From 8a16f9dc375579993bd05f6dd0d52931c492f79c Mon Sep 17 00:00:00 2001 From: fpdpbuilder_pel7x64builder0 Date: Mon, 5 Aug 2019 17:46:11 +0200 Subject: [PATCH] openafs package creation Signed-off-by: fpdpbuilder_pel7x64builder0 --- SOURCES/CellServDB.2018-05-14 | 665 ++++++++++++++++++++ SOURCES/ChangeLog | 626 +++++++++++++++++++ SOURCES/RELNOTES-1.8.2 | 34 ++ SOURCES/butc-butb-errors.patch | 75 +++ SOURCES/openafs-client.service | 24 + SPECS/openafs.spec | 1047 ++++++++++++++++++++++++++++++++ 6 files changed, 2471 insertions(+) create mode 100644 SOURCES/CellServDB.2018-05-14 create mode 100644 SOURCES/ChangeLog create mode 100644 SOURCES/RELNOTES-1.8.2 create mode 100644 SOURCES/butc-butb-errors.patch create mode 100755 SOURCES/openafs-client.service create mode 100644 SPECS/openafs.spec diff --git a/SOURCES/CellServDB.2018-05-14 b/SOURCES/CellServDB.2018-05-14 new file mode 100644 index 0000000..a6bd8fc --- /dev/null +++ b/SOURCES/CellServDB.2018-05-14 @@ -0,0 +1,665 @@ +>grand.central.org #GCO Public CellServDB 14 May 2018 +18.9.48.14 #grand.mit.edu +128.2.13.219 #grand-old-opry.central.org +>wu-wien.ac.at #University of Economics, Vienna, Austria +137.208.3.33 #goya.wu-wien.ac.at +137.208.7.57 #caravaggio.wu-wien.ac.at +137.208.8.14 #vermeer.wu-wien.ac.at +>hephy.at #hephy-vienna +193.170.243.10 #afs01.hephy.oeaw.ac.at +193.170.243.12 #afs02.hephy.oeaw.ac.at +193.170.243.14 #afs03.hephy.oeaw.ac.at +>cgv.tugraz.at #CGV cell +129.27.218.30 #phobos.cgv.tugraz.at +129.27.218.31 #deimos.cgv.tugraz.at +129.27.218.32 #trinculo.cgv.tugraz.at +>itp.tugraz.at #Institute of Theoretical and Computational Physics, TU Graz, Aus +129.27.161.7 #faepafs1.tu-graz.ac.at +129.27.161.15 #faepafs2.tu-graz.ac.at +129.27.161.114 #faepafs3.tu-graz.ac.at +>sums.math.mcgill.ca #Society of Undergraduate Mathematics Students of McGill Universi +132.216.24.122 #germain.sums.math.mcgill.ca +132.216.24.125 #turing.sums.math.mcgill.ca +>ualberta.ca #University of Alberta +129.128.1.131 #file13.ucs.ualberta.ca +129.128.98.17 #mystery.ucs.ualberta.ca +129.128.125.40 #drake.ucs.ualberta.ca +>cern.ch #European Laboratory for Particle Physics, Geneva +137.138.128.148 #afsdb1.cern.ch +137.138.246.50 #afsdb3.cern.ch +137.138.246.51 #afsdb2.cern.ch +>ams.cern.ch #AMS Experiment +137.138.188.185 #ams.cern.ch +137.138.199.58 #pcamsf4.cern.ch +>epfl.ch #Swiss Federal Institute of Technology at Lausanne +128.178.109.111 #kd1.epfl.ch +128.178.109.112 #kd2.epfl.ch +128.178.109.113 #kd3.epfl.ch +>ethz.ch #Swiss Federal Inst. of Tech. - Zurich, Switzerland +82.130.118.32 #afs-db-1.ethz.ch +>psi.ch #Paul Scherrer Institut - Villigen, Switzerland +129.129.190.140 #afs00.psi.ch +129.129.190.141 #afs01.psi.ch +129.129.190.142 #afs02.psi.ch +>extundo.com #Simon Josefsson's cell +195.42.214.241 #slipsten.extundo.com +>freedaemon.com #Free Daemon Consulting, Oklahoma City, OK, USA +66.210.104.254 #afs0.freedaemon.com +>membrain.com #membrain.com +66.93.118.125 #stormy +130.85.24.11 #weasel +130.85.24.13 #straykitten +>nilcons.com #nilcons.com +5.9.14.177 #files.nilcons.com +>sodre.cx #Sodre.cx +128.8.140.165 #greed.sodre.cx +>ruk.cuni.cz #Charles University Computer Centre, Prague, CR +195.113.0.36 #asterix.ruk.cuni.cz +195.113.0.37 #obelix.ruk.cuni.cz +195.113.0.40 #sal.ruk.cuni.cz +>ics.muni.cz #Masaryk university +147.228.240.30 #afs-plzen.meta.zcu.cz +147.251.9.9 #smaug2.ics.muni.cz +195.113.214.4 #tarkil-xen.cesnet.cz +>zcu.cz #University of West Bohemia, Czech Republic +147.228.10.18 #sauron.zcu.cz +147.228.52.10 #oknos.zcu.cz +147.228.52.17 #nic.zcu.cz +>desy.de #Deutsches Elektronen-Synchrotron +131.169.2.19 #afsdb2.desy.de +131.169.2.20 #afsdb3.desy.de +131.169.244.60 #solar00.desy.de +>naf.desy.de #National Analysis Facility at DESY +141.34.220.32 #tcsh1-vm1.naf.desy.de +141.34.230.33 #tcsh2-vm1.naf.desy.de +141.34.230.34 #tcsh3-vm1.naf.desy.de +>gppc.de #GPP Chemnitz mbH +213.187.92.33 #gpp1.gppc.de +213.187.92.34 #paulchen.gppc.de +213.187.92.35 #lotus.gppc.de +>cms.hu-berlin.de #Humboldt University Berlin +141.20.1.65 #commodus.cms.hu-berlin.de +141.20.1.66 #faustinus.cms.hu-berlin.de +141.20.1.67 #marcellus.cms.hu-berlin.de +>ifh.de #DESY Zeuthen +141.34.22.10 #romulus.ifh.de +141.34.22.11 #remus.ifh.de +141.34.22.29 #hekate.ifh.de +>integra-ev.de #INTEGRA e.V. +134.155.48.8 #afsdb2.integra-ev.de +134.155.48.63 #afsdb1.integra-ev.de +>lrz-muenchen.de #Leibniz Computing Centre, Germany +129.187.10.36 #afs1.lrz-muenchen.de +129.187.10.56 #afs3.lrz-muenchen.de +129.187.10.57 #afs2.lrz-muenchen.de +>ipp-garching.mpg.de #Institut fuer Plasmaphysik +130.183.9.5 #afs-db1.rzg.mpg.de +130.183.14.14 #afs-db3.bc.rzg.mpg.de +130.183.100.10 #afs-db2.aug.ipp-garching.mpg.de +>mpe.mpg.de #MPE cell +130.183.130.7 #irafs1.mpe-garching.mpg.de +130.183.134.20 #irafs2.mpe-garching.mpg.de +>nicsys.de #NICsys GbR +213.187.80.3 #attila.nicsys.de +>i1.informatik.rwth-aachen.de #Informatik I, RWTH Aachen +137.226.244.79 #remus.informatik.rwth-aachen.de +>combi.tfh-wildau.de #Philips Research Lab +194.95.50.106 #joda13.combi.tfh-wildau.de +>tu-berlin.de #TU Berlin +130.149.204.10 #afsc-pr-1.tubit.tu-berlin.de +130.149.204.11 #afsc-pr-2.tubit.tu-berlin.de +130.149.204.70 #afsc-ba-1.tubit.tu-berlin.de +>tu-bs.de #Technical University of Braunschweig, Germany +134.169.1.1 #rzafs1.rz.tu-bs.de +134.169.1.5 #rzafs2.rz.tu-bs.de +134.169.1.6 #rzafs3.rz.tu-bs.de +>tu-chemnitz.de #Technische Universitaet Chemnitz, Germany +134.109.2.1 #zuse.hrz.tu-chemnitz.de +134.109.2.2 #andrew.hrz.tu-chemnitz.de +134.109.2.15 #phoenix.hrz.tu-chemnitz.de +>e18.ph.tum.de #Experimental Physics, TU Munich, Germany +129.187.154.165 #dionysos.e18.physik.tu-muenchen.de +129.187.154.223 #hamlet.e18.physik.tu-muenchen.de +>physik.uni-bonn.de #Institute of Physics, University of Bonn, Germany +131.220.166.33 #afsdb1.physik.uni-bonn.de +131.220.166.34 #afsdb2.physik.uni-bonn.de +131.220.166.35 #afsdb3.physik.uni-bonn.de +>atlass01.physik.uni-bonn.de #Bonn ATLAS +131.220.165.43 #atlass01.physik.uni-bonn.de +>uni-freiburg.de #Albert-Ludwigs-Universitat Freiburg +132.230.6.237 #sv8.ruf.uni-freiburg.de +132.230.6.239 #sv10.ruf.uni-freiburg.de +>physik.uni-freiburg.de #Institute of Physics, University Freiburg, Germany +132.230.6.234 #afs1.ruf.uni-freiburg.de +132.230.6.235 #afs2.ruf.uni-freiburg.de +132.230.77.12 #sherlock.physik.uni-freiburg.de +>math.uni-hamburg.de #Department of Mathematics Uni Hamburg +134.100.223.3 #afs-core.math.uni-hamburg.de +134.100.223.6 #afs-core2.math.uni-hamburg.de +134.100.223.9 #afs-core3.math.uni-hamburg.de +>physnet.uni-hamburg.de #PHYSnet-Rechenzentrum university of hamburg +134.100.106.44 #afs-core.physnet.uni-hamburg.de +134.100.106.45 #afs-core2.physnet.uni-hamburg.de +134.100.106.47 #afs-core3.physnet.uni-hamburg.de +>iqo.uni-hannover.de #Institut fuer Quantenoptik Hannover +130.75.103.221 #afs1.iqo.uni-hannover.de +130.75.103.223 #afs2.iqo.uni-hannover.de +>mathi.uni-heidelberg.de #Uni Heidelberg (Mathematisches Institut) +129.206.26.241 #hactar.mathi.uni-heidelberg.de +>urz.uni-heidelberg.de #Uni Heidelberg (Rechenzentrum) +129.206.119.10 #afsdb.urz.uni-heidelberg.de +129.206.119.16 #afsdb1.urz.uni-heidelberg.de +129.206.119.17 #afsdb2.urz.uni-heidelberg.de +>ziti.uni-heidelberg.de #Institute of Computer Science at the University of Heidelberg +147.142.42.246 #mp-sun.ziti.uni-heidelberg.de +147.142.42.252 #mp-pizza.ziti.uni-heidelberg.de +>uni-hohenheim.de #University of Hohenheim +144.41.2.2 #rs13.serv.uni-hohenheim.de +144.41.2.3 #rs14.serv.uni-hohenheim.de +144.41.2.4 #rs15.serv.uni-hohenheim.de +>rz.uni-jena.de #Rechenzentrum University of Jena, Germany +141.35.2.180 #afs00.rz.uni-jena.de +141.35.2.181 #afs01.rz.uni-jena.de +141.35.2.182 #afs02.rz.uni-jena.de +>meteo.uni-koeln.de #Univ. of Cologne - Inst. for Geophysics & Meteorology +134.95.144.22 #afs1.meteo.uni-koeln.de +134.95.144.24 #afs2.meteo.uni-koeln.de +>rrz.uni-koeln.de #University of Cologne - Reg Comp Center +134.95.19.3 #afsdb1.rrz.uni-koeln.de +134.95.19.4 #afsdb2.rrz.uni-koeln.de +134.95.19.10 #lyra.rrz.uni-koeln.de +134.95.67.97 #afs.thp.uni-koeln.de +134.95.112.8 #ladon.rrz.uni-koeln.de +>urz.uni-magdeburg.de #Otto-von-Guericke-Universitaet, Magdeburg +141.44.7.6 #lem.urz.uni-magdeburg.de +141.44.8.14 #bowles.urz.uni-magdeburg.de +141.44.13.5 #strugazki.urz.uni-magdeburg.de +>physik.uni-mainz.de #institute of physics, university Mainz, Germany +134.93.130.93 #hardy.physik.uni-mainz.de +>uni-mannheim.de #Uni Mannheim (Rechenzentrum) +134.155.97.204 #afsdb1.uni-mannheim.de +134.155.97.205 #afsdb2.uni-mannheim.de +134.155.97.206 #afsdb3.uni-mannheim.de +>mathematik.uni-stuttgart.de #University of Stuttgart, Math Dept. +129.69.61.1 #fbm01.mathematik.uni-stuttgart.de +129.69.61.2 #fbm02.mathematik.uni-stuttgart.de +129.69.61.3 #fbm03.mathematik.uni-stuttgart.de +>stud.mathematik.uni-stuttgart.de #CIP-Pool of Math. Dept, University of Stuttgart +129.69.61.28 #omni.mathematik.uni-stuttgart.de +129.69.116.201 #stud01.mathematik.uni-stuttgart.de +129.69.116.202 #stud02.mathematik.uni-stuttgart.de +129.69.116.203 #stud03.mathematik.uni-stuttgart.de +>physik.uni-wuppertal.de #Physics department of Bergische Universität Wuppertal +132.195.104.3 #afs1.physik.uni-wuppertal.de +132.195.104.230 #afs2.physik.uni-wuppertal.de +>s-et.aau.dk #Aalborg Univ., The Student Society, Denmark +130.225.196.22 #afs.s-et.aau.dk +>ies.auc.dk #Aalborg Univ., Inst. of Electronic Systems, Denmark +130.225.51.73 #afsdb1.kom.auc.dk +130.225.51.74 #afsdb2.kom.auc.dk +130.225.51.85 #afsdb3.kom.auc.dk +>asu.edu #Arizona State University +129.219.10.69 #authen2.asu.edu +129.219.10.70 #authen1.asu.edu +129.219.10.72 #authen3.asu.edu +>hep.caltech.edu #Caltech High Energy Physics +131.215.116.20 #afs.hep.caltech.edu +>ugcs.caltech.edu #Caltech UGCS lab +131.215.176.65 #afs-c.ugcs.caltech.edu +131.215.176.67 #afs-a.ugcs.caltech.edu +131.215.176.68 #afs-b.ugcs.caltech.edu +>andrew.cmu.edu #Carnegie Mellon University - Computing Services Cell +128.2.10.2 #afsdb-01.andrew.cmu.edu +128.2.10.7 #afsdb-02.andrew.cmu.edu +128.2.10.11 #afsdb-03.andrew.cmu.edu +>mw.andrew.cmu.edu #Carnegie Mellon University - Middleware Test Cell +128.2.234.24 #null.andrew.cmu.edu +128.2.234.170 #mw-mgr.andrew.cmu.edu +>club.cc.cmu.edu #Carnegie Mellon University Computer Club +128.2.204.149 #barium.club.cc.cmu.edu +128.237.157.11 #sodium.club.cc.cmu.edu +128.237.157.13 #potassium.club.cc.cmu.edu +>chem.cmu.edu #Carnegie Mellon University - Chemistry Dept. +128.2.40.134 #afs.chem.cmu.edu +128.2.40.140 #afs2.chem.cmu.edu +>cs.cmu.edu #Carnegie Mellon University - School of Comp. Sci. +128.2.172.58 #date.srv.cs.cmu.edu +128.2.172.60 #fig.srv.cs.cmu.edu +128.2.200.97 #watermelon.srv.cs.cmu.edu +>ece.cmu.edu #Carnegie Mellon University - Elec. Comp. Eng. Dept. +128.2.129.7 #porok.ece.cmu.edu +128.2.129.8 #vicio.ece.cmu.edu +128.2.129.9 #e-xing.ece.cmu.edu +>scotch.ece.cmu.edu #CMU ECE CALCM research group +128.2.134.82 #lagavulin.ece.cmu.edu +>qatar.cmu.edu #Carnegie Mellon University - Qatar +86.36.46.6 #afs1.qatar.cmu.edu +86.36.46.7 #afs2.qatar.cmu.edu +>sbp.ri.cmu.edu #Carnegie Mellon University - Sensor Based Planning Lab +128.2.179.12 #nihao.sbp.ri.cmu.edu +128.2.179.113 #youtheman.sbp.ri.cmu.edu +>cnf.cornell.edu #CNF +128.253.198.9 #hole.cnf.cornell.edu +128.253.198.27 #smoke.cnf.cornell.edu +128.253.198.231 #mist.cnf.cornell.edu +>math.cornell.edu #Cornell Math Dept +128.84.234.12 #pooh.math.cornell.edu +128.84.234.16 #bernoulli.math.cornell.edu +128.84.234.162 #dyno.math.cornell.edu +>msc.cornell.edu #Cornell University Materials Science Center +128.84.231.242 #miranda.ccmr.cornell.edu +128.84.241.35 #co.ccmr.cornell.edu +128.84.249.78 #dax.ccmr.cornell.edu +>dbic.dartmouth.edu #Dartmouth Brain Imaging Center +129.170.30.143 #dbicafs1.dartmouth.edu +129.170.30.144 #dbicafs2.dartmouth.edu +129.170.30.145 #dbicafs3.dartmouth.edu +>northstar.dartmouth.edu #Dartmouth College Research Computing +129.170.16.22 #halley.dartmouth.edu +129.170.16.26 #andromeda.dartmouth.edu +129.170.199.250 #kuiper.dartmouth.edu +>cs.hm.edu #Department Computer Science Munich University Of Applied Science +129.187.208.31 #afs1.cs.hm.edu +>eecs.harvard.edu #Harvard - EECS +140.247.60.64 #lefkada.eecs.harvard.edu +140.247.60.83 #corfu.eecs.harvard.edu +>iastate.edu #Iowa State University +129.186.1.243 #afsdb-1.iastate.edu +129.186.6.243 #afsdb-2.iastate.edu +129.186.142.243 #afsdb-3.iastate.edu +>acm.jhu.edu #Johns Hopkins ACM chapter +128.220.35.191 #chicago.acm.jhu.edu +128.220.70.76 #typhon.acm.jhu.edu +>athena.mit.edu #MIT/Athena cell +18.7.45.11 #leda.mit.edu +18.9.48.11 #castor.mit.edu +18.9.48.12 #pollux.mit.edu +>csail.mit.edu #MIT Computer Science & Artificial Intelligence Lab +128.30.2.13 #titanic.csail.mit.edu +128.30.2.31 #vasa.csail.mit.edu +128.30.2.75 #maine.csail.mit.edu +>lns.mit.edu #MIT/LNS Cell +198.125.160.134 #afs2.lns.mit.edu. +198.125.160.217 #afsdbserv1.lns.mit.edu. +198.125.160.218 #afsdbserv2.lns.mit.edu. +>net.mit.edu #MIT/Network Group cell +18.7.62.60 #willy.mit.edu +18.9.48.15 #moby.mit.edu +18.9.48.16 #springer.mit.edu +>sipb.mit.edu #MIT/SIPB cell +18.4.60.19 #reynelda.mit.edu +18.4.60.22 #rosebud.mit.edu +18.4.60.23 #ronald-ann.mit.edu +>msu.edu #Michigan State University Main Cell +35.9.7.10 #afsdb0.cl.msu.edu +35.9.7.11 #afsdb1.cl.msu.edu +35.9.7.12 #afsdb2.cl.msu.edu +>nd.edu #University of Notre Dame +129.74.223.17 #john.helios.nd.edu +129.74.223.33 #lizardo.helios.nd.edu +129.74.223.65 #buckaroo.helios.nd.edu +>crc.nd.edu #University of Notre Dame - Center for Research Computing +129.74.85.34 #afsdb1.crc.nd.edu +129.74.85.35 #afsdb2.crc.nd.edu +129.74.85.36 #afsdb3.crc.nd.edu +>pitt.edu #University of Pittsburgh +136.142.8.15 #afs09.srv.cis.pitt.edu +136.142.8.20 #afs10.srv.cis.pitt.edu +136.142.8.21 #afs11.srv.cis.pitt.edu +>cs.pitt.edu #University of Pittsburgh - Computer Science +136.142.22.5 #afs01.cs.pitt.edu +136.142.22.6 #afs02.cs.pitt.edu +136.142.22.7 #afs03.cs.pitt.edu +>psc.edu #PSC (Pittsburgh Supercomputing Center) +128.182.59.182 #shaggy.psc.edu +128.182.66.184 #velma.psc.edu +128.182.66.185 #daphne.psc.edu +>scoobydoo.psc.edu #PSC Test Cell +128.182.59.181 #scooby.psc.edu +>cede.psu.edu #Penn State - Center for Engr. Design & Entrepeneurship +146.186.218.10 #greenly.cede.psu.edu +146.186.218.60 #b50.cede.psu.edu +146.186.218.246 #stalin.cede.psu.edu +>rose-hulman.edu #Rose-Hulman Institute of Technology +137.112.7.11 #afs1.rose-hulman.edu +137.112.7.12 #afs2.rose-hulman.edu +137.112.7.13 #afs3.rose-hulman.edu +>cs.rose-hulman.edu #Rose-Hulman CS Department +137.112.40.10 #galaxy.cs.rose-hulman.edu +>rpi.edu #Rensselaer Polytechnic Institute +128.113.22.11 #saul.server.rpi.edu +128.113.22.12 #joab.server.rpi.edu +128.113.22.13 #korah.server.rpi.edu +128.113.22.14 #achan.server.rpi.edu +>hep.sc.edu #University of South Carolina, Dept. of Physics +129.252.78.77 #cpeven.physics.sc.edu +>cs.stanford.edu #Stanford University Computer Science Department +171.64.64.10 #cs-afs-1.Stanford.EDU +171.64.64.66 #cs-afs-2.stanford.edu +171.64.64.69 #cs-afs-3.stanford.edu +>ir.stanford.edu #Stanford University +171.64.7.222 #afsdb1.stanford.edu +171.64.7.234 #afsdb2.stanford.edu +171.64.7.246 #afsdb3.stanford.edu +>slac.stanford.edu #Stanford Linear Accelerator Center +134.79.18.25 #afsdb1.slac.stanford.edu +134.79.18.26 #afsdb2.slac.stanford.edu +134.79.18.27 #afsdb3.slac.stanford.edu +>physics.ucsb.edu #UC Santa Barbara, Physics Dept +128.111.18.161 #ledzeppelin.physics.ucsb.edu +>cats.ucsc.edu #University of California, Santa Cruz +128.114.123.8 #afs-prod-front-1.ucsc.edu +128.114.123.9 #afs-prod-front-2.ucsc.edu +128.114.123.10 #afs-prod-front-3.ucsc.edu +>ncsa.uiuc.edu #National Center for Supercomputing Applications at Illinois +141.142.192.66 #nile-vm.ncsa.uiuc.edu +141.142.192.143 #congo-vm.ncsa.uiuc.edu +141.142.192.144 #kaskaskia-vm.ncsa.uiuc.edu +>umbc.edu #University of Maryland, Baltimore County +130.85.24.23 #db2.afs.umbc.edu +130.85.24.87 #db3.afs.umbc.edu +130.85.24.101 #db1.afs.umbc.edu +>glue.umd.edu #University of Maryland - Project Glue +128.8.70.11 #olmec.umd.edu +128.8.236.4 #egypt.umd.edu +128.8.236.230 #babylon.umd.edu +>wam.umd.edu #University of Maryland Network WAM Project +128.8.70.9 #csc-srv.wam.umd.edu +128.8.236.5 #avw-srv.wam.umd.edu +128.8.236.231 #ptx-srv.wam.umd.edu +>umich.edu #University of Michigan - Campus +141.211.1.32 #fear.ifs.umich.edu +141.211.1.33 #surprise.ifs.umich.edu +141.211.1.34 #ruthless.ifs.umich.edu +>atlas.umich.edu #ATLAS group cell in physics at University of Michigan +141.211.43.102 #linat02.grid.umich.edu +141.211.43.103 #linat03.grid.umich.edu +141.211.43.104 #linat04.grid.umich.edu +>citi.umich.edu #University of Michigan - Center for Information Technology Integ +141.212.112.5 #babylon.citi.umich.edu +>isis.unc.edu #Univ. of NC at Chapel Hill - ITS +152.2.1.5 #db0.isis.unc.edu +152.2.1.6 #db1.isis.unc.edu +152.2.1.7 #db2.isis.unc.edu +>eng.utah.edu #University of Utah - Engineering +155.98.111.9 #lenny.eng.utah.edu +155.98.111.10 #carl.eng.utah.edu +>cs.uwm.edu #University of Wisconsin--Milwaukee +129.89.38.124 #solomons.cs.uwm.edu +129.89.143.71 #filip.cs.uwm.edu +>cs.vassar.edu #Computer Science research network / Vassar College +143.229.6.73 #afsserv.cs.vassar.edu +>cs.wisc.edu #Univ. of Wisconsin-Madison, Computer Sciences Dept. +128.105.132.14 #timon.cs.wisc.edu +128.105.132.15 #pumbaa.cs.wisc.edu +128.105.132.16 #zazu.cs.wisc.edu +>engr.wisc.edu #University of Wisconsin-Madison, College of Engineering +144.92.13.14 #larry.cae.wisc.edu +144.92.13.15 #curly.cae.wisc.edu +144.92.13.16 #moe.cae.wisc.edu +>hep.wisc.edu #University of Wisconsin -- High Energy Physics +128.104.28.219 #anise.hep.wisc.edu +144.92.180.7 #rosemary.hep.wisc.edu +144.92.180.30 #fennel.hep.wisc.edu +>physics.wisc.edu #Univ. of Wisconsin-Madison, Physics Department +128.104.160.13 #kendra.physics.wisc.edu +128.104.160.14 #fray.physics.wisc.edu +128.104.160.15 #buffy.physics.wisc.edu +>ciemat.es #Ciemat, Madrid, Spain +192.101.165.10 #afsdb1.ciemat.es +192.101.165.11 #afsdb2.ciemat.es +>ifca.unican.es #Instituto de Fisica de Cantabria (IFCA), Santander, Spain +193.144.209.20 #gridwall.ifca.unican.es +>ific.uv.es #Instituto de Fisica Corpuscular, Valencia, Spain +147.156.163.11 #alpha.ific.uv.es +>alteholz.eu #alteholz.eu +78.47.192.125 #krb1eu.afs.alteholz.net +>in2p3.fr #IN2P3 +134.158.104.11 #ccafsdb01.in2p3.fr +134.158.104.12 #ccafsdb02.in2p3.fr +134.158.104.13 #ccafsdb03.in2p3.fr +>mcc.ac.gb #University of Manchester +130.88.203.41 #nevis.mc.man.ac.uk +130.88.203.144 #eryri.mc.man.ac.uk +130.88.203.145 #scafell.mc.man.ac.uk +>anl.gov #Argonne National Laboratory +146.137.96.33 #arteus.it.anl.gov +146.137.162.88 #agamemnon.it.anl.gov +146.137.194.80 #antenor.it.anl.gov +>rhic.bnl.gov #Relativistic Heavy Ion Collider +130.199.6.51 #rafs03.rcf.bnl.gov +130.199.6.52 #rafs02.rcf.bnl.gov +130.199.6.69 #rafs01.rcf.bnl.gov +>usatlas.bnl.gov #US Atlas Tier 1 Facility at BNL +130.199.48.32 #aafs01.usatlas.bnl.gov +130.199.48.33 #aafs02.usatlas.bnl.gov +130.199.48.34 #aafs03.usatlas.bnl.gov +>jpl.nasa.gov #Jet Propulsion Laboratory +137.78.160.21 #afsdb08.jpl.nasa.gov +137.78.160.22 #afsdb09.jpl.nasa.gov +137.78.160.23 #afsdb10.jpl.nasa.gov +>doe.atomki.hu #Institute of Nuclear Research (MTA ATOMKI), Debrecen, Hungary +193.6.179.31 #afs.doe.atomki.hu +>bme.hu #Budapest University of Technology and Economics +152.66.241.6 #afs.iit.bme.hu +>kfki.hu #Wigner Research Centre for Physics - Budapest, Hungary +148.6.2.109 #afs0.kfki.hu +>rnd.ru.is #Reykjavik University Research and Development Network +130.208.242.66 #lithium.rnd.ru.is. +130.208.242.67 #beryllium.rnd.ru.is. +130.208.242.68 #boron.rnd.ru.is. +>caspur.it #CASPUR Inter-University Computing Consortium, Rome +193.204.5.45 #pomodoro.caspur.it +193.204.5.46 #banana.caspur.it +193.204.5.50 #maslo.caspur.it +>enea.it #ENEA New Tech. Energy & Environment Agency, Italy +192.107.54.5 #aixfs.frascati.enea.it +192.107.54.11 #rs2ced.frascati.enea.it +192.107.54.12 #43p.frascati.enea.it +>fusione.it #Assoz. FUSIONE/Euratom, ENEA, Frascati-Italy +192.107.90.2 #fusafs1.frascati.enea.it +192.107.90.3 #fusafs2.frascati.enea.it +192.107.90.4 #fusafs3.frascati.enea.it +>icemb.it #ICEMB, Universita' La Sapienza - Rome - Italy +193.204.6.130 #icembfs.caspur.it +>ictp.it #The Abdus Salam International Centre for Theoretical Physics (IC +140.105.34.7 #afsdb1.ictp.it +140.105.34.8 #afsdb2.ictp.it +>infn.it #Istituto Nazionale di Fisica Nucleare (INFN), Italia +131.154.1.7 #afscnaf.infn.it +141.108.26.75 #afsrm1.roma1.infn.it +192.84.134.75 #afsna.na.infn.it +>ba.infn.it #INFN, Sezione di Bari +193.206.185.235 #baafsserver.ba.infn.it +193.206.185.236 #debsrv.ba.infn.it +>kloe.infn.it #INFN, KLOE experiment at Laboratori di Frascati +192.135.25.111 #kloeafs1.lnf.infn.it +192.135.25.112 #kloeafs2.lnf.infn.it +>le.infn.it #INFN, Sezione di Lecce +192.84.152.40 #afs01.le.infn.it +192.84.152.148 #afs02.le.infn.it +>lnf.infn.it #INFN, Laboratori Nazionali di Frascati +193.206.84.121 #afs1.lnf.infn.it +193.206.84.122 #afs2.lnf.infn.it +193.206.84.123 #afs3.lnf.infn.it +>lngs.infn.it #INFN, Laboratori Nazionali del Gran Sasso +192.84.135.21 #afs1.lngs.infn.it +192.84.135.133 #afs2.lngs.infn.it +>pi.infn.it #INFN, Sezione di Pisa +192.84.133.50 #aix1.pi.infn.it +212.189.152.6 #afs1.pi.infn.it +212.189.152.7 #afs2.pi.infn.it +>roma3.infn.it #Istituto Nazionale di Fisica Nucleare (INFN), Italia +193.205.159.17 #afsrm3.roma3.infn.it +>psm.it #Progetto San Marco, Universita' di Roma-1 +151.100.1.65 #atlante.psm.uniroma1.it +>tgrid.it #CASPUR-CILEA-CINECA Grid Cell +193.204.5.33 #cccgrid.caspur.it +>math.unifi.it #math.unifi.it +150.217.34.182 #xeno.math.unifi.it +>ing.uniroma1.it #Universita' La Sapienza, Fac. Ingeneria +151.100.85.253 #alfa.ing.uniroma1.it +>dia.uniroma3.it #University Roma Tre - DIA +193.204.161.67 #srv.dia.uniroma3.it +193.204.161.79 #aux.dia.uniroma3.it +193.204.161.118 #afs.dia.uniroma3.it +>vn.uniroma3.it #University Roma Tre, area Vasca Navale +193.205.219.59 #alfa2.dia.uniroma3.it +193.205.219.60 #beta2.dia.uniroma3.it +193.205.219.61 #gamma2.dia.uniroma3.it +>italia #Italian public AFS cell +193.204.5.9 #afs.caspur.it +>cmf.nrl.navy.mil #Naval Research Laboratory - Center for Computational Science +134.207.12.68 #picard.cmf.nrl.navy.mil +134.207.12.69 #riker.cmf.nrl.navy.mil +134.207.12.70 #kirk.cmf.nrl.navy.mil +>lcp.nrl.navy.mil #Naval Research Lab - Lab for Computational Physics +132.250.114.2 #afs1.lcp.nrl.navy.mil +132.250.114.4 #afs2.lcp.nrl.navy.mil +132.250.114.6 #afs3.lcp.nrl.navy.mil +>nucleares.unam.mx #Instituto de Ciencias Nucleares, UNAM, Mexico +132.248.29.50 #nahualli.nucleares.unam.mx +>crossproduct.net #crossproduct.net +207.114.88.173 #geodesic.crossproduct.net +>epitech.net #EPITECH, France +163.5.255.41 #afs-db-1.epitech.net +163.5.255.42 #afs-db-2.epitech.net +>es.net #Energy Sciences Net +198.128.3.21 #fs1.es.net +198.128.3.22 #fs2.es.net +198.128.3.23 #fs3.es.net +>gorlaeus.net #Gorlaeus Laboratories, Leiden University +132.229.170.27 #fwncisafs1.gorlaeus.net +>laroia.net #Laroia Networks +66.66.102.254 #supercore.laroia.net +>pallissard.net #pallissard.net +35.184.35.247 #files.pallissard.net +>sinenomine.net #Sine Nomine Associates +207.89.43.108 #afsdb3.sinenomine.net +207.89.43.109 #afsdb4.sinenomine.net +207.89.43.110 #afsdb5.sinenomine.net +>slackers.net #The Slackers' Network +199.4.150.159 #alexandria.slackers.net +>tproa.net #The People's Republic of Ames +204.11.35.83 #service-3.tproa.net +204.11.35.84 #service-4.tproa.net +204.11.35.85 #service-5.tproa.net +>interdose.net #Interdose Ltd. & Co. KG, Germany +80.190.171.42 #bfd9000.tow5.interdose.net +80.190.171.43 #bfd9001.tow5.interdose.net +>nikhef.nl #The Dutch National Institute for High Energy Physics +192.16.185.26 #afs1.nikhef.nl +192.16.185.27 #afs2.nikhef.nl +>acm-csuf.org #California State Univerisity Fullerton ACM +137.151.29.193 #afs1.acm-csuf.org +>adrake.org #adrake.org +128.2.98.241 #afs.adrake.org +>bazquux.org #Baz Quux Organization +66.207.142.196 #baxquux.org +>coed.org #Adam Pennington's Cell +66.93.61.184 #vice1.coed.org +128.237.157.35 #vice3.coed.org +>dementia.org #Dementia Unlimited (old) +128.2.13.209 #dedlock.dementix.org +128.2.234.204 #vorkana.dementix.org +128.2.235.26 #meredith.dementix.org +>dementix.org #Dementia Unlimited +128.2.13.209 #dedlock.dementix.org +128.2.234.204 #vorkana.dementix.org +128.2.235.26 #meredith.dementix.org +>idahofuturetruck.org #University of Idaho hybrid vehicle development +12.18.238.210 #dsle210.fsr.net +>afs.ietfng.org #ietfng.org +67.62.51.95 #a.afs.ietfng.org +>jeaton.org #jeaton.org (Jeffrey Eaton, jeaton@jeaton.org) +128.2.234.89 #jeaton-org-01.jeaton.org +128.2.234.92 #jeaton-org-02.jeaton.org +>mrph.org #Mrph +66.207.133.1 #sanber.mrph.org +128.2.99.209 #hernandarias.mrph.org +>mstacm.org #Missouri Science & Technology - ACM +131.151.249.193 #acm.mst.edu +>nomh.org #nomh.org +204.29.154.12 #iota.nomh.org +204.29.154.32 #adversity.xi.nomh.org +>oc7.org #The OC7 Project +128.2.122.140 #knife.oc7.org +207.22.77.170 #spoon.oc7.org +>pfriedma.org #pfriedma.org +72.95.215.18 #vice.pfriedma.org +>riscpkg.org #The RISC OS Packaging Project +83.104.175.10 #delenn.riscpkg.org +>kth.se #Royal Institute of Technology, Stockholm, Sweden +130.237.32.145 #sonen.e.kth.se +130.237.48.7 #anden.e.kth.se +130.237.48.244 #fadern.e.kth.se +>ict.kth.se #Royal Institute of Technology, Information and Communication tec +130.237.216.11 #afsdb1.ict.kth.se +130.237.216.12 #afsdb2.ict.kth.se +130.237.216.13 #afsdb3.ict.kth.se +>it.kth.se #Royal Institute of Technology, Teleinformatics, Kista +130.237.216.14 #afsdb1.it.kth.se +130.237.216.15 #afsdb2.it.kth.se +130.237.216.16 #afsdb3.it.kth.se +>md.kth.se #Royal Institute of Technology, MMK +130.237.32.63 #mdafs-1.sys.kth.se +>mech.kth.se #Royal Institute of Technology, MECH +130.237.233.142 #matterhorn.mech.kth.se +130.237.233.143 #castor.mech.kth.se +130.237.233.144 #pollux.mech.kth.se +>nada.kth.se #Royal Institute of Technology, NADA +130.237.223.12 #afsdb-2.csc.kth.se +130.237.224.78 #afsdb-3.csc.kth.se +130.237.227.23 #afsdb-4.csc.kth.se +>pdc.kth.se #Royal Institute of Technology, PDC +130.237.232.29 #crab.pdc.kth.se +130.237.232.112 #anna.pdc.kth.se +130.237.232.114 #hokkigai.pdc.kth.se +>stacken.kth.se #Stacken Computer Club +130.237.234.3 #milko.stacken.kth.se +130.237.234.43 #hot.stacken.kth.se +130.237.234.101 #fishburger.stacken.kth.se +>syd.kth.se #Royal Institute of Technology, KTH-Syd +130.237.83.23 #afs.haninge.kth.se +>sanchin.se #Sanchin Consulting AB, Sweden +192.195.148.10 #sesan.sanchin.se +>su.se #Stockholm University +130.237.162.81 #afsdb1.su.se +130.237.162.82 #afsdb2.su.se +130.237.162.230 #afsdb3.su.se +>fysik.su.se #Stockholm University, Physics Department +130.237.244.134 #srv01.fysik.su.se +130.237.244.135 #srv02.fysik.su.se +130.237.244.139 #srv05.fysik.su.se +>f9.ijs.si #F9, Jozef Stefan Institue +194.249.156.1 #brenta.ijs.si +>p-ng.si #University of Nova Gorica +193.2.120.2 #solkan.p-ng.si +193.2.120.9 #sabotin.p-ng.si +>ihep.su #Institute for High-Energy Physics +194.190.165.201 #fs0001.ihep.su +194.190.165.202 #fs0002.ihep.su +>motherfsck.tech #motherfsck.tech +>hep-ex.physics.metu.edu.tr #METU Department of Physics, Experimental HEP group, Ankara/Turke +144.122.31.131 #neutrino.physics.metu.edu.tr +>phy.bris.ac.uk #Bristol University - physics +137.222.74.18 #zen.phy.bris.ac.uk +>inf.ed.ac.uk #School of Informatics, University of Edinburgh +129.215.64.16 #afsdb0.inf.ed.ac.uk +129.215.64.17 #afsdb1.inf.ed.ac.uk +129.215.64.18 #afsdb2.inf.ed.ac.uk +>phas.gla.ac.uk #Univeristy of Glasgow Physics And Astronomy +194.36.1.19 #afsdb1.phas.gla.ac.uk +194.36.1.27 #afsdb3.phas.gla.ac.uk +194.36.1.33 #afsdb2.phas.gla.ac.uk +>ic.ac.uk #Imperial College London +155.198.63.148 #icafs2.cc.ic.ac.uk +155.198.63.149 #icafs1.cc.ic.ac.uk +>hep.man.ac.uk #Manchester HEP +194.36.2.3 #afs1.hep.man.ac.uk +194.36.2.4 #afs2.hep.man.ac.uk +194.36.2.5 #afs3.hep.man.ac.uk +>tlabs.ac.za #iThemba LABS Cell +196.24.232.1 #afs01.tlabs.ac.za +196.24.232.2 #afs02.tlabs.ac.za +196.24.232.3 #afs03.tlabs.ac.za diff --git a/SOURCES/ChangeLog b/SOURCES/ChangeLog new file mode 100644 index 0000000..4673099 --- /dev/null +++ b/SOURCES/ChangeLog @@ -0,0 +1,626 @@ +commit d77120341812164516e3d8e380c98f6be6dac9d7 +Author: Benjamin Kaduk +Date: Mon Sep 10 20:36:31 2018 -0500 + + Make OpenAFS 1.6.23 + + Update version strings for the 1.6.23 release. + + Change-Id: I4cbfcca4f986cd201ec3e45d61c7ad53990aede8 + +commit 213f5591a47e246d7964ef10d4e3adf5c0bab487 +Author: Benjamin Kaduk +Date: Mon Sep 10 20:26:20 2018 -0500 + + Update NEWS for 1.6.23 + + Release notes for the OpenAFS 1.6.23 security release. + + Change-Id: I7c3422ca50f1a6d4f91852d31b91673c65ac95d6 + +commit 885c02af3761c0f2bf3350dc4beef09a92770aa7 +Author: Benjamin Kaduk +Date: Tue Sep 11 10:51:01 2018 -0500 + + Fix typos in audit format strings + + Commit 9ebff4c6caa8b499d999cfd515d4d45eb3179769 introduced audit + framework support for several butc-related data types, but had + a typo ('$d' for '%d') in a couple of places, that was not reported + by compiler format-string checking. Fix the typo to properly print + all the auditable data. + + (cherry picked from commit d5816fd6cd1876760a985a817dbbb3940cf3bddb) + + (cherry picked from commit 90601818205aeefd1cf99b8766a7bfd03bf9b96a) + + (cherry picked from commit 0cdb370f1813158a6dbd577e5c250bc26ac4590c) + + Change-Id: I0d1cb15d02225a8557da09ed72efbc5103e1ec1b + +commit 9067d543817f32deb334e20c67e071f124a42140 +Author: Benjamin Kaduk +Date: Sun Sep 9 10:44:38 2018 -0500 + + OPENAFS-SA-2018-001 backup: use authenticated connection to butc + + Use the standard routine to pick a client security object, instead of + always assuming rxnull. Respect -localauth as well as being able to + use the current user's tokens, but also provide a -nobutcauth argument + to fall back to the historical rxnull behavior (but only for the connections + to butc; vldb and budb connections are not affected). + + (cherry picked from commit 345ee34236c08a0a2fb3fff016edfa18c7af4b0a) + + (cherry picked from commit ed217df4b23e111d4b12e7236bdf6f8ab5575952) + + (cherry picked from commit 3f06dd4f73f7fa1f6ecbd71e9ebe2ef5c67dfebd) + +commit cb8b8300369cf12f1a4681010b71aa46659529bc +Author: Benjamin Kaduk +Date: Thu Sep 6 18:50:39 2018 -0500 + + OPENAFS-SA-2018-001 butc: require authenticated connections with -localauth + + The butc -localauth option is available to use the cell-wide key to + authenticate to the vlserver and buserver, which in normal deployments + will require incoming connections to be authenticated as a superuser. + In such cases, the cell-wide key is also available for use in + authenticating incoming connections to the butc, which would otherwise + have been completely unauthenticated. + + Because of the security hazards of allowing unauthenticaed inbound + RPCs, especially ones that manipulate backup information and are allowed + to initiate outboud RPCs authenticated as the superuser, default to + not allowing unauthenticated inbound RPCs at all. Provide an opt-out + command-line argument for deployments that require this functionality + and have configured their network environment (firewall/etc.) appropriately. + + (cherry picked from commit 1b199eeafad6420982380ce5e858f00c528cfd13) + + (cherry picked from commit fa04588907321e8b50b64f30dcc049e60268a05a) + + Change-Id: Ib796fd4d61cc5d2e98f1b1e787f3267456b0ffe8 + +commit 78b5be7ddd9f8b9b416c7405074253770e8354d8 +Author: Benjamin Kaduk +Date: Sun Sep 9 11:49:03 2018 -0500 + + OPENAFS-SA-2018-001 Add auditing to butc server RPC implementations + + Make the actual implementations into helper functions, with the RPC + stubs calling the helpers and doing the auditing on the results, akin + to most other server programs in the tree. This relies on support for + some additional types having been added to the audit framework. + + (cherry picked from commit c43169fd36348783b1a5a55c5bb05317e86eef82) + + (cherry picked from commit 6f8c0c8134de1b5358ec56878e350aeab31aa3cd) + + (cherry picked from commit 23f3f2e0d96e30a7bc9c355414db995df820e5ba) + + Change-Id: Icb4a9ca3cce81b088268655a648823f3e8260f0a + +commit ccd02a1bbb44d4c3a15d721a9d4fd8d84cd4e0ee +Author: Benjamin Kaduk +Date: Sat Sep 8 19:42:36 2018 -0500 + + OPENAFS-SA-2018-001 audit: support butc types + + Add support for several complex butc types to enable butc auditing. + + (cherry picked from commit 41d2dd569a365465ac47da3cd39eceba4beaeaf3) + + (cherry picked from commit 049b7eafe125d12803e848f38f18680dff31ab80) + + Change-Id: I6662f028e300afaa5e2586db1a590f9ea8ec3139 + +commit b18e8f4a8957c5022fa91168d73b2eb7fb28e93b +Author: Benjamin Kaduk +Date: Sat Sep 8 20:35:25 2018 -0500 + + OPENAFS-SA-2018-001 butc: remove dummy osi_audit() routine + + This local stub was present in the original IBM import and is unused. + It will conflict with the real audit code once we start adding auditing + to the TC_ RPCs, so remove it now. + + (cherry picked from commit 50216dbbc30ed94f89bdd0e964f4891e87f28c0b) + + (cherry picked from commit 7eb650a6edd96e3c7e68f170945ddcdac8b67975) + + (cherry picked from commit cf69365f0416c58462cbea75dc17cde01f343175) + + Change-Id: Idf9d3dfa040cdd34437d1c97ce27a1225a356993 + +commit 187cf8717cb983eeabb919b2ac189fa5505c369c +Author: Mark Vitale +Date: Fri Jul 6 03:14:19 2018 -0400 + + OPENAFS-SA-2018-003 rxgen: prevent unbounded input arrays + + RPCs with unbounded arrays as inputs are susceptible to remote + denial-of-service (DOS) attacks. A malicious client may submit an RPC + request with an arbitrarily large array, forcing the server to expend + large amounts of network bandwidth, cpu cycles, and heap memory to + unmarshal the input. + + Instead, issue an error message and stop rxgen when it detects an RPC + defined with an unbounded input array. Thus we will detect the problem + at build time and prevent any future unbounded input arrays. + + (cherry picked from commit a4c1d5c48deca2ebf78b1c90310b6d56b3d48af6) + + (cherry picked from commit 2cf5cfa8561047e855fed9ab35d1a041e309e39a) + + (cherry picked from commit 289a5643e7af399b3e99eb33d50b6c602e442a02) + + Change-Id: If5222aab9ce700ba8d9520e5e2e81e66e1b87fd1 + +commit 6cbb7d9d57e5f7e0090b538c92b3eafe9c2656b0 +Author: Mark Vitale +Date: Fri Jul 6 03:21:26 2018 -0400 + + OPENAFS-SA-2018-003 volser: prevent unbounded input to various AFSVol* RPCs + + Several AFSVol* RPCs are defined with an unbounded XDR "string" as + input. + + RPCs with unbounded arrays as inputs are susceptible to remote + denial-of-service (DOS) attacks. A malicious client may submit an + AFSVol* request with an arbitrarily large string, forcing the volserver + to expend large amounts of network bandwidth, cpu cycles, and heap + memory to unmarshal the input. + + Instead, give each input "string" an appropriate size. + Volume names are inherently capped to 32 octets (including trailing NUL) + by the protocol, but there is less clearly a hard limit on partition names. + The Vol_PartitionInfo{,64} functions accept a partition name as input and + also return a partition name in the output structure; the output values + have wire-protocol limits, so larger values could not be retrieved by clients, + but for denial-of-service purposes, a more generic PATH_MAX-like value seems + appropriate. We have several varying sources of such a limit in the tree, but + pick 4k as the least-restrictive. + + [kaduk@mit.edu: use a larger limit for pathnames and expand on PATH_MAX in + commit message] + + (cherry picked from commit 8b92d015ccdfcb70c7acfc38e330a0475a1fbe28) + + (cherry picked from commit fe41fa565be6e325da75f3e9b8fbdac2c521b027) + + (cherry picked from commit 39b675e243be70237ba9460b49b461c128aedffd) + + Change-Id: Idad0b0abf582b356042245398e1317a610ff321e + +commit 35240e33317658a396cd3da994b5d20a71f4abc3 +Author: Mark Vitale +Date: Fri Jul 6 01:09:53 2018 -0400 + + OPENAFS-SA-2018-003 volser: prevent unbounded input to AFSVolForwardMultiple + + AFSVolForwardMultiple is defined with an input parameter that is defined + to XDR as an unbounded array of replica structs: + typedef replica manyDests<>; + + RPCs with unbounded arrays as inputs are susceptible to remote + denial-of-service (DOS) attacks. A malicious client may submit an + AFSVolForwardMultiple request with an arbitrarily large array, forcing + the volserver to expend large amounts of network bandwidth, cpu cycles, + and heap memory to unmarshal the input. + + Even though AFSVolForwardMultiple requires superuser authorization, this + attack is exploitable by non-authorized actors because XDR unmarshalling + happens long before any authorization checks can occur. + + Add a bounding constant (NMAXNSERVERS 13) to the manyDests input array. + This constant is derived from the current OpenAFS vldb implementation, which + is limited to 13 replica sites for a given volume by the layout (size) of the + serverNumber, serverPartition, and serverFlags fields. + + [kaduk@mit.edu: explain why this constant is used] + + (cherry picked from commit 97b0ee4d9c9d069e78af2e046c7987aa4d3f9844) + + (cherry picked from commit fac3749f0d180e0ca229326c0e8568a60e17d3e9) + + (cherry picked from commit ea30e64d1b2153f51a83069f3471356553a27a2b) + + Change-Id: Ib2e5d4cc660e0a278b9dbd10ac2db656239e1302 + +commit b8142be4b4642a37500081ef459544cdb2091218 +Author: Mark Vitale +Date: Thu Jul 5 23:51:37 2018 -0400 + + OPENAFS-SA-2018-003 budb: prevent unbounded input to BUDB_SaveText + + BUDB_SaveText is defined with an input parameter that is defined to XDR + as an unbounded array of chars: + typedef char charListT<>; + + RPCs with unbounded arrays as inputs are susceptible to remote + denial-of-service (DOS) attacks. A malicious client may submit a + BUDB_SaveText request with an arbitrarily large array, forcing the budb + server to expend large amounts of network bandwidth, cpu cycles, and + heap memory to unmarshal the input. + + Modify the XDR definition of charListT so it is bounded. This typedef + is shared (as an OUT parameter) by BUDB_GetText and BUDB_DumpDB, but + fortunately all in-tree callers of the client routines specify the same + maximum length of 1024. + + Note: However, SBUDB_SaveText server implementation seems to allow for up to + BLOCK_DATA_SIZE (2040) = BLOCKSIZE (2048) - sizeof(struct blockHeader) + (8), and it's unknown if any out-of-tree callers exist. Since we do not need a + tight bound in order to avoid the DoS, use a somewhat higher maximum of + 4096 bytes to leave a safety margin. + + [kaduk@mit.edu: bump the margin to 4096; adjust commit message to match] + + (cherry picked from commit 124445c0c47994f5e2efef30e86337c3c8ebc93f) + + (cherry picked from commit 87f199c14199afa29f75bb336383564f0fb4548a) + + (cherry picked from commit c5c3a858b21eaaabda46e1dffdea038fa234d657) + + Change-Id: I6802e76a5f6e39e31ece66d1ff00ed11b47b6c36 + +commit e3840eb1a23b36aed395337b2fa774c079f3c092 +Author: Mark Vitale +Date: Thu Jul 5 21:11:30 2018 -0400 + + OPENAFS-SA-2018-003 vlserver: prevent unbounded input to VL_RegisterAddrs + + VL_RegisterAddrs is defined with an input argument of type bulkaddrs, + which is defined to XDR as an unbounded array of afs_uint32 (IPv4 addresses): + typedef afs_uint32 bulkaddrs<> + + The <> with no value instructs rxgen to build client and server stubs + that allow for a maximum size of "~0u" or 0xFFFFFFFF. + + Ostensibly the bulkaddrs array is unbounded to allow it to be shared + among VL_RegisterAddrs, VL_GetAddrs, and VL_GetAddrsU. The VL_GetAddrs* + RPCs use bulkaddrs as an output array with a maximum size of MAXSERVERID + (254). VL_RegisterAddrss uses bulkaddrs as an input array, with a + nominal size of VL_MAXIPADDRS_PERMH (16). + + However, RPCs with unbounded array inputs are susceptible to remote + denial-of-service attacks. That is, a malicious client may send a + VL_RegisterAddrs request with an arbitrarily long array, forcing the + vlserver to expend large amounts of network bandwidth, cpu cycles, and + heap memory to unmarshal the argument. Even though VL_RegisterAddrs + requires superuser authorization, this attack is exploitable by + non-authorized actors because XDR unmarshalling happens long before any + authorization checks can occur. + + Because all uses of the type that our implementation support have fixed + bounds on valid data (whether input or output), apply an arbitrary + implementation limit (larger than any valid structure would be), to + prevent this class of attacks in the XDR decoder. + + [kaduk@mit.edu: limit the bulkaddrs type instead of introducing a new type] + + (cherry picked from commit 7629209219bbea3f127b33be06ac427ebc3a559e) + + (cherry picked from commit 4218dc0a2db75c740d1d31966e672f85ad7999bd) + + (cherry picked from commit 38f401ae7e0e88fb65b651125a2c8a723db1e071) + + Change-Id: Ib0798af007af14a2a91ae280c0f28838f33d1a65 + +commit 4dd98168f0fc851716d30fc1e2839f11304a4d04 +Author: Benjamin Kaduk +Date: Thu Aug 30 10:38:56 2018 -0500 + + OPENAFS-SA-2018-002 butc: Initialize OUT scalar value + + In STC_ReadLabel, the interaction with the tape device is + synchronous, so there is no need to allocate a task ID for status + monitoring. However, we do need to initialize the output value, + to avoid writing stack garbage on the wire. + + (cherry picked from commit f5a80115f8f7f9418287547f0fc7fdb13d936f00) + + (cherry picked from commit 418b2ab56c60e44375df31a3a8f77461d577a5ff) + + (cherry picked from commit babbb2824a5e3d6210b9079ab08f8771ac6ef892) + + Change-Id: Ie18bbe7542a23d2ce952cfcd5288ee0aa43bb71f + +commit ab8a6ab1230f5274630e0d0b9e35a778b6d9f79b +Author: Mark Vitale +Date: Tue Jun 26 06:01:16 2018 -0400 + + OPENAFS-SA-2018-002 ubik: prevent VOTE_Debug, VOTE_XDebug information leak + + VOTE_Debug and VOTE_XDebug (udebug) both leave a single field + uninitialized if there is no current transaction. This leaks the memory + contents of the ubik server over the wire. + + struct ubik_debug + - 4 bytes in member writeTrans + + In common code to both RPCs, ensure that writeTrans is always + initialized. + + [kaduk@mit.edu: switch to memset] + + (cherry picked from commit 7a7c1f751cdb06c0d95339c999b2c035c2d2168b) + + (cherry picked from commit 0ee86cc3f986365df9de21ede5735cc1f40db7e5) + + (cherry picked from commit 9db5fcf460988b605ba8ba7078b9c8d702aba370) + + Change-Id: I1c9fc9a6a8bb8aed04f814e4da041af3f49a7401 + +commit 973bba24a6d2f419680873f4133dbad8cd37ce9f +Author: Mark Vitale +Date: Tue Jun 26 05:26:21 2018 -0400 + + OPENAFS-SA-2018-002 kaserver: prevent KAM_ListEntry information leak + + KAM_ListEntry (kas list) does not initialize its output correctly. It + leaks kaserver memory contents over the wire: + + struct kaindex + - up to 64 bytes for member name + - up to 64 bytes for member instance + + Initialize the buffer. + + [kaduk@mit.edu: move initialization to top of server routine] + + (cherry picked from commit b604ee7add7be416bf20973422a041e913d20761) + + (cherry picked from commit c912830e9c82d91bccf85018ef1e6a75edc410c4) + + (cherry picked from commit 04fb009f15b75aca8e62675972ce23526a62ba80) + + Change-Id: I613b1f46b913d4208bac15eb92274127da14e9c9 + +commit e573d36b212192b04235dac24f709e7d5784f904 +Author: Mark Vitale +Date: Tue Jun 26 05:12:32 2018 -0400 + + OPENAFS-SA-2018-002 butc: prevent TC_DumpStatus, TC_ScanStatus information leaks + + TC_ScanStatus (backup status) and TC_GetStatus (internal backup status + watcher) do not initialize their output buffers. They leak memory + contents over the wire: + + struct tciStatusS + - up to 64 bytes in member taskName (TC_MAXNAMELEN 64) + - up to 64 bytes in member volumeName " + + Initialize the buffers. + + [kaduk@mit.edu: move initialization to top of server routines] + + (cherry picked from commit be0142707ca54f3de99c4886530e7ac9f48dd61c) + + (cherry picked from commit 43b3efd4f8cd3227b2b24ff673adeb834f6a3f0b) + + (cherry picked from commit a41b75a13b9a96a929fa69db43fbc4ca071ee717) + + Change-Id: Ibe35ca06eb663399f0b9e14d7487d91553cd67c8 + +commit bd86cbcfd95f30bc10dc703a96ed54f516bb4b99 +Author: Mark Vitale +Date: Tue Jun 26 05:00:25 2018 -0400 + + OPENAFS-SA-2018-002 butc: prevent TC_ReadLabel information leak + + TC_ReadLabel (backup readlabel) does not initialize its output buffer + completely. It leaks butc memory contents over the wire: + + struct tc_tapeLabel + - up to 32 bytes from member afsname (TC_MAXTAPELEN 32) + - up to 32 bytes from member pname (TC_MAXTAPELEN 