User-Visible OpenAFS Changes
-OpenAFS 1.8.0pre2
+OpenAFS 1.9.0
+
+ All platforms
+
+ Introduce the rxgk Rx security class, initially limited to server-to-server
+ traffic and local keys (gerrit topic: rxgk-phase1).
+
+ Add options to the vos and pts commands for server-to-server rxgk support.
+
+ Add support to add and delete rxgk keys with asetkey. Add support to
+ generate random keys with asetkey, which can be useful to create certain
+ types of rxgk keys.
+
+ Raise implementation-defined anti-DoS length limits for prdb-related XDR
+ array types, which were being reached at some sites (13838).
+
+ Bring "-setpag" functionality in klog to parity with aklog (14146).
+
+ Fix potential Rx hang when an incoming call must wait (14158).
+
+ Do not leave empty directories behind in the file server vice partition
+ when running the "vos zap -force" command (12879, 12839).
+
+ Make non-verbose "vos remsite" output output more readable (14127).
+
+ Display the usage of simple commands (commands without subcommands) when run
+ only with the -help option (10983).
+
+ Replace SOURCE-MAP with a README.md (14003).
+
+ Remove unused definition of LINUX_PKGREL from configure.ac (14117).
+
+ Improve logging and diagnostic messages:
+ * Add a warning message to vos when performing an incremental volume
+ restore over an existing volume which is newer than the dump
+ volume (13251)
+ * Log the binding address and port during startup in the cache manager and
+ all of the server processes (13272)
+ * Improve volume server logging to provide better information during
+ volume restore failures (13252)
+ * Improved cache manager syslog tracing (11858)
+ * Improved database server logging to log important messages at the
+ default logging level, log information during database synchronizations,
+ and log diagnostic messages during recovery aborts (12617, 13079, 12618)
+ * Set a thread name for rx listener threads (13600)
+ * Avoid truncating authentication information in vlserver log
+ messages (13466)
+ * Log when ubik recovery aborts a running remote transaction (13862).
+
+ Fix warnings issued by static code analyzers:
+ * Fix possible undefined variable in disconnected mode (13207)
+ * Remove redundant conditionals (13158, 13157)
+ * Exit if out of memory while attempting to format command help
+ messages (13335)
+ * Fix possible undefined variable when reading old vldb formats (13755)
+
+ Assorted memory-handling fixes (13461, 12293, 13355, 13395, 13396, 13161,
+ 13659, 13714, 13715, 13760, 13716, 13761).
+
+ Fix many (but not all) of the new warnings issued by recent versions of
+ gcc and clang (12987..12989, 13010, 13287, 13462..13464, 13467..13468,
+ 13470..13476, 13494, 13660..13664, 13684, 13726, 13754, 14049, 14092,
+ 14106).
+
+ Added unit tests for functions mapping vide partition to id (13176).
+
+ Fix issues resulting in parallel "make install" to fail (13786, 14137).
+
+ Updated libauth test program (13394).
+
+ General code cleanup; remove unused code or obsolete code, old comments,
+ or refactor for clarity
+ (12988, 13204, 13209, 13210, 13213, 13226, 13227, 13260, 13271, 13277,
+ 13309, 13310, 13324, 13325, 13339, 13345, 13346, 13351, 13361, 13362, 13363,
+ 13390, 13397, 13408, 13414, 13458, 13490, 13500, 13509, 13514, 13557, 13640,
+ 13655, 13282, 13683).
+
+ Build system clean up and fixes
+ (12956, 12961, 12962, 12963, 12992, 12993, 12994, 13237, 13275, 13338,
+ 13357, 13360, 13387, 13419, 13594, 13652).
+
+ All server platforms
+
+ Improve database server logging by logging messages when and why a server
+ is marked as down (12616).
+
+ Log a warning message when starting server processes with no encryption
+ keys available (13911).
+
+ Remove redundant lseek system calls and use positional I/O in the database
+ servers to improve performance (12271, 12272).
+
+ Fix an edge case where writes were errneously allowed on readonly
+ fileservers (13934).
+
+ Add an option to allow members of system:administrators to perform
+ write operations on otherwise readonly fileservers (13707).
+
+ Allow "vos rename" to be re-run to finish a previously interrupted
+ volume rename operation (13720).
+
+ Take volumes offline during convertROtoRW operations, since volume access
+ during the conversion can leave it in an inconsistent state (14066).
+
+ Do not overwrite the errno variable when logging certain database sendfile
+ errors (13263).
