commit 5ce1027906d901555ee6dbfb14a49cf68a0e9b7c Author: Benjamin Kaduk Date: Tue Mar 15 21:54:33 2016 -0500 Make OpenAFS 1.6.17 Update version strings for release 1.6.17. Change-Id: I5872643935f2c195b938e9cd94e7b0d7b81906fa commit 0261b673677cbc7136730c6ca51646f0126c56aa Author: Benjamin Kaduk Date: Tue Mar 15 21:52:40 2016 -0500 Update NEWS for 1.6.17 Release notes for OpenAFS 1.6.17 Change-Id: I47281bcdb6074a5ab6ba493abf86c1efb2227674 commit becf282ecf9bec3f266d4f8403c1e93d22ab455a Author: Benjamin Kaduk Date: Mon Mar 14 23:15:20 2016 -0500 OPENAFS-SA-2016-002 ListAddrByAttributes information leak The ListAddrByAttributes structure is used as an input to the GetAddrsU RPC; it contains a Mask field that controls which of the other fields will actually be read by the server during the RPC processing. Unfortunately, the client only wrote to the fields indicated by the mask, leaving the other fields uninitialized for transmission on the wire, leaking some contents of client memory. Plug the information leak by zeroing the entire structure before use. FIXES 132847 Change-Id: Ia7aaccd53db56c7359552b70113f9ae5edbd833e commit 5c4afd5558efcd54152d0be4d56c90e4c6860ef9 Author: Benjamin Kaduk Date: Mon Mar 14 23:15:20 2016 -0500 OPENAFS-SA-2016-002 VldbListByAttributes information leak The VldbListByAttributes structure is used as an input to several RPCs; it contains a Mask field that controls which of the other fields will actually be read by the server during the RPC processing. Unfortunately, the client only wrote to the fields indicated by the mask, leaving the other fields uninitialized for transmission on the wire, leaking some contents of client memory. Plug the information leak by zeroing the entire structure before use. FIXES 132847 Change-Id: Ia7aaccd53db56c7359552b70113f9ae5edbd833e commit 3ed975016290f916047fe2ac04303ee393e18a7a Author: Benjamin Kaduk Date: Mon Mar 14 23:15:20 2016 -0500 OPENAFS-SA-2016-002 AFSStoreVolumeStatus information leak The AFSStoreVolumeStatus structure is used as an input to the RXAFS_SetVolumeStatus RPC; it contains a Mask field that controls which of the other fields will actually be read by the server during the RPC processing. Unfortunately, the client only wrote to the fields indicated by the mask, leaving the other fields uninitialized for transmission on the wire, leaking some contents of kernel memory. Plug the information leak by zeroing the entire structure before use. FIXES 132847 Change-Id: Ia7aaccd53db56c7359552b70113f9ae5edbd833e commit 90cb77f975244c77ef929be723e5b871247cbe9d Author: Benjamin Kaduk Date: Sun Mar 13 12:56:24 2016 -0500 OPENAFS-SA-2016-002 AFSStoreStatus information leak Marc Dionne reported that portions of the AFSStoreStatus structure were not written to before being sent over the network for operations such as create, symlink, etc., leaking the contents of the kernel stack to observers. Which fields in the request are used are controlled by a flags field, and so if a field was not going to be used by the server, it was sometimes left uninitialized. Fix the information leak by zeroing out the structure before use. FIXES 132847 Change-Id: Iebcac04d1ff70df06d054ddb3b886ab422fb2a14 commit 396240cf070a806b91fea81131d034e1399af1e0 Author: Benjamin Kaduk Date: Wed Mar 9 19:30:20 2016 -0600 OPENAFS-SA-2016-001 group creation by foreign users CVE-2016-2860: The ptserver permits foreign-cell users to create groups as if they were system:administrators. In particular, groups in the user namespace (with no colon) and the system: namespace can be created. No group quota is enforced for the creation of these groups, but they will be owned by system:administrators and cannot be changed by the user that created them. When processing requests from foreign users, the creator ID is overwritten with the ID of system:administrators, and that field is later used for access control checks in CorrectGroupName(), called from CreateEntry(). The access-control bypass is not possible for creating user entries, since there is an early check in CreateOK() that only permits administrators to create users, using a correct test for whether the call is being made by an administrator. FIXES 