diff options
author | Michael Lass | 2021-01-14 21:08:52 +0100 |
---|---|---|
committer | Michael Lass | 2021-01-14 21:11:44 +0100 |
commit | 5b5047f67331e949744d56f1b9589b087791b644 (patch) | |
tree | 796261ce5c837259826b7e8f8883ef741769939e | |
parent | 8d105837d442b634a085c885c1ba020a1d3b32f7 (diff) | |
download | aur-5b5047f67331e949744d56f1b9589b087791b644.tar.gz |
Update patches for RX sequence ID bug
-rw-r--r-- | .SRCINFO | 12 | ||||
-rw-r--r-- | 0001-Temporary-fix-for-compilation-with-GCC-10.patch | 2 | ||||
-rw-r--r-- | 0002-Adjust-RedHat-config-and-service-files.patch | 2 | ||||
-rw-r--r-- | 0003-rx-rx_InitHost-do-not-overwrite-RAND_bytes-rx_nextCi.patch | 15 | ||||
-rw-r--r-- | 0004-rx-update_nextCid-overflow-handling-is-broken.patch | 26 | ||||
-rw-r--r-- | 0005-Remove-overflow-check-from-update_nextCid.patch | 49 | ||||
-rw-r--r-- | PKGBUILD | 20 |
7 files changed, 100 insertions, 26 deletions
@@ -1,7 +1,7 @@ pkgbase = openafs pkgdesc = Open source implementation of the AFS distributed file system pkgver = 1.8.6 - pkgrel = 2 + pkgrel = 3 url = http://www.openafs.org install = openafs.install arch = i686 @@ -24,13 +24,15 @@ pkgbase = openafs source = 0002-Adjust-RedHat-config-and-service-files.patch source = 0003-rx-rx_InitHost-do-not-overwrite-RAND_bytes-rx_nextCi.patch source = 0004-rx-update_nextCid-overflow-handling-is-broken.patch + source = 0005-Remove-overflow-check-from-update_nextCid.patch sha256sums = 8b4e9d3180f1ecd752753da17ac630df04eb7007c90a921a5f6403c0339d2945 sha256sums = e34fa28d9ee06b47d080e4ed0c1f55fe2629ce974f1a7a7ec60dd6e87a9d21e9 sha256sums = 18d7b0173bbffbdc212f4e58c5b3ce369adf868452aabc3485f2a6a2ddb35d68 - sha256sums = 2bbc1e89cb1032c6dcdeb482db3578993f83ce40bf03c413886484cf1dc84b43 - sha256sums = 3b1029fda091177834f9fec79967164d9c3172b2bdca2190c2555bd2dd1b1e9b - sha256sums = f13225033ad18c74cc21316aeae50d3a325fb9e88e38b0d76c470714ce83da1c - sha256sums = 506d090da582910f6e69c8dbbb3e78a9afbaed689f1057cae71c7dd923999f8f + sha256sums = 5a64f667ef5c63a0b54e859ccde0a69f6d883bfadfa5ce4b3e0a98e613764258 + sha256sums = 30cd5cb67782161a8510039c14479a02252e3bb80fdf23795753ddb7f1aeadf7 + sha256sums = 302cf63380e43145949f6e91e9510fdc8ed94de915b90975212a5bdb55bb9259 + sha256sums = 3ab566be3b11bcd8e59d7809ee4e73e3b7206b7cf21097d5cf55675543c2b785 + sha256sums = 94dea81621ba41b7b1122d977c60d66431b64bead0d6796ef322b04196579e63 pkgname = openafs diff --git a/0001-Temporary-fix-for-compilation-with-GCC-10.patch b/0001-Temporary-fix-for-compilation-with-GCC-10.patch index 1038fdc06ec2..c0a6d6acfaf3 100644 --- a/0001-Temporary-fix-for-compilation-with-GCC-10.patch +++ b/0001-Temporary-fix-for-compilation-with-GCC-10.patch @@ -1,7 +1,7 @@ From 81c4f50914bd0f696a0a6c356982e97594bd2c77 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20La=C3=9F?