Debian Patches

Status for openafs/1.8.9-1+deb12u1

Patch Description Author Forwarded Bugs Origin Last update
0003-Catch-up-to-roken-s-rename-of-base64-symbols.patch Catch up to roken's rename of base64 symbols
Upstream roken (i.e., heimdal) renamed their base64 encode/decode
routines to have a rk_ prefix in 2014, but upstream OpenAFS hasn't
pulled in an update to their bundled heimdal files since then.
So, upstream is still using the old name, whereas we are trying
to link against a more modern libroken, and must use the new names.		 Benjamin Kaduk <kaduk@mit.edu> no 2016-12-11
0005-tests-skip-vos-tests-when-a-vlserver-is-already-runn.patch tests: skip vos tests when a vlserver is already running
The vos tests start a temporary vlserver process, which is problematic
when the local system already has an installed vlserver. Attempt to
temporarily bind a socket to the vlserver port, and if unable to bind
with an EADDRINUSE error, assume the vlserver is already running and
skip these tests.

(cherry picked from commit bf1b3e2fc12a7502cfd74eb109eeb7131f7230d3)		 Michael Meffie <mmeffie@sinenomine.net> no 2020-01-10
0007-Temporarily-disable-flaky-test.patch Temporarily disable flaky test
The volser test consistently fails on the armhf buildd but succeeds
on the porterbox. The nature of the test in question suggests that
the issue in the test triggers only on a machine with a specific
network configuration using specific addresses in 10.0.0.0/8, which
should help track down the issue causing the test to fail on the buildd.		 Benjamin Kaduk <kaduk@mit.edu> no 2020-03-24
0004-Disable-rx-perf-test.patch Disable rx/perf test
It hardcodes a port number on which to run the testing service,
which may conflict with some buildd services and result in failing
autotests.		 Benjamin Kaduk <kaduk@mit.edu> no 2022-03-12
Properly-type-afs_osi_suser-cred-arg.patch afs: Properly type afs_osi_suser cred arg
Currently, afs_osi_suser is declared with a void* argument, even
though its only argument is always effectively a afs_ucred_t*. This
allows us to call afs_osi_suser with any pointer type without the
compiler complaining. Currently, some callers call afs_osi_suser with
an incorrectly-typed afs_ucred_t** instead, like so:

func(afs_ucred_t **credpp)
{
afs_ucred_t **acred = *acredpp; /* incorrect assignment */
if (afs_osi_suser(acred)) {
/* ... */
}
}

The actual code in the tree hides this to some degree behind various
function calls and layers of indirection (e.g. afs_suser()), but this
is effectively what we do. This causes compiler warnings because we
are doing incorrect pointer assignments, but the end result works
because afs_osi_suser actually uses an afs_ucred_t*.

The type confusion makes it very easy to accidentally give the wrong
type to afs_osi_suser. This only really matters on SOLARIS, since that
is the only platform that actually uses its argument to
afs_osi_suser().

To fix all of this, just declare afs_osi_suser as taking an
afs_ucred_t*, and fix all of the relevant functions to handle the
right type.

(cherry picked from commit 4ce922d339777faf647f7129f5ae3f173a7870b1)		 Andrew Deason <adeason@sinenomine.net> no http://git.openafs.org/?p=openafs.git;a=commit;h=7c3c93db2977765a8b82426f0524b380f896b82f 2020-01-14
openafs-sa-2024-001-stable18.patch [PATCH 1/2] OPENAFS-SA-2024-001: afs: Introduce afs_genpag()
CVE-2024-10394

Currently, several areas in the code call genpag() to generate a new
PAG id, but the signature of genpag() is very limited. To allow for
the code in genpag() to return errors and to examine the calling
user's credentials, introduce a new function, afs_genpag(), that does
the same thing as genpag(), but accepts creds and allows errors to be
returned.

Convert all existing callers to use afs_genpag() and to handle any
errors, though no errors are ever returned in this commit on its own.

To ensure there are no old callers of genpag() left around, change the
existing genpag() to be called genpagval(), and declare it static.

FIXES 135062

(cherry picked from commit f701f704c7bc93cf5fd7cffaaa043cef6a99e77f)		 Andrew Deason <adeason@sinenomine.net> no 2020-01-10
openafs-sa-2024-002-stable18.patch [PATCH 01/10] OPENAFS-SA-2024-002: viced: Refuse ACLs without '\0' in SRXAFS_StoreACL

CVE-2024-10396

Currently, the fileserver treats the ACL given in RXAFS_StoreACL as a
string, even though it is technically an AFSOpaque and could be not
NUL-terminated.

We give the ACL opaque/string to acl_Internalize_pr() to parse, which
will run off the end of the allocated buffer if the given ACL does not
contain a '\0' character. Usually this will result in a parse error
since we'll encounter garbage, but if the partially-garbage ACL
happens to parse successfully, some uninitialized data could make it
into the stored ACL.

In addition, if the given ACL is an opaque of length 0, we'll still
give the opaque pointer to acl_Internalize_pr(). In this case, the
pointer will point to &memZero, which happens to contain a NUL byte,
and so is treated like an empty string (which is not a valid ACL). But
the fact that this causes no problems is somewhat a coincidence, and
so should also be avoided.

To avoid both of these situations, just check if the given ACL string
contains a NUL byte. If it doesn't, or if it has length 0, refuse to
look at it and abort the call with EINVAL.

FIXES 135445

(cherry picked from commit e15decb318797f1d471588dc669c3e3b26f1b8b3)		 Andrew Deason <adeason@sinenomine.net> no 2023-09-18
openafs-sa-2024-003-stable18.patch [PATCH 1/9] xdr: Avoid xdr_string maxsize check when freeing
The maxsize argument in xdr_string() is garbage when called by
xdr_free(), since xdr_free() only passes the XDR handle and the xdr
string to be freed. Sometimes the size check fails and xdr_string()
returns early, without freeing the string and without setting the object
pointer to NULL.

Usually this just results in leaking the string's memory. But since
commit 9ae5b599c7 (bos: Let xdr allocate rpc output strings), many
callers in bos.c rely on xdr_free(xdr_string) to set the given string
to NULL; if this doesn't happen, subsequent calls to BOZO_ RPCs can
corrupt memory, often causing the 'bos' process to segfault.

We only need the maxsize check when encoding or decoding, so avoid
accessing the maxsize agument when the op mode is XDR_FREE.

In general, xdr_free() can only safely be used on xdr 2-argument xdr
functions, so must be avoided when freeing xdr opaque, byte, and union
types.

This change makes it safe to use xdr_free() to free xdr strings, but in
the future, we should provide a typesafe and less fragile function for
freeing xdr strings returned from RPCs. Currently, xdr_free(xdr_string)
is only called by the bos client and the tests.

(cherry picked from commit bbb1e8adfed6804ac6fbae0a073dc6927096e16a)		 Michael Meffie <mmeffie@sinenomine.net> no 2023-03-10

All known versions for source package 'openafs'

Links