Bug 179259 - bump net/openafs to 1.6.2 (buffer overflow and corruption fixes)
Summary: bump net/openafs to 1.6.2 (buffer overflow and corruption fixes)
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Chris Rees
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-06-03 13:30 UTC by nowak
Modified: 2013-06-03 19:40 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description nowak 2013-06-03 13:30:00 UTC 
* Fix buffer overflows in fileserver and ptserver.
* Fix rare file corruption during background sync (Gerrit 8796).
* Fix corrupting clients' metadata cache during certain errors (Gerrit 6957).
* Fix cache corruption when reading from a file another client is simultaneously writing to (Gerrit 7994).
* Fix fileservers to properly report >2 TiB partitions.

and some other less serious changes.

Fix: 

XXX BJK XXX
I dropped the patch which was sitting staged in one of my checkouts (oops)
into www.freebsd.org/~bjk/openafs-1.6.2.diff
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2013-06-03 13:30:08 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->bjk

Over to maintainer (via the GNATS Auto Assign Tool)
Comment 2 Chris Rees freebsd_committer freebsd_triage 2013-06-03 17:29:03 UTC 
Responsible Changed
From-To: bjk->crees

I'll take it.
Comment 3 Chris Rees freebsd_committer freebsd_triage 2013-06-03 17:49:42 UTC 
Responsible Changed
From-To: crees->bjk

Distinfo mismatch :( 
http://www.bayofrum.net/tb/index.php?action=display_markup_log&build=10-local&id=2618
Comment 4 Benjamin Kaduk freebsd_committer freebsd_triage 2013-06-03 18:21:07 UTC 
Responsible Changed
From-To: bjk->crees

Patchfile updated, it seems that the real dev work for this update 
did not occur in the svn checkout I thought it did. 
Note the several deleted patchfiles.
Comment 5 Chris Rees freebsd_committer freebsd_triage 2013-06-03 19:31:37 UTC 
State Changed
From-To: open->closed

Committed. Thanks!
Comment 6 dfilter service freebsd_committer freebsd_triage 2013-06-03 19:31:59 UTC 
Author: crees
Date: Mon Jun  3 18:29:50 2013
New Revision: 319798
URL: http://svnweb.freebsd.org/changeset/ports/319798

Log:
  Update to 1.6.2
  
  * Fix buffer overflows in fileserver and ptserver.
  * Fix rare file corruption during background sync (Gerrit 8796).
  * Fix corrupting clients' metadata cache during certain errors (Gerrit 6957).
  * Fix cache corruption when reading from a file another client is simultaneously writing to (Gerrit 7994).
  * Fix fileservers to properly report >2 TiB partitions.
  
  and some other less serious changes.
  
  PR:		ports/179259
  Submitted by:	Adam Nowacki <nowak@tepeserwery.pl>
  Submitted by:	bjk (maintainer)
  Security:	CVE-2013-1794

Deleted:
  head/net/openafs/files/patch-acinclude.m4
  head/net/openafs/files/patch-configure
  head/net/openafs/files/patch-configure.ac
  head/net/openafs/files/patch-src__afs__FBSD__osi_misc.c
  head/net/openafs/files/patch-src__afs__FBSD__osi_vfsops.c
  head/net/openafs/files/patch-src__afs__FBSD__osi_vnodeops.c
  head/net/openafs/files/patch-src__aklog__aklog.c
  head/net/openafs/files/patch-src__config__afs_sysnames.h
  head/net/openafs/files/patch-src__config__param.amd64_fbsd_100.h
  head/net/openafs/files/patch-src__config__param.amd64_fbsd_83.h
  head/net/openafs/files/patch-src__config__param.amd64_fbsd_84.h
  head/net/openafs/files/patch-src__config__param.amd64_fbsd_91.h
  head/net/openafs/files/patch-src__config__param.i386_fbsd_100.h
  head/net/openafs/files/patch-src__config__param.i386_fbsd_83.h
  head/net/openafs/files/patch-src__config__param.i386_fbsd_84.h
  head/net/openafs/files/patch-src__config__param.i386_fbsd_91.h
  head/net/openafs/files/patch-src__kauth__Makefile.in
  head/net/openafs/files/patch-src__libafs__Makefile.common.in
Modified:
  head/net/openafs/Makefile
  head/net/openafs/distinfo
  head/security/vuxml/vuln.xml

Modified: head/net/openafs/Makefile
==============================================================================
--- head/net/openafs/Makefile	Mon Jun  3 18:02:24 2013	(r319797)
+++ head/net/openafs/Makefile	Mon Jun  3 18:29:50 2013	(r319798)
@@ -2,7 +2,6 @@
 
