-Openafs News -- history of user Visible changes. September 17, 2001
-
-* Changes incorporated in OpenAFS 1.2.0
-
-** AFS now supports --prefix and the other directory options of
- configure. By default AFS builds assuming it will be installed in
- /usr/local. In order to get traditional AFS directory paths (/usr/afs
- and /usr/vice/etc) use the --enable-transarc-paths option to
- configure. More details on the new directory layout are found in README.
-
-
-* Changes incorporated in OpenAFS 1.1.1a
-
-** Windows 95/98/ME/NT/2000 - Consistent versioning
- Installation, AFS Control Center, Client dialog boxes and properties
- pages for executables display a consistent OpenAFS version number.
- Installation detects previous installation and prompts the user for upgrade
- options.
-
-** Windows 95/98/ME/NT/2000 - Installation features
- During installation the user can select the source of the CellservDB file,
- AFS home cell, and drive mappings. During installation a drive path
- mapping can include a variable that will be substituted with the current
- UserName that is logged in.
-
-** Windows 2000/NT - Integrated logon
- The Integrated Logon feature works now.
-
-** Windows 95/98/ME - Logon script features
- The Windows 95/98/ME client now offers a command-line option for starting up
- the AFS client without authenication. It is now possilbe to start the AFS
- client first and obtain tokens, and map drives all through Windows scripts.
- This helps using Windows 95/98/ME client in Kerberos 5 environment.
-
-** Windows 2000/NT - LANA numbers
- AFS client now scans the LANA numbers to establish the correct NETBIOS
- connection. NetBEUI is no longer needed. The user no longer needs to find
- the correct LANA number.
-
-** Windows 2000/NT - OpenAFS naming consistancy
- Further progress has been made to remove references to "Transarc AFS"
- and replace with "OpenAFS".
-
-
-
-* Changes since OpenAFS 1.0
-
-** AFS now builds with configure. The README for building has been
- updated and includes full details.
-
-** A client system can now have multiple sysname values for @sys.
- They will be searched in order when looking up files in AFS. The
- -newsysname argument to fs sysname can be repeated to set multiple
- sysnames.
-
-** A new system group is created for new cells (system:ptsviewers
- with id -203). If this group exists, members of this group can
- examine and read the entire protection database. They can examine
- all users and groups and can get the membership of any group.
-
-** A new program, pt_util has been added to the distribution. This
- program allows users to print the contents of the protection
- database or to edit the protection database without running a
- ptserver. It can be used to set up a new cell without ever running
- in noauth mode. Run pt_util -h for help.
-
-** The fs setcrypt and fs getcrypt commands have been added. These
- commands allow the system administrator to require that the client
- encrypt all authenticated traffic between the client workstation
- and AFS. The encryption used is weak, but is likely better than
- sending unencrypted traffic in most environments. Some functions,
- such as looking for a volume may not be encrypted, but data
- transfer certainly is. By default data is not encrypted. At this
- time no significant experimentation with server performance has
- been conducted.
-
-** By default AFS is compiled with AFS_AFSDB_ENV, enabling the -afsdb
- option to be given to afsd on startup. If this option is used, then new
- cells will be looked up using AFSDB records stored in DNS if they
- are not found in CellServDB. This means that users can create
- cross-cell mountpoints in directories they control to access cells
- not in root.afs, and that cells in root.afs need not be in the
- client's CellServDB.
-
-** AFS database servers can be marked as read-only clones. Surround
- the hostname in square brackets on the bos addhost command and the
- database server will never be elected sync site. This is useful
- for cells distributed over a wide region.
-
-** The AFS servers now support the -syslog flag. This flag causes
- them to log to syslog rather than to files. This flag is not
- supported on NT. For all servers besides the salvager, the flag can
- also be specified as -syslog=facility, where facility is an integer
- facility code from syslog.h. A -syslogfacility option is provided for
- the salvager to accomplish the same goal.
-
-** If the --enable-fast-restart flag is given when configuring AFS,
- then the salvager supports the -dontsalvage flag which causes it to
- exit without salvaging any volumes. If this is configured into the
- third command of a fs process, then the fileserver will start without
- salvaging. It will fail to attach volumes that need salvaging and they
- can be salvaged manually. This provides significantly better server
- startup performance at the cost of administrative complexity.
-
-** If the --enable-bitmap-later flag is given when configuring AFS,
- then the fileserver creates bitmaps for free vnodes on demand, allowing
- faster starts.
-
-** If bosserver finds a BosConfig.new file at startup, it reads this
- file and renames it to BosConfig. This allows bosserver to be
- reconfigured at next restart.
-
-** The bosserver can be placed in a restricted mode in
- which AFS superusers are only granted limited access to the server
- host. The following functionality is disabled when restricted mode is in
- use:
-
- bos exec
- bos getlog (except for files with no '/'s in their name)*
- bos create *
- bos delete
- bos install
- bos uninstall
-
- specific exceptions are made for functionality that "bos salvage"
- uses:
-
- a cron bnode who's name is "salvage-tmp", time is now, and command
- begins with "/usr/afs/bin/salvager" may be created. This bnode
- deletes itself when complete, so no special "delete" support is needed.
- This functionality may be removed in the future if a "Salvage" RPC is
+ User-Visible OpenAFS Changes
+
+OpenAFS 1.8.0pre2
+
+ All Platforms
+
+ * Substantial code quality improvements, largely spotted by Coverity and
+ clang's static analysis.
+ - Add new library for platform independent functions (opr).
+ - Remove arbitrary path name length limits.
+ - Convert to Heimdal's roken library for reliability.
+ - Avoid garbage in allocated buffers (calloc).
+ - Modernize signal handling in pthreaded server processes (softsig).
+ - Improve code comments and additional Doxygen style comments.
+ - Reduce compiler warnings, dead code, unused variables, and
+ undefined behavior.
+ - Fix bugs found by static code analyzer (clang-analyzer).
+ - Improved unit test coverage.
+ - Make VLDB flag definitions consistent.
+ - Improve use of run-time assertions and add static assertions.
+ - Add compiler attributes to assist static analyzers.
+ - Clean up include headers in the entire tree.
+ - Improve command-line handling library (libcmd).
+ - Replace hash functions with Jenkin's hash function for faster
+ and more evenly distributed lookups.
+ - Provide a red-black tree data structure to enable algorithmic speedups.
+ - Convert backup and salvage servers to the common logging API (libutil).
+ - Improve volume id data type consistency (VolumeId).
+ - Import APIs for kerberos-style profile configuration support.
+ - Add new APIs to support UserList identities.
+ - Add new APIs to support tabular output from command-line utilities.
+ - Convert vnode macros to inline-functions.
+
+ * Improved support for non-DES encryption types:
+ - Convert to Heimdal's hcrypto library to support RFC 3961.
+ - Add extended key file format replacing rxkad.keytab, and
+ new key management APIs.
+ - Add support for extended key types to asetkey.
+ - Add akeyconvert to assist in upgrading to OpenAFS 1.8.x by converting an
+ existing rxkad.keytab file to an extended key file.
+ - Do not install the kaserver and related utilities by default to
+ discourage the use of these DES-dependent components.
+ - Remove obsolete klogin and klogin.krb programs.
+ - Add new token APIs to support new rx security classes.
+
+ * Migrate from LWP to POSIX threads (pthreads):
+ - Convert the ptserver and vlserver from LWP to pthreads.
+ - Remove LWP version of the file server binary.
+ - Convert afsd, aklog, asetkey, klog.krb5, pts, udebug, and vos, from LWP
+ to pthreads.
+
+ * Improvements to Rx:
+ - Restructure the Rx API to privatize the implementation.
+ - Convert rx events to a red-black tree data structure to improve
+ performance.
+ - Convert from mutexes to atomic operations for counters to reduce lock
+ contention.
+ - Provide per-opcode Rx statistics.
+ - Add an rx_opaque data type to support non-DES encryption types
+ and general code cleanup.
+ - Wake up the application thread after 'twind' is updated to avoid 100ms
+ transmit delays when the receive window transitions from closed to
+ open.
+
+ * Libraries (both internal and installed) are built using libtool, including
+ libuafs. The resulting shared libraries for libafsrpc and libafsauthent
+ should be more usable than previously.
+
+ * Improvements to the build system:
+ - Convert to libtool to build shared libraries.
+ - Clean up and improve the build system.
+ - Support out of tree builds.
+ - Add a makefile target to generate Doxygen source code documentation.
+ - Link the Java API for OpenAFS with libuafs.a and remove the
+ libjuafs.a library.
+ - Always build the rxperf tool.
+ - Fix man-page generation by make after ./regen.sh -q
+ - Support the SOURCE_DATE_EPOCH environment variable to improve build
+ reproducibility.
+ - Modernize language specific SWIG typemaps for libuafs Perl bindings.
+
+ * Improvements to documentation:
+ - Document the new KeyFileExt file.
+ - Reorganized the README files.
+ - Improvements and fixes to documentation generation.
+ - Add experimental epub and mobi support
+ - Remove obsolete LWP information from the file server documentation.
+ - Update and reorganize the Quick Start Guide.
+ - Update the Admin Guide.
+ - Remove AIX, HP-UX, and IRIX information from the Quick Start Guide.
+ - Document the vldb and prdb (ubik) file formats.
+ - Add PtLog man page.
+ - Corrections and clarifications to man pages.
+ - Add ubik threading analysis doc.
+
+ * Improvements for troublshooting, debugging, and testing:
+ - Log more details on volume-server-to-fileserver communication errors
+ when possible.
+ - Set thread names in pthreaded servers on platforms which support
+ thread names.
+ - Add dynroot lock tracking to cmdebug
+ - Fix tracking of an fstrace call site in the cache manager background
+ process.
+ - Add the afsload tool to simulate multiple cache managers for file server
+ load testing.
+ - Add run-time checks for refcount imbalances in the cache manager.
+ - Fix missing newlines in afsd -debug output.
+
+ * Developer tool improvements:
+ - Improvements and fixes for rxgen (used to generate Rx RPC bindings).
+ - Add tool for man page verification of command options.
+ - Add tool to find Unix cache manager lock identification numbers.
+ - Add an option for pretty build output.
+
+ * RPM packaging updated:
+ - Update the spec file to keep up with accumulated changes.
+ - Move the klog.krb5 man page to the openafs-krb5 sub-package.
+ - Prevent double-starting client on RHEL7
+ - Convert rpm spec file from deprecated 'make dest' to 'make install'.
+ - Fix rpmbuild command line option default handling.
+
+ * Add a new protection error code (PRNAMETOOLONG) instead of silently
+ truncating names which exceed the maximum name length (PR_MAXNAMELEN).
+
+ * Add an implementation limit (50000) on the number of names/ids which can
+ be transmitted by unauthenticated clients to the ptserver, avoiding
+ excessive resource consumption from unauthenticated requests.
+
+ * Add the -config option to vos, pts, and aklog to specify the path to the
+ cell configuration files.
+
+ * Add more details in vos release -verbose output.
+
+ * Add the cacheout -encrypt option to encrypt communication between the
+ cacheout client and the fileserver.
+
+ * Add the command line options to the afsio program to enable encryption of
+ traffic between afsio and the fileserver (-clear, -crypt).
+
+ * Add the vos release -force-reclone option to force recloning the volume to
+ be released without forcing a full volume dump being transmitted to all
+ remote sites.
+
+ * Fix vos to avoid writing loopback addresses into the VLDB in
+ certain cases.
+
+ * Print bos and pts error messages to standard error instead of
+ standard out.
+
+ * Improve formatting of the -help output of all commands.
+
+ * Change -n to -dryrun in all backup subcommands.
+
+ * Change the backup deletedump -port command line option to -portoffset.
+
+ * Add user and build host in the version string returned by
+ rxdebug -version.
+
+ All Server Platforms
+
+ * Ubik servers using pthreads are now available and are used by default
+
+ * As part of improving Ubik reliability in certain edge cases, an extra
+ election cycle (about 60 seconds) may be needed before writes are
+ permitted. This is a conservative change that may be removed in
+ the future.
+
+ * Remove periodic background fsync by the fileserver (ihandle fsync thread).
+
+ * Fix potential file handle leak in the file server ihandle caching layer.
+
+ * Disable the so-called "hot threads" feature in the file server. The hot
+ threads feature was intended as an optimization for dispatching incoming
+ calls to the current listener thread, but has been reported to incur a
+ performance penalty on modern multi-core systems.
+
+ * Do not permit creation of users with id of ANONYMOUSID.
+
+ * Do not save/restore host states in the fsstate.dat file for hosts which
+ are in the process of retrieving CPS information from the ptserver when
+ the fileserver is being shutdown. This fixes a bug in which the fileserver
+ will incorrectly block all threads following a restart.
+
+ * Add the ptserver -restrict_anonymous option to inhibit exposure of user
+ names from the ptserver.
+
+ * Do not truncate server log files by default when server processes
+ are started. The -transarc-logs option provides backward compatibility
+ with IBM AFS log handling on server startup. Log messages may be lost
+ in back-to- back restarts when a server is running in this mode.
+
+ * Reopen server logs on SIGUSR1. This may be used by third-party log
+ rotation tools, such as logrotate, to reopen the log file handles after
+ log files have been renamed.
+
+ * Fix various bugs when logging with -mrafslogs enabled.
+
+ * Dynamically reload the kerberos realm to AFS cell mapping (krb.conf) and
+ exclusions for mapping kerberos principals to AFS identities (krb.excl)
+ configuration when the CellServDB cell configuration file is touched.
+ Previously, a restart of the file server was required after updating the
+ kerberos mapping configuration files.
+
+ * Add a command line option (-restricted_query) to the vlserver and
+ volserver to restrict information queries about volumes to a specific
+ group of users.
+
+ * Add a command line option to the server programs to specify an alternate
+ fully qualified log file name (-logfile).
+
+ * Add a command line option (-config) to the server programs to specify
+ an alternate path to the server configuration.
+
+ * Add a command line option to the ptserver and vlserver to specify an
+ alternate path to the database data files.
+
+ * Add a command line option to the volume server to enable encryption of
+ volume-server-to-volume-server-traffic (-s2scrypt).
+
+ * Increase the maximum number of LWP threads allowed for the ptserver and
+ vlserver from 16 to 64 (-lwp).
+
+ * Remove an unused file server command line option (-k).
+
+ * Fix an incorrect assertion in Demand Attach File Server which could cause
+ the file server process to abort in certain rare conditions.
+
+ * Deprecate the -bitmap-later configure option for non-Demand-Attach File
+ Servers (DAFS).
+
+ * Add -vhashsize support to non-Demand-Attach File Servers (DAFS).
+
+ * Add support for subnet ranges in the NetInfo and NetRestrict
+ configuration files.
+
+ * Add the GetXStats RPC to the audit log.
+
+ * Fix directory creation by bosserver when built for non-Transarc paths.
+
+ * Fix incomplete list of server addresses retreived by vos listaddr when the
+ vldb contains unreferenced multi-homed server entries.
+
+ * Remove obsolete bos blockscanner and unblockscanner commands that
+ were only needed for the removed MR-AFS functionality.
+
+ * Remove obsolete bos salvage options that were only used by the
+ removed MR-AFS functionality..
+
+ * Remove calls to the deprecated sbrk() function.
+
+ * Add an experimental feature to database servers to support ubik reads
+ while write transactions are in progress, enabled at build time with the
+ --enable-ubik-read-while-write configure option. This feature is not
+ considered ready for production usage at this time.
+
+ * Avoid filling the FileLog with "Volume x offline: not in service" when
+ a volume is administratively taken offline with vos offline.
+
+ * Print an error message when bosserver is started with an unknown
+ command line option.
+
+ * Modify the volume updateDate when the volume is changed by a salvage.
+
+ * Volume usage statistics are now preserved during reclone and restore
+ operations by default, the behavior previously enabled by
+ the -preserve-vol-stats flag to the volserver. The historical behavior
+ can be retained via the -clear-vol-stats argument.
+
+ All Client Platforms
+
+ * Use rxkad_crypt by default for connections to fileservers. This matches
+ the existing behavior of the Windows client and has been applied by
+ the distribution packaging on many platforms already.
+
+ * Add support for relative ACL changes with fs setacl. If a single plus (+)
+ or minus (-) character is appended to the rights' letters argument, the
+ new rights are computed relatively to the existing ones.
+
+ * Remove afsd -settime and afsd -nosettime support.
+
+ * Add the afsd -inumcalc option to specify the method used to calculate
+ inode numbers presented by AFS.
+
+ * Add the afsd -volume-ttl option to specify set the maximum amount of time
+ information retrieved from the vlserver will be cached, regardless of
+ callback expiry times.
+
+ * Return EIO on internal errors instead of the misleading ENOENT.
+
+ * Log ICMP errors received, if any, for unreachable servers.
+
+ * Improve performance of clients with multiple PAGs for different cells.
+
+ * Fix race condition between changing and using user tokens among cache
+ manager threads.
+
+ * Fix fs sysname for users with UID 2748 and 2750 when not running
+ in -rmtsys mode.
+
+ * Add Perl bindings for the user-space cache manager library (libuafs).
+
+ * Fixes to the bypasscache feature.
+
+ * Fix fs getcacheparms miscounts.
+
+ * Remove the obsolete Netscape plugin.
+
+ Linux
+
+ * Remove Linux 2.2 and 2.4 support.
+
+ * Changes to avoid EIO errors with multiple processes doing intensive mmap
+ writing. (Drop PageReclaim AOP_WRITEPAGE_ACTIVATE.)
+
+ * Prevent fakestat data inconsistencies in certain cases (131855).
+
+ * Fix dentry leak which can cause a crash on shutdown.
+
+ * Fix improper use of ENOENT and avoid incorrect use of linux negative
+ dentry cache.
+
+ * Improve error reporting when encountering corrupt directories.
+
+ * Improve rx error handling in the Linux cache manager.
+
+ * Rename kpasswd to kapasswd when packaging RPMs to avoid colliding with
+ Kerberos kpasswd.
+
+ * Do not use the obsolete --enable-largefile-fileservers configure option
+ when packaging RPMs.
+
+ * Use the RemainAfterExit systemd feature to avoid premature exit
+ when -afsdb is not given, for RPM packages.
+
+ * Remove Debian packaging files from the OpenAFS source tree. Debian
+ packaging files are currently maintained in the downstream Debian
+ infrastructure.
+
+ * Add the sparc_linux26 sysname.
+
+ * Desupport 32-bit Linux kernels on s390/s390x.
+
+ * Fix Debian/Ubuntu build regression on kernel 3.16.39.
+
+ * Fix --enable-kernel-debug for linux 4.8+.
+
+ * Support linux 4.10, 4.11, 4.12
+
+ Solaris
+
+ * Remove support for all Solaris and SunOS platforms prior to Solaris 8.
+
+ * Build 64-bit binaries for Solaris x86 by default.
+
+ * Use one-group PAGs on Solaris 11, which is required for PAG support
+ on Solaris 11 since supplemental groups must be sorted starting with
+ Solaris 11.1.
+
+ * Update search paths for solaris cc for recent versions Solaris Studio.
+
+ * Modernize declaration of module dependences by converting from the
+ deprecated _depends_on symbol to ELF dependencies.
+
+ * Avoid BAD TRAP panic due to invalid opcodes on x86 with Studio 12.5.
+
+ MacOS
+
+ * Stop processing upcalls once rx shutdown starts.
+
+ * Enable atomics for the darwin kernel.
+
+ * Add a syscall to enable/disable bulkstat at run-time, which is
+ disabled by default.
+
+ * Fix path to binaries in the prefpane.
+
+ * Fix builds on MacOS 10.12 by building only the active architecture
+ by default.
+
+ FreeBSD
+
+ * Use the native kernel module build system instead of an ad hoc
+ replacement build system.
+
+ * Remove FreeBSD packaging files from the OpenAFS source tree. FreeBSD
+ packaging files are currently maintained in the downstream FreeBSD Ports
+ Collection.
+
+ * Stay up to date with new FreeBSD releases (through 10.3).
+
+ * Do not claim AFS_VM_RDWR_ENV
+
+ NetBSD
+
+ * Stay up to date with new NetBSD releases (through 7.x)
+
+ * Update to use cprng(9) as the randomness source on NetBSD 6.99/7.x.
+
+ * Build system updates for NetBDS 6.99.x
+
+ * Do not claim AFS_VM_RDWR_ENV
+
+ OpenBSD
+
+ * Stay up to date with new OpenBSD releases (through 4.7)
+
+ * Do not claim AFS_VM_RDWR_ENV
+
+ AIX
+
+ * Updates for AIX support.
+
+ * Fix build system for AIX exports.
+
+ * Add the uidpag and localuid runtime options to the aklog LAM plugin.
+ (These runtime options override the use of UID-based PAGs, which were
+ introduced to appease the CDE screensaver.)
+
+OpenAFS 1.6.21
+
+ All platforms
+
+ * Avoid a possible 100ms transmit delay in the RX protocol when a peer's
+ receive window transitions from closed to open (12627)
+
+ * Documentation improvements (12476 12477 12559[RT #133339])
+
+ All server platforms
+
+ * When bosserver is started with an unknown option, print an error message
+ and exit with a non-zero value rather than failing silently (12631)
+
+ All DB server platforms
+
+ * Hold the DB lock while checking for an aborted write transaction (12516)
+
+ All file server platforms
+
+ * On demand attach fileservers, don't save or restore a client's host
+ state if CPS ("Current Protection Subdomain") recalculation for it is
+ in progress, to avoid fileserver thread exhaustion (12568)
+
+ * On demand attach fileservers, avoid flooding the log with error messages,
+ which could happen when the fileserver was restarted while a volume was
+ offline (12569)
+
+ * Update a volume's "Last Update" time when its content is modified by
+ the salvager, to make the change visible in the output of "vos examine"
+ and to backup services (12633)
+
+ All client platforms
+
+ * Corrected the DCentries bucket counts for very large and zero length
+ files in the output of "fs getcacheparms -excessive" (12604 12605)
+
+ * Fixed a bug that prevented users with GID 2748 and 2750 from executing
+ the "fs sysname" command on clients running afsd with -rmtsys (12607)
+
+ * Provide a new -inumcalc switch for afsd to allow enabling the alternative
+ MD5 method of inode number calculation, which was previously only
+ possible on Linux and through the sysctl interface (12608 12632)
+
+ Linux clients
+
+ * Support for mainline kernel 4.12 and distribution kernels with backports
+ from it (12624 12626)
+
+ * Re-added the improved algorithm for freeing unused vcaches to reduce
+ memory consumption first introduced with the 1.6.18 release, together
+ with a fix for the issue leading to its removal in 1.6.18.2 (12448..12451)
+
+ macOS clients
+
+ * Fixed a crash while stopping the client on macOS 10.12 "Sierra" (12602)
+
+
+OpenAFS 1.6.20.2
+
+ All platforms
+
+ * Build fixes required by recent compilers or platforms (12514 12521 12534
+ 12536 12538)
+
+ * Allow the bos server to start successfully in the presence of those, by
+ accepting a now checked return value indicating that the client ThisCell
+ and CellServDB already exist (12522)
+
+ Linux clients
+
+ * Support for mainline kernels 4.10 and - most likely - 4.11 and
+ distribution kernels with backports from them (12530 12588..12590 12598)
+
+ * Support for distribution kernels with partial backports from 4.9 (12535)
+ (RT #134158)
+
+ * In Red Hat packaging, moved the klog.krb5 manual page into the krb5
+ subpackage (12511)
+
+ * In Red Hat packaging, prevent systemd from double-starting the client
+ (12587)
+
+ * Allow aklog to function on current S390/S390x (12499)
+
+ Solaris clients
+
+ * Make process authentication groups work on Solaris 11, now using a single
+ group ID (12524..12527)
+
+ * Fix a BAD TRAP panic on Solaris 11 clients built with Studio 12.5 (12567)
+
+ macOS clients
+
+ * Fixed the preference pane for OS X 10.11 and later (12512)
+
+OpenAFS 1.6.20.1
+
+ All platforms
+
+ * Build fixes required by recent compilers (12482..12484)
+
+ Linux clients
+
+ * Support for mainline kernel 4.9 and distribution kernels with
+ backports from it (12478..12480)
+
+ * In Red Hat packaging, make systemd deal correctly with the client
+ when no userland processes remain after starting it (12481)
+ (RT #133482)
+
+ macOS
+
+ * Support for release 10.12 "Sierra" (12431 12432)
+
+ * Avoid a crash in the Mounts tab of the OpenAFS preference pane (12447)
+
+OpenAFS 1.6.20 (Security Release)
+
+ All platforms
+
+ * Fix for OPENAFS-SA-2016-003: file and directory names leak due to
+ reuse of directory objects without zeroing the contents
+ (12461 12462 12463 12464 12465)
+
+OpenAFS 1.6.19
+
+ All platforms
+
+ * Documentation improvements (12304)
+ * Fixes for test failures (12396 12415)
+
+ All DB server platforms
+
+ * Avoid potentially writing to an out of date volume location or protection
+ database, or losing a database write, which could happen in rare cases
+ under special conditions during database leader election
+ (12339 12389)
+
+ Solaris clients
+
+ * Allow the fsinfo::: DTrace provider to work with AFS files (12371)
+
+ Linux clients
+
+ * Don't commit more data to a file than was actually copied during writes,
+ which could happen on architectures with a page size > 4 KiB (12413)
+ * Fixed build on PPC64 with GCC 6.1 (12388) (RT #133407)
+ * Fixed build on x86_64 with recent GCC (12365 12366)
+
+
+OpenAFS 1.6.18.3
+
+ Linux clients
+
+ * Support for mainline kernel 4.7 and distribution kernels with
+ backports from it (12348)
+
+ Solaris clients
+
+ * Fixed memory mapped I/O on files >= 4 GiB (12349 12350)
+
+ Note that there is a suspicion that this might break the client
+ on very old Solaris releases (2.6). If it does, the breakage should
+ occur at build time.
