openafs/RELNOTES-1.8.5

                       User-Visible OpenAFS Changes

OpenAFS 1.8.5

All platforms

    * Fix OPENAFS-SA-2019-001: information leakage in failed RPC output
      Generated RPC handler routines ran output variables through XDR encoding
      even when the call had failed and would shortly be aborted (and for
      which uninitialized output variables is common); any complete packets
      assembled in the process would be sent to the peer, leaking the contents
      of the uninitialized memory in question.

    * Fix OPENAFS-SA-2019-002: information leakage from uninitialized scalars
      Generated RPC handler routines did not initialize output variables of
      scalar (fixed-length) type, since they did not require dedicated logic to
      free.  Such variables allocated on the stack could remain uninitialized
      in some cases (including those affected by OPENAFS-SA-2019-001), and the
      contents of uninitialized memory would be returned to the peer.

All server platforms

    * Fix OPENAFS-SA-2019-003: fix crash in database servers
      The ubik debugging RPCs prioritize being fast and non-disruptive to
      database operations over strict correctness, and do not adhere to the
      usual locking protocol for data access.  A data race could cause a NULL
      dereference if the second memory load was not optimized out by the
      compiler.
- update to security-release 1.8.5, adresses: * OPENAFS-SA-2019-001: Skip server OUT args on error * OPENAFS-SA-2019-002: Zero all server RPC args * OPENAFS-SA-2019-003: ubik: Avoid unlocked ubik_currentTrans deref OBS-URL: https://build.opensuse.org/package/show/filesystems/openafs?expand=0&rev=53 2019-10-23 13:54:43 +00:00			`User-Visible OpenAFS Changes`

			`OpenAFS 1.8.5`

			`All platforms`

			`* Fix OPENAFS-SA-2019-001: information leakage in failed RPC output`
			`Generated RPC handler routines ran output variables through XDR encoding`
			`even when the call had failed and would shortly be aborted (and for`
			`which uninitialized output variables is common); any complete packets`
			`assembled in the process would be sent to the peer, leaking the contents`
			`of the uninitialized memory in question.`

			`* Fix OPENAFS-SA-2019-002: information leakage from uninitialized scalars`
			`Generated RPC handler routines did not initialize output variables of`
			`scalar (fixed-length) type, since they did not require dedicated logic to`
			`free. Such variables allocated on the stack could remain uninitialized`
			`in some cases (including those affected by OPENAFS-SA-2019-001), and the`
			`contents of uninitialized memory would be returned to the peer.`

			`All server platforms`

			`* Fix OPENAFS-SA-2019-003: fix crash in database servers`
			`The ubik debugging RPCs prioritize being fast and non-disruptive to`
			`database operations over strict correctness, and do not adhere to the`
			`usual locking protocol for data access. A data race could cause a NULL`
			`dereference if the second memory load was not optimized out by the`
			`compiler.`