+
+ Code migration to POSIX Threads (pthreads) from LWP.
+ * Convert upserver and upclient to pthreads (12754)
+ * Convert xstat libraries and related utilities to pthreads (12745, 12746,
+ 12747, 12753, 13454, 13455)
+
+ All client platforms
+
+ Attempt to detect and report some common types of cache corruption
+ (13436, 13747, 13969, 14002).
+
+ Require opt-in to use the historical/deprecated single-DES krb5
+ encryption types, which are being removed from krb5 distributions (13689).
+
+ Fix incorrect informational messages when the AFSCELL environment
+ variable is set (13371).
+
+ Fix reading entries of historic vldb formats (13465).
+
+ Linux
+
+ Be more careful about overriding the current credentials for operations
+ on cache files, preventing spurious permission errors when systems like
+ AppArmor and SELinux are in use (13751, 14098).
+
+ Avoid panics from procfs when the kernel module is loaded but afsd is
+ not running (14093).
+
+ Improve ppc64le support (13980, 14046).
+
+ MacOS
+
+ Simplify background-move return-code processing (13280).
+
+ Support macOS Catalina (13935, 13936, 13668..13671, 13928, 14062).
+
+ Solaris
+
+ Remove references to (unspported) SunOS 4 (13506).
+
+ Build system fixes for parallel make on Solaris.
+
+ Support function attributes when building with recent versions of Solaris
+ compilers.
+
+ Fix many (but not all) of the compiler warnings when building on the Solaris
+ platform.
+
+ Add autoconf support for Studio 12.6 tools (13867).
+
+ FreeBSD
+
+ General improvements to VFS compliance.
+
+ Create destination kernel module directory when installing on
+ FreeBSD (13653, 13690)).
+
+ Add param.h files and sysnames for FreeBSD 11.2 (13534) and 11.3 (13792).
+
+ Fix fcntl-style locks by adapting to quirky historical behavior (12579).
+
+ Support kernels that use VIMAGE support at runtime, not just at
+ build-time (12580).
+
+ Change LWP stack strategy to avoid SIGBUS errors (13691).
+
+ Skip SIGBUS test (for reasons unrelated to the previous) (14145).
+
+
+OpenAFS 1.8.5
+
+All platforms
+
+ * Fix OPENAFS-SA-2019-001: information leakage in failed RPC output
+ Generated RPC handler routines ran output variables through XDR encoding
+ even when the call had failed and would shortly be aborted (and for
+ which uninitialized output variables is common); any complete packets
+ assembled in the process would be sent to the peer, leaking the contents
+ of the uninitialized memory in question.
+
+ * Fix OPENAFS-SA-2019-002: information leakage from uninitialized scalars
+ Generated RPC handler routines did not initialize output variables of
+ scalar (fixed-length) type, since they did not require dedicated logic to
+ free. Such variables allocated on the stack could remain uninitialized
+ in some cases (including those affected by OPENAFS-SA-2019-001), and the
+ contents of uninitialized memory would be returned to the peer.
+
+All server platforms
+
+ * Fix OPENAFS-SA-2019-003: fix crash in database servers
+ The ubik debugging RPCs prioritize being fast and non-disruptive to
+ database operations over strict correctness, and do not adhere to the
+ usual locking protocol for data access. A data race could cause a NULL
+ dereference if the second memory load was not optimized out by the
+ compiler.
+
+OpenAFS 1.8.4
+
+ All platforms
+
+ Build system updates to remove obsolete autoconf macros and remove missing
+ script warning during builds (13480, 13481, 13482, 13483, 13484, 13486,
+ 13789, 13790).
+
+ Build system update to fix a conditional check in the pthread.m4 autoconf
+ file (13595)
+
+ Build system update to create the man3 subdirectory, fixing a
+ reported build failure (13535).
+
+ Remove the last reference to src/mcas in the documentation (13558).
+
+ All server platforms
+
+ Fix fileserver's parsing of the options -vlruthresh, -vlruinterval,
+ -vlrumax and -novbc (13680).
+
+ Fixes to make ptserver's behaviour when run in restricted mode consistent
+ with the documentation: Non-members of the system:administrators group
+ are no longer allowed to issue the adduser, setfields and delete pts
+ commands, and all members of system:administrators are now allowed to
+ issue pts commands in this mode, not just the admin principal (13686..88).
+
+ All client platforms
+
+ Fix missing Rx call clean-up after failing to read dcaches from a file
+ server (13511).