+
+ OS X
+
+ * Added tooling to build a package for OS X 10.10 "Yosemite" and
+ 10.11 "El Capitan" (12335 12351)
+
+
+OpenAFS 1.6.18.2
+
+ Linux clients
+
+ * Support for mainline kernel 4.6 and distribution kernels with
+ backports from it (12332)
+
+ * Switch back to the pre-1.6.18 algorithm for freeing unused vcaches.
+ While the new algorithm is still believed to be correct, it turned
+ out that at least on some kernels, including 4.5 and 4.6, the dentry
+ for the current working directory may be erroneously invalidated.
+ This could lead to errors like "Unable to read current working directory"
+ when a directory wasn't accessed for a few minutes. (12323)
+
+ * Use a secure URL to retrieve the CellServDB in the script to create
+ the Red Hat source package (12330)
+
+ FreeBSD
+
+ * Added sysname IDs for 10.2 and 10.3 to fix the build on those platforms
+ (12322)
+
+
+OpenAFS 1.6.18.1
+
+ Linux clients
+
+ * Support for mainline kernel 4.5 and distribution kernels with
+ backports from it (12300..12302)
+
+
+OpenAFS 1.6.18
+
+ All platforms
+
+ * Documentation improvements (12224 11675 11613 12197)
+
+ * Improved diagnostics and error messages (12129 12207 12185 12211 12113
+ 12215 12216)
+
+ * Check that CellServDB entries are valid IPv4 addresses, to avoid
+ occasional hangs or potentially other erratic behaviour due to invalid
+ entries (12210) (RT #131794)
+
+ All client platforms
+
+ * Gracefully handle cases where a client shutdown sequence is initiated
+ while the client is already shutting down, rather than cause a panic
+ (12179)
+
+ * Fixed several bugs that could cause erratic behaviour when the write
+ offset into a file was more than 2 GiB beyond the file's current end
+ on the server (12213 12214)
+
+ All server platforms
+
+ * Avoid a possible volserver crash during volume dump or restore due
+ to invalid ACL entries (12127)
+
+ * Allow recovering from a DAFS fileserver operation which allocates a
+ new vnode but fails to update the vnode index, rather than crashing the
+ server (12209)
+
+ * Fixed a longstanding bug which could damage the volume location database
+ when "vos changeaddr" was run with "-oldaddr" and "-newaddr" and the
+ old address was present in a multi-homed entry (12089)
+
+ FreeBSD
+
+ * Added support for releases 10.2 and 10.3 (12232)
+
+ Linux clients
+
+ * Support for mainline kernel 4.4 and distribution kernels with
+ backports from it, alas at a performance penalty (12226 12227 12228)
+ (RT #132677 #132819)
+
+ * Avoid using excessive amounts of kernel memory for dynamically
+ allocated vcaches, by improving the algorithm to free unused ones
+ (12256 12257)
+
+ * In Red Hat packaging, make the init script use "ip" if available, with
+ "ifconfig" as a fallback (12193)
+
+ OS X
+
+ * Basic support for release 10.11 "El Capitan" (12212)
+
+ IRIX clients
+
+ * Fixed kernel module builds with optimization (12198) (RT #131261)
+
+
+OpenAFS 1.6.17 (Security Release)
+
+ All server platforms
+
+ * Fix for OPENAFS-SA-2016-001: foreign users can create groups as
+ if they were an administrator (RT #132822) (CVE-2016-2860)
+
+ All client platforms
+
+ * Fix for OPENAFS-SA-2016-002: information leakage from sending
+ uninitialized memory over the network. Multiple call sites
+ were vulnerable, with potential for leaking both kernel and
+ userland stack data (RT #132847)
+
+ * Update to the GCO CellServDB update from 01 January 2016 (12188)
+
+ Linux clients
+
+ * Fix a crash when the root volume is not found and dynroot is not
+ in use, a regression introduced in 1.6.14.1 (12166)
+
+ * Avoid introducing a dependency on the kernel-devel package corresponding
+ to the currently running system while building the srpm (12195)
+
+ * Create systemd unit files with mode 0644 instead of 0755
+ (12196) (RT #132662)
+
+OpenAFS 1.6.16
+
+ All platforms
+
+ * Documentation improvements (11932 12096 12100 12112 12120)
+
+ * Improved diagnostics and error messages (11586 11587)
+
+ * Distribute the contributor code of conduct with the stable release (12056)
+
+ All server platforms
+
+ * Create PID files in the right location when bosserver is started with
+ the "-pidfiles" argument and transarc paths are not being used (12086)
+
+ * Several fixes regarding volume dump creation and restore (11433 11553
+ 11825 11826 12082)
+
+ * Avoid a reported bosserver crash, and potentially others, by replacing
+ fixed size buffers with dynamically allocated ones in some user handling
+ functions (11436) (RT #130719)
+
+ * Obey the "-toname" parameter in "vos clone" operations (11434)
+
+ * Avoid writing a loopback address into the server CellServDB - search
+ for a non-loopback one, and fail if none is found (12083 12105)
+
+ * Rebuild the vldb free list with "vldb_check -fix" (12084)
+
+ * Fixed and improved the "check_sysid" utility (12090)
+
+ * Fixed and improved the "prdb_check" utility (12101..04)
+
+ All client platforms
+
+ * Avoid a potential denial of service issue, by fixing a bug in pioctl
+ logic that allowed a local user to overrun a kernel buffer with a single
+ NUL byte (commit 2ef86372) (RT #132256) (CVE-2015-8312)
+
+ * Refuse to change multi-homed server entries with "vos changeaddr",
+ unless "-force" is given, to avoid corruption of those entries (12087)
+
+ * Provide a new vos subcommand "remaddrs" for removing server entries, to
+ replace the slightly confusing "vos changeaddr -remove" (12092 12094)
+
+ * Make "fs flushall" actually invalidate all cached data (11894)
+
+ * Prevent spurious call aborts due to erroneous idle timeouts (11594)
+
+ * Provide a "--disable-gtx" configure switch to avoid building and
+ installing libgtx and its header files as well as the depending
+ "scout" and "afsmonitor" applications (12095)
+
+ * Fixed building the gtx applications against newer ncurses (12125)
+
+ * Allow pioctls to work in environments where the syscall emulation
+ pseudo file is created in a read-only pseudo filesystem, like in
+ containers under recent versions of docker (12124)
+
+ Linux clients
+
+ * In Red Hat packaging, avoid following a symbolic link when writing
+ the client CellServDB, which could overwrite the server CellServDB,
+ by removing an existing symlink before writing the file (12081)
+
+ * In Red Hat packaging, avoid a conflict of openafs-debuginfo with
+ krb5-debuginfo by excluding our kpasswd executable from debuginfo
+ processing (12128) (RT #131771)
+
+OpenAFS 1.6.15 (Security Release)
+
+ All client and server platforms
+
+ * Fix for OPENAFS-SA-2015-007 "Tattletale"
+
+ When constructing an Rx acknowledgment (ACK) packet, Andrew-derived
+ Rx implementations do not initialize three octets of data that are
+ padding in the C language structure and were inadvertently included
+ in the wire protocol (CVE-2015-7762). Additionally, OpenAFS Rx in
+ versions 1.5.75 through 1.5.78, 1.6.0 through 1.6.14, and 1.7.0
+ through 1.7.32 include a variable-length padding at the end of the
+ ACK packet, in an attempt to detect the path MTU, but only four octets
+ of the additional padding are initialized (CVE-2015-7763).
+
+OpenAFS 1.6.14.1
+
+ Linux clients
+
+ * Support kernels up to 4.2
+
+ Due to changes to internal data structures with this kernel release,
+ the OpenAFS client can no longer reset the link count during path
+ lookups. Since volume root directories must behave like symlinks
+ instead of normal directories in order to satisfy Linux kernel
+ invariants, looking up paths containing more than 40 mount points
+ will fail with ELOOP on such kernels.
+
+OpenAFS 1.6.14
+
+ All server platforms
+
+ * Prior to the OpenAFS security release 1.6.13, the Volume Location
+ Server (vlserver) RPC VL_ListAttributesN2() supported wildcard volume
+ name lookups via regular expression (regex) pattern matching. This
+ support was completely disabled in 1.6.13 because it was judged to be
+ a security risk due to buffer overruns in the implementation, as well
+ as the possibility of denial of service attacks where certain regular
+ expressions could cause excessive CPU usage in some regex
+ implementations.
+
+ Unfortunately, after 1.6.13 was released, it was discovered that
+ the native OpenAFS 'backup' system uses the VL_ListAttributesN2()
+ regex support to evaluate configured volume sets. If you use the
+ OpenAFS 'backup' system (or another backup system which relies on it,
+ such as Tivoli Storage Manager (TSM, aka Tivoli ADSM)), and are using
+ volume sets which require regular expressions for the volume name,
+ then those volume sets cannot be resolved by OpenAFS 1.6.13. The next
+ paragraph provides details on how to identify any affected volume sets.
+
+ OpenAFS backup volume sets may be described by fileserver, partition
+ name, and volume name. The fileserver and partition specifications
+ never require regular expression support. The volume name specification
+ always requires regular expression support except for when specifying
+ _all_ volumes via two special cases: the universal wildcard ".*", or "".
+ For example, volume name "proj" or "*.backup" or "homevol.*" all
+ require regex support - even if the specification contains no wildcard
+ characters and/or exactly matches an existing volume name.
+
+ As a result of this issue, OpenAFS 1.6.14 replaces the 1.6.13 changes
+ to VL_ListAttributesN2. 1.6.14 prevents the buffer overruns and
+ reenables the regex support, but restricts it to OpenAFS super-users
+ and -localauth only. This is sufficient to restore the OpenAFS 'backup'
+ system's ability to work correctly with any previously supported volume
+ set. The OpenAFS 'backup' commands are already documented to require
+ super-user authorization, so this restriction is moot for the backup
+ system.
+
+ There are no other direct consumers of the VL_ListAttributesN2() regex
+ support in the OpenAFS tree. However, the VL_ListAttributesN2 RPC is
+ publicly accessible and might be used by third party tools directly or
+ indirectly via OpenAFS's libadmin. Any such tools that issue
+ VL_ListAttributesN2 RPCs must now be executed using super-user or
+ -localauth tokens.
+
+ None of the other security fixes in OpenAFS 1.6.13 are known to have
+ any issues, and are still included unchanged in OpenAFS 1.6.14.
+
+ If there are any questions concerning the possible impact of OpenAFS
+ 1.6.13 or 1.6.14 at your site, please contact your OpenAFS support
+ provider or the openafs-info@openafs.org mailing list for further
+ assistance.
+
+OpenAFS 1.6.13
+
+ All server platforms
+
+ * Fix for CVE-2015-3282: vos leaks stack data onto the wire in the
+ clear when creating vldb entries
+
+ * Workaround for CVE-2015-3283: bos commands can be spoofed, including
+ some which alter server state
+
+ * Disabled searching the VLDB by volume name regular expression to avoid
+ possible buffer overruns in the volume location server
+
+ All client platforms
+
+ * Fix for CVE-2015-3284: pioctls leak kernel memory
+
+ * Fix for CVE-2015-3285: kernel pioctl support for OSD command passing
+ can trigger a panic
+
+ Solaris clients
+
+ * Fix for CVE-2015-3286: Solaris grouplist modifications for PAGs can
+ panic or overwrite memory
+
+OpenAFS 1.6.12
+
+ All server platforms
+
+ * Avoid database corruption if a database server is shut down and then
+ brought up again quickly with an altered database (11773 11774)
+ (RT #131997)
+
+ All client platforms
+
+ * Fixed a potential buffer overflow in aklog (11808)
+
+ * Avoid a bogus warning regarding the checkserver daemon, which could be
+ logged during startup when the cache initialization was very fast (11680)
+
+ * Added documentation of the inaccuracy of the 'partition' field in
+ 'fs listquota' output for partitions larger than 2 TiB (11626)
+
+ Linux clients
+
+ * Support kernels up to 4.1 (11872 11873)
+
+ * Avoid spurious EIO errors when writing large chunks of data to
+ mmapped files (11877)
+
+ OS X
+
+ * Build fixes required at least on OS X 10.10 Yosemite with the latest
+ XCode (11859 11876 11842..11845 11863 11878 11879)
+
+OpenAFS 1.6.11.1
+
+ Linux clients
+
+ * Support kernels up to 4.0 (11760 11761)
+
+ FreeBSD clients
+
+ * Fixed kernel module build on systems with an updated clang which no
+ longer accepts the -mno-align-long-strings as a no-op (11809)
+
+OpenAFS 1.6.11
+
+ All platforms
+
+ * Allow aklog to succeed creating native K5 tokens even when mapping
+ the K5 principal to a K4 one fails (11538)
+
+ * Build fixes (11435 11636)
+
+ All client platforms
+
+ * Avoid a potential kernel panic due to connection reference overcounts
+ (11645) (RT #131885)
+
+ * Avoid potential corruption of files written using memory mapped I/O
+ when the file is larger than the cache (11656) (RT #131976)
+
+ Linux clients
+
+ * Support kernels at least up to 3.19 (11549 11550 11569 11570 11595
+ 11658..11662 11694 11752)
+
+ Note: By default this excludes kernels 3.17 to 3.17.2, which will leak
+ an inode reference when an error occurs in d_splice_alias(). The
+ module will build and work, but leak kernel memory, leading to
+ performance degradation and eventually system failure due to
+ memory exhaustion. Since it's impossible to detect this condition
+ automatically, the switch --enable-linux-d_splice_alias-extra-iput
+ must be passed to configure when building the module for those
+ kernels. The same would be necessary for any kernel with backports
+ of commit 908790fa3b779d37365e6b28e3aa0f6e833020c3 or commit
+ 95ad5c291313b66a98a44dc92b57e0b37c1dd589 but not the fix in commit
+ 51486b900ee92856b977eacfc5bfbe6565028070 in the linux-stable repo
+ (git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git) or
+ the corresponding changes on other branches.
+
+ * Fixed a regression introduced in OpenAFS release 1.6.10 which could
+ make the spurious "getcwd: cannot access parent directories" problem
+ return (11558 11568) (RT #131780)
+
+ * Avoid leaking memory when scanning a corrupt directory (11707)
+
+ OS X clients
+
+ * Support OS X 10.10 "Yosemite" (11571 11572 11611) (RT #131946)
+
+ Solaris clients
+
+ * Avoid reading random data rather than correct cache content when using
+ ZFS as the cache file system on Solaris >= 11, and fix potential similar
+ problems on other platforms (11713 11714)
+
+ FreeBSD
+
+ * Build fix for releases >= 11.0 (11610)
+
+ OpenBSD
+
+ * Support release 5.4 (11700)
+
+
+OpenAFS 1.6.10
+
+ All platforms
+
+ * Don't hide the "version" subcommand in help output (11214)
+
+ * Documentation improvements (11126 11216 11222 11223 11225 11226)
+
+ * Improved diagnostics and error messages (11154 11246 11247 11249 11181
+ 11182 11183)
+
+ * Build system improvements (11158 11221 11224 11225 11227..11241 11282
+ 11342 11350 11353 11242 11367 11392)
+
+ * Avoid potentially erratic behaviour under certain error conditions by
+ either avoiding or at least not ignoring them, in various places (11008
+ 11010..11065 11112 11148 11196 11530)
+
+ FreeBSD
+
+ * Support releases 9.3 and 10.1 (11368 11369 11402 11403 11404)
+
+ * Makes a disk cache more likely to work on FreeBSD, though such
+ configurations remain not very tested (11448)
+
+ All server platforms
+
+ * Added volscan(8) (11252..11280 11387 11388)
+
+ * Fixed a bug causing subgroups not to function correctly if their
+ ptdb entry had more than one continuation entry (11352)
+
+ * Logging improvements (10946 11153)
+
+ * Allow log rotation via copy and truncate (11193)
+
+ * Avoid a server crash during startup only observed on a single platform
+ and when using a 3rd party library under certain circumstances, which is
+ a collateral effect of the security improvements introduced in OpenAFS
+ release 1.6.5 (11075) (RT #131852)
+
+ All client platforms
+
+ * Raised the free space reported for /afs to the maximum possible value of
+ just under 2 TiB - the old value was 9 GiB on most platforms (10984)
+
+ * Reduced the amount of stack space used (11162 11163 11203 11164..11167
+ 11338 11339 11364..11366 11381)
+
+ * Sped up a periodic client task which could be problematically slow
+ on systems with a large number of PAGs and files in use (11307)
+
+ * Fixed failure of the up command with large ACLs (11111)
+
+ * Avoid a potential crash of aklog (11218)
+
+ * Avoid potential crashes of scout and xstat_fs_test (11155)
+
+ Linux clients
+
+ * Support kernels up to 3.16 (11308 11309)
+
+ * Fixed a regression introduced in OpenAFS release 1.6.6 that made
+ checking for existing write locks incorrectly fail on readonly volumes
+ (11361)
+
+ * Fixed a regression introduced in OpenAFS release 1.6.8 that could
+ cause VFS cache inconsistencies when a previously-accessed directory
+ entry was removed and recreated with the same name but pointing to a
+ different file on another client (11358)
+
+ * Use the right path to depmod in Red Hat packaging to avoid dependency
+ calculation incorrectly failing unless a link /sbin -> /usr/sbin is
+ present on the system performing it (11171) (RT #131860)
+
+ * Do not ignore kernel module build errors (11205)
+
+OpenAFS 1.6.9
+
+ All server platforms
+
+ * Fix for OPENAFS-SA-2014-002
+
+OpenAFS 1.6.8
+
+ All platforms
+
+ * Documentation improvements (10751 10875 10931 10897 10883 10954 10955)
+
+ * Improved diagnostics and error messages (10756 10814 10949)
+
+ * Fixed a bug in RX that could make errors during packet reception go
+ unnoticed. (10733)
+
+ * Fixed a bug that made "vos size -dump" display the wrong size for
+ large volumes. (10933) (RT #131819)
+
+ All server platforms
+
+ * Change the default fileserver sync behavior from "delayed" to "onclose".
+ This means that explicit syncing only happens when a volume is detached.
+ (10809)
+
+ * Added the -offline-timeout and -offline-shutdown-timeout options to the
+ fileserver, to implement interrupting clients accessing volumes we are
+ trying to take offline. (6266 10799)
+
+ All client platforms
+
+ * When a client is shut down, it will give up its callbacks. The Windows
+ client has been doing this since 2007. Note that older fileservers
+ (1.3.50 to 1.4.5 and 1.5.0 to 1.5.27) had a bug in the implementation of
+ the relevant RPC that could cause crashes or other undefined behavior
+ when this happens. (6272 8840 10855)
+
+ * Restored the pre-1.6 behavior of "vos e" being an alias for "vos examine".
+ (10886)
+
+ * Avoid flooding logs with warnings about byte-range locks, by throttling
+ them per file. Also, make the messages more useful by including the
+ FID. (10836..10839)
+
+ * Avoid a possible panic during shutdown while tracing. (10932)
+
+ Linux clients
+
+ * Fixed a bug that could cause the "getcwd: cannot access parent
+ directories" problem (10804 10984)
+
+ * Avoid a delay when accessing uncached data in AFS in a confined
+ context under SELinux. (10598)
+
+ * Red Hat packaging improvements (10600 10767 10807)
+
+OpenAFS 1.6.7
+
+ All server platforms
+
+ * Fix for OPENAFS-SA-2014-001
+
+ * Fix for a potential DOS attack against RX servers
+
+OpenAFS 1.6.6
+
+ All platforms
+
+ * As of this release, OpenAFS no longer ships uncompressed source tarballs.
+ Tarballs are still shipped with both compression formats, gzip and bzip2.
+ (10131)
+
+ * Documentation improvements (10136 10314 10601)
+
+ * Improved diagnostics and error messages (9412 10085 10274)
+
+ * Avoid redefining "assert" in our public header files, which could
+ cause failures when building some applications using them. (10096)
+
+ * Fixes for parallel builds (10005 10309 10337)
+
+ * Added a -s switch to afscp (not installed by default) to help simulate
+ a slow client. (9416 9417)
+
+ * Added a -probe switch to vlclient test program (not installed by default)
+ to ping all vlservers in a cell in parallel. (9570)
+
+ All server platforms
+ * The fileserver now ignores any vice partitions with a NeverAttach flag
+ file present in the root directory. (RT #130561) (9470 9471)
+
+ * Restrict forcing CPS ("Current Protection Subdomain") recalculation in
+ the fileserver to administrators. Also fixed a bug that could cause this
+ operation to be incomplete. (9485 9487)
+
+ * Allow non-DAFS fileservers to attach unusable volumes, restoring pre-1.6
+ behaviour. (RT #131505) (9499)
+
+ * Restored the pre-1.6 behaviour when running vos examine for a volume
+ currently in a transaction, showing the volume as busy again rather than
+ offline. (9685 9915 9916)
+
+ * Reduced the minimum time a bos salvage takes from 5 seconds to 1. (9476)
+
+ * Fixed buserver to not segfault when started with the -servers option.
