X-Git-Url: http://git.openafs.org/?p=openafs.git;a=blobdiff_plain;f=NEWS;h=55cd568eb6f9c6111a027b17ee237ded5dea3cda;hp=503ac25d897695e0f46b9143c9037399e404a7b2;hb=aa80f892ec39e2984818090a6bb2047430836ee2;hpb=d4e8b729d8f216e9f033e95194740ff4cb566688 diff --git a/NEWS b/NEWS index 503ac25..55cd568 100644 --- a/NEWS +++ b/NEWS @@ -1,2444 +1,5443 @@ User-Visible OpenAFS Changes -OpenAFS 1.6.0 (in progress) +OpenAFS 1.8.0pre2 + + All Platforms + + * Substantial code quality improvements, largely spotted by Coverity and + clang's static analysis. + - Add new library for platform independent functions (opr). + - Remove arbitrary path name length limits. + - Convert to Heimdal's roken library for reliability. + - Avoid garbage in allocated buffers (calloc). + - Modernize signal handling in pthreaded server processes (softsig). + - Improve code comments and additional Doxygen style comments. + - Reduce compiler warnings, dead code, unused variables, and + undefined behavior. + - Fix bugs found by static code analyzer (clang-analyzer). + - Improved unit test coverage. + - Make VLDB flag definitions consistent. + - Improve use of run-time assertions and add static assertions. + - Add compiler attributes to assist static analyzers. + - Clean up include headers in the entire tree. + - Improve command-line handling library (libcmd). + - Replace hash functions with Jenkin's hash function for faster + and more evenly distributed lookups. + - Provide a red-black tree data structure to enable algorithmic speedups. + - Convert backup and salvage servers to the common logging API (libutil). + - Improve volume id data type consistency (VolumeId). + - Import APIs for kerberos-style profile configuration support. + - Add new APIs to support UserList identities. + - Add new APIs to support tabular output from command-line utilities. + - Convert vnode macros to inline-functions. + + * Improved support for non-DES encryption types: + - Convert to Heimdal's hcrypto library to support RFC 3961. + - Add extended key file format replacing rxkad.keytab, and + new key management APIs. + - Add support for extended key types to asetkey. + - Add akeyconvert to assist in upgrading to OpenAFS 1.8.x by converting an + existing rxkad.keytab file to an extended key file. + - Do not install the kaserver and related utilities by default to + discourage the use of these DES-dependent components. + - Remove obsolete klogin and klogin.krb programs. + - Add new token APIs to support new rx security classes. + + * Migrate from LWP to POSIX threads (pthreads): + - Convert the ptserver and vlserver from LWP to pthreads. + - Remove LWP version of the file server binary. + - Convert afsd, aklog, asetkey, klog.krb5, pts, udebug, and vos, from LWP + to pthreads. + + * Improvements to Rx: + - Restructure the Rx API to privatize the implementation. + - Convert rx events to a red-black tree data structure to improve + performance. + - Convert from mutexes to atomic operations for counters to reduce lock + contention. + - Provide per-opcode Rx statistics. + - Add an rx_opaque data type to support non-DES encryption types + and general code cleanup. + - Wake up the application thread after 'twind' is updated to avoid 100ms + transmit delays when the receive window transitions from closed to + open. + + * Libraries (both internal and installed) are built using libtool, including + libuafs. The resulting shared libraries for libafsrpc and libafsauthent + should be more usable than previously. + + * Improvements to the build system: + - Convert to libtool to build shared libraries. + - Clean up and improve the build system. + - Support out of tree builds. + - Add a makefile target to generate Doxygen source code documentation. + - Link the Java API for OpenAFS with libuafs.a and remove the + libjuafs.a library. + - Always build the rxperf tool. + - Fix man-page generation by make after ./regen.sh -q + - Support the SOURCE_DATE_EPOCH environment variable to improve build + reproducibility. + - Modernize language specific SWIG typemaps for libuafs Perl bindings. + + * Improvements to documentation: + - Document the new KeyFileExt file. + - Reorganized the README files. + - Improvements and fixes to documentation generation. + - Add experimental epub and mobi support + - Remove obsolete LWP information from the file server documentation. + - Update and reorganize the Quick Start Guide. + - Update the Admin Guide. + - Remove AIX, HP-UX, and IRIX information from the Quick Start Guide. + - Document the vldb and prdb (ubik) file formats. + - Add PtLog man page. + - Corrections and clarifications to man pages. + - Add ubik threading analysis doc. + + * Improvements for troublshooting, debugging, and testing: + - Log more