Bug#887857: jessie-pu: package openafs/1.6.9-2+deb8u6

2018-02-18 Thread Benjamin Kaduk 
On Sun, Feb 18, 2018 at 08:18:48PM +, Adam D. Barratt wrote:
> Control: tags -1 + pending
> 
> Uploaded and flagged for acceptance.

Thanks!

> On a side note, the diff as uploaded reverts a couple of bug closures
> from the previous security upload:
> 
>  openafs (1.6.9-2+deb8u6) jessie-security; urgency=high
>  
> -  * CVE-2017-17432: remote triggered Rx assertion failure (Closes: #883602)
> +  * CVE-2017-17432: remote triggered Rx assertion failure
>    * CVE-2016-4536: information leakage from OpenAFS clients
>    * CVE-2016-9772: information leakage from directory objects
> -(Closes: #846922)

I've added them back in version control, sorry for the regression.

-Ben

Bug#887857: jessie-pu: package openafs/1.6.9-2+deb8u6

2018-02-18 Thread Adam D. Barratt 
Control: tags -1 + pending

On Wed, 2018-02-14 at 20:48 +0100, Julien Cristau wrote:
> Control: tag -1 confirmed
> 
> On Sat, Jan 20, 2018 at 13:42:53 -0600, Benjamin Kaduk wrote:
> 
> > The recent kernel update in jessie-security with meltdown/spectre
> > remediation
> > measures introduced some minor ABI changes that cause the version
> > of the openafs
> > kernel module in jessie to be unable to compile.  More recent
> > upstream versions
> > of openafs do compile against this kernel, so I need to backport
> > the appropriate
> > build fixes in order to make openafs-modules-source and openafs-
> > modules-dkms
> > usable in jessie again.  (The version in jessie-backports is also
> > broken,
> > not that that is directly relevant here.)
> > 
> > I attach a debdiff with the needed patches, and I have tested the
> > resulting
> > package in a jessie VM with the latest kernel from jessie-security.
> > 
> 
> Looks fine to me, go ahead and upload.

Uploaded and flagged for acceptance.

On a side note, the diff as uploaded reverts a couple of bug closures
from the previous security upload:

 openafs (1.6.9-2+deb8u6) jessie-security; urgency=high
 
-  * CVE-2017-17432: remote triggered Rx assertion failure (Closes: #883602)
+  * CVE-2017-17432: remote triggered Rx assertion failure
   * CVE-2016-4536: information leakage from OpenAFS clients
   * CVE-2016-9772: information leakage from directory objects
-(Closes: #846922)

Regards,

Adam

Bug#887857: jessie-pu: package openafs/1.6.9-2+deb8u6

2018-02-14 Thread Julien Cristau 
Control: tag -1 confirmed

On Sat, Jan 20, 2018 at 13:42:53 -0600, Benjamin Kaduk wrote:

> The recent kernel update in jessie-security with meltdown/spectre remediation
> measures introduced some minor ABI changes that cause the version of the 
> openafs
> kernel module in jessie to be unable to compile.  More recent upstream 
> versions
> of openafs do compile against this kernel, so I need to backport the 
> appropriate
> build fixes in order to make openafs-modules-source and openafs-modules-dkms
> usable in jessie again.  (The version in jessie-backports is also broken,
> not that that is directly relevant here.)
> 
> I attach a debdiff with the needed patches, and I have tested the resulting
> package in a jessie VM with the latest kernel from jessie-security.
> 
Looks fine to me, go ahead and upload.

Cheers,
Julien

Bug#887857: jessie-pu: package openafs/1.6.9-2+deb8u6

2018-01-20 Thread Benjamin Kaduk 
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu

The recent kernel update in jessie-security with meltdown/spectre remediation
measures introduced some minor ABI changes that cause the version of the openafs
kernel module in jessie to be unable to compile.  More recent upstream versions
of openafs do compile against this kernel, so I need to backport the appropriate
build fixes in order to make openafs-modules-source and openafs-modules-dkms
usable in jessie again.  (The version in jessie-backports is also broken,
not that that is directly relevant here.)

I attach a debdiff with the needed patches, and I have tested the resulting
package in a jessie VM with the latest kernel from jessie-security.