+ (RT #131706) (10166)
+
+ * Salvager fixes, addressing a wide variety of possible problems from
+ unnecessary salvaging to aborts (9282 9283 9457 9458 9459 9461 9462 9480
+ 9481 10165 10167)
+
+ * Fixed a bug that could cause saved state information to be discarded
+ when restarting a large or busy fileserver, which negatively impacted
+ performance. (9683)
+
+ * Fixed a bug that could have caused undefined behaviour in the vlserver
+ in rare cases when a fileserver registered its addresses in the VLDB.
+ (9429)
+
+ * Added the -preserve-vol-stats switch to volserver, allowing it to keep
+ the access statistics across volume restore and reclone operations
+ instead of resetting them. (9477)
+
+ * Inserted an exponential delay between retries when bosserver attempts to
+ restart a server process. (9571 10199)
+
+ * Improved vldb_check (not installed by default) to cope with broken
+ vlentry names and volids, and provide more output to aid debugging.
+ (10268)
+
+ * Releasing a volume after adding a new RO site no longer touches any of
+ the existing RO sites, if the RW data hasn't changed since the last
+ release. (10174)
+
+ * Make the copyDate field for RO clones have the same meaning as for
+ remote RO volumes. Previously, the copyDate field for clones was updated
+ every time we released. (9451)
+
+ * Fixed potentially undefined behaviour in ptserver when too many pts
+ ids are allocated. (10124)
+
+ * Note that the server side NAT pings feature present in the prereleases
+ was removed before the final release, since no positive feedback
+ was provided during prerelease testing. (9420 10135)
+
+ Linux servers
+
+ * Start bosserver with -nofork in the systemd unit file, to allow systemd
+ to track its state (10093)
+
+ All client platforms
+
+ * No longer track file locks on read-only volumes. Write locks can't
+ succeed, read locks always will. Avoids log messages about this kind
+ of lock. (8910)
+
+ * Added the "fs flushall" subcommand, which makes the client discard all
+ cached data. This was previously available on Windows only. (9065 9388
+ 9389 9390)
+
+ * Fixed a bug that could make the client incorrectly believe its cache
+ is up to date. This change could negatively impact AFS <-> DFS
+ translators, should those still be running anywhere. (8898)
+
+ * Several changes to avoid panicing in certain error conditions.
+ (9131 9287 10354 10355 10356 10357) (partially addressing RT #131747)
+
+ * Added the -rxmaxfrags switch to afsd, allowing to limit the number
+ of UDP fragments sent or received per RX packet. (9430)
+
+ * Build fixes for aklog on several platforms (RT #131716) (9917 10107 10275)
+
+ * Require that the AFS mountpoint specified in the cacheinfo file is
+ an absolute path. Relative paths result in a client that basically
+ works but is not fully functional. (10253)
+
+ * Fixed a bug that could cause one of the afsd threads to enter an infinite
+ loop (10431 .. 10436)
+
+ Linux clients
+
+ * Support Linux kernels up to 3.13 (10241)
+
+ * Fixed a bug that made readv/writev calls in AFS space fail with Linux
+ kernels where generic_file_aio_read exists but those operations have
+ not been switched to using aio_read/aio_write. This was a regression
+ introduced with release 1.6.3 and affected at least RHEL 5.9 kernels.
+ (10248)
+
+ * Fixed a similar bug making core dumps fail in AFS space, affecting
+ a much wider range of kernels including the most recent ones.
+ (RT #131729) (10254)
+
+ * Enhanced the keyring code to make PAGs work correctly on kernels with a
+ distribution specific change to the Linux keyring code. This affected at
+ least SLES 11 SP3 kernels. (10252)
+
+ * Fixed a bug that could make failures during PAG instantiation go
+ unnoticed. (10255)
+
+ * Fixed a bug that made compilation fail for Linux kernels without
+ keyring support. This affected at least the SLE 10 SDK and an
+ OEM version of SLES 11 SP1. (10325)
+
+ * Fixed build for kernels with user namespace support enabled. Likely
+ to be required for Ubuntu 14.04 and eventually other distributions.
+ (10456 10457 10458 10518 10472)
+
+ * Support RHEL 6.5 kernels, and possibly others with changes backported
+ from recent mainline kernels that touch getname/putname, by no longer
+ using those functions. Previously, the client could cause a kernel
+ panic when syscall auditing was enabled. (10578)
+
+ * Make tmpfs usable as the cache filesystem again. This had been broken
+ since kernel 3.1 (9950 10193)
+
+ * When starting the client fails, clean up the backing device information
+ created in sysfs, to avoid error messages during a subsequent start
+ and possible system instability later on (10454)
+
+ * Update Red Hat packaging to support Fedora >= 20, RHEL >= 7 and
+ ELrepo kernels (10597 10619 10622 10703 10704)
+
+ OS X Clients
+
+ * Support OS X 10.9 "Mavericks" (10519 10541 10542 10543 10548 10549)
+
+ AIX clients
+
+ * Fixed a bug that caused the 1.6 AIX client to never receive any RX
+ packets in the kernel. (RT #131725)
+
+ FUSE client
+
+ * Support Solaris 11 (9454 9455)
+
+ * Allow other users to access filesystems mounted by root. (9452)
+
+ FreeBSD
+
+ * Build tvolser and dvolser on this platform (10122)
+ * Several fixes to catch up with newer releases (10374 .. 10381)
+
+ NetBSD
+
+ * Build tsalvaged, tvolser and dvolser on this platform (10121)
+ * Fixed build on NetBSD 5 and newer. (10138)
+
+OpenAFS 1.6.5
+
+All platforms
+
+ * Fixes for OpenAFS-SA-2013-0003 and OpenAFS-SA-2013-0004
+
+OpenAFS 1.6.4
+
+All platforms
+
+ * Obey the jumbo/nojumbo settings for ubik servers (the DB servers)
+ too. In previous releases, those servers may have used jumbograms
+ even if they were not configured to do so. This change corrects
+ the actual behaviour, and will improve performance and reliability
+ for sites where jumbograms are problematic. It could cause a decrease
+ in performance for sites where jumbograms work, but those can turn
+ them back on manually.
+
+ * Dozens of fixes for common coding problems like use after free,
+ use of possibly uninitialised memory, reading or writing past the
+ end of arrays and potential NULL pointer derefences. Spotted by
+ code analysis tools or human inspection.
+
+ * Documentation improvements.
+
+ * Fixes and improvements to the diagnostic or log messages printed by
+ vos, the fileserver and others.
+
+ * Build fixes, making parallel builds more reliable with certain
+ configuration options and helping various platforms including
+ recent releases of IRIX, Solaris and several flavours of Linux.
+
+ * Avoid sending a small amount of data over the wire unencrypted
+ under certain conditions, and emit the correct error message in
+ this case.
+
+All server platforms
+
+ * Avoid generating duplicate IDs for readonly and backup volumes,
+ which could happen under certain conditions.
+
+ * Allow the fileserver to return volume data like quota or free space,
+ which is available publicly elsewhere, without the additional access
+ check for read permissions on a volume's root directory the fileserver
+ performed before.
+
+ * The fileserver now emits a log message when it ran out of memory for
+ callbacks.
+
+ * Avoid several potential fileserver problems, including memory
+ corruption and segmentation faults, due to client bookkeeping.
+
+ * Avoid known cases of silent data corruption due to background syncs
+ on the fileserver, especially during Copy on Write.
+
+ * Make the fileserver sync behaviour runtime configurable. Up to 1.4.5,
+ we had synchronous syncs which were safe but really slow. Since 1.4.5,
+ we've had asynchronous syncs which are much faster but believed to
+ be the cause of rare data corruption issues, and while all known cases
+ of these happening are believed to be fixed in the 1.6.3 release, doubts
+ remain. This change allows choosing between those, and in addition allows
+ to turn syncs by the fileserver off altogether, thus relying on the vice
+ partition's backend filesystem and the operating system, or to just
+ execute them when a volume is detached. The default behaviour is
+ unchanged from releases since 1.4.5, but it's highly recommended to
+ consider the additional options this change provides. Future OpenAFS
+ releases will default to "-sync=none".
+
+ * For dbservers, avoid a situation where misinterpreting transient
+ network errors causes long-term issues with achieving ubik quorum.
+
+All UNIX client platforms
+
+ * Improvements to the detection of an aklog-specific krb5 configuration
+ file, for the purposes of turning on "weak crypto" for aklog.
+
+ * Fixed a regression introduced in release 1.6.2 which caused the
+ supposedly persistent disk cache to be discarded upon client start.
+ (RT #131655)
+
+Linux clients
+
+ * Support Linux kernels up to 3.10
+
+ * Fixed two bugs making it impossible to unmount a disk cache filesystem
+ after it has been used by the client. (RT #131613)
+
+ * Fixed a bug that could cause an oops with kernels 3.6 and later
+
+OpenBSD
+
+ * Improved support for OpenBSD 4.9 to 5.3
+
+OpenAFS 1.6.3
+
+ This release number had to be skipped for technical reasons.
+
+OpenAFS 1.6.2.1
+
+ Linux clients
+
+ * Support Linux kernels up to 3.8.
+
+ * Make the init script cope with the output of ifconfig on recent Fedora.
+
+OpenAFS 1.6.2
+
+ All platforms
+
+ * Fix buffer overflows in fileserver and ptserver.
+
+ * Abort an rx connection when given an unknown service (Gerrit 7593).
+
+ * "idle dead" behavior improvements.
+
+ * Documentation updates.
+
+ All server platforms
+
+ * Fix rare file corruption during background sync (Gerrit 8796).
+
+ * Fix corrupting clients' metadata cache during certain errors (Gerrit
+ 6957).
+
+ * Avoid saying a volume doesn't exist when accessed as the volume is
+ going offline (Gerrit 7488).
+
+ * Fix fileservers to properly report >2 TiB partitions.
+
+ * Fix stale volume info from vos examine on non-DAFS filservers.
+
+ * Fix possible volume corruption with vos convertROtoRW.
+
+ * Fix bosserver to preserve all command-line options over restart.
+
+ * Fix bosserver to properly kill hung processes during shutdown.
+
+ All UNIX client platforms
+
+ * Fixes for memcache, especially on Solaris.
+
+ * Increase the size of the DNS resolver answer buffer to allow sites
+ with a long response list to use SRV and AFSDB records.
+
+ * Fix a crash when a server appears to run out of addresses (Gerrit
+ 7487).
+
+ * Fix cache corruption when reading from a file another client is
+ simultaneously writing to (Gerrit 7994).
+
+ * Improve handling of disk cache disk errors.
+
+ Linux
+
+ * fix DKMS configuration for DKMS 2.2.
+
+ * Avoid generating inode number 0 with md5 inodes (Gerrit 7276).
+
+ * Fix a crash when reading /proc/fs/openafs/unixusers (Gerrit 7914).
+
+ * Make PAG-less access use the real UID of the calling process
+ instead of the effective UID, when determining what credentials to
+ use (Gerrit 7931).
+
+ * Fix possible abuse of fs mkmount.
+ Prior to 1.6.2, users could crash a client by nesting volume mounts.
+
+ * Fix fileserver memory corruption on RHEL 6
+ Prior to 1.6.2, fileservers on RHEL 6 may crash under heavy load.
+
+ * Fix client page cache corruption on Linux
+ When multiple clients read and write to a file, the reading client
+ may see first page (4096 bytes) of a file as nulls.
+
+ * Support Linux kernels up to 3.7.
+
+ * Support newer glibc versions.
+
+ * Improve client systemd unit file.
+
+ * Update Red Hat packaging.
+
+ OS X
+
+ * Fix crashes on shutdown.
+
+ * Prevent unloading the module before shutdown completes.
+
+ * Security improvement for the OpenAFS preference pane.
+
+ Solaris
+
+ * Support newer versions of the Sun Studio compiler software.
+
+ * Support compiling on newer versions of Solaris 11 and Solaris 10.
+
+
+OpenAFS 1.6.0 (2011-08-15)
+
+ All platforms
+
+ * Substantial Rx updates to correct erroneous behavior.
+
+ * vos now properly deals with matching sites when servers are
+ multihomed.
+
+ * Don't stop Rx keepalives after an ackall is received, avoiding
+ spurious connection timeouts. (128848)
+
+ * Don't retry Rx calls on channels returning busy errors and improve
+ Rx busy call channel error handling. (128671)
+
+ * Properly enable Rx connection hard timeouts.
+
+ * Rx NAT pings are not enabled until peer has answered.
+
+ * Initialize rx_multi lock before use.
+
+ * Avoid spurious crashes when initializing in "backup" client.
+
+ * Revert UUID support in vos.
+
+ * pt_util fixed to properly create new databases.
+
+ * MTU discovery now properly shut down on call reset.
+
+ * Avoid leaking references to hosts during callback break multi-Rx
+ operations. (129376)
+
+ * xstat tools now cope with differing timeval structures between
+ endpoints.
+
+ * Numerous fixes to command argument parsing.
+
+ * Documentation updates.
+
+ All server platforms
+
+ * A file descriptor leak which could result in corrupted files in the
+ fileserver was fixed. An IMMEDIATE upgrade from previous 1.5 release
+ fileservers is recommended.
+
+ * Fix ptserver supergroups support on 64 bit platforms.
+
+ * Demand attach salvaging doesn't use freed volume pointers.
+
+ * Properly hold host lock during host enumeration in fileserver.
+
+ * Attempt to recovery more quickly from timed out volume release
+ transactions.
+
+ * Auditing now properly byte order swaps IP addresses when printing.
+
+ * vos split now has improved error handling.
+
+ * Many changes to again support Windows fileservers.
+
+ * During volume removal, data removal speed improved.
+
+ * Improve CPU utilization during volume attaching by DAFS.
+
+ * In salvager check-only mode, avoid potentially fixing a vnode.
+
+ * Fix support for large (greater than 2gb) volume special files.
+
+ * Salvager will not crash if multiple or bad volume link tables are
+ encountered.
+
+ * Avoid erroneous full dump by remembering which sites were out of
+ date at the start of the release.
+
+ * A deleted volume can now be recreated properly.
+
+ * Callbacks are again not broken during whole partition salvages.
+
+ * Positional vectored IO fixed for largefile (>2GB) capable systems.
+
+ * Fileserver per-client thread usage again properly enforced.
+
+ * Anonymous dropbox support improved and drawbacks documented.
+
+ * Demand attach: ensure vnodes are not reallocated while in use due to
+ volume bitmap errors.
+
+ * Properly support large volume numbers (larger than 2147483647).
+
+ * Allow salvager to be run manually again when DAFS is being
+ used. (129458)
+
+ * Avoid leaking references to hosts during callback break multi-Rx
+ operations. (129376)
+
+ * Demand attach: unlink fileserver state file on standalone salvage.
+
+ * Salvager tries harder to detect linktable issues.
+
+ * Demand attach: don't attach volumes with special status set.
+
+ * Avoid crashing on host table exhaustion. Instead, defer clients.
+
+ Microsoft Windows
+
+ * afs_config will not longer set the Tray Icon State in the registry
+ if the checkbox is not present in the dialog. (128591)
+
+ * AFS Explorer Shell Extension now works from folder backgrounds.
+ Overlays for mount points and symlinks are present in the dll, but
+ are not registered at present by the installers.
+
+ * Do not use RankServerInterval registry value as the value for
+ PerformanceTuningInterval.
+
+ * When the data version of a mountpoint or symlink changes, the target
+ string in the cm_scache_t object must be cleared.
+
+ * "fs checkservers" now includes vldb servers in the output and only
+ lists multi-homed servers once. A multi-homed server that has at
+ least one up interface is no longer considered to be down.
+
+ * When asynchronously storing dirty data buffers to the file server
+ ensure that (a) the cm_scache_t object and the cm_buf_t object are
+ for the same File ID so that locking and signalling work properly;
+ and (b) if the FID no longer exists on the file server, do not
+ panic, just discard the buffer.
+
+ * When processing VNOVOL, VMOVED and VOFFLINE errors perform server
+ comparisons by UUID or address and not simply by cm_server_t
+ pointer. Otherwise, server failover may not succeed.
+
+ * Do not preserve status information for cm_scache_t objects when the
+ issuing server is multi-homed.
+
+ * Giving up all callbacks when shutting down or suspending the machine
+ is now significantly faster due to the use of an rx_multi
+ implementation. (This functionality is still off by default and
+ must be activated by a registry value.)
+
+ * Race conditions were possible when updating the state of the
+ cm_volume_t flags and when moving the volumes within the least
+ recently used list.
+
+ * Ensure that the lanahelper library does not perform a NCBRESET of
+ each lan adapter when enumerating the current network bindings.
+ Correcting this permits OpenAFS to work on Windows 7 when the
+ network adapter settings change.
+
+ * Fix creation of mount points and symlinks as \\AFS\xxxx
+
+ * Icon tray state now conditionally set. (128591)
+
+ * Properly create new cell mount points in freelance mode.
+
+ * Avoid recursive offline volume checks.
+
+ * Fix caching of non-existent volumes. The test to trigger an
+ immediate CM_ERROR_NOSUCHVOLUME in cm_UpdateVolumeLocation() was
+ backwards.
+
+ * Prevent the background daemon from checking the status of
+ non-existent volumes. cm_CheckOfflineVolumes() should skip volume
+ groups with the CM_VOLUMEFLAG_NOEXIST flag set.
+
+ * The afskfw library should return an error immediately if the
+ krb5_32.dll library cannot be loaded. Affects afslogon.dll and
+ afscreds.exe.
+
+ * No longer depend on leashw32.dll in afskfw library.
+
+ * NPLogonNotify must provide the user password in all calls to
+ KFW_AFS_get_cred(). It cannot count on a credential cache being
+ preserved between calls. Permits tokens to be acquired for all
+ cells listed in the TheseCells registry value for a domain.
+
+ * Improve the trace logging from NPLogonNotify().
+
+ * Avoid a race when writing the cm_scache_t mountPointString
+ when acquiring mount point or symlink target data via
+ cm_GetData(). The race could result in bogus target
+ data being cached.
+
+ * Permit the use of des-cbc-md5 and des-cbc-md4 enctypes
+ as DES keys in asetkey.exe.
+
+ * aklog supports dotted Kerberos v5 principal names.
+
+ * afskfw library always attempts afs/cell@USER-REALM
+
+ * afskfw library must test return code from krb5_cc_start_seq_get() or
+ will trigger a null pointer exception when using Heimdal.
+
+ * Lock protected fields must be 32-bit in order to avoid memory
+ overwrite races.
+
+ * Add support for NTFS symlinks.
+
+ * Handle file search requests for virtual syscall ioctl file.
+
+ * Process SyncOps properly to enforce ordered operations.
+
+ * Avoid recursing during NewServer operations.
+
+ * Correct lock acquisition order during SMB locking.
+
+ * Add shutdown message to event log.
+
+ * Check offline volume status by policy rather than on each daemon
+ thread run.
+
+ * Return error on directory object not found instead of crashing.
+
+ * Improve error message output.
+
+ * afslogin.dll can start afsd_service if it's not starting or started.
+
+ * Optimize away release lock RPCs for deleted files.
+
+ * Background Daemon will not perform operations on deleted files.
+
+ * Resort recently used directories to the top of the LRU if the
+ directory is larger than the stat cache.
+
+ * Resort deleted objects to the bottom of the LRU.
+
+ * Use interlocked operations for state and queue fields to allow safe
+ bit set and clear on multiprocessor systems.
+
+ All UNIX client platforms
+
+ * Servers now marked down when GetCapabilities returns error.
+
+ * In-use vcache count is now properly tracked.
+
+ * Check for /afs existance before starting, unless -nomount is
+ specified.
+
+ * Avoid a potential panic when using /afs/.:mount syntax.
+
+ * Avoid a panic in memcache mode due to missing CellItems file.
+
+ * FUSE client support fixed for non-/afs mounts.
+
+ * Avoid a potential deadlock (which times out) when we need to
+ allocate more callback returns and must flush some already in use.
+
+ * Deal with libcom_err conflicts with other packages using it
+ (e.g. krb5) (128640)
+
+ * Fall back to afs3-vlserver SRV record values when afs3-ptserver SRV
+ record is not available.
+
+ * Avoid holding unneeded locks when probing server capabilties.
+
+ * Do not attempt page flushes for directories.
+
+ * Rx connection reference counting is enabled.
+
+ * An Rx connection reference count leak is fixed in bulkstat.
+
+ * Handle unparsable directory objects.
+
+ * Handle Kerberos cred cache errors in aklog.
+
+ AIX
+
+ * Fix PAG usage to track by PAG identifier, not group list.
+
+ FreeBSD
+
+ * Fix socket termination on shutdown.
+
+ * Support for 7.2, 7.3, 7.4 and 8.2 included.
+
+ * References to vcaches are no longer leaked during root or reclaim.
+
+ * Remove support for "Giant" lock as we no longer need to use it.
+
+ * Don't sleep with AFS GLOCK.
+
+ * Properly enable 64 bit long long support.
+
+ * Restore support for FreeBSD 7 (128612)
+
+ * Fix locking issues at shutdown and avoid panic at shutdown due to
+ vcache flushing.
+
+ * Support for virtual network stacks.
+
+ * New RC script, updated packaging.
+
+ IRIX
+
+ * Properly create new vnodes to avoid crashing in the client.
+
+ Linux
+
+ * Support through kernel 2.6.39. Treat Linux 3.0 as Linux 2.6 for
+ sysname purposes.
+
+ * Use rx_Readv in cache bypass to improve performance.
+
+ * Properly handle 0-length replies during cache bypass operations.
+
+ * Properly handle non-contiguous readpage cache bypass operations.
+
+ * Do proper locking when transitioning to or from cache bypass.
+
+ * Avoid extra runs of vcache freeing routine. (128756)
+
+ * Perform vcache eviction via a fast path before visiting vcaches
+ where sleep is needed.
+
+ * setpag() errors are now properly reported.
+
+ * Avoid attempting to free stat cache entries when we are below
+ user-specified number of entries in use.
+
+ * Properly track user-specified number of stat cache entries to use as
+ a desired usage target.
+
+ * Don't read pages beyond EOF in the cache. (128452)
+
+ * Various corrections and improvements to Red Hat packaging, including
+ modifying the init script to allow deferring for a new binary
+ restart and properly supporting RHEL6.
+
+ * Fix lockup in 2.6.38 due to erroneous kernel feature configure test.
+
+ * Improve RPM building tools.
+
+ * Attempt to properly handle SELinux in packaging.
+
+ * Init script properly returns status as exit code.
+
+ * RPM packaging fixes (executable libraries, no postinstall message)
+
+ * Kill i386 from RPM packaging.
+
+ MacOS
+
+ * MacOS 10.7 support.
+
+ * Properly handle setpag errors. PAGs are not supported.
+
+ * Check for unloaded kernel extensions when decoding AFS panics.
+
+ * Disable "get tokens at login" in prefs pane if AD authentication
+ plugin is configured.
+
+ * aklog AuthorizationPlugin now provided.
+
+ * Preferences Pane behavior fixed for 1.6 series (version detection is
+ used to select default behavior).
+
+ * A potential kernel panic during bulkstat operations is
+ fixed. (128511)
+
+ * 64-bit MacOS kernel performance is greatly improved. (128934)
+
+ * Properly shut down AFS, closing the Rx socket in the upcall handler
+ to avoid attempting to process data after we can no longer do so.
