by: khm - Reviewed-by: Stephan Wiesand - -commit 27a21f35a81c3671c9752edfd4fa502f5fc281e0 -Author: Mark Vitale -Date: Wed May 22 22:52:10 2019 -0400 - - pioctl: limit fruitless token searches - - getNthCell searches the afs_users table for the nth token set belonging to a - given user. However, it is impossible for a user to have more than one - token set per cell. If the caller specifies a number greater than the - total number of cells this cache manager knows about, we know the search - will be fruitless. - - Instead, return early in this case, avoiding both the lock and the - search. - - Reviewed-on: https://gerrit.openafs.org/13597 - Tested-by: BuildBot - Tested-by: Mark Vitale - Reviewed-by: Michael Meffie - Reviewed-by: Cheyenne Wills - Reviewed-by: Benjamin Kaduk - (cherry picked from commit fc7e1700fe84f623fb9163466d24226df00b1a2c) - - Change-Id: Idfda263af173a7ca081fcea3eef0ec4a63e66eda - Reviewed-on: https://gerrit.openafs.org/13639 - Tested-by: BuildBot - Reviewed-by: Benjamin Kaduk - Reviewed-by: Mark Vitale - Reviewed-by: Cheyenne Wills - Reviewed-by: Michael Meffie - Reviewed-by: Stephan Wiesand - -commit 22c9d9f8916cef5eacc9c930fc25c34c24de17e4 -Author: Pat Riehecky -Date: Fri Jun 1 16:33:37 2018 -0500 - - Fix static expressions in conditionals - - The conditions in these if statements are always true (or always false). - Remove the check in cmdebug.c, as it is unnecessary, and fix the check - in vlclient.c to actually check for a valid voltype. (via cppcheck) - - Reviewed-on: https://gerrit.openafs.org/13158 - Reviewed-by: Michael Meffie - Tested-by: BuildBot - Reviewed-by: Andrew Deason - Reviewed-by: Cheyenne Wills - Reviewed-by: Benjamin Kaduk - (cherry picked from commit 5cd5cd9fa8754a5af346fa6a392363b046316c75) - - Change-Id: Ie3a2d6bfc99d1b5adf0524afc29dac30b655d04d - Reviewed-on: https://gerrit.openafs.org/13638 - Tested-by: BuildBot - Reviewed-by: Benjamin Kaduk - Reviewed-by: Cheyenne Wills - Reviewed-by: Michael Meffie - Reviewed-by: Stephan Wiesand - -commit 277d69d4358f94bf176268a5a98da39bf5277589 +commit e4e37ae5645ddb851d2ab956e1075a81d4dcc8cb Author: Benjamin Kaduk -Date: Fri Apr 19 10:38:24 2019 -0500 +Date: Tue Oct 22 00:11:09 2019 -0700 - afs: add a file-level comment to afs_osidnlc.c + Make OpenAFS 1.8.5 - This file doesn't currently do a great job of telling the reader what - it's used for. Let's give them a hint, especially for the expansion - of "DNLC". + Update version strings for the 1.8.5 release. - Reviewed-on: https://gerrit.openafs.org/13557 - Tested-by: BuildBot - Reviewed-by: Michael Meffie - Reviewed-by: Andrew Deason + Change-Id: I6e4e4b02b2ad7686027e983d63919cd3045fd2d4 + Reviewed-on: https://gerrit.openafs.org/13920 Reviewed-by: Benjamin Kaduk - (cherry picked from commit 3a5ab19fe04058e002bfea90f8b64fab4676de67) - - Change-Id: I41c53e5a37cc2da8fa0578a9c5db476530103981 - Reviewed-on: https://gerrit.openafs.org/13650 - Tested-by: BuildBot - Reviewed-by: Cheyenne Wills - Reviewed-by: Michael Meffie - Reviewed-by: Stephan Wiesand + Tested-by: Benjamin Kaduk -commit 7487d15ca5023f465a8bbda05bf6f68a5a6d5eb3 -Author: Mark Vitale -Date: Wed Jun 12 23:44:32 2019 -0400 +commit 2007a59e87f5c5d3a4df66e253f58b2af15774fb +Author: Benjamin Kaduk +Date: Tue Oct 22 00:08:36 2019 -0700 - afs: remove bogus comment from afs_IsTokenExpired + Update NEWS for 1.8.5 - Remove an incorrect comment, introduced with commit - adf2e6e827c6caf55247c5e63b88775393156ae5 'Unix CM: Generalise token - storage'. + Release notes for the OpenAFS 1.8.5 security release. - No functional change is incurred by this commit. - - Reviewed-on: https://gerrit.openafs.org/13640 + Change-Id: Idd44efa17c41a9fa4d2d3beddb294a1c24bdec9e + Reviewed-on: https://gerrit.openafs.org/13919 Reviewed-by: Benjamin Kaduk - Tested-by: BuildBot - (cherry picked from commit 54c34d32e884a5bfb2352e7c8767d743ef3e4647) - - Change-Id: I00f91947f9cd64694b2021e484b33dc9074fee94 - Reviewed-on: https://gerrit.openafs.org/13651 - Tested-by: BuildBot - Reviewed-by: Cheyenne Wills - Reviewed-by: Michael Meffie - Reviewed-by: Stephan Wiesand + Tested-by: Benjamin Kaduk -commit 90a0796d18d99e893ec4bad8800efe1e398c5ea3 +commit 213b9dc386ff89a14379313ee8ec09280f130a29 Author: Andrew Deason -Date: Thu May 16 20:01:17 2019 -0500 +Date: Mon Sep 16 14:06:53 2019 -0500 - Use the ppc64le_linuxXX sysname for ppc64le builds + OPENAFS-SA-2019-003: ubik: Avoid unlocked ubik_currentTrans deref - Commit 191e18eb (Open ppc64le_linux sysname space) added the - ppc64le_linux26 sysname, but it still must be manually specified when - running on ppc64le. Use the ppc64le_linux26 by default on ppc64le, so - we can compile without needing to specify an explicit sysname. + Currently, SVOTE_Debug/SVOTE_DebugOld examine some ubik internal state + without any locks, because the speed of these functions is more + important than accuracy. - Reviewed-on: https://gerrit.openafs.org/13593 - Tested-by: BuildBot - Reviewed-by: Mark Vitale + However, one of the pieces of data we examine is ubik_currentTrans, + which we dereference to get ubik_currentTrans->type. ubik_currentTrans + could be set to NULL while this code is running, so there is a small + chance of this code causing a segfault, if SVOTE_Debug() is running + when the current transaction ends. + + We only ever initialize ubik_currentTrans as a write transation (via + SDISK_Begin), so this check is pointless anyway. Accordingly, skip the + type check, and always assume that any active transaction is a write + transaction. This means we only ever access ubik_currentTrans once, + avoiding any risk of the value changing between accesses (and we no + longer need to dereference it, anyway). + + Note that, since ubik_currentTrans is not marked as 'volatile', some C + compilers, with certain options, can and do assume that its value will + not change between accesses, and thus only fetch the pointer value once. + This avoids the risk of NULL dereference (and thus, crash, if pointer + stores/loads are atomic), but the value pointed to by ubik_currentTrans->type + would be incorrect when the transaction ends during the execution of + SVOTE_Debug(). + + Reviewed-on: https://gerrit.openafs.org/13915 Reviewed-by: Benjamin Kaduk - (cherry picked from commit 4b6a4ff31a4197504bbcf2d4c14c24dee672d40e) + Tested-by: Benjamin Kaduk + (cherry picked from commit 6ec46ba7773089e1549d27a0d345afeca65c9472) - Change-Id: Icf8f8b42c499dc42bf5d637dae5ad3e261e68512 - Reviewed-on: https://gerrit.openafs.org/13637 - Tested-by: BuildBot - Reviewed-by: Michael Meffie - Reviewed-by: Stephan Wiesand + Change-Id: I634ddb27e7a8dbe5c9d1dacdc83070efa470b50b + Reviewed-on: https://gerrit.openafs.org/13918 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk -commit 4d7a397c03288847539fd1428d9bdfcbc1f59cbe +commit fcaac44f845d18d6fd5d2f3685db11118d8f8626 Author: Andrew Deason -Date: Wed Jan 16 23:44:58 2019 -0600 +Date: Wed Aug 7 21:19:47 2019 -0500 - LINUX: Propagate afs_linux_readdir BlobScan errors + OPENAFS-SA-2019-002: Zero all server RPC args - In afs_linux_readdir, if we detect an error code from BlobScan, - currently we 'break' out of the current while() loop. But right after - this loop, we reset 'code' to 0, ignoring the error we just got from - BlobScan, and acting like we just reached the end of the directory. + Currently, our server-side RPC argument-handling