Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package openafs for openSUSE:Factory checked in at 2023-01-04 17:52:58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openafs (Old) and /work/SRC/openSUSE:Factory/.openafs.new.1563 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openafs" Wed Jan 4 17:52:58 2023 rev:38 rq:1047127 version:1.8.9 Changes: -------- --- /work/SRC/openSUSE:Factory/openafs/openafs.changes 2022-12-13 18:55:24.083182153 +0100 +++ /work/SRC/openSUSE:Factory/.openafs.new.1563/openafs.changes 2023-01-04 17:53:09.910380518 +0100 @@ -1,0 +2,7 @@ +Wed Jan 4 08:14:39 UTC 2023 - Christof Hanke <christof.ha...@mpcdf.mpg.de> + +- update to offical openafs-1.8.9 + * all changes as openafs-1.8.9pre2 + * fix possible DoS attack + +------------------------------------------------------------------- Old: ---- RELNOTES-1.8.9pre2 openafs-1.8.9pre2-doc.tar.bz2 openafs-1.8.9pre2-doc.tar.bz2.md5 openafs-1.8.9pre2-doc.tar.bz2.sha256 openafs-1.8.9pre2-src.tar.bz2 openafs-1.8.9pre2-src.tar.bz2.md5 openafs-1.8.9pre2-src.tar.bz2.sha256 New: ---- RELNOTES-1.8.9 openafs-1.8.9-doc.tar.bz2 openafs-1.8.9-doc.tar.bz2.md5 openafs-1.8.9-doc.tar.bz2.sha256 openafs-1.8.9-src.tar.bz2 openafs-1.8.9-src.tar.bz2.md5 openafs-1.8.9-src.tar.bz2.sha256 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openafs.spec ++++++ --- /var/tmp/diff_new_pack.LFGTbm/_old 2023-01-04 17:53:10.866386153 +0100 +++ /var/tmp/diff_new_pack.LFGTbm/_new 2023-01-04 17:53:10.870386176 +0100 @@ -1,7 +1,7 @@ # # spec file for package openafs # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -57,11 +57,11 @@ # used for %setup only # leave upstream tar-balls untouched for integrity checks. -%define upstream_version 1.8.9pre2 +%define upstream_version 1.8.9 Name: openafs -Version: 1.8.9~pre2 +Version: 1.8.9 Release: 0 Summary: OpenAFS Distributed File System License: IPL-1.0 ++++++ ChangeLog ++++++ --- /var/tmp/diff_new_pack.LFGTbm/_old 2023-01-04 17:53:10.914386435 +0100 +++ /var/tmp/diff_new_pack.LFGTbm/_new 2023-01-04 17:53:10.918386458 +0100 @@ -1,3 +1,76 @@ +commit 6cb9320825c3617abcb48e7fbd9d0d64f0c2f65b +Author: Stephan Wiesand <stephan.wies...@desy.de> +Date: Thu Dec 8 18:49:41 2022 +0100 + + Make OpenAFS 1.8.9 + + Update version strings for the 1.8.9 release, and add the + finishing touch to NEWS. + + Change-Id: I8185cc177c1150d29d802df522e3b161dac7d75e + Reviewed-on: https://gerrit.openafs.org/15215 + Reviewed-by: Michael Meffie <mmef...@sinenomine.net> + Reviewed-by: Cheyenne Wills <cwi...@sinenomine.net> + Tested-by: BuildBot <build...@rampaginggeek.com> + Reviewed-by: Stephan Wiesand <stephan.wies...@desy.de> + +commit 0ad4c50f91c2d322688981b97aa05ba471b848c1 +Author: Benjamin Kaduk <ka...@mit.edu> +Date: Fri Oct 8 20:11:19 2021 -0700 + + viced: cope with signed length/position in FetchData + + For legacy reasons, the "Pos" (initial position) and "Len" (length) + inputs to the RXAFS_FetchData and RXAFS_FetchData64 RPCs are represented + as signed integers (the corresponding StoreData RPCs use unsigned values). + + The use of signed values allows for the possibility of negative inputs, + and of signed integer overflow (undefined behavior in C), though the latter + is unlikely to arise naturally given that the implementation uses a + common backend with 64-bit values. + + In particular, if a negative "Pos" value is supplied, we end up in + FetchData_RXStyle() that performs either FDH_PREAD() or FDH_PREADV() + with the negative value as the position from which to read, which is + an error. The error handling for those calls treats any error as + indicative of a problem with the volume or its underlying storage, + and takes the volume offline for salvage. Furthermore, after the + maximum number of automatic salvages the volume is left offline for + administrator action. This presents a simple route for + (unauthenticated) denial of service, as root.cell.readonly must be + available to all users of the cell, and can be brought offline in this + way; rendering root.cell.readonly unavailable would bring essentially + all access to the cell to a halt. (Other volumes could be targeted as + well, subject to their corresponding ACLs.) + + Since there is no valid use for a negative position or length input, + reject them outright from the common_FetchData64() implementation. + Also check for whether the combination requests a read that would + overflow a signed integer and reject that as well. + + Thanks to Jeffrey Altman and Chaskiel Grundman for collaborating on + this change. + + FIXES 135263 + + Reviewed-on: https://gerrit.openafs.org/15223 + Reviewed-by: Stephan Wiesand <stephan.wies...