[Bug 1832690] Re: [SRU] Upgrade Ubuntu 20.04, 22.04 and 23.04 to 1.8.10

Mon Sep 11 15:34:07 UTC 2023

@luis220413, on IRC you said you wanted a microrelease update based on
https://wiki.ubuntu.com/StableReleaseUpdates#New_upstream_microreleases

One of the various requirements under that section says:

"The upstream QA process must be documented/demonstrated and linked from
the SRU tracking bug"

But I don't see that detail here.

I also don't see any dep8 tests provided by this package.

This bug was filed in 2019 and only 4 people have marked themselves as
affected in that time. Presumably there are many other users using the
packaging who are unaffected. We need to respect those users by making
sure that any changes we make are tested properly. It would be
unacceptable to those users if we regressed them having not performed
adequate testing.

So this is not ready for sponsorship right now, so I'm unsubscribing
~ubuntu-sponsors.

The process defined at
https://wiki.ubuntu.com/StableReleaseUpdates#New_upstream_microreleases
permits skipping regular SRU QA under very specific circumstances where
suitable alternative QA is available. If the package is unable or it's
otherwise challenging to meet these requirements, then pushing for that
approach is just going to delay getting updates for users. The usual
path - justifying and QA-ing each required change individually - also
remains available, but requires a developer to do the work.

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1832690

Title:
  [SRU] Upgrade Ubuntu 20.04, 22.04 and 23.04 to 1.8.10

Status in openafs package in Ubuntu:
  Fix Released

Bug description:
  [Impact]
  To fix several CVEs and client cache corruption and to provide performance and reliability improvements, I would like to upgrade the versions in Ubuntu 20.04, 22.04 and 23.04 to 1.8.10.

  [Test Plan]

  1. For each updated source package, run its autopkgtests in a clean Ubuntu VM with the release the package was built for, using the binaries in the proposed pocket.
  2. Install the openafs-client package in an Ubuntu system.
  3. Create AFS cells on other Ubuntu systems running the same Ubuntu version or a different version (by installing the openafs-fileserver package).
  4. Connect the first system to those AFS cells. To minimize regression risk, we will test all possible version combinations.
  5. Connect the first system to AFS cells with non-Ubuntu servers, such as afs.ist.utl.pt (the AFS cell of our university).
  6. Reboot all Ubuntu systems being used for the test and repeat steps 4 and 5.
  7. In all systems being used for the test, enable the proposed pocket, install kernels from the proposed pocket (sudo apt install linux-generic/$RELEASE-proposed) and repeat step 6.
  7. In all systems being used for the test, disable the proposed pocket and remove all kernels installed from the proposed pocket.
  8. In all systems being used for the test, boot into a previous kernel and repeat steps 3, 4 and 5.
  9. Remove the openafs-client package in the first system.
  10. Remove the openafs-fileserver package from the AFS cells created in step 3.
  11. Reboot.
  12. Install the openafs-fileserver package on the systems where the AFS cells were created in step 3.
  13. Install the openafs-client package on the first system.
  14. Repeat steps 4 and 5.

  [Where problems could occur]

  The OpenAFS client runs as a kernel module and can crash the system or
  corrupt kernel data structures, possibly creating security issues.

  [Original description]

  I'm sure it wasn't so much a decision to ship this version in Bionic
  as an artefact of freeze dates, etc, but 1.8.0~pre5 is seemingly not a
  very good place to be.  In OpenDev infrastructure we have noticed
  unfortunate behaviour like serving corrupt files and then holding onto
  them in the cache.  Some terse notes are at [1]

  We have some discussions with developers involved in upstream who have
  confirmed that the early 1.8 series have a range of known issues that
  can cause such problems [2].

  So, yeah, I think upgrading this is not really a matter of just nice
  to have, but it's pretty much unusable since the version currently in
  the base distro just does really nasty things like random corruption.

  There doesn't seem to be too many obstacles to incorporating later
  versions; [3] has 1.8.2 packaged and I have built 1.8.3 for Bionic
  from upstream sources too [4].  Either of these seem like better
  choices for LTS.  I haven't marked this as a security issue, but there
  are certainly security related bugs fixed.

  If there is anything I can do to help, please let me know...

  [1] https://etherpad.openstack.org/p/opendev-mirror-afs
  [2] http://eavesdrop.openstack.org/irclogs/%23openstack-infra/%23openstack-infra.2019-06-12.log.html#t2019-06-12T03:49:41
  [3] https://launchpad.net/~openafs/+archive/ubuntu/stable
  [4] https://launchpad.net/~openstack-ci-core/+archive/ubuntu/openafs

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openafs/+bug/1832690/+subscriptions