+
+ * Rework logic for bulk status operations to avoid a potential hang.
+
+ * Avoid panic when doing FSEvent synthesis.
+
+ * Fix bug when using non-dynroot.
+
+ * Update Kerberos support in PreferencesPane.
+
+ NetBSD
+
+ * Updates for platform support.
+
+ OpenBSD
+
+ * Bug fixes for issues introduced previously in 1.5 series.
+
+ * Support through OpenBSD 4.8.
+
+ Solaris
+
+ * Switch to ioctl() syscall replacement for Solaris 11 since syscall
+ 65 is not safe.
+
+ * Fix support for Solaris pre-10.
+
+ * Corrected Solaris 11 startup script.
+
+ * vcache mappings freed on shutdown to avoid panic.
+
+ * Properly report errors for AFS system call callers.
+
+ * Don't leave dangling function references if kernel extension fails
+ to load.
+
+ * Try harder to avoid deadlocks on file-larger-than-cache operations.
+
+ * Avoid panic on shutdown when mount failed.
+
+
+OpenAFS 1.6.0pre2
+
+ All systems: Minor bugfixes.
+
+ ADDITIONAL CHANGES IN 1.6.0PRE2
+
+ All platforms:
+
+ - Documentation updates.
+
+ - Don't stop Rx keepalives after an ackall is received, avoiding
+ spurious connection timeouts. (128848)
+
+ - Don't retry Rx calls on channels returning busy errors. (128671)
+
+ - vos will not die with a double free error at command completion.
+
+ - Properly enable Rx connection hard timeouts.
+
+ - Initialize rx_multi lock before use.
+
+ - Avoid spurious crashes when initializing in "backup" client.
+
+ All unix platforms:
+
+ - Check for /afs existance before starting, unless -nomount is specified.
+
+ - Avoid a potential panic when using /afs/.:mount syntax.
+
+ - Avoid a panic in memcache mode due to missing CellItems file.
+
+ All server platforms:
+
+ - Attempt to recovery more quickly from timed out volume release
+ transactions.
+
+ - Auditing now properly byte order swaps IP addresses when printing.
+
+ - vos split now has improved error handling.
+
+ - Many changes to again support Windows fileservers.
+
+ - During volume removal, data removal speed improved.
+
+ - Improve CPU utilization during volume attaching by DAFS.
+
+ - In salvager check-only mode, avoid potentially fixing a vnode.
+
+ - Fix support for large (greater than 2gb) volume special files.
+
+ - Salvager will not crash if multiple or bad volume link tables
+ are encountered.
+
+ - Avoid erroneous full dump by remembering which sites were out of date
+ at the start of the release.
+
+ FreeBSD:
+
+ - Remove support for "Giant" lock as we no longer need to use it.
+
+ - Don't sleep with AFS GLOCK.
+
+ - Properly enable 64 bit long long support.
+
+ - Restore support for FreeBSD 7 (128612)
+
+ - Fix locking issues at shutdown.
+
+ Linux:
+
+ - support through kernel 2.6.38.
+
+ - RedHat packaging now properly supports RHEL6.
+
+ - Use rx_Readv in cache bypass to improve performance.
+
+ - Properly handle 0-length replies during cache bypass operations.
+
+ - Properly handle non-contiguous readpage cache bypass operations.
+
+ - Do proper locking when transitioning to or from cache bypass.
+
+ - Avoid extra runs of vcache freeing routine. (128756)
+
+ MacOS:
+
+ - Check for unloaded kernel extensions when decoding AFS panics.
+
+ - Properly handle setpag errors. PAGs are not supported.
+
+ - Disable "get tokens at login" in prefs pane if AD authentication
+ plugin is configured.
+
+ OpenBSD:
+
+ - support through OpenBSD 4.8.
+
+ Solaris:
+
+ - Fix support for Solaris pre-10.
+
+ Windows:
+
+ - afs_config will not longer set the Tray Icon State
+ in the registry if the checkbox is not present in
+ the dialog. (128591)
+
+ - AFS Explorer Shell Extension now works from folder
+ backgrounds. Overlays for mount points and symlinks
+ are present in the dll, but are not registered at present
+ by the installers.
+
+ - Do not use RankServerInterval registry value as the value for
+ PerformanceTuningInterval.
+
+ - When the data version of a mountpoint or symlink changes,
+ the target string in the cm_scache_t object must be cleared.
+
+ - "fs checkservers" now includes vldb servers in the output
+ and only lists multi-homed servers once. A multi-homed
+ server that has at least one up interface is no longer
+ considered to be down.
+
+ - When asynchronously storing dirty data buffers to the
+ file server ensure that (a) the cm_scache_t object and
+ the cm_buf_t object are for the same File ID so that
+ locking and signalling work properly; and (b) if the
+ FID no longer exists on the file server, do not panic,
+ just discard the buffer.
+
+ - When processing VNOVOL, VMOVED and VOFFLINE errors perform
+ server comparisons by UUID or address and not simply by
+ cm_server_t pointer. Otherwise, server failover may not
+ succeed.
+
+ - Do not preserve status information for cm_scache_t objects
+ when the issuing server is multi-homed.
+
+ - Giving up all callbacks when shutting down or suspending
+ the machine is now significantly faster due to the use
+ of an rx_multi implementation. (This functionality is
+ still off by default and must be activated by a registry
+ value.)
+
+ - Race conditions were possible when updating the state
+ of the cm_volume_t flags and when moving the volumes
+ within the least recently used list.
+
+ - Ensure that the lanahelper library does not perform a
+ NCBRESET of each lan adapter when enumerating the
+ current network bindings. Correcting this permits OpenAFS
+ to work on Windows 7 when the network adapter settings
+ change.
+
+ - Fix creation of mount points and symlinks as \\AFS\xxxx
+
+ PREVIOUS CHANGES:
+
+ All platforms:
+
+ - vos now properly deals with matching sites when servers are multihomed.
+
+ All Unix platforms:
+
+ - Servers now marked down when GetCapabilities returns error.
+
+ - In-use vcache count is now properly tracked.
+
+ All server platforms:
+
+ - Fix ptserver supergroups support on 64 bit platforms.
+
+ - Demand attach salvaging doesn't use freed volume pointers.
+
+ - Properly hold host lock during host enumeration in fileserver.
+
+ FreeBSD:
+
+ - Fix socket termination on shutdown.
+
+ - Support for 7.2, 7.3, 7.4 and 8.2 included.
+
+ - References to vcaches are no longer leaked during root or reclaim.
+
+ Linux:
+
+ - Define llseek handler to avoid ESPIPE error in 2.6.37.
+
+ - Mount interface replaces get_sb (new for 2.6.37, not yet required).
+
+ - RedHat init script allows deferring for a new binary restart.
+
+ - DEFINE_MUTEX replaces DECLARE_MUTEX for 2.6.37.
+
+ MacOS:
+
+ - Correct return value from setpag syscall.
+
+ OpenBSD:
+
+ - Bug fixes for issues introduced previously in 1.5 series.
+
+ Solaris:
+
+ - Switch to ioctl() syscall replacement for Solaris 11 since syscall 65
+ is not safe.
+
+
+OpenAFS 1.5.78 (2010-11-04)
+
+ All platforms
+
+ * Revisions to Rx to fix performance issues.
+
+ * Make fs getfid behave consistently across all platforms. (128372)
+
+ * Properly check IDs handed to pts when creating users or groups so
+ useful error messages can be provided. (128343)
+
+ * Correct byte order handling of port in afsconf_LookupServer for SRV
+ records.
+
+ * Force a full dump when releasing to a site which was previously
+ marked "don't use", in case the previous clone was out of date.
+
+ All server platforms
+
+ * Demand salvage of attached volumes now correctly track attachment
+ state.
+
+ * Avoid a potential crash due to failure to hold a lock when attaching
+ a volume fails.
+
+ Microsoft Windows
+
+ * Track SMB connections by SID rather than username.
+
+ * Error write attempts to known-readonly volumes earlier.
+
+ * Validate directory buffers to avoid potential crashes.
+
+ * Handle VIO errors from bulkstatus.
+
+ * Make PMTU discovery configurable and register error handlers for it.
+
+ All UNIX client platforms
+
+ * Use larger I/O sizes in memcache to improve performance.
+
+ * Avoid potential alignment issues doing I/O for pioctl calls.
+
+ FreeBSD
+
+ * Avoid panicing if the listener process is not findable.
+
+ * Avoid deadlock issues while performing lookups.
+
+ Linux
+
+ * Handle stale file handle errors for some cache partition types.
+
+ * Avoid blocking with xvcache lock when attempting to free in-use
+ vcaches.
+
+ * Build fixes for older kernels.
+
+ * Properly configure LWP to use ucontext() on platforms where it
+ should.
+
+ * Eliminate spurious errors from AFS system call returns. (126230)
+
+ MacOS
+
+ * Attempt to honor configured Kerberos defaults in Preferences Pane.
+
+
+OpenAFS 1.5.77 (2010-09-08)
+
+ All platforms
+
+ * Rx path MTU detection will terminate detection in cases where the
+ minimum required packet size cannot be transferred.
+
+ * vos dryrun mode now shows effects for syncvldb single volume case.
+
+ * vos dryrun mode now shows "status after" for syncvldb and syncserv.
+
+ All server platforms
+
+ * RXAFS_GetStatistics64 now returns statistics properly.
+
+ Microsoft Windows
+
+ * Attempt to properly identify the local system SMB connection for
+ token tracking.
+
+ * Remap timeout and offline errors to proper NT RPC errors.
+
+ * Properly fail over to other replicas on bulkstat IO errors.
+
+ * Properly error delete-mode createfile if a file is set readonly.
+
+ * Validate directory entry buffers to avoid crashing the service.
+
+ * Log file modes properly.
+
+ * Log cell name when logging server information.
+
+ All UNIX client platforms
+
+ * cacheout program for discarding callbacks is now built.
+
+ * bulkstatus kernel locking is corrected to avoid a potential panic.
+
+ Dragonfly BSD
+
+ * userspace support update
+
+ FreeBSD
+
+ * Updated vnode locking for children returned via lookup().
+
+ * Avoid file open undercount with needed calls to
+ FakeOpen/FakeClose().
+
+ * Use vnode_pager_setsize to properly track file size during kernel
+ IO.
+
+ * Update system call installation.
+
+ * Fix shutdown of Rx kernel listener to avoid potential dereference
+ after it's gone.
+
+ * Avoid closing vnodes during vnode recycle.
+
+ * Fix bogus call to FlushVS for vnode reclaims.
+
+ Linux
+
+ * Packaging updated for current configure options and built files.
+
+ * Cache bypass now holds reference on pages during readpage.
+
+ * s390x setgroups32 patching update.
+
+ MacOS
+
+ * DNS resolver is reinitialized on IP address change. (126440)
+
+
+OpenAFS 1.5.76 (2010-08-16)
+
+ All platforms
+
+ * Updates to build-time configuration.
+
+ * Fix XDR support in Rx to match header definition.
+
+ * vos status now shows transaction creation, not action creation.
+
+ * Rx avoids reporting loopback adapters when listing interfaces.
+
+ All server platforms
+
+ * Demand-Attach Fileserver always built and installed (dafileserver,
+ davolserver, dasalvager).
+
+ * Return VNOVOL from fileserver when a volume is deleted.
+
+ * Ignore duplicate tags during volume restore operation.
+
+ * Update inode array after salvage repairs volume.
+
+ * Zero a corrupted header in memory during salvage to avoid further
+ corruption.
+
+ * Fix NAMEI backend to allow low-numbered volumes to work properly.
+
+ * ptserver does not include cell name as part of length check for
+ names.
+
+ * Updated error messages for unblessed volumes.
+
+ * vlserver avoids buffer overflow with regex pattern
+
+ * Attach-time failures now note failures as the rest of the fileserver
+ would.
+
+ * Server argument logging will no longer overflow stack.
+
+ * Provide fast-restart-like unsafe-nosalvage option for DAFS.
+
+ * Deal with host hash collisions in the fileserver.
+
+ Microsoft Windows
+
+ * Avoid crashing when interpreting a drive letter as potentially
+ matching a cell name.
+
+ * Properly handle volume package errors.
+
+ * Allow page recycling from known-readonly content without ensuring
+ they are not dirty.
+
+ * 32 bit tools installer should not override client configuration.
+
+ * Ensure root scache item has a valid callback when use is attempted.
+
+ * Freelance directory changes now properly invalidate and replace the
+ old root object.
+
+ All UNIX client platforms
+
+ * Support disconnected reconnecting with specified UID for PAGless
+ platforms.
+
+ * Proper disconnected vnode reference tracking.
+
+ * Update server site blacklisting to not return success if nothing was
+ blacklisted.
+
+ * Avoid a panic during vcache contention due to CVInit vcache
+ racing. (127645)
+
+ FreeBSD
+
+ * Update for network stack in 8.1/9.0.
+
+ HP-UX
+
+ * Bug fixes.
+
+ Linux
+
+ * 2.6.36 support
+
+ * Disable PMTU error packet handling.
+
+ * flock() fixes.
+
+ * Debian packaging updated.
+
+ * freezer interface updates.
+
+ MacOS
+
+ * Hold references to disconnected mode written vnodes properly.
+
+ Solaris
+
+ * Handle NFS translator module references for amd64.
+
+ * INODE fileserver backend support now exists for amd64.
+
+
+OpenAFS 1.5.75 (2010-07-07)
+
+ All platforms
+
+ * Prevent rx_rpc_stats global lock from being a bottleneck.
+
+ * Path MTU discovery is now provided to allow traffic to pass networks
+ with sub-1500 byte MTUs and poor fragment handling.
+
+ * Further reduce Rx NAT ping transmission when enabled.
+
+ * Update Kerberos 5-based token handling in rxkad from upstream
+ Heimdal. (127554)
+
+ * Update version numbers emitted during build to reflect what is
+ actually being built.
+
+ * Add "-human" switch for human-readable units in fs diskfree and
+ listquota. (124529)
+
+ * vos provides reasons for locked volumes when known.
+
+ * Do not count retransmission and ping acks as non-idle for Rx
+ connections.
+
+ * Rx: provide service-specific data getter and setter routines.
+
+ * Update build-time Kerberos detection.
+
+ * Updated userspace AFS client.
+
+ * Beginning of a modernized test suite.
+
+ * Additional documentation.
+
+ * Updated documentation, notably the Administrators Guide.
+
+ * Substantial code cleanup.
+
+ All server platforms
+
+ * Update handling of vnode allocation failures.
+
+ * DAFS: allow salvaging volumes not known to the fileserver, to allow
+ cleanup of data not attached to a current volume.
+
+ * Properly handle volumes slated for destruction.
+
+ * Handle volumes with many files properly.
+
+ * Force core file generation in bosserver by overriding default
+ resource limits when possible.
+
+ * Update vlclient and vldb_check.
+
+ * Avoid potentially corrupting a volume on creation if files are left
+ from previous failed cleanup.
+
+ * Note volume changed during salvage as needed.
+
+ * DAFS: do not assume invalid addresses are in fileserver address hash
+ table.
+
+ * Avoid tying up fileserver threads with volumes that are being taken
+ offline.
+
+ * Do not set inUse on volumes for non-DAFS other than in fileserver.
+
+ * Break origin's callback on target of rename operation.
+
+ * Avoid unneeded parent directory link updates during some rename
+ operations.
+
+ * Do not open /dev/console for writing in the fileserver.
+
+ * DAFS: avoid spurious restarts when binary restarts are configured.
+
+ * Avoid spurious and unneeded calls to sync(), which can slow down the
+ fileserver.
+
+ Microsoft Windows
+
+ * Revised SMB QuerySecurityInfo to address issues caused by MS10-020
+ (http://support.microsoft.com/kb/980232)
+
+ * Prevent use of the AFSCache file contents if mapped to a new
+ address.
+
+ * Make fs newcell include behavior compatible with the non-Windows
+ version.
+
+ * Provide a registry option (FreelanceImportCellServDB) to pre-create
+ mount points in the AFS root for all cells in CellServDB.
+
+ * Fix a memory leak in the cm_FreeServerList() routine.
+
+ * Reduce privilege when reading registry CellServDB.
+
+ * Add support for RPC Pipe Service NetWkstaGetInfo levels needed for
+ Windows 7.
+
+ * Prevent overflow when computing quota percentage in Explorer Shell.
+ (126846)
+
+ * Generate meaningful errors for ACL operations on freelance AFS root.
+
+ * Fix error handling on InlineBulkStatus RPCs.
+
+ * Show configuration pages for all types of MSI installations.
+
+ * Improve freemount AFS root directory handling and operations.
+
+ * Properly validate GetVolumeStatus pioctl responses.
+
+ * Commit file length changes and dirty buffers when flushing a file.
+
+ All UNIX client platforms
+
+ * Update version of files for disk cache.
+
+ * Do not call afs_FlushVCBs with xvcache lock held, to improve
+ parallelization.
+
+ * Add mariner log messages for creating and removing files.
+
+ * Don't hold xvcache lock while creating symlinks, to improve
+ parallelization.
+
+ * Provide -dynroot-sparse mode to not show all cells in CellServDB in
+ dynroot mode.
+
+ * Avoid a potential crash in aklog in linked cell handling.
+
+ * Log MTU-caused packet retransmission.
+
+ * Prevent crashes caused be fs checkservers while cache is being set
+ up.
+
+ * fs getserverprefs now has a buffer large enough for the default
+ CellServDB.
+
+ * Report server address when logging warnings.
+
+ * Avoid panic in GetCapabilities when cell is not known.
+
+ * Lock process name and id for advisory lock warnings when possible.
+
+ * Handle need for allocating additional Rx packets.
+
+ * Properly handle errors from InlineBulkStatus operations.
+
+ * Fix errors returned from fcntl() on readonly files locked for write.
+
+ * Flush pending changes to the server on LOCK_EX unlock.
+
+ * Reflect length changes as a result of callbacks even when file is
+ open for write.
+
+ * Avoid hanging due to error exit when attempting to store a large
+ file to a non-largefile fileserver.
+
+ * Recover from afs_GetVolSlot errors.
+
+ FreeBSD
+
+ * Bugfixes for kernel VFS and network routines.
+
+ IRIX
+
+ * Provide makesname().
+
+ Linux
+
+ * Avoid syscall probes when keyrings are present, by default. (125215)
+
+ * Remove "Big Kernel Lock" from VFS operations.
+
+ * Use filehandles for all Linux 2.6 versions to avoid need for matched
+ afsd. (127530)
+
+ * Updated RPM packaging.
+
+ * Fix dkms configuration provided with RPMs.
+
+ * Hold reference on pages during background I/O for cache bypass.
+
+ * Fix cache bypass handling of non-largefile fileservers.
+
+ * Protect truncate_inode_pages mappings with mutex or semaphore as
+ needed.
+
+ * Fix pagevec use in cache bypass. (127505)
+
+ * Updates for 2.6.35
+
+ MacOS
+
+ * Improve launchd configuration.
+
+ * Avoid hanging on recursive cache file lock acquisition when user
+ notification is enabled.
+
+ * Fix and re-enable bulkstat mode.
+
+ OpenBSD
+
+ * Build updates.
+
+ Solaris
+
+ * Precluding unmount while AFS is busy.
+
+ * Avoid deadlocking when releasing the VFS object.
+
+ * Stop network interface poller in kernel on AFS shutdown.
+
+ * Avoid issues with lookups on empty directory names. (127356)
+
+
+OpenAFS 1.5.74 (2010-04-22)
+
+ All platforms
+
+ * Add "vos setaddrs" command.
+
+ * Rx library lock contention avoidance between rx_NewCall and
+ rx_EndCall.
+
+ * Rx library races due to inconsistent use of rx_connection
+ conn_data_lock to protect the flags field.
+
+ * Rx library inconsistent use of RX_CALL_TQ_WAIT which could result in
+ deadlocks.
+
+ * Rx library must signal transmit queue waiters when flushing.
+
+ * afsmonitor shows busy counts now.
+
+ * afsmonitor displays xstat callback statistics.
+
+ * Provide expandgroups for pts mem on a supergroups server.
+
+ * Provide supergroup option to liste nested groups during pts mem.
+
+ All server platforms
+
+ * Avoid volume lock contention during DAFS startup.
+
+ Microsoft Windows
+
+ * Avoid a race when updating cell vldb server lists that can result in
+ a crash.
+
+ * Avoid a deadlock when managing CM_SCACHESYNC_STOREDATA state
+ operations for directory objects.
+
+ * Add new Windows Application Event log messages for VBUSY,
+ VRESTARTING, ALL_BUSY, ALL_OFFLINE, and ALL_DOWN.
+
+ * Reduce lock contention by waiting for cm_buf_t I/O operations.
+
+ * Split the cm_buf_t flags field to separate the flags that are
+ protected by the cm_buf_t mutex from those protected by the
+ buf_globalLock.
+
+ * In cm_UpdateVolumeLocation, avoid searching for a ".readonly" volume
+ on a numeric volume name.
+
+ * File buffer allocations whose offsets are beyond server EOF should
+ be locally allocated and zero filled. The file server should not be
+ issued a FetchData rpc which is guaranteed to fail.
+
+ * Enable integrated logon to work with Windows 7/2008 when user logons
+ are performed with a non-Domain Kerberos principal.
+
+ * Add Protection Error messages to aklog output.
+
+ All UNIX client platforms
+
+ * Provide a FUSE-interfacing userspace afs client.
+
+ * Updates to libuafs userspace cache manager.
+
+ * Probe servers using GetCapabilities instead of GetTime, thus
+ requiring fewer RPCs.
+
+ * Fix DNS SRV record handling for cell lookup.
+
+ FreeBSD
+
+ * Fix sleep/wakeup routines.
+
+ * Update for 8.0 release.
+
+ Linux
+
+ * Handle high memory addresses correctly.
+
+ MacOS
+
+ * Make 32 bit AFS syscalls work again.
+
+ * Work around finder "Duplicate" failure (caused by setting modes on
+ symlinks).
+
+ * Disable bulkstat again (will be re-enabled at or before .75).
+
+ * Provide symlink type hints during readdir.
+
+
+OpenAFS 1.5.73 (2010-03-24)
+
+ All systems: Minor bugfixes. New features.
+
+ * New functionality:
+
+ All systems:
+
+ - NAT keepalive support at Rx level.
+
+ * Bugfixes:
+
+ All systems:
+
+ - Corrected server IP address output in vos syncvldb verbose mode.
+
+ - Corrected server IP address output for last "yes" host in udebug.
+
+ - Corrected SRV record support for canonicalizing cell names.
+
+ All UNIX clients:
+
+ - Fixed a potential race in Disconnected AFS "remove" support.
+
+ - Fix a potential blocking condition in fakestat mode.
+
+ - Avoid some errors and stack overflow reports when vos is interrupted.
+ (33360,125535)
+
+ - Clean up several minor memory leaks.
+
+ - If a large file is stored to a non-largefile fileserver, avoid
+ a potential deadlock.
+
+ - Increase maximum number of sysnames to 32.
+
+ - Readd fs mariner "storing" message, missing since AFS 3.3.
+
+ - Attempt timeouts on AFSDB lookups in userspace.
+
+ - Avoid interrupting writes due to an idle deadtime timeout.