132822 [Based on a patch by Jeffrey Altman.] Change-Id: I77dcf4a2f7d9c770c805a649f2ddc6bee5f83389 commit be42de4f4f335b86defdac16a491c3b04219f212 Author: Brian Torbich Date: Thu Jan 21 10:08:27 2016 -0500 redhat: Correct permissions on systemd unit files Change the systemd unit file permissions created via openafs.spec to be 0644 instead of 0755. Having the systemd unit files be executable will trigger a systemd warning. FIXES 132662 Reviewed-on: http://gerrit.openafs.org/12174 Tested-by: BuildBot Reviewed-by: Stephan Wiesand Reviewed-by: Benjamin Kaduk (cherry picked from commit a4c4b786059ac7d5f9ecc5ec07727f000b62c13f) Change-Id: I0ad33a93c963b7a2d242b43b7d94e2e3f5041e8d Reviewed-on: http://gerrit.openafs.org/12196 Tested-by: BuildBot Reviewed-by: Stephan Wiesand commit e42c91172ac392cb6c1e75dbed30422245555e6c Author: Michael Meffie Date: Mon Feb 8 12:12:22 2016 -0500 CellServDB update 01 Jan 2016 Update all remaining copies of CellServDB in the tree, and make the Red Hat packaging use it by default too. [mmeffie@sinenomine.net: 1.6.x specific change; also update the debian packaging.] Reviewed-on: http://gerrit.openafs.org/12187 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk (cherry picked from commit 378eae1d534d61d357a0ad681b57b5e203f814ad) Change-Id: I5f3c8a03fac30e4da6d26ce7f65529e9f048f6b8 Reviewed-on: http://gerrit.openafs.org/12188 Reviewed-by: Chas Williams <3chas3@gmail.com> Tested-by: BuildBot Reviewed-by: Stephan Wiesand commit 9cf75ab6dd388c6bdf7f6550db0759278d5bfbf1 Author: Stephan Wiesand Date: Mon Jun 22 10:44:11 2015 +0200 redhat: Avoid bogus dependencies when building the srpm By default the spec defines that both userland and kernel module packages should be built. This results in a dependency of the form "kernel-devel-`uname -m` = `uname -r`" being added to the source package created by makesrpm.pl, which is bogus because the uname values are from the system on which the srpm is built and needn't apply to the system where it is used. While rpm and rpmbuild ignore such dependencies of source packages, other tools don't and may fail. Some versions of rpmbuild will also enforce those requirements when building the srpm itself, which is pointless too. Avoid both problems by pretending not to attempt building modules and ignoring any dependencies when makesrpm.pl invokes rpmbuild -bs. Reviewed-on: http://gerrit.openafs.org/11903 Tested-by: BuildBot Reviewed-by: Stephan Wiesand Tested-by: Stephan Wiesand Reviewed-by: Benjamin Kaduk (cherry picked from commit 9ee5fa152b7b7de6a6ddc6ed87bbf9f76da6e3e4) Change-Id: I76aac20b8dcad2105f8d20a3e169b2f5526ef956 Reviewed-on: http://gerrit.openafs.org/12195 Tested-by: BuildBot Reviewed-by: Stephan Wiesand Tested-by: Stephan Wiesand commit 50ae4225500d255b1f05de5ca8c763383fe178fe Author: Mark Vitale Date: Mon Feb 9 18:16:16 2015 -0500 pioctl.c: restore required result variable Commit b9fb9c62a6779aa997259ddf2a83a90b08e04d5f refactored lpioctl() so that LINUX would have its own implementation. This also simplified the other lpioctl() implementations by removing superfluous variable 'rval'. Unfortunately, 'rval' was actually required for both DARWIN and SUN511. On both of these platforms, the address of 'errcode' is passed to the respective ioctl_*() routine so its value may be passed back to lpioctl(). Therefore, 'errcode' must not also be used for the return value from these functions; doing so results in the return value from the function overwriting the intended value of 'errcode' upon return to lpioctl(). In the case of Solaris 11, ioctl_sun_afs_syscall() always returns zero (as long as the ioctl device 'dev/afs' opened successfully). So 'errcode' was always being set to zero, even if the pioctl had actually failed. For example, without this fix, 'fs listcells' loops forever on Solaris 11, listing an infinite number of "cells", because it will never "see" the EDOM that informs it of the last defined cell. Partially revert b9fb9c62a6779aa997259ddf2a83a90b08e04d5f by restoring the 'rval' variable and logic for DARWIN and SUN511. Reviewed-on: http://gerrit.openafs.org/11734 Tested-by: BuildBot Reviewed-by: Michael