details on volume-server-to-fileserver communication errors + when possible. + - Set thread names in pthreaded servers on platforms which support + thread names. + - Add dynroot lock tracking to cmdebug + - Fix tracking of an fstrace call site in the cache manager background + process. + - Add the afsload tool to simulate multiple cache managers for file server + load testing. + - Add run-time checks for refcount imbalances in the cache manager. + - Fix missing newlines in afsd -debug output. + + * Developer tool improvements: + - Improvements and fixes for rxgen (used to generate Rx RPC bindings). + - Add tool for man page verification of command options. + - Add tool to find Unix cache manager lock identification numbers. + - Add an option for pretty build output. + + * RPM packaging updated: + - Update the spec file to keep up with accumulated changes. + - Move the klog.krb5 man page to the openafs-krb5 sub-package. + - Prevent double-starting client on RHEL7 + - Convert rpm spec file from deprecated 'make dest' to 'make install'. + - Fix rpmbuild command line option default handling. + + * Add a new protection error code (PRNAMETOOLONG) instead of silently + truncating names which exceed the maximum name length (PR_MAXNAMELEN). + + * Add an implementation limit (50000) on the number of names/ids which can + be transmitted by unauthenticated clients to the ptserver, avoiding + excessive resource consumption from unauthenticated requests. + + * Add the -config option to vos, pts, and aklog to specify the path to the + cell configuration files. + + * Add more details in vos release -verbose output. + + * Add the cacheout -encrypt option to encrypt communication between the + cacheout client and the fileserver. + + * Add the command line options to the afsio program to enable encryption of + traffic between afsio and the fileserver (-clear, -crypt). + + * Add the vos release -force-reclone option to force recloning the volume to + be released without forcing a full volume dump being transmitted to all + remote sites. + + * Fix vos to avoid writing loopback addresses into the VLDB in + certain cases. + + * Print bos and pts error messages to standard error instead of + standard out. - All platforms + * Improve formatting of the -help output of all commands. - * vos now properly deals with matching sites when servers are - multihomed. + * Change -n to -dryrun in all backup subcommands. - * Don't stop Rx keepalives after an ackall is received, avoiding - spurious connection timeouts. (128848) + * Change the backup deletedump -port command line option to -portoffset. - * Don't retry Rx calls on channels returning busy errors and improve - Rx busy call channel error handling. (128671) + * Add user and build host in the version string returned by + rxdebug -version. - * Properly enable Rx connection hard timeouts. + All Server Platforms - * Initialize rx_multi lock before use. + * Ubik servers using pthreads are now available and are used by default - * Avoid spurious crashes when initializing in "backup" client. + * As part of improving Ubik reliability in certain edge cases, an extra + election cycle (about 60 seconds) may be needed before writes are + permitted. This is a conservative change that may be removed in + the future. - * Revert UUID support in vos. + * Remove periodic background fsync by the fileserver (ihandle fsync thread). - * pt_util fixed to properly create new databases. + * Fix potential file handle leak in the file server ihandle caching layer. - * MTU discovery now properly shut down on call reset. + * Disable the so-called "hot threads" feature in the file server. The hot + threads feature was intended as an optimization for dispatching incoming + calls to the current listener thread, but has been reported to incur a + performance penalty on modern multi-core systems. - All server platforms + * Do not permit creation of users with id of ANONYMOUSID. - * Fix ptserver supergroups support on 64 bit platforms. + * Do not save/restore host states in the fsstate.dat file for hosts which + are in the process of retrieving CPS information from the ptserver when + the fileserver is being shutdown. This fixes a bug in which the fileserver + will incorrectly block all threads following a restart. - * Demand attach salvaging doesn't use freed volume pointers. + * Add the ptserver -restrict_anonymous option to inhibit exposure of user + names from the ptserver. - * Properly hold host lock during host enumeration in fileserver. + * Do not truncate server log files by default when server processes + are started. The -transarc-logs option provides backward compatibility + with IBM AFS log handling on server startup. Log messages may be lost + in back-to- back restarts when a server is running in this mode. - * Attempt to recovery more quickly from timed out volume release - transactions. + * Reopen server logs on SIGUSR1. This may be used by third-party log + rotation tools, such as logrotate, to reopen the log file handles after + log files have been renamed. - * Auditing now properly byte order swaps IP addresses when printing. + * Fix various bugs when logging with -mrafslogs enabled. - * vos split now has improved error handling. + * Dynamically reload the kerberos realm to AFS cell mapping (krb.conf) and + exclusions for mapping kerberos principals to AFS identities (krb.excl) + configuration when the CellServDB cell configuration file is touched. + Previously, a restart of the file server was required after updating the + kerberos mapping configuration files. - * Many changes to again support Windows fileservers. + * Add a command line option (-restricted_query) to the vlserver and + volserver to restrict information queries about volumes to a specific + group of users. - * During volume removal, data removal speed improved. + * Add a command line option to the server programs to specify an alternate + fully qualified log file name (-logfile). - * Improve CPU utilization during volume attaching by DAFS. + * Add a command line option (-config) to the server programs to specify + an alternate path to the server configuration. - * In salvager check-only mode, avoid potentially fixing a vnode. + * Add a command line option to the ptserver and vlserver to specify an + alternate path to the database data files. - * Fix support for large (greater than 2gb) volume special files. + * Add a command line option to the volume server to enable encryption of + volume-server-to-volume-server-traffic (-s2scrypt). - * Salvager will not crash if multiple or bad volume link tables are - encountered. + * Increase the maximum number of LWP threads allowed for the ptserver and + vlserver from 16 to 64 (-lwp). - * Avoid erroneous full dump by remembering which sites were out of - date at the start of the release. + * Remove an unused file server command line option (-k). - * A deleted volume can now be recreated properly. + * Fix an incorrect assertion in Demand Attach File Server which could cause + the file server process to abort in certain rare conditions. - * Callbacks are again not broken during whole partition salvages. + * Deprecate the -bitmap-later configure option for non-Demand-Attach File + Servers (DAFS). - * Positional vectored IO fixed for largefile (>2GB) capable systems. + * Add -vhashsize support to non-Demand-Attach File Servers (DAFS). - * Fileserver per-client thread usage again properly enforced. + * Add support for subnet ranges in the NetInfo and NetRestrict + configuration files. - * Anonymous dropbox support improved and drawbacks documented. + * Add the GetXStats RPC to the audit log. - * Demand attach: ensure vnodes are not reallocated while in use due to - volume bitmap errors. + * Fix directory creation by bosserver when built for non-Transarc paths. - Microsoft Windows: + * Fix incomplete list of server addresses retreived by vos listaddr when the + vldb contains unreferenced multi-homed server entries. - * afs_config will not longer set the Tray Icon State in the registry - if the checkbox is not present in the dialog. (128591) + * Remove obsolete bos blockscanner and unblockscanner commands that + were only needed for the removed MR-AFS functionality. - * AFS Explorer Shell Extension now works from folder backgrounds. - Overlays for mount points and symlinks are present in the dll, but - are not registered at present by the installers. + * Remove obsolete bos salvage options that were only used by the + removed MR-AFS functionality.. - * Do not use RankServerInterval registry value as the value for - PerformanceTuningInterval. + * Remove calls to the deprecated sbrk() function. - * When the data version of a mountpoint or symlink changes, the target - string in the cm_scache_t object must be cleared. + * Add an experimental feature to database servers to support ubik reads + while write transactions are in progress, enabled at build time with the + --enable-ubik-read-while-write configure option. This feature is not + considered ready for production usage at this time. - * "fs checkservers" now includes vldb servers in the output and only - lists multi-homed servers once. A multi-homed server that has at - least one up interface is no longer considered to be down. + * Avoid filling the FileLog with "Volume x offline: not in service" when + a volume is administratively taken offline with vos offline. - * When asynchronously storing dirty data buffers to the file server - ensure that (a) the