/
NEWS
5766 lines (3489 loc) · 179 KB
/
NEWS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
User-Visible OpenAFS Changes
OpenAFS 1.8.0pre2
All Platforms
* Substantial code quality improvements, largely spotted by Coverity and
clang's static analysis.
- Add new library for platform independent functions (opr).
- Remove arbitrary path name length limits.
- Convert to Heimdal's roken library for reliability.
- Avoid garbage in allocated buffers (calloc).
- Modernize signal handling in pthreaded server processes (softsig).
- Improve code comments and additional Doxygen style comments.
- Reduce compiler warnings, dead code, unused variables, and
undefined behavior.
- Fix bugs found by static code analyzer (clang-analyzer).
- Improved unit test coverage.
- Make VLDB flag definitions consistent.
- Improve use of run-time assertions and add static assertions.
- Add compiler attributes to assist static analyzers.
- Clean up include headers in the entire tree.
- Improve command-line handling library (libcmd).
- Replace hash functions with Jenkin's hash function for faster
and more evenly distributed lookups.
- Provide a red-black tree data structure to enable algorithmic speedups.
- Convert backup and salvage servers to the common logging API (libutil).
- Improve volume id data type consistency (VolumeId).
- Import APIs for kerberos-style profile configuration support.
- Add new APIs to support UserList identities.
- Add new APIs to support tabular output from command-line utilities.
- Convert vnode macros to inline-functions.
* Improved support for non-DES encryption types:
- Convert to Heimdal's hcrypto library to support RFC 3961.
- Add extended key file format replacing rxkad.keytab, and
new key management APIs.
- Add support for extended key types to asetkey.
- Add akeyconvert to assist in upgrading to OpenAFS 1.8.x by converting an
existing rxkad.keytab file to an extended key file.
- Do not install the kaserver and related utilities by default to
discourage the use of these DES-dependent components.
- Remove obsolete klogin and klogin.krb programs.
- Add new token APIs to support new rx security classes.
* Migrate from LWP to POSIX threads (pthreads):
- Convert the ptserver and vlserver from LWP to pthreads.
- Remove LWP version of the file server binary.
- Convert afsd, aklog, asetkey, klog.krb5, pts, udebug, and vos, from LWP
to pthreads.
* Improvements to Rx:
- Restructure the Rx API to privatize the implementation.
- Convert rx events to a red-black tree data structure to improve
performance.
- Convert from mutexes to atomic operations for counters to reduce lock
contention.
- Provide per-opcode Rx statistics.
- Add an rx_opaque data type to support non-DES encryption types
and general code cleanup.
- Wake up the application thread after 'twind' is updated to avoid 100ms
transmit delays when the receive window transitions from closed to
open.
* Libraries (both internal and installed) are built using libtool, including
libuafs. The resulting shared libraries for libafsrpc and libafsauthent
should be more usable than previously.
* Improvements to the build system:
- Convert to libtool to build shared libraries.
- Clean up and improve the build system.
- Support out of tree builds.
- Add a makefile target to generate Doxygen source code documentation.
- Link the Java API for OpenAFS with libuafs.a and remove the
libjuafs.a library.
- Always build the rxperf tool.
- Fix man-page generation by make after ./regen.sh -q
- Support the SOURCE_DATE_EPOCH environment variable to improve build
reproducibility.
- Modernize language specific SWIG typemaps for libuafs Perl bindings.
* Improvements to documentation:
- Document the new KeyFileExt file.
- Reorganized the README files.
- Improvements and fixes to documentation generation.
- Add experimental epub and mobi support
- Remove obsolete LWP information from the file server documentation.
- Update and reorganize the Quick Start Guide.
- Update the Admin Guide.
- Remove AIX, HP-UX, and IRIX information from the Quick Start Guide.
- Document the vldb and prdb (ubik) file formats.
- Add PtLog man page.
- Corrections and clarifications to man pages.
- Add ubik threading analysis doc.
* Improvements for troublshooting, debugging, and testing:
- Log more details on volume-server-to-fileserver communication errors
when possible.
