rpm/openafs
SHA256
1
0
Fork 0
forked from pool/openafs
Code Pull Requests Activity

Accepting request 635326 from filesystems

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/635326
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openafs?expand=0&rev=7
This commit is contained in:
Yuchen Lin 2018-09-13 22:01:01 +00:00 committed by Git OBS Bridge
commit 6c8bc69187
18 changed files with 479 additions and 2729 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2992
ChangeLog
View File

File diff suppressed because it is too large Load Diff

69
RELNOTES-1.8.1
View File

@ -1,69 +0,0 @@
User-Visible OpenAFS Changes
OpenAFS 1.8.1
All Platforms
* Improve the usability and consistency of the public API: install missing
headers, and add additional symbols to the export list for shared libraries.
* Improved Rx abort generation: use the proper serial number for an existing
connection if possible, and 0 otherwise (to improve debugging).
* Assorted minor fixes in response to static analysis of the codebase.
* Fix memory-safety error in XDR decoding of enumerated types.
All Server Platforms
* Fix reference counting error that could cause an assertion failure
in some workloads.
* vldb_check -fix will no longer corrupt the vldb when multiple MH blocks are present.
* Assorted cleanups and efficiency improvements in the ubik implementation.
* Return a valid InlineBulkStatus response in error cases.
* The fileserver now rejects invalid partition names when attaching partitions.
All Client Platforms
* Fix volume callbacks (e.g., when running 'vos release').
* Treat failure to obtain a DSlot as a hard error for that cache partition,
avoiding a flood of "disk cache read error in CacheItems" log messages,
and reducing the chance of subsequent panic.
* Improve error messages for invalid values with -volume-ttl.
* Remove useless error message:
"find_preferred_connection: no connection and !create".
* Avoid passing NULL to a kernel memory deallocator, which is not guaranteed
to be safe on all systems.
Linux
* Add support for 64-bit ARM clients ("arm64").
* Fix panic when cache bypass is enabled.
* Improve cache manager behavior when unable to open cache files.
* Improvements to the RPM packaging.
* Detect out-of-memory when using kernel pages for writing.
Solaris
* Fix various issues in the build process for recent Solaris versions.
MacOS
* Fix clients on OS X 10.13.
FreeBSD / NetBSD / OpenBSD
* Fix panic triggered during periodic cleanup operations and shutdown.

34
RELNOTES-1.8.2 Normal file
View File

@ -0,0 +1,34 @@
User-Visible OpenAFS Changes
OpenAFS 1.8.2
All platforms
* Fix OPENAFS-SA-2018-002: information leakage in RPC output variables
Various RPC routines did not always initialize all output fields,
exposing memory contents to network attackers. The relevant RPCs include
an AFSCB_ RPC, so cache managers are affected as well as servers.
All server platforms
* Fix OPENAFS-SA-2018-003: denial of service due to excess resource consumption
Various RPCs were defined as allowing unbounded arrays as input, allowing
an unauthenticated attacker to cause excess memory allocation and tie up
network bandwidth by sending (or claiming to send) large input arrays.
* Fix OPENAFS-SA-2018-001: unauthenticated volume operations via butc
On systems using the in-tree backup system, the butc process was running
with administrative credentials, but accepted incoming RPCs over
unauthenticated connections; these incoming RPCs in turn triggered
outgoing RPCs using the administrative credentials. Unauthenticated
attackers could construct volue dumps containing arbitrary contents
and cause these dumps to be restored and overwrite arbitrary volume
contents; afterward, the backup database could be restored to its
initial state, hiding evidence of the unauthorized changes.
Running butc with -localauth now requires authenticated incoming
connections, and the backup utility makes authenticated connections to
the butc. Audit capabilities have been added to the butc RPC handlers.
Command-line arguments are provided to retain the (insecure) historical
behavior until all systems have been upgraded.

3
openafs-1.8.1-doc.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:1efe676124e253bbb8aed5c74ad89497daf9ced2fab3ec314e7f6da35b9bb775
size 3802825

1
openafs-1.8.1-doc.tar.bz2.md5
View File

@ -1 +0,0 @@
909b073bb280940c1c273676a2692e6a /home/kaduk/openafs/1.8.1/openafs-1.8.1-doc.tar.bz2

1
openafs-1.8.1-doc.tar.bz2.sha256
View File

@ -1 +0,0 @@
1efe676124e253bbb8aed5c74ad89497daf9ced2fab3ec314e7f6da35b9bb775 openafs-1.8.1-doc.tar.bz2

