Bug 25816

Needs to be tested for kernel 5.4 too as that is the next one that will land in  mga7...

CC: (none) => tmb

And 1.8.5 dkms package builds fine with 5.4 series, so:

PAckages to test:

SRPM:
openafs-1.8.5-1.mga7.src.rpm


i586:
dkms-libafs-1.8.5-1.mga7.noarch.rpm
libopenafs-devel-1.8.5-1.mga7.i586.rpm
libopenafs-static-devel-1.8.5-1.mga7.i586.rpm
libopenafs2-1.8.5-1.mga7.i586.rpm
openafs-1.8.5-1.mga7.i586.rpm
openafs-client-1.8.5-1.mga7.i586.rpm
openafs-doc-1.8.5-1.mga7.noarch.rpm
openafs-server-1.8.5-1.mga7.i586.rpm


x86_64:
dkms-libafs-1.8.5-1.mga7.noarch.rpm
lib64openafs-devel-1.8.5-1.mga7.x86_64.rpm
lib64openafs-static-devel-1.8.5-1.mga7.x86_64.rpm
lib64openafs2-1.8.5-1.mga7.x86_64.rpm
openafs-1.8.5-1.mga7.x86_64.rpm
openafs-client-1.8.5-1.mga7.x86_64.rpm
openafs-doc-1.8.5-1.mga7.noarch.rpm
openafs-server-1.8.5-1.mga7.x86_64.rpm

Assignee: bugsquad => qa-bugs
Version: Cauldron => 7
Whiteboard: MGA7TOO => (none)

MGA7-64 Plasma on Lenovo B50
No installation issues.
Following tests in bug 23663 and 22209 as far as I could:
# afsio help
afsio: Commands are:
append          append to a file in AFS
apropos         search by help text
fidappend       append to a file in AFS
fidlock         lock by FID a file from AFS
fidread         read on a non AFS-client a file from AFS
fidunlock       unlock by FID a file from AFS
fidwrite        write a file into AFS
help            get help on commands
lock            lock a file in AFS
read            read a file from AFS
unlock          unlock a file in AFS
version         show version
write           write a file into AFS
# cmdebug -help
Usage: cmdebug -servers <server machine> [-port <IP port>] [-long]
         [-refcounts] [-callbacks] [-ctime] [-addrs] [-cache] [-cellservdb]
         [-help]
Where: -long        print all info
       -refcounts   print only cache entries with positive reference counts
       -callbacks   print only cache entries with callbacks
       -ctime       print human readable expiration time
       -addrs       print only host interfaces
       -cache       print only cache configuration
       -cellservdb  print only cellservdb info
# systemctl -l start openafs-server
# systemctl -l status openafs-server
● openafs-server.service - OpenAFS Server Service
   Loaded: loaded (/usr/lib/systemd/system/openafs-server.service; disabled; vendor preset: disabled)
   Active: active (running) since Wed 2019-12-11 15:43:04 CET; 15s ago
 Main PID: 30143 (bosserver)
   Memory: 4.0M
   CGroup: /system.slice/openafs-server.service
           └─30143 /usr/sbin/bosserver -nofork

dec 11 15:43:04 mach5.hviaene.thuis systemd[1]: Started OpenAFS Server Service.
# systemctl start openafs-client
[root@mach5 ~]# systemctl -l status openafs-client
● openafs-client.service - OpenAFS Client Service
   Loaded: loaded (/usr/lib/systemd/system/openafs-client.service; disabled; vendor preset: disabled)
   Active: active (running) since Wed 2019-12-11 15:44:31 CET; 14s ago
  Process: 6823 ExecStartPre=/bin/sed -n w/etc/openafs/CellServDB /etc/openafs/CellServDB.local /etc/openafs/CellServDB.dist (code=exited, status=0/SUCCESS)
  Process: 6824 ExecStartPre=/bin/chmod 0644 /etc/openafs/CellServDB (code=exited, status=0/SUCCESS)
  Process: 6825 ExecStartPre=/sbin/modprobe libafs (code=exited, status=0/SUCCESS)
  Process: 6831 ExecStart=/sbin/afsd $AFSD_ARGS (code=exited, status=0/SUCCESS)
 Main PID: 6838 (afsd)
   Memory: 6.2M
   CGroup: /system.slice/openafs-client.service
           └─6838 /sbin/afsd -dynroot -fakestat -afsdb