- Set thread names in pthreaded servers on platforms which support
thread names.
- Add dynroot lock tracking to cmdebug
- Fix tracking of an fstrace call site in the cache manager background
process.
- Add the afsload tool to simulate multiple cache managers for file server
load testing.
- Add run-time checks for refcount imbalances in the cache manager.
- Fix missing newlines in afsd -debug output.
* Developer tool improvements:
- Improvements and fixes for rxgen (used to generate Rx RPC bindings).
- Add tool for man page verification of command options.
- Add tool to find Unix cache manager lock identification numbers.
- Add an option for pretty build output.
* RPM packaging updated:
- Update the spec file to keep up with accumulated changes.
- Move the klog.krb5 man page to the openafs-krb5 sub-package.
- Prevent double-starting client on RHEL7
- Convert rpm spec file from deprecated 'make dest' to 'make install'.
- Fix rpmbuild command line option default handling.
* Add a new protection error code (PRNAMETOOLONG) instead of silently
truncating names which exceed the maximum name length (PR_MAXNAMELEN).
* Add an implementation limit (50000) on the number of names/ids which can
be transmitted by unauthenticated clients to the ptserver, avoiding
excessive resource consumption from unauthenticated requests.
* Add the -config option to vos, pts, and aklog to specify the path to the
cell configuration files.
* Add more details in vos release -verbose output.
* Add the cacheout -encrypt option to encrypt communication between the
cacheout client and the fileserver.
* Add the command line options to the afsio program to enable encryption of
traffic between afsio and the fileserver (-clear, -crypt).
* Add the vos release -force-reclone option to force recloning the volume to
be released without forcing a full volume dump being transmitted to all
remote sites.
* Fix vos to avoid writing loopback addresses into the VLDB in
certain cases.
* Print bos and pts error messages to standard error instead of
standard out.
* Improve formatting of the -help output of all commands.
* Change -n to -dryrun in all backup subcommands.
* Change the backup deletedump -port command line option to -portoffset.
* Add user and build host in the version string returned by
rxdebug -version.
All Server Platforms
* Ubik servers using pthreads are now available and are used by default
* As part of improving Ubik reliability in certain edge cases, an extra
election cycle (about 60 seconds) may be needed before writes are
permitted. This is a conservative change that may be removed in
the future.
* Remove periodic background fsync by the fileserver (ihandle fsync thread).
* Fix potential file handle leak in the file server ihandle caching layer.
* Disable the so-called "hot threads" feature in the file server. The hot
threads feature was intended as an optimization for dispatching incoming
calls to the current listener thread, but has been reported to incur a
performance penalty on modern multi-core systems.
* Do not permit creation of users with id of ANONYMOUSID.
* Do not save/restore host states in the fsstate.dat file for hosts which
are in the process of retrieving CPS information from the ptserver when
the fileserver is being shutdown. This fixes a bug in which the fileserver
will incorrectly block all threads following a restart.
* Add the ptserver -restrict_anonymous option to inhibit exposure of user
names from the ptserver.
* Do not truncate server log files by default when server processes
are started. The -transarc-logs option provides backward compatibility
with IBM AFS log handling on server startup. Log messages may be lost
in back-to- back restarts when a server is running in this mode.
* Reopen server logs on SIGUSR1. This may be used by third-party log
rotation tools, such as logrotate, to reopen the log file handles after
log files have been renamed.
* Fix various bugs when logging with -mrafslogs enabled.
* Dynamically reload the kerberos realm to AFS cell mapping (krb.conf) and
exclusions for mapping kerberos principals to AFS identities (krb.excl)
configuration when the CellServDB cell configuration file is touched.
Previously, a restart of the file server was required after updating the
kerberos mapping configuration files.
* Add a command line option (-restricted_query) to the vlserver and
volserver to restrict information queries about volumes to a specific
group of users.
* Add a command line option to the server programs to specify an alternate
fully qualified log file name (-logfile).
* Add a command line option (-config) to the server programs to specify
an alternate path to the server configuration.