code generated from + rxgen initializes complex arguments like so (for example, in + _RXAFS_BulkStatus): - This means that if BlobScan could not process the given directory at - all, we'll just fail to iterate through some of the entries in the - given directory, and not report an error. + AFSCBFids FidsArray; + AFSBulkStats StatArray; + AFSCBs CBArray; + AFSVolSync Sync; - To fix this, process errors from BlobScan like we do for - afs_dir_GetVerifiedBlob, and return an error code and log a message - about the corrupted dir. + FidsArray.AFSCBFids_val = 0; + FidsArray.AFSCBFids_len = 0; + CBArray.AFSCBs_val = 0; + CBArray.AFSCBs_len = 0; + StatArray.AFSBulkStats_val = 0; + StatArray.AFSBulkStats_len = 0; - Reviewed-on: https://gerrit.openafs.org/13430 - Tested-by: BuildBot - Reviewed-by: Benjamin Kaduk - (cherry picked from commit 63f015d05293cd853dbd44e5115e6b378644dfb6) + This is done for any input or output arguments, but only for types we + need to free afterwards (arrays, usually). We do not do this for + simple types, like single flat structs. In the above example, we do + this for the arrays FidsArray, StatArray, and CBArray, but 'Sync' is + not initialized to anything. - Change-Id: Ia25bcfdb70cdb1dd1a7ce0efb84ef76beb78b247 - Reviewed-on: https://gerrit.openafs.org/13591 - Reviewed-by: Cheyenne Wills - Reviewed-by: Michael Meffie - Reviewed-by: Mark Vitale + If some server RPC handlers never set a value for an output argument, + this means we'll send uninitialized stack memory to our peer. + Currently this can happen in, for example, + MRXSTATS_RetrieveProcessRPCStats if 'rxi_monitor_processStats' is + unset (specifically, the 'clock_sec' and 'clock_usec' arguments are + never set when rx_enableProcessRPCStats() has not been called). + + To make sure we cannot send uninitialized data to our peer, change + rxgen to instead 'memset(&arg, 0, sizeof(arg));' for every single + parameter. Using memset in this way just makes this a little simpler + inside rxgen, since all we need to do this is the name of the + argument. + + With this commit, the rxgen-generated code for the above example now + looks like this: + + AFSCBFids FidsArray; + AFSBulkStats StatArray; + AFSCBs CBArray; + AFSVolSync Sync; + + memset(&FidsArray, 0, sizeof(FidsArray)); + memset(&CBArray, 0, sizeof(CBArray)); + memset(&StatArray, 0, sizeof(StatsArray)); + memset(&Sync, 0, sizeof(Sync)); + + Reviewed-on: https://gerrit.openafs.org/13914 Reviewed-by: Andrew Deason + Reviewed-by: Benjamin Kaduk Tested-by: BuildBot - Reviewed-by: Stephan Wiesand + (cherry picked from commit 93aee3cf40622993b95bd1af77080a31670c24bb) + + Change-Id: I6e19aaea57e545455b65851d1bedade584e482f0 + Reviewed-on: https://gerrit.openafs.org/13917 + Reviewed-by: Benjamin Kaduk + Tested-by: Benjamin Kaduk -commit b924e7827dbca97accb6a90da24264858e9a2964 +commit 5a3d1b62810fc8cc7b37a737b4f5f1912bc614f9 Author: Andrew Deason -Date: Wed Jan 16 23:46:34 2019 -0600 +Date: Wed Aug 7 20:50:47 2019 -0500 - afs: Throw EIO in DRead on empty dir blob - - DRead currently returns ENOENT if we try to read a page beyond the end - of the given dir blob. We do this to indicate we've hit EOF, but we do - this even if the dir blob is completely empty (which is not a valid - dir blob). - - If a dir blob in the cache is truncated due to cache corruption - issues, that means we'll indicate a normal EOF condition in that - directory for most code paths. If someone is trying to list the - directory's entries, for instance, we'll just return that there are no - entries in the dir, even though the dir itself is just invalid. - - To avoid this for at least some cases, return an EIO error instead if - the dir blob is completely empty. - - Reviewed-on: https://gerrit.openafs.org/13429 - Tested-by: BuildBot - Reviewed-by: Benjamin Kaduk - (cherry picked from commit 86d04ea70fd2e99606b1d1b5b68d980d92e7a3cd) - - Change-Id: I067aae1f949051169225a3cc0bdba35ad76a4ec2 - Reviewed-on: https://gerrit.openafs.org/13590 - Reviewed-by: Cheyenne Wills - Reviewed-by: Michael Meffie - Reviewed-by: Mark Vitale - Reviewed-by: Andrew Deason - Tested-by: BuildBot - Reviewed-by: Stephan Wiesand - -commit 02b6ba418568f294a9088b6df3e90bbdf35c8398 -Author: Andrew Deason -Date: Thu May 16 16:12:47 2019 -0500 - - Do not define AFS_SYSCALL for ppc64le_linux26 - - AFS_SYSCALL is defined to the syscall number we can use for a certain - platform (for pioctls and other AFS-specific kernel calls). On many - modern platforms, such as Linux, we don't use direct syscalls anymore, - instead routing our AFS-specific syscalls through an ioctl, and - AFS_SYSCALL is just used as a fallback for compatibility for older - OpenAFS releases that might still be using the syscall. - - For new platforms, we have no need for this compatibility code path, - since there is no existing code we might need to be compatible with. - We should avoid defining AFS_SYSCALL for those, so we can avoid - manually-issuing syscalls in more cases. The ppc64le_linux26 platform - is a very new platform (introduced in 191e18eb "Open ppc64le_linux - sysname space"), and so should not have AFS_SYSCALL defined. - - So, remove AFS_SYSCALL from ppc64le_linux26's param.h. - - Reviewed-on: https://gerrit.openafs.org/13592 - Tested-by: BuildBot - Reviewed-by: Mark Vitale - Tested-by: Andrew Deason - Reviewed-by: Andrew Deason - Reviewed-by: Benjamin Kaduk - (cherry picked from commit 46563f929a851032d785634763963808d6e2bfeb) - - Change-Id: Ib161b50a9156d3790134de4e1a8e66a1356e0fb6 - Reviewed-on: https://gerrit.openafs.org/13636 - Tested-by: BuildBot - Reviewed-by: Michael Meffie - Reviewed-by: Stephan Wiesand - -commit 2f6227540f7954f58387fba4934a0f83d1f4d536 -Author: Nathaniel Filardo -Date: Wed May 1 23:01:51 2019 +0100 - - Open ppc64le_linux sysname space - - While here, add config/param.ppc64le_linux26.h; it's just like - ppc64_linux26.h, except not AFSBIG_ENDIAN. - - Reviewed-on: https://gerrit.openafs.org/13562 - Tested-by: BuildBot - Reviewed-by: Michael Meffie - Reviewed-by: Jeffrey Altman - Reviewed-by: Benjamin Kaduk - (cherry picked from commit 191e18ebcee3698a76b55912de0a41111c384128) - - Change-Id: I9852da2a376a24269ff720a4da4881dae83036cd - Reviewed-on: https://gerrit.openafs.org/13589 - Reviewed-by: Cheyenne Wills - Reviewed-by: Michael Meffie - Reviewed-by: Mark Vitale - Tested-by: BuildBot - Reviewed-by: Stephan Wiesand - -commit 72d0e5a7c92fe7f68857af5828ed7d717b2d694d -Author: Cheyenne Wills -Date: Thu Apr 18 09:55:09 2019 -0600 - - redhat: RHEL8 add elfutils-devel as build dependency for kernel module - - Building the kernel modules under RHEL8 produces the following error - message: - Makefile:952: *** "Cannot generate ORC metadata for - CONFIG_UNWINDER_ORC=y, please install libelf-dev, libelf-devel or - elfutils-libelf-devel". Stop. - - Add elfutils-devel to the BuildRequires in the rpm spec when building - rhel >= 8 - - Add elfutils-devel to the BuildRequires in the rpm spec that - openafs-kmodtool produces - - FIXES 134900 - - Reviewed-on: https://gerrit.openafs.org/13560 - Tested-by: BuildBot - Reviewed-by: Stephan Wiesand - Reviewed-by: Michael Meffie - Reviewed-by: Benjamin Kaduk - (cherry picked from commit 13817774518ada28f5fe68e0d00ef5dd00b67b55) - - Change-Id: If4f453e6c459a2865626d4fd71bb47030e3deb58 - Reviewed-on: https://gerrit.openafs.org/13563 - Reviewed-by: Mark Vitale - Reviewed-by: Andrew Deason - Reviewed-by: Michael Meffie - Reviewed-by: Cheyenne Wills - Reviewed-by: Marcio Brito Barbosa - Tested-by: BuildBot - Reviewed-by: Stephan Wiesand - -commit c6c3a4038905169ab717e64775920147d6f34c3f -Author: Andrew Deason -Date: Fri Sep 28 14:55:56 2018 -0500 - - afs: Raise osidnlc NCSIZE - - The currrent size of the osi DNLC is very small; only 300 entries. - Raise it to 4096 entries, to give it some chance of actually helping. - - In the future, of course, this should be runtime configurable, and we - should also raise the hash table size. For now, just raise the number - of entries without changing anything else, to try to make sure nothing - breaks. - - With the hash size of 256, this means our hash chains will be at least - 16 items long. However, traversing even hundreds of hash items should - still be better than frequently hitting the disk cache to find - entries, and acquiring more locks, etc. - - Reviewed-on: https://gerrit.openafs.org/13531 - Tested-by: BuildBot - Reviewed-by: Michael Meffie - Reviewed-by: Benjamin Kaduk - (cherry picked from commit 12b46b6af778625a9c360dca61a59fcf30b76fd1) - - Change-Id: Ib4fd8bd01e2df22617e5a549d4ac76ba1d50b2fd - Reviewed-on: https://gerrit.openafs.org/13559 - Reviewed-by: Mark Vitale - Reviewed-by: Cheyenne Wills - Reviewed-by: Michael Meffie - Reviewed-by: Marcio Brito Barbosa - Tested-by: BuildBot - Reviewed-by: Stephan Wiesand - -commit 934313678d2a01208a28fca669907f50a097b377 -Author: Andrew Deason -Date: Thu Jan 17 00:04:36 2019 -0600 - - dir: Honor non-ENOENT lookup errors - - Currently, several places in src/dir/dir.c assume that any error from - a lower-level function (e.g. FindItem) means that the item we're - looking for does not exist in that directory. But if we encountered - some other error, that may not be the case; the directory blob may be - corrupt, we may have encountered some I/O error, etc. - - To detect cases like this, return the actual error code from FindItem - &c, instead of always reporting ENOENT. For the code paths that are - actually specifically looking for if the target exists (in - afs_dir_Create), change our checks to specifically check for ENOENT, - and return any other error. - - Do the same thing for a few similar callers in viced/afsfileprocs.c, - as well. - - FIXES 134904 - - Reviewed-on: https://gerrit.openafs.org/13431 - Tested-by: BuildBot - Reviewed-by: Michael Meffie - Reviewed-by: Cheyenne Wills - Reviewed-by: Benjamin Kaduk - (cherry picked from commit 0b3bd1b7cdc88ba62c8cd540e8628faa84e33cf9) - - Change-Id: Ia81ff85821c1987b97390a683f1d442ca70db41e - Reviewed-on: https://gerrit.openafs.org/13543 - Reviewed-by: Mark Vitale - Reviewed-by: Marcio Brito Barbosa - Reviewed-by: Cheyenne Wills - Reviewed-by: Andrew Deason - Reviewed-by: Michael Meffie - Tested-by: BuildBot - Reviewed-by: Stephan Wiesand - -commit e586e86add4e4bf42f7af5b6d570fbe9b49fc415 -Author: Andrew Deason -Date: Thu Mar 21 15:24:06 2019 -0500 - - LINUX: Avoid lookup ENOENT on fatal signals - - Various Linux kernel operations on various Linux kernel versions can - fail if the current process has a pending fatal signal (i.e. SIGKILL), - including reads and writes to our local disk cache. Depending on what - and when something fails because of this, some parts of libafs throw - an ENOENT error, which may propagate up to callers, and be returned - from afs_lookup(). Notably this can happen via some functions in - src/dir/dir.c, and previously was possible with some code paths before - they were fixed by commit 2aa4cb04 (afs: Stop abusing ENOENT). - - For the most part, the exact error given to the userspace caller - doesn't matter, since the process will die as soon as we return to - userspace. However, for ENOENT errors specifically for lookups, we - interpret this to mean that the target filename is known to not exist, - and so we create a negative dentry for that name, which is cached. - Future lookups for that filename will then result in ENOENT before any - AFS functions are called. - - The lingering abuses of the ENOENT error code should be removed from - libafs entirely, but as an extra layer of safety, we can just avoid - returning ENOENT from lookups if the current process has a pending - fatal signal. So to do that, change all afs_lookup() callers in - src/afs/LINUX to translate ENOENT to EINTR if we have a pending fatal - signal. If fatal_signal_pending() is not available, then we don't do - this translation. - - FIXES 134904 - - Reviewed-on: https://gerrit.openafs.org/13530 - Tested-by: BuildBot - Reviewed-by: Cheyenne Wills - Reviewed-by: Michael Meffie - Reviewed-by: Benjamin Kaduk - (cherry picked from commit 8b6ae2893b517bd4e008cae94acff70abe4d2227) - - Change-Id: I8bf1b24c97ed74b0b457d79f48b2f40416c1d37e - Reviewed-on: https://gerrit.openafs.org/13542 - Reviewed-by: Mark Vitale - Reviewed-by: Marcio Brito Barbosa - Reviewed-by: Cheyenne Wills - Reviewed-by: Michael Meffie - Tested-by: BuildBot - Reviewed-by: Stephan Wiesand - -commit e80e9e6ea6f2cedf79b92ea33eb214931bf808be -Author: Andrew Deason -Date: Sat Mar 2 15:58:00 2019 -0600 - - afs: Cleanup state on rxfs_*Init errors - - Currently, rxfs_storeInit and rxfs_fetchInit return early if they - encounter an error while starting the relevant fetch/store RPC (e.g. - StartRXAFS_FetchData64). In this scenario, they osi_FreeSmallSpace - their rock before returning, but they never go through their - destructor to free the contents of the rock - (rxfs_storeDestroy/rxfs_fetchDestroy), leaking any resources inside - that have already been initialized. - - The only thing that could have been initialized by this point is - v->call, so hitting this condition means we leak an Rx call, and means - we can report the wrong error code (since we never go through - rx_EndCall, we never look at the call's abort code). For - rxfs_fetchInit, most code paths call rx_EndCall explicitly, except for - the code path where StartRXAFS_FetchData64 itself fails. - - For both fetches and stores, it's difficult to hit this condition, - because this requires that the StartRXAFS_* call fails, before we have - sent or received any data from the wire. However, this can be hit if - the call is already aborted before we use it, which can happen if the - underlying connection has already been aborted by a connection abort. - - Before commit 0835d7c2 ("afs: make sure to call afs_Analyze after - afs_Conn"), this was most easily hit by trying to fetch data with a - bad security object (for example, with expired credentials). After the - first fetch failed due to a connection abort (e.g. RXKADEXPIRED), - afs_GetDCache would retry the fetch with the same connection, and - StartRXAFS_FetchData64 would fail because the connection and call were - already aborted. In this case, we'd leak the Rx call, and we would - throw an RXGEN_CC_MARSHAL error (-450), instead of the correct - RXKADEXPIRED error. This causes libafs to report that the target - server as unreachable, due to the negative error code. - - With commit 0835d7c2, this doesn't happen because we call afs_Analyze - before retrying the fetch, which detects the invalid credentials and - forces creating a new connetion object. However, this situation should - still be possible if a different call on the same connection triggered - a connection-level abort