32) + + Initialize the buffer. + + [kaduk@mit.edu: move initialization to the RPC stub] + + (cherry picked from commit 52f4d63148323e7d605f9194ff8c1549756e654b) + + (cherry picked from commit b7e53b9e9706d63215a1804ed9eca30d69461f03) + + (cherry picked from commit 3e0294543d4f4ab58694e1aca393b961f05d7c8f) + + Change-Id: I4e8ab1b94d36e9904a9505cd7f0e97cc6fb3a40f + +commit 5c6589b395e35e54f8e7c583ea4d87826a854fba +Author: Mark Vitale +Date: Tue Jun 26 04:39:44 2018 -0400 + + OPENAFS-SA-2018-002 budb: prevent BUDB_* information leaks + + The following budb RPCs do not initialize their output correctly. + This leaks buserver memory contents over the wire: + + BUDB_FindLatestDump (backup dump) + BUDB_FindDump (backup volrestore, diskrestore, volsetrestore) + BUDB_GetDumps (backup dumpinfo) + BUDB_FindLastTape (backup dump) + + struct budb_dumpEntry + - up to 32 bytes in member volumeSetName + - up to 256 bytes in member dumpPath + - up to 32 bytes in member name + - up to 32 bytes in member tape.tapeServer + - up to 32 bytes in member tape.format + - up to 256 bytes in member dumper.name + - up to 128 bytes in member dumper.instance + - up to 256 bytes in member dumper.cell + + Initialize the buffer in common routine FillDumpEntry. + + (cherry picked from commit e96771471134102d3879a0ac8b2c4ef9d91a61b8) + + (cherry picked from commit 6f26a945adeca87b669282eed0eaca3dca0a1423) + + (cherry picked from commit b4543ae2331fae6d70c067d86d20bfbc8d509468) + + Change-Id: I713f967eebc1286764b9658ff4ddccb65f456480 + +commit c72abcde2c6fcafc9ab940a74f2384a159eaee98 +Author: Mark Vitale +Date: Tue Jun 26 03:56:24 2018 -0400 + + OPENAFS-SA-2018-002 afs: prevent RXAFSCB_TellMeAboutYourself information leak + + RXAFSCB_TellMeAboutYourself does not completely initialize its output + buffers. This leaks kernel memory over the wire: + + struct interfaceAddr + Unix cache manager (libafs) + - up to 124 bytes in array addr_in ((AFS_MAX_INTERFACE_ADDR 32 * 4) - 4)) + - up to 124 bytes in array subnetmask " + - up to 124 bytes in array mtu " + + Windows cache manager + - 64 bytes in array addr_in ((AFS_MAX_INTERFACE_ADDR 32 - CM_MAXINTERFACE_ADDR 16)* 4) + - 64 bytes in array subnetmask " + - 64 bytes in array mtu " + + The following implementations of SRXAFSCB_TellMeAboutYourself are not susceptible: + - fsprobe + - libafscp + - xstat_fs_test + + Initialize the buffer. + + (cherry picked from commit 211b6d6a4307006da1467b3be46912a3a5d7b20b) + + (cherry picked from commit a6557ffa64d8fab3526c4f89629dcbb965a27780) + + (cherry picked from commit 0dbbcc9ac62425618a3a3a28ee05eba2507f6efd) + + Change-Id: Ic977c8a473df12f64d2865cd68f1f42744b57d9e + +commit 283b950ed53c3c248078c9aaab10227de539b06d +Author: Mark Vitale +Date: Tue Jun 26 03:47:41 2018 -0400 + + OPENAFS-SA-2018-002 afs: prevent RXAFSCB_GetLock information leak + + RXAFSCB_GetLock (cmdebug) does not correctly initialize its output. + This leaks kernel memory over the wire: + + struct AFSDBLock + - up to 14 bytes for member name (16 - '\0') + + Initialize the buffer. + + (cherry picked from commit b52eb11a08f2ad786238434141987da27b81e743) + + (cherry picked from commit 3dea4adaa356b7eed40b6162c106c5e90690f5a1) + + (cherry picked from commit f0c4f8d899214bf405e809be813be4d5be125ad8) + + Change-Id: I3935968bacb8e063fd1fdd2fc52efd2258a5eb99 + +commit 6cdfce3c9a5712a6a3088c1f3693a6b782771375 +Author: Mark Vitale +Date: Tue Jun 26 03:37:37 2018 -0400 + + OPENAFS-SA-2018-002 ptserver: prevent PR_ListEntries information leak + + PR_ListEntries (pts listentries) does not properly initialize its output + buffers. This leaks ptserver memory over the wire: + + struct prlistentries + - up to 62 bytes for each entry name (PR_MAXNAMELEN 64 - 'a\0') + + Initialize the buffer, and remove the now redundant memset for the + reserved fields. + + (cherry picked from commit 9d1aeb5d761581a35bef2042e9116b96e9ae3bf5) + + (cherry picked from commit e19ad4cdde463d2bbb4b815525da992bd5fc2648) + + (cherry picked from commit 7ee25861685a4f56b304627ca2a0dbfed179646d) + + Change-Id: I42d32876ddf8fa98744620fdf75b4e0783b93aba + +commit c67fe473f7a8710c2cebbcc4d4b767ba152342f0 +Author: Mark Vitale +Date: Tue Jun 26 03:00:02 2018 -0400 + + OPENAFS-SA-2018-002 volser: prevent AFSVolMonitor information leak + + AFSVolMonitor (vos status) does not properly initialize its output + buffers. This leaks information from volserver memory: + + struct transDebugInfo + - up to 29 bytes in member lastProcName (30-'\0') + - 16 bytes in members readNext, tranmitNext, lastSendTime, + lastReceiveTime + + Initialize the buffers. This must be done on a per-buffer basis inside + the loop, since realloc is used to expand the storage if needed, + and there is not a standard realloc API to zero the newly allocated storage. + + [kaduk@mit.edu: update commit message] + + (cherry picked from commit 26924fd508b21bb6145e77dc31b6cd0923193b72) + + (cherry picked from commit 2d22756de7af2c72b8aca6969825f8e921f01d6c) + + (cherry picked from commit 37cbe68577d39241a2d5a1fe75e8a0490516dfc4) + + Change-Id: I1eab9e35207fed5d151c70962c00b6fa8ac7da58 + +commit 4279e1f18026c3e8a38461da612902829484acc5 +Author: Mark Vitale +Date: Tue Jun 26 02:33:05 2018 -0400 + + OPENAFS-SA-2018-002 volser: prevent AFSVolPartitionInfo(64) information leak + + AFSVolPartitionInfo and AFSVolPartitionInfo64 (vos partinfo) do not + properly initialize their reply buffers. This leaks the contents of + volserver memory over the wire: + + AFSVolPartitionInfo (struct diskPartition) + - up to 24 bytes in member name (32-'/vicepa\0')) + - up to 12 bytes in member devName (32-'/vicepa/Lock/vicepa\0')) + + AFSVolPartitionInfo64 (struct diskPartition64) + - up to 248 bytes in member name (256-'/vicepa\0')) + - up to 236 bytes in member devName (256-'/vicepa/Lock/vicepa\0') + + Initialize the output buffers. + + [kaduk@mit.edu: move memset to top-level function scope of RPC handlers] + + (cherry picked from commit 76e62c1de868c2b2e3cc56a35474e15dc4cc1551) + + (cherry picked from commit 28edf734db08d3a8285e89d9d78aa21db726e4c7) + + (cherry picked from commit f1c9c0160e364b4935fbb758890fcf5dc0edad4a) + + Change-Id: I48348b326f0933a0fcb556425f085abad36d3bea + +commit 50ba59fb4404af93c58e095b57f1d33de8b05899 +Author: Mark Vitale +Date: Mon Jun 25 18:03:12 2018 -0400 + + OPENAFS-SA-2018-002 ptserver: prevent PR_IDToName information leak + + SPR_IDToName does not completely initialize the return array of names, + and thus leaks information from ptserver memory: + + - up to 62 bytes per requested id (PR_MAXNAMELEN 64 - 'a\0') + + Use calloc to ensure that all memory sent on the wire is initialized, + preventing the information leak. + + [kaduk@mit.edu: switch to calloc; update commit message] + + (cherry picked from commit 70b0136d552a0077d3fae68f3aebacd985abd522) + + (cherry picked from commit c8c8682bb0e84ee5289fac3063119ae524773f61) + + (cherry picked from commit 40343287fbca6f4b1098f5b60ef9ff5416376b08) + + Change-Id: I793ccc2f3595344e72e9b4ba948a2266f1c4c0a5 diff --git a/SOURCES/RELNOTES-1.8.2 b/SOURCES/RELNOTES-1.8.2 new file mode 100644 index 0000000..a068b00 --- /dev/null +++ b/SOURCES/RELNOTES-1.8.2 @@ -0,0 +1,34 @@ + User-Visible OpenAFS Changes + +OpenAFS 1.8.2 + + All platforms + + * Fix OPENAFS-SA-2018-002: information leakage in RPC output variables + Various RPC routines did not always initialize all output fields, + exposing memory contents to network attackers. The relevant RPCs include + an AFSCB_ RPC, so cache managers are affected as well as servers. + + All server platforms + + * Fix OPENAFS-SA-2018-003: denial of service due to excess resource consumption + Various RPCs were defined as allowing unbounded arrays as input, allowing + an unauthenticated attacker to cause excess memory allocation and tie up + network bandwidth by sending (or claiming to send) large input arrays. + + * Fix OPENAFS-SA-2018-001: unauthenticated volume operations via butc + On systems using the in-tree backup system, the butc process was running + with administrative credentials, but accepted incoming RPCs over + unauthenticated connections; these incoming RPCs in turn triggered + outgoing RPCs using the administrative credentials. Unauthenticated + attackers could construct volue dumps containing arbitrary contents + and cause these dumps to be restored and overwrite arbitrary volume + contents; afterward, the backup database could be restored to its + initial state, hiding evidence of the unauthorized changes. + + Running butc with -localauth now requires authenticated incoming + connections, and the backup utility makes authenticated connections to + the butc. Audit capabilities have been added to the butc RPC handlers. + Command-line arguments are provided to retain the (insecure) historical + behavior until all systems have been upgraded. + diff --git a/SOURCES/butc-butb-errors.patch b/SOURCES/butc-butb-errors.patch new file mode 100644 index 0000000..a88fff8 --- /dev/null +++ b/SOURCES/butc-butb-errors.patch @@ -0,0 +1,75 @@ +From 91bab84e7a3b7de2591c475ba4912b0db8899f05 Mon Sep 17 00:00:00 2001 +From: Mark Vitale +Date: Tue, 11 Sep 2018 16:29:59 -0400 +Subject: [PATCH 1/2] butc: repair build error + +Commit c43169fd36348783b1a5a55c5bb05317e86eef82 introduced a build error +by invoking TLog with an extraneous set of internal parentheses. + +Remove the offending parentheses. + +Change-Id: Ibc52501b01ecbe9f86262566446d63e66486272f +Reviewed-on: https://gerrit.openafs.org/13311 +Tested-by: BuildBot +Reviewed-by: Benjamin Kaduk +--- + src/butc/tcmain.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/butc/tcmain.c b/src/butc/tcmain.c +index c5399396e..cbd135b09 100644 +--- a/src/butc/tcmain.c ++++ b/src/butc/tcmain.c +@@ -835,8 +835,8 @@ tc_IsLocalRealmMatch(void *rock, char *name, char *inst, char *cell) + + code = afsconf_IsLocalRealmMatch(dir, &islocal, name, inst, cell); + if (code) { +- TLog(0, ("Failed local realm check; code=%d, name=%s, inst=%s, cell=%s\n", +- code, name, inst, cell)); ++ TLog(0, "Failed local realm check; code=%d, name=%s, inst=%s, cell=%s\n", ++ code, name, inst, cell); + } + return islocal; + } +-- +2.17.1 + + +From 2d8045d67686fbb80696b47b4a60e48e7e74fec9 Mon Sep 17 00:00:00 2001 +From: Mark Vitale +Date: Tue, 11 Sep 2018 15:59:41 -0400 +Subject: [PATCH 2/2] budb: SBUDB_FindLatestDump should check result of + FillDumpEntry + +FillDumpEntry may return an error, but FindLatestDump doesn't check its +result. Therefore, SBUDB_FindLatestDump may return invalid results. + +Instead, check the return code from FillDumpEntry and abort the call if +it fails. + +Change-Id: If0b44ba2a12a76511129d77110ef669b00780ff0 +Reviewed-on: https://gerrit.openafs.org/13312 +Tested-by: BuildBot +Reviewed-by: Benjamin Kaduk +--- + src/budb/procs.