Hello community, here is the log from the commit of package openafs for openSUSE:Factory checked in at 2018-09-14 00:01:01 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openafs (Old) and /work/SRC/openSUSE:Factory/.openafs.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openafs" Fri Sep 14 00:01:01 2018 rev:7 rq:635326 version:1.8.2 Changes: -------- --- /work/SRC/openSUSE:Factory/openafs/openafs.changes 2018-08-20 16:19:57.924868606 +0200 +++ /work/SRC/openSUSE:Factory/.openafs.new/openafs.changes 2018-09-14 00:01:06.525966668 +0200 @@ -1,0 +2,24 @@ +Wed Sep 12 12:37:15 UTC 2018 - Jan Engelhardt <[email protected]> + +- Quote "*.c", and avoid unnecessary pass through xargs. + +------------------------------------------------------------------- +Wed Sep 12 10:41:43 UTC 2018 - [email protected] + +- update to security-release 1.8.2 + * fix CVE-2018-16947 (OPENAFS-SA-2018-001) + * fix CVE-2018-16948 (OPENAFS-SA-2018-002) + * fix CVE-2018-16949 (OPENAFS-SA-2018-003) + +------------------------------------------------------------------- +Wed Sep 12 05:46:01 UTC 2018 - [email protected] + +- add retpoline support + +------------------------------------------------------------------- +Sun Sep 9 08:14:26 UTC 2018 - [email protected] + +- update to version 1.8.1.1 +- Remove use_timespec64_for_kernel_4.18.patch. It is now integrated. + +------------------------------------------------------------------- Old: ---- RELNOTES-1.8.1 openafs-1.8.1-doc.tar.bz2 openafs-1.8.1-doc.tar.bz2.md5 openafs-1.8.1-doc.tar.bz2.sha256 openafs-1.8.1-src.tar.bz2 openafs-1.8.1-src.tar.bz2.md5 openafs-1.8.1-src.tar.bz2.sha256 use_timespec64_for_kernel_4.18.patch New: ---- RELNOTES-1.8.2 openafs-1.8.2-doc.tar.bz2 openafs-1.8.2-doc.tar.bz2.md5 openafs-1.8.2-doc.tar.bz2.sha256 openafs-1.8.2-src.tar.bz2 openafs-1.8.2-src.tar.bz2.md5 openafs-1.8.2-src.tar.bz2.sha256 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openafs.spec ++++++ --- /var/tmp/diff_new_pack.12LRv8/_old 2018-09-14 00:01:07.801965694 +0200 +++ /var/tmp/diff_new_pack.12LRv8/_new 2018-09-14 00:01:07.825965675 +0200 @@ -56,11 +56,11 @@ # used for %setup only # leave upstream tar-balls untouched for integrity checks. -%define upstream_version 1.8.1 +%define upstream_version 1.8.2 Name: openafs -Version: 1.8.1 +Version: 1.8.2 Release: 0 Summary: OpenAFS Distributed File System License: IPL-1.0 @@ -96,8 +96,6 @@ Patch4: openafs-1.8.x.ncurses6.patch # PATCH-SUSE-SPECIFIC make KMP work again Patch5: add_arch_to_linux_kernel_make.patch -# PATCH-KERNEL-4.18-timespec64 Update to Linux struct iattr->ia_ctime to timespec64 with 4.18 -Patch1: use_timespec64_for_kernel_4.18.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build # @@ -306,7 +304,6 @@ %setup -q -n openafs-%{upstream_version} -T -b 0 -b 1 %patch5 -p1 -%patch1 -p1 %if %{run_regen} %patch4 -p1 @@ -372,9 +369,12 @@ rm -rf obj/$flavor cp -a libafs_tree obj/$flavor pushd obj/$flavor + find . -name "*.c" -exec sed -i '/MODULE_LICENSE(/a MODULE_INFO(retpoline, "Y");' "{}" "+" ./configure --with-linux-kernel-build=/usr/src/linux-obj/%{_target_cpu}/$flavor --with-linux-kernel-headers=/usr/src/linux \ --disable-transarc-paths - export LINUX_MAKE_ARCH=%{?linux_make_arch} + export