3
openafs-1.8.1-src.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:2f3c13710839510bca985deb6344aeeab72aff3c51b0269e578c7b4ccb8a5638
size 15115755

1
openafs-1.8.1-src.tar.bz2.md5
View File

@ -1 +0,0 @@
722ddf9e5a283271f53631c6648549f5 /home/kaduk/openafs/1.8.1/openafs-1.8.1-src.tar.bz2

1
openafs-1.8.1-src.tar.bz2.sha256
View File

@ -1 +0,0 @@
2f3c13710839510bca985deb6344aeeab72aff3c51b0269e578c7b4ccb8a5638 openafs-1.8.1-src.tar.bz2

3
openafs-1.8.2-doc.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:b9b6ae396952b888192bc3e70d11b13779f8af16965ea8a003cb5f98abb7c826
size 3801937

1
openafs-1.8.2-doc.tar.bz2.md5 Normal file
View File

@ -0,0 +1 @@
3661375b0925446416c09a97c605acbf /home/kaduk/openafs/1.8.2/openafs-1.8.2-doc.tar.bz2

1
openafs-1.8.2-doc.tar.bz2.sha256 Normal file
View File

@ -0,0 +1 @@
b9b6ae396952b888192bc3e70d11b13779f8af16965ea8a003cb5f98abb7c826 openafs-1.8.2-doc.tar.bz2

3
openafs-1.8.2-src.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:25fd3e4261a72a2cbdd40367e5f981895d80c32aaf309a5842aecc739dd3138e
size 15109003

1
openafs-1.8.2-src.tar.bz2.md5 Normal file
View File

@ -0,0 +1 @@
19f97a11b13e6da51a6dac56d1c42289 /home/kaduk/openafs/1.8.2/openafs-1.8.2-src.tar.bz2

1
openafs-1.8.2-src.tar.bz2.sha256 Normal file
View File

@ -0,0 +1 @@
25fd3e4261a72a2cbdd40367e5f981895d80c32aaf309a5842aecc739dd3138e openafs-1.8.2-src.tar.bz2

24
openafs.changes
View File

@ -1,3 +1,27 @@
-------------------------------------------------------------------
Wed Sep 12 12:37:15 UTC 2018 - Jan Engelhardt <jengelh@inai.de>
- Quote "*.c", and avoid unnecessary pass through xargs.
-------------------------------------------------------------------
Wed Sep 12 10:41:43 UTC 2018 - christof.hanke@mpcdf.mpg.de
- update to security-release 1.8.2
* fix CVE-2018-16947 (OPENAFS-SA-2018-001)
* fix CVE-2018-16948 (OPENAFS-SA-2018-002)
* fix CVE-2018-16949 (OPENAFS-SA-2018-003)
-------------------------------------------------------------------
Wed Sep 12 05:46:01 UTC 2018 - christof.hanke@mpcdf.mpg.de
- add retpoline support
-------------------------------------------------------------------
Sun Sep 9 08:14:26 UTC 2018 - christof.hanke@mpcdf.mpg.de
- update to version 1.8.1.1
- Remove use_timespec64_for_kernel_4.18.patch. It is now integrated.
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Aug 16 14:02:44 UTC 2018 - christof.hanke@mpcdf.mpg.de Thu Aug 16 14:02:44 UTC 2018 - christof.hanke@mpcdf.mpg.de