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/budb/procs.c b/src/budb/procs.c +index f976ff3aa..cf355762e 100644 +--- a/src/budb/procs.c ++++ b/src/budb/procs.c +@@ -2230,7 +2230,9 @@ FindLatestDump(struct rx_call *call, char *vsname, char *dumpPath, + + finished: + /* return the dump found */ +- FillDumpEntry(ut, retdbaddr, dumpentry); ++ eval = FillDumpEntry(ut, retdbaddr, dumpentry); ++ if (eval) ++ ABORT(eval); + + code = ubik_EndTrans(ut); + return (code); +-- +2.17.1 + diff --git a/SOURCES/openafs-client.service b/SOURCES/openafs-client.service new file mode 100755 index 0000000..98ee659 --- /dev/null +++ b/SOURCES/openafs-client.service @@ -0,0 +1,24 @@ +[Unit] +Description=OpenAFS Client Service +Wants=network-online.target +After=syslog.target network-online.target +Before=remote-fs.target + +[Service] +Type=forking +RemainAfterExit=yes +EnvironmentFile=/etc/sysconfig/openafs +ExecStartPre=/bin/bash -c "fs sysname > /dev/null 2>/dev/null; test $? -ne 0 || (echo AFS client appears to be running -- not starting && exit 1)" +ExecStartPre=/bin/sed -n 'w/etc/openafs/CellServDB' /etc/openafs/CellServDB.local /etc/openafs/CellServDB.dist +ExecStartPre=/bin/chmod 0644 /etc/openafs/CellServDB +ExecStartPre=/sbin/modprobe openafs +ExecStart=/usr/sbin/afsd $AFSD_ARGS +ExecStop=/bin/umount -a -t afs +ExecStop=/bin/umount -af -t afs +ExecStop=/usr/sbin/afsd -shutdown +ExecStop=/sbin/rmmod openafs +GuessMainPID=no +KillMode=none + +[Install] +WantedBy=multi-user.target remote-fs.target diff --git a/SPECS/openafs.spec b/SPECS/openafs.spec new file mode 100644 index 0000000..7475b65 --- /dev/null +++ b/SPECS/openafs.spec @@ -0,0 +1,1047 @@ +# Openafs Spec $Revision$ + +#define afsvers 1.8.0pre5 +%define afsvers 1.8.2 +%define pkgvers 1.8.2 +# for beta/rc releases make pkgrel 0. +# for real releases make pkgrel 1 (or more for extra releases) +#define pkgrel 0.pre5 +%define pkgrel 1 +%define kmod_name openafs +%define dkms_version %{version}-%{pkgrel}%{?dist} + +# Define the location of your init.d directory +%define initdir /etc/rc.d/init.d + +# Make sure RPM doesn't complain about installed but non-packaged files. +#define __check_files %{nil} + +Summary: OpenAFS distributed filesystem +Name: openafs +Version: %{pkgvers} +Release: %{pkgrel}%{?dist} +License: IBM Public License +URL: http://www.openafs.org +BuildRoot: %{_tmppath}/%{name}-%{version}-root +Packager: OpenAFS Gatekeepers +Group: Networking/Filesystems +BuildRequires: %{?kdepend:%{kdepend}, } ncurses-devel, flex, bison, automake, autoconf, libtool +%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7 +BuildRequires: systemd-units +%endif +%if 0%{?fedora} >= 15 || 0%{?rhel} >= 6 +BuildRequires: perl-devel +%endif +BuildRequires: perl(ExtUtils::Embed) +BuildRequires: krb5-devel + +ExclusiveArch: %{ix86} x86_64 ia64 s390 s390x sparc64 ppc ppc64 + +# http://dl.openafs.org/dl/openafs/candidate/%{afsvers}/... +Source0: http://www.openafs.org/dl/openafs/%{afsvers}/openafs-%{afsvers}-src.tar.bz2 +Source1: http://www.openafs.org/dl/openafs/%{afsvers}/openafs-%{afsvers}-doc.tar.bz2 +Source3: openafs-client.service +%define srcdir openafs-%{afsvers} + +Source10: http://www.openafs.org/dl/openafs/%{afsvers}/RELNOTES-%{afsvers} +Source11: http://www.openafs.org/dl/openafs/%{afsvers}/ChangeLog +Source20: https://www.central.org/dl/cellservdb/CellServDB.2018-05-14 + +# Patches +Patch00: butc-butb-errors.patch + +%description +The AFS distributed filesystem. AFS is a distributed filesystem +allowing cross-platform sharing of files among multiple computers. +Facilities are provided for access control, authentication, backup and +administrative management. + +This package provides common files shared across all the various +OpenAFS packages but are not necessarily tied to a client or server. + + +############################################################################## +# +# build the userspace side of things if so requested +# +############################################################################## +%package client +Requires: binutils, openafs = %{version} +%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7 +Requires: systemd-units +Requires(post): systemd-units, systemd-sysv +Requires(preun): systemd-units +Requires(postun): systemd-units +%endif +Requires: %{name}-kmod >= %{version} +Provides: %{name}-kmod-common = %{version} +Summary: OpenAFS Filesystem Client +Group: Networking/Filesystem + +%description client +The AFS distributed filesystem. AFS is a distributed filesystem +allowing cross-platform sharing of files among multiple computers. +Facilities are provided for access control, authentication, backup and +administrative management. + +This package provides basic client support to mount and manipulate +AFS. + +%package server +Requires: openafs = %{version} +Summary: OpenAFS Filesystem Server +Group: Networking/Filesystems +%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7 +Requires: systemd-units +Requires(post): systemd-units, systemd-sysv +Requires(preun): systemd-units +Requires(postun): systemd-units +%endif + +%description server +The AFS distributed filesystem. AFS is a distributed filesystem +allowing cross-platform sharing of files among multiple computers. +Facilities are provided for access control, authentication, backup and +administrative management. + +This package provides basic server support to host files in an AFS +Cell. + +%package authlibs +Summary: OpenAFS authentication shared libraries +Group: Networking/Filesystems + +%description authlibs +The AFS distributed filesystem. AFS is a distributed filesystem +allowing cross-platform sharing of files among multiple computers. +Facilities are provided for access control, authentication, backup and +administrative management. + +This package provides a shared version of libafsrpc and libafsauthent. +None of the programs included with OpenAFS currently use these shared +libraries; however, third-party software that wishes to perform AFS +authentication may link against them. + +%package authlibs-devel +Requires: openafs-authlibs = %{version}-%{release} +Requires: openafs-devel = %{version}-%{release} +Summary: OpenAFS shared library development +Group: Development/Filesystems + +%description authlibs-devel +The AFS distributed filesystem. AFS is a distributed filesystem +allowing cross-platform sharing of files among multiple computers. +Facilities are provided for access control, authentication, backup and +administrative management. + +This package includes the static versions of libafsrpc and +libafsauthent, and symlinks required for building against the dynamic +libraries. + +%package devel +Summary: OpenAFS Development Libraries and Headers +Group: Development/Filesystems +Requires: openafs = %{version}-%{release} + +%description devel +The AFS distributed filesystem. AFS is a distributed filesystem +allowing cross-platform sharing of files among multiple computers. +Facilities are provided for access control, authentication, backup and +administrative management. + +This package provides static development libraries and headers needed +to compile AFS applications. Note: AFS currently does not provide +shared libraries. + +%package docs +Summary: OpenAFS user and administrator documentation +Requires: openafs = %{version}-%{release} +Group: Networking/Filesystems + +%description docs +The AFS distributed filesystem. AFS is a distributed filesystem +allowing cross-platform sharing of files among multiple computers. +Facilities are provided for access control, authentication, backup and +administrative management. + +This package provides HTML documentation for OpenAFS users and system +administrators. + +%package krb5 +Summary: OpenAFS programs to use with krb5 +Requires: openafs = %{version} +Group: Networking/Filesystems +BuildRequires: krb5-devel + +%description krb5 +The AFS distributed filesystem. AFS is a distributed filesystem +allowing cross-platform sharing of files among multiple computers. +Facilities are provided for access control, authentication, backup and +administrative management. + +This package provides compatibility programs so you can use krb5 +to authenticate to AFS services, instead of using the AFS homegrown +krb4 lookalike services. + +%package compat +Summary: OpenAFS client compatibility symlinks +Requires: openafs = %{version}, openafs-client = %{version} +Group: Networking/Filesystems +Obsoletes: openafs-client-compat + +%description compat +The AFS distributed filesystem. AFS is a distributed filesystem +allowing cross-platform sharing of files among multiple computers. +Facilities are provided for access control, authentication, backup and +administrative management. + +This package provides compatibility symlinks in /usr/afsws. It is +completely optional, and is only necessary to support legacy +applications and scripts that hard-code the location of AFS client +programs. + +%package transarc-client +Summary: OpenAFS client compatibility symlinks +Requires: openafs = %{version}, openafs-client = %{version} +Group: Networking/Filesystems + +%description transarc-client +The AFS distributed filesystem. AFS is a distributed filesystem +allowing cross-platform sharing of files among multiple computers. +Facilities are provided for access control, authentication, backup and +administrative management. + +This package provides compatibility symlinks for Transarc paths. It +is completely optional, and is only necessary to support legacy +applications and scripts that hard-code the location of AFS client +programs. + +This package can cause problems on systems that already have +directories in place before the package is installed. + +%package transarc-server +Summary: OpenAFS client compatibility symlinks +Requires: openafs = %{version}, openafs-server = %{version} +Group: Networking/Filesystems + +%description transarc-server +The AFS distributed filesystem. AFS is a distributed filesystem +allowing cross-platform sharing of files among multiple computers. +Facilities are provided for access control, authentication, backup and +administrative management. + +This package provides compatibility symlinks for Transarc paths. It +is completely optional, and is only necessary to support legacy +applications and scripts that hard-code the location of AFS client +programs. + +%package -n dkms-openafs +Summary: DKMS-ready kernel source for AFS distributed filesystem +Group: Development/Kernel +Provides: openafs-kernel = %{version} +Provides: openafs-kmod = %{version} +Requires(pre): dkms +Requires(pre): flex, bison, gcc +Requires(post): dkms +Requires: openafs-client = %{version} + +%description -n dkms-openafs +The AFS distributed filesystem. AFS is a distributed filesystem +allowing cross-platform sharing of files among multiple computers. +Facilities are provided for access control, authentication, backup and +administrative management. + +This package provides the source code to allow DKMS to build an +AFS kernel module. + + +############################################################################## +# +# PREP +# +############################################################################## + +%prep +# Install OpenAFS src and doc +%setup -q -b 1 -n %{srcdir} + +%patch00 -p1 -b .butc-butb-errors + +############################################################################## +# +# building +# +############################################################################## +%build +kv='26' +case %{_arch} in + x86_64) sysname=amd64_linux${kv} ;; + alpha*) sysname=alpha_linux_${kv} ;; + i386|i486|i586|i686|athlon) sysname=i386_linux${kv} ;; + *) sysname=%{_arch}_linux${kv} ;; +esac +DESTDIR=$RPM_BUILD_ROOT; export DESTDIR +CFLAGS="$RPM_OPT_FLAGS"; export CFLAGS + +KRB5_CONFIG="%{krb5config}" +export KRB5_CONFIG + +if [[ ! -f configure ]]; then + echo %{afsvers} > .version + sh regen.sh +fi + +# Fedora 23+ won't compile with the redhat-hardened-ld +%if 0%{?fedora} >= 23 +LDFLAGS=$( echo %__global_ldflags | sed 's!