SHA256
1
0
forked from pool/openafs

Accepting request 1047094 from home:hauky:branches:filesystems

- update to offical openafs-1.8.9
  * all changes as openafs-1.8.9pre2
  * fix possible DoS attack

OBS-URL: https://build.opensuse.org/request/show/1047094
OBS-URL: https://build.opensuse.org/package/show/filesystems/openafs?expand=0&rev=101
This commit is contained in:
Christof Hanke 2023-01-04 09:37:51 +00:00 committed by Git OBS Bridge
parent 563ee2c3aa
commit 4c14b2923e
16 changed files with 100 additions and 14 deletions

View File

@ -1,3 +1,76 @@
commit 6cb9320825c3617abcb48e7fbd9d0d64f0c2f65b
Author: Stephan Wiesand <stephan.wiesand@desy.de>
Date: Thu Dec 8 18:49:41 2022 +0100
Make OpenAFS 1.8.9
Update version strings for the 1.8.9 release, and add the
finishing touch to NEWS.
Change-Id: I8185cc177c1150d29d802df522e3b161dac7d75e
Reviewed-on: https://gerrit.openafs.org/15215
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
commit 0ad4c50f91c2d322688981b97aa05ba471b848c1
Author: Benjamin Kaduk <kaduk@mit.edu>
Date: Fri Oct 8 20:11:19 2021 -0700
viced: cope with signed length/position in FetchData
For legacy reasons, the "Pos" (initial position) and "Len" (length)
inputs to the RXAFS_FetchData and RXAFS_FetchData64 RPCs are represented
as signed integers (the corresponding StoreData RPCs use unsigned values).
The use of signed values allows for the possibility of negative inputs,
and of signed integer overflow (undefined behavior in C), though the latter
is unlikely to arise naturally given that the implementation uses a
common backend with 64-bit values.
In particular, if a negative "Pos" value is supplied, we end up in
FetchData_RXStyle() that performs either FDH_PREAD() or FDH_PREADV()
with the negative value as the position from which to read, which is
an error. The error handling for those calls treats any error as
indicative of a problem with the volume or its underlying storage,
and takes the volume offline for salvage. Furthermore, after the
maximum number of automatic salvages the volume is left offline for
administrator action. This presents a simple route for
(unauthenticated) denial of service, as root.cell.readonly must be
available to all users of the cell, and can be brought offline in this
way; rendering root.cell.readonly unavailable would bring essentially
all access to the cell to a halt. (Other volumes could be targeted as
well, subject to their corresponding ACLs.)
Since there is no valid use for a negative position or length input,
reject them outright from the common_FetchData64() implementation.
Also check for whether the combination requests a read that would
overflow a signed integer and reject that as well.
Thanks to Jeffrey Altman and Chaskiel Grundman for collaborating on
this change.
FIXES 135263
Reviewed-on: https://gerrit.openafs.org/15223
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Tested-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Jeffrey Altman <jaltman@auristor.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 1fbbcbee0183aa7855c0e5d9d38aa89af75902db)
Change-Id: I1d634918789dddd5500ab50a0b508c142d83dc84
Reviewed-on: https://gerrit.openafs.org/15224
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
commit f812d1125f785df05bf1028f665d22c608006bae commit f812d1125f785df05bf1028f665d22c608006bae
Author: Stephan Wiesand <stephan.wiesand@desy.de> Author: Stephan Wiesand <stephan.wiesand@desy.de>
Date: Thu Nov 3 15:59:04 2022 +0100 Date: Thu Nov 3 15:59:04 2022 +0100

View File

@ -1,6 +1,6 @@
User-Visible OpenAFS Changes User-Visible OpenAFS Changes
OpenAFS 1.8.9 (in progress) OpenAFS 1.8.9
All platforms All platforms
@ -26,6 +26,12 @@ OpenAFS 1.8.9 (in progress)
unnecessary several second delays in some cases during database unnecessary several second delays in some cases during database
quorum processing (14815) quorum processing (14815)
* Detect invalid (negative) inputs to FetchData RPCs and reject them
early. The previous behavior only detected the error when actually
attempting to read from storage, which resulted in the volume being
taken offline since errors were assumed to originate from the
underlying storage (15224)
All UNIX/Linux client platforms All UNIX/Linux client platforms
* Do not perform DNS SRV/AFSDB record queries when running "fs * Do not perform DNS SRV/AFSDB record queries when running "fs

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:ef91e854eab4aa74268525954a41c2a2ad0a2eaf530eaa22bb9e4bf453b15939
size 3771797

View File

@ -0,0 +1 @@
1f59a2942007bac5c7a8b83360852e29 openafs-1.8.9-doc.tar.bz2

View File

@ -0,0 +1 @@
ef91e854eab4aa74268525954a41c2a2ad0a2eaf530eaa22bb9e4bf453b15939 openafs-1.8.9-doc.tar.bz2

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:d126178be1f42cca18cb7c0c2691ac354518e3790170150a76bbd25f4d151f06
size 14875192

View File

@ -0,0 +1 @@
b48ac2fdeffc2005b78e255c67ac43ba openafs-1.8.9-src.tar.bz2

View File

@ -0,0 +1 @@
d126178be1f42cca18cb7c0c2691ac354518e3790170150a76bbd25f4d151f06 openafs-1.8.9-src.tar.bz2

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:999f1fb5493df02359fecbe9e9f5cda580bacf3d333b7443112901d0b8732aac
size 3773538

View File

@ -1 +0,0 @@
34695fb15df9c7320960939dd586494f openafs-1.8.9pre2-doc.tar.bz2

View File

@ -1 +0,0 @@
999f1fb5493df02359fecbe9e9f5cda580bacf3d333b7443112901d0b8732aac openafs-1.8.9pre2-doc.tar.bz2

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:29006abf9c3163cdc17612bd2ea8ae951981bf1f7714b5c51fb73e0af0674ba3
size 14877698

View File

@ -1 +0,0 @@
1234973bfc9872d4d6f0b4d1998acdd3 openafs-1.8.9pre2-src.tar.bz2

View File

@ -1 +0,0 @@
29006abf9c3163cdc17612bd2ea8ae951981bf1f7714b5c51fb73e0af0674ba3 openafs-1.8.9pre2-src.tar.bz2

View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Wed Jan 4 08:14:39 UTC 2023 - Christof Hanke <christof.hanke@mpcdf.mpg.de>
- update to offical openafs-1.8.9
* all changes as openafs-1.8.9pre2
* fix possible DoS attack
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Dec 12 07:40:28 UTC 2022 - Christof Hanke <christof.hanke@mpcdf.mpg.de> Mon Dec 12 07:40:28 UTC 2022 - Christof Hanke <christof.hanke@mpcdf.mpg.de>

View File

@ -1,7 +1,7 @@
# #
# spec file for package openafs # spec file for package openafs
# #
# Copyright (c) 2022 SUSE LLC # Copyright (c) 2023 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -57,11 +57,11 @@
# used for %setup only # used for %setup only
# leave upstream tar-balls untouched for integrity checks. # leave upstream tar-balls untouched for integrity checks.
%define upstream_version 1.8.9pre2 %define upstream_version 1.8.9
Name: openafs Name: openafs
Version: 1.8.9~pre2 Version: 1.8.9
Release: 0 Release: 0
Summary: OpenAFS Distributed File System Summary: OpenAFS Distributed File System
License: IPL-1.0 License: IPL-1.0