+
+ Fix an Rx call leak for calls aborted by a connection abort after the call
+ was initialized but before use (13517).
+
+ Remove the obsolete afs_xosi lock to remove unnecessary serialization of
+ VOP_GETATTR calls. This can lead to improved performance under heavy
+ workloads (13529).
+
+ Increase the size of the Directory Name Lookup Cache (DNLC) to improve
+ cache performance (13559).
+
+ Fix getting tokens for cells with a three character name (13679).
+
+ Avoid a misleading message about the cell being used when aklog is run
+ with the -cell parameter but the AFSCELL environment variable is set to
+ a different cell (13676).
+
+ Build system update to honor the CFLAGS environment variable when building
+ libuafs (13544).
+
+ Linux
+
+ Support for mainline kernels up to 5.3 (13787, 13789).
+
+ More fixes for improper use of ENOENT fixes to avoid incorrect use of linux
+ negative dentry cache, which can lead to false ENOENT errors (13542, 13543,
+ 13590, 13692) (RT #134904).
+
+ Return errors instead of returning incomplete directory listings when the
+ directory objects are incomplete in the cache (13591).
+
+ Add ppc64le_linux26 sysname for the ppc64le architecture (13636, 13637,
+ 13589).
+
+ Fix configure check for a kernel time function in order to build on
+ Linux 5.0 (13523).
+
+ RPM packaging update for RHEL8 adding a build requirement to ensure the
+ kernel module can be built from the SRPM (13563) (RT #134900).
+
+ On systemd based RHEL/Fedora systems, start the client after dkms startup
+ is finished if the latter is installed and enabled, to avoid attempting
+ starts without the kernel module being available yet (13674) (RT #134974).
+
+ MacOS
+
+ Build system updates for MacOS (13584).
+
+ Solaris
+
+ Add CTF debugging records to userspace objects to improve debugging
+ of servers (13487).
+
+ Convert the cache manager vnodes to be non-embebbed on Solaris 11 in order
+ to make the cache manager more resilient across Solaris 11 changes (13524,
+ 13525, 13526, 13527, 13528).
+
+
+OpenAFS 1.8.3
+
+ All platforms
+
+ * Improved diagnostics and error messages (13186 13411 13417)
+
+ * Avoid sending RX packets with random garbage in the userStatus field
+ (13332)
+
+ * Fixed detection of the RX initialization status (13416)
+
+ * Assorted fixes to avoid segmentation faults and other potential problems
+ by detecting internal errors rather than letting them go unnoticed
+ (13329 13372)
+
+ All server platforms
+
+ * Fixed a build problem accidentally introduced in release 1.8.2 (13328)
+
+ * Assorted efficiency improvements in the ubik implementation (13153 13218
+ 13188 13353)
+
+ * Fixed locking around transaction list processing in volserver to avoid
+ segmentation faults and other potential problems (13336 13337)
+
+ * When the volserver attempts to remove a temporary volume after a
+ transaction, but the volume was already removed, e.g., by the salvager,
+ this is no longer treated as an error (13235)
+
+ All client platforms
+
+ * Update the CellServDB to the latest version from grand.central.org from
+ May 14th 2018 (13409)
+
+ * Avoid a panic during cache initialization when allocating the required
+ memory fails (13307)
+
+ * Add back the packet counters and timestamps to "vos status" output
+ which had been missing since release 1.8.0 (13421)
+
+ * Correctly handle errors encountered while reading data from the server
+ and writing it to the cache, e.g., due to a full cache partition (13443)
+
+ * Avoid a panic due to a recoverable error while flushing cache items
+ (13503)
+
+ Linux clients
+
+ * Support mainline kernels 4.20 and 5.0 and distribution kernels with
+ backports from those (13405 13406 13440 13441 13442)
+
+ * DKMS-related fixes in Red Hat packaging (13438 13479)
+
+ macOS
+
+ * Support building and packaging on macOS 10.14 "Mojave" (13412 13413)
+
+
+OpenAFS 1.8.2
+
+ All platforms
+
+ * Fix OPENAFS-SA-2018-002: information leakage in RPC output variables
+ Various RPC routines did not always initialize all output fields,
+ exposing memory contents to network attackers. The relevant RPCs include
+ an AFSCB_ RPC, so cache managers are affected as well as servers.
+
+ All server platforms
+
+ * Fix OPENAFS-SA-2018-003: denial of service due to excess resource consumption
+ Various RPCs were defined as allowing unbounded arrays as input, allowing
+ an unauthenticated attacker to cause excess memory allocation and tie up
+ network bandwidth by sending (or claiming to send) large input arrays.
