lp:ubuntu/hardy-security/openafs
- Get this branch:
- bzr branch lp:ubuntu/hardy-security/openafs
Branch merges
Branch information
Recent revisions
- 23. By Evan Broder
-
* Apply upstream security patches from 1.4.9:
- OPENAFS-SA-2009- 001: Avoid a potential kernel memory overrun if more
items than requested are returned from an InlineBulk or BulkStatus
message. (CVE-2009-1251)
- OPENAFS-SA-2009- 002: Avoid converting negative errors into invalid
kernel memory pointers. (CVE-2009-1250)
* Fix a FTBFS when trying to delete non-existant files and directories. - 22. By Russ Allbery
-
* Apply additional upstream patches to the 2.6.24 support to fix
builds with older kernels. Thanks to Felix Koop for the testing.
(Closes: #458331)
* Remove old /etc/openafs/server- local files from older versions when
purging openafs-fileserver.
* Minor reformatting of openafs-client's postrm.
* Remove databases on purge of openafs-dbserver.
* Remove log files when purging openafs-fileserver or openafs-dbserver
per Policy 10.8. - 21. By Russ Allbery
-
* New upstream release.
- Even with a new enough Linux kernel to support keyrings, we still
may have found the system call table and need to clean it up when
unloading the module. (Closes: #448793)
* Use uname -m rather than dpkg --print-architecture to determine the
sysname for kernel module builds. Otherwise, builds with a different
kernel architecture than userspace (amd64 kernels with i386 userspace,
for example) don't work. Thanks, Anders Kaseorg. (Closes: #448452)
* Fix signing the generated the changes file on a kernel module build.
The module build file reorganization required an additional change to
genchanges. Thanks, Anders Kaseorg. (Closes: #448449)
* Expose prototypes for the ktc_* functions. (Closes: #449432)
* Fix man pages for subcommands to use an underscore in the NAME section
instead of a space so that they'll be indexed properly by the current
groff and man-db.
* Update CellServDB to 2007-10-25 GCO release.
* Add Homepage to the package control fields. - 20. By Russ Allbery
-
* New upstream release candidate.
- Fix errors when compiled with gcc 4.2. (Closes: #443937)
- Add a frightening hack to work around the lack of getcontext and
savecontext for 32-bit SPARc. (Closes: #415952, #446837)
- Add support for Linux 2.6.23.
- Multiple bug fixes for client tracking in the file server.
- Prevent one client from consuming all file server threads.
* Remove the workaround added for 2.6.20 and 2.6.21 kernels with
CONFIG_PARAVIRT enabled. The mistaken GPL-labelling of core
interfaces was fixed in 2.6.22, which has now migrated to testing.
* Scan /var/log/openafs for core files with a PID appended when a server
run by bosserver exits with a signal. bosserver was unable to
correctly handle core files for multithreaded servers since it
expected a filename of core and Linux always appends a PID to core
dumps by multithreaded processes.
* Fix make kdist in openafs-modules- source, inadvertently broken by a
missing genchanges script.
* Stop creating /var/lib/openafs/ cores. Nothing actually uses it. - 19. By Russ Allbery
-
* Switch to quilt for managing patches to the upstream source.
* Stop installing the Administrator's Reference. All of the useful
information in here has been converted to man pages.
* Use the upstream man page for pt_util, which lets us remove the
docbook-to-man build dependency.
* Update to the latest CellServDB from grand.central.org.
* Trim additional unuseful debug information from openafs-dbg.
* Restructure the source for the module package. The build files for
the module build are now in debian/module in the source package and
there is a completely separate rules file. This way, the module build
rules don't have to depend on quilt and the structure is clearer.
* Fix debhelper dependencies for the module build.
* Update module standards version to 3.7.2 (no changes required). - 18. By Russ Allbery
-
* Apply upstream patch from Jeffrey Hutzelman to fix syscall probing on
AMD64 with Linux 2.6.22 kernels. (Closes: #430179)
* Add a union to des_ks_struct and reorder includes to get the correct
alignment for DES code on SPARC. Thanks, Chaskiel Grundman. Partly
addresses #415952.
