Hello community, here is the log from the commit of package openafs for openSUSE:Factory checked in at 2019-10-24 23:10:51 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openafs (Old) and /work/SRC/openSUSE:Factory/.openafs.new.2990 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openafs" Thu Oct 24 23:10:51 2019 rev:15 rq:742532 version:1.8.5 Changes: -------- --- /work/SRC/openSUSE:Factory/openafs/openafs.changes 2019-10-11 15:17:24.284089149 +0200 +++ /work/SRC/openSUSE:Factory/.openafs.new.2990/openafs.changes 2019-10-24 23:10:55.396645470 +0200 @@ -1,0 +2,8 @@ +Wed Oct 23 13:48:04 UTC 2019 - Christof Hanke <[email protected]> + +- update to security-release 1.8.5, adresses: + * OPENAFS-SA-2019-001: Skip server OUT args on error + * OPENAFS-SA-2019-002: Zero all server RPC args + * OPENAFS-SA-2019-003: ubik: Avoid unlocked ubik_currentTrans deref + +------------------------------------------------------------------- Old: ---- RELNOTES-1.8.4 openafs-1.8.4-doc.tar.bz2 openafs-1.8.4-doc.tar.bz2.md5 openafs-1.8.4-doc.tar.bz2.sha256 openafs-1.8.4-src.tar.bz2 openafs-1.8.4-src.tar.bz2.md5 openafs-1.8.4-src.tar.bz2.sha256 New: ---- RELNOTES-1.8.5 openafs-1.8.5-doc.tar.bz2 openafs-1.8.5-doc.tar.bz2.md5 openafs-1.8.5-doc.tar.bz2.sha256 openafs-1.8.5-src.tar.bz2 openafs-1.8.5-src.tar.bz2.md5 openafs-1.8.5-src.tar.bz2.sha256 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openafs.spec ++++++ --- /var/tmp/diff_new_pack.Hz69CM/_old 2019-10-24 23:10:58.652649270 +0200 +++ /var/tmp/diff_new_pack.Hz69CM/_new 2019-10-24 23:10:58.696649321 +0200 @@ -57,11 +57,11 @@ # used for %setup only # leave upstream tar-balls untouched for integrity checks. -%define upstream_version 1.8.4 +%define upstream_version 1.8.5 Name: openafs -Version: 1.8.4 +Version: 1.8.5 Release: 0 Summary: OpenAFS Distributed File System License: IPL-1.0 ++++++ ChangeLog ++++++ ++++ 1937 lines (skipped) ++++ between /work/SRC/openSUSE:Factory/openafs/ChangeLog ++++ and /work/SRC/openSUSE:Factory/.openafs.new.2990/ChangeLog ++++++ RELNOTES-1.8.4 -> RELNOTES-1.8.5 ++++++ --- /work/SRC/openSUSE:Factory/openafs/RELNOTES-1.8.4 2019-10-11 15:17:10.152127998 +0200 +++ /work/SRC/openSUSE:Factory/.openafs.new.2990/RELNOTES-1.8.5 2019-10-24 23:10:53.212642921 +0200 @@ -1,90 +1,29 @@ User-Visible OpenAFS Changes -OpenAFS 1.8.4 +OpenAFS 1.8.5 - All platforms +All platforms - Build system updates to remove obsolete autoconf macros and remove missing - script warning during builds (13480, 13481, 13482, 13483, 13484, 13486, - 13789, 13790). - - Build system update to fix a conditional check in the pthread.m4 autoconf - file (13595) - - Build system update to create the man3 subdirectory, fixing a - reported build failure (13535). - - Remove the last reference to src/mcas in the documentation (13558). - - All server platforms - - Fix fileserver's parsing of the options -vlruthresh, -vlruinterval, - -vlrumax and -novbc (13680). - - Fixes to make ptserver's behaviour when run in restricted mode consistent - with the documentation: Non-members of the system:administrators group - are no longer allowed to issue the adduser, setfields and delete pts - commands, and all members of system:administrators are now allowed to - issue pts commands in this mode, not just the admin principal (13686..88). - - All client platforms - - Fix missing Rx call clean-up after failing to read dcaches from a file - server (13511). - - Fix an Rx call leak for calls aborted by a connection abort after the call - was initialized but before use (13517). - - Remove the obsolete afs_xosi lock to remove unnecessary serialization of - VOP_GETATTR calls. This can lead to improved performance under heavy - workloads (13529). - - Increase the size of the Directory Name Lookup Cache (DNLC) to improve - cache performance (13559). - - Fix getting tokens for cells with a three character name (13679). - - Avoid a misleading message about the cell being used when aklog is run - with the -cell parameter but the AFSCELL environment variable is set to - a different cell (13676). - - Build system update to honor the CFLAGS environment variable when building - libuafs (13544). - - Linux - - Support for mainline kernels up to 5.3 (13787, 13789). - - More fixes for improper use of ENOENT fixes to avoid incorrect use of linux - negative dentry cache, which can lead to false ENOENT errors (13542, 13543, - 13590, 13692) (RT #134904). - - Return errors instead of returning incomplete