CVS commit: pkgsrc/filesystems/openafs

["Jonathan A. Kollasch" <jakllsch%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   jakllsch
Date:           Fri Nov 15 18:14:42 UTC 2024

Modified Files:
        pkgsrc/filesystems/openafs: Makefile distinfo

Log Message:
update openafs to 1.8.13:

                       User-Visible OpenAFS Changes

OpenAFS 1.8.13

  All client platforms

    * Fix OPENAFS-SA-2024-001: theft of credentials in Unix client PAGs
      (CVE-2024-10394)
      Local users can bypass the PAG throttling mechanism in Unix clients and
      create a PAG using an existing id number and thereby gain access to any
      credentials in that PAG.

    * Fix OPENAFS-SA-2024-003: buffer overflows in XDR responses
      (CVE-2024-10397)
      A malicious server can return more data than the preallocated buffer
      holds and cause a buffer overflow, which can crash the OpenAFS cache
      manager and other client utilities, and possibly result in arbitrary
      code execution.

  All platforms

    * Fix OPENAFS-SA-2024-002: unsafe memory access in ACL processing
      (CVE-2024-10396)
      Authenticated users can provide malformed ACLs to the fileserver's
      StoreACL RPC, causing the fileserver to crash, possibly expose the
      contents of uninitialized memory, and possibly store garbage data
      in the audit log.
      Malicious servers or network MITM can provide malformed ACLs to
      clients, possibly causing the process to crash and possibly storing
      the contents of uninitialized memory in ACLs stored on the server.


To generate a diff of this commit:
cvs rdiff -u -r1.26 -r1.27 pkgsrc/filesystems/openafs/Makefile
cvs rdiff -u -r1.27 -r1.28 pkgsrc/filesystems/openafs/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/filesystems/openafs/Makefile
diff -u pkgsrc/filesystems/openafs/Makefile:1.26 pkgsrc/filesystems/openafs/Makefile:1.27
--- pkgsrc/filesystems/openafs/Makefile:1.26    Thu Oct 10 19:49:58 2024
+++ pkgsrc/filesystems/openafs/Makefile Fri Nov 15 18:14:42 2024
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.26 2024/10/10 19:49:58 wiz Exp $
+# $NetBSD: Makefile,v 1.27 2024/11/15 18:14:42 jakllsch Exp $
 
-DISTNAME=      openafs-1.8.12-src
+DISTNAME=      openafs-1.8.13-src
 PKGNAME=       ${DISTNAME:C/-src//}
 CATEGORIES=    filesystems net sysutils
 MASTER_SITES=  http://www.openafs.org/dl/openafs/${PKGVERSION_NOREV}/

Index: pkgsrc/filesystems/openafs/distinfo
diff -u pkgsrc/filesystems/openafs/distinfo:1.27 pkgsrc/filesystems/openafs/distinfo:1.28
--- pkgsrc/filesystems/openafs/distinfo:1.27    Thu Oct 10 15:53:21 2024
+++ pkgsrc/filesystems/openafs/distinfo Fri Nov 15 18:14:42 2024
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.27 2024/10/10 15:53:21 jakllsch Exp $
+$NetBSD: distinfo,v 1.28 2024/11/15 18:14:42 jakllsch Exp $
 
-BLAKE2s (openafs-1.8.12-src.tar.bz2) = 0f525310611d9a112b8c59a19c950b24da127e7d0f79097f74c25c20ef90631e
-SHA512 (openafs-1.8.12-src.tar.bz2) = 24fecf29ca5fbfc0e8c903918e21ec11cd9fc8b7c2f323a7779ea3ad20060eb4fc61055044fe66e756662113078224bd843e4d51262ef2ba0e916d9466081e19
-Size (openafs-1.8.12-src.tar.bz2) = 15047621 bytes
+BLAKE2s (openafs-1.8.13-src.tar.bz2) = 6a03988d8dba1027a945278b3b985da7836818ae9fda317419c130d687fe85dd
+SHA512 (openafs-1.8.13-src.tar.bz2) = f2b60b3942ba21a4f0fd837dfda1a9659ebe4d2f96edfbe7162e97faa8c5887fbea8fdef958af396356b78793f06e6744566a1aa6b70df2164c9ab37c06e2cd9
+Size (openafs-1.8.13-src.tar.bz2) = 15053864 bytes
 SHA1 (patch-src_cf_osconf.m4) = 6eae9ab0821c496f59ebd611c270b46d511a751f
 SHA1 (patch-src_cf_sysname.m4) = 7f45f6387bf959d2026be369cbbfec1a96ff424b
 SHA1 (patch-src_config_afs__sysnames.h) = b13d5f701e9df3d7bd943a97e4c60632c2df1196