cm_scache_t object and the cm_buf_t object are - for the same File ID so that locking and signalling work properly; - and (b) if the FID no longer exists on the file server, do not - panic, just discard the buffer. + * Print an error message when bosserver is started with an unknown + command line option. - * When processing VNOVOL, VMOVED and VOFFLINE errors perform server - comparisons by UUID or address and not simply by cm_server_t - pointer. Otherwise, server failover may not succeed. + * Modify the volume updateDate when the volume is changed by a salvage. - * Do not preserve status information for cm_scache_t objects when the - issuing server is multi-homed. + * Volume usage statistics are now preserved during reclone and restore + operations by default, the behavior previously enabled by + the -preserve-vol-stats flag to the volserver. The historical behavior + can be retained via the -clear-vol-stats argument. - * Giving up all callbacks when shutting down or suspending the machine - is now significantly faster due to the use of an rx_multi - implementation. (This functionality is still off by default and - must be activated by a registry value.) + All Client Platforms - * Race conditions were possible when updating the state of the - cm_volume_t flags and when moving the volumes within the least - recently used list. + * Use rxkad_crypt by default for connections to fileservers. This matches + the existing behavior of the Windows client and has been applied by + the distribution packaging on many platforms already. - * Ensure that the lanahelper library does not perform a NCBRESET of - each lan adapter when enumerating the current network bindings. - Correcting this permits OpenAFS to work on Windows 7 when the - network adapter settings change. + * Add support for relative ACL changes with fs setacl. If a single plus (+) + or minus (-) character is appended to the rights' letters argument, the + new rights are computed relatively to the existing ones. - * Fix creation of mount points and symlinks as \\AFS\xxxx + * Remove afsd -settime and afsd -nosettime support. - * Icon tray state now conditionally set. (128591) + * Add the afsd -inumcalc option to specify the method used to calculate + inode numbers presented by AFS. - All UNIX client platforms + * Add the afsd -volume-ttl option to specify set the maximum amount of time + information retrieved from the vlserver will be cached, regardless of + callback expiry times. - * Servers now marked down when GetCapabilities returns error. + * Return EIO on internal errors instead of the misleading ENOENT. - * In-use vcache count is now properly tracked. + * Log ICMP errors received, if any, for unreachable servers. - * Check for /afs existance before starting, unless -nomount is - specified. + * Improve performance of clients with multiple PAGs for different cells. - * Avoid a potential panic when using /afs/.:mount syntax. + * Fix race condition between changing and using user tokens among cache + manager threads. - * Avoid a panic in memcache mode due to missing CellItems file. + * Fix fs sysname for users with UID 2748 and 2750 when not running + in -rmtsys mode. - * FUSE client support fixed for non-/afs mounts. + * Add Perl bindings for the user-space cache manager library (libuafs). - FreeBSD + * Fixes to the bypasscache feature. - * Fix socket termination on shutdown. + * Fix fs getcacheparms miscounts. - * Support for 7.2, 7.3, 7.4 and 8.2 included. + * Remove the obsolete Netscape plugin. - * References to vcaches are no longer leaked during root or reclaim. + Linux - * Remove support for "Giant" lock as we no longer need to use it. + * Remove Linux 2.2 and 2.4 support. - * Don't sleep with AFS GLOCK. + * Changes to avoid EIO errors with multiple processes doing intensive mmap + writing. (Drop PageReclaim AOP_WRITEPAGE_ACTIVATE.) - * Properly enable 64 bit long long support. + * Prevent fakestat data inconsistencies in certain cases (131855). - * Restore support for FreeBSD 7 (128612) + * Fix dentry leak which can cause a crash on shutdown. - * Fix locking issues at shutdown. + * Fix improper use of ENOENT and avoid incorrect use of linux negative + dentry cache. - Linux + * Improve error reporting when encountering corrupt directories. - * Support through kernel 2.6.38. + * Improve rx error handling in the Linux cache manager. - * Red Hat init script allows deferring for a new binary restart. + * Rename kpasswd to kapasswd when packaging RPMs to avoid colliding with + Kerberos kpasswd. - * Red Hat packaging now properly supports RHEL6. + * Do not use the obsolete --enable-largefile-fileservers configure option + when packaging RPMs. - * Use rx_Readv in cache bypass to improve performance. + * Use