+
+ All server platforms:
+
+ - Properly notify only affected hosts for volume callbacks. (126497)
+
+ - Allow volumes with trashed root directory to be recovered. (94658)
+
+ - Hold lock in file and volservers when traversing partition list.
+
+ - Use finer-grained locking in DAFS: volume, instead of partition locks.
+
+ - Schedule all DAFS salvages via FSSYNC.
+
+ - Avoid stale ptserver credential caching issue on keyfile update.
+
+ - Improve callback table overflow handling. (126451)
+
+ - Preclude deadlocks on when attempting to save DAFS state.
+
+ - Avoid races deleting hosts. (126454)
+
+ - Improve salvage speed for DAFS (124488)
+
+ - The bosserver now handles SIGTERM.
+
+ Microsoft Windows
+
+ - Prevent the Explorer Shell extension from crashing if symlink
+ creation failed. (126406)
+
+ - A Rx level NAT ping has been implemented. A registry value enables.
+
+ - Adds krb5 error message translation to aklog, afscreds,
+ afslogon.dll, the network identity manager afs provider and
+ translate_et.
+
+ - Default mode bit settings for file and directory creation are now
+ provided, and can be configured.
+
+ - An SMB request trace facility is provided and can be enabled for
+ debugging.
+
+ AIX:
+
+ - Clean up properly on mount failure.
+
+ - Add entry to /etc/vfs to allow umount to work.
+
+ FreeBSD:
+
+ - Additional work to support FreeBSD 8-current.
+
+ IRIX:
+
+ - Fix build issues with library order.
+
+ Linux:
+
+ - Fix s390 support conflict with executable stack patches.
+
+ - Don't count root's AFS session keyrings against quota.
+
+ - Correct dkms support in RPM config file.
+
+ - Keyring destructor now properly cleans up all tokens.
+
+ - Build again on old 2.6 kernels.
+
+ - Avoid GLOCK leak when updating CellServDB in-core.
+
+ - Fix byte-range lock handling.
+
+ - Attempt to deal with bdi issues. (126514)
+
+ MacOS:
+
+ - Some FSEvents hinting for authentication events now done. (23781)
+
+ - Update uninstaller. (125634)
+
+ - Rewrite afssettings and fstab code to avoid licensing issue with APSL.
+
+ - Growl client for user monitoring of AFS events included.
+
+ - Properly support insert-only dropboxes.
+
+ - Add bulkstat support.
+
+ - Include support for moving in Finder across mount points.
+
+ - Preferences Pane includes support for Kerberos 5 ticket renewal.
+
+ OpenBSD:
+
+ - Some support for OpenBSD 4.7.
+
+
+OpenAFS 1.5.72 (2010-02-15)
+
+ All platforms
+
+ * Provide internationalization support in com_err.
+
+ * Fix array length checking to avoid crashes when checking for a
+ volume type based on name in vos.
+
+ All server platforms
+
+ * Provide backward compatible "-f" flag to salvager for force mode.
+
+ Microsoft Windows
+
+ * Restore use of DNS AFSDB and SRV records by kaserver clients.
+
+ All UNIX client platforms
+
+ * Fix client cache file truncation to not lose chunks when truncating
+ a large file.
+
+ * Ensure a cache writeback hook is installed in the client (bug from
+ 1.5.71).
+
+ * Avoid spurious free memory warnings during clean shutdown.
+
+ * Fakestat mode avoids AFSDB lookups.
+
+ * "fs storebehind" now correctly reports errors on readonly volumes.
+
+ * Additional documentation for "fs getcacheparms"
+
+ * Forced new uuid generation with "fs uuid -generate" now works
+ enforced permission correctly.
+
+ MacOS
+
+ * Add optimized Rx event handler in kernel.
+
+ * Installer now allows installing an older version.
+
+ * Panic decoder can now deal with MacOS 10.5 again.
+
+ * MacOS ._ files are now correctly not looked up as cellnames.
+
+ Linux
+
+ * To deal with SELinux file labeling, try cache accesses with current
+ credentials in event of failure.
+
+ * Rx XDR encoding bug on i386 Linux is fixed (bug introduced in
+ 1.5.71).
+
+ IRIX
+
+ * Code compilation fixes.
+
+ OpenBSD
+
+ * Update for OpenBSD 4.6.
+
+
+OpenAFS 1.5.69 (2010-01-19)
+
+ All platforms
+
+ * Configuration of BOSserver no longer defaults to weekly restarts
+ enabled.
+
+ * Provide BOS restricted mode by default.
+
+ * Add support for "vos endtrans" command.
+
+ * Default to providing full output from vos listvol.
+
+ * Correct additional-address tracking in the fileserver.
+
+ * Improve Rx performance by not unnecessarily dropping and reacquiring
+ call locks in read and write processes.
+
+ * Avoid crashes when monitoring volserver transactions across
+ potential transaction garbage collection.
+
+ * Numerous warning fixes.
+
+ All server platforms
+
+ * Avoid saving fileserver state in demand attach fileserver when
+ panicing.
+
+ * Demand attach fileserver allows other callers to schedule salvages.
+
+ * Demand attach "bos salvage" now works correctly with restricted
+ mode.
+
+ Microsoft Windows:
+
+ * Numerous changes to the client-internal btree directory handling to
+ prevent errors.
+
+ * fs examine reports owner and group ids as signed values (PTS groups
+ are negative).
+
+ * Preclude corruption due to races writing to smb buffers.
+
+ * Allow MTU settings in registry to be used.
+
+ * Apply MTU to both send and receive sizes.
+
+ All UNIX client platforms
+
+ * Avoid double-freeing Rx call structure if reading a response from
+ the file server results in a short read.
+
+ * Handle negative lengths in FetchStatus results correctly.
+
+ * Properly clean up allocated memory at shutdown.
+
+ * Default to AFSDB compiled into the cache manager.
+
+ * Avoid inadvertant disclosure of stat() information to clients not so
+ entitled.
+
+ * Correct a bug with AFSDB lookups introduced with SRV record support.
+
+ MacOS
+
+ * Install kernel panic processing tool in /Library/OpenAFS/Tools.
+
+ * Include debugging symbols for kernel extension in additional package.
+
+ * Support "Application Firewall" users.
+
+ * Avoid ._cellname AFSDB lookups.
+
+ * Compile preferences pane as a universal binary.
+
+ Linux
+
+ * Use splice to speed up storing files.
+
+ * When using memcache, avoid duplicating work in readpages.
+
+ * Use dget_parent to safely find an inode's parent.
+
+ * Disable access time updates in our superblock.
+
+ * Avoid crashing doing writeback if no credentials were stashed at
+ file open.
+
+ * Simplify keyring support.
+
+ * Properly clean up vcache in event of failed mount.
+
+ FreeBSD
+
+ * Update for current FreeBSD 8.
+
+ Solaris
+
+ * Abstractly manipulate groups as now required.
+
+ * Abstractly access time instead of using lbolt directly.
+
+
+OpenAFS 1.5.68 (2009-12-08)
+
+ All platforms
+
+ * aklog now attempts to convert non-AFS errors to human-readable
+ strings.
+
+ * Make stack not executable when compiling assembler source with GCC.
+
+ * Numerous source warning cleanups and code reorganization.
+
+ All server platforms
+
+ * Compute midnight for volume statistics calculation from local time.
+
+ * Salvager now orphans duplicate special inodes when running to allow
+ recovery in event of a problem, instead of simply ignoring the
+ issue.
+
+ * Support to ensure a server panic attempt leaves a core and thus
+ restarts in a timely manner, rather than potentially hanging. Use
+ panic to attempt cleanup before leaving a core when possible.
+
+ * Volume sync data reported during bulkstatus is now set correctly.
+
+ * Provide better tuning for fileserver file descriptor caching.
+
+ * Allow more than 128 threads in fileserver by modifying host
+ structure in-use tracking.
+
+ * Avoid crashes getting volume server status during transaction
+ cleanup.
+
+ * Improved logging of offline volume conditions.
+
+ * Correct volume statistics when cloning a volume.
+
+ * Avoid referencing host structures in the fileserver which are marked
+ for deletion.
+
+ * Demand attach fileserver corrections to avoid coring during an
+ aborted startup.
+
+ * host array bounds checking corrections to avoid buffer overflow.
+
+ * Handle special inodes correctly when promoting an inode fileserver
+ readonly volume to read-write.
+
+ Microsoft Windows
+
+ * Set the DOS Readonly attribute on a file/directory whenever the unix
+ mode combined with the mask 0200 is true. Previously there was a
+ discrepency between the mask used for testing for readonly behavior
+ and that used for setting the attribute.
+
+ * Disable AFSVolSync based .readonly "whole-volume callback" support
+ because the all file servers prior to 1.5.67 (and perhaps 1.4.12) do
+ not properly assign a value to the AFSVolSync structure in bulk
+ status RPC responses.
+
+ * Improve the error output from aklog to output the value from krb5
+ error_message() if the afs_com_err output indicates an unknown
+ value.
+
+ * Convert VBUSY and VRESTARTING to CM_ERROR_ALLBUSY and do not permit
+ them to be exposed to the smb redirector.
+
+ * Convert STATUS_TIMEOUT responses to STATUS_IO_TIMEOUT to avoid
+ confusion within the smb redirector.
+
+ * Fix the byte order assigned to port numbers associated with AFSDB
+ record lookups. They must be network byte order not host byte
+ order.
+
+ * Add dynamic server ranking based on RPC round trip time
+ measurements.
+
+ All UNIX client platforms
+
+ * Additional shutdown-time memory leaks removed.
+
+ * Improved logging of resource contention.
+
+ * Provide dumping for Rx debug packet tracking support in source.
+
+ * Update afscp test client to build, and provide an unlock client.
+
+ * Client buffers for directory parsing can now be allocated beyond the
+ fixed set formerly provided.
+
+ * Work around race condition when manipulating read-only volume
+ callbacks.
+
+ * Bugfixes to get PAG value pioctl.
+
+ * Bugfixes to SRV record support.
+
+ Linux
+
+ * Path MTU tracking code cleanup.
+
+ * Avoid an oops due to racing with vcache recycling thread.
+
+ * Changes to keyring PAG handling: for sufficiently new kernels, use
+ only keyring-based PAGs, and disable group PAGs entirely.
+
+ * Updates to the kernel page cache interface: writing pages will now
+ not spuriously leak page locks, and will avoid requiring duplicate
+ work.
+
+ * Credential references are now tracked using native atomic counters.
+
+ * Kernel mutex/semaphore lock ordering fix to avoid deadlocks.
+
+ * Manipulate disk cache with credentials used to initialize it, to
+ avoid security issues.
+
+ MacOS
+
+ * Fix fstrace message catalog location.
+
+ * Fix kernel fstrace logging.
+
+
+OpenAFS 1.5.66 (2009-10-25)
+
+ All platforms
+
+ * Avoid calling exit() in library code.
+
+ * Add rx window size and peer timeout tuning APIs.
+
+ * Correct rx peer timeout handling to disallow 0ms timeouts.
+
+ * Correct calculation of rx RTT by disregarding retransmitted packets.
+
+ * vos manpages updated to reflect changes in recent versions.
+
+ * GNU-style long options (e.g. --cell) are now supported in all
+ commands.
+
+ * fs listacl can now print a command to recreate the current ACL.
+
+ All server platforms
+
+ * Fix a race on transaction objects in the volserver which can cause a
+ crash.
+
+ * Avoid destroying and setting to NULL the callback connection when it
+ could still be being used.
+
+ * Correct unlink handling in salvager.
+
+ * Improve error messages due to I/O errors in the volserver.
+
+ * Correct an issue which caused converted RO to RW volumes on namei
+ fileservers to not come online immediately.
+
+ Microsoft Windows
+
+ * Official support for Windows 7 and Server 2008 R2.
+
+ * Prevent a file server bug (FetchData returning an invalid length
+ instead of zero) from causing an "unexpected network error" when
+ writing to files.
+
+ * Promote DNS SRV records as superior to DNS AFSDB records. Support
+ arbitrary port numbers for vldb servers.
+
+ * Add AFSVolSync based .readonly "whole-volume callback" support.
+ With this functionality, multiple objects from a .readonly volume
+ can have their status validated by issuing a single
+ RXAFS_FetchStatus RPC.
+
+ * Remove drive mapping functionality and service start/stop from
+ afscreds.exe.
+
+ * Remove drive mapping functionality from afs_config.exe.
+
+ * Use {HKLM,HKCU}\SOFTWARE\OpenAFS\Client DWORD "ShowMountTab" to
+ restore access to drive mapping functionality in afscreds.exe and
+ afs_config.exe.
+
+ * Adjust SMB error return codes to avoid returning STATUS_TIMEOUT
+ which results in the SMB redirector disconnecting.
+
+ * Network Identity Manager OpenAFS Provider now provides its own "AFS
+ lock" notification icon to report the status of "have tokens, have
+ no tokens, service not started, service started but inaccessible".
+ Hovering over the icon lists the cells for which tokens exist (if
+ any) and the OpenAFS version number. Double-clicking executes the
+ Network Identity Manager default action.
+
+ * Prevent pioctl calls from retrying indefinitely when a sharing
+ violation error occurs.
+
+ All UNIX client platforms
+
+ * Correct a condition which could discard the error from initializing
+ a fetch request.
+
+ * Avoid using invalid references to afs_Conn connection structures,
+ and thus potentially producing invalid data when a retry is needed.
+
+ * SRV records are now supported for discovering AFS servers.
+
+ Linux
+
+ * Correct writepage behavior.
+
+ * Fix error code handling in the writepage code.
+
+ * Avoid leaking page locks, which could potentially hang a machine.
+
+ MacOS X
+
+ * Preferences Pane improvements.
+
+ HP-UX
+
+ * Avoiding attempting to handle critical signals in servers, so that
+ core file handling works correctly.
+
+
+OpenAFS 1.5.65 (2009-10-06)
+
+ All platforms
+
+ * Code compilation warning fixes, to enable better finding and
+ tracking bugs.
+
+ * Provide configure-time switch to enable code warning compilation.
+
+ All server platforms
+
+ * Demand-attach fileserver now makes volume LRU list operations
+ exclusive operations to avoid races during adding to the list.
+
+ * Fileservers now avoid potential "negative length" fetches.
+
+ * A leak in host tracking objects in the fileserver has been fixed.
+
+ * Salvager now unlinks all files by full path, to deal with the change
+ to not chdir for core file tracking.
+
+ * Salvager avoids asserting if the volume header is unreadable.
+
+ * Demand-attach fileserver puts back volume references from fssync
+ handlers when done.
+
+ Microsoft Windows
+
+ * Improved service response to suspend and shutdown event
+ notifications.
+
+ * Avoid a bug in the file server that can result in an invalid length
+ being returned as part of a fetch data response if the client
+ attempts to read beyond the length of the file.
+
+ * Do not publish a default stream object for directories and mount
+ point objects. This was impacting the ability of some Windows XP
+ systems to save roaming profiles.
+
+ All UNIX client platforms
+
+ * A bug which could cause erroneous handling of lengths on data reads
+ has been fixed.
+
+ * A bug where erroneous length returns from the fileserver could
+ result in a false error has been fixed.
+
+ Linux
+
+ * Background page copies are now supported for enhanced disk cache
+ read performance.
+
+ * Blocking readahead is supported in readpages() to reduce overhead.
+
+ * Use readpage() instead of read() to access cache data to avail disk
+ cache users of the kernel backing cache for improved performance.
+
+ * Minimize credential handling for improved performance.
+
+ MacOS X
+
+ * Preferences Pane cleanup.
+
+ Solaris
+
+ * Provide a fs_pathconf method with sensible defaults.
+
+ * Provide a _PC_FILESIZEBITS method to fix some NFS translator
+ consumers.
+
+
+OpenAFS 1.5.64 (2009-09-22)
+
+ All server platforms
+
+ * The demand attach fileserver now puts back volume references gotten
+ via the fssync interface.
+
+ * The demand attach fileserver had a structure reference error, which
+ has been correected.
+
+ Microsoft Windows
+
+ * Restores Windows 2000 compatibility.
+
+ * Fixes a data consistency error between the output of NetWkstaGetInfo
+ and NetServerGetInfo RPCs, specify the Lan workstation group name
+ "AFS", and report server name as "AFS" instead of "\\AFS" when the
+ caller asks for "\\AFS".
+
+ * Enables executables to be run from \\AFS on Windows 7. Returns
+ "Name not found" instead of "File not found" when a directory or
+ file name cannot be found. This avoids loader errors when system
+ dlls cannot be located in the executable directory.
+
+ * Prevents cache manager from marking the file server "down" when the
+ data returned in response to either RXAFS_FetchData64 or
+ RXAFS_StoreData64 is invalid.
+
+ * Adds pioctl data validation to the AFS Explorer Shell extension.
+
+ All UNIX client platforms
+
+ * A bug which could cause a kernel panic in 1.5.63 has been corrected.
+ This would manifest as a GetDCache panic or oops.
+
+ Linux
+
+ * aklog -setpag works again with recent kernels when keyring is in
+ use.
+
+ MacOS
+
+ * When Fast User Switch is in use, AFS login is now handled correctly
+ by the integration tool included with the preferences pane.
+
+ * Several packaging bugs have been corrected.
+
+
+OpenAFS 1.5.63 (2009-09-11)
+
+ All platforms
+
+ * The restorevol command is now documented and installed as a user
+ command.
+
+ * The uss command now properly translates vldb entries to its expected
+ format when handling them in all cases.
+
+ * Documentation now refers to Kerberos instead of kaserver.
+
+ All server platforms
+
+ * bosserver now handles BosConfig.new when restarting, allowing
+ configuration to be replaced at restart time rather than with bos
+ delete and bos create. Documentation is updated to reflect this.
+
+ * The demand attach fileservice not longer potentially hangs trying to
+ terminate demand-salvages which have already exited.
+
+ * The demand attach fileservice has been modified to avoid spurious
+ 'SYNC_putRes: write failed' warnings when some protocol messages
+ cannot be acknowledged due to the sender terminating the connection.
+
+ * In the event of failure to contact the vlserver or ptserver, the
+ fileserver will not exit and trigger a forced salvage. It will
+ continue to try in the background to contact the needed services.
+
+ * The salvager can now repair certain cases of a damamged vnode index.
+
+ * The accessDate metadata for a volume is now updated correctly.
+
+ Microsoft Windows
+
+ * CRITICAL: Some applications for example those based on Cygwin were
+ unable to access data stored in the AFS name space. Explorer Shell
+ also experienced inconsistent behavior. This is fixed.
+
+ * CRITICAL: Multiple AFS pioctl requests issued nearly simultaneously
+ by applications could result in pioctl responses being received by
+ the wrong requester. This in turn could result in application
+ crashes. symlink.exe, fs.exe, afslogon.dll, afscreds.exe, and the
+ netidmgr afscred.dll plugin were all affected.
+
+ * Some XP machines running 1.5.62 had trouble saving roaming profile
+ data. This is fixed.
+
+ * Integrated Logon (afslogon.dll) did not function with domain
+ specific configurations.
+
+ * Ensure that access denied and over quota errors experienced while
+ storing data to the file server do not result in on-going retry
+ attempts.
+
+ All UNIX client platforms
+
+ * Except on Solaris and AIX, the compiler may now be overriden at
+ configure time by setting the CC environment variable.
+
+ * afsd now properly deals with large cache partitions.
+
+ FreeBSD
+
+ * Build shared libafsauthent and libafsrpc.
+
+ Linux
+
+ * Kernel module DKMS support now installs an unstripped module to
+ allow debugging information to be collected.
+
+ MacOS
+
+ * Preferences pane properly updates token information.
+
+ MacOS 10.6
+
+ * klog will now properly handle passwords of 8 or fewer characters
+ with an AFS string to key on hosts able to run 64 bit binaries.
+
+ * A panic at AFS shutdown due to "NO PCB" on a udp_lock has been
+ addressed.
+
+ * The panic decoder script included in the source now properly handles
+ 32 and 64 bit panics.
+
+ NetBSD
+
+ * Avoid defining AFS_KERBEROS_ENV globally as it creates a circular
+ dependency.
+
+ * Build shared libafsauthent and libafsrpc.
+
+ OpenBSD
+
+ * Build shared libafsauthent and libafsrpc.
+
+
+OpenAFS 1.5.62 (2009-08-28)
+
+ All platforms
+
+ * Numerous invisible changes to improve code maintainability,
+ portability and enhanceability.
+
+ Microsoft Windows
+
+ * CRITICAL: Fixes two errors that can result in data loss when storing
+ data to the file server.
+ 1. Failure to Store Portions of Unaligned Writes
+ 2. Failure to Store Data to File Servers Lacking Large File Support
+ Read the announcement for more details:
+ http://www.openafs.org/pipermail/openafs-announce/2009/000305.html
+
+ * CRITICAL: The cache manager daemon thread could terminate when the
+ machine enters suspend mode. This daemon thread performs the
+ background check of down servers, offline volumes, callback
+ expirations, etc.
+
+ * CRITICAL: Integrated Logon (afslogon.dll) was terminating
+ unexpectedly. Error checking has been improved and NULL pointer
+ dereferences after Lsa API calls fail have been eliminated.
+
+ * For the first time, the OpenAFS SMB Server supports the DCE RPC
+ services SRVSVC and WKSSVC. Browsing \\AFS with the Explorer Shell
+ or NET VIEW will now be faster and provide additional functionality.
+ No longer will cell names longer than 12 characters be truncated.
+
+ * Improvements to DFS Referral request processing have been
+ implemented.
+
+ * Unnecessary DNS lookups of share names are avoided improving
+ performance.
+
+ All UNIX client platforms
+
+ * Non-Kerberos PAM modules work correctly again.
+
+ MacOS X
+
+ * MacOS 10.6 (Snowleopard) is now supported, both 32 and 64 bit mode.
+
+ * Updates to the AFSCommander preferences pane.
+
+ * Installer now permits cell names with dashes.
+
+
+OpenAFS 1.5.61 (2009-08-06)
+
+ All platforms
+
+ * Correct another race condition in the Rx library that could result
+ in an unexpected panic while freeing the Rx call iovq.
+
+ * rx packet resend and data packets sent counts were incorrect.
+
+ * fs setquota, fs setcachesize, vos setfields, and vos create now
+ accept human readable orders of magnitude. (K, M, G)
+
+ * fs listquota fixed to permit large quota sizes to be displayed.
+
+ * Correct documentation of bosserver permissions requirements.
+
+ * Modify vlserver to avoid potentially corrupting the database through
+ volume id reuse.
+
+ * Generalized support for fast Rx timeout due to network
+ down/unreachable.
+
+ All server platforms
+
+ * Allow audit logs to be sent via sys5 IPC message queues instead of
+ logged directly.
+
+ Microsoft Windows
+
+ * If a file server becomes inaccessible while the cache manager has
+ dirty buffers to write, the afsd_service buf_IncrSync thread can
+ attempt to use 100% of the cpu.
+
+ * Fix "fs newcell" which was broken in 1.5.60.
+
+ * Do not attempt to synchronize dirty buffers if the associated volume
+ is known to be unavailable.
+
+ * Modify behavior of a Freelance mountpoint target that does not
+ specify a cell. Instead of assuming the target volume is in the
+ Freelance.Local cell, use the workstation "Cell" specified in the
+ registry. A mountpoint target of "#root.cell." will now mean the
+ root.cell volume in the workstation cell for the current session.