* Add a command line option to the ptserver and vlserver to specify an
alternate path to the database data files.
* Add a command line option to the volume server to enable encryption of
volume-server-to-volume-server-traffic (-s2scrypt).
* Increase the maximum number of LWP threads allowed for the ptserver and
vlserver from 16 to 64 (-lwp).
* Remove an unused file server command line option (-k).
* Fix an incorrect assertion in Demand Attach File Server which could cause
the file server process to abort in certain rare conditions.
* Deprecate the -bitmap-later configure option for non-Demand-Attach File
Servers (DAFS).
* Add -vhashsize support to non-Demand-Attach File Servers (DAFS).
* Add support for subnet ranges in the NetInfo and NetRestrict
configuration files.
* Add the GetXStats RPC to the audit log.
* Fix directory creation by bosserver when built for non-Transarc paths.
* Fix incomplete list of server addresses retreived by vos listaddr when the
vldb contains unreferenced multi-homed server entries.
* Remove obsolete bos blockscanner and unblockscanner commands that
were only needed for the removed MR-AFS functionality.
* Remove obsolete bos salvage options that were only used by the
removed MR-AFS functionality..
* Remove calls to the deprecated sbrk() function.
* Add an experimental feature to database servers to support ubik reads
while write transactions are in progress, enabled at build time with the
--enable-ubik-read-while-write configure option. This feature is not
considered ready for production usage at this time.
* Avoid filling the FileLog with "Volume x offline: not in service" when
a volume is administratively taken offline with vos offline.
* Print an error message when bosserver is started with an unknown
command line option.
* Modify the volume updateDate when the volume is changed by a salvage.
* Volume usage statistics are now preserved during reclone and restore
operations by default, the behavior previously enabled by
the -preserve-vol-stats flag to the volserver. The historical behavior
can be retained via the -clear-vol-stats argument.
All Client Platforms
* Use rxkad_crypt by default for connections to fileservers. This matches
the existing behavior of the Windows client and has been applied by
the distribution packaging on many platforms already.
* Add support for relative ACL changes with fs setacl. If a single plus (+)
or minus (-) character is appended to the rights' letters argument, the
new rights are computed relatively to the existing ones.
* Remove afsd -settime and afsd -nosettime support.
* Add the afsd -inumcalc option to specify the method used to calculate
inode numbers presented by AFS.
* Add the afsd -volume-ttl option to specify set the maximum amount of time
information retrieved from the vlserver will be cached, regardless of
callback expiry times.
* Return EIO on internal errors instead of the misleading ENOENT.
* Log ICMP errors received, if any, for unreachable servers.
* Improve performance of clients with multiple PAGs for different cells.
* Fix race condition between changing and using user tokens among cache
manager threads.
* Fix fs sysname for users with UID 2748 and 2750 when not running
in -rmtsys mode.
* Add Perl bindings for the user-space cache manager library (libuafs).
* Fixes to the bypasscache feature.
* Fix fs getcacheparms miscounts.
* Remove the obsolete Netscape plugin.
Linux
* Remove Linux 2.2 and 2.4 support.
* Changes to avoid EIO errors with multiple processes doing intensive mmap
writing. (Drop PageReclaim AOP_WRITEPAGE_ACTIVATE.)
* Prevent fakestat data inconsistencies in certain cases (131855).
* Fix dentry leak which can cause a crash on shutdown.
* Fix improper use of ENOENT and avoid incorrect use of linux negative
dentry cache.
* Improve error reporting when encountering corrupt directories.
* Improve rx error handling in the Linux cache manager.
* Rename kpasswd to kapasswd when packaging RPMs to avoid colliding with
Kerberos kpasswd.
* Do not use the obsolete --enable-largefile-fileservers configure option
when packaging RPMs.
* Use the RemainAfterExit systemd feature to avoid premature exit
when -afsdb is not given, for RPM packages.
* Remove Debian packaging files from the OpenAFS source tree. Debian
packaging files are currently maintained in the downstream Debian
infrastructure.