 PORTNAME=	openafs
 DISTVERSION=	${AFS_DISTVERSION}.${DBVERSION:S/-//g}
-PORTREVISION=	1
 CATEGORIES=	net kld
 MASTER_SITES=	http://dl.central.org/dl/openafs/${AFS_DISTVERSION}/:openafs \
 		http://dl.openafs.org/dl/openafs/${AFS_DISTVERSION}/:openafs \
@@ -22,8 +21,8 @@ LICENSE_NAME=	IBM Public License Version
 LICENSE_FILE=	${WRKSRC}/doc/LICENSE
 LICENSE_PERMS=	auto-accept
 
-AFS_DISTVERSION=	1.6.1
-DBVERSION=	2011-08-14
+AFS_DISTVERSION=	1.6.2
+DBVERSION=	2013-01-28
 
 OPTIONS_DEFINE=	FUSE
 
@@ -45,6 +44,10 @@ PLIST_SUB+=	AFSMNTDIR=${AFSMNTDIR:C,^/,,
 
 .include <bsd.port.pre.mk>
 
+.if ${OSVERSION} > 1000000
+BROKEN=		Does not build
+.endif
+
 KERNCONF?=	GENERIC
 KERNCONFDIR?=	${SRC_BASE}/sys/${ARCH}/conf
 KMODDIR=	/boot/modules

Modified: head/net/openafs/distinfo
==============================================================================
--- head/net/openafs/distinfo	Mon Jun  3 18:02:24 2013	(r319797)
+++ head/net/openafs/distinfo	Mon Jun  3 18:29:50 2013	(r319798)
@@ -1,6 +1,6 @@
-SHA256 (openafs-1.6.1-src.tar.bz2) = d05ef7f8e89b6939726d93bb46d4353e20a459890b9c3ca3065d50de408bf5b0
-SIZE (openafs-1.6.1-src.tar.bz2) = 14356434
-SHA256 (openafs-1.6.1-doc.tar.bz2) = c41006ca12368b028f2108c972bd3de1881b5f78941bc831ff238a0344a3bec6
-SIZE (openafs-1.6.1-doc.tar.bz2) = 3481865
-SHA256 (CellServDB.2011-08-14) = fa547873edda44682440d66b79d2002f7019fac520eb3a6d6d2c7e9e83ad8d89
-SIZE (CellServDB.2011-08-14) = 36836
+SHA256 (openafs-1.6.2-src.tar.bz2) = 0db0877cd42131a744472ad0abfa26a4402a5bad94adb4d1eada75c8b6895bc9
+SIZE (openafs-1.6.2-src.tar.bz2) = 14378378
+SHA256 (openafs-1.6.2-doc.tar.bz2) = 3b1fecde4cea104d62fde9d4ac78bc4f28c64bc2c4f527bfefd27789facaae1e
+SIZE (openafs-1.6.2-doc.tar.bz2) = 3483994
+SHA256 (CellServDB.2013-01-28) = faa755c6e13d8a71182a4036d1cee01bce49fb2a93feb6499683f22049391a17
+SIZE (CellServDB.2013-01-28) = 36787

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Mon Jun  3 18:02:24 2013	(r319797)
+++ head/security/vuxml/vuln.xml	Mon Jun  3 18:29:50 2013	(r319798)
@@ -51,6 +51,36 @@ Note:  Please add new entries to the beg
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="0bf376b7-cc6b-11e2-a424-14dae938ec40">
+    <topic>net/openafs -- buffer overflow</topic>
+    <affects>
+      <package>
+	<name>openafs</name>
+	<range><lt>1.6.2.*</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Nickolai Zeldovich reports:</p>
+	<blockquote cite="http://www.openafs.org/pages/security/OPENAFS-SA-2013-001.txt">
+	  <p>An attacker with the ability to manipulate AFS directory ACLs may
+	  crash the fileserver hosting that volume.
+	  In addition, once a corrupt ACL is placed on a fileserver, its
+	  existence may crash client utilities manipulating ACLs
+	  on that server.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <url>http://www.openafs.org/pages/security/OPENAFS-SA-2013-001.txt</url>
+      <cvename>CVE-2013-1794</cvename>
+    </references>
+    <dates>
+      <discovery>2013-02-27</discovery>
+      <entry>2013-06-03</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="9dfb63b8-8f36-11e2-b34d-000c2957946c">
     <topic>www/mod_security -- NULL pointer dereference DoS</topic>
     <affects>
_______________________________________________
svn-ports-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-ports-all
To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"