+ If the workstation cell changes from "athena.mit.edu" to
+ "andrew.cmu.edu", the referenced volume will also change without
+ requiring that the mount point targets be altered.
+
+ * Add cm_FindServerByUuid(). Re-implement RXAFS_InitCallBackState3()
+ to permit the server Uuid to be used to lookup the server object and
+ from that determine the cell. This permits callbacks that are
+ received from alternate addresses to be processed with a known
+ server object. Previously a request from an unknown server would
+ clear all callbacks from all cells.
+
+ * Fix a bug that prevented optimal performance when using a non-zero
+ value for 'daemonCheckVolCBInterval'. As a reminder, when
+ "daemonCheckVolCBInterval" is set to a non-zero value, all .readonly
+ volume callbacks are automatically renewed 90 minutes before their
+ expiration.
+
+ * Fix automatic ranking of vldb servers whose values are obtained from
+ the CellServDB file.
+
+ * Add failover for RX CALL TIMEOUT errors when the volume is readonly
+ or the call is to a vldb server.
+
+ * Add registry based cell search functionality to NetIdMgr,
+ afs_config.exe, and klog.exe.
+
+ * afsconf_GetCellInfo() has been modified to perform gethostbyname()
+ lookups on the host names in the CellServDB instead of using the
+ specified IP addresses. This provides aklog, pts, vos, etc. the
+ same CellServDB behavior that the Windows Cache Manager uses.
+
+ * When updating the stat cache entry callback of a .readonly object
+ from the volume group object, update the file server reference to
+ ensure it matches the most update to date callback.
+
+ * Add proper support for processing callbacks from multi-homed file
+ servers. Instead of comparing servers by cm_server_t pointer,
+ compare them by UUID when the UUID is known.
+
+ * During a shutdown short circuit the offline volume check daemon
+ functionality.
+
+ * Return the error code of RXAFS_FetchData / RXAFS_StoreData in
+ preference to an error code reported by rx_EndCall.
+
+ * Add "PerFileAccessCheck" registry value to permit testing against
+ experimental file servers that include per-file acl support. This
+ value is intentionally undocumented. It is not to be used by
+ production environment deployments.
+
+ * Fix a bug introduced in 1.5.60 that prevents the afs netidmgr
+ provider from obtaining tokens when referrals are in play.
+
+ * Add "fs chown" and "fs chgrp" commands to permit the owner and group
+ of objects stored in AFS to be set from Windows.
+
+ * Avoid performing background daemon operations when the machine is
+ going into suspend mode.
+
+ * Perform offline volume checks in most recently used order.
+
+ * Prevent crash when a data version for a cache object goes backwards.
+
+ * Multi-thread safe library versions are now being generated and used.
+ mtafsubik.lib, mtafsutil.lib, mtafsvldb.lib, mtafsvol.lib.
+
+ * Microsoft SMB Redirector (mrxsmb.sys) support for
+ ExtendedSessTimeout values are now available on XP through Windows
+ 7. Add functionality to autodetect if such support is present on
+ the machine. If so, configure it if necessary and dynamically
+ adjust the AFS Rx timeout values accordingly.
+
+ All UNIX client platforms
+
+ * Fix out-of-tree source builds.
+
+ MacOS
+
+ * GUI installer now asks for local cell information.
+
+ * AFS Commander preferences pane is now installed by default.
+
+ Solaris
+
+ * Avoid kernel panics due to null pointer dereferences in the network
+ interface poller kernel thread.
+
+
+OpenAFS 1.5.60 (2009-05-31)
+
+ All platforms
+
+ * Retry volserver transaction creation on failure.
+
+ * Allow building HTML and PDF documentation from included XML copies
+ of User Guide, Admin Guide and Quick Start Guide for Unix.
+
+ * Documentation updates and additional documentation.
+
+ * Add -encrypt support to pts client.
+
+ * Convert MR-AFS fs commands to OSD commands.
+
+ All server platforms
+
+ * Updated background sync process in fileserver to avoid a race which
+ could result in a volume being taken offline.
+
+ Microsoft Windows
+
+ * On April 9th Microsoft released a Hot Fix for Windows Server 2003
+ SP2 that corrects a deadlock in the smb redirector and also adds new
+ functionality that permits the AFS SMB server to be given a longer
+ timeout than is normally the case. New functionality has been added
+ to configure these additional LanmanWorkstation\Parameter values.
+ (This functionality has been backported to XP SP3 and is scheduled
+ to be released on June 5th.)
+
+ * Fix RT#124787, a race condition between "fs flush <dir>", "fs
+ flushvolume", or "fs flushall" and on-going directory operations
+ that can result in afsd_service.exe crashing.
+
+ * Release Notes, User and Administrator guides are now shipped as
+ indexed Windows HtmlHelp Files. (.chm). Shortcuts are provided from
+ the Start Menu.
+
+ * A method of specifying Client CellServDB information within the
+ registry has been added that can be used to either override the
+ CellServDB file or force the use of DNS lookups for a given cell.
+ See the release notes for details.
+
+ * The pioctl interface now properly handles drive letter substitution
+ to UNC paths. (SUBST <d:> <\\afs\cell\path>)
+
+ * The BackConnectionHostNames registry value configuration was broken
+ when dynamic re-establishment of Netbios Name registrations was
+ added. This release restores the functionality.
+
+ * All hidden vos.exe commands are now revealed.
+
+ * Attempts to store the same dirty file chunk from multiple threads
+ are now prevented.
+
+ * The IsPathInAfs test in Explorer Shell Extension and fs.exe now
+ permits broken symlinks to be treated as being in AFS.
+
+ * vos.exe commands that output 64-bit integer values once again do so.
+ This was broken in 1.5.59.
+
+ * Cygwin Import Libraries are provided in the SDK for all OpenAFS
+ DLLs. This permits building cygwin applications against OpenAFS
+ libraries.
+
+ * NSIS installer does a much better job of cleaning up files left over
+ from previous installs.
+
+ * libafsconf.dll moved from Client\Program to Common directory as is
+ is now used by all modules for CellServDB processing.
+
+ All UNIX client platforms
+
+ * Write back changes on last store for memcache to avoid discarding
+ changes.
+
+ * Abstract disk cache support to allow for path, fh, inode based
+ caches with no need for messy ifdef structures each time a new type
+ is added.
+
+ DragonflyBSD
+
+ * Support as a userland port.
+
+ FreeBSD
+
+ * Corrected structure definition for userspace cache manager to allow
+ builds to complete.
+
+ Linux
+
+ * Corrected client locking support.
+
+ * Updated patch to stop deadlocking in the kernel during mmap.
+
+ * Avoid oops when setting up groups for PAGs to match keyrings.
+
+ * Use Linux fh-based cache in cases where possible by default.
+
+ MacOS 10.3:
+
+ * Corrected structure definition for userspace cache manager to allow
+ builds to complete.
+
+ OpenBSD
+
+ * Support for OpenBSD 4.5.
+
+ Solaris
+
+ * Corrected support for server-side vos split interface.
+
+
+OpenAFS 1.5.59 (2009-04-06)
+
+ Microsoft Windows
+
+ * Increased service priority class to "High" to match the priority of
+ system components that are dependent upon the a timely response.
+
+ * SMB error responses avoid returning errors that could confuse the
+ Microsoft SMB redirector into disconnecting the connection to \\AFS.
+
+ All UNIX client platforms (except MacOS X 10.4 and 10.5)
+
+ * OpenAFS 1.5.59 contains fixes for the client issues addressed by the
+ security advisories OPENAFS-SA-2009-001 and OPENAFS-SA-2009-002.
+
+ Linux platforms
+
+ * Support for prerelease Linux 2.6.30 kernels.
+
+
+OpenAFS 1.5.58 (2009-03-30)
+
+ All platforms
+
+ * Code cleanup and prototyping.
+
+ * Avoid unnecessary blocking in Rx periodic cleanup code.
+
+ All server platforms
+
+ * Fileserver CopyOnWrite routine optimized for performance.
+
+ * Make fileserver callback dumps 64 bit safe.
+
+ * Fix byte order issues with fileserver host hashing.
+
+ * Fix buffer size issues with butc.
+
+ * Fix several Ubik recovery issues.
+
+ * Avoid leaking file references in the fileserver.
+
+ * Fix a race in DAFS while closing vnodes, and another offlining
+ volumes.
+
+ * volserver interfaces for volume splitting client.
+
+ Microsoft Windows
+
+ * [RT 124293] A race condition exists which can result in a crash.
+
+ * [RT 124276] If the vldb is out of sync with the contents of the file
+ servers, afsd_service will retry too many times when a file server
+ reports a volume as not being present. Now if the list reported by
+ the vldb is the same as the previously seen list, then the retry is
+ aborted.
+
+ * [RT 124276] Read-only volume failover was broken in 1.5.53 whenever
+ accessing a volume results in VNOVOL or VMOVED.
+
+ * [RT 124276] Prior to 1.3.70 the volume server reference list was not
+ reference counted and would be prematurely freed while in use. When
+ reference counting was added in 1.3.70 a bug was introduced that
+ could result in service reference list corruption.
+
+ * Add Windows Application Event Log warning messages for "Client SMB
+ MPX value too large" and "Client SMB Buffer Size too small".
+
+ * Renaming of files across directory boundaries would result in an
+ invalid handle error when attempting to access the files after the
+ move.
+
+ * Fix the handling of Tran2 Set Path Info RPCs. Do not fail when a
+ smb file descriptor cannot be found. The whole point of using a
+ Path Info function is because an smb file descriptor wasn't
+ allocated.
+
+ * More edge cases in which dynamic addition of Freelance root.afs
+ entries would get the wrong FID or where the root.afs directory
+ would not be refreshed.
+
+ * Buffer overflow could occur if the workstation cell name was longer
+ than 64 characters. Crashes could occur in afscreds.exe,
+ afslogon.dll, and afsd_service.exe.
+
+ * VNOSERVICE and VOFFLINE errors were leaking and were exposed to the
+ smb client.
+
+ * Log file server uuid values as part of the cm_server object when
+ available. Dump the cm_server object list in response to "fs
+ memdump".
+
+ * Optimize the performance of resetting access control lists when
+ tokens are set or removed.
+
+ * Remove symlink recursion tests and increase max symlink count to 64
+ from 16.
+
+ * Windows specific Rx performance improvements.
+
+ * Support for Network Identity Manager 2.0
+
+ All UNIX client platforms
+
+ * Avoid issues with freeing resources at shutdown.
+
+ * Numerous fixes to disconnected AFS.
+
+ * Disconnected AFS fixes for replaying changes without double-freeing.
+
+ * Attempt to use krb524 principal conversion in aklog if available.
+
+ AIX
+
+ * Kerberos configuration at build time corrected.
+
+ Linux
+
+ * Default to dynamic allocation of AFS kernel cache entries to allow
+ growth for inotify()-pinned entries. (beagle, famd, etc)
+
+ * Change client truncation routines to avoid locking issues.
+
+ * IA64 port clients fixed on Linux 2.6.
+
+ * RPMs now install fstrace message catalog.
+
+ * Support through kernel 2.6.29 tested.
+
+ * Fix locking issues on CellServDB file in /proc.
+
+ OpenBSD
+
+ * Support OpenBSD 4.4
+
+
+OpenAFS 1.5.57 (2009-01-23)
+
+ All platforms
+
+ * Conditional compilation of rxdebug support is now possible.
+
+ * Documentation updates.
+
+ * Further race connditions in Rx have been corrected.
+
+ All server platforms
+
+ * Salvager no longer attempts to recreate headers in the wrong
+ partition.
+
+ * Volumes are properly marked in use on creation and subsequently on
+ examination with vos.
+
+ Microsoft Windows
+
+ * Undo the "UAC manifest fix" applied to afs_config.exe.
+
+ * Ensure that Freelance allocation of vnodes follow the AFS convention
+ of odd vnodes are directories and everything else is an even vnode.
+
+ * Add Freelance logic to mount point and symlink evaluation functions.
+
+ * Enhance smb_ParseASCIIBlock() so that it can handle all of the
+ STRING formats defined by the CIFS Technical Report 1.0.
+
+ * Validate the output of smb_ParseASCIIBlock() in all callers. Return
+ CM_ERROR_BADSMB if the STRING field cannot be parsed.
+ CM_ERROR_BADSMB will cause the contents of the packet to be logged.
+
+ * If multiple SMB Raw Write operations were taking place at the same
+ time, there could be data corruption because unique event objects
+ were not generated for each Netbios receive operation.
+
+ All UNIX client platforms
+
+ * Userspace AFS library can now deal with large files when supported
+ by the platform.
+
+ * Numerous updates to disconnected AFS support, including changes to
+ allow reconnection to work in more circumstances.
+
+ FreeBSD
+
+ * FreeBSD unstrategy code has been updated.
+
+ Linux
+
+ * A race during file truncation has been corrected.
+
+ * System call probing routines have been updated.
+
+ * 2.6.29 is now supported.
+
+ MacOS
+
+ * 10.3 support has been corrected.
+
+ OpenBSD
+
+ * Initial OpenBSD 4.4 support.
+
+ Solaris
+
+ * Updates to allow compiling on newer OpenSolaris are now included.
+
+
+OpenAFS 1.5.56 (2008-12-30)
+
+ All platforms
+
+ * libuafs (userspace cache manager) updated to correct several errors.
+
+ * Additional rx debugging support is available as a conditional
+ compile.
+
+ * A race condition in Rx leading to a panic has been corrected.
+
+ * Rx idle time tracking has been corrected.
+
+ * ubik clone server support has been corrected.
+
+ All server platforms
+
+ * Salvager no longer leaves cores in vice partitions.
+
+ * The vol-dump tool now supports dumps larger than 2gb where possible.
+
+ * Operations on multiple files now report all FIDs in the audit log.
+
+ * butc XBSA support now works correctly on amd64.
+
+ Microsoft Windows
+
+ * The NetIDMgr AFS Provider automated configuration logic was broken
+ by the introduction of Kerberos referrals. If the realm of the
+ identity cannot be determined, the workstation cell is now assumed
+ to belong to the newly created identity.
+
+ * Avoid a reference count under flow during rename operations.
+
+ * Avoid a crash caused by treating an arbitrary length directory
+ search mask as an 8.3 mask.
+
+ * Prevent rename operations if a case insensitive match for the target
+ name already exists and does not refer to the object being renamed.
+
+ * Increase the maximum number of background daemons to 64.
+
+ * Fix the UAC manifest applied to afs_config.exe
+
+ All UNIX client platforms
+
+ * Updates to disconnected AFS support.
+
+ FreeBSD
+
+ * FreeBSD 7.1 is now supported.
+
+ * amd64 FreeBSD is now supported.
+
+ Linux
+
+ * Generic fh (exportfs API) cache type is now available.
+
+ * Avoid some oopses due to backing_dev_info inode fields not being
+ filled.
+
+ * 2.6.28 is now supported.
+
+ MacOS
+
+ * 10.3 support has been corrected.
+
+ Solaris
+
+ * Large partition support has been corrected.
+
+ * Filesystem-agnostic cache is now available on Solaris 10 and 11.
+
+
+OpenAFS 1.5.55 (2009-11-10)
+
+ All platforms
+
+ * Salvager avoids leaving core files in vice partitions.
+
+ * NFS translator fixes.
+
+ * Unresponsive server handling fixes.
+
+ * A volserver race which could result in duplicate transactions is
+ fixed.
+
+ Microsoft Windows
+
+ * Fixes a panic caused by corruption of the SMB virtual circuit list.
+ (race condition)
+
+ * Fixes a panic caused by receipt of a UTF-16 string that cannot be
+ converted to UTF-8.
+
+ * Implements a more aggressive recovery algorithm for Netbios errors
+ that result in loss of communication to the AFS SMB server.
+
+ * Improve pioctl response time when testing whether or not a PATH is
+ in AFS.
+
+ * Adds support for linked cells.
+
+ * Increases the length of the cell and realm names that can be input
+ into the Network Identity Manage AFS provider configuration dialog.
+
+ All UNIX client platforms
+
+ * Disconnected AFS avoids infinite recursion during rmdir.
+
+ Linux
+
+ * Support for 2.6.28 (not complete for NFS translator modules).
+
+ * Support for using exportfs API for filesystem-agnostic cache.
+
+ * Disable backing store readahead.
+
+ * Avoid deadlocks when writing back mmapped files larger than the
+ cache.
+
+ * Avoid Oops when doing PAG garbage collection.
+
+
+OpenAFS 1.5.54 (2008-10-08)
+
+ All platforms
+
+ * Updates for new Tivoli X/Open API finding.
+
+ * A double-free is corrected in Rx.
+
+ All server platforms
+
+ * Ubik cleans up file descriptor cache correctly when doing recovery.
+
+ * Enhanced vldb error checker included.
+
+ Microsoft Windows
+
+ * Prevent a crash that could occur when multiple file / directory
+ change notifications are processed simultaneously.
+
+ MacOS
+
+ * AFS claims more free space so Finder will attempt file copies.
+
+ Linux
+
+ * Avoid spurious ENOENT when calling gwtcwd() on a volume root.
+
+ * Avoid spurious ENOTDIR during fakestat.
+
+
+OpenAFS 1.5.53 (2008-09-26)
+
+ All platforms
+
+ * rx avoids many packet leaks.
+
+ * rx jumbogram disabling now works (and is the default).
+
+ All server platforms
+
+ * Demand Attach fileserver tries to avoid issues tracking offline
+ status of volumes.
+
+ Microsoft Windows
+
+ * Many potential deadlock conditions due to out of order lock
+ acquisitions have been corrected.
+
+ * A race condition resulting in an undercount on the cm_scache_t
+ reference counts has been corrected.
+
+ * An empty string when sent as an ioctl path is now properly
+ interpreted as meaning the current directory. This affects "fs
+ lsm", "symlink list", etc.
+
+ * Fix smb string parsing differences where the smb protocol
+ documentation does not match the actual Windows implementation.
+
+ * Random access denied errors fixed.
+
+ * A file server lock synchronization issue was corrected in SMB
+ NTCreateX and NTTranCreate operations. This bug prevented properly
+ operation when loading roaming profiles.
+
+ * Fix a heap overwrite error during server probe operations if a new
+ server is added while a probe operation is in progress.
+
+ * Fix an LSA memory leak that was the result of an LSA error.
+
+ * Do not leak cm_cell_t objects if the VLDB server lookup fails.
+
+ * Only initialize rx mutex/lock objects once.
+
+ * Do not nul terminate the AFS volume name when reported to Windows.
+
+ * Improve VNOVOL error handling. Prevent updated vl information from
+ being destroyed immediately after it was acquired. This bug
+ prevented proper fail over when volumes are moved or removed from a
+ server.
+
+ * Remove volume id from the server volume list in response to VMOVED
+ and VNOVOL errors.
+
+ * "fs flushXXX" commands now destroy locally built B+ directory trees.
+
+ * Prevent mixture of locally modified directory pages and file server
+ directory pages.
+
+ * Fail over to alternate vl servers if a ubik error is returned.
+
+ All UNIX client platforms
+
+ * Disconnected AFS now supports read-write mode.
+
+ * volserver now builds correctly.
+
+ AIX
+
+ * AIX 6 is now supported.
+
+ FreeBSD
+
+ * FreeBSD 7 is now supported.
+
+ Linux
+
+ * cache bypass is now supported.
+
+ * 2.6.x kmod compilation now uses kernel compile options always.
+
+ * Support through 2.6.27.
+
+ MacOS
+
+ * Show more space free so Finder doesn't get confused.
+
+ Solaris 10
+
+ * Default to namei rather than inode.
+
+
+OpenAFS 1.5.52 (2008-08-18)
+
+ All platforms
+
+ * Initialize volume updateDate at volume creation.
+
+ * Avoid potential corruption of directories during salvage.
+
+ * Check for out of memory condition during allocation of additional Rx
+ packets.
+
+ Microsoft Windows
+
+ * Restore support for Windows 2000 (broken in 1.5.50).
+
+ * Perform additional validation on volume names in mount points during
+ creation and evaluation.
+
+ * Fix several deadlocks, races, and reference count issues.
+
+ * Further optimize SMB Directory Search processing and minimize the
+ number of InlineBulkStatus RPCs sent to the file server.
+
+ * Enable "bos restricted" operations.
+
+ * Fix the create of submounts used by the AFSCreds and afs_config
+ drive mapping tabs.
+
+ * Fix a short name truncation bug. (1.5.50)
+
+ * Fix the error code reported when attempting to delete a file on a
+ readonly volume or one that is marked with the readonly DOS
+ attribute.
+
+ * Fix a heap corruption error when reading the CellServDB file
+ location.
+
+ * Add the "RxUdpBufSize" registry value. The new default is 256KB.
+
+ * Do not include trailing NULs in the directory search output.
+ (1.5.50)
+
+ * Pre-allocate 64 Rx Packet buffers per thread in order to improve
+ performance.
+
+ * For debugging: add smb lock requests and stat cache lock allocations
+ to the output from "fs memdump".
+
+ NetBSD
+
+ * Workaround broken sigwait() to allow fileserver to shut down
+ correctly pre NetBSD 5.0.
+
+ Solaris 10
+
+ * Default to namei fileserver; Allow inode fileserver at configure
+ time by override.
+
+ NFS translator
+
+ * Try harder to avoid kernel panics for malformed requests.
+
+
+OpenAFS 1.5.51 (2008-07-29)
+
+ All platforms
+
+ * salvager tries harder to arrange for clients to get VBUSY while
+ salvaging single volumes.
+
+ * salvager avoids certain corruption when salvaging directories.
+
+ * Rx connection clones disabled.
+
+ Microsoft Windows
+
+ * The 32-bit EXE 1.5.50 installer failed to properly install the C
+ Runtime library. When used as an upgrade OpenAFS would continue to
+ work but when used as a new installation, OpenAFS binaries would
+ fail to load.
+
+ * Fixes the "fs" and "symlink" commands to properly parse Unicode path
+ prefixes during the pioctl remote procedure call. This bug would
+ result in file not found errors for files and directories that
+ clearly exist. (Bug introduced in 1.5.50)
+
+ * Large File support is disabled. (Bug introduced in 1.5.50)
+
+ * Removes the possibility of a deadlock during volume location update
+ operation if all of the reported file servers are unreachable at the
+ time of the update.
+
+ * Ensures that reference counts are properly incremented/decremented
+ on Rx connection objects used for volume location RPCs.
+
+ * Over Quota errors during cm_FSync() calls would lead to an infinite
+ loop as the error was never propagated to the caller.
+
+ All UNIX client platforms
+
+ * Bugfixes to disconnected AFS support in the cache manager.
+
+
+OpenAFS 1.5.50 (2008-07-16)
+
+ All platforms
+
+ * volserver puts recloned volumes back online before returning the
+ volume to the fileserver, avoiding spurious VNOVOL errors.
+
+ * Updated TSM X/Open API support available.
+
+ * Demand Attach fileserver will not crash due to accesses during
+ volume cloning.
+
+ * Substantial documentation updates.
+
+ * Demand Attach fileserver state tracking and analyzer tool
+ improvements.
+
+ * UAFS userspace cachemanager updates.
+
+ * Corrected support for anti-meltdown protection in the client.
+
+ Microsoft Windows
+
+ * UNICODE Character Set Support.
+
+ * Pioctl interfaces to the cache manager have been refactored to
+ provide layering between the SMB specific code and the general
+ purpose ioctl operation.