* Add the sparc_linux26 sysname.
* Desupport 32-bit Linux kernels on s390/s390x.
* Fix Debian/Ubuntu build regression on kernel 3.16.39.
* Fix --enable-kernel-debug for linux 4.8+.
* Support linux 4.10, 4.11, 4.12
Solaris
* Remove support for all Solaris and SunOS platforms prior to Solaris 8.
* Build 64-bit binaries for Solaris x86 by default.
* Use one-group PAGs on Solaris 11, which is required for PAG support
on Solaris 11 since supplemental groups must be sorted starting with
Solaris 11.1.
* Update search paths for solaris cc for recent versions Solaris Studio.
* Modernize declaration of module dependences by converting from the
deprecated _depends_on symbol to ELF dependencies.
* Avoid BAD TRAP panic due to invalid opcodes on x86 with Studio 12.5.
MacOS
* Stop processing upcalls once rx shutdown starts.
* Enable atomics for the darwin kernel.
* Add a syscall to enable/disable bulkstat at run-time, which is
disabled by default.
* Fix path to binaries in the prefpane.
* Fix builds on MacOS 10.12 by building only the active architecture
by default.
FreeBSD
* Use the native kernel module build system instead of an ad hoc
replacement build system.
* Remove FreeBSD packaging files from the OpenAFS source tree. FreeBSD
packaging files are currently maintained in the downstream FreeBSD Ports
Collection.
* Stay up to date with new FreeBSD releases (through 10.3).
* Do not claim AFS_VM_RDWR_ENV
NetBSD
* Stay up to date with new NetBSD releases (through 7.x)
* Update to use cprng(9) as the randomness source on NetBSD 6.99/7.x.
* Build system updates for NetBDS 6.99.x
* Do not claim AFS_VM_RDWR_ENV
OpenBSD
* Stay up to date with new OpenBSD releases (through 4.7)
* Do not claim AFS_VM_RDWR_ENV
AIX
* Updates for AIX support.
* Fix build system for AIX exports.
* Add the uidpag and localuid runtime options to the aklog LAM plugin.
(These runtime options override the use of UID-based PAGs, which were
introduced to appease the CDE screensaver.)
OpenAFS 1.6.21
All platforms
* Avoid a possible 100ms transmit delay in the RX protocol when a peer's
receive window transitions from closed to open (12627)
* Documentation improvements (12476 12477 12559[RT #133339])
All server platforms
* When bosserver is started with an unknown option, print an error message
and exit with a non-zero value rather than failing silently (12631)
All DB server platforms
* Hold the DB lock while checking for an aborted write transaction (12516)
All file server platforms
* On demand attach fileservers, don't save or restore a client's host
state if CPS ("Current Protection Subdomain") recalculation for it is
in progress, to avoid fileserver thread exhaustion (12568)
* On demand attach fileservers, avoid flooding the log with error messages,
which could happen when the fileserver was restarted while a volume was
offline (12569)
* Update a volume's "Last Update" time when its content is modified by
the salvager, to make the change visible in the output of "vos examine"
and to backup services (12633)
All client platforms
* Corrected the DCentries bucket counts for very large and zero length
files in the output of "fs getcacheparms -excessive" (12604 12605)
* Fixed a bug that prevented users with GID 2748 and 2750 from executing
the "fs sysname" command on clients running afsd with -rmtsys (12607)
* Provide a new -inumcalc switch for afsd to allow enabling the alternative
MD5 method of inode number calculation, which was previously only
possible on Linux and through the sysctl interface (12608 12632)
Linux clients
* Support for mainline kernel 4.12 and distribution kernels with backports