directory listings when the - directory objects are incomplete in the cache (13591). - - Add ppc64le_linux26 sysname for the ppc64le architecture (13636, 13637, - 13589). - - Fix configure check for a kernel time function in order to build on - Linux 5.0 (13523). - - RPM packaging update for RHEL8 adding a build requirement to ensure the - kernel module can be built from the SRPM (13563) (RT #134900). - - On systemd based RHEL/Fedora systems, start the client after dkms startup - is finished if the latter is installed and enabled, to avoid attempting - starts without the kernel module being available yet (13674) (RT #134974). - - MacOS - - Build system updates for MacOS (13584). - - Solaris - - Add CTF debugging records to userspace objects to improve debugging - of servers (13487). - - Convert the cache manager vnodes to be non-embebbed on Solaris 11 in order - to make the cache manager more resilient across Solaris 11 changes (13524, - 13525, 13526, 13527, 13528). + * Fix OPENAFS-SA-2019-001: information leakage in failed RPC output + Generated RPC handler routines ran output variables through XDR encoding + even when the call had failed and would shortly be aborted (and for + which uninitialized output variables is common); any complete packets + assembled in the process would be sent to the peer, leaking the contents + of the uninitialized memory in question. + + * Fix OPENAFS-SA-2019-002: information leakage from uninitialized scalars + Generated RPC handler routines did not initialize output variables of + scalar (fixed-length) type, since they did not require dedicated logic to + free. Such variables allocated on the stack could remain uninitialized + in some cases (including those affected by OPENAFS-SA-2019-001), and the + contents of uninitialized memory would be returned to the peer. + +All server platforms + + * Fix OPENAFS-SA-2019-003: fix crash in database servers + The ubik debugging RPCs prioritize being fast and non-disruptive to + database operations over strict correctness, and do not adhere to the + usual locking protocol for data access. A data race could cause a NULL + dereference if the second memory load was not optimized out by the + compiler. ++++++ openafs-1.8.4-doc.tar.bz2 -> openafs-1.8.5-doc.tar.bz2 ++++++ ++++ 36318 lines of diff (skipped) ++++++ openafs-1.8.4-doc.tar.bz2.md5 -> openafs-1.8.5-doc.tar.bz2.md5 ++++++ --- /work/SRC/openSUSE:Factory/openafs/openafs-1.8.4-doc.tar.bz2.md5 2019-10-11 15:17:12.744120873 +0200 +++ /work/SRC/openSUSE:Factory/.openafs.new.2990/openafs-1.8.5-doc.tar.bz2.md5 2019-10-24 23:10:53.748643546 +0200 @@ -1 +1 @@ -6f336bc7fb0ddc13ce896f4283bc6564 openafs-1.8.4-doc.tar.bz2 +313dc4d38e5fffbbb6322d90c10c7292 /home/kaduk/openafs/1.8.5/openafs-1.8.5-doc.tar.bz2 ++++++ openafs-1.8.4-doc.tar.bz2.sha256 -> openafs-1.8.5-doc.tar.bz2.sha256 ++++++ --- /work/SRC/openSUSE:Factory/openafs/openafs-1.8.4-doc.tar.bz2.sha256 2019-10-11 15:17:15.100114397 +0200 +++ /work/SRC/openSUSE:Factory/.openafs.new.2990/openafs-1.8.5-doc.tar.bz2.sha256 2019-10-24 23:10:53.768643570 +0200 @@ -1 +1 @@ -30ac5ec5030845d2d435a7c85a6e7f23e929d49be5a2f53d0a0b7af86d141827 openafs-1.8.4-doc.tar.bz2 +3abab824485429674b8f60b228c35d77667f55ca2848388356ee4581811daf22 openafs-1.8.5-doc.tar.bz2 ++++++ openafs-1.8.4-src.tar.bz2 -> openafs-1.8.5-src.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/openafs/openafs-1.8.4-src.tar.bz2 /work/SRC/openSUSE:Factory/.openafs.new.2990/openafs-1.8.5-src.tar.bz2 differ: char 11, line 1 ++++++ openafs-1.8.4-src.tar.bz2.md5 -> openafs-1.8.5-src.tar.bz2.md5 ++++++ --- /work/SRC/openSUSE:Factory/openafs/openafs-1.8.4-src.tar.bz2.md5 2019-10-11 15:17:20.468099640 +0200 +++ /work/SRC/openSUSE:Factory/.openafs.new.2990/openafs-1.8.5-src.tar.bz2.md5 2019-10-24 23:10:55.328645390 +0200 @@ -1 +1 @@ -bf25489158158653982b19228e62eef2 openafs-1.8.4-src.tar.bz2 +3c41e2a512a41eb9ee3377339fb9d6d0 /home/kaduk/openafs/1.8.5/openafs-1.8.5-src.tar.bz2 ++++++ openafs-1.8.4-src.tar.bz2.sha256 -> openafs-1.8.5-src.tar.bz2.sha256 ++++++ --- /work/SRC/openSUSE:Factory/openafs/openafs-1.8.4-src.tar.bz2.sha256 2019-10-11 15:17:22.732093416 +0200 +++ /work/SRC/openSUSE:Factory/.openafs.new.2990/openafs-1.8.5-src.tar.bz2.sha256 2019-10-24 23:10:55.348645414 +0200 @@ -1 +1 @@ -b18a654b8224bbefcff4e63ead312da2754aca17943ded60b9475062b506639a openafs-1.8.4-src.tar.bz2 +eeded68f238be2d6fc37522b7feae5e0b1ea9815b90ea5da91e5d43e00b28523 openafs-1.8.5-src.tar.bz2