+
+ * Fix OPENAFS-SA-2018-001: unauthenticated volume operations via butc
+ On systems using the in-tree backup system, the butc process was running
+ with administrative credentials, but accepted incoming RPCs over
+ unauthenticated connections; these incoming RPCs in turn triggered
+ outgoing RPCs using the administrative credentials. Unauthenticated
+ attackers could construct volue dumps containing arbitrary contents
+ and cause these dumps to be restored and overwrite arbitrary volume
+ contents; afterward, the backup database could be restored to its
+ initial state, hiding evidence of the unauthorized changes.
+
+ Running butc with -localauth now requires authenticated incoming
+ connections, and the backup utility makes authenticated connections to
+ the butc. Audit capabilities have been added to the butc RPC handlers.
+ Command-line arguments are provided to retain the (insecure) historical
+ behavior until all systems have been upgraded.
+
+OpenAFS 1.8.1.1
+
+ Linux Clients
+
+ * Support for mainline kernel 4.18 and distribution kernels with backports
+ from it (13268)
+
+OpenAFS 1.8.1
+
+ All Platforms
+
+ * Improve the usability and consistency of the public API: install missing
+ headers, and add additional symbols to the export list for shared libraries.
+
+ * Improved Rx abort generation: use the proper serial number for an existing
+ connection if possible, and 0 otherwise (to improve debugging).
+
+ * Assorted minor fixes in response to static analysis of the codebase.
+
+ * Fix memory-safety error in XDR decoding of enumerated types.
+
+ All Server Platforms
+
+ * Fix reference counting error that could cause an assertion failure
+ in some workloads.
+
+ * vldb_check -fix will no longer corrupt the vldb when multiple MH blocks are present.
+
+ * Assorted cleanups and efficiency improvements in the ubik implementation.
+
+ * Return a valid InlineBulkStatus response in error cases.
+
+ * The fileserver now rejects invalid partition names when attaching partitions.
+
+ All Client Platforms
+
+ * Fix volume callbacks (e.g., when running 'vos release').
+
+ * Treat failure to obtain a DSlot as a hard error for that cache partition,
+ avoiding a flood of "disk cache read error in CacheItems" log messages,
+ and reducing the chance of subsequent panic.
+
+ * Improve error messages for invalid values with -volume-ttl.
+
+ * Remove useless error message:
+ "find_preferred_connection: no connection and !create".
+
+ * Avoid passing NULL to a kernel memory deallocator, which is not guaranteed
+ to be safe on all systems.
+
+ Linux
+
+ * Add support for 64-bit ARM clients ("arm64").
+
+ * Fix panic when cache bypass is enabled.
+
+ * Improve cache manager behavior when unable to open cache files.
+
+ * Improvements to the RPM packaging.
+
+ * Detect out-of-memory when using kernel pages for writing.
+
+ Solaris
+
+ * Fix various issues in the build process for recent Solaris versions.
+
+ MacOS
+
+ * Fix clients on OS X 10.13.
+
+ FreeBSD / NetBSD / OpenBSD
+
+ * Fix panic triggered during periodic cleanup operations and shutdown.
+
+OpenAFS 1.8.0
All Platforms
- Wake up the application thread after 'twind' is updated to avoid 100ms
transmit delays when the receive window transitions from closed to
open.
+ - Fix for OPENAFS-SA-2017-001: sanity-check peer transport parmeters
+ received in ack trailers
* Libraries (both internal and installed) are built using libtool, including
libuafs. The resulting shared libraries for libafsrpc and libafsauthent
- Support the SOURCE_DATE_EPOCH environment variable to improve build
reproducibility.
- Modernize language specific SWIG typemaps for libuafs Perl bindings.
+ - Refactor acinclude.m4 into a set of smaller m4 files (12876, 12877, 12878)
* Improvements to documentation:
- Document the new KeyFileExt file.
- Add PtLog man page.
- Corrections and clarifications to man pages.
- Add ubik threading analysis doc.
+ - Normalize the location of text documents in the source tree.
* Improvements for troublshooting, debugging, and testing:
- Log more details on volume-server-to-fileserver communication errors
- Add tool to find Unix cache manager lock identification numbers.
- Add an option for pretty build output.
- * RPM packaging updated:
+ * RPM packaging updates:
- Update the spec file to keep up with accumulated changes.
- Move the klog.krb5 man page to the openafs-krb5 sub-package.