-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.14.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), 
LANGUAGE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff -Nru openafs-1.6.9/debian/changelog openafs-1.6.9/debian/changelog
--- openafs-1.6.9/debian/changelog  2017-12-08 20:59:25.0 -0600
+++ openafs-1.6.9/debian/changelog  2018-01-20 11:48:09.0 -0600
@@ -1,3 +1,11 @@
+openafs (1.6.9-2+deb8u7) jessie-proposed-updates; urgency=high
+
+  * Apply upstream patches needed to fix kernel module build against
+linux 3.16.51-3+deb8u1 kernels after security update-induced ABI changes.
+(Closes: #886719)
+
+ -- Benjamin Kaduk   Sat, 20 Jan 2018 11:48:09 -0600
+
 openafs (1.6.9-2+deb8u6) jessie-security; urgency=high
 
   * CVE-2017-17432: remote triggered Rx assertion failure
diff -Nru 
openafs-1.6.9/debian/patches/0023-Linux-4.9-inode_change_ok-becomes-setattr_prepare.patch
 
openafs-1.6.9/debian/patches/0023-Linux-4.9-inode_change_ok-becomes-setattr_prepare.patch
--- 
openafs-1.6.9/debian/patches/0023-Linux-4.9-inode_change_ok-becomes-setattr_prepare.patch
   1969-12-31 18:00:00.0 -0600
+++ 
openafs-1.6.9/debian/patches/0023-Linux-4.9-inode_change_ok-becomes-setattr_prepare.patch
   2018-01-20 11:46:01.0 -0600
@@ -0,0 +1,57 @@
+From: Mark Vitale 
+Date: Thu, 20 Oct 2016 00:49:37 -0400
+Subject: Linux 4.9: inode_change_ok() becomes setattr_prepare()
+
+Linux commit 31051c85b5e2 "fs: Give dentry to inode_change_ok() instead
+of inode" renames and modifies inode_change_ok(inode, attrs) to
+setattr_prepare(dentry, attrs).
+
+Modify OpenAFS to cope.
+
+Reviewed-on: https://gerrit.openafs.org/12418
+Tested-by: BuildBot 
+Reviewed-by: Benjamin Kaduk 
+(cherry picked from commit 8aeb711eeaa5ddac5a74c354091e2d4f7ac0cd63)
+
+Change-Id: I7f08c57b7f61465a1ea1806f52f77bd65084
+Reviewed-on: https://gerrit.openafs.org/12480
+Tested-by: BuildBot 
+Reviewed-by: Mark Vitale 
+Reviewed-by: Stephan Wiesand 
+Tested-by: Stephan Wiesand 
+(cherry picked from commit 8efca09a5daa3cfc08d0d86e2fb48c9b8d1b270a)
+---
+ acinclude.m4 | 3 +++
+ src/afs/LINUX/osi_file.c | 4 
+ 2 files changed, 7 insertions(+)
+
+diff --git a/acinclude.m4 b/acinclude.m4
+index 80a05b7..e1cdc8c 100644
+--- a/acinclude.m4
 b/acinclude.m4
+@@ -947,6 +947,9 @@ case $AFS_SYSNAME in *_linux* | *_umlinux*)
+AC_CHECK_LINUX_FUNC([set_nlink],
+[#include ],
+[set_nlink(NULL, 1);])
++   AC_CHECK_LINUX_FUNC([setattr_prepare],
++   [#include ],
++   [setattr_prepare(NULL, NULL);])
+AC_CHECK_LINUX_FUNC([sock_create_kern],
+[#include ],
+[sock_create_kern(0, 0, 0, NULL);])
+diff --git a/src/afs/LINUX/osi_file.c b/src/afs/LINUX/osi_file.c
+index b83f736..d6c0fd6 100644
+--- a/src/afs/LINUX/osi_file.c
 b/src/afs/LINUX/osi_file.c
+@@ -184,7 +184,11 @@ osi_UFSTruncate(struct osi_file *afile, afs_int32 asize)
+ newattrs.ia_ctime = CURRENT_TIME;
+ 
+ /* avoid notify_change() since it wants to update dentry->d_parent */
++#ifdef HAVE_LINUX_SETATTR_PREPARE
++code = setattr_prepare(file_dentry(afile->filp), );
++#else
+ code = inode_change_ok(inode, );
++#endif
+ if (!code)
+   code = afs_inode_setattr(afile, );
+ if (!code)
diff -Nru 
openafs-1.6.9/debian/patches/0024-LINUX-Debian-Ubuntu-build-regression-on-kernel-3.16..patch
 
openafs-1.6.9/debian/patches/0024-LINUX-Debian-Ubuntu-build-regression-on-kernel-3.16..patch
---