From 658aba277a336ea3fc1b42b357fa22cebd212c4e Mon Sep 17 00:00:00 2001 From: jakllsch Date: Fri, 18 Mar 2016 17:11:37 +0000 Subject: Update OpenAFS to 1.6.17, fixes security vulnerabilities. User-Visible OpenAFS Changes OpenAFS 1.6.17 (Security Release) All server platforms * Fix for OPENAFS-SA-2016-001: foreign users can create groups as if they were an administrator (RT #132822) (CVE-2016-2860) All client platforms * Fix for OPENAFS-SA-2016-002: information leakage from sending uninitialized memory over the network. Multiple call sites were vulnerable, with potential for leaking both kernel and userland stack data (RT #132847) * Update to the GCO CellServDB update from 01 January 2016 (12188) Linux clients * Fix a crash when the root volume is not found and dynroot is not in use, a regression introduced in 1.6.14.1 (12166) * Avoid introducing a dependency on the kernel-devel package corresponding to the currently running system while building the srpm (12195) * Create systemd unit files with mode 0644 instead of 0755 (12196) (RT #132662) OpenAFS 1.6.16 All platforms * Documentation improvements (11932 12096 12100 12112 12120) * Improved diagnostics and error messages (11586 11587) * Distribute the contributor code of conduct with the stable release (12056) All server platforms * Create PID files in the right location when bosserver is started with the "-pidfiles" argument and transarc paths are not being used (12086) * Several fixes regarding volume dump creation and restore (11433 11553 11825 11826 12082) * Avoid a reported bosserver crash, and potentially others, by replacing fixed size buffers with dynamically allocated ones in some user handling functions (11436) (RT #130719) * Obey the "-toname" parameter in "vos clone" operations (11434) * Avoid writing a loopback address into the server CellServDB - search for a non-loopback one, and fail if none is found (12083 12105) * Rebuild the vldb free list with "vldb_check -fix" (12084) * Fixed and improved the "check_sysid" utility (12090) * Fixed and improved the "prdb_check" utility (12101..04) All client platforms * Avoid a potential denial of service issue, by fixing a bug in pioctl logic that allowed a local user to overrun a kernel buffer with a single NUL byte (commit 2ef86372) (RT #132256) (CVE-2015-8312) * Refuse to change multi-homed server entries with "vos changeaddr", unless "-force" is given, to avoid corruption of those entries (12087) * Provide a new vos subcommand "remaddrs" for removing server entries, to replace the slightly confusing "vos changeaddr -remove" (12092 12094) * Make "fs flushall" actually invalidate all cached data (11894) * Prevent spurious call aborts due to erroneous idle timeouts (11594) * Provide a "--disable-gtx" configure switch to avoid building and installing libgtx and its header files as well as the depending "scout" and "afsmonitor" applications (12095) * Fixed building the gtx applications against newer ncurses (12125) * Allow pioctls to work in environments where the syscall emulation pseudo file is created in a read-only pseudo filesystem, like in containers under recent versions of docker (12124) Linux clients * In Red Hat packaging, avoid following a symbolic link when writing the client CellServDB, which could overwrite the server CellServDB, by removing an existing symlink before writing the file (12081) * In Red Hat packaging, avoid a conflict of openafs-debuginfo with krb5-debuginfo by excluding our kpasswd executable from debuginfo processing (12128) (RT #131771) --- filesystems/openafs/Makefile | 6 +++--- filesystems/openafs/distinfo | 10 +++++----- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/filesystems/openafs/Makefile b/filesystems/openafs/Makefile index c6e4a79d478..31db4b60b0d 100644 --- a/filesystems/openafs/Makefile +++ b/filesystems/openafs/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.10 2015/10/28 19:43:01 jakllsch Exp $ +# $NetBSD: Makefile,v 1.11 2016/03/18 17:11:37 jakllsch Exp $ -DISTNAME= openafs-1.6.15-src +DISTNAME= openafs-1.6.17-src PKGNAME= ${DISTNAME:C/-src//} CATEGORIES= filesystems net sysutils -MASTER_SITES= http://www.openafs.org/dl/openafs/1.6.15/ +MASTER_SITES= http://www.openafs.org/dl/openafs/1.6.17/ EXTRACT_SUFX= .tar.bz2 MAINTAINER= gendalia@NetBSD.org diff --git a/filesystems/openafs/distinfo b/filesystems/openafs/distinfo index 958d607aaf5..218bf833127 100644 --- a/filesystems/openafs/distinfo +++ b/filesystems/openafs/distinfo @@ -1,7 +1,7 @@ -$NetBSD: distinfo,v 1.12 2015/11/04 17:41:18 agc Exp $ +$NetBSD: distinfo,v 1.13 2016/03/18 17:11:37 jakllsch Exp $ -SHA1 (openafs-1.6.15-src.tar.bz2) = f6d300a408943a1f3edada4d12a8f0b60635d839 -RMD160 (openafs-1.6.15-src.tar.bz2) = b88ff1914fa5566649f218aec063a0b1be1fc54a -SHA512 (openafs-1.6.15-src.tar.bz2) = 17ac239366bb6dc8f7978b74ae5069bedab1976b7a39da76886ada5808159aa4ddc6347f49aae49c2d4e9ea14044a375217e48d443059967e50b0f82e0596065 -Size (openafs-1.6.15-src.tar.bz2) = 14388197 bytes +SHA1 (openafs-1.6.17-src.tar.bz2) = 1898679226a87659eb71e073de29384e4d8d4739 +RMD160 (openafs-1.6.17-src.tar.bz2) = b21fc9986cae46385c6440b14ac562d08cbc59c9 +SHA512 (openafs-1.6.17-src.tar.bz2) = 3ca61a7731c9bd9bae7da2f7b3900438fcc9f75c95b354574389c2203af2ec0a7b4dcaaf13a437743477fcad8a46c3bbb8c68255a976b9a9917b8f0a0cdf028f +Size (openafs-1.6.17-src.tar.bz2) = 14607107 bytes SHA1 (patch-src_comerr_Makefile.in) = dd5e996481d7ef908710868aa9dc1b65feb98717 -- cgit v1.2.3