Home
release-team@conference.openafs.org
Wednesday, December 16, 2015< ^ >
Room Configuration
Room Occupants

GMT+0
[00:04:03] mvita leaves the room
[06:06:31] Jeffrey Altman leaves the room
[06:06:31] Jeffrey Altman joins the room
[12:31:04] shadow@gmail.com/barnowlABEE2063 leaves the room
[12:31:14] shadow@gmail.com/barnowlABEE2063 joins the room
[13:30:19] shadow@gmail.com/barnowlABEE2063 leaves the room
[13:30:32] shadow@gmail.com/barnowlABEE2063 joins the room
[13:59:22] meffie joins the room
[14:01:40] mvita joins the room
[14:52:25] wiesand joins the room
[15:00:51] <wiesand> Hello
[15:01:10] <meffie> hello
[15:01:20] <mvita> Guten Tag
[15:01:46] <wiesand> morning
[15:01:59] <kadukoafs@gmail.com/barnowl52767402> $timeofday
[15:02:05] <wiesand> Ah.
[15:02:06] <mvita> heh
[15:02:18] <mvita> an elegant solution
[15:02:48] <wiesand> Let’s start. Linux news anyone?
[15:03:19] <wiesand> I guess that’s a no....
[15:03:30] <wiesand> On to 1.6.16 then.
[15:03:43] <wiesand> Any (negative) results from testing?
[15:03:52] <kadukoafs@gmail.com/barnowl52767402> I guess I should push that thing.
[15:04:14] <meffie> no, just smoke testing and spot testing.
[15:04:18] <meffie> here that is.
[15:04:33] <wiesand> If there is nothing else to fix...
[15:05:10] <wiesand> We should probably release it, but including a fix for 132256
[15:05:38] <kadukoafs@gmail.com/barnowl52767402> Well, I just pushed that fix.
[15:05:58] <meffie> "No permission to view ticket"
[15:06:29] <kadukoafs@gmail.com/barnowl52767402> Though I appear to have cleverly left the "FIXES 132256" bit out of
the commit message.  Oh, well.
[15:07:07] <mvita> Oh that one.
[15:07:14] <wiesand> Ah, pushed behind gerrit’s back.. Oh well.
[15:07:40] <mvita> meffie:  it began life as a security issue
[15:07:57] <kadukoafs@gmail.com/barnowl52767402> Only sort-of behind gerrit's back -- gerrit does hold the
authoritative repo, after all.  To really go behind its back, I'd need
to stop the gerrit processes and futz around with bits on disk.
[15:08:12] <wiesand> Ah.
[15:09:17] <wiesand> So, all we need is an update for 12131. Any suggestions for a nice concise paragraph about this?
[15:10:19] <mvita> looking
[15:11:39] <mvita> sorry, what would you like a paragraph for?
[15:11:54] <mvita> the security thing?
[15:12:08] <wiesand> yes
[15:12:10] <mvita> btw I don't see the gerrit submission
[15:12:18] <wiesand> because there is none
[15:12:23] <mvita> ah.
[15:12:35] <wiesand> it’s "the security way"
[15:12:37] <wiesand> i hate it
[15:13:29] <mvita> oh there it is
[15:16:56] <mvita> Fix a generic vulnerability in pioctl logic that allows a one-byte kernel buffer overrun even for unauthorized users.
[15:17:05] <mvita> how's that?
[15:17:24] <kadukoafs@gmail.com/barnowl52767402> Sorry for dropping out a bit -- apparently IETF hotel rooms are like
concert tickets now, and you have to pounce on the right as they
become available if you want one.
[15:17:27] <mvita> well, a comma is needed after the word "overrun"
[15:18:34] <kadukoafs@gmail.com/barnowl52767402> Probably no need to use the word "vulnerability" outside the CVE
number.
[15:19:07] <wiesand> "Fixed a potential denial of service issue in pioctl logic that allowed a one-byte kernel buffer overrun for local users" ?
[15:19:36] <mvita> weisand:  better
[15:19:42] <wiesand> :)
[15:19:44] <mvita> and then the CVE in parentheses
[15:19:54] <kadukoafs@gmail.com/barnowl52767402> Maybe,
"Fix a one-byte buffer overrun in pioctl handling that allowed a local
user to write a single NUL byte past the allocated array,
CVE-2015-8312."
[15:20:25] <wiesand> I like that one
[15:20:39] <kadukoafs@gmail.com/barnowl52767402> I mostly like wiesand's better than mine, but it is the buffer overrun
that allowed the denial of service, not the other way around.
[15:20:40] <mvita> I like the "local" since it stresses that this is not remotely exploitable
[15:20:42] <meffie> nice summary
[15:20:58] <mvita> at least as far as I could determine - see ticket for details
[15:21:56] <kadukoafs@gmail.com/barnowl52767402> That said, I don't object to mine, so weisand should say if he wants
more rewording/advice.
[15:24:40] <wiesand> "Avoid a potential denial of service issue, by fixing a bug in pioctl logic that allowed overrunning a kernel buffer by a single NUL byte for local users" ? (+ commit, RT#, CVE#)
[15:25:25] <kadukoafs@gmail.com/barnowl52767402> "overrunning" is a slightly odd verb tense to use there;
"that allowed a local user to overrun a kernel buffer by a single NUL
byte"?
[15:25:58] <wiesand> Better!
[15:26:27] <mvita> yes, that's good
[15:29:45] <wiesand> pushed a ps2 for 12131 - please have a look
[15:32:23] <mvita> looking
[15:34:32] <mvita> reviewed
[15:35:14] <mvita> +1 as is but I suggested a one word change
[15:36:14] <wiesand> "by" vs. "with" is one of my really weak spots...