= <lass@mail.uni-paderborn.de> Date: Tue, 19 May 2020 16:17:01 +0200 -Subject: [PATCH 1/4] Temporary fix for compilation with GCC 10 +Subject: [PATCH 1/5] Temporary fix for compilation with GCC 10 See: * https://bugs.gentoo.org/706738 diff --git a/0002-Adjust-RedHat-config-and-service-files.patch b/0002-Adjust-RedHat-config-and-service-files.patch index a952ce511885..327d1da67e31 100644 --- a/0002-Adjust-RedHat-config-and-service-files.patch +++ b/0002-Adjust-RedHat-config-and-service-files.patch @@ -1,7 +1,7 @@ From c0f5be5ee08d8db59c0c0106bed56f602edf3cad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20La=C3=9F?= <lass@mail.uni-paderborn.de> Date: Thu, 19 Feb 2015 19:34:00 +0100 -Subject: [PATCH 2/4] Adjust RedHat config and service files +Subject: [PATCH 2/5] Adjust RedHat config and service files Basically we reuse upstream's config for RedHat but we change a few things: diff --git a/0003-rx-rx_InitHost-do-not-overwrite-RAND_bytes-rx_nextCi.patch b/0003-rx-rx_InitHost-do-not-overwrite-RAND_bytes-rx_nextCi.patch index 5535779b024e..39e70918d8b5 100644 --- a/0003-rx-rx_InitHost-do-not-overwrite-RAND_bytes-rx_nextCi.patch +++ b/0003-rx-rx_InitHost-do-not-overwrite-RAND_bytes-rx_nextCi.patch @@ -1,7 +1,7 @@ -From c2c8cf8765e9c7ca0b07ae212ff59816f21faf53 Mon Sep 17 00:00:00 2001 +From cf0eaaa6023b89bc2765148b33481dfddc072432 Mon Sep 17 00:00:00 2001 From: Jeffrey Altman <jaltman@auristor.com> Date: Thu, 14 Jan 2021 09:41:39 -0500 -Subject: [PATCH 3/4] rx: rx_InitHost do not overwrite RAND_bytes rx_nextCid +Subject: [PATCH 3/5] rx: rx_InitHost do not overwrite RAND_bytes rx_nextCid 39b165cdda941181845022c183fea1c7af7e4356 ("Move epoch and cid generation into the rx core") introduced the use of RAND_bytes() @@ -15,7 +15,16 @@ At Thu, 14 Jan 2021 08:25:36 GMT the IBM inherited calculation overflows the value CID range. This triggers broken overflow logic in update_nextCid(). -Change-Id: Ib7283def1ded9792d394133a3969a6d86f3a6123 +Reviewed-on: https://gerrit.openafs.org/14491 +Reviewed-by: Andrew Deason <adeason@sinenomine.net> +Tested-by: Andrew Deason <adeason@sinenomine.net> +Reviewed-by: Jeffrey Hutzelman <jhutz@cmu.edu> +Reviewed-by: Cheyenne Wills <cwills@sinenomine.net> +Tested-by: Mark Vitale <mvitale@sinenomine.net> +Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> +(cherry picked from commit a3bc7ff1501d51ceb3b39d9caed62c530a804473) + +Change-Id: If5f7d4ba1cacc6978c83fd512653fbaa0c1559d8 --- src/rx/rx.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/0004-rx-update_nextCid-overflow-handling-is-broken.patch b/0004-rx-update_nextCid-overflow-handling-is-broken.patch index 1a18527312bb..cd9cf2a2b72b 100644 --- a/0004-rx-update_nextCid-overflow-handling-is-broken.patch +++ b/0004-rx-update_nextCid-overflow-handling-is-broken.patch @@ -1,12 +1,14 @@ -From 9700cbf1784ea722dd2a7fed88f4f76cd7491564 Mon Sep 17 00:00:00 2001 +From 9dbe1e09f2b8eea9164ddce756614cd9462e7784 Mon Sep 17 00:00:00 2001 From: Jeffrey Altman <jaltman@auristor.com> Date: Thu, 14 Jan 2021 09:57:13 -0500 -Subject: [PATCH 4/4] rx: update_nextCid overflow handling is broken +Subject: [PATCH 4/5] rx: update_nextCid overflow