from it (12624 12626)
* Re-added the improved algorithm for freeing unused vcaches to reduce
memory consumption first introduced with the 1.6.18 release, together
with a fix for the issue leading to its removal in 1.6.18.2 (12448..12451)
macOS clients
* Fixed a crash while stopping the client on macOS 10.12 "Sierra" (12602)
OpenAFS 1.6.20.2
All platforms
* Build fixes required by recent compilers or platforms (12514 12521 12534
12536 12538)
* Allow the bos server to start successfully in the presence of those, by
accepting a now checked return value indicating that the client ThisCell
and CellServDB already exist (12522)
Linux clients
* Support for mainline kernels 4.10 and - most likely - 4.11 and
distribution kernels with backports from them (12530 12588..12590 12598)
* Support for distribution kernels with partial backports from 4.9 (12535)
(RT #134158)
* In Red Hat packaging, moved the klog.krb5 manual page into the krb5
subpackage (12511)
* In Red Hat packaging, prevent systemd from double-starting the client
(12587)
* Allow aklog to function on current S390/S390x (12499)
Solaris clients
* Make process authentication groups work on Solaris 11, now using a single
group ID (12524..12527)
* Fix a BAD TRAP panic on Solaris 11 clients built with Studio 12.5 (12567)
macOS clients
* Fixed the preference pane for OS X 10.11 and later (12512)
OpenAFS 1.6.20.1
All platforms
* Build fixes required by recent compilers (12482..12484)
Linux clients
* Support for mainline kernel 4.9 and distribution kernels with
backports from it (12478..12480)
* In Red Hat packaging, make systemd deal correctly with the client
when no userland processes remain after starting it (12481)
(RT #133482)
macOS
* Support for release 10.12 "Sierra" (12431 12432)
* Avoid a crash in the Mounts tab of the OpenAFS preference pane (12447)
OpenAFS 1.6.20 (Security Release)
All platforms
* Fix for OPENAFS-SA-2016-003: file and directory names leak due to
reuse of directory objects without zeroing the contents
(12461 12462 12463 12464 12465)
OpenAFS 1.6.19
All platforms
* Documentation improvements (12304)
* Fixes for test failures (12396 12415)
All DB server platforms
* Avoid potentially writing to an out of date volume location or protection
database, or losing a database write, which could happen in rare cases
under special conditions during database leader election
(12339 12389)
Solaris clients
* Allow the fsinfo::: DTrace provider to work with AFS files (12371)
Linux clients
* Don't commit more data to a file than was actually copied during writes,
which could happen on architectures with a page size > 4 KiB (12413)
* Fixed build on PPC64 with GCC 6.1 (12388) (RT #133407)
* Fixed build on x86_64 with recent GCC (12365 12366)
OpenAFS 1.6.18.3
Linux clients
* Support for mainline kernel 4.7 and distribution kernels with
backports from it (12348)
Solaris clients
* Fixed memory mapped I/O on files >= 4 GiB (12349 12350)
Note that there is a suspicion that this might break the client
on very old Solaris releases (2.6). If it does, the breakage should
occur at build time.
OS X
* Added tooling to build a package for OS X 10.10 "Yosemite" and
10.11 "El Capitan" (12335 12351)
OpenAFS 1.6.18.2
Linux clients
* Support for mainline kernel 4.6 and distribution kernels with
backports from it (12332)
* Switch back to the pre-1.6.18 algorithm for freeing unused vcaches.
While the new algorithm is still believed to be correct, it turned
out that at least on some kernels, including 4.5 and 4.6, the dentry
for the current working directory may be erroneously invalidated.