-specs=/usr/lib/rpm/redhat/redhat-hardened-ld!!'); export LDFLAGS +%endif + +%configure \ + --with-afs-sysname=${sysname} \ + --disable-strip-binaries \ + --disable-kernel-module \ + --enable-debug \ + --with-krb5 \ + --enable-bitmap-later \ + --enable-supergroups \ + || exit 1 + +make +#make -j16 + +# Build the libafs tree +make only_libafs_tree || exit 1 + +############################################################################## +# +# installation +# +############################################################################## +%install +make install DESTDIR=$RPM_BUILD_ROOT +export DONT_GPRINTIFY=1 + +kv='26' + +case %{_arch} in + x86_64) sysname=amd64_linux${kv} ;; + alpha*) sysname=alpha_linux_${kv} ;; + i386|i486|i586|i686|athlon) sysname=i386_linux${kv} ;; + *) sysname=%{_arch}_linux${kv} ;; +esac + +# Fix the location of restorevol, since it should be available for +# any user in /usr/bin +#mv $RPM_BUILD_ROOT%{_prefix}/afs/bin/restorevol $RPM_BUILD_ROOT%{_bindir}/restorevol + +# Copy root.client config files +mkdir -p $RPM_BUILD_ROOT/etc/openafs +mkdir -p $RPM_BUILD_ROOT/etc/sysconfig +mkdir -p $RPM_BUILD_ROOT%{initdir} +mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/cache/openafs +install -m 755 src/packaging/RedHat/openafs.sysconfig $RPM_BUILD_ROOT/etc/sysconfig/openafs +%if 0%{?fedora} < 15 && 0%{?rhel} < 7 +install -m 755 src/packaging/RedHat/openafs-client.init $RPM_BUILD_ROOT%{initdir}/openafs-client +install -m 755 src/packaging/RedHat/openafs-server.init $RPM_BUILD_ROOT%{initdir}/openafs-server +%else +mkdir -p $RPM_BUILD_ROOT%{_unitdir} +mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/modules +install -m 644 %{SOURCE3} $RPM_BUILD_ROOT%{_unitdir}/openafs-client.service +install -m 755 src/packaging/RedHat/openafs-client.modules $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/modules/openafs-client.modules +install -m 644 src/packaging/RedHat/openafs-server.service $RPM_BUILD_ROOT%{_unitdir}/openafs-server.service +%endif + + +# +# Install DOCUMENTATION +# + +# Build the DOC directory +mkdir -p $RPM_BUILD_ROOT/$RPM_DOC_DIR/openafs-%{afsvers} +tar cf - -C doc LICENSE html pdf | \ + tar xf - -C $RPM_BUILD_ROOT/$RPM_DOC_DIR/openafs-%{afsvers} +install -m 644 %{SOURCE10} $RPM_BUILD_ROOT/$RPM_DOC_DIR/openafs-%{afsvers} +install -m 644 %{SOURCE11} $RPM_BUILD_ROOT/$RPM_DOC_DIR/openafs-%{afsvers} + +# Copy the uninstalled krb5 files (or delete the unused krb5 files) +#mv $RPM_BUILD_ROOT%{_prefix}/afs/bin/asetkey $RPM_BUILD_ROOT%{_sbindir}/asetkey + +# remove unused man pages +for x in afs_ftpd afs_inetd afs_login afs_rcp afs_rlogind afs_rsh \ + dkload knfs symlink symlink_list symlink_make \ + symlink_remove; do + rm -f $RPM_BUILD_ROOT%{_mandir}/man1/${x}.1 +done + +# +# create filelist +# +grep -v "^#" >openafs-file-list <>openafs-file-list +cat openafs-man5files \ + | ( while read x; do echo "%{_mandir}/man5/$x"; done ) \ + >>openafs-file-list +cat openafs-man8files \ + | ( while read x; do echo "%{_mandir}/man8/$x"; done ) \ + >>openafs-file-list + +# +# Install compatiblity links +# +for d in bin:bin etc:sbin; do + olddir=`echo $d | sed 's/:.*$//'` + newdir=`echo $d | sed 's/^.*://'` + mkdir -p $RPM_BUILD_ROOT%{_prefix}/afsws/$olddir + for f in `cat openafs-file-list`; do + if echo $f | grep -q /$newdir/; then + fb=`basename $f` + ln -sf %{_prefix}/$newdir/$fb $RPM_BUILD_ROOT%{_prefix}/afsws/$olddir/$fb + fi + done +done + +# +# Install transarc links +# +## Client +mkdir $RPM_BUILD_ROOT%{_prefix}/vice +ln -s %{_sysconfdir}/openafs $RPM_BUILD_ROOT%{_prefix}/vice/etc +ln -s %{_localstatedir}/cache/openafs $RPM_BUILD_ROOT%{_prefix}/vice/cache + +## Server +mkdir $RPM_BUILD_ROOT%{_prefix}/afs +ln -s %{_sysconfdir}/openafs/server $RPM_BUILD_ROOT%{_prefix}/afs/etc +ln -s %{_localstatedir}/openafs $RPM_BUILD_ROOT%{_prefix}/afs/local +ln -s %{_localstatedir}/openafs/db $RPM_BUILD_ROOT%{_prefix}/afs/db +ln -s %{_localstatedir}/openafs/logs $RPM_BUILD_ROOT%{_prefix}/afs/logs +ln -s %{_localstatedir}/openafs/backup $RPM_BUILD_ROOT%{_prefix}/afs/backup +mkdir $RPM_BUILD_ROOT%{_prefix}/afs/bin +### find all the executables in /usr/sbin +for f in `find $RPM_BUILD_ROOT%{_prefix}/sbin -executable`; do + fb=`basename $f` + ln -s %{_sbindir}/$fb $RPM_BUILD_ROOT%{_prefix}/afs/bin/$fb +done +### find all the executables in /usr/libexec/openafs +for f in `find $RPM_BUILD_ROOT%{_libexec}/openafs -executable`; do + fb=`basename $f` + ln -s %{_libexec}/openafs/$fb $RPM_BUILD_ROOT%{_prefix}/afs/bin/$fb +done + + +# +# Remove files we're not installing +# + +# the rest are not needed. +for f in dlog dpass install knfs livesys ; do + rm -f $RPM_BUILD_ROOT%{_bindir}/$f +done + +# not supported on Linux or duplicated +for f in kdb rmtsysd kpwvalid ; do + rm -f $RPM_BUILD_ROOT%{_sbindir}/$f +done + +# remove man pages from programs deleted above +for f in 1/dlog 1/copyauth 1/dpass 1/livesys 8/rmtsysd 8/aklog_dynamic_auth 8/kdb 8/kpwvalid 8/xfs_size_check 1/package_test 5/package 8/package ; do + rm -f $RPM_BUILD_ROOT%{_mandir}/man$f.* +done + +#delete static libraries not in upstream package +rm -f $RPM_BUILD_ROOT%{_libdir}/libjuafs.a +rm -f $RPM_BUILD_ROOT%{_libdir}/libuafs.a + +# Populate /etc/openafs +install -p -m 644 src/packaging/RedHat/openafs-ThisCell $RPM_BUILD_ROOT%{_sysconfdir}/openafs/ThisCell +install -p -m 644 %{SOURCE20} $RPM_BUILD_ROOT%{_sysconfdir}/openafs/CellServDB.dist +touch $RPM_BUILD_ROOT%{_sysconfdir}/openafs/CellServDB.local +install -p -m 644 src/packaging/RedHat/openafs-cacheinfo $RPM_BUILD_ROOT%{_sysconfdir}/openafs/cacheinfo + +# Populate /etc/openafs/server +## Create empty files to be configured later +mkdir $RPM_BUILD_ROOT%{_sysconfdir}/openafs/server +touch $RPM_BUILD_ROOT%{_sysconfdir}/openafs/server/CellServDB +touch $RPM_BUILD_ROOT%{_sysconfdir}/openafs/server/ThisCell +touch $RPM_BUILD_ROOT%{_sysconfdir}/openafs/server/krb.conf +touch $RPM_BUILD_ROOT%{_sysconfdir}/openafs/server/UserList + + +# Fix systemd service unit which has transarc paths +## Fix location of environment file +sed -i 's!EnvironmentFile=-/etc/sysconfig/openafs!EnvironmentFile=-%{_sysconfdir}/sysconfig/openafs-server!g' $RPM_BUILD_ROOT%{_unitdir}/openafs-server.service +## Fix location of CellServDB +sed -i 's!/usr/vice/etc/CellServDB!%{_sysconfdir}/openafs/CellServDB!g' $RPM_BUILD_ROOT%{_unitdir}/openafs-client.service +## Fix the location of afsd +sed -i 's!/usr/vice/etc/afsd!%{_sbindir}/afsd!' $RPM_BUILD_ROOT%{_unitdir}/openafs-client.service +## Fix location of bosserver +sed -i 's!/usr/afs/bin/bosserver!%{_sbindir}/bosserver!' $RPM_BUILD_ROOT%{_unitdir}/openafs-server.service +## Fix cacheinfo to point at /var/cache/openafs +sed -i 's!/usr/vice/cache!%{_localstatedir}/cache/openafs!' $RPM_BUILD_ROOT%{_sysconfdir}/openafs/cacheinfo + +# Set the executable bit on libraries in libdir, so rpmbuild knows to +# create "Provides" entries in the package metadata for the libraries +chmod +x $RPM_BUILD_ROOT%{_libdir}/*.so* + +# +# install dkms source +# +install -d -m 755 $RPM_BUILD_ROOT%{_prefix}/src +cp -a libafs_tree $RPM_BUILD_ROOT%{_prefix}/src/openafs-%{dkms_version} + +cat > $RPM_BUILD_ROOT%{_prefix}/src/openafs-%{dkms_version}/dkms.conf <<"EOF" + +PACKAGE_VERSION="%{dkms_version}" + +# Items below here should not have to change with each driver version +PACKAGE_NAME="openafs" +MAKE[0]='./configure --with-linux-kernel-headers=${kernel_source_dir} --with-linux-kernel-packaging && make && mv src/libafs/MODLOAD-*/openafs.ko .' +CLEAN="make -C src/libafs clean" + +BUILT_MODULE_NAME[0]="openafs" +DEST_MODULE_LOCATION[0]="/extra/openafs/" +STRIP[0]=no +AUTOINSTALL=yes + +EOF + + +############################################################################## +### +### clean +### +############################################################################## +%clean +rm -f openafs-file-list +[ "$RPM_BUILD_ROOT" != "/" -a "x%{debugspec}" != "x1" ] && \ + rm -fr $RPM_BUILD_ROOT + +############################################################################## +### +### scripts +### +############################################################################## +%pretrans -p transarc-client +-- Moves an existing cache directory out of the way so symlink +-- can be created +path = "/usr/vice/cache" +st = posix.stat(path) +if st and st.type == "directory" then + status = os.rename(path, path .. ".rpmmoved") + if not status then + suffix = 0 + while not status do + suffix = suffix + 1 + status = os.rename(path .. ".rpmmoved", path .. ".rpmmoved." .. suffix) + end + os.rename(path, path .. ".rpmmoved") + end +end + +%post client +%if 0%{?fedora} < 15 && 0%{?rhel} < 7 +chkconfig --add openafs-client +%else +if [ $1 -eq 1 ] ; then + # Initial installation + /bin/systemctl daemon-reload >/dev/null 2>&1 || : +fi +%endif +if [ ! -d /afs ]; then + mkdir /afs + chown root.root /afs + chmod 0755 /afs + [ -x /sbin/restorecon ] && /sbin/restorecon /afs +fi + +# Create the CellServDB +[ -f %{_sysconfdir}/sysconfig/openafs/CellServDB.local ] || touch %{_sysconfdir}/openafs/CellServDB.local + +( cd %{_sysconfdir}/openafs ; \ + cat CellServDB.local CellServDB.dist > CellServDB ; \ + chmod 644 CellServDB ) + + +%post server +#on an upgrade, don't enable if we were disabled +%if 0%{?fedora} < 15 && 0%{?rhel} < 7 +if [ $1 = 1 ] ; then + chkconfig --add openafs-server +fi +%{initdir}/openafs-server condrestart + +%post authlibs +/sbin/ldconfig + +%postun authlibs +/sbin/ldconfig + +%preun +if [ $1 = 0 ] ; then + [ -d /afs ] && rmdir /afs + : +fi + +%preun client +%if 0%{?fedora} < 15 && 0%{?rhel} < 7 +if [ $1 = 0 ] ; then + %{initdir}/openafs-client stop + chkconfig --del openafs-client +fi +%else +if [ $1 -eq 0 ] ; then + # Package removal, not upgrade + /bin/systemctl --no-reload disable openafs-client.service > /dev/null 2>&1 || : + /bin/systemctl stop openafs-client.service > /dev/null 2>&1 || : +fi +%endif + +%preun server +%if 0%{?fedora} < 15 && 0%{?rhel} < 7 +if [ $1 = 0 ] ; then + %{initdir}/openafs-server stop + chkconfig --del openafs-server +fi +%else +if [ $1 -eq 0 ] ; then + /bin/systemctl --no-reload disable openafs-server.service > /dev/null 2>&1 || : + /bin/systemctl stop openafs-server.service > /dev/null 2>&1 || : +fi +%endif + +%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7 +%postun client +/bin/systemctl daemon-reload >/dev/null 2>&1 || : + +%postun server +/bin/systemctl daemon-reload >/dev/null 2>&1 || : +%endif + +%endif + + +%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7 +%triggerun -- openafs-client < 1.6.0-1 +# Save the current service runlevel info +# User must manually run systemd-sysv-convert --apply httpd +# to migrate them to systemd