before we called StartRXAFS_FetchData64. - - To fix this and ensure that we don't leak Rx calls, explicitly call - rxfs_storeDestroy/rxfs_fetchDestroy in this error case, before - returning from rxfs_storeInit/rxfs_fetchInit. - - Thanks to yadayada@in.ibm.com for reporting a related issue and - providing analysis. - - Reviewed-on: https://gerrit.openafs.org/13510 - Tested-by: BuildBot - Reviewed-by: Benjamin Kaduk - (cherry picked from commit 11cc0a3c4e0d76f1650596bd1568f01367ab5be2) - - Change-Id: I3c2d66a5a6128bb8b403dfa6ea7c37e32bd2f156 - Reviewed-on: https://gerrit.openafs.org/13517 - Reviewed-by: Michael Meffie - Reviewed-by: Andrew Deason - Reviewed-by: Cheyenne Wills - Reviewed-by: Mark Vitale - Reviewed-by: Marcio Brito Barbosa - Tested-by: BuildBot - Reviewed-by: Stephan Wiesand - -commit f8f10315d9ebecf32b5537a82aedde4c24b28d62 -Author: Andrew Deason -Date: Wed Aug 9 20:06:05 2017 -0500 - - SOLARIS: Switch non-embedded vnodes for Solaris 11 - - Newer updates to Solaris 11 have been including several changes to the - vnode struct. Since we embed a vnode in our struct vcache, our kernel - module must be recompiled for any such change in order for the openafs - client to work at all. - - To avoid the need for this, switch Solaris to using a non-embedded - vnode in our struct vcache. Follow a similar technique as is used in - DARWIN and XBSD, where we allocate a vnode in osi_AttachVnode, and - free it in afs_FlushVCache. - - Reviewed-on: https://gerrit.openafs.org/12696 - Reviewed-by: Mark Vitale - Reviewed-by: Cheyenne Wills - Reviewed-by: Michael Meffie - Reviewed-by: Marcio Brito Barbosa - Tested-by: Mark Vitale - Reviewed-by: Benjamin Kaduk - (cherry picked from commit 2aafe7df403e6a848185d15495139c07bced2758) - - Change-Id: I2f5b3e2b2b908ea9815fd7735a1abed511cec9cb - Reviewed-on: https://gerrit.openafs.org/13528 - Reviewed-by: Michael Meffie - Reviewed-by: Andrew Deason - Reviewed-by: Mark Vitale - Reviewed-by: Cheyenne Wills - Reviewed-by: Marcio Brito Barbosa - Tested-by: BuildBot - Reviewed-by: Stephan Wiesand - -commit f9b4f9d63f5c62233a031a7e9d16fade235577eb -Author: Andrew Deason -Date: Wed Aug 9 20:06:03 2017 -0500 - - SOLARIS: Fix vnode/vcache casts - - A few places were using vnodes and vcaches interchangeably. This is - incorrect, since they may not always be the same thing if we stop - embedding vnodes directly in vcaches Fix these to properly go through - AFSTOV/VTOAFS to convert between vcaches and vnodes. - - Reviewed-on: https://gerrit.openafs.org/12695 - Reviewed-by: Mark Vitale - Reviewed-by: Cheyenne Wills - Reviewed-by: Michael Meffie - Reviewed-by: Marcio Brito Barbosa - Reviewed-by: Benjamin Kaduk - Tested-by: Mark Vitale - (cherry picked from commit a6499e0b086d964f3fcc65fe4be31edc33015061) - - Change-Id: Ia6889966a7c595786f0a273b4c2a5a63fe60ddd3 - Reviewed-on: https://gerrit.openafs.org/13527 - Reviewed-by: Michael Meffie - Reviewed-by: Andrew Deason - Reviewed-by: Cheyenne Wills - Reviewed-by: Mark Vitale - Reviewed-by: Marcio Brito Barbosa - Tested-by: BuildBot - Reviewed-by: Stephan Wiesand - -commit 7328cb0b000c61672ab75cda14ba0e42839adb03 -Author: Andrew Deason -Date: Wed Aug 9 20:06:00 2017 -0500 - - SOLARIS: Accept vnodes in vnode ops - - Currently, our vnode op callbacks look like this: - - int gafs_fsync(struct vcache *avc, afs_ucred_t *acred); - - And a pointer to gafs_fsync is given directly to Solaris. This cannot - be correct, since 'struct vcache' is an OpenAFS type, so Solaris - cannot possibly give us a 'struct vcache'. The actual correct - signature for such a function is something like this: - - int gafs_fsync(struct vnode *vp, afs_ucred_t *acred); - - And then the 'gafs_fsync' function is supposed to translate 'vp' into - a vcache. - - This works on Solaris right now because we embed the vnode as the - first member in our vcache, and so a pointer to a vnode is also a - pointer to a vcache. However, this would break if we ever change - Solaris vcaches to use a non-embedded vnode (like on some other - platforms). And even now, this causes a lot of warnings in - osi_vnodeops.c, since the function signatures are wrong for our vnode - callbacks. - - So to fix this, change all of these functions to accept a 'struct - vnode', and translate to/from vnodes and vcaches appropriately. - - Reviewed-on: https://gerrit.openafs.org/12694 - Reviewed-by: Mark Vitale - Reviewed-by: Cheyenne Wills - Reviewed-by: Michael Meffie - Reviewed-by: Marcio Brito Barbosa - Reviewed-by: Benjamin Kaduk - Tested-by: Mark Vitale - (cherry picked from commit 9a2b11747ce355d9adc8a5a646c88f8f3d9765ee) - - Change-Id: I85cee787e26886596a10c6b9a02f33f2bf28d65d - Reviewed-on: https://gerrit.openafs.org/13526 - Reviewed-by: Michael Meffie - Reviewed-by: Andrew Deason - Reviewed-by: Cheyenne Wills - Reviewed-by: Mark Vitale - Reviewed-by: Marcio Brito Barbosa - Tested-by: BuildBot - Reviewed-by: Stephan Wiesand - -commit 8089741c909e84020e644ac05c58d3a4bb9cc1e2 -Author: Andrew Deason -Date: Wed Aug 9 20:05:56 2017 -0500 - - SOLARIS: Reorder definitions for vnode callbacks - - Currently, many of the functions for our vnode ops are - forward-declared, right before they are referenced in the relevant - vnop template array. Move the function definitions to before the - references, so we can simply get rid of the forward declarations. - - These functions are also all only referenced in this file, so declare - them 'static'. - - Reviewed-on: https://gerrit.openafs.org/12693 - Reviewed-by: Mark Vitale - Reviewed-by: Michael Meffie - Reviewed-by: Marcio Brito Barbosa - Reviewed-by: Cheyenne Wills - Reviewed-by: Benjamin Kaduk - Tested-by: Mark Vitale - (cherry picked from commit 41a22dbf719629e0977fa963b3d19c6594d0d729) - - Change-Id: I5840fef98d2ce15525c4981636fad6e5990cbad2 - Reviewed-on: https://gerrit.openafs.org/13525 - Reviewed-by: Michael Meffie - Reviewed-by: Andrew Deason - Reviewed-by: Cheyenne Wills - Reviewed-by: Mark Vitale - Reviewed-by: Marcio Brito Barbosa - Tested-by: BuildBot - Reviewed-by: Stephan Wiesand - -commit 599cf163d10d775a18e2b8a947ad3abd6d1a4021 -Author: Andrew Deason -Date: Wed Aug 9 20:05:50 2017 -0500 - - SOLARIS: Clean up some osi_vnodeops func defs - - Currently, the Solaris osi_vnodeops.c file forward-declares many of - its function definitions, but doesn't declare the arguments. For - example: - - int afs_nfsrdwr(); - - This avoids type-checking for a few functions that are called before - they are defined in this file. Furthermore, many of these functions - are only used within this file, but are not declared 'static'. - - To fix this weirdness, remove most of the forward declarations (most - are not referenced until the function is defined), and fully declare - the rest. Declare functions 'static' that are not referenced outside - of this file. - - This commit only changes functions up to the 'afs_getsecattr' - definition. The rest of the file will be fixed in a future commit. - - Reviewed-on: https://gerrit.openafs.org/12692 - Reviewed-by: Mark Vitale - Reviewed-by: Michael Meffie - Reviewed-by: Marcio Brito Barbosa - Reviewed-by: Cheyenne Wills - Reviewed-by: Benjamin Kaduk - Tested-by: Mark Vitale - (cherry picked from commit aa46af6ae35e4f026a8ed94012c3bc18c954de23) - - Change-Id: I33f445ed253f1991896afff33e7cc14bf5e50b18 - Reviewed-on: https://gerrit.openafs.org/13524 - Reviewed-by: Michael Meffie - Reviewed-by: Andrew Deason - Reviewed-by: Cheyenne Wills - Reviewed-by: Mark Vitale - Reviewed-by: Marcio Brito Barbosa - Tested-by: BuildBot - Reviewed-by: Stephan Wiesand - -commit b02434f5c6cab1f317c9fb6652e31a20195c20d8 -Author: Mark Vitale -Date: Fri Jan 18 17:05:49 2019 -0500 - - LINUX: correct include for ktime_get_coarse_real_ts64() - - The include for the ktime_get_coarse_real_ts64() autoconf test is - incorrect; ktime_get_coarse_real_ts64() has always been in linux/ktime.h - (via #include timekeeping.h), not linux/time.h. - - This autoconf test still ran correctly because the OpenAFS build was - inadvertently picking up ktime.h via the default autoconf include path. - Therefore, this commit is needed only to provide documentation and - clarity to future maintainers. - - Introduced as a cut-n-paste error (from the current_kernel_time test) - with commit 3c454b39d04f4886536267c211171dae30dc0344 for Linux 4.20. - - Reviewed-on: https://gerrit.openafs.org/13437 - Tested-by: BuildBot - Reviewed-by: Benjamin Kaduk - (cherry picked from commit 10b02075a262dbe802266ea4bcac3936dff5dd23) - - Change-Id: Ide1adcc8536ed8829361e0961da96949099d5caf - Reviewed-on: https://gerrit.openafs.org/13523 - Reviewed-by: Michael Meffie - Reviewed-by: Mark Vitale - Reviewed-by: Andrew Deason - Reviewed-by: Marcio Brito Barbosa - Reviewed-by: Cheyenne Wills - Tested-by: BuildBot - Reviewed-by: Stephan Wiesand - -commit 390bb188b956d43f569ca10909d0a968355cddb9 -Author: Andrew Deason -Date: Fri Sep 28 17:12:40 2018 -0500 - - afs: Remove afs_xosi - - Since OpenAFS 1.0, all platforms in libafs have a lock called - afs_xosi, which is acquired and released around calls like VOP_GETATTR - on cache files. However, this lock doesn't appear to protect anything; - on all platforms, the code that runs while the lock is held uses only - calls VOP_GETATTR and accesses local variables (aside from - afs_osi_cred, which we use similarly in many other places). The - purpose of the lock has never been documented, and is not mentioned at - all in the afs_rwlocks text file. - - The comment by the afs_xosi lock declaration suggests that the lock - was originally introduced to protect access to 'tvattr', which perhaps - was a global variable in the past. All uses of 'tvattr' are local now, - though, so protecting access to it doesn't make any sense. - - So, remove afs_xosi, to remove the unnecessary serialization of - VOP_GETATTR calls. - - Reviewed-on: https://gerrit.openafs.org/13350 - Tested-by: BuildBot - Reviewed-by: Benjamin Kaduk - (cherry picked from commit d75bc6370f625479a67c7c0a50cce23c4d4a4ce5) - - Change-Id: I33dc7935872cf071c4221d46cbb458e1f77185a2 - Reviewed-on: https://gerrit.openafs.org/13529 - Reviewed-by: Michael Meffie - Reviewed-by: Andrew Deason - Reviewed-by: Cheyenne Wills - Reviewed-by: Mark Vitale - Reviewed-by: Marcio Brito Barbosa - Tested-by: BuildBot - Reviewed-by: Stephan Wiesand - -commit 1a4e785f0d92f6e628a79bb8919085bfaa279fe6 -Author: Michael Meffie -Date: Fri Mar 16 09:25:18 2018 -0500 - - afs: make sure to call afs_Analyze after afs_Conn - - The afs_Conn function is used to pick a connection for a given RPC. The - RPC is normally wrapped within a do-while loop which calls afs_Analyze - to handle the RPC code and manage the server connection references. - Among other things, afs_Analyze can mark the server as down, blacklist - idle servers, etc. - - There are some special cases in which we break out of this do-while loop - early, by putting the connection reference given by afs_Conn and then - jumping out of the loop. - - In these cases, be sure to call afs_Analyze to put the server connection - we got from afs_Conn, and to handle the RPC return code, possibly - marking the server as down or blacklisted. - - Reviewed-on: https://gerrit.openafs.org/13288 + OPENAFS-SA-2019-001: Skip server OUT args on error + + Currently, part of our server-side RPC argument-handling code that's + generated from rxgen looks like this (for example): + + z_result = SRXAFS_BulkStatus(z_call, &FidsArray, &StatArray, &CBArray, &Sync); + z_xdrs->x_op = XDR_ENCODE; + if ((!xdr_AFSBulkStats(z_xdrs, &StatArray)) + || (!xdr_AFSCBs(z_xdrs, &CBArray)) + || (!xdr_AFSVolSync(z_xdrs, &Sync))) + z_result = RXGEN_SS_MARSHAL; + fail: + [...] + return z_result; + + When the server routine for implementing the RPC results a non-zero + value into z_result, the call will be aborted. However, before we + abort the call, we still call the xdr_* routines with XDR_ENCODE for + all of our output arguments. If the call has not already been aborted + for other reasons, we'll serialize the output argument data into the + Rx call. If we push more data than can fit in a single Rx packet for + the call, then we'll also send that data to the client. Many server + routines for implementing RPCs do not initialize the memory inside + their output arguments during certain errors, and so the memory may be + leaked to the peer. + + To avoid this, just jump to the 'fail' label when a nonzero 'z_result' + is returned. This means we skip sending the output argument data to + the peer, but we still free any argument data that needs freeing, and + record the stats for the call (if needed). This makes the above + example now look like this: + + z_result = SRXAFS_BulkStatus(z_call, &FidsArray, &StatArray, &CBArray, &Sync); + if (z_result) + goto fail; + z_xdrs->x_op = XDR_ENCODE; + if ((!xdr_AFSBulkStats(z_xdrs, &StatArray)) + || (!xdr_AFSCBs(z_xdrs, &CBArray)) + || (!xdr_AFSVolSync(z_xdrs, &Sync))) + z_result = RXGEN_SS_MARSHAL; + fail: + [...] + return z_result; + + Reviewed-on: https://gerrit.openafs.org/13913 Reviewed-by: Andrew Deason Tested-by: BuildBot Reviewed-by: Benjamin Kaduk - (cherry picked from commit 0835d7c2a183f896096684df06258aefd297f080) + (cherry picked from commit ea276e83e37e5bd27285a3d639f2158639172786) - Change-Id: Ic5648dbd250c33988d64284b906b3829a396a2cb - Reviewed-on: https://gerrit.openafs.org/13511 - Reviewed-by: Michael Meffie - Reviewed-by: Andrew Deason - Reviewed-by: Cheyenne Wills - Reviewed-by: Mark Vitale - Tested-by: BuildBot - Reviewed-by: Stephan Wiesand - -commit 74054de1bc30cee1bdc9d0c350230231663bcd85 -Author: Andrew Deason -Date: Thu Sep 6 13:42:11 2018 -0500 - - Run ctfconvert/ctfmerge for all objects - - Commit 88cb536f (autoconf: detect ctf-tools and add ctf to libafs) - introduced running ctfconvert and ctfmerge for libafs on Solaris, but - didn't add any CTF data for userspace code. This commit causes the - same commands to be run for every binary that we build (if the ctf - tools are available). - - To accomplish this, also refactor how we run ctfconvert and ctfmerge. - The approach in commit 88cb536f would require us to modify the - makefile rule for every executable to run RUN_CTFCONVERT and - RUN_CTFMERGE, which is somewhat impractical. So instead in this - commit, we modify all of our *_CCRULE and *_LDRULE variables to wrap - the compiler invocation with the new CC_WRAPPER script. This means our - *RULE variables change from something like this: - - FOO_CCRULE = $(RUN_CC) $(CC) $(XXX_FLAGS) -o $@ - - to something like this: - - FOO_CCRULE = $(RUN_CC) $(CC_WRAPPER) $(CC) $(XXX_FLAGS) -o $@ - - CC_WRAPPER expands to the script src/config/cc-wrapper, which just - runs ctfconvert or ctfmerge on the relevant files after the - compiler/linker runs. If the CTF tools are not configured, CC_WRAPPER - expands to nothing, to limit our impact on other platforms. - - This commit was developed in collaboration with - mbarbosa@sinenomine.net. - - Reviewed-on: https://gerrit.openafs.org/13308 - Tested-by: BuildBot + Change-Id: I688cbf1a65903bf26a0db033687898f3fb5a54ea + Reviewed-on: https://gerrit.openafs.org/13916 Reviewed-by: Benjamin Kaduk - (cherry picked from commit c1d39153da00d5525b2f7874b2d214a7f1b1bb86) - - Change-Id: Ic357293a946f0759aa032f7c93b4b56e74e9209a - Reviewed-on: https://gerrit.openafs.org/13487 - Reviewed-by: Andrew Deason - Reviewed-by: Mark Vitale - Reviewed-by: Michael Meffie - Reviewed-by: Marcio Brito Barbosa - Reviewed-by: Cheyenne Wills - Tested-by: BuildBot - Reviewed-by: Stephan Wiesand - -commit 98e07b561279bf5d9f39ccb5f43e605cd3e86d0e -Author: Marcio Barbosa -Date: Thu May 31 09:46:56 2018 -0300 - - autoconf: do not reference the missing script - - Currently, OpenAFS does not use automake. As a result, the missing script - is not copied to the build-tools directory. Since this script is not - present in the tree, am_missing_run is not initialized. Unfortunately, - the current version still has a few references to this variable. In order - to preserve a similar behavior, this commit replaces these references by - AC_ERROR. - - While we are changing these, remove the AC_CHECK_PROGS calls for AR and - STRIP, since libtool already checks these for us. - - Reviewed-on: https://gerrit.openafs.org/12982 - Reviewed-by: Andrew Deason - Reviewed-by: Michael Meffie - Reviewed-by: Mark Vitale - Tested-by: BuildBot - Reviewed-by: Benjamin Kaduk - (cherry picked from commit 9d3ef9337fafe5dcf3865d3aced290be0f887c11) - - Change-Id: Ibb2fa93e73f303cd68e9e030f1631476f1da329c - Reviewed-on: https://gerrit.openafs.org/13486 - Reviewed-by: Michael Meffie - Reviewed-by: Andrew Deason - Reviewed-by: Marcio Brito Barbosa - Reviewed-by: Cheyenne Wills - Reviewed-by: Mark Vitale - Tested-by: BuildBot - Reviewed-by: Stephan Wiesand - -commit 36282f9cae0dafa1f13aa54f704a4d37d92a0799 -Author: Peter Foley -Date: Mon Feb 29 16:39:14 2016 -0500 - - Remove obsolete retsigtype - - Only relevent for pre-c89 K&R compilers. - - [mmeffie@sinenomine.net: avoid changes to src/external] - - Reviewed-on: https://gerrit.openafs.org/12203 - Reviewed-by: Michael Meffie - Reviewed-by: Andrew Deason - Reviewed-by: Marcio Brito Barbosa - Tested-by: BuildBot - Reviewed-by: Benjamin Kaduk - (cherry picked from commit a9644daa965fbf316943a07ad985b8ead2f4f31d) - - Change-Id: I37f83e7d8a59d5ccffe8542f3c4090e667b48c16 - Reviewed-on: https://gerrit.openafs.org/13485 - Reviewed-by: Michael Meffie - Reviewed-by: Andrew Deason - Reviewed-by: Marcio Brito Barbosa - Reviewed-by: Cheyenne Wills - Reviewed-by: Mark Vitale - Tested-by: BuildBot - Reviewed-by: Stephan Wiesand - -commit d281eb242414f58440dc44cf82d4fe7dc7830bc8 -Author: Michael Meffie -Date: Sat May 26 19:52:27 2018 -0400 - - autoconf: reformat long lines - - The autoupdate tool was run to modernize the autoconf macros but - generates very long lines. Manually reformat the long lines to make them - more reasonable. - - Reviewed-on: https://gerrit.openafs.org/13125 - Reviewed-by: Michael Meffie - Reviewed-by: Andrew Deason - Tested-by: BuildBot - Reviewed-by: Marcio Brito Barbosa - Reviewed-by: Benjamin Kaduk - (cherry picked from commit 451602a5e3a503d46eaecb3738d259e46023afcd) - - Change-Id: I19f16a66fdc6b33889f08e5a095b1f3209b01a3c - Reviewed-on: https://gerrit.openafs.org/13484 - Reviewed-by: Michael Meffie - Reviewed-by: Andrew Deason - Reviewed-by: Marcio Brito Barbosa - Reviewed-by: Cheyenne Wills - Reviewed-by: Mark Vitale - Tested-by: BuildBot - Reviewed-by: Stephan Wiesand - -commit c3eaace29ea446c9369af90eed274ece063e5bb0 -Author: Peter Foley -Date: Mon Feb 29 13:28:28 2016 -0500 - - autoconf: autoupdate macros - - Run autoupdate on macros. - - [mmeffie@sinenomine.net: re-run autoupdate, no other edits] - - Reviewed-on: https://gerrit.openafs.org/12202 - Tested-by: BuildBot - Reviewed-by: Michael Meffie - Reviewed-by: Andrew Deason - Reviewed-by: Marcio Brito Barbosa - Reviewed-by: Benjamin Kaduk - (cherry picked from commit 2e23fceec872795a39b915b73e48eb77a5d65afe) - - Change-Id: I27eac1f2b6e468382976d7866aa1f5e648727534 - Reviewed-on: https://gerrit.openafs.org/13483 - Reviewed-by: Michael Meffie - Reviewed-by: Andrew Deason - Reviewed-by: Marcio Brito Barbosa - Reviewed-by: Mark Vitale - Reviewed-by: Cheyenne Wills - Tested-by: BuildBot - Reviewed-by: Stephan Wiesand - -commit 426b5f17096c712dc0c88ae8ff0f745e6426d3b2 -Author: Michael Meffie -Date: Fri Apr 20 11:47:57 2018 -0400 - - autoconf: update curses.m4 - - Replace the obsolete AC_TRY_COMPILE with AC_COMPILE_IFELSE/AC_LANG_PROGRAM - in the curses check for the getmaxyx macro. - - This change was done manually instead of using autoupdate because the - program prologue argument for this particular check is an m4 macro, - which will not expand to code when autoupdate adds m4 quotes to the - AC_LANG_PROGRAM arguments. - - Reviewed-on: https://gerrit.openafs.org/13021 - Reviewed-by: Benjamin Kaduk - Tested-by: BuildBot - Reviewed-by: Michael Meffie - Reviewed-by: Andrew Deason - (cherry picked from commit f9c584a794c6a4c5d03fa1ee7f1b2b5e1309e7ee) - - Change-Id: Ic0a1007f5a71496fd235eab6659a73e46393d317 - Reviewed-on: https://gerrit.openafs.org/13482 - Reviewed-by: Michael Meffie - Reviewed-by: Andrew Deason - Reviewed-by: Mark Vitale - Reviewed-by: Cheyenne Wills - Tested-by: BuildBot - Reviewed-by: Stephan Wiesand - -commit b3882518f65a14b4de9846c5d11814bea3d91d96 -Author: Andrew Deason -Date: Fri Sep 21 17:16:52 2018 -0500 - - pthread.m4: Add missing 'test' to conditional - - Commit c5def62d (autoconf: update pthread checks) accidentally omitted - a 'test' in one of the conditionals. This causes an ugly error message - during configure: - - checking for pthread_attr_init in -lpthread... yes - ./configure[31043]: x-lpthread: not found [No such file or directory] - - Replace the missing 'test'. - - Reviewed-on: https://gerrit.openafs.org/13342 - Tested-by: BuildBot - Reviewed-by: Benjamin Kaduk - (cherry picked from commit 38a094137f067255c586dd5c85f3040d7a7c4486) - - Change-Id: Iaa7014c6ae58bd492930dbe4f39180111bacb67e - Reviewed-on: https://gerrit.openafs.org/13595 - Tested-by: BuildBot - Reviewed-by: Mark Vitale - Reviewed-by: Andrew Deason - Reviewed-by: Michael Meffie - Reviewed-by: Stephan Wiesand - -commit 2771714dc485ed3ca70d66e538709ddf703f8ece -Author: Michael Meffie -Date: Mon Apr 16 10:42:49 2018 -0400 - - autoconf: update pthread checks - - Replace obsolete AC_TRY_COMPILE with AC_COMPILE_IFELSE. Replace shell - if/then conditionals with AS_IF macros. Reformat indentation and - quoting. - - This change was done manually, since autoupdate copes poorly with the - old, nested AC_TRY_COMPILE macros. - - Reviewed-on: https://gerrit.openafs.org/13018 - Reviewed-by: Benjamin Kaduk - Tested-by: BuildBot - Reviewed-by: Michael Meffie - Reviewed-by: Andrew Deason - Reviewed-by: Marcio Brito Barbosa - (cherry picked from commit c5def62d7be4891f534b753374acbf5b524701eb) - - Change-Id: I5cc8e5712dd742d20be92d04728eddbecf9c216c - Reviewed-on: https://gerrit.openafs.org/13481 - Reviewed-by: Mark Vitale - Reviewed-by: Marcio Brito Barbosa - Reviewed-by: Cheyenne Wills - Tested-by: Andrew Deason - Reviewed-by: Andrew Deason - Reviewed-by: Michael Meffie - Reviewed-by: Stephan Wiesand - -commit bcce556cb0f71ba00a97c87a529e95ebed0cbc85 -Author: Peter Foley -Date: Mon Feb 29 13:19:01 2016 -0500 - - autoconf: updates and cleanup - - Update autoconf macros to their modern equivalents, according to what - the 'autoupdate' tool does. While we're here, remove automake references - that aren't being used, and remove the obsolete AC_PROG_LIBTOOL in favor - of AFS_LT_INIT. - - Reviewed-on: https://gerrit.openafs.org/12199 - Reviewed-by: Benjamin Kaduk - Tested-by: BuildBot - (cherry picked from commit 4706854f57043c8393baa922dd1974176e110a19) - - Change-Id: I9b3b8a15ac73484f60d16448abd8cce2e0334201 - Reviewed-on: https://gerrit.openafs.org/13480 - Reviewed-by: Michael Meffie - Reviewed-by: Mark Vitale - Reviewed-by: Marcio Brito Barbosa - Reviewed-by: Cheyenne Wills - Tested-by: Andrew Deason - Reviewed-by: Andrew Deason - Reviewed-by: Stephan Wiesand - -commit e93dfb1ad90dd7e6cb85783d27b4175d74bc40a0 -Author: Andrew Deason -Date: Thu Jul 26 17:57:38 2018 -0500 - - libuafs: Stop clobbering CFLAGS - - Currently, in the libuafs MakefileProto for every platform, CFLAGS is - set to a bunch of flags, ignoring any CFLAGS set by the 'make' - command-line provided by the user. Since most of the rest of the tree - honors CFLAGS, it is confusing and can cause errors when src/libuafs - ignore the user-set CFLAGS. - - One example of this breaking the build is when building RHEL RPMs for - certain sub-architectures of the current machine. If you try to - 'rpmbuild --target=i686' on 32-bit x86 RHEL 5, we will build with - -march=i686 in the CFLAGS, which will be used to build most objects - and is used in our configure tests. As a result, our configure tests - will say that gcc atomic intrinsics are available. But when we go to - build libuafs objects, we will not have -march=i686 in our CFLAGS, - which causes (on RHEL 5) gcc to default to building for i386, which - does not have gcc atomic intrinsics available. This causes build - errors like this: - - libuafs.a(rx.o): In function `rx_atomic_test_and_clear_bit': - [...]/BUILD/openafs-1.8.0/src/rx/rx_atomic.h:462: undefined reference to `__sync_fetch_and_and_4' - - To fix this, change the libuafs MakefileProtos to not set CFLAGS - directly; instead, set them in a new variable UAFS_CFLAGS. - Makefile.common then pulls those flags into MODULE_CFLAGS, which is - used in our *_CCRULE build rules. - - While we are here, also move the common set of CFLAGS set by each - platform's MakefileProto into Makefile.common. Now, each MakefileProto - only needs to set CFLAGS that are specific to that platform, which - ends up being very few (since most platforms were using the exact same - set of CFLAGS). - - Relevant issue identified and analyzed by mbarbosa@sinenomine.net. - - Reviewed-on: https://gerrit.openafs.org/13262 - Reviewed-by: Marcio Brito Barbosa - Tested-by: BuildBot - Reviewed-by: Benjamin Kaduk - (cherry picked from commit ee66819a0c1a9efa98b76a1c18af6233bda1e233) - - Change-Id: Ia38d4701aeb4f690b12a6ffdbb42b8ec8c499486 - Reviewed-on: https://gerrit.openafs.org/13544 - Reviewed-by: Michael Meffie - Reviewed-by: Mark Vitale - Reviewed-by: Benjamin Kaduk - Reviewed-by: Cheyenne Wills - Reviewed-by: Andrew Deason - Reviewed-by: Marcio Brito Barbosa - Tested-by: Andrew Deason - Reviewed-by: Stephan Wiesand - -commit 63a1ee4e238e20855aa63f31f490867c5d440f57 -Author: Marcio Barbosa -Date: Fri Oct 5 11:26:34 2018 -0400 - - DARWIN: replace macro exported by automake - - Commit 4706854f57043c8393baa922dd1974176e110a19 removed automake - references from the source tree. As a result, VERSION (exported by - AM_INIT_AUTOMAKE and obtained from Autoconf's AC_INIT macro) is not - available anymore. Unfortunately, a reference to this macro can be found - in src/afs/DARWIN/osi_module.c. Consequently, builds on OS X fail with - the following message: - - osi_module.c:144:32: error: use of undeclared identifier 'VERSION' - - To fix this problem, replace VERSION by PACKAGE_VERSION (defined by - AC_INIT). - - Reviewed-on: https://gerrit.openafs.org/13354 - Tested-by: BuildBot - Reviewed-by: Benjamin Kaduk - (cherry picked from commit 07ed94cfd817dc5a4e2d2712570087388fe7828f) - - Change-Id: I14c6c803766ea959dfc6fa4804960c067fc9f16c - Reviewed-on: https://gerrit.openafs.org/13584 - Tested-by: BuildBot - Reviewed-by: Michael Meffie - Reviewed-by: Mark Vitale - Reviewed-by: Cheyenne Wills - Reviewed-by: Andrew Deason - Reviewed-by: Marcio Brito Barbosa - Reviewed-by: Stephan Wiesand - -commit eaba6c97533f6838d3c73e86d31da18aca4ac8ab -Author: Andrew Deason -Date: Mon Apr 1 12:57:42 2019 -0400 - - doc: Remove one lingering reference to src/mcas - - Reviewed-on: https://gerrit.openafs.org/13539 - Tested-by: BuildBot - Reviewed-by: Michael Meffie - Reviewed-by: Benjamin Kaduk - (cherry picked from commit e02ae66c7eef1bfc5df9c3e9f2acde3bc3102390) - - Change-Id: Iba79e9f6b2908977a3ad43d802562f1cb8849d66 - Reviewed-on: https://gerrit.openafs.org/13558 - Tested-by: BuildBot - Reviewed-by: Stephan Wiesand - -commit 0637d1038e4ff174dbaf0a8a09490de1f08cb4fb -Author: Karl Behler -Date: Fri Mar 22 12:22:05 2019 +0100 - - man-pages: create the man3 subdirectory in prep-noistall - - This should fix a build failure reported on the openafs-devel list - today. - - Reviewed-on: https://gerrit.openafs.org/13533 - Tested-by: BuildBot - Reviewed-by: Benjamin Kaduk - (cherry picked from commit e7ea4781f07b29f7f0fc0b5ba17303bd68022e54) - - Change-Id: I996aec343f80031c7118e7b6b0d829751a85e228 - Reviewed-on: https://gerrit.openafs.org/13535 - Tested-by: BuildBot - Reviewed-by: Michael Meffie - Reviewed-by: Mark Vitale - Reviewed-by: Stephan Wiesand + Tested-by: Benjamin Kaduk diff --git a/RELNOTES-1.8.4 b/RELNOTES-1.8.4 deleted file mode 100644 index 763e346..0000000 --- a/RELNOTES-1.8.4 +++ /dev/null @@ -1,90 +0,0 @@ - User-Visible OpenAFS Changes - -OpenAFS 1.8.4 - - All platforms - - Build system updates to remove obsolete autoconf macros and remove missing - script warning during builds (13480, 13481, 13482, 13483, 13484, 13486, - 13789, 13790). - - Build system update to fix a conditional check in the pthread.m4 autoconf - file (13595) - - Build system update to create the man3 subdirectory, fixing a - reported build failure (13535). - - Remove the last reference to src/mcas in the documentation (13558). - - All server platforms - - Fix fileserver's parsing of the options -vlruthresh, -vlruinterval, - -vlrumax and -novbc (13680). - - Fixes to make ptserver's behaviour when run in restricted mode consistent - with the documentation: Non-members of the system:administrators group - are no longer allowed to issue the adduser, setfields and delete pts - commands, and all members of system:administrators are now allowed to - issue pts commands in this mode, not just the admin principal (13686..88). - - All client platforms - - Fix missing Rx call clean-up after failing to read dcaches from a file - server (13511). - - Fix an Rx call leak for calls aborted by a connection abort after the call - was initialized but before use (13517). - - Remove the obsolete afs_xosi lock to remove unnecessary serialization of - VOP_GETATTR calls. This can lead to improved performance under heavy - workloads (13529). - - Increase the size of the Directory Name Lookup Cache (DNLC) to improve - cache performance (13559). - - Fix getting tokens for cells with a three character name (13679). - - Avoid a misleading message about the cell being used when aklog is run - with the -cell parameter but the AFSCELL environment variable is set to - a different cell (13676). - - Build system update to honor the CFLAGS environment variable when building - libuafs (13544). - - Linux - - Support for mainline kernels up to 5.3 (13787, 13789). - - More fixes for improper use of ENOENT fixes to avoid incorrect use of linux - negative dentry cache, which can lead to false ENOENT errors (13542, 13543, - 13590, 13692) (RT #134904). - - Return errors instead of returning incomplete directory listings when the - directory objects are incomplete in the cache (13591). - - Add ppc64le_linux26 sysname for the ppc64le architecture (13636, 13637, - 13589). - - Fix configure check for a kernel time function in order to build on - Linux 5.0 (13523). - - RPM packaging update for RHEL8 adding a build requirement to ensure the - kernel module can be built from the SRPM (13563) (RT #134900). - - On systemd based RHEL/Fedora systems, start the client after dkms startup - is finished if the latter is installed and enabled, to avoid attempting - starts without the kernel module being available yet (13674) (RT #134974). - - MacOS - - Build system updates for MacOS (13584). - - Solaris - - Add CTF debugging records to userspace objects to improve debugging - of servers (13487). - - Convert the cache manager vnodes to be non-embebbed on Solaris 11 in order - to make the cache manager more resilient across Solaris 11 changes (13524, - 13525, 13526, 13527, 13528). - diff --git a/RELNOTES-1.8.5 b/RELNOTES-1.8.5 new file mode 100644 index 0000000..2d715b9 --- /dev/null +++ b/RELNOTES-1.8.5 @@ -0,0 +1,29 @@ + User-Visible OpenAFS Changes + +OpenAFS 1.8.5 + +All platforms + + * Fix OPENAFS-SA-2019-001: information leakage in failed RPC output + Generated RPC handler routines ran output variables through XDR encoding + even when the call had failed and would shortly be aborted (and for + which uninitialized output variables is common); any complete packets + assembled in the process would be sent to the peer, leaking the contents + of the uninitialized memory in question. + + * Fix OPENAFS-SA-2019-002: information leakage from uninitialized scalars + Generated RPC handler routines did not initialize output variables of + scalar (fixed-length) type, since they did not require dedicated logic to + free. Such variables allocated on the stack could remain uninitialized + in some cases (including those affected by OPENAFS-SA-2019-001), and the + contents of uninitialized memory would be returned to the peer. + +All server platforms + + * Fix OPENAFS-SA-2019-003: fix crash in database servers + The ubik debugging RPCs prioritize being fast and non-disruptive to + database operations over strict correctness, and do not adhere to the + usual locking protocol for data access. A data race could cause a NULL + dereference if the second memory load was not optimized out by the + compiler. + diff --git a/openafs-1.8.4-doc.tar.bz2 b/openafs-1.8.4-doc.tar.bz2 deleted file mode 100644 index 1a41814..0000000 --- a/openafs-1.8.4-doc.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:30ac5ec5030845d2d435a7c85a6e7f23e929d49be5a2f53d0a0b7af86d141827 -size 3846752 diff --git a/openafs-1.8.4-doc.tar.bz2.md5 b/openafs-1.8.4-doc.tar.bz2.md5 deleted file mode 100644 index ea3e33e..0000000 --- a/openafs-1.8.4-doc.tar.bz2.md5 +++ /dev/null @@ -1 +0,0 @@ -6f336bc7fb0ddc13ce896f4283bc6564 openafs-1.8.4-doc.tar.bz2 diff --git a/openafs-1.8.4-doc.tar.bz2.sha256 b/openafs-1.8.4-doc.tar.bz2.sha256 deleted file mode 100644 index a0afbea..0000000 --- a/openafs-1.8.4-doc.tar.bz2.sha256 +++ /dev/null @@ -1 +0,0 @@ -30ac5ec5030845d2d435a7c85a6e7f23e929d49be5a2f53d0a0b7af86d141827 openafs-1.8.4-doc.tar.bz2 diff --git a/openafs-1.8.4-src.tar.bz2 b/openafs-1.8.4-src.tar.bz2 deleted file mode 100644 index 59d66d7..0000000 --- a/openafs-1.8.4-src.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:b18a654b8224bbefcff4e63ead312da2754aca17943ded60b9475062b506639a -size 15067929 diff --git a/openafs-1.8.4-src.tar.bz2.md5 b/openafs-1.8.4-src.tar.bz2.md5 deleted file mode 100644 index 521fc72..0000000 --- a/openafs-1.8.4-src.tar.bz2.md5 +++ /dev/null @@ -1 +0,0 @@ -bf25489158158653982b19228e62eef2 openafs-1.8.4-src.tar.bz2 diff --git a/openafs-1.8.4-src.tar.bz2.sha256 b/openafs-1.8.4-src.tar.bz2.sha256 deleted file mode 100644 index eb468d9..0000000 --- a/openafs-1.8.4-src.tar.bz2.sha256 +++ /dev/null @@ -1 +0,0 @@ -b18a654b8224bbefcff4e63ead312da2754aca17943ded60b9475062b506639a openafs-1.8.4-src.tar.bz2 diff --git a/openafs-1.8.5-doc.tar.bz2 b/openafs-1.8.5-doc.tar.bz2 new file mode 100644 index 0000000..5dddb41 --- /dev/null +++ b/openafs-1.8.5-doc.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:3abab824485429674b8f60b228c35d77667f55ca2848388356ee4581811daf22 +size 3801635 diff --git a/openafs-1.8.5-doc.tar.bz2.md5 b/openafs-1.8.5-doc.tar.bz2.md5 new file mode 100644 index 0000000..83cbbe5 --- /dev/null +++ b/openafs-1.8.5-doc.tar.bz2.md5 @@ -0,0 +1 @@ +313dc4d38e5fffbbb6322d90c10c7292 /home/kaduk/openafs/1.8.5/openafs-1.8.5-doc.tar.bz2 diff --git a/openafs-1.8.5-doc.tar.bz2.sha256 b/openafs-1.8.5-doc.tar.bz2.sha256 new file mode 100644 index 0000000..663ad9c --- /dev/null +++ b/openafs-1.8.5-doc.tar.bz2.sha256 @@ -0,0 +1 @@ +3abab824485429674b8f60b228c35d77667f55ca2848388356ee4581811daf22 openafs-1.8.5-doc.tar.bz2 diff --git a/openafs-1.8.5-src.tar.bz2 b/openafs-1.8.5-src.tar.bz2 new file mode 100644 index 0000000..5fd5f1c --- /dev/null +++ b/openafs-1.8.5-src.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:eeded68f238be2d6fc37522b7feae5e0b1ea9815b90ea5da91e5d43e00b28523 +size 15089716 diff --git a/openafs-1.8.5-src.tar.bz2.md5 b/openafs-1.8.5-src.tar.bz2.md5 new file mode 100644 index 0000000..fa0f243 --- /dev/null +++ b/openafs-1.8.5-src.tar.bz2.md5 @@ -0,0 +1 @@ +3c41e2a512a41eb9ee3377339fb9d6d0 /home/kaduk/openafs/1.8.5/openafs-1.8.5-src.tar.bz2 diff --git a/openafs-1.8.5-src.tar.bz2.sha256 b/openafs-1.8.5-src.tar.bz2.sha256 new file mode 100644 index 0000000..aa0f81a --- /dev/null +++ b/openafs-1.8.5-src.tar.bz2.sha256 @@ -0,0 +1 @@ +eeded68f238be2d6fc37522b7feae5e0b1ea9815b90ea5da91e5d43e00b28523 openafs-1.8.5-src.tar.bz2 diff --git a/openafs.changes b/openafs.changes index 4f5613c..8f1501c 100644 --- a/openafs.changes +++ b/openafs.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Wed Oct 23 13:48:04 UTC 2019 - Christof Hanke + +- update to security-release 1.8.5, adresses: + * OPENAFS-SA-2019-001: Skip server OUT args on error + * OPENAFS-SA-2019-002: Zero all server RPC args + * OPENAFS-SA-2019-003: ubik: Avoid unlocked ubik_currentTrans deref + ------------------------------------------------------------------- Thu Oct 10 09:10:27 UTC 2019 - Christof Hanke diff --git a/openafs.spec b/openafs.spec index e6ee132..0c9999b 100644 --- a/openafs.spec +++ b/openafs.spec @@ -57,11 +57,11 @@ # used for %setup only # leave upstream tar-balls untouched for integrity checks. -%define upstream_version 1.8.4 +%define upstream_version 1.8.5 Name: openafs -Version: 1.8.4 +Version: 1.8.5 Release: 0 Summary: OpenAFS Distributed File System License: IPL-1.0