dec 11 15:44:31 mach5.hviaene.thuis systemd[1]: Starting OpenAFS Client Service...
dec 11 15:44:31 mach5.hviaene.thuis afsd[6831]: afsd: All AFS daemons started.
dec 11 15:44:31 mach5.hviaene.thuis afsd[6831]: afsd: All AFS daemons started.
dec 11 15:44:31 mach5.hviaene.thuis systemd[1]: Started OpenAFS Client Service.
# ls /afs
acm-csuf.org/                 cs.pitt.edu/                 hep.man.ac.uk/    
and a load more
# cd /etc/openafs
[root@mach5 openafs]# ll
totaal 96
-rw-r--r-- 1 root root    10 dec 11 15:43 bosserver.rxbind
-rw-r--r-- 1 root root    31 dec  4 00:08 cacheinfo
-rw-r--r-- 1 root root 37197 dec 11 15:44 CellServDB
-rw-r--r-- 1 root root 37197 dec  4 00:08 CellServDB.dist
-rw-r--r-- 1 root root     0 dec 11 15:23 CellServDB.local
drwxr-xr-x 2 root root  4096 dec 11 15:43 server/
-rw-r--r-- 1 root root    12 dec  4 00:08 ThisCell
# wget http://dl.central.org/dl/cellservdb/CellServDB
--2019-12-11 15:46:28--  http://dl.central.org/dl/cellservdb/CellServDB
Herleiden van dl.central.org (dl.central.org)... 128.2.13.212
Verbinding maken met dl.central.org (dl.central.org)|128.2.13.212|:80... verbonden.
HTTP-verzoek is verzonden; wachten op antwoord... 200 OK
Lengte: 36955 (36K)
Wordt opgeslagen als: ‘CellServDB.1’

CellServDB.1                                    100%[====================================================================================================>]  36,09K   177KB/s    in 0,2s    

2019-12-11 15:46:30 (177 KB/s) - '‘CellServDB.1’' opgeslagen [36955/36955]

# echo grand.central.org > /etc/openafs/ThisCell
# df /var/cache/openafs
Bestandssysteem Grootte Gebruikt Besch Geb% Aangekoppeld op
/dev/sda11          29G      21G  7,2G  75% /
# df -h | grep -i afs
AFS                                             2,0T        0  2,0T   0% /afs
# df -h | grep sda1
/dev/sda11                                       29G      21G  7,2G  75% /
/dev/sda1                                       256M      31M  226M  12% /boot/EFI
/dev/sda12                                       29G      15G   13G  56% /mnt/sda12
[root@mach5 openafs]# df -h | grep sda11
/dev/sda11                                       29G      21G  7,2G  75% /
[root@mach5 openafs]# echo "/afs:/var/cache/openafs:9437184" > /etc/openafs/cacheinfo
[root@mach5 openafs]# sed < ${f} -e s/^AFSD_ARGS=/#AFSD_ARGS=/ -e s/^$/AFSD_ARGS="-dynroot -fakestat -afsdb -stat 2000 -dcache 800 -daemons 3 -volumes 70 -nosettime"/ > ${f}+
-bash: ${f}: omleiding is niet eenduidig: detour (?? deviation??- is not unambiguous.
That's as far as I go, but things seem to be running, so OK unless someone revokes.

CC: (none) => herman.viaene
Whiteboard: (none) => MGA7-64-OK

Can't expect to test everything, Herman.

Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Advisory uploaded:

type: security
subject: Updated openafs packages fix security vulnerabilities
src:
  7:
   core:
     - openafs-1.8.5-1.mga7
description: |
  Update to security-release 1.8.5, adresses:

  * OPENAFS-SA-2019-001: Skip server OUT args on error
  * OPENAFS-SA-2019-002: Zero all server RPC args
  * OPENAFS-SA-2019-003: ubik: Avoid unlocked ubik_currentTrans deref

  Update to official version 1.8.4:

  * support Linux-kernel 5.3
  * Avoid non-dir ENOENT errors in afs_lookup
  * fix parsing of fileservers with -vlruthresh, etc.
  * other bugfixes
references:
 - https://bugs.mageia.org/show_bug.cgi?id=25816
 - https://openafs.org/pages/security/OPENAFS-SA-2019-001.txt
 - https://openafs.org/pages/security/OPENAFS-SA-2019-002.txt
 - https://openafs.org/pages/security/OPENAFS-SA-2019-003.txt
 - https://lists.opensuse.org/opensuse-updates/2019-12/msg00013.html
 - http://openafs.org/dl/openafs/1.8.4/RELNOTES-1.8.4
 - http://openafs.org/dl/openafs/1.8.5/RELNOTES-1.8.5

Keywords: (none) => advisory

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2019-0383.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED