forked from pool/openafs
Accepting request 635326 from filesystems
OBS-URL: https://build.opensuse.org/request/show/635326 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openafs?expand=0&rev=7
This commit is contained in:
Yuchen Lin
Git OBS Bridge
commit
6c8bc69187
@ -1,69 +0,0 @@
|
||||
User-Visible OpenAFS Changes
|
||||
|
||||
OpenAFS 1.8.1
|
||||
|
||||
All Platforms
|
||||
|
||||
* Improve the usability and consistency of the public API: install missing
|
||||
headers, and add additional symbols to the export list for shared libraries.
|
||||
|
||||
* Improved Rx abort generation: use the proper serial number for an existing
|
||||
connection if possible, and 0 otherwise (to improve debugging).
|
||||
|
||||
* Assorted minor fixes in response to static analysis of the codebase.
|
||||
|
||||
* Fix memory-safety error in XDR decoding of enumerated types.
|
||||
|
||||
All Server Platforms
|
||||
|
||||
* Fix reference counting error that could cause an assertion failure
|
||||
in some workloads.
|
||||
|
||||
* vldb_check -fix will no longer corrupt the vldb when multiple MH blocks are present.
|
||||
|
||||
* Assorted cleanups and efficiency improvements in the ubik implementation.
|
||||
|
||||
* Return a valid InlineBulkStatus response in error cases.
|
||||
|
||||
* The fileserver now rejects invalid partition names when attaching partitions.
|
||||
|
||||
All Client Platforms
|
||||
|
||||
* Fix volume callbacks (e.g., when running 'vos release').
|
||||
|
||||
* Treat failure to obtain a DSlot as a hard error for that cache partition,
|
||||
avoiding a flood of "disk cache read error in CacheItems" log messages,
|
||||
and reducing the chance of subsequent panic.
|
||||
|
||||
* Improve error messages for invalid values with -volume-ttl.
|
||||
|
||||
* Remove useless error message:
|
||||
"find_preferred_connection: no connection and !create".
|
||||
|
||||
* Avoid passing NULL to a kernel memory deallocator, which is not guaranteed
|
||||
to be safe on all systems.
|
||||
|
||||
Linux
|
||||
|
||||
* Add support for 64-bit ARM clients ("arm64").
|
||||
|
||||
* Fix panic when cache bypass is enabled.
|
||||
|
||||
* Improve cache manager behavior when unable to open cache files.
|
||||
|
||||
* Improvements to the RPM packaging.
|
||||
|
||||
* Detect out-of-memory when using kernel pages for writing.
|
||||
|
||||
Solaris
|
||||
|
||||
* Fix various issues in the build process for recent Solaris versions.
|
||||
|
||||
MacOS
|
||||
|
||||
* Fix clients on OS X 10.13.
|
||||
|
||||
FreeBSD / NetBSD / OpenBSD
|
||||
|
||||
* Fix panic triggered during periodic cleanup operations and shutdown.
|
||||
|
||||
34
RELNOTES-1.8.2
Normal file
34
RELNOTES-1.8.2
Normal file
@ -0,0 +1,34 @@
|
||||
User-Visible OpenAFS Changes
|
||||
|
||||
OpenAFS 1.8.2
|
||||
|
||||
All platforms
|
||||
|
||||
* Fix OPENAFS-SA-2018-002: information leakage in RPC output variables
|
||||
Various RPC routines did not always initialize all output fields,
|
||||
exposing memory contents to network attackers. The relevant RPCs include
|
||||
an AFSCB_ RPC, so cache managers are affected as well as servers.
|
||||
|
||||
All server platforms
|
||||
|
||||
* Fix OPENAFS-SA-2018-003: denial of service due to excess resource consumption
|
||||
Various RPCs were defined as allowing unbounded arrays as input, allowing
|
||||
an unauthenticated attacker to cause excess memory allocation and tie up
|
||||
network bandwidth by sending (or claiming to send) large input arrays.
|
||||
|
||||
* Fix OPENAFS-SA-2018-001: unauthenticated volume operations via butc
|
||||
On systems using the in-tree backup system, the butc process was running
|
||||
with administrative credentials, but accepted incoming RPCs over
|
||||
unauthenticated connections; these incoming RPCs in turn triggered
|
||||
outgoing RPCs using the administrative credentials. Unauthenticated
|
||||
attackers could construct volue dumps containing arbitrary contents
|
||||
and cause these dumps to be restored and overwrite arbitrary volume
|
||||
contents; afterward, the backup database could be restored to its
|
||||
initial state, hiding evidence of the unauthorized changes.
|
||||
|
||||
Running butc with -localauth now requires authenticated incoming
|
||||
connections, and the backup utility makes authenticated connections to
|
||||
the butc. Audit capabilities have been added to the butc RPC handlers.
|
||||
Command-line arguments are provided to retain the (insecure) historical
|
||||
behavior until all systems have been upgraded.
|
||||
|
||||
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:1efe676124e253bbb8aed5c74ad89497daf9ced2fab3ec314e7f6da35b9bb775
|
||||
size 3802825
|
||||
@ -1 +0,0 @@
|
||||
909b073bb280940c1c273676a2692e6a /home/kaduk/openafs/1.8.1/openafs-1.8.1-doc.tar.bz2
|
||||
@ -1 +0,0 @@
|
||||
1efe676124e253bbb8aed5c74ad89497daf9ced2fab3ec314e7f6da35b9bb775 openafs-1.8.1-doc.tar.bz2
|
||||
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:2f3c13710839510bca985deb6344aeeab72aff3c51b0269e578c7b4ccb8a5638
|
||||
size 15115755
|
||||
@ -1 +0,0 @@
|
||||
722ddf9e5a283271f53631c6648549f5 /home/kaduk/openafs/1.8.1/openafs-1.8.1-src.tar.bz2
|
||||
@ -1 +0,0 @@
|
||||
2f3c13710839510bca985deb6344aeeab72aff3c51b0269e578c7b4ccb8a5638 openafs-1.8.1-src.tar.bz2
|
||||
3
openafs-1.8.2-doc.tar.bz2
Normal file
3
openafs-1.8.2-doc.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:b9b6ae396952b888192bc3e70d11b13779f8af16965ea8a003cb5f98abb7c826
|
||||
size 3801937
|
||||
1
openafs-1.8.2-doc.tar.bz2.md5
Normal file
1
openafs-1.8.2-doc.tar.bz2.md5
Normal file
@ -0,0 +1 @@
|
||||
3661375b0925446416c09a97c605acbf /home/kaduk/openafs/1.8.2/openafs-1.8.2-doc.tar.bz2
|
||||
1
openafs-1.8.2-doc.tar.bz2.sha256
Normal file
1
openafs-1.8.2-doc.tar.bz2.sha256
Normal file
@ -0,0 +1 @@
|
||||
b9b6ae396952b888192bc3e70d11b13779f8af16965ea8a003cb5f98abb7c826 openafs-1.8.2-doc.tar.bz2
|
||||
3
openafs-1.8.2-src.tar.bz2
Normal file
3
openafs-1.8.2-src.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:25fd3e4261a72a2cbdd40367e5f981895d80c32aaf309a5842aecc739dd3138e
|
||||
size 15109003
|
||||
1
openafs-1.8.2-src.tar.bz2.md5
Normal file
1
openafs-1.8.2-src.tar.bz2.md5
Normal file
@ -0,0 +1 @@
|
||||
19f97a11b13e6da51a6dac56d1c42289 /home/kaduk/openafs/1.8.2/openafs-1.8.2-src.tar.bz2
|
||||
1
openafs-1.8.2-src.tar.bz2.sha256
Normal file
1
openafs-1.8.2-src.tar.bz2.sha256
Normal file
@ -0,0 +1 @@
|
||||
25fd3e4261a72a2cbdd40367e5f981895d80c32aaf309a5842aecc739dd3138e openafs-1.8.2-src.tar.bz2
|
||||
@ -1,3 +1,27 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Sep 12 12:37:15 UTC 2018 - Jan Engelhardt <jengelh@inai.de>
|
||||
|
||||
- Quote "*.c", and avoid unnecessary pass through xargs.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Sep 12 10:41:43 UTC 2018 - christof.hanke@mpcdf.mpg.de
|
||||
|
||||
- update to security-release 1.8.2
|
||||
* fix CVE-2018-16947 (OPENAFS-SA-2018-001)
|
||||
* fix CVE-2018-16948 (OPENAFS-SA-2018-002)
|
||||
* fix CVE-2018-16949 (OPENAFS-SA-2018-003)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Sep 12 05:46:01 UTC 2018 - christof.hanke@mpcdf.mpg.de
|
||||
|
||||
- add retpoline support
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sun Sep 9 08:14:26 UTC 2018 - christof.hanke@mpcdf.mpg.de
|
||||
|
||||
- update to version 1.8.1.1
|
||||
- Remove use_timespec64_for_kernel_4.18.patch. It is now integrated.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Aug 16 14:02:44 UTC 2018 - christof.hanke@mpcdf.mpg.de
|
||||
|
||||
|
||||
12
openafs.spec
12
openafs.spec
@ -56,11 +56,11 @@
|
||||
|
||||
# used for %setup only
|
||||
# leave upstream tar-balls untouched for integrity checks.
|
||||
%define upstream_version 1.8.1
|
||||
%define upstream_version 1.8.2
|
||||
|
||||
Name: openafs
|
||||
|
||||
Version: 1.8.1
|
||||
Version: 1.8.2
|
||||
Release: 0
|
||||
Summary: OpenAFS Distributed File System
|
||||
License: IPL-1.0
|
||||
@ -96,8 +96,6 @@ Source99: openafs.changes
|
||||
Patch4: openafs-1.8.x.ncurses6.patch
|
||||
# PATCH-SUSE-SPECIFIC make KMP work again
|
||||
Patch5: add_arch_to_linux_kernel_make.patch
|
||||
# PATCH-KERNEL-4.18-timespec64 Update to Linux struct iattr->ia_ctime to timespec64 with 4.18
|
||||
Patch1: use_timespec64_for_kernel_4.18.patch
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
|
||||
#
|
||||
@ -306,7 +304,6 @@ done
|
||||
|
||||
%setup -q -n openafs-%{upstream_version} -T -b 0 -b 1
|
||||
%patch5 -p1
|
||||
%patch1 -p1
|
||||
|
||||
%if %{run_regen}
|
||||
%patch4 -p1
|
||||
@ -372,9 +369,12 @@ for flavor in %flavors_to_build; do
|
||||
rm -rf obj/$flavor
|
||||
cp -a libafs_tree obj/$flavor
|
||||
pushd obj/$flavor
|
||||
find . -name "*.c" -exec sed -i '/MODULE_LICENSE(/a MODULE_INFO(retpoline, "Y");' "{}" "+"
|
||||
./configure --with-linux-kernel-build=/usr/src/linux-obj/%{_target_cpu}/$flavor --with-linux-kernel-headers=/usr/src/linux \
|
||||
--disable-transarc-paths
|
||||
export LINUX_MAKE_ARCH=%{?linux_make_arch}
|
||||
export EXTRA_CFLAGS='-DVERSION=\"%version\"'
|
||||
export KCFLAGS='-mindirect-branch=thunk-inline -mindirect-branch-register'
|
||||
export LINUX_MAKE_ARCH="ARCH=%{_arch}"
|
||||
make
|
||||
popd
|
||||
done
|
||||
|
||||
@ -1,57 +0,0 @@
|
||||
--- openafs-1.8.1/./src/afs/LINUX/osi_file.c.orig 2018-08-16 14:41:44.505768721 +0200
|
||||
+++ openafs-1.8.1/./src/afs/LINUX/osi_file.c 2018-08-16 14:42:27.422432188 +0200
|
||||
@@ -23,7 +23,11 @@
|
||||
#include "osi_compat.h"
|
||||
|
||||
#ifndef CURRENT_TIME
|
||||
-#define CURRENT_TIME (current_kernel_time())
|
||||
+# ifdef IATTR_TAKES_64BIT_TIME
|
||||
+# define CURRENT_TIME (current_kernel_time64())
|
||||
+# else
|
||||
+# define CURRENT_TIME (current_kernel_time())
|
||||
+# endif
|
||||
#endif
|
||||
|
||||
int cache_fh_type = -1;
|
||||
--- openafs-1.8.1/src/config/afsconfig.h.in.orig 2018-08-16 15:04:41.102698738 +0200
|
||||
+++ openafs-1.8.1/src/config/afsconfig.h.in 2018-08-16 15:05:21.079300996 +0200
|
||||
@@ -1023,6 +1023,9 @@
|
||||
/* define if hlist iterators don't need a node parameter */
|
||||
#undef HLIST_ITERATOR_NO_NODE
|
||||
|
||||
+/* define if struct iattr->ia_ctime takes struct timespec64 */
|
||||
+#undef IATTR_TAKES_64BIT_TIME
|
||||
+
|
||||
/* define to disable some gcc warnings in warnings-as-errors mode */
|
||||
#undef IGNORE_SOME_GCC_WARNINGS
|
||||
|
||||
--- openafs-1.8.1/src/cf/linux-test4.m4.orig 2018-07-28 23:17:32.000000000 +0200
|
||||
+++ openafs-1.8.1/src/cf/linux-test4.m4 2018-08-16 15:08:39.378287300 +0200
|
||||
@@ -183,6 +183,17 @@
|
||||
[])
|
||||
])
|
||||
|
||||
+AC_DEFUN([LINUX_IATTR_64BIT_TIME], [
|
||||
+ AC_CHECK_LINUX_BUILD([whether struct iattr->ia_ctime takes struct timespec64 or 32-bit struct timespec],
|
||||
+ [ac_cv_linux_func_iattr_ctime_takes_timespec64],
|
||||
+ [#include <linux/fs.h>
|
||||
+ #include <linux/timekeeping.h>],
|
||||
+ [struct iattr _attrs;
|
||||
+ _attrs.ia_ctime = current_kernel_time64();],
|
||||
+ [IATTR_TAKES_64BIT_TIME],
|
||||
+ [define if struct iattr->ia_ctime takes struct timespec64],
|
||||
+ [])
|
||||
+])
|
||||
|
||||
|
||||
AC_DEFUN([LINUX_AOP_WRITEBACK_CONTROL], [
|
||||
--- openafs-1.8.1/src/cf/linux-kernel-assorted.m4.orig 2018-08-16 15:24:18.672533975 +0200
|
||||
+++ openafs-1.8.1/src/cf/linux-kernel-assorted.m4 2018-08-16 15:25:08.005280795 +0200
|
||||
@@ -9,6 +9,7 @@
|
||||
LINUX_D_PATH_TAKES_STRUCT_PATH
|
||||
LINUX_NEW_EXPORT_OPS
|
||||
LINUX_INODE_SETATTR_RETURN_TYPE
|
||||
+LINUX_IATTR_64BIT_TIME
|
||||
LINUX_IOP_I_CREATE_TAKES_NAMEIDATA
|
||||
LINUX_IOP_I_LOOKUP_TAKES_NAMEIDATA
|
||||
LINUX_IOP_I_PERMISSION_TAKES_FLAGS
|
||||
Loading…
x
Reference in New Issue
Block a user