+
+ * Garbage collect dead SMB virtual circuits as soon as they are no
+ longer being referenced. This avoids problems with outstanding
+ locks not being dropped when the virtual circuit becomes invalid.
+
+ * Remove the IBM Administration Reference documentation and replace it
+ with the OpenAFS Command Reference Manual.
+
+ * Avoid calling rx_SetDeadTime and rx_SetHardDeadTime functions each
+ time a connection is about to be used. Do not hold a lock on the rx
+ connection object while it is being selected. This avoids a race
+ between threads attempting to set the timeout values and removes a
+ bottleneck that was hampering performance.
+
+ * Ensure that the smb directory attribute is set for all directory
+ objects.
+
+ * Replace the VC Runtime EXE installer with the MSI installer in the
+ NSIS installer scripts.
+
+ Solaris
+
+ * Support for updates to OpenSolaris.
+
+ Linux
+
+ * Correct dentry revalidation for cross-directory renames.
+
+ * Updated rpm packaging materials for 1.5 release series and 2.4
+ kernels.
+
+ * Corrected syscall table probing.
+
+ * NFS translator updates for current kernels.
+
+
+OpenAFS 1.5.39 (2008-06-24)
+
+ All platforms
+
+ * Updates for Demand Attach fileserver.
+
+ Microsoft Windows
+
+ * Fix two memory leaks.
+
+ * Fix one missing lock.
+
+ * Handle access denied errors when writing dirty buffers.
+
+ * Fix two errors that would cause the *experimental* AFS Servers
+ to crash.
+
+
+OpenAFS 1.5.38 (2008-05-24)
+
+ All platforms
+
+ * Add read-only disconnected support.
+
+
+OpenAFS 1.5.37 (2008-05-21)
+
+ All platforms
+
+ * Includes a number of optimizations for testing.
+
+
+OpenAFS 1.5.36 (2008-05-09)
+
+ All platforms
+
+ * Rx optimizations now attempt to deal with high latency WANs.
+
+ * Client will not wait infinitely for a server which is not providing
+ data. Additional servers will be polled without marking the server
+ which is not providing data down.
+
+ * vos move will not erroneously unlock locked vldb entries on failure.
+
+ All server platforms
+
+ * Fileserver avoids a potential infinite loop when a client
+ relinquishes an address.
+
+ * Fileserver large setting now configures more threads.
+
+ * Fileserver properly registers uuids of new clients.
+
+ * Ubik servers do not improperly hide updates from clients.
+
+ * Fileservers reserve enough file descriptors such that each thread
+ can cache one to avoid spurious errors.
+
+ Microsoft Windows
+
+ * Fix a cm_buf_t reference count leak when attempts to write dirty
+ buffers to the file server from within cm_IncrSyncer() fail.
+
+ * Prevent udebug from crashing.
+
+ * Another VNOVNODE issue fixed. When writing a dirty buffer to the
+ file server, if VNOVNODE is received, mark all buffers as invalid
+ without further attempts to contact the file server.
+
+
+OpenAFS 1.4.12
+
+ All client systems: Major bugfixes.
+ File servers: Major bugfixes.
+
+ * New functionality:
+
+ All systems:
+
+ - Provide portable (pioctl) method for discovering what PAG a user is
+ in. Required to support userspace PAG information collection on AIX
+ 5.1, and knowing whether Linux uses one group, two group, or only
+ keyring based PAGs. (124709)
+
+ * Bugfixes:
+
+ All systems:
+
+ - Fixes to avoid issues cleaning up deleted hosts in the fileserver (126454)
+
+ - Fixes to avoid dropping writes due to server idle timeouts.
+
+ - Don't miss cache chunks of large files while truncating.
+
+ - Avoid null pointer dereference for unexpected volume names in volume
+ utilities.
+
+ - Don't mark connections waiting for additional packet window availability
+ idle.
+
+ - Kerberos 5 utilities (klog.krb5, aklog) enable weak encryption support.
+
+ - Avoid a double-free of an Rx call structure during a client fetch error.
+
+ - Avoid losing hosts during address changes. (125215)
+
+ - Clients shouldn't trust Fetchdata replies for the size of returned data.
+
+ - fileserver will not hang when attempting to cleanup and dump core.
+
+ - salvager will not leave core files in random directories.
+
+ - avoid letting retransmit timer get to 0 seconds.
+
+ - in event of dbserver contact failure, shut fileserver down cleanly.
+
+ - handle large partitions during check for needed disk space at
+ client start.
+
+ - time out Rx connections if network unreachable error received.
+
+ - avoid dereferencing NULL pointer freeing Rx packets in receive. (125110)
+
+ - mark stack not executable in LWP. (125491)
+
+ - return a correct VolumeSync structure from Bulkstat RPCs in fileserver.
+
+ - client attempts to better free memory at shutdown.
+
+ - clear rx call queue safely. (125110)
+
+ - retry VLserver registration on failure in fileserver.
+
+ - update accessdate for volumes on access in fileserver.
+
+ - additional safety checks on vlserver operations to avoid
+ database corruption.
+
+ - make ktc_curpag available on all builds. (125155)
+
+ FreeBSD:
+
+ - Build fixes.
+
+ Linux:
+
+ - Handle kernel changes through 2.6.33.
+
+ - Fix oops in clear_inode due to missed locking. (125589)
+
+ - Better handle /afs mount failures.
+
+ - Clean up after failures creating our kernel kmem cache.
+
+ - Work around memory management issues with some kernels when configuring
+ the buffer cache/bdi (126514)
+
+ - Rename compile_et to afs_compile_et to avoid RPM conflicts.
+
+ - Handle whole-file locks properly. (126561)
+
+ - Deal with kernel autoconf header renaming.
+
+ - Handle SELinux cache backing file labels better to avoid potential oops.
+ (92944,125544)
+
+ MacOS:
+
+ - klog now works correctly on 64 bit machines.
+
+ - launchd now used to launch AFS at boot.
+
+ - Preferences pane included for 10.4 and later.
+
+ - Older versions can now be installed from packages.
+
+ - Finder does not trigger bogus AFSDB lookups in /afs in dynroot mode.
+
+ - Include package with debug kernel module symbols.
+
+ OpenBSD:
+
+ - Build fixes.
+
+ - Support for x86_64.
+
+ Solaris:
+
+ - Handle ZFS caches usefully. (125365)
+
+ - Implement additional pathconf support.
+
+OpenAFS 1.4.11
+
+ Linux client systems: Major bugfixes.
+ All client systems: Minor bugfixes.
+ File servers: Major bugfixes.
+
+ * New functionality:
+
+ All systems:
+
+ - Provide portable (pioctl) method for discovering what PAG a user is
+ in. Required to support userspace PAG information collection on AIX
+ 5.1, and knowing whether Linux uses one group, two group, or only
+ keyring based PAGs. (124709)
+
+ * Bugfixes:
+
+ All systems:
+
+ - Fix bosserver to invoke salvager with "-force" instead of ambiguous
+ "-f". (124916)
+
+ - Cleanup for ptserver argument parsing to allow debug mode to work. (124893)
+
+ - Sanity checking for ptserver log levels. (124894)
+
+ - Fix for uninitialized memory dereference in klog.krb5.
+
+ - Fix an overflow in the cellconfig code used by client and server. (124891)
+
+ - Fix an erroneous vos verbose mode format string.
+
+ - Avoid losing writes on mmap()ed files when cache is memcache. (124671)
+
+ - Provide an afsd switch to allow override of the maximum MTU. (124880)
+
+ - Provide support for encrypt mode in pts.
+
+ - Fix race in background sync code which could cause volumes to go offline.
+ (124359)
+
+ - Fix fileserver to avoid a null pointer dereference in client identity
+ lookup routines. (125020)
+
+ - Improve handling of moves of volumes from 1.5 series fileservers. (18349)
+
+ FreeBSD:
+
+ - UKERNEL build fix. (124681)
+
+ Linux:
+
+ - Allow syscall probing to be disabled by switch to configure at build time.
+
+ - Fix bug in anti-recursion protection for mmap clients. (124627)
+
+ - Avoid a panic caused by changing credentials during VFS operations. (124737)
+
+ - Avoid need for rcu subsystem when unavailable. (124986)
+
+ - Improve keyring PAG setup code. (125001)
+
+ - Avoid possible ext3 cache truncation issues. (124942)
+
+ MacOS:
+
+ - MacOS 10.3 UKERNEL build fix. (124681)
+
+ OpenBSD:
+
+ - Update support for 4.5 (124719)
+
+ OpenSolaris:
+
+ - Updates for newer OpenSolaris kernels. (124116, 124924)
+
+OpenAFS 1.4.10
+
+ All client systems: Security fixes.
+ File servers: Major bugfixes.
+ All systems: Minor bugfixes.
+
+ * Security fixes:
+
+ All client systems:
+
+ - Avoid a potential kernel memory overrun if more items than requested are
+ returned from an InlineBulk or BulkStatus message. (124579)
+
+ Linux client systems:
+
+ - Avoid converting negative errors into invalid kernel memory pointers. (124580)
+
+ * Bugfixes:
+
+ AIX:
+
+ - Don't build aklog NAS module when krb5 is not available. (124522)
+
+ FreeBSD:
+
+ - Additional fixes and support. (124107, 123917)
+
+ Linux:
+
+ - Support 2.6.28. (123580)
+
+ - Support 2.6.29. (124115)
+
+ - Attempt to support 2.6.30 (124560)
+
+ - Avoid race during truncation. (124094)
+
+ - Dynamic vcache allocation support, to deal with inotify vcache pinning. (124334)
+
+ - Correct use of truncate_inode_pages to vmtruncate for locking issues. (124128)
+
+ - Update RPM configuration. (123650, 102673, 124272)
+
+ - Update kernel feature detection. (124507, 123604)
+
+ - Do appropriate locking for CellServDB in /proc. (124407)
+
+ MacOS:
+
+ - Fix MacOS 10.3 support.
+
+ - Add candidate Darwin 10 support.
+
+ NetBSD:
+
+ - Corrected NetBSD version tests. (123647)
+
+ OpenBSD:
+
+ - Update support for 4.4 (124541)
+
+ Solaris:
+
+ - Support cache filesystems which do not allow open by inode number, enabled by
+ default on Solaris 9 and later. (123677)
+
+ - Improve error code return quality. (124426)
+
+ - Allow large partitions on Solaris servers.
+
+ All client systems:
+
+ - Avoid improper error messages about key version when krb5 is in use. (124220)
+
+ - Avoid attempting to free kernel memory which was already freed. (124531)
+
+ - Properly count offline volumes in vos client. (124333)
+
+ All server systems:
+
+ - Avoid 64 bit time issues in callback dump files. (124451)
+
+ - Support more than one local Kerberos realm; Usernames are assumed to be the
+ same across realms.
+
+ - Ubik recovery is corrected to avoid spurious errors. (123723)
+
+ - Do proper host address hashing for little endian machines in fileserver. (124447)
+
+ - Update backup utility to properly compute header needs in the backup buffer.
+ (124425)
+
+ - Avoid blocking during Rx unused connection reaping.
+
+ - Avoid leaking file handles in the fileserver when closing a volume. (124359)
+
+ - Fix bosserver corefile naming to be y2k-safe. (124340)
+
+ - Avoid potential infinite loop in deleted host handling in the fileserver.
+
+ - Support large volume dumps in vol-dump. (123984)
+
+ - Build butc XBSA support on 64 bit systems.
+
+ All systems:
+
+ - Properly track Rx connection idleness for timeouts.
+
+ - Additional documentation. (124472)
+
+ - Avoid a race which may result in an in-use Rx packet being freed. (123799)
+
+OpenAFS 1.4.9
+
+ All client systems: Security fixes.
+
+ * Security fixes:
+
+ All client systems:
+
+ - Avoid a potential kernel memory overrun if more items than requested are
+ returned from an InlineBulk or BulkStatus message. (124579)
+
+ Linux client systems:
+
+ - Avoid converting negative errors into invalid kernel memory pointers. (124580)
+
+OpenAFS 1.4.8
+
+ File servers: Major bugfixes.
+ All systems: Minor bugfixes.
+
+ * Bugfixes:
+
+ AIX:
+
+ - AIX 6.1 is now supported.
+
+ - Unpin kernel memory references after free. (99456)
+
+ FreeBSD:
+
+ - FreeBSD 7 is now supported.
+
+ Linux:
+
+ - Avoid deadlock when writing back pages in an mmap()ed file larger than
+ the cache. (120491)
+
+ - Update process tree walking for PAG garbage collection to avoid oopses.
+ (116603)
+
+ - fakestat mode now correctly avoids spurious ENOTDIR errors.
+
+ - Use kernel build system for all platforms.
+
+ - Remove openafs directory from proc in correct order. (112910)
+
+ - Handle renames across directories correctly in the linux dcache. (74672)
+
+ - Probe syscall table when possible. (105457)
+
+ - Mount point parsing is now updated to handle only well-formed mount
+ points rather than similarly-formed symlinks. (113558, 100836)
+
+ - ucontext-style LWP is now anbled for glibc versions newer than 2.3.
+
+ MacOS:
+
+ - Update available space shown. (112910)
+
+ NetBSD:
+
+ - Work around broken SIGWAIT. (111404)
+
+ Solaris:
+
+ - Solaris 10 now defaults to namei fileservers.
+
+ - NFS translator issues fixed.
+
+ - Changes to address Solaris updates. (105495)
+
+ All client systems:
+
+ - udebug correctly displays the last "yes" host.
+
+ - Allow more vldb lookups to be cached in the client.
+
+ - Fix aklog to not be excessively verbose when not requested.
+
+ - Add support for timing out accesses which are not completing in a timely
+ manner.
+
+ - Properly flag backup volumes being added to the vldb by vos syncvldb.
+
+ All server systems:
+
+ - fileserver "large" setting now implies 128 threads instead of 12.
+
+ - fileserver check for duplicate uuids is now applied correctly.
+
+ - Newer xbsa APIs are supported for TSM integration in butc.
+
+ - salvager avoids corrupting length of directory objects. (111585, 107767)
+
+ - volserver avoids a race during volume release so a volume will not
+ appear to be offline. (107258)
+
+ - Add support for returning errors when accesses are not completing
+ in a timely manner.
+
+ - Avoid potential race in the volserver when creating transactions. (121263)
+
+ - Return sensible error when a release or restore exhausts server
+ resources. (121040)
+
+ - volserver now returns EXDEV if a new replica would duplicate one which
+ already existed elsewhere on the server.
+
+ - Disable jumbograms by default.
+
+ - volserver updates a volume's updateDate on volume creation. (110943)
+
+ - Partitions over 2tb are now supported. (88811)
+
+ All systems:
+
+ - Re-enable Rx client keepalives. (20727)
+
+ - Support autoconf 2.62. (118058)
+
+ - Update Rx to avoid leaking packets.
+
+ - vos supports the -noresolve options to avoid issues with 127.0.0.1 being
+ named in /etc/hosts.
+
+ - Additional documentation. (104110)
+
+OpenAFS 1.4.7
+
+ File servers: Major bugfixes.
+ All systems: Minor bugfixes.
+
+ * Bugfixes:
+
+ AIX:
+
+ - Kerberos as included in AIX has missing symbols. AFS krb5 tools now
+ deal correctly.
+
+ - AIX LAM aklog plugin can now be used CDE screenlocker.
+
+ - Add support for getting the current PAG in pagsh and PAM.
+
+ - Avoid sending a terminal hangup to STREAMS in aklog.
+
+ - Fix afsdb support in the client.
+
+ Linux:
+
+ - Kernels through 2.6.25 are now supported. (77370,88000,83716,83890,80463)
+
+ - Client now only hashes dirty inodes. (78544)
+
+ - Fix to avoid returning invalid mount point data when -fakestat-all is in use.
+ (93898)
+
+ - RPM build system updates. (93616)
+
+ - Restored write-on-close-or-fsync semantics when possible. (17509)
+
+ - Enabled support for flock() on files in AFS. (53457)
+
+ - ARM Linux now supported.
+
+ - Kernel keyring support updated.
+
+ - Fix client-displayed timestamp ordering by zeroing nanosecond field.
+
+ MacOS:
+
+ - Boot time init script now uses afs.conf to store config options. (81825)
+
+ - Avoid kernel panic due to excessive lock tracking when removing files.
+
+ - Avoid leaking kernel memory when trying to read() a directory.
+
+ Solaris:
+
+ - Avoid potential kernel panic if the root vnode of AFS changes.
+
+ - Avoid potential kernel panic when shutting down if contracts are in use.
+
+ - Avoid potential delays when creating new PAGs if the system clock
+ has gone backwards.
+
+ All client systems:
+
+ - At client shutdown, try harder to clean up in-use resources. (74479)
+
+ - When fakestat is in use, enable optimization for Gnome Nautilus lookups.
+
+ - Properly hold lock when updating disk cache metadata to avoid
+ kernel panic. (59136)
+
+ - Avoid wrapping to the start of a file when attempting to write a large file
+ to a pre-largefile fileserver. (73720)
+
+ All server systems:
+
+ - Fixed to avoid truncating ubik databases during recovery. (77183)
+
+ - fileserver issue with internal file cache filling has been fixed. (87977)
+
+ - fileserver thread quota enforcement now done in all cases. (87416)
+
+ - fileserver avoids potential network-related deadlock when breaking
+ callbacks.
+
+ - fileserver avoids crash due to race of resource creation and user requests
+ at startup.
+
+ - fileserver avoids crash when reinitializing Ubik connections.
+
+ - volserver fixed to avoid leaving orphaned files during restore. (46937)
+
+ - volserver now supports convertROtoRW for inode fileservers.
+
+ - Support disabling kerberos 4 style username protection in servers. (75101)
+
+ All systems:
+
+ - Fix to butc to avoid crash due to threaded library variant.
+
+ - Fix to avoid network retransmission issues if the system clock goes
+ backwards.
+
+ - vos syncvldb and syncserver now support a dryrun (do nothing) mode.
+
+ - vos addsite now supports adding a site where a replica is already
+ available.
+
+ - vos clone now supports creating properly-named readonly and backup clones.
+
+ - vos restore now allows an older copy of a volume at an alternate site to
+ not be removed.
+
+ - cmdebug now supports dumping a client's CellServDB.
+
+ - cmdebug now supports showing human-readable expiration times.
+
+ - aklog now handles Kerberos referrals.
+
+ - Additional documentation now included. (89288,89289,86677)
+
+OpenAFS 1.4.6
+
+ All systems: Major bugfixes.
+
+ * Bugfixes:
+
+ All systems:
+
+ - fileserver host tracking code had a missing lock on a host structure;
+ that lock has been added.
+
+ - fileserver handling for clients which are giving up callbacks did not
+ hold a lock, making it unsafe and allowing clients to potentially
+ crash the server by racing.
+
+ - fileserver will now leave a corefile when it is doing a shutdown due
+ to error conditions.
+
+ - fileserver again allows ufs as a valid filesystem type (regression in 1.4.5).
+
+ - cbd handler for fileserver status data has an interpretation error which
+ could cause crashes corrected.
+
+ - fileserver accurately tracks number of callbacks on a given file.
+
+OpenAFS 1.4.5
+
+ All systems: Minor bugfixes.
+ New systems: MacOS 10.5.
+
+ All systems:
+
+ - fileserver address tracking is improved to avoid potentially merging
+ unrelated hosts.
+
+ - Documentation updates.
+
+ - namei fileserver now does fsync()s in background batches for performance
+ improvements.
+
+ - Kerberos ticket support corrected in bundled Kerberos 4 utilities on 64
+ bit platforms.
+
+ - fileserver includes limited per-host thread quota support to avoid
+ resource starvation.
+
+ - fileserver deals with more damaged volumes without asserting.
+
+ - vos validates dumpfiles before attempting restores.
+
+ - vos clone will no longer potentially delete the parent volume.
+
+ - Client no longer permits empty UUID to be created.
+
+ - fs uuid command for checking, regenerating UUID added.
+
+ - Updates for gcc 4.2.
+
+ - fileserver treats w (write) permission as granting read lock permission
+ in addition to write.
+
+ AIX:
+
+ - Bundled NAS Kerberos is now supported. (5.x)
+
+ - LAM aklog module is provided. (5.x)
+
+ - Associate cache files with correct filesystem to avoid snapshots when
+ performing maintenance on local filesystems.
+
+ Irix:
+
+ - Makefile updates.
+
+ Linux:
+
+ - Kernels throigh 2.6.23 are known to work.
+
+ - Updates to syscall table probing.
+
+ - Bug fix in keyring PAG support to avoid oops.
+
+ - updated sample RPM configuration.
+
+ - sparc32 lwp support updated.
+
+ - Avoid potential oops in symlink support in certain older kernels.
+
+ - Avoid potential deadlock during vmalloc.
+
+ - Corrected locking while interacting with kernel task list.
+
+ MacOS:
+
+ - Several panics fixed, including remove_fsref. (10.4 and later)
+
+ - IP address changes now tracked.
+
+ - Corrected support for dropboxes (li access without r) with cp and Finder.
+
+ - fstrace and ancillary files now included.
+
+ - man pages are now installed in the default MANPATH.
+
+ - Servers will be timed out quickly if there is no route available.
+
+ - Temporary files from remove-while-busy now cleaned up correctly.
+
+ Solaris:
+
+ - Updates to accomodate kernel interface changes. (10u4 and later)
+
+ - knfs and NFS translator support updated.
+
+ - Changes to accomodate version 5.4 xbsa library.
+
+ - Updates for new SunStudio defaults.
+
+OpenAFS 1.4.2
+
+ All systems: Major bugfixes.
+
+ * Bugfixes:
+
+ All systems:
+
+ * A bug in the namei volserver which could erroneously make a replicated or
+ moved volume go offline has been fixed.
+
+ * Volume package users (fileserver, volserver, salvager) avoid using lockf to
+ avoid leaking byte range locks on volume internal files.
+
+ MacOS 10.4:
+
+ * A bug where the client kernel module could free stack memory (which caused
+ issues with 64 bit Intel most commonly) has been fixed.
+
+ Linux:
+
+ * A missing kernel feature test has been fixed.
+
+ * group based PAG support is still enabled when possible.
+
+ * ia32 syscall table support for amd64 has build fixes for modern kernels.
+
+ Solaris:
+
+ * fopen() is not safe for use with more than 255 file descriptors open;
+ Emulate it in the afsconf package so afsconf can be used in the fileserver.
+
+ Windows:
+
+ * DNS registration is disabled for the loopback adapter, and we make sure
+ Netbios is turned on.
+
+ Since 1.4.1:
+
+ All platforms:
+ * Remove use of ubik_Call in the source code so prototypes are used.
+
+ * Avoid synchrony in call from the fileserver to the ptserver.
+
+ * Fix a bug in the backup suite when restoring.
+
+ * fileserver and volserver now log for error conditions which may cause
+ exiting.
+
+ * rx avoids a stack overrun when more packets are needed.
+
+ * volserver avoids holding a lock too long when purging volumes.
+
+ * volserver lock initialization fixes
+
+ * volserver volume nuke fixes to avoid leaving files behind
+
+ * fileserver avoids error when authenticating ptserver requests
+
+ * fileserver no longer crashes when GetCPS fails
+
+ * salvager enhancements to deal better with corrupt volumes for namei
+
+ Unix:
+
+ * aklog deals with KDCs which give "generic" replies to principals not
+ existing.