the RemainAfterExit systemd feature to avoid premature exit + when -afsdb is not given, for RPM packages. - * Properly handle 0-length replies during cache bypass operations. + * Remove Debian packaging files from the OpenAFS source tree. Debian + packaging files are currently maintained in the downstream Debian + infrastructure. - * Properly handle non-contiguous readpage cache bypass operations. + * Add the sparc_linux26 sysname. - * Do proper locking when transitioning to or from cache bypass. + * Desupport 32-bit Linux kernels on s390/s390x. - * Avoid extra runs of vcache freeing routine. (128756) + * Fix Debian/Ubuntu build regression on kernel 3.16.39. - * Perform vcache eviction via a fast path before visiting vcaches - where sleep is needed. + * Fix --enable-kernel-debug for linux 4.8+. - MacOS + * Support linux 4.10, 4.11, 4.12 - * Properly handle setpag errors. PAGs are not supported. + Solaris - * Check for unloaded kernel extensions when decoding AFS panics. + * Remove support for all Solaris and SunOS platforms prior to Solaris 8. - * Disable "get tokens at login" in prefs pane if AD authentication - plugin is configured. + * Build 64-bit binaries for Solaris x86 by default. - * aklog AuthorizationPlugin now provided. + * Use one-group PAGs on Solaris 11, which is required for PAG support + on Solaris 11 since supplemental groups must be sorted starting with + Solaris 11.1. - OpenBSD + * Update search paths for solaris cc for recent versions Solaris Studio. - * Bug fixes for issues introduced previously in 1.5 series. + * Modernize declaration of module dependences by converting from the + deprecated _depends_on symbol to ELF dependencies. - * Support through OpenBSD 4.8. + * Avoid BAD TRAP panic due to invalid opcodes on x86 with Studio 12.5. - Solaris + MacOS - * Switch to ioctl() syscall replacement for Solaris 11 since syscall - 65 is not safe. + * Stop processing upcalls once rx shutdown starts. - * Fix support for Solaris pre-10. + * Enable atomics for the darwin kernel. - * Corrected Solaris 11 startup script. + * Add a syscall to enable/disable bulkstat at run-time, which is + disabled by default. - * vcache mappings freed on shutdown to avoid panic. + * Fix path to binaries in the prefpane. + * Fix builds on MacOS 10.12 by building only the active architecture + by default. -OpenAFS 1.5.78 (2010-11-04) + FreeBSD - All platforms + * Use the native kernel module build system instead of an ad hoc + replacement build system. - * Revisions to Rx to fix performance issues. + * Remove FreeBSD packaging files from the OpenAFS source tree. FreeBSD + packaging files are currently maintained in the downstream FreeBSD Ports + Collection. - * Make fs getfid behave consistently across all platforms. (128372) + * Stay up to date with new FreeBSD releases (through 10.3). - * Properly check IDs handed to pts when creating users or groups so - useful error messages can be provided. (128343) + * Do not claim AFS_VM_RDWR_ENV - * Correct byte order handling of port in afsconf_LookupServer for SRV - records. + NetBSD - * Force a full dump when releasing to a site which was previously - marked "don't use", in case the previous clone was out of date. + * Stay up to date with new NetBSD releases (through 7.x) - All server platforms + * Update to use cprng(9) as the randomness source on NetBSD 6.99/7.x. - * Demand salvage of attached volumes now correctly track attachment - state. + * Build system updates for NetBDS 6.99.x - * Avoid a potential crash due to failure to hold a lock when attaching - a volume fails. + * Do not claim AFS_VM_RDWR_ENV - Microsoft Windows + OpenBSD - * Track SMB connections by SID rather than username. + * Stay up to date with new OpenBSD releases (through 4.7) - * Error write attempts to known-readonly volumes earlier. + * Do not claim AFS_VM_RDWR_ENV - * Validate directory buffers to avoid potential crashes. + AIX - * Handle VIO errors from bulkstatus. + * Updates for AIX support. - * Make PMTU discovery configurable and register error handlers for it. + * Fix build system for AIX exports. - All UNIX client platforms + * Add the uidpag and localuid runtime options to the aklog LAM plugin. + (These runtime options override the use of UID-based PAGs, which were + introduced to appease the CDE screensaver.) - * Use larger I/O sizes in memcache to improve performance. +OpenAFS 1.6.21 - * Avoid potential alignment issues doing I/O for pioctl calls. + All platforms - FreeBSD + * Avoid a possible 100ms transmit delay in the RX protocol when a peer's + receive window transitions from closed to open (12627) - * Avoid panicing if the listener process is not findable. + * Documentation improvements (12476 12477 12559[RT #133339]) - * Avoid