[15:36:58] <mvita> either one is good, but with is slightly better ;-)
[15:38:40] <wiesand> pushing SP3
[15:40:15] <wiesand> Once that’s agreed on, I merge it and then 12121 and we habe a 1.6.16?
[15:40:27] <kadukoafs@gmail.com/barnowl52767402> I think so.
[15:40:27] <mvita> tx, +1 without reservation for ps3
[15:41:29] <wiesand> merged
[15:41:48] <kadukoafs@gmail.com/barnowl52767402> I suppose you want a tag, now?
[15:41:56] <wiesand> not yet, wait
[15:44:01] <wiesand> I think now we can tag. 6ffe15c832435472510895df918c23720476c587
[15:45:14] <wiesand> I’ll start rolling tarballs...
[15:45:27] <mvita> yay!
[15:46:51] <meffie> super
[15:48:03] <kadukoafs@gmail.com/barnowl52767402> Have a tag.
[15:48:19] <mvita> hey man, nice tag
[15:48:30] <mvita> one might even say a Guten Tag
[15:49:52] <wiesand> uploading...
[15:52:54] <meffie> fetching ...
[15:53:05] <wiesand> it’s not yet complete
[15:53:14] <meffie> git fetching (the new tag)
[15:53:19] <wiesand> ah ok
[15:53:23] <meffie> sorry :)
[15:54:10] <wiesand> releasing the volume...
[15:54:56] <meffie> btw, do you use 'make dist' to make the tarballs?
[15:55:11] <wiesand> no
[15:55:22] <wiesand> make-release from tools.git
[15:55:48] <meffie> ah, ok. thanks.
[15:56:08] <wiesand> why?
[15:56:24] <meffie> just curious how the tarballs are made.
[15:58:37] <wiesand> % rm -rf /tmp/oa1616; mkdir /tmp/oa1616; make_release --last 42c8b10 --dir /tmp/oa1616 openafs-stable-1_6_16
Updating configuration...
Running aclocal
Running autoconf
Running autoconf for configure-libafs
Running autoheader
Deleting autom4te.cache directory
Building man pages
[16:00:58] <kadukoafs@gmail.com/barnowl52767402> And, I'm a pumpkin.
I made some comments on the external-log-rotation changes; some of
them need work.
[16:01:28] <wiesand> Oh, pity.
[16:01:30] <kadukoafs@gmail.com/barnowl52767402> Andrew "found" a flaw (reiterated a previous comment that I missed,
really) in the shake-loose-vcaches thing.
[16:01:40] <wiesand> I’m working on the srpm.
[16:01:56] <wiesand> I’m afraid the announcement and web change will have to wait til tomorrow.
[16:02:09] <meffie> (btw, make-release is under openafs.git (build-tools/make-release) not tools.git)
[16:02:22] <wiesand> Or at least later today
[16:02:36] <wiesand> oh, sorry
[16:03:30] <wiesand> make_www_release was from tools.git
[16:03:57] <meffie> ah, yes. confusingly named tools are the way of life.
[16:04:28] <wiesand> No it’s just my memory.
[16:06:08] <meffie> ok, thank you for the comments on externalize-log-rotate! i will look at those this week. and yes, the shake-harder patchset 9 is wrong.
[16:06:59] <wiesand> I’ll try to get the web change + draft announcement done today, but can’t promise.
[16:07:07] <meffie> ok, thank you!
[16:08:23] <wiesand> SRPM uploaded.
[16:08:56] <wiesand> I’ll also run a last round of smoke tests with the final thing.
[16:09:01] <wiesand> Just being paranoid.
[16:09:43] <wiesand> But I’m fairly optimistic...
[16:09:55] <wiesand> Anything else to discuss now?
[16:10:03] <mvita> not that I can think of
[16:10:23] <wiesand> Ah BTW, does anyone happen to have a 1.4 backport of the security fix?
[16:10:32] <wiesand> And is willing to share it?
[16:12:32] <wiesand> Nevermind ;-)
[16:12:56] <meffie> i dont think a backport exists, but we can look.
[16:13:03] <meffie> look at making one that is
[16:13:26] <mvita> yes, I'm willing to do it if you think we should
[16:13:44] <wiesand> That would be great. I had a look, and it seemed doable but non-trivial for me.
[16:13:55] <mvita> I'll do it.
[16:14:11] <mvita> do you want a commit to 1.4.x?
[16:14:22] <mvita> or just a patch agains 1.4.last?
[16:14:46] <wiesand> I think it won’t matter much.
[16:14:50] <mvita> k
[16:15:52] <wiesand> I pushed a backport of one of the recent security fixes to gerrit, just for review/info. A change on top of that would be most useful.
[16:16:34] <mvita> okay
[16:16:39] <wiesand> 12075
[16:17:39] <wiesand> The background is that I’m trying to keep SL5 alive with openafs-1.4
[16:17:45] <wiesand> one more year
[16:19:21] <wiesand> ok I have to run. Thanks a lot for being here today and your help!
[16:20:30] <wiesand> Bye
[16:20:32] wiesand leaves the room
[16:20:34] <meffie> bye
[16:21:08] <mvita> tx everybody, later
[16:21:14] mvita leaves the room
[16:55:26] <kadukoafs@gmail.com/barnowl52767402> The debian-squeeze-lts folks did something with 1.14; I think that was
the rx-acks-leak-plaintext thing.
[16:55:49] meffie leaves the room
[22:11:05] Jeffrey Altman leaves the room
[22:11:05] Jeffrey Altman joins the room
Powered by ejabberd Powered by Erlang Valid XHTML 1.0 Transitional Valid CSS!