handling is broken The overflow handling in update_nextCid() produces a rx_nextCid -value of 0x80000001 which itself is an overflow. When used -to construct the first call of a new connection the connection -id for the call becomes 0x80000002. +value of 0x80000001 which itself is out of the valid range. When +used to construct the first call of a new connection the connection +id for the call becomes 0x80000002, and all subsequent connections +also trigger the overflow handling and thus also receive connection +id 0x80000002. If the same connection id is used for multiple connections from the same endpoint the accepting rx peer will be very confused. @@ -15,8 +17,10 @@ When authenticated connections are used, the CHALLENGE/RESPONSE will fail because of a mismatch in the connection's callNumber array. -All communication from a broken initiator to any rx peer will -fail. +If an initiator makes only a single connection to a given rx peer, +that connection would succeed, but once multiple connections are +initiated all communication from a broken initiator to any rx peer +will fail. The incorrect overflow calculation was introduced by 39b165cdda941181845022c183fea1c7af7e4356 ("Move epoch and cid @@ -26,7 +30,13 @@ This change corrects the overflow value to become 1 << RX_CIDSHIFT -Change-Id: If36e3aa581d557cc0f4d2d478f84a6593224c3cc +Reviewed-on: https://gerrit.openafs.org/14492 +Reviewed-by: Andrew Deason <adeason@sinenomine.net> +Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> +Tested-by: Benjamin Kaduk <kaduk@mit.edu> +(cherry picked from commit 2c0a3901cbfcb231b7b67eb0899a3133516f33c8) + +Change-Id: I74d70706ddf99022bed639891cb610fba9ef863d --- src/rx/rx.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/0005-Remove-overflow-check-from-update_nextCid.patch b/0005-Remove-overflow-check-from-update_nextCid.patch new file mode 100644 index 000000000000..4f8537068eb3 --- /dev/null +++ b/0005-Remove-overflow-check-from-update_nextCid.patch @@ -0,0 +1,49 @@ +From ad49f820fec917e361ff4cd3fb999cfa956b010e Mon Sep 17 00:00:00 2001 +From: Benjamin Kaduk <kaduk@mit.edu> +Date: Thu, 14 Jan 2021 10:20:59 -0800 +Subject: [PATCH 5/5] Remove overflow check from update_nextCid + +The rx_nextCid global has been an unsigned type since +http://gerrit.openafs.org/11106 (which was actually merged before +the refactoring of overflow check to avoid signed integer overflow) +and thus there is no need to avoid signed overflow. The per-connection +cid has been unsigned since the IBM import. + +The natural unsigned behavior on overflow of wrapping is the desired +behvaior here, so just remove the extra logic and always increment. + +Reviewed-on: https://gerrit.openafs.org/14496 +Reviewed-by: Jeffrey Hutzelman <jhutz@cmu.edu> +Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> +Tested-by: Benjamin Kaduk <kaduk@mit.edu> +(cherry picked from commit 43ef1f2a5d80aa1c3f5b4831ada8e776ac0c7d13) + +Change-Id: I64fabe5229039f7af040902ed2e6f03dba7bc14d +--- + src/rx/rx.c | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/src/rx/rx.c b/src/rx/rx.c +index 5d5953120..c713fefd8 100644 +--- a/src/rx/rx.c ++++ b/src/rx/rx.c +@@ -6644,14 +6644,12 @@ rxi_CancelGrowMTUEvent(struct rx_call *call) + } + + /* +- * Increment the counter for the next connection ID, handling overflow. ++ * Increment the counter for the next connection ID. ++ * Wrapping on unsigned integer overflow is the intended behavior. + */ + static void + update_nextCid(void) + { +- /* Overflow is technically undefined behavior; avoid it. */ +- if (rx_nextCid > MAX_AFS_INT32 - (1 << RX_CIDSHIFT)) +- rx_nextCid = 0; + rx_nextCid += 1 << RX_CIDSHIFT; + } + +-- +2.30.0 + @@ -6,7 +6,7 @@ pkgname=openafs pkgver=1.8.6 -pkgrel=2 +pkgrel=3 pkgdesc="Open source implementation of the AFS distributed file system" arch=('i686' 'x86_64' 'armv7h') url="http://www.openafs.org" @@ -27,14 +27,16 @@ source=(http://openafs.org/dl/openafs/${pkgver}/${pkgname}-${pkgver}-src.tar.bz2 0001-Temporary-fix-for-compilation-with-GCC-10.patch 0002-Adjust-RedHat-config-and-service-files.patch 0003-rx-rx_InitHost-do-not-overwrite-RAND_bytes-rx_nextCi.patch - 0004-rx-update_nextCid-overflow-handling-is-broken.patch) + 0004-rx-update_nextCid-overflow-handling-is-broken.patch + 0005-Remove-overflow-check-from-update_nextCid.patch) sha256sums=('8b4e9d3180f1ecd752753da17ac630df04eb7007c90a921a5f6403c0339d2945' 'e34fa28d9ee06b47d080e4ed0c1f55fe2629ce974f1a7a7ec60dd6e87a9d21e9' '18d7b0173bbffbdc212f4e58c5b3ce369adf868452aabc3485f2a6a2ddb35d68' - '2bbc1e89cb1032c6dcdeb482db3578993f83ce40bf03c413886484cf1dc84b43' - '3b1029fda091177834f9fec79967164d9c3172b2bdca2190c2555bd2dd1b1e9b' - 'f13225033ad18c74cc21316aeae50d3a325fb9e88e38b0d76c470714ce83da1c' - '506d090da582910f6e69c8dbbb3e78a9afbaed689f1057cae71c7dd923999f8f') + '5a64f667ef5c63a0b54e859ccde0a69f6d883bfadfa5ce4b3e0a98e613764258' + '30cd5cb67782161a8510039c14479a02252e3bb80fdf23795753ddb7f1aeadf7' + '302cf63380e43145949f6e91e9510fdc8ed94de915b90975212a5bdb55bb9259' + '3ab566be3b11bcd8e59d7809ee4e73e3b7206b7cf21097d5cf55675543c2b785' + '94dea81621ba41b7b1122d977c60d66431b64bead0d6796ef322b04196579e63') # If you need the kauth tools set this to 1. But be aware that these tools # are considered insecure since 2003! This also affects the PAM libs. @@ -50,10 +52,12 @@ prepare() { patch -p1 < "${srcdir}/0002-Adjust-RedHat-config-and-service-files.patch" # Fix RX bug triggered after 14.01.2021 08:25:36 UTC - # https://gerrit.openafs.org/#/c/14491/ - # https://gerrit.openafs.org/#/c/14492/ + # https://gerrit.openafs.org/#/c/14493/ + # https://gerrit.openafs.org/#/c/14494/ + # https://gerrit.openafs.org/#/c/14497/ patch -p1 < "${srcdir}"/0003-rx-rx_InitHost-do-not-overwrite-RAND_bytes-rx_nextCi.patch patch -p1 < "${srcdir}"/0004-rx-update_nextCid-overflow-handling-is-broken.patch + patch -p1 < "${srcdir}"/0005-Remove-overflow-check-from-update_nextCid.patch # Only needed when changes to configure were made ./regen.sh -q |