deadlock issues while performing lookups. + All server platforms - Linux + * When bosserver is started with an unknown option, print an error message + and exit with a non-zero value rather than failing silently (12631) - * Handle stale file handle errors for some cache partition types. + All DB server platforms - * Avoid blocking with xvcache lock when attempting to free in-use - vcaches. + * Hold the DB lock while checking for an aborted write transaction (12516) - * Build fixes for older kernels. + All file server platforms - * Properly configure LWP to use ucontext() on platforms where it - should. + * On demand attach fileservers, don't save or restore a client's host + state if CPS ("Current Protection Subdomain") recalculation for it is + in progress, to avoid fileserver thread exhaustion (12568) - * Eliminate spurious errors from AFS system call returns. (126230) + * On demand attach fileservers, avoid flooding the log with error messages, + which could happen when the fileserver was restarted while a volume was + offline (12569) - MacOS + * Update a volume's "Last Update" time when its content is modified by + the salvager, to make the change visible in the output of "vos examine" + and to backup services (12633) - * Attempt to honor configured Kerberos defaults in Preferences Pane. + All client platforms + * Corrected the DCentries bucket counts for very large and zero length + files in the output of "fs getcacheparms -excessive" (12604 12605) -OpenAFS 1.5.77 (2010-09-08) + * Fixed a bug that prevented users with GID 2748 and 2750 from executing + the "fs sysname" command on clients running afsd with -rmtsys (12607) - All platforms + * Provide a new -inumcalc switch for afsd to allow enabling the alternative + MD5 method of inode number calculation, which was previously only + possible on Linux and through the sysctl interface (12608 12632) - * Rx path MTU detection will terminate detection in cases where the - minimum required packet size cannot be transferred. + Linux clients - * vos dryrun mode now shows effects for syncvldb single volume case. + * Support for mainline kernel 4.12 and distribution kernels with backports + from it (12624 12626) - * vos dryrun mode now shows "status after" for syncvldb and syncserv. + * Re-added the improved algorithm for freeing unused vcaches to reduce + memory consumption first introduced with the 1.6.18 release, together + with a fix for the issue leading to its removal in 1.6.18.2 (12448..12451) - All server platforms + macOS clients - * RXAFS_GetStatistics64 now returns statistics properly. + * Fixed a crash while stopping the client on macOS 10.12 "Sierra" (12602) - Microsoft Windows - * Attempt to properly identify the local system SMB connection for - token tracking. +OpenAFS 1.6.20.2 - * Remap timeout and offline errors to proper NT RPC errors. + All platforms - * Properly fail over to other replicas on bulkstat IO errors. + * Build fixes required by recent compilers or platforms (12514 12521 12534 + 12536 12538) - * Properly error delete-mode createfile if a file is set readonly. + * Allow the bos server to start successfully in the presence of those, by + accepting a now checked return value indicating that the client ThisCell + and CellServDB already exist (12522) - * Validate directory entry buffers to avoid crashing the service. + Linux clients - * Log file modes properly. + * Support for mainline kernels 4.10 and - most likely - 4.11 and + distribution kernels with backports from them (12530 12588..12590 12598) - * Log cell name when logging server information. + * Support for distribution kernels with partial backports from 4.9 (12535) + (RT #134158) - All UNIX client platforms + * In Red Hat packaging, moved the klog.krb5 manual page into the krb5 + subpackage (12511) - * cacheout program for discarding callbacks is now built. + * In Red Hat packaging, prevent systemd from double-starting the client + (12587) - * bulkstatus kernel locking is corrected to avoid a potential panic. + * Allow aklog to function on current S390/S390x (12499) - Dragonfly BSD + Solaris clients - * userspace support update + * Make process authentication groups work on Solaris 11, now using a single + group ID (12524..12527) - FreeBSD + * Fix a BAD TRAP panic on Solaris 11 clients built with Studio 12.5 (12567) - * Updated vnode locking for children returned via lookup(). + macOS clients - * Avoid file open undercount with needed calls to - FakeOpen/FakeClose(). + * Fixed the preference pane for OS X 10.11 and later (12512) - * Use vnode_pager_setsize to properly track file size during kernel - IO. +OpenAFS 1.6.20.1 - * Update system call installation. + All platforms - * Fix shutdown of Rx kernel listener to avoid