Bug#982002: buster-pu: package openafs/1.8.2-1

To: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Cc: 982002@bugs.debian.org
Subject: Bug#982002: buster-pu: package openafs/1.8.2-1
From: Benjamin Kaduk <kaduk@mit.edu>
Date: Fri, 5 Feb 2021 09:17:29 -0800
Message-id: <[🔎] 20210205171729.GI21@kduck.mit.edu>
Reply-to: Benjamin Kaduk <kaduk@mit.edu>, 982002@bugs.debian.org
In-reply-to: <[🔎] 3d843a05bc2a6d7d2d82a24122b2b1ac1e6459f3.camel@adam-barratt.org.uk>
References: <[🔎] 161254313287.68055.6357219228869901814.reportbug@pleonasm.kaduk.org> <[🔎] 3d843a05bc2a6d7d2d82a24122b2b1ac1e6459f3.camel@adam-barratt.org.uk> <[🔎] 161254313287.68055.6357219228869901814.reportbug@pleonasm.kaduk.org>

On Fri, Feb 05, 2021 at 05:11:31PM +0000, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Fri, 2021-02-05 at 08:38 -0800, Benjamin Kaduk wrote:
> > All upstream openafs releases from the 1.8.x series, prior to 1.8.7,
> > contain a "time bomb" bug that activates when the unix epoch time
> > passes 0x60000000 (Thu 14 Jan 2021 08:25:36 AM UTC).
> 
> Given the statement "prior to 1.8.7", it would have been helpful to be
> explicit about the fact that the Debian package of 1.8.6-5 (in unstable
> and testing) contains the fixes.

Sorry.  upstream 1.8.7 is equivalent to debian 1.8.6-5 in this regard (I
prepared the debian version before the upstream release due to the delays
in the upstream CI machinery).

> [...]
> > Both AFS clients and AFS servers are affected.
> > Unpatched clients started after the cutover time are unable to
> > perform any filesystem access (the error "connection timed out" is
> > reported).
> > Unpatched file servers started after the cutover time are unable to
> > connect to protection servers and verify user group membership to
> > enforce ACLs, and are unable to connect to other file (volume)
> > servers to move volumes.
> > Unpatched database servers started after the cutover time are unable
> > to connect to each other, resulting in a breakdown of the ubik
> > distributed consensus protocol in deployments that use more than one
> > database server (three databaser servers is common).
> 
> The timing here is rather unfortunate. The next point release for
> buster is tomorrow, and it's far too late to get any additional changes
> in to that.
> 
> Please feel free to upload, and we can look at processing the package
> after the point release is out of the way. I assume you'd appreciate a
> stable-updates release for the updated package, rather than waiting for
> the following point release?

Yes, that would be appreciated.

> Having said that, there are presumably already a bunch of broken
> servers, given there was a kernel security update for buster recently
> and we're already a few weeks past the relevant timestamp. :-(

Salvatore did remind me of that, yes :(

I incurred some unfortunate delays in being able to actually test the
updated packages in a buster environment personally.

Thanks,

Ben

Reply to:

Follow-Ups:
- Bug#982002: buster-pu: package openafs/1.8.2-1
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

References:
- Bug#982002: buster-pu: package openafs/1.8.2-1
  - From: Benjamin Kaduk <kaduk@mit.edu>
- Bug#982002: buster-pu: package openafs/1.8.2-1
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: Processed: Re: Bug#982002: buster-pu: package openafs/1.8.2-1
Next by Date: Bug#982030: nmu: libpod_libpod
Previous by thread: Bug#982002: buster-pu: package openafs/1.8.2-1
Next by thread: Bug#982002: buster-pu: package openafs/1.8.2-1
Index(es):
- Date
- Thread