12
openafs.spec
View File

@ -56,11 +56,11 @@
# used for %setup only # used for %setup only
# leave upstream tar-balls untouched for integrity checks. # leave upstream tar-balls untouched for integrity checks.
%define upstream_version 1.8.1 %define upstream_version 1.8.2
Name: openafs Name: openafs
Version: 1.8.1 Version: 1.8.2
Release: 0 Release: 0
Summary: OpenAFS Distributed File System Summary: OpenAFS Distributed File System
License: IPL-1.0 License: IPL-1.0
@ -96,8 +96,6 @@ Source99: openafs.changes
Patch4: openafs-1.8.x.ncurses6.patch Patch4: openafs-1.8.x.ncurses6.patch
# PATCH-SUSE-SPECIFIC make KMP work again # PATCH-SUSE-SPECIFIC make KMP work again
Patch5: add_arch_to_linux_kernel_make.patch Patch5: add_arch_to_linux_kernel_make.patch
# PATCH-KERNEL-4.18-timespec64 Update to Linux struct iattr->ia_ctime to timespec64 with 4.18
Patch1: use_timespec64_for_kernel_4.18.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
# #
@ -306,7 +304,6 @@ done
%setup -q -n openafs-%{upstream_version} -T -b 0 -b 1 %setup -q -n openafs-%{upstream_version} -T -b 0 -b 1
%patch5 -p1 %patch5 -p1
%patch1 -p1
%if %{run_regen} %if %{run_regen}
%patch4 -p1 %patch4 -p1
@ -372,9 +369,12 @@ for flavor in %flavors_to_build; do
rm -rf obj/$flavor rm -rf obj/$flavor
cp -a libafs_tree obj/$flavor cp -a libafs_tree obj/$flavor
pushd obj/$flavor pushd obj/$flavor
find . -name "*.c" -exec sed -i '/MODULE_LICENSE(/a MODULE_INFO(retpoline, "Y");' "{}" "+"
./configure --with-linux-kernel-build=/usr/src/linux-obj/%{_target_cpu}/$flavor --with-linux-kernel-headers=/usr/src/linux \ ./configure --with-linux-kernel-build=/usr/src/linux-obj/%{_target_cpu}/$flavor --with-linux-kernel-headers=/usr/src/linux \
--disable-transarc-paths --disable-transarc-paths
export LINUX_MAKE_ARCH=%{?linux_make_arch} export EXTRA_CFLAGS='-DVERSION=\"%version\"'
export KCFLAGS='-mindirect-branch=thunk-inline -mindirect-branch-register'
export LINUX_MAKE_ARCH="ARCH=%{_arch}"
make make
popd popd
done done

57
use_timespec64_for_kernel_4.18.patch
View File

@ -1,57 +0,0 @@
--- openafs-1.8.1/./src/afs/LINUX/osi_file.c.orig 2018-08-16 14:41:44.505768721 +0200
+++ openafs-1.8.1/./src/afs/LINUX/osi_file.c 2018-08-16 14:42:27.422432188 +0200
@@ -23,7 +23,11 @@
#include "osi_compat.h"
#ifndef CURRENT_TIME
-#define CURRENT_TIME (current_kernel_time())
+# ifdef IATTR_TAKES_64BIT_TIME
+# define CURRENT_TIME (current_kernel_time64())
+# else
+# define CURRENT_TIME (current_kernel_time())
+# endif
#endif
int cache_fh_type = -1;
--- openafs-1.8.1/src/config/afsconfig.h.in.orig 2018-08-16 15:04:41.102698738 +0200
+++ openafs-1.8.1/src/config/afsconfig.h.in 2018-08-16 15:05:21.079300996 +0200
@@ -1023,6 +1023,9 @@
/* define if hlist iterators don't need a node parameter */
#undef HLIST_ITERATOR_NO_NODE
+/* define if struct iattr->ia_ctime takes struct timespec64 */
+#undef IATTR_TAKES_64BIT_TIME
+
/* define to disable some gcc warnings in warnings-as-errors mode */
#undef IGNORE_SOME_GCC_WARNINGS
--- openafs-1.8.1/src/cf/linux-test4.m4.orig 2018-07-28 23:17:32.000000000 +0200
+++ openafs-1.8.1/src/cf/linux-test4.m4 2018-08-16 15:08:39.378287300 +0200
@@ -183,6 +183,17 @@
[])
])
+AC_DEFUN([LINUX_IATTR_64BIT_TIME], [
+ AC_CHECK_LINUX_BUILD([whether struct iattr->ia_ctime takes struct timespec64 or 32-bit struct timespec],
+ [ac_cv_linux_func_iattr_ctime_takes_timespec64],
+ [#include <linux/fs.h>
+ #include <linux/timekeeping.h>],
+ [struct iattr _attrs;
+ _attrs.ia_ctime = current_kernel_time64();],
+ [IATTR_TAKES_64BIT_TIME],
+ [define if struct iattr->ia_ctime takes struct timespec64],
+ [])
+])
AC_DEFUN([LINUX_AOP_WRITEBACK_CONTROL], [
--- openafs-1.8.1/src/cf/linux-kernel-assorted.m4.orig 2018-08-16 15:24:18.672533975 +0200
+++ openafs-1.8.1/src/cf/linux-kernel-assorted.m4 2018-08-16 15:25:08.005280795 +0200
@@ -9,6 +9,7 @@
LINUX_D_PATH_TAKES_STRUCT_PATH
LINUX_NEW_EXPORT_OPS
LINUX_INODE_SETATTR_RETURN_TYPE
+LINUX_IATTR_64BIT_TIME
LINUX_IOP_I_CREATE_TAKES_NAMEIDATA
LINUX_IOP_I_LOOKUP_TAKES_NAMEIDATA
LINUX_IOP_I_PERMISSION_TAKES_FLAGS