This could lead to errors like "Unable to read current working directory"
when a directory wasn't accessed for a few minutes. (12323)
* Use a secure URL to retrieve the CellServDB in the script to create
the Red Hat source package (12330)
FreeBSD
* Added sysname IDs for 10.2 and 10.3 to fix the build on those platforms
(12322)
OpenAFS 1.6.18.1
Linux clients
* Support for mainline kernel 4.5 and distribution kernels with
backports from it (12300..12302)
OpenAFS 1.6.18
All platforms
* Documentation improvements (12224 11675 11613 12197)
* Improved diagnostics and error messages (12129 12207 12185 12211 12113
12215 12216)
* Check that CellServDB entries are valid IPv4 addresses, to avoid
occasional hangs or potentially other erratic behaviour due to invalid
entries (12210) (RT #131794)
All client platforms
* Gracefully handle cases where a client shutdown sequence is initiated
while the client is already shutting down, rather than cause a panic
(12179)
* Fixed several bugs that could cause erratic behaviour when the write
offset into a file was more than 2 GiB beyond the file's current end
on the server (12213 12214)
All server platforms
* Avoid a possible volserver crash during volume dump or restore due
to invalid ACL entries (12127)
* Allow recovering from a DAFS fileserver operation which allocates a
new vnode but fails to update the vnode index, rather than crashing the
server (12209)
* Fixed a longstanding bug which could damage the volume location database
when "vos changeaddr" was run with "-oldaddr" and "-newaddr" and the
old address was present in a multi-homed entry (12089)
FreeBSD
* Added support for releases 10.2 and 10.3 (12232)
Linux clients
* Support for mainline kernel 4.4 and distribution kernels with
backports from it, alas at a performance penalty (12226 12227 12228)
(RT #132677 #132819)
* Avoid using excessive amounts of kernel memory for dynamically
allocated vcaches, by improving the algorithm to free unused ones
(12256 12257)
* In Red Hat packaging, make the init script use "ip" if available, with
"ifconfig" as a fallback (12193)
OS X
* Basic support for release 10.11 "El Capitan" (12212)
IRIX clients
* Fixed kernel module builds with optimization (12198) (RT #131261)
OpenAFS 1.6.17 (Security Release)
All server platforms
* Fix for OPENAFS-SA-2016-001: foreign users can create groups as
if they were an administrator (RT #132822) (CVE-2016-2860)
All client platforms
* Fix for OPENAFS-SA-2016-002: information leakage from sending
uninitialized memory over the network. Multiple call sites
were vulnerable, with potential for leaking both kernel and
userland stack data (RT #132847)
* Update to the GCO CellServDB update from 01 January 2016 (12188)
Linux clients
* Fix a crash when the root volume is not found and dynroot is not
in use, a regression introduced in 1.6.14.1 (12166)
* Avoid introducing a dependency on the kernel-devel package corresponding
to the currently running system while building the srpm (12195)
* Create systemd unit files with mode 0644 instead of 0755
(12196) (RT #132662)
OpenAFS 1.6.16
All platforms
* Documentation improvements (11932 12096 12100 12112 12120)
* Improved diagnostics and error messages (11586 11587)
* Distribute the contributor code of conduct with the stable release (12056)
All server platforms
* Create PID files in the right location when bosserver is started with
the "-pidfiles" argument and transarc paths are not being used (12086)
* Several fixes regarding volume dump creation and restore (11433 11553
11825 11826 12082)
* Avoid a reported bosserver crash, and potentially others, by replacing
fixed size buffers with dynamically allocated ones in some user handling
functions (11436) (RT #130719)
* Obey the "-toname" parameter in "vos clone" operations (11434)
* Avoid writing a loopback address into the server CellServDB - search
for a non-loopback one, and fail if none is found (12083 12105)
* Rebuild the vldb free list with "vldb_check -fix" (12084)
* Fixed and improved the "check_sysid" utility (12090)
* Fixed and improved the "prdb_check" utility (12101..04)
All client platforms
* Avoid a potential denial of service issue, by fixing a bug in pioctl
logic that allowed a local user to overrun a kernel buffer with a single
NUL byte (commit 2ef86372) (RT #132256) (CVE-2015-8312)
* Refuse to change multi-homed server entries with "vos changeaddr",
unless "-force" is given, to avoid corruption of those entries (12087)
* Provide a new vos subcommand "remaddrs" for removing server entries, to
replace the slightly confusing "vos changeaddr -remove" (12092 12094)