@desy.de> + Reviewed-by: Mark Vitale <mvit...@sinenomine.net> + Reviewed-by: Michael Meffie <mmef...@sinenomine.net> + Reviewed-by: Cheyenne Wills <cwi...@sinenomine.net> + Tested-by: Mark Vitale <mvit...@sinenomine.net> + Reviewed-by: Jeffrey Altman <jalt...@auristor.com> + Reviewed-by: Benjamin Kaduk <ka...@mit.edu> + (cherry picked from commit 1fbbcbee0183aa7855c0e5d9d38aa89af75902db) + + Change-Id: I1d634918789dddd5500ab50a0b508c142d83dc84 + Reviewed-on: https://gerrit.openafs.org/15224 + Reviewed-by: Cheyenne Wills <cwi...@sinenomine.net> + Reviewed-by: Michael Meffie <mmef...@sinenomine.net> + Tested-by: BuildBot <build...@rampaginggeek.com> + Reviewed-by: Stephan Wiesand <stephan.wies...@desy.de> + Reviewed-by: Benjamin Kaduk <ka...@mit.edu> + commit f812d1125f785df05bf1028f665d22c608006bae Author: Stephan Wiesand <stephan.wies...@desy.de> Date: Thu Nov 3 15:59:04 2022 +0100 ++++++ RELNOTES-1.8.9pre2 -> RELNOTES-1.8.9 ++++++ --- /work/SRC/openSUSE:Factory/openafs/RELNOTES-1.8.9pre2 2022-12-13 18:55:23.655179869 +0100 +++ /work/SRC/openSUSE:Factory/.openafs.new.1563/RELNOTES-1.8.9 2023-01-04 17:53:09.674379126 +0100 @@ -1,6 +1,6 @@ User-Visible OpenAFS Changes -OpenAFS 1.8.9 (in progress) +OpenAFS 1.8.9 All platforms @@ -26,6 +26,12 @@ unnecessary several second delays in some cases during database quorum processing (14815) + * Detect invalid (negative) inputs to FetchData RPCs and reject them + early. The previous behavior only detected the error when actually + attempting to read from storage, which resulted in the volume being + taken offline since errors were assumed to originate from the + underlying storage (15224) + All UNIX/Linux client platforms * Do not perform DNS SRV/AFSDB record queries when running "fs ++++++ openafs-1.8.9pre2-doc.tar.bz2 -> openafs-1.8.9-doc.tar.bz2 ++++++ ++++ 4224 lines of diff (skipped) ++++++ openafs-1.8.9pre2-doc.tar.bz2.md5 -> openafs-1.8.9-doc.tar.bz2.md5 ++++++ --- /work/SRC/openSUSE:Factory/openafs/openafs-1.8.9pre2-doc.tar.bz2.md5 2022-12-13 18:55:23.771180488 +0100 +++ /work/SRC/openSUSE:Factory/.openafs.new.1563/openafs-1.8.9-doc.tar.bz2.md5 2023-01-04 17:53:09.730379457 +0100 @@ -1 +1 @@ -34695fb15df9c7320960939dd586494f openafs-1.8.9pre2-doc.tar.bz2 +1f59a2942007bac5c7a8b83360852e29 openafs-1.8.9-doc.tar.bz2 ++++++ openafs-1.8.9pre2-doc.tar.bz2.sha256 -> openafs-1.8.9-doc.tar.bz2.sha256 ++++++ --- /work/SRC/openSUSE:Factory/openafs/openafs-1.8.9pre2-doc.tar.bz2.sha256 2022-12-13 18:55:23.779180531 +0100 +++ /work/SRC/openSUSE:Factory/.openafs.new.1563/openafs-1.8.9-doc.tar.bz2.sha256 2023-01-04 17:53:09.738379504 +0100 @@ -1 +1 @@ -999f1fb5493df02359fecbe9e9f5cda580bacf3d333b7443112901d0b8732aac openafs-1.8.9pre2-doc.tar.bz2 +ef91e854eab4aa74268525954a41c2a2ad0a2eaf530eaa22bb9e4bf453b15939 openafs-1.8.9-doc.tar.bz2 ++++++ openafs-1.8.9pre2-src.tar.bz2 -> openafs-1.8.9-src.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/openafs/openafs-1.8.9pre2-src.tar.bz2 /work/SRC/openSUSE:Factory/.openafs.new.1563/openafs-1.8.9-src.tar.bz2 differ: char 11, line 1 ++++++ openafs-1.8.9pre2-src.tar.bz2.md5 -> openafs-1.8.9-src.tar.bz2.md5 ++++++ --- /work/SRC/openSUSE:Factory/openafs/openafs-1.8.9pre2-src.tar.bz2.md5 2022-12-13 18:55:23.979181598 +0100 +++ /work/SRC/openSUSE:Factory/.openafs.new.1563/openafs-1.8.9-src.tar.bz2.md5 2023-01-04 17:53:09.890380399 +0100 @@ -1 +1 @@ -1234973bfc9872d4d6f0b4d1998acdd3 openafs-1.8.9pre2-src.tar.bz2 +b48ac2fdeffc2005b78e255c67ac43ba openafs-1.8.9-src.tar.bz2 ++++++ openafs-1.8.9pre2-src.tar.bz2.sha256 -> openafs-1.8.9-src.tar.bz2.sha256 ++++++ --- /work/SRC/openSUSE:Factory/openafs/openafs-1.8.9pre2-src.tar.bz2.sha256 2022-12-13 18:55:23.995181683 +0100 +++ /work/SRC/openSUSE:Factory/.openafs.new.1563/openafs-1.8.9-src.tar.bz2.sha256 2023-01-04 17:53:09.902380471 +0100 @@ -1 +1 @@ -29006abf9c3163cdc17612bd2ea8ae951981bf1f7714b5c51fb73e0af0674ba3 openafs-1.8.9pre2-src.tar.bz2 +d126178be1f42cca18cb7c0c2691ac354518e3790170150a76bbd25f4d151f06 openafs-1.8.9-src.tar.bz2
