[OpenAFS-devel] OpenAFS 1.8.7 available

[Benjamin Kaduk]

Hi Ken,

We have a version called 1.8.6-5 in Debian that contains the same fixes in
1.8.7.  The reason the version is different is because I uploaded the
debian version before the official 1.8.7 tarball/release was available, in
order to get the fixes out faster.

-Ben

On Thu, Jan 21, 2021 at 02:34:57PM -0600, Ken Aaker wrote:
> From main ignorance, I stumbled about for a week or so. But, I've
> finally got my cell running again. I managed that by finding and
> installing the 1.8.7 rpm build off the OpenSuSE build servers, and
> fumbling my way through the re-keying process.  Now, I've got 4 Debian
> 10 (buster) VMs that need the same update, and I can't find it?  Any
> leads? The latest version I have been able to find at Debian is 1.8.6.5?
> 2 of the VMs are "Fileservers" and 2 are build systems.
> 
> Regards,
> 
> Ken Aaker
> 
> On 1/14/21 5:40 PM, Benjamin Kaduk wrote:
> > The OpenAFS Guardians are happy to announce the availability of OpenAFS 1.8.7.
> > Source files can be accessed via the web at:
> >
> >        https://www.openafs.org/release/openafs-1.8.7.html
> >
> > or via AFS at:
> >
> >        UNIX: /afs/grand.central.org/software/openafs/1.8.7/
> >        UNC: \\afs\grand.central.org\software\openafs\1.8.7\
> >
> > This release fixes a critical issue with the generation of Rx connection IDs
> > (CIDs) for Rx clients started after 14 Jan 2021 08:25:36 AM UTC (Unix epoch
> > time 0x60000000).  Unpatched systems will always use the fixed value of
> > 0x80000002 as the CID, which causes connections to fail for multiple reasons.
> > Client commands such as `vos examine` will time out if run after that
> > time, cache managers started after that time will be unable to access files,
> > fileservers started after that time will be unable to access the Ubik databases,
> > and database servers started after that time will be unable to participate
> > in a quorum or Ubik elections.  In particular, fileservers that restart,
> > including due to a scheduled weekly restart, will not be able to register
> > with the volume location service or verify group membership with the
> > protection service.
> >
> > The fix causes the initial CID to be randomly generated (without dependence
> > on the current time) and removes the faulty logic intended to detect signed
> > integer overflow (which is not needed since the field in question is now
> > an unsigned integer).
> >
> > Thanks to Jeffrey Altman of Auristor Inc. for tracking down the key issue.
> >
> > Bug reports should be filed to openafs-bugs@openafs.org.
> >
> > Benjamin Kaduk
> > for the OpenAFS Guardians
> >
> _______________________________________________
> OpenAFS-devel mailing list
> OpenAFS-devel@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-devel