* Make "fs flushall" actually invalidate all cached data (11894)
* Prevent spurious call aborts due to erroneous idle timeouts (11594)
* Provide a "--disable-gtx" configure switch to avoid building and
installing libgtx and its header files as well as the depending
"scout" and "afsmonitor" applications (12095)
* Fixed building the gtx applications against newer ncurses (12125)
* Allow pioctls to work in environments where the syscall emulation
pseudo file is created in a read-only pseudo filesystem, like in
containers under recent versions of docker (12124)
Linux clients
* In Red Hat packaging, avoid following a symbolic link when writing
the client CellServDB, which could overwrite the server CellServDB,
by removing an existing symlink before writing the file (12081)
* In Red Hat packaging, avoid a conflict of openafs-debuginfo with
krb5-debuginfo by excluding our kpasswd executable from debuginfo
processing (12128) (RT #131771)
OpenAFS 1.6.15 (Security Release)
All client and server platforms
* Fix for OPENAFS-SA-2015-007 "Tattletale"
When constructing an Rx acknowledgment (ACK) packet, Andrew-derived
Rx implementations do not initialize three octets of data that are
padding in the C language structure and were inadvertently included
in the wire protocol (CVE-2015-7762). Additionally, OpenAFS Rx in
versions 1.5.75 through 1.5.78, 1.6.0 through 1.6.14, and 1.7.0
through 1.7.32 include a variable-length padding at the end of the
ACK packet, in an attempt to detect the path MTU, but only four octets
of the additional padding are initialized (CVE-2015-7763).
OpenAFS 1.6.14.1
Linux clients
* Support kernels up to 4.2
Due to changes to internal data structures with this kernel release,
the OpenAFS client can no longer reset the link count during path
lookups. Since volume root directories must behave like symlinks
instead of normal directories in order to satisfy Linux kernel
invariants, looking up paths containing more than 40 mount points
will fail with ELOOP on such kernels.
OpenAFS 1.6.14
All server platforms
* Prior to the OpenAFS security release 1.6.13, the Volume Location
Server (vlserver) RPC VL_ListAttributesN2() supported wildcard volume
name lookups via regular expression (regex) pattern matching. This
support was completely disabled in 1.6.13 because it was judged to be
a security risk due to buffer overruns in the implementation, as well
as the possibility of denial of service attacks where certain regular
expressions could cause excessive CPU usage in some regex
implementations.
Unfortunately, after 1.6.13 was released, it was discovered that
the native OpenAFS 'backup' system uses the VL_ListAttributesN2()
regex support to evaluate configured volume sets. If you use the
OpenAFS 'backup' system (or another backup system which relies on it,
such as Tivoli Storage Manager (TSM, aka Tivoli ADSM)), and are using
volume sets which require regular expressions for the volume name,
then those volume sets cannot be resolved by OpenAFS 1.6.13. The next
paragraph provides details on how to identify any affected volume sets.
OpenAFS backup volume sets may be described by fileserver, partition
name, and volume name. The fileserver and partition specifications
never require regular expression support. The volume name specification
always requires regular expression support except for when specifying
_all_ volumes via two special cases: the universal wildcard ".*", or "".
For example, volume name "proj" or "*.backup" or "homevol.*" all
require regex support - even if the specification contains no wildcard
characters and/or exactly matches an existing volume name.
As a result of this issue, OpenAFS 1.6.14 replaces the 1.6.13 changes
to VL_ListAttributesN2. 1.6.14 prevents the buffer overruns and
reenables the regex support, but restricts it to OpenAFS super-users
and -localauth only. This is sufficient to restore the OpenAFS 'backup'
system's ability to work correctly with any previously supported volume
set. The OpenAFS 'backup' commands are already documented to require
super-user authorization, so this restriction is moot for the backup
system.
There are no other direct consumers of the VL_ListAttributesN2() regex
support in the OpenAFS tree. However, the VL_ListAttributesN2 RPC is
publicly accessible and might be used by third party tools directly or
indirectly via OpenAFS's libadmin. Any such tools that issue
VL_ListAttributesN2 RPCs must now be executed using super-user or
-localauth tokens.
None of the other security fixes in OpenAFS 1.6.13 are known to have
any issues, and are still included unchanged in OpenAFS 1.6.14.