+
+ * Fix bug in cache parameter autotuning
+
+ RedHat:
+
+ * packaging fixes
+
+ Linux:
+
+ * amd64 pthread library family updates.
+
+ * autoconf fixes for kernel feature testing
+
+ * keyring PAG support now only enabled if needed features are present
+ and other updates
+
+ * inline a version of BUG() so we get better oopses
+
+ AIX:
+
+ * tsm is updated to work with the new AIX 5 interface.
+
+ MacOS:
+
+ * Cross compile fixes
+
+ * Packaging improvements
+
+ * Large file support fixed (Thanks to Chaskiel Grundman)
+
+ * Fixes for Leopard seed.
+
+ * Installer image updates
+
+ Windows:
+
+ * Removes race conditions and a deadlock introduced in 1.4.1
+
+ * Fixes ANSI filename option.
+
+ * Establishes new connections to file servers when
+ IP address configuration changes are detected.
+
+ * Improved CIFS compatibility
+
+ * Cache Manager optimizations
+
+ * Fixes vlserver failover when mounting 'root.afs'
+ (Freelance mode disabled)
+
+ * Installs help files in the correct location for use by afscreds.exe
+ and afs control panel.
+
+ * Improve reporting of "over quota" and "disk full" errors.
+
+ * Prevent crash when evaluating mount points to volumes that do
+ not exist
+
+ * Removes auto-registration of AFS ID in foreign ptservers from
+ Integrated Logon DLL. This prevents crashes if the DLL is loaded
+ and unloaded prior to termination of the process.
+
+ * SDK moved to \Program Files\OpenAFS\SDK
+
+ * NSIS and WiX Installer Frameworks update to the latest versions
+
+ * Improvements to the Kerberos Logon Integration
+
+ * Prevents exception in Integrated Logon DLL during SysPrep
+
+ * Prevents displays of MessageBox dialogs in response to Network Adapter
+ errors
+
+ * Hard Dead and Connection Timeout values restricted to the CIFS Session
+ Timeout value.
+
+ * Correct writing of BackConnectionsHostNames registry value.
+
+ * Properly recycles Volume entries
+
+ * The AFS Explorer Shell Extension always finds its resource library.
+
+ * The export list for AFSAUTHENT.DLL has been corrected. (The AFS
+ plugin for NetIDMgr will no longer use 100% of CPU.)
+
+ * Renaming files on Microsoft Vista Build 5536 works.
+
+ * Better handling of "." directory in fs commands
+
+ * Add OpenAFS License text to installers
+
+ * fs setquota and fs mkmount commands behave the same as the UNIX
+ version
+
+OpenAFS 1.4.2
+
+ All systems: Major bugfixes.
+
+ * Bugfixes:
+
+ All systems:
+
+ - Volume dump parsing code in the volserver has better error checking.
+
+ - salvager has improved damaged volume handling on namei fileservers.
+
+ - fileserver has size validity checks for when large file support is disabled.
+
+ - fileserver avoids potentially multiply adding a host to its hash table.
+
+ - rxkad client private data storage is allocated dynamically on ticket size.
+
+ - Handle universal error code translation for file locking.
+
+ - fileserver needs to swap callback connections on a client IP change.
+
+ - fileserver host package revised to reduce lock contention.
+
+ - Rx has been fixed to count hard acks, thus opening the congestion window.
+
+ - All servers support bound Rx sockets (on one interface).
+
+ - namei fileserver no longer use lockf() to avoid range locking issues.
+
+ - most binaries now support the -version switch.
+
+ - backup suite fixes for 64 bit platforms.
+
+ - volserver avoids holding holds during volume purges.
+
+ - volserver avoids losing files on namei during vos zap.
+
+ AIX:
+
+ - fileserver now properly supports large files.
+
+ - TSM updates for AIX 5
+
+ - Kernel module avoids leaking Rx packets.
+
+ - Avoid use of global ubik client structure in fileserver.
+
+ - Update ubik call client interface to allow for prototyping.
+
+ - audit logging fixes when stdarg does not provide integral va_list type.
+
+ MacOS 10.4:
+
+ - A bug where the client kernel module could free stack memory (which
+ caused issues with 64 bit Intel most commonly) has been fixed.
+
+ - Packaging fixes and updates.
+
+ - Uninstaller added.
+
+ - Fix large file support.
+
+ Linux:
+
+ - autoconf kernel feature testing has been restructured.
+
+ - PAG garbage collection is enabled by default.
+
+ - Kerberos updates for RHEL3.
+
+ - Fix POSIX lock enrollment for older Linux kernels.
+
+ - Updates for new 2.6 kernels.
+
+ - Avoid deadlocks in put_inode handler.
+
+ - Keyring-based PAG support.
+
+ - Fixes to avoid getting better oops info in the kernel.
+
+ Solaris:
+
+ - Remove some kernel symbol bindings for symbols we don't use.
+
+ - Cleanup for loopback mount of AFS on Solaris 10.
+
+ - Avoid issues with stdio not supporting file descriptors above 255 on
+ Solaris 8 and lower in the fileserver.
+
+OpenAFS 1.4.1
+
+ All systems: Major bugfixes.
+ New systems: MacOS 10.4 (PowerPC and Intel)
+
+ * Bugfixes:
+
+ All systems:
+
+ - Several race conditions in the host tracking and handling in the fileserver
+ which could cause inconsistent behavior and crashes have been fixed.
+
+ - A fileserver bug where a reference to a volume could be leaked and later
+ cause a deadlock as a result of a bulk status call
+
+ - Reference counting of fileserver objects in unsigned 32 bit integers
+ instead of signed 16 bit integers.
+
+ - Avoid type mismatches when handling time values (betweemn 32 bit and 64 bit
+ variables).
+
+ - Fix a memory leak during multilevel packet queue handling.
+
+ - Audit log output had been updated to include FIDs for newly created files.
+
+ HP-UX 11i:
+
+ - 64 bit (large file) inodes are supported.
+
+ - Salvager will now handle large (>4gb) partitions.
+
+ * New features:
+
+ All systems:
+
+ - asetkey is now included to ease Kerberos 5 integration for server
+ administrators.
+
+ - A new fileserver statistics collection including callback statistics was
+ added.
+
+ - man pages are now generated.
+
+ Microsoft Windows:
+
+ - Fixes error message problems experienced by fs.exe and the AFS Explorer
+ Shell Extensions related to the use of Universal Error Codes by the
+ AFS File Server
+
+ - Adds full SMB/CIFS support for byte range locking. In this implementation
+ all locks are allocated locally and the AFS lock privilege is ignored.
+ While this will not prevent two processes on different machines from
+ simultaneously writing to the same file, it will prevent two processes
+ on the same machine from doing so.
+
+ - The UP server check period has been reduced to once every ten minutes to
+ match the period used by the UNIX clients. The shorter period will
+ assist clients maintain RX connections through NATs.
+
+ - Fixes the DOWN server check logic to ensure that any server that responds
+ to a check is marked UP unless it is in the process of restarting.
+
+ - Add logic to better handle objects that no longer exist on the file server.
+ (VNOVNODE errors.)
+
+ - Prevent the removal of existing drive mappings by "afscreds.exe -M"
+
+ - Fixes the procmgmt library so that it doesn't cause applications that
+ unload it to crash.
+
+ - Improves the warnings written to the afsd_init.log file when the
+ Windows RPC Protocol drivers are improperly configured.
+
+ - Fixes "fs setserverprefs -vlserver". Multiple calls with the same
+ server parameter could result in a crash of afsd_service.exe.
+
+ - The SMB/CIFS layer was audited for reference miscounts and memory leaks.
+ All SMB objects are now properly counted, locked, and released when
+ their work is done.
+
+ - Prevent file truncation of the user does not have the appropriate access.
+
+ - Token management was re-written to allow user tokens to be preserved
+ during integrated login and freed after logoff is complete.
+
+ - Added a mechanism by which abandoned SMB virtual circuits can be
+ detected and the associated resources cleaned up.
+
+ - Prevent the allocation of SMB file handles with a value of 0 or 0xFFFF
+ which would be considered invalid by Windows applications.
+
+ - Fixed the processing of cell names to ensure that they are always
+ treated as case insensitive strings.
+
+ - Fixed the network provider code to avoid querying the profile location
+ if integrated login is disabled.
+
+ - If a mount point string is empty, return Path Not Found to the application.
+
+ - Windows returns WSAECONNRESET when an ICMP packet is received in response
+ to a transmitted UDP packet that cannot be delivered. Do not mark the
+ connection as bad but instead retry the request.
+
+ - Fix the data written to the registry as part of the BackConnectionHostnames
+ values.
+
+ - Fixed the rx-lwp implementation to always generate unique rx call
+ identitiers.
+
+ - The default "fs minidump" type now includes data segments.
+
+
+OpenAFS 1.3
+
+ * -nosettime is now the default for afsd. Use "-settime" to get the
+ old behavior.
+
+ * OpenBSD is now supported.
+
+ * Mountpoint directory information is now only faked for cross-cell
+ mountpoints when using the -fakestat flag (e.g. for the directories
+ under /afs, but not for most other volumes mounted inside the cell).
+ The -fakestat-all switch can be used to fake information for all
+ mountpoints.
+
+ * When fakestat is enabled on MacOSX, the Finder can be used to browse
+ a fully-populated /afs directory. However, this precludes reliable
+ use of entire volumes as MacOS bundles (i.e. containing a Contents
+ directory in the root of the volume).
+
+ * Mountpoint directory information can be faked by the cache manager,
+ making operations such as stat'ing all cells under /afs much faster.
+ This is enabled by passing -fakestat to afsd, but might not be stable
+ on all platforms.
+
+
+OpenAFS 1.2.9
+
+ * The kaserver now defaults to not allowing interrealm authentication,
+ due to security vulnerabilities in the krb4 protocol. The new
+ "-crossrealm" flag to the kaserver is provided to reenable interrealm
+ authentication if desired.
+
+ * RedHat Linux 9.0 is now supported.
+
+ * Solaris 9 12/02 is now supported. Solaris 7 and 8 x86 should now
+ work again.
+
+ * On Linux machines using 2.2 series kernels, 2.2.19 or higher is now
+ required.
+
+ * An OpenAFS 1.2.9 afsd will not work with kernel modules built from
+ an earlier OpenAFS release. In general, using a mismatched afsd and
+ kernel modules set is unsupported; it is not recommended that you use
+ such a configuration on a regular basis.
+
+
+OpenAFS 1.2.8
+
+ * Mountpoint directory information is now only faked for cross-cell
+ mountpoits when using the -fakestat flag (e.g. for the directories
+ under /afs, but not for most other volumes mounted inside the cell).
+ The -fakestat-all switch can be used to fake information for all
+ mountpoints.
+
+ * HPUX 11.0 is now supported.
+
+ * It is now possible for AFS to use Kerberos 5 directly, via rxkad 2b.
+ See the OpenAFS 1.2.8 Release Notes for more information on using this
+ capability.
+
+ * An NFS translator kernel module is now included and compiled by
+ default for Solaris only.
+
+
+OpenAFS 1.2.7
+
+ * MacOS X 10.2 is now supported. FreeBSD 4.3 and later support is
+ included in this release, but is still under active development and
+ should only be used by those doing active development on the OpenAFS
+ FreeBSD client.
+
+ * When fakestat is enabled on MacOSX, the Finder can be used to browse a
+ fully-populated /afs directory. However, this precludes reliable use
+ of entire volumes as MacOS bundles (i.e. containing a Contents
+ directory in the root of the volume).
+
+ * The fileserver will now use Rx pings to determine if clients are
+ reachable prior to allocating resources to them, to prevent asymmetric
+ clients from consuming all fileserver resources.
+
+
+OpenAFS 1.2.6
+
+ * Mountpoint directory information can be faked by the cache manager,
+ making operations such as stat'ing all cells under /afs much faster.
+ This is enabled by passing -fakestat to afsd.
+
+ * Solaris 9 FCS and Solaris 7 and 8 x86 are now supported.
+
+
+OpenAFS 1.2.5
+
+ * A remote denial of service attack in the AIX and IRIX clients has been
+ fixed. Users of those platforms are strongly encouraged to upgrade.
+
+ * Fixed race conditions in fileserver that could result in crash.
+
+
+OpenAFS 1.2.4
+
+ * Server logfiles now more consistant about format in which hosts are
+ referred to.
+
+ * vfsck on Solaris will now allow force runs (using -y flag) even if old
+ inodes exist.
+
+
+OpenAFS 1.2.3
+
+ * Cell aliases for dynroot can be specified in the CellAlias file in
+ /usr/vice/etc or /usr/local/etc/openafs, in format "realname alias",
+ one per line. They can also be managed at runtime with "fs newalias"
+ and "fs listaliases".
+
+
+OpenAFS 1.2.2
+
+ * Solaris 9 and Linux PA-RISC are now supported.
+
+ * fileserver will not erroneously delay legitimate errors for 3 seconds
+ after 10 errors are returned (e.g. stat() on a directory you can't
+ read).
+
+ * Rx MTU calculation now works for Irix, Solaris and Linux
+
+ * If afsd is started with the -dynroot flag, /afs will be locally
+ generated from the CellServDB. AFSDB cells will be mounted
+ automatically upon access.
+
+ * The namei fileserver allows vice "partitions" to be directories
+ instead of partitions and will attach and display accordingly.
+ Creating the file "AlwaysAttach" in the /vicepX directory is used as
+ the trigger to attach it.
+
+ * TSM support for butc no longer requires editing a Makefile, simply
+ specify the --enable-tivoli-tsm configure option.
+
+ * Linux builds no longer require source changes every time the kernel
+ inode structure changes; the OpenAFS sources will now configure itself
+ to the actual inode structure as defined in the kernel sources.
+
+
+OpenAFS 1.2.1
+
+ * vfsck on Digital UNIX and Solaris will now refuse to fsck mounted
+ mounted partitions.
+
+
+OpenAFS 1.2.0
+
+ * AFS now supports --prefix and the other directory options of
+ configure. By default AFS builds assuming it will be installed in
+ /usr/local. In order to get traditional AFS directory paths (/usr/afs
+ and /usr/vice/etc) use the --enable-transarc-paths option to
+ configure. More details on the new directory layout are found in
+ README.
+
+
+OpenAFS 1.1.1a
+
+ * Windows 95/98/ME/NT/2000 - Consistent versioning: Installation, AFS
+ Control Center, Client dialog boxes and properties pages for
+ executables display a consistent OpenAFS version number. Installation
+ detects previous installation and prompts the user for upgrade
+ options.
+
+ * Windows 95/98/ME/NT/2000 - Installation features: During installation
+ the user can select the source of the CellservDB file, AFS home cell,
+ and drive mappings. During installation a drive path mapping can
+ include a variable that will be substituted with the current UserName
+ that is logged in.
+
+ * Windows 2000/NT - Integrated logon: The Integrated Logon feature
+ works now.
+
+ * Windows 95/98/ME - Logon script features: The Windows 95/98/ME client
+ now offers a command-line option for starting up the AFS client
+ without authenication. It is now possilbe to start the AFS client
+ first and obtain tokens, and map drives all through Windows scripts.
+ This helps using Windows 95/98/ME client in Kerberos 5 environment.
+
+ * Windows 2000/NT - LANA numbers: AFS client now scans the LANA numbers
+ to establish the correct NETBIOS connection. NetBEUI is no longer
+ needed. The user no longer needs to find the correct LANA number.
+
+ * Windows 2000/NT - OpenAFS naming consistancy: Further progress has
+ been made to remove references to "Transarc AFS" and replace with
+ "OpenAFS".
+
+
+OpenAFS 1.0
+
+ * AFS now builds with configure. The README for building has been
+ updated and includes full details.
+
+ * A client system can now have multiple sysname values for @sys. They
+ will be searched in order when looking up files in AFS. The
+ -newsysname argument to fs sysname can be repeated to set multiple
+ sysnames.
+
+ * A new system group is created for new cells (system:ptsviewers with id
+ -203). If this group exists, members of this group can examine and
+ read the entire protection database. They can examine all users and
+ groups and can get the membership of any group.
+
+ * A new program, pt_util has been added to the distribution. This
+ program allows users to print the contents of the protection database
+ or to edit the protection database without running a ptserver. It can
+ be used to set up a new cell without ever running in noauth mode. Run
+ pt_util -h for help.
+
+ * The fs setcrypt and fs getcrypt commands have been added. These
+ commands allow the system administrator to require that the client
+ encrypt all authenticated traffic between the client workstation and
+ AFS. The encryption used is weak, but is likely better than sending
+ unencrypted traffic in most environments. Some functions, such as
+ looking for a volume may not be encrypted, but data transfer certainly
+ is. By default data is not encrypted. At this time no significant
+ experimentation with server performance has been conducted.
+
+ * By default AFS is compiled with AFS_AFSDB_ENV, enabling the -afsdb
+ option to be given to afsd on startup. If this option is used, then
+ new cells will be looked up using AFSDB records stored in DNS if they
+ are not found in CellServDB. This means that users can create
+ cross-cell mountpoints in directories they control to access cells not
+ in root.afs, and that cells in root.afs need not be in the client's
+ CellServDB.
+
+ * AFS database servers can be marked as read-only clones. Surround the
+ hostname in square brackets on the bos addhost command and the
+ database server will never be elected sync site. This is useful for
+ cells distributed over a wide region.
+
+ * The AFS servers now support the -syslog flag. This flag causes them
+ to log to syslog rather than to files. This flag is not supported on
+ NT. For all servers besides the salvager, the flag can also be
+ specified as -syslog=facility, where facility is an integer facility
+ code from syslog.h. A -syslogfacility option is provided for the
+ salvager to accomplish the same goal.
+
+ * If the --enable-fast-restart flag is given when configuring AFS, then
+ the salvager supports the -dontsalvage flag which causes it to exit
+ without salvaging any volumes. If this is configured into the third
+ command of a fs process, then the fileserver will start without
+ salvaging. It will fail to attach volumes that need salvaging and
+ they can be salvaged manually. This provides significantly better
+ server startup performance at the cost of administrative complexity.
+
+ * If the --enable-bitmap-later flag is given when configuring AFS, then
+ the fileserver creates bitmaps for free vnodes on demand, allowing
+ faster starts.
+
+ * If bosserver finds a BosConfig.new file at startup, it reads this file
+ and renames it to BosConfig. This allows bosserver to be reconfigured
+ at next restart.
+
+ * The bosserver can be placed in a restricted mode in which AFS
+ superusers are only granted limited access to the server host. The
+ following functionality is disabled when restricted mode is in use:
+
+ bos exec
+ bos getlog (except for files with no '/'s in their name)*
+ bos create *
+ bos delete
+ bos install
+ bos uninstall
+
+ specific exceptions are made for functionality that "bos salvage"
+ uses:
+
+ A cron bnode who's name is "salvage-tmp", time is now, and command
+ begins with "/usr/afs/bin/salvager" may be created. This bnode deletes
+ itself when complete, so no special "delete" support is needed. This
+ functionality may be removed in the future if a "Salvage" RPC is
implimented.
The file with the exact path /usr/afs/logs/SalvageLog may be fetched,
Restricted mode is enabled using a new bos command (bos setrestricted)
or bossever command line switch (bosserver -restricted). Restricted
- mode can be disabled by a) sending the bosserver process a SIGFPE (which
- will then allow restricted operations until the next restart or
- setrestricted command) or b) editing /usr/afs/local/BosConfig
- (or BosConfig.new), and restarting the bosserver.
-
-** The bos UserList of trusted administrators can now contain
- cross-realm Kerberos principals.
-
-** udebug now takes --server not --servers.
-
-** Several error messages have been improved to include volume
- numbers.
-
-** Several new ports have been included for UNIX platforms: Darwin
- (ppc_darwin_12 and ppc_darwin_13), Linux 2.4 (i386_linux24), Linux on
- the Powerpc (ppc_linux22 and ppc_linux24), Linux on the Sparc
- (sparc_linux22, sparc64_linux22 and sparc64_linux24) .
-
-** Incomplete FreeBSD and Alpha Linux ports are included. The
- FreeBSD port has a working server and the Alpha Linux port has a
- partially working client.
-
-** A native client for Windows 95/98/ME has been added to the distribution.
- With this program, a gateway machine is no longer required for Windows 9x
- to access AFS files. One drive letter will be created on your machine by
- default - Z:. The Z: drive will be the root of the AFS tree, allowing you
- to browse all sites that have AFS servers available. Additional drive
- letters can be defined for other AFS directories. A Windows Explorer
- shell extension is included that allows you to right click on items
- within an AFS tree to bring up an "AFS" menu item and perform various
- operations on a file or directory. The most useful item is "Access
- Control Lists", which allows you to view and edit the permissions of a
- particular directory. Command line tools are also available in the
- install directory. These commands include klog, unlog, tokens, kpasswd,
- symlink, fs and pts. The installable includes a readme file that contains
- more information on how to use the client program and known issues.
-
-** support for large caches in afsd. Cachefiles are stored in
- subdirectories. The default is 2048 files per subdirectory, which
- should work fine in most situations. You can use the new afsd
- option -files_per_subdir to change this number. Note that the first
- time you run afsd with this patch, your cachefiles will get moved
- into subdirectories. If you subsequently run an older version of
- afsd, you will lose all your cached files.
+ mode can be disabled by a) sending the bosserver process a SIGFPE
+ (which will then allow restricted operations until the next restart or
+ setrestricted command) or b) editing /usr/afs/local/BosConfig (or
+ BosConfig.new), and restarting the bosserver.
+
+ * The bos UserList of trusted administrators can now contain cross-realm
+ Kerberos principals.
+
+ * udebug now takes --server not --servers.
+
+ * Several error messages have been improved to include volume numbers.
+
+ * Several new ports have been included for UNIX platforms: Darwin
+ (ppc_darwin_12 and ppc_darwin_13), Linux 2.4 (i386_linux24), Linux on
+ the Powerpc (ppc_linux22 and ppc_linux24), Linux on the Sparc
+ (sparc_linux22, sparc64_linux22 and sparc64_linux24).
+
+ * Incomplete FreeBSD and Alpha Linux ports are included. The FreeBSD
+ port has a working server and the Alpha Linux port has a partially
+ working client.
+
+ * A native client for Windows 95/98/ME has been added to the
+ distribution. With this program, a gateway machine is no longer
+ required for Windows 9x to access AFS files. One drive letter will be
+ created on your machine by default - Z:. The Z: drive will be the
+ root of the AFS tree, allowing you to browse all sites that have AFS
+ servers available. Additional drive letters can be defined for other
+ AFS directories. A Windows Explorer shell extension is included that
+ allows you to right click on items within an AFS tree to bring up an
+ "AFS" menu item and perform various operations on a file or directory.
+ The most useful item is "Access Control Lists", which allows you to
+ view and edit the permissions of a particular directory. Command line
+ tools are also available in the install directory. These commands
+ include klog, unlog, tokens, kpasswd, symlink, fs and pts. The
+ installable includes a readme file that contains more information on
+ how to use the client program and known issues.
+
+ * Support for large caches in afsd. Cachefiles are stored in
+ subdirectories. The default is 2048 files per subdirectory, which
+ should work fine in most situations. You can use the new afsd option
+ -files_per_subdir to change this number. Note that the first time you
+ run afsd with this patch, your cachefiles will get moved into
+ subdirectories. If you subsequently run an older version of afsd, you
+ will lose all your cached files.