The 1.3.1 and 1.3.2 versions of AFS are versions that came out prematurely. I am not privy to exactly how all that went down. However, the latest release is 1.2.9a, according to the openafs.org website. The 1.3.2-r1 and 1.3.2 ebuilds should be marked ~x86, and the 1.2.9a ebuild I will attach should be marked as the latest stable release. Note that the bug in pinstall is still there. I will also attach a new patch for this bug.
Created attachment 15091 [details] Ebuild for OpenAFS 1.2.9a Attaching the ebuild for 1.2.9a.
Created attachment 15092 [details] Ebuild for OpenAFS 1.2.9a Attaching the ebuild for 1.2.9a.
Created attachment 15093 [details] Ebuild for OpenAFS 1.2.9a Attaching the ebuild for 1.2.9a.
Created attachment 15094 [details, diff] Patch for pinstall for 1.2.9a Sorry for the multiple attachements of teh ebuild. Got an error posting it so retried, and it ended up in here multiple times. Marked the duplicates as obsolete.
Created attachment 15095 [details] Digest for 1.2.9a. Digest for 1.2.9a.
please follow GLSA http://forums.gentoo.org/viewtopic.php?t=44890
1.2.9.a fixes the vulnerability that is listed in http://forums.gentoo.org/viewtopic.php?t=44890 You have to follow the link to the OpenAFS advisory @ http://www.openafs.org/pages/security/OPENAFS-SA-2003-001.txt And in the Fixes section you find FIXES ===== The OpenAFS project recomments that all users of kaserver disable all cross-realm authentication, by either deleting cross-realm keys (using "kas delete"; simply disabling the keys is insufficient), upgrading to OpenAFS 1.2.9 when it becomes available (where kaserver cross-realm authentication is disabled by default), or applying this kaserver patch, which disables cross-realm authentication in kaserver by default: So it looks like 1.2.9a is safe (or at least as safe as 1.3.2).