If there are any questions concerning the possible impact of OpenAFS
1.6.13 or 1.6.14 at your site, please contact your OpenAFS support
provider or the openafs-info@openafs.org mailing list for further
assistance.
OpenAFS 1.6.13
All server platforms
* Fix for CVE-2015-3282: vos leaks stack data onto the wire in the
clear when creating vldb entries
* Workaround for CVE-2015-3283: bos commands can be spoofed, including
some which alter server state
* Disabled searching the VLDB by volume name regular expression to avoid
possible buffer overruns in the volume location server
All client platforms
* Fix for CVE-2015-3284: pioctls leak kernel memory
* Fix for CVE-2015-3285: kernel pioctl support for OSD command passing
can trigger a panic
Solaris clients
* Fix for CVE-2015-3286: Solaris grouplist modifications for PAGs can
panic or overwrite memory
OpenAFS 1.6.12
All server platforms
* Avoid database corruption if a database server is shut down and then
brought up again quickly with an altered database (11773 11774)
(RT #131997)
All client platforms
* Fixed a potential buffer overflow in aklog (11808)
* Avoid a bogus warning regarding the checkserver daemon, which could be
logged during startup when the cache initialization was very fast (11680)
* Added documentation of the inaccuracy of the 'partition' field in
'fs listquota' output for partitions larger than 2 TiB (11626)
Linux clients
* Support kernels up to 4.1 (11872 11873)
* Avoid spurious EIO errors when writing large chunks of data to
mmapped files (11877)
OS X
* Build fixes required at least on OS X 10.10 Yosemite with the latest
XCode (11859 11876 11842..11845 11863 11878 11879)
OpenAFS 1.6.11.1
Linux clients
* Support kernels up to 4.0 (11760 11761)
FreeBSD clients
* Fixed kernel module build on systems with an updated clang which no
longer accepts the -mno-align-long-strings as a no-op (11809)
OpenAFS 1.6.11
All platforms
* Allow aklog to succeed creating native K5 tokens even when mapping
the K5 principal to a K4 one fails (11538)
* Build fixes (11435 11636)
All client platforms
* Avoid a potential kernel panic due to connection reference overcounts
(11645) (RT #131885)
* Avoid potential corruption of files written using memory mapped I/O
when the file is larger than the cache (11656) (RT #131976)
Linux clients
* Support kernels at least up to 3.19 (11549 11550 11569 11570 11595
11658..11662 11694 11752)
Note: By default this excludes kernels 3.17 to 3.17.2, which will leak
an inode reference when an error occurs in d_splice_alias(). The
module will build and work, but leak kernel memory, leading to
performance degradation and eventually system failure due to
memory exhaustion. Since it's impossible to detect this condition
automatically, the switch --enable-linux-d_splice_alias-extra-iput
must be passed to configure when building the module for those
kernels. The same would be necessary for any kernel with backports
of commit 908790fa3b779d37365e6b28e3aa0f6e833020c3 or commit
95ad5c291313b66a98a44dc92b57e0b37c1dd589 but not the fix in commit
51486b900ee92856b977eacfc5bfbe6565028070 in the linux-stable repo
(git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git) or
the corresponding changes on other branches.
* Fixed a regression introduced in OpenAFS release 1.6.10 which could
make the spurious "getcwd: cannot access parent directories" problem
return (11558 11568) (RT #131780)
* Avoid leaking memory when scanning a corrupt directory (11707)
OS X clients
* Support OS X 10.10 "Yosemite" (11571 11572 11611) (RT #131946)
Solaris clients
* Avoid reading random data rather than correct cache content when using
ZFS as the cache file system on Solaris >= 11, and fix potential similar
problems on other platforms (11713 11714)
FreeBSD
* Build fix for releases >= 11.0 (11610)
OpenBSD
* Support release 5.4 (11700)
OpenAFS 1.6.10
All platforms
* Don't hide the "version" subcommand in help output (11214)
* Documentation improvements (11126 11216 11222 11223 11225 11226)
* Improved diagnostics and error messages (11154 11246 11247 11249 11181
11182 11183)