Meffie Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: Jeffrey Altman (cherry picked from commit 7ae8e64d1ee79c23da96c326111fdc40015ed5a6) Change-Id: I6a4b8817f02522144b3adbbae06b3737e6c62585 Reviewed-on: http://gerrit.openafs.org/11795 Reviewed-by: Daria Phoebe Brashear Reviewed-by: Mark Vitale Reviewed-by: Benjamin Kaduk Tested-by: BuildBot Reviewed-by: Stephan Wiesand commit 6f5dc12bb278998049943c429ebafb5ec840033b Author: Benjamin Kaduk Date: Thu Feb 6 16:11:49 2014 -0500 pioctl.c: removed unused variable The 'rval' variable is only actually used in the LINUX20 case; adding another conditional block is making the LINUX20 case different enough that it should get split out entirely. Doing so lets the 'else' clause be simpler. Found by clang on FreeBSD 10.0. Reviewed-on: http://gerrit.openafs.org/10819 Tested-by: Benjamin Kaduk Reviewed-by: Perry Ruiter Reviewed-by: D Brashear (cherry picked from commit b9fb9c62a6779aa997259ddf2a83a90b08e04d5f) Change-Id: I47f781bc13d54ad5a1b34365fcb9680793b206d1 Reviewed-on: http://gerrit.openafs.org/11778 Reviewed-by: Mark Vitale Reviewed-by: Benjamin Kaduk Tested-by: BuildBot Reviewed-by: Stephan Wiesand commit 4c17087b8d9f8bd2ad34f308c1208443d60f4e3e Author: Benjamin Kaduk Date: Thu Feb 6 17:27:28 2014 -0500 fstrace: only declare 'rval' when it is used ... to avoid compiler warnings about unused variables. Found by clang on FreeBSD 10.0. Reviewed-on: http://gerrit.openafs.org/10822 Tested-by: BuildBot Reviewed-by: Perry Ruiter Reviewed-by: Jeffrey Altman (cherry picked from commit 63291be2216762dd89072f41c9a016608b736ceb) Change-Id: Ib5d7e14d6077ec2377180b9308d99f49ff79cccc Reviewed-on: http://gerrit.openafs.org/11777 Reviewed-by: Jeffrey Altman Reviewed-by: Benjamin Kaduk Tested-by: BuildBot Reviewed-by: Stephan Wiesand commit 84f1d7f21dc4195d7c8476988c532d62b7bf65c5 Author: Benjamin Kaduk Date: Thu Feb 6 17:01:19 2014 -0500 FBSD: Switch the dummy 'data' for mount(2) The mount(2) API takes a void*, but 'rn' is const char*, which is const-incorrect. Our vfs_cmount implementation ignores the 'data' parameter, but upstream's kernel mount(2) implementation did have a NULL check until r158611 (in the 6.1 or 7.0 timeframe), so leave that comment for now. Arguably we should be using nmount(2) instead of mount(2) anyway, but leave that for a separate patch. Reviewed-on: http://gerrit.openafs.org/10821 Tested-by: BuildBot Reviewed-by: Jeffrey Altman (cherry picked from commit 53d7145416c0a6bafa7ecccd113178fc4af04f8f) Change-Id: Id8ab9ec946a8eee7c73cf234f35e7d12a65f6d84 Reviewed-on: http://gerrit.openafs.org/11776 Reviewed-by: Jeffrey Altman Reviewed-by: Benjamin Kaduk Tested-by: BuildBot Reviewed-by: Stephan Wiesand commit 53ef9aa938c604c2c147ad64f649d3c8fc63b548 Author: Benjamin Kaduk Date: Thu Feb 6 15:52:42 2014 -0500 Remove unneeded inclusion of This file is deprecated on FreeBSD, and is not used anywhere. Reviewed-on: http://gerrit.openafs.org/10817 Tested-by: BuildBot Reviewed-by: Jeffrey Altman (cherry picked from commit add4b8100e9b9624b6e03fa7d471367720ab062e) Change-Id: I06dfd8f90f2e8e4b2ca38692cbc4aa90dcdffe13 Reviewed-on: http://gerrit.openafs.org/11775 Reviewed-by: Jeffrey Altman Reviewed-by: Benjamin Kaduk Tested-by: BuildBot Reviewed-by: Stephan Wiesand commit 5f05961c88d9e819312314b0e7be7bc67a47b6c6 Author: Michael Meffie Date: Thu Jan 7 14:15:53 2016 -0500 Linux: Fix crash when the afs root volume is not found Commit 602130f1de65eefeb4e31e114070d544eb9edd40 changed the allocation of the backing device info to directly use the kernel memory allocator. Unfortunately, one of the deallocations was not converted to the kernel memory deallocator in the backport to the 1.6.x branch. The code path is triggered when the afs root volume is not found (for example, not -dynroot and the root.afs volume is not available.) This causes the system to crash instead of just failing to mount /afs. This is a 1.6.x change only. This bug was introduced in version 1.6.14.1. FIXES 132653 Change-Id: Ifc991be5f914b4a4e1a797b7e2178dc03436b8e6 Reviewed-on: http://gerrit.openafs.org/12166 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk Reviewed-by: Chas Williams <3chas3@gmail.com> Reviewed-by: Stephan Wiesand