commit 06b800f6f1022fa4b86eb9023b75028f2e2cfeab Author: Benjamin Kaduk Date: Thu Jan 14 13:08:41 2021 -0800 Make OpenAFS 1.8.7 Update version strings for the 1.8.7 emergency patch release. Change-Id: I665bedad864b1c2cbbe55978d6b06e917ed26faa commit f3b5c62660a48f693897d2faa1cecfd1c10307de Author: Benjamin Kaduk Date: Thu Jan 14 13:06:18 2021 -0800 Update NEWS for 1.8.7 Add the release notes for the 1.8.7 emergency patch release. Change-Id: I813f11e4e72c12cb927f66472b099febbf3d899f commit 81a3600bfdcc122d43c75720e83317dcc2a9e6a1 Author: Benjamin Kaduk Date: Thu Jan 14 10:20:59 2021 -0800 Remove overflow check from update_nextCid The rx_nextCid global has been an unsigned type since http://gerrit.openafs.org/11106 (which was actually merged before the refactoring of overflow check to avoid signed integer overflow) and thus there is no need to avoid signed overflow. The per-connection cid has been unsigned since the IBM import. The natural unsigned behavior on overflow of wrapping is the desired behvaior here, so just remove the extra logic and always increment. Reviewed-on: https://gerrit.openafs.org/14496 Reviewed-by: Jeffrey Hutzelman Reviewed-by: Benjamin Kaduk Tested-by: Benjamin Kaduk (cherry picked from commit 43ef1f2a5d80aa1c3f5b4831ada8e776ac0c7d13) Change-Id: I64fabe5229039f7af040902ed2e6f03dba7bc14d Reviewed-on: https://gerrit.openafs.org/14497 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot Reviewed-by: Cheyenne Wills (cherry picked from commit 5004f888e32e8274fcd8a28a7bff6aa3a79f41c8) commit 6f898c4c711d0aff7ea452670164802b5e423c18 Author: Jeffrey Altman Date: Thu Jan 14 09:57:13 2021 -0500 rx: update_nextCid overflow handling is broken The overflow handling in update_nextCid() produces a rx_nextCid value of 0x80000001 which itself is out of the valid range. When used to construct the first call of a new connection the connection id for the call becomes 0x80000002, and all subsequent connections also trigger the overflow handling and thus also receive connection id 0x80000002. If the same connection id is used for multiple connections from the same endpoint the accepting rx peer will be very confused. When authenticated connections are used, the CHALLENGE/RESPONSE will fail because of a mismatch in the connection's callNumber array. If an initiator makes only a single connection to a given rx peer, that connection would succeed, but once multiple connections are initiated all communication from a broken initiator to any rx peer will fail. The incorrect overflow calculation was introduced by 39b165cdda941181845022c183fea1c7af7e4356 ("Move epoch and cid generation into the rx core"). This change corrects the overflow value to become 1 << RX_CIDSHIFT Reviewed-on: https://gerrit.openafs.org/14492 Reviewed-by: Andrew Deason Reviewed-by: Benjamin Kaduk Tested-by: Benjamin Kaduk (cherry picked from commit 2c0a3901cbfcb231b7b67eb0899a3133516f33c8) Change-Id: I74d70706ddf99022bed639891cb610fba9ef863d Reviewed-on: https://gerrit.openafs.org/14494 Tested-by: BuildBot Reviewed-by: Cheyenne Wills Reviewed-by: Mark Vitale Reviewed-by: Benjamin Kaduk Reviewed-by: Andrew Deason (cherry picked from commit f5ed8c2fac4c94914099881250f5f2e893f3f9f7) commit 54c56dfa423bac14db117f5ec641ebe0eda705e3 Author: Jeffrey Altman Date: Thu Jan 14 09:41:39 2021 -0500 rx: rx_InitHost do not overwrite RAND_bytes rx_nextCid 39b165cdda941181845022c183fea1c7af7e4356 ("Move epoch and cid generation into the rx core") introduced the use of RAND_bytes() to generate the initial 'rx_nextCid' but failed to remove the rx_nextCid = ((tv.tv_sec ^ tv.tv_usec) << RX_CIDSHIFT; assignment inherited from IBM/Transarc. At Thu, 14 Jan 2021 08:25:36 GMT the IBM inherited calculation overflows the value CID range. This triggers broken overflow logic in update_nextCid(). Reviewed-on: https://gerrit.openafs.org/14491 Reviewed-by: Andrew Deason Tested-by: Andrew Deason Reviewed-by: Jeffrey Hutzelman Reviewed-by: Cheyenne Wills Tested-by: Mark Vitale Reviewed-by: Benjamin Kaduk (cherry picked from commit a3bc7ff1501d51ceb3b39d9caed62c530a804473) Change-Id: If5f7d4ba1cacc6978c83fd512653fbaa0c1559d8 Reviewed-on: https://gerrit.openafs.org/14493 Reviewed-by: Cheyenne Wills Reviewed-by: Mark Vitale Reviewed-by: Benjamin Kaduk Tested-by: Benjamin Kaduk Reviewed-by: Andrew Deason (cherry picked from commit a41fe24be574f35ca852fc3ea9750e370cdb71d0)