targets +/usr/bin/systemd-sysv-convert --save openafs-client >/dev/null 2>&1 ||: + +# Run this because the SysV package being removed won't do it +/sbin/chkconfig --del openafs-client >/dev/null 2>&1 || : + +%triggerun -- openafs-server < 1.6.0-1 +# Save the current service runlevel info +# User must manually run systemd-sysv-convert --apply httpd +# to migrate them to systemd targets +/usr/bin/systemd-sysv-convert --save openafs-server >/dev/null 2>&1 ||: + +# Run this because the SysV package being removed won't do it +/sbin/chkconfig --del openafs-server >/dev/null 2>&1 || : +%endif + +%post -n dkms-openafs +dkms add -m openafs -v %{dkms_version} --rpm_safe_upgrade +dkms build -m openafs -v %{dkms_version} --rpm_safe_upgrade +dkms install -m openafs -v %{dkms_version} --rpm_safe_upgrade + +%preun -n dkms-openafs +dkms remove -m openafs -v %{dkms_version} --rpm_safe_upgrade --all ||: + +############################################################################## +### +### file lists +### +############################################################################## +%files +#-f openafs-file-list +%defattr(-,root,root) +%config(noreplace) /etc/sysconfig/openafs +%{_bindir}/afsmonitor +%{_bindir}/bos +%{_bindir}/fs +%{_bindir}/pagsh +%{_bindir}/pagsh.krb +%{_bindir}/pts +%{_bindir}/restorevol +%{_bindir}/scout +%{_bindir}/sys +%{_bindir}/tokens +%{_bindir}/tokens.krb +%{_bindir}/translate_et +%{_bindir}/xstat_cm_test +%{_bindir}/xstat_fs_test +%{_bindir}/udebug +%{_bindir}/unlog +%{_sbindir}/backup +%{_sbindir}/butc +%{_sbindir}/fms +%{_sbindir}/fstrace +%{_sbindir}/read_tape +%{_sbindir}/rxdebug +%{_sbindir}/uss +%{_sbindir}/vos +%{_sbindir}/vsys +%{_libdir}/librokenafs.so.* +%{_libdir}/libafshcrypto.so.* +%{_libdir}/perl/ukernel.so +%{_libdir}/perl/AFS/ukernel.pm +%{_mandir}/man1/fs*.gz +%{_mandir}/man1/pts*.gz +%{_mandir}/man1/vos*.gz +%{_mandir}/man1/afs.1.gz +%{_mandir}/man1/afsmonitor.1.gz +%{_mandir}/man1/pagsh.1.gz +%{_mandir}/man1/pagsh.krb.1.gz +%{_mandir}/man1/rxdebug.1.gz +%{_mandir}/man1/restorevol.1.gz +%{_mandir}/man1/scout.1.gz +%{_mandir}/man1/tokens.1.gz +%{_mandir}/man1/tokens.krb.1.gz +%{_mandir}/man1/translate_et.1.gz +%{_mandir}/man1/xstat_cm_test.1.gz +%{_mandir}/man1/xstat_fs_test.1.gz +%{_mandir}/man5/afsmonitor.5.gz +%{_mandir}/man1/udebug.1.gz +%{_mandir}/man1/unlog.1.gz +%{_mandir}/man5/uss.5.gz +%{_mandir}/man5/uss_bulk.5.gz +%{_mandir}/man8/bos* +%{_mandir}/man8/fstrace* +%{_mandir}/man1/sys.1.gz +%{_mandir}/man8/backup* +%{_mandir}/man5/butc.5.gz +%{_mandir}/man5/butc_logs.5.gz +%{_mandir}/man8/butc.8.gz +%{_mandir}/man8/fms.8.gz +%{_mandir}/man8/read_tape.8.gz +%{_mandir}/man8/fssync-debug* +%{_mandir}/man8/uss* +%{_mandir}/man5/CellServDB.5.gz +%{_mandir}/man5/ThisCell.5.gz +%doc %{_docdir}/openafs-%{afsvers}/LICENSE + +%files docs +%defattr(-,root,root) +%docdir %{_docdir}/openafs-%{afsvers} +%dir %{_docdir}/openafs-%{afsvers} +%{_docdir}/openafs-%{afsvers}/ChangeLog +%{_docdir}/openafs-%{afsvers}/RELNOTES-%{afsvers} +%{_docdir}/openafs-%{afsvers}/pdf + +%files client +%defattr(-,root,root) +%dir %{_localstatedir}/cache/openafs +%{_sysconfdir}/openafs/CellServDB.dist +%ghost %{_sysconfdir}/openafs/CellServDB +%config(noreplace) %{_sysconfdir}/openafs/CellServDB.local +%config(noreplace) %{_sysconfdir}/openafs/ThisCell +%config(noreplace) %{_sysconfdir}/openafs/cacheinfo +%config(noreplace) %{_sysconfdir}/sysconfig/openafs +%{_bindir}/afsio +%{_bindir}/cmdebug +%{_bindir}/up +%{_sbindir}/afsd +%{_sbindir}/afsd.fuse +%{_prefix}/share/openafs/C/afszcm.cat +%if 0%{?fedora} < 15 && 0%{?rhel} < 7 +%{initdir}/openafs-client +%else +%{_unitdir}/openafs-client.service +%{_sysconfdir}/sysconfig/modules/openafs-client.modules +%endif +%{_mandir}/man1/cmdebug.* +%{_mandir}/man1/up.* +%{_mandir}/man5/afs.5.gz +%{_mandir}/man5/afs_cache.5.gz +%{_mandir}/man5/afs_volume_header.5.gz +%{_mandir}/man5/afszcm.cat.5.gz +%{_mandir}/man5/cacheinfo.* +%{_mandir}/man8/afsd.* +%{_mandir}/man8/vsys.* +%{_mandir}/man5/CellAlias.* + +%files server +%defattr(-,root,root) +%dir %{_sysconfdir}/openafs/server +%config(noreplace) %{_sysconfdir}/openafs/server/CellServDB +%config(noreplace) %{_sysconfdir}/openafs/server/ThisCell +%config(noreplace) %{_sysconfdir}/openafs/server/UserList +%config(noreplace) %{_sysconfdir}/openafs/server/krb.conf +%ghost %config(noreplace) %{_sysconfdir}/openafs/BosConfig +%ghost %config(noreplace) %{_sysconfdir}/openafs/server/rxkad.keytab +%ghost %config(noreplace) %{_sysconfdir}/sysconfig/openafs-server +%{_bindir}/akeyconvert +%{_sbindir}/bosserver +%{_sbindir}/bos_util +%{_libexecdir}/openafs/buserver +%{_libexecdir}/openafs/dafileserver +%{_sbindir}/dafssync-debug +%{_libexecdir}/openafs/dasalvager +%{_libexecdir}/openafs/davolserver +%{_libexecdir}/openafs/fileserver +%{_sbindir}/fssync-debug +%{_sbindir}/pt_util +%{_libexecdir}/openafs/ptserver +%{_libexecdir}/openafs/salvager +%{_libexecdir}/openafs/salvageserver +%{_sbindir}/salvsync-debug +%{_sbindir}/state_analyzer +%{_libexecdir}/openafs/upclient +%{_libexecdir}/openafs/upserver +%{_libexecdir}/openafs/vlserver +%{_sbindir}/volinfo +%{_libexecdir}/openafs/volserver +%{_sbindir}/prdb_check +%{_sbindir}/vldb_check +%{_sbindir}/vldb_convert +%{_sbindir}/voldump +%{_sbindir}/volscan +%if 0%{?fedora} < 15 && 0%{?rhel} < 7 +%{initdir}/openafs-server +%else +%{_unitdir}/openafs-server.service +%endif +%{_mandir}/man3/AFS::ukernel.* +%{_mandir}/man5/AuthLog.* +%{_mandir}/man5/BackupLog.* +%{_mandir}/man5/BosConfig.* +%{_mandir}/man5/BosLog.* +%{_mandir}/man5/FORCESALVAGE.* +%{_mandir}/man5/FileLog.* +%{_mandir}/man5/KeyFile.* +%{_mandir}/man5/KeyFileExt.* +%{_mandir}/man5/NetInfo.* +%{_mandir}/man5/NetRestrict.* +%{_mandir}/man5/NoAuth.* +%{_mandir}/man5/PtLog.* +%{_mandir}/man5/SALVAGE.fs.* +%{_mandir}/man5/SalvageLog.* +%{_mandir}/man5/sysid.* +%{_mandir}/man5/UserList.* +%{_mandir}/man5/VLLog.* +%{_mandir}/man5/VolserLog.* +%{_mandir}/man5/bdb.DB0.* +%{_mandir}/man5/fms.log.* +%{_mandir}/man5/krb.conf.* +%{_mandir}/man5/krb.excl.* +%{_mandir}/man5/prdb.DB0.* +%{_mandir}/man5/salvage.lock.* +%{_mandir}/man5/tapeconfig.* +%{_mandir}/man5/vldb.DB0.* +%{_mandir}/man8/akeyconvert.* +%{_mandir}/man8/buserver.* +%{_mandir}/man8/fileserver.* +%{_mandir}/man8/dafileserver.* +%{_mandir}/man8/dafssync-debug* +%{_mandir}/man8/dasalvager.* +%{_mandir}/man8/davolserver.* +%{_mandir}/man8/prdb_check.* +%{_mandir}/man8/ptserver.* +%{_mandir}/man8/pt_util.* +%{_mandir}/man8/salvager.* +%{_mandir}/man8/salvageserver.* +%{_mandir}/man8/state_analyzer.* +%{_mandir}/man8/upclient.* +%{_mandir}/man8/upserver.* +%{_mandir}/man8/vldb_check.* +%{_mandir}/man8/vldb_convert.* +%{_mandir}/man8/vlserver.* +%{_mandir}/man8/voldump.* +%{_mandir}/man8/volinfo.* +%{_mandir}/man8/volscan.* +%{_mandir}/man8/volserver.* + +%files authlibs +%defattr(-,root,root) +%{_libdir}/libafsauthent.so.* +%{_libdir}/libafsrpc.so.* +%{_libdir}/libkopenafs.so.* + +%files authlibs-devel +%defattr(-,root,root) +%{_includedir}/kopenafs.h +%{_libdir}/libafsauthent.a +%{_libdir}/libafscp.a +%{_libdir}/libafsrpc.a +%{_libdir}/libafsauthent_pic.a +%{_libdir}/libafsrpc_pic.a +%{_libdir}/libkopenafs.a +%{_libdir}/libafsauthent.so +%{_libdir}/libafsrpc.so +%{_libdir}/libkopenafs.so + +%files devel +%defattr(-,root,root) +%{_bindir}/afs_compile_et +%{_bindir}/rxgen +%{_includedir}/afs +%{_includedir}/lock.h +%{_includedir}/lwp.h +%{_includedir}/rx +%{_includedir}/timer.h +%{_includedir}/ubik.h +%{_includedir}/ubik_int.h +%{_includedir}/opr/queue.h +%{_includedir}/opr/lock.h +%{_libdir}/afs +%{_libdir}/liblwp.a +%{_libdir}/libopr.a +%{_libdir}/librx.a +%{_libdir}/librxkad.a +%{_libdir}/librxstat.a +%{_libdir}/libubik.a +%{_libdir}/librokenafs.a +%{_libdir}/librokenafs.so +%{_libdir}/libafshcrypto.a +%{_libdir}/libafshcrypto.so +%{_libdir}/libafsrfc3961.a +%{_libdir}/libuafs_pic.a +%{_mandir}/man1/rxgen.* +%{_mandir}/man1/afs_compile_et.* + +%files krb5 +%defattr(-,root,root) +%{_bindir}/aklog +%{_bindir}/klog.krb5 +%{_bindir}/asetkey +%{_mandir}/man1/aklog.* +%{_mandir}/man1/klog.krb5.1.gz +%{_mandir}/man8/asetkey.* + +%files compat +%defattr(-,root,root) +%{_prefix}/afsws + +%files transarc-client +%defattr(-,root,root) +%dir %{_prefix}/vice +%{_prefix}/vice/* +%ghost %{_prefix}/vice/cache.rpmmoved + +%files transarc-server +%defattr(-,root,root) +%dir %{_prefix}/afs +%dir %{_prefix}/afs/bin +%{_prefix}/afs/bin/* +%{_prefix}/afs/backup +%{_prefix}/afs/etc +%{_prefix}/afs/db +%{_prefix}/afs/local +%{_prefix}/afs/logs + +%files -n dkms-openafs +%defattr(-,root,root) +%{_prefix}/src/openafs-%{dkms_version} + +############################################################################## +### +### openafs.spec change log +### +############################################################################## +%changelog +* Thu Sep 13 2018 Jonathan S. Billings - 1.8.2-1 +- Building 1.8.2 +- Add patches to fix bugs introduced in OPENAFS-SA-2018-001 and + OPENAFS-SA-2018-003, one of which led to compile errors. + +* Fri Apr 13 2018 Jonathan S. Billings - 1.8.0-1 +- Building 1.8.0 final release + +* Fri Jan 5 2018 Jonathan S. Billings - 1.8.0-0.pre4 +- Building 1.8.0 pre4 + +* Tue Dec 5 2017 Jonathan S. Billings - 1.8.0-0.pre3 +- Building 1.8.0 pre3 + +- Disable packaging of kaserver, pam_afs pam modules, kpasswd, man pages +* Wed Dec 14 2016 Jonathan S. Billings - 1.8.0-0.pre1 +- Building 1.8.0 pre1 alpha +- Disable packaging of kaserver, pam_afs pam modules, kpasswd, man pages + and related software +- Include dkms package (from openafs-kmod spec file) + +* Thu Dec 01 2016 Jonathan S. Billings - 1.6.20-1 +- Bumped to 1.6.20 + +* Mon Nov 14 2016 Jonathan S. Billings - 1.6.19-1 +- Bumped to 1.6.19 + +* Wed Jul 20 2016 Jonathan S. Billings - 1.6.18.2-1 +- Bumped to 1.6.18.2 + +* Mon May 9 2016 Jonathan S. Billings - 1.6.18-1 +- Bumped to 1.6.18 + +* Wed Mar 16 2016 Jonathan S. Billings - 1.6.17-1 +- Bumped to 1.6.17 +- Changed systemd units from 0755 to 0644 permissions + +* Thu Dec 17 2015 Jonathan S. Billings - 1.6.16-1 +- Bumped to 1.6.16 + +* Wed Oct 28 2015 Jonathan S. Billings - 1.6.15-1 +- Bumped to 1.6.15 +- Addresses CVE-2015-7762 and CVE-2015-7763 + +* Thu Sep 24 2015 Jonathan S. Billings - 1.6.14.1-2 +- Ignore LD hardening added in Fedora 23 + +* Tue Sep 22 2015 Jonathan S. Billings - 1.6.14.1-1 +- Bumped to 1.6.14.1 + +* Mon Aug 17 2015 Jonathan S. Billings - 1.6.14-1 +- Bumped to 1.6.14 + +* Mon Jul 20 2015 Jonathan S. Billings - 1.6.12-1.1 +- Replace source tarballs with ones prepared by openafs.org + +* Mon Jul 06 2015 Jonathan S. Billings - 1.6.12-1 +- rebuilt against 1.6.12 + +* Fri Jun 05 2015 Jonathan S. Billings - 1.6.11.1-3 +- Create an rpmtrans scriptlet to deal with a removing a directory where + a symlink will eventually be created. + +* Mon May 18 2015 Jonathan S. Billings - 1.6.11.1-2 +- Include our own openafs-client.service, which fixes several startup + issues. + +* Mon May 18 2015 Jonathan S. Billings - 1.6.11.1-1 +- rebuilt against 1.6.11.1 + +* Mon Mar 02 2015 Jonathan S. Billings - 1.6.11-1 +- rebuilt against 1.6.11 + +* Wed Oct 1 2014 Jonathan S. Billings - 1.6.9-1 +- Created initial spec file +