Hi Ken, We have a version called 1.8.6-5 in Debian that contains the same fixes in 1.8.7. The reason the version is different is because I uploaded the debian version before the official 1.8.7 tarball/release was available, in order to get the fixes out faster.
-Ben On Thu, Jan 21, 2021 at 02:34:57PM -0600, Ken Aaker wrote: > From main ignorance, I stumbled about for a week or so. But, I've > finally got my cell running again. I managed that by finding and > installing the 1.8.7 rpm build off the OpenSuSE build servers, and > fumbling my way through the re-keying process. Now, I've got 4 Debian > 10 (buster) VMs that need the same update, and I can't find it? Any > leads? The latest version I have been able to find at Debian is 1.8.6.5? > 2 of the VMs are "Fileservers" and 2 are build systems. > > Regards, > > Ken Aaker > > On 1/14/21 5:40 PM, Benjamin Kaduk wrote: > > The OpenAFS Guardians are happy to announce the availability of OpenAFS > > 1.8.7. > > Source files can be accessed via the web at: > > > > https://www.openafs.org/release/openafs-1.8.7.html > > > > or via AFS at: > > > > UNIX: /afs/grand.central.org/software/openafs/1.8.7/ > > UNC: \\afs\grand.central.org\software\openafs\1.8.7\ > > > > This release fixes a critical issue with the generation of Rx connection IDs > > (CIDs) for Rx clients started after 14 Jan 2021 08:25:36 AM UTC (Unix epoch > > time 0x60000000). Unpatched systems will always use the fixed value of > > 0x80000002 as the CID, which causes connections to fail for multiple > > reasons. > > Client commands such as `vos examine` will time out if run after that > > time, cache managers started after that time will be unable to access files, > > fileservers started after that time will be unable to access the Ubik > > databases, > > and database servers started after that time will be unable to participate > > in a quorum or Ubik elections. In particular, fileservers that restart, > > including due to a scheduled weekly restart, will not be able to register > > with the volume location service or verify group membership with the > > protection service. > > > > The fix causes the initial CID to be randomly generated (without dependence > > on the current time) and removes the faulty logic intended to detect signed > > integer overflow (which is not needed since the field in question is now > > an unsigned integer). > > > > Thanks to Jeffrey Altman of Auristor Inc. for tracking down the key issue. > > > > Bug reports should be filed to openafs-b...@openafs.org. > > > > Benjamin Kaduk > > for the OpenAFS Guardians > > > _______________________________________________ > OpenAFS-devel mailing list > OpenAFS-devel@openafs.org > https://lists.openafs.org/mailman/listinfo/openafs-devel _______________________________________________ OpenAFS-devel mailing list OpenAFS-devel@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-devel