EXTRA_CFLAGS='-DVERSION=\"%version\"' + export KCFLAGS='-mindirect-branch=thunk-inline -mindirect-branch-register' + export LINUX_MAKE_ARCH="ARCH=%{_arch}" make popd done ++++++ ChangeLog ++++++ ++++ 3133 lines (skipped) ++++ between /work/SRC/openSUSE:Factory/openafs/ChangeLog ++++ and /work/SRC/openSUSE:Factory/.openafs.new/ChangeLog ++++++ RELNOTES-1.8.1 -> RELNOTES-1.8.2 ++++++ --- /work/SRC/openSUSE:Factory/openafs/RELNOTES-1.8.1 2018-08-20 16:19:55.544865245 +0200 +++ /work/SRC/openSUSE:Factory/.openafs.new/RELNOTES-1.8.2 2018-09-14 00:01:05.345967569 +0200 @@ -1,69 +1,34 @@ User-Visible OpenAFS Changes -OpenAFS 1.8.1 +OpenAFS 1.8.2 - All Platforms + All platforms - * Improve the usability and consistency of the public API: install missing - headers, and add additional symbols to the export list for shared libraries. - - * Improved Rx abort generation: use the proper serial number for an existing - connection if possible, and 0 otherwise (to improve debugging). - - * Assorted minor fixes in response to static analysis of the codebase. - - * Fix memory-safety error in XDR decoding of enumerated types. - - All Server Platforms - - * Fix reference counting error that could cause an assertion failure - in some workloads. - - * vldb_check -fix will no longer corrupt the vldb when multiple MH blocks are present. - - * Assorted cleanups and efficiency improvements in the ubik implementation. - - * Return a valid InlineBulkStatus response in error cases. - - * The fileserver now rejects invalid partition names when attaching partitions. - - All Client Platforms - - * Fix volume callbacks (e.g., when running 'vos release'). - - * Treat failure to obtain a DSlot as a hard error for that cache partition, - avoiding a flood of "disk cache read error in CacheItems" log messages, - and reducing the chance of subsequent panic. - - * Improve error messages for invalid values with -volume-ttl. - - * Remove useless error message: - "find_preferred_connection: no connection and !create". - - * Avoid passing NULL to a kernel memory deallocator, which is not guaranteed - to be safe on all systems. - - Linux - - * Add support for 64-bit ARM clients ("arm64"). - - * Fix panic when cache bypass is enabled. - - * Improve cache manager behavior when unable to open cache files. - - * Improvements to the RPM packaging. - - * Detect out-of-memory when using kernel pages for writing. - - Solaris - - * Fix various issues in the build process for recent Solaris versions. - - MacOS - - * Fix clients on OS X 10.13. - - FreeBSD / NetBSD / OpenBSD - - * Fix panic triggered during periodic cleanup operations and shutdown. + * Fix OPENAFS-SA-2018-002: information leakage in RPC output variables + Various RPC routines did not always initialize all output fields, + exposing memory contents to network attackers. The relevant RPCs include + an AFSCB_ RPC, so cache managers are affected as well as servers. + + All server platforms + + * Fix OPENAFS-SA-2018-003: denial of service due to excess resource consumption + Various RPCs were defined as allowing unbounded arrays as input, allowing + an unauthenticated attacker to cause excess memory allocation and tie up + network bandwidth by sending (or claiming to send) large input arrays. + + * Fix