lp:ubuntu/lucid-security/openafs

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

26. By Luke Faraone on 2013-03-05

* SECURITY UPDATE: Fix fileserver buffer overflow when parsing
  client-supplied ACL entries and protect against client parsing of bad ACL
  entries.
  - OPENAFS-SA-2013-001
  - CVE-2013-1794
  - LP: #114556
* SECURITY UPDATE: Fix ptserver buffer overflow via integer overflow in the
  IdToName RPC
  - OPENAFS-SA-2013-002
  - CVE-2013-1795
  - LP: #1145560

25. By Christian Biamont <email address hidden> on 2011-08-19

* SECURITY UPDATE: update ticket5 from heimdal. Avoids a double-free which
  basically allows an arbitrary attack against any krb5-aware Rx service by
  exploiting when the double-free occurs in asn1 payloads which came from
  the wire. Patch thanks to Debian.
  - CVE-2011-0430:
* SECURITY UPDATE: Use correct type of error in flock code. Patch thanks to
  Debian.
  - CVE-2011-0431
  - LP: #723121

24. By Russ Allbery on 2010-03-26

* Apply upstream deltas:
  - [135e196b] Create missing root directory when ORPH_ATTACH
  - [190ef2cb] volmonitor keep vtrans lock
  - [812dcc2c] Increase the maximum number of sysnames
  - [a123d4ab] Print rxdebug statistics as unsigned values
* If the user configures openafs-client to use AFSDB records for VLDB
  server location, don't prompt the user for VLDB servers for the local
  cell even if they're not present in CellServDB and don't try to add an
  entry for the local cell to CellServDB. (Closes: #575299)

23. By Russ Allbery on 2010-03-22

* Apply upstream deltas:
  - [4ca7b6fc] Remove lih_r
  - [f3899ac3] Allow GetSomeSpace_r to select an optimal host
  - [94a43966] h_TossStuff_r: check held-ness after lock
  - [b78eeb0c] h_TossStuff_r: make sure host does not go away
  - [0583af32] volmonitor copy link before calling free
  - [eb799d07] Move non-executable stack assembly code to end of file
* Build with -fno-strict-aliasing. The upstream development branch has
  a better fix that selectively enables this for specific files with
  known problems, but be conservative for the stable release.

22. By Russ Allbery on 2010-03-08

* New upstream release.
  - Enable weak encryption types in aklog and klog.krb5.
  - Build support for Linux 2.6.33.
  - Improvements to host tracking safety in the file server.
  - Fall back to current kernel credentials if we can't use stored ones.
  - Fix truncation handling in some large file situations.
  - Further fixes to mmap handling.
  - Avoid double-free in some FetchData64 error situations.
  - Stop warning about system call hooks when keyrings are in use.
  - Flush vcaches when a mount fails to avoid inconsistent data.
  - New dump tag and length standard for vos dump.
  - Fix stack executability for programs containing assembly code.
  - Various salvager robustness fixes.
* Use dh_dkms from the DKMS package to handle creation of the maintainer
  scripts for openafs-modules-dkms rather than rolling our own.
  (LP: #497149)
* Update init script to require $remote_fs be started first and stopped
  after OpenAFS. This won't be the case in the long run, but for now
  some important boot-time options need /usr/bin/fs to set them.
* List $syslog in Should-Start for the openafs-client init script, since
  otherwise if loading the module causes a kernel panic, it won't be
  logged to disk.
* Update CellServDB to the 2010-02-28 version.
* Add README.source explaining maintenance procedures and a
  debian/import-upstream script to do a Git-aware merge of a new
  upstream release that will allow us to cherry-pick upstream patches
  and do proper merges.
* Stop linking the openafs-fileserver doc directory to openafs-client so
  that we can provide a separate NEWS.Debian.
* Update standards version to 3.8.4 (no changes required).

21. By Russ Allbery on 2009-11-30

* Apply upstream deltas:
  - [c12ec354] Fix write_begin configure test for recent RHEL kernels
  - [b7198421] Fix memory allocation warnings at shutdown
  - [7183c113] Do not check *aoutSize in PGetPAG
  - [c0323c49] cm: address race condition in afs_QueueVCB
  - [ad6dabdc] Clean up console message
  - [c9f7fe37] Make ktc_curpag also detect ONEGROUP PAG gids
  - [2f87c43e] volser transaction object race conditions
  - [2d6c0390] Add array bounds checking in h_Enumerate
  - [70f6a328] Check for (hostFlags & HOSTDELETED) after h_Lock_r
  - [c7a59397] Avoid IHandle leak when failing to attach volume
* Remove incorrect return call in shutdown_icl() introduced by b7198421.
* Do not attempt to build the kernel module with DKMS if the appropriate
  Linux headers aren't installed. Based on code from the common DKMS
  postinst script (which we'll just use once it's reliably available).
  Thanks, Anders Kaseorg. (LP: #487535)
* Fix configure flags used for enabling or disabling LWP and kernel
  debugging flags and always pass --disable-strip-binaries.
* Fix the openafs-dbg dependencies and package description to reflect
  its inclusion of debugging symbols for all server binaries in
  openafs-fileserver and openafs-dbserver, but not the legacy PAM
  modules.
* In anticipation of a change in dpkg-source's defaults, force source
  package format 1.0. The package is maintained using Git and
  generating a proper quilt series is complex and relatively pointless
  work, so the additional complexity of the 3.0 format is currently not
  that useful.
* Change section of openafs-modules-dkms to kernel to match override.

20. By Russ Allbery on 2009-11-03

* Apply upstream deltas:
  - [7833e472] Make afsd.pod reflect reality
  - [c9974c7a] Avoid prematurely destroying callback_rxcon
  - [9b37972e] Linux: 2.6.32 - Adapt to writeback changes
  - [abdf72bc] Linux: Avoid deadlock in readdir - release GLOCK for
    filldir
  - [bdb4f98a] Protect rx_call iovq from simultaneous attempts to empty
    it
  - [c08609ae] Avoid using released hosts
  - [a410b7fd] Linux - Fix disk cache access for selinux/AppArmor
    constrained processes (LP: #415766)
  - [49094ccf] Add automatic sysname detection for ARM Linux
  - [525b594a] Make ktc_curpag generally available (LP: #446521)
* In the postinst of openafs-modules-dkms, if the openafs module is
  already added in DKMS, try to remove it first before adding it. This
  should more correctly handle the case of a user installing this
  package without the correct kernel headers, having it fail in
  postinst, and then installing the correct headers and having dpkg
  attempt to configure the package again. Thanks, Philipp Kaluza.
  (Closes: #553542)

19. By Russ Allbery on 2009-09-30

When changing the name of the source package built by
openafs-modules-source, we need to change the package name in the
changelog as well or dpkg-gencontrol explodes. Thanks, Aaron M.
Ucko. (Closes: #549140)

18. By Russ Allbery on 2009-08-21

* Add armv5tel to debian/sysname, mapping it to arm_linux26. Patch from
  Daniel Bayer. Also make the similar change for the module source
  package. (Closes: #542315)
* Also install restorevol in the openafs-client package.
* Swap maintainer and uploaders in the packaging files for the module
  source package, matching the main package.
* Update standards version to 3.8.3.
  - Change section of packages generated by openafs-modules-source to
    kernel.
  - Add Homepage to packages generated by openafs-modules-source.

17. By Russ Allbery on 2009-07-10

New upstream release.