+ - Remove stray man pages. (12870, 12871)
- Prevent double-starting client on RHEL7
- Convert rpm spec file from deprecated 'make dest' to 'make install'.
- Fix rpmbuild command line option default handling.
+ - Support older versions of rpmbuild which do not support the
+ rpmbuild %exclude directive. (12873)
+ - Move the legacy kaserver and related programs to separate sub-packages,
+ which are only built when rpmbuild is given the '--with kauth' option
+ (12600, 12872)
+ - Package the libuafs perl bindings (12921)
* Add a new protection error code (PRNAMETOOLONG) instead of silently
truncating names which exceed the maximum name length (PR_MAXNAMELEN).
* Add user and build host in the version string returned by
rxdebug -version.
+ * Support recent versions of gcc (7.2.1) (12897)
+
All Server Platforms
* Ubik servers using pthreads are now available and are used by default
+ * As part of improving Ubik reliability in certain edge cases, an extra
+ election cycle (about 60 seconds) may be needed before writes are
+ permitted. This is a conservative change that may be removed in
+ the future.
+
+ * Avoid continually retransmitting the ubik database to remote sites when
+ a write transaction occurs as remote sites are attempting to rejoin the
+ ubik cluster. (12896)
+
+ * Ensure the ubik database version number is updated on remote sites at the
+ point the database is transferred to remote sites instead of waiting for
+ the next ubik beacon. This avoids write transaction failures during the
+ window between the database transfer and the next ubik beacon (12885).
+
* Remove periodic background fsync by the fileserver (ihandle fsync thread).
* Fix potential file handle leak in the file server ihandle caching layer.
All Client Platforms
+ * Use rxkad_crypt by default for connections to fileservers. This matches
+ the existing behavior of the Windows client and has been applied by
+ the distribution packaging on many platforms already.
+
* Add support for relative ACL changes with fs setacl. If a single plus (+)
or minus (-) character is appended to the rights' letters argument, the
new rights are computed relatively to the existing ones.
* Remove the obsolete Netscape plugin.
+ * Fix building gtx when ncurses is linked against libtinfo.
+
+ * Update to the GCO CellServDB update from 14 March 2017.
+
Linux
* Remove Linux 2.2 and 2.4 support.
* Fix improper use of ENOENT and avoid incorrect use of linux negative
dentry cache.
+ * Use a more correct (less aggressive) scheme to react to downward
+ pressure on cache usage, avoiding d_invalidate(), which can cause
+ getcwd() failures on RHEL 7.4.
+
+ * Apply a workaround to be compatible with RHEL 7.5's KABI preservation
+ strategy for reading directories.
+
* Improve error reporting when encountering corrupt directories.
* Improve rx error handling in the Linux cache manager.
* Do not use the obsolete --enable-largefile-fileservers configure option
when packaging RPMs.
+ * In Red Hat packaging, use a separate rpm for kmod debuginfo,
+ removing a needless tight version dependency on the userspace package.
+ (12822, 12875)
+
* Use the RemainAfterExit systemd feature to avoid premature exit
when -afsdb is not given, for RPM packages.
* Fix --enable-kernel-debug for linux 4.8+.
- * Support linux 4.10, 4.11, 4.12
+ * Fix a hang encountered when accessing a previously removed
+ directory entry (12811).
+
+ * Support linux 4.10, 4.11, 4.12, 4.13, 4.14, 4.15
Solaris
* Avoid BAD TRAP panic due to invalid opcodes on x86 with Studio 12.5.
+ * Add ctf debug records to Solaris kernel modules when debug builds
+ are enabled and the ctf tools are present (ctfconvert/ctfmerge).
+
+ * Save kernel module function arguments on x86 for debugging purposes.
+
MacOS
* Stop processing upcalls once rx shutdown starts.
* Fix builds on MacOS 10.12 by building only the active architecture
by default.
+ * Support versions up through 10.13 (High Sierra) and APFS
+
FreeBSD
* Use the native kernel module build system instead of an ad hoc
* Do not claim AFS_VM_RDWR_ENV
+ * Add sysnames and files for i386 and amd64 10.4, 11.1, and 12.0
+ (12-CURRENT, at present). (12887, 12888)
+
+ * Remove trailing semicolons to fix the build on FreeBSD (12899)
+
NetBSD
* Stay up to date with new NetBSD releases (through 7.x)
(These runtime options override the use of UID-based PAGs, which were
introduced to appease the CDE screensaver.)
+
OpenAFS 1.6.21
All platforms