OPENAFS-SA-2018-001: unauthenticated volume operations via butc + On systems using the in-tree backup system, the butc process was running + with administrative credentials, but accepted incoming RPCs over + unauthenticated connections; these incoming RPCs in turn triggered + outgoing RPCs using the administrative credentials. Unauthenticated + attackers could construct volue dumps containing arbitrary contents + and cause these dumps to be restored and overwrite arbitrary volume + contents; afterward, the backup database could be restored to its + initial state, hiding evidence of the unauthorized changes. + + Running butc with -localauth now requires authenticated incoming + connections, and the backup utility makes authenticated connections to + the butc. Audit capabilities have been added to the butc RPC handlers. + Command-line arguments are provided to retain the (insecure) historical + behavior until all systems have been upgraded. ++++++ openafs-1.8.1-doc.tar.bz2 -> openafs-1.8.2-doc.tar.bz2 ++++++ ++++ 4358 lines of diff (skipped) ++++++ openafs-1.8.1-doc.tar.bz2.md5 -> openafs-1.8.2-doc.tar.bz2.md5 ++++++ --- /work/SRC/openSUSE:Factory/openafs/openafs-1.8.1-doc.tar.bz2.md5 2018-08-20 16:19:56.240866228 +0200 +++ /work/SRC/openSUSE:Factory/.openafs.new/openafs-1.8.2-doc.tar.bz2.md5 2018-09-14 00:01:06.197966918 +0200 @@ -1 +1 @@ -909b073bb280940c1c273676a2692e6a /home/kaduk/openafs/1.8.1/openafs-1.8.1-doc.tar.bz2 +3661375b0925446416c09a97c605acbf /home/kaduk/openafs/1.8.2/openafs-1.8.2-doc.tar.bz2 ++++++ openafs-1.8.1-doc.tar.bz2.sha256 -> openafs-1.8.2-doc.tar.bz2.sha256 ++++++ --- /work/SRC/openSUSE:Factory/openafs/openafs-1.8.1-doc.tar.bz2.sha256 2018-08-20 16:19:56.268866267 +0200 +++ /work/SRC/openSUSE:Factory/.openafs.new/openafs-1.8.2-doc.tar.bz2.sha256 2018-09-14 00:01:06.209966909 +0200 @@ -1 +1 @@ -1efe676124e253bbb8aed5c74ad89497daf9ced2fab3ec314e7f6da35b9bb775 openafs-1.8.1-doc.tar.bz2 +b9b6ae396952b888192bc3e70d11b13779f8af16965ea8a003cb5f98abb7c826 openafs-1.8.2-doc.tar.bz2 ++++++ openafs-1.8.1-src.tar.bz2 -> openafs-1.8.2-src.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/openafs/openafs-1.8.1-src.tar.bz2 /work/SRC/openSUSE:Factory/.openafs.new/openafs-1.8.2-src.tar.bz2 differ: char 11, line 1 ++++++ openafs-1.8.1-src.tar.bz2.md5 -> openafs-1.8.2-src.tar.bz2.md5 ++++++ --- /work/SRC/openSUSE:Factory/openafs/openafs-1.8.1-src.tar.bz2.md5 2018-08-20 16:19:57.892868560 +0200 +++ /work/SRC/openSUSE:Factory/.openafs.new/openafs-1.8.2-src.tar.bz2.md5 2018-09-14 00:01:06.501966686 +0200 @@ -1 +1 @@ -722ddf9e5a283271f53631c6648549f5 /home/kaduk/openafs/1.8.1/openafs-1.8.1-src.tar.bz2 +19f97a11b13e6da51a6dac56d1c42289 /home/kaduk/openafs/1.8.2/openafs-1.8.2-src.tar.bz2 ++++++ openafs-1.8.1-src.tar.bz2.sha256 -> openafs-1.8.2-src.tar.bz2.sha256 ++++++ --- /work/SRC/openSUSE:Factory/openafs/openafs-1.8.1-src.tar.bz2.sha256 2018-08-20 16:19:57.908868583 +0200 +++ /work/SRC/openSUSE:Factory/.openafs.new/openafs-1.8.2-src.tar.bz2.sha256 2018-09-14 00:01:06.509966680 +0200 @@ -1 +1 @@ -2f3c13710839510bca985deb6344aeeab72aff3c51b0269e578c7b4ccb8a5638 openafs-1.8.1-src.tar.bz2 +25fd3e4261a72a2cbdd40367e5f981895d80c32aaf309a5842aecc739dd3138e openafs-1.8.2-src.tar.bz2