* Fix a typo in debian/kern-sysname that caused openafs-modules- source
to still assume all ia64 systems used Linux 2.4. Thanks, Jakob
Haufe. (Closes: #432344)
* Use LSB logging functions for openafs-fileserver and support passing
arguments to bosserver in /etc/default/openafs- fileserver by setting
DAEMON_ARGS.
* Clean up more completely after a purge of openafs-fileserver. Remove
the files created by the server in /var/lib/openafs/ local, remove
KeyFile and CellServDB.old from /etc/openafs/server, and remove
BosConfig from /etc/openafs. - 17. By Russ Allbery
-
* Apply upstream patch from Jeffrey Hutzelman to fix kernel module
builds on ppc64. (Closes: #427555)
* Apply upstream patches for Linux 2.6.22 support. (Closes: #428401)
* Apply upstream patch to fix the AFS /proc structure under Linux
2.6.22.1 and later.
* Move /etc/openafs/server- local to /var/lib/ openafs/ local. Most of the
files here are automatically generated and hence not configuration
files, and the file server has to write to this directory to start (so
having it in /etc breaks read-only / file systems). Thanks, Alexei
Sheplyakov. (Closes: #405697)
* Move upserver and upclient to /usr/lib/openafs (from /usr/sbin) to
match upstream's layout and for consistency with the other servers run
via bosserver.
* Use --name instead of --exec in the openafs-fileserver init script and
drop the --pidfile option (bosserver doesn't create a PID file) so
that we don't start a second bosserver on upgrades.
* Go back to using krb5-config. The dependency problem has now been
fixed on all platforms in the krb5 package and this is the preferred
upstream method. - 16. By Russ Allbery
-
* Always generate a UUID on client startup even if for some reason we
don't think we have any network interfaces. Otherwise, the client
will use an all-zeroes UUID, which will collide with every other
client with the same problem.
* When afsd is started with -rmtsys, it starts another process that afsd
-shutdown doesn't kill. Update the init script to kill this process
on stop. (Closes: #405982)
* Don't use krb5-config to get a library list. It runs the risk of
encoding unnecessary library dependencies. Instead, hard-code the
flags and libraries we actually need. (Closes: #424448)
* When loading a module using the upstream naming convention, don't
append the .mp to the module name for modprobe. (Closes: #420597) - 15. By Russ Allbery
-
* Debian kernels as of 2.6.20 enable CONFIG_PARAVIRT, which redefines
several core kernel calls as redirects through a paravirt.ops table
that's marked GPL-only. This breaks all non-GPL modules that used
those (previously generally exported) calls even indirectly. Apply a
hack to switch from spin_lock_irq to spin_lock_irqsave to avoid the
paravirt redirection so that the module will build.
* Enable ucontext for all Linux builds with glibc 2.4 or later, not just
with i386 and amd64, and (following an upstream patch) always use
ucontext on ia64. Newer versions of glibc change internal structures
in ways that cause the old LWP code to have stack overflows.
(Closes: #419903)
* Apply upstream patch to crashes on contention in afs_xuser when a
process in a PAG exits. Thanks, Chaskiel Grundman.
* When determining the AFS sysname for kernel module builds, add
explicit cases for 2.6 kernels for all architectures that support them
(everything except non-64-bit sparc_linux). Fixes build problems with
ia64 and probably other architectures. Thanks to Ippokratis Pandis
for the debugging help. (Closes: #411818)
* Prefer alpha_linux_26 to alpha_linux_24 for the non-kernel build on
Alpha, now that the source supports it.
* Add support for the s390x architecture. Upstream supports it and
there's no reason not to.
* Fix the watch file to remove .dfsg\d+ when comparing versions. - 14. By Russ Allbery
-
* New upstream release. (Closes: #415699)
- Support newer Linux kernels. (Closes: #409797, #410120)
- Add aklog fallbacks for null realms to support the referral
capability in MIT Kerberos 1.6 and later. (Closes: #410314)
* Apply patch from Thomas Sesselmann to support setting options to pass
to bosserver in /etc/default/openafs- fileserver. (Closes: #409357)
* Remove the rx_Init calls in the PAM module. The internal counters
that had to be initialized that way have been removed.
* Now that we're running regen.sh as part of the build process, only
patch the Autoconf source files and not the generated output to make
the diff easier to audit.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/karmic/openafs