potential dereference - after it's gone. + * Build fixes required by recent compilers (12482..12484) - * Avoid closing vnodes during vnode recycle. + Linux clients - * Fix bogus call to FlushVS for vnode reclaims. + * Support for mainline kernel 4.9 and distribution kernels with + backports from it (12478..12480) - Linux + * In Red Hat packaging, make systemd deal correctly with the client + when no userland processes remain after starting it (12481) + (RT #133482) - * Packaging updated for current configure options and built files. + macOS - * Cache bypass now holds reference on pages during readpage. + * Support for release 10.12 "Sierra" (12431 12432) - * s390x setgroups32 patching update. + * Avoid a crash in the Mounts tab of the OpenAFS preference pane (12447) - MacOS +OpenAFS 1.6.20 (Security Release) - * DNS resolver is reinitialized on IP address change. (126440) + All platforms + * Fix for OPENAFS-SA-2016-003: file and directory names leak due to + reuse of directory objects without zeroing the contents + (12461 12462 12463 12464 12465) -OpenAFS 1.5.76 (2010-08-16) +OpenAFS 1.6.19 All platforms - * Updates to build-time configuration. + * Documentation improvements (12304) + * Fixes for test failures (12396 12415) - * Fix XDR support in Rx to match header definition. + All DB server platforms - * vos status now shows transaction creation, not action creation. + * Avoid potentially writing to an out of date volume location or protection + database, or losing a database write, which could happen in rare cases + under special conditions during database leader election + (12339 12389) - * Rx avoids reporting loopback adapters when listing interfaces. + Solaris clients - All server platforms + * Allow the fsinfo::: DTrace provider to work with AFS files (12371) - * Demand-Attach Fileserver always built and installed (dafileserver, - davolserver, dasalvager). + Linux clients - * Return VNOVOL from fileserver when a volume is deleted. + * Don't commit more data to a file than was actually copied during writes, + which could happen on architectures with a page size > 4 KiB (12413) + * Fixed build on PPC64 with GCC 6.1 (12388) (RT #133407) + * Fixed build on x86_64 with recent GCC (12365 12366) - * Ignore duplicate tags during volume restore operation. - * Update inode array after salvage repairs volume. +OpenAFS 1.6.18.3 - * Zero a corrupted header in memory during salvage to avoid further - corruption. + Linux clients - * Fix NAMEI backend to allow low-numbered volumes to work properly. + * Support for mainline kernel 4.7 and distribution kernels with + backports from it (12348) - * ptserver does not include cell name as part of length check for - names. + Solaris clients - * Updated error messages for unblessed volumes. + * Fixed memory mapped I/O on files >= 4 GiB (12349 12350) - * vlserver avoids buffer overflow with regex pattern + Note that there is a suspicion that this might break the client + on very old Solaris releases (2.6). If it does, the breakage should + occur at build time. - * Attach-time failures now note failures as the rest of the fileserver - would. + OS X - * Server argument logging will no longer overflow stack. + * Added tooling to build a package for OS X 10.10 "Yosemite" and + 10.11 "El Capitan" (12335 12351) - * Provide fast-restart-like unsafe-nosalvage option for DAFS. - * Deal with host hash collisions in the fileserver. +OpenAFS 1.6.18.2 - Microsoft Windows + Linux clients - * Avoid crashing when interpreting a drive letter as potentially - matching a cell name. + * Support for mainline kernel 4.6 and distribution kernels with + backports from it (12332) - * Properly handle volume package errors. + * Switch back to the pre-1.6.18 algorithm for freeing unused vcaches. + While the new algorithm is still believed to be correct, it turned + out that at least on some kernels, including 4.5 and 4.6, the dentry + for the current working directory may be erroneously invalidated. + This could lead to errors like "Unable to read current working directory" + when a directory wasn't accessed for a few minutes. (12323) - * Allow page recycling from known-readonly content without ensuring - they are not dirty. + * Use a secure URL to retrieve the CellServDB in the script to create + the Red Hat source package (12330) - * 32 bit tools installer should not override client configuration. + FreeBSD - * Ensure root scache item has a valid callback when use is attempted. + * Added sysname IDs for 10.2 and 10.3 to fix the build on those platforms + (12322) - * Freelance directory changes now properly invalidate and replace the - old root object. - All UNIX client platforms +OpenAFS 1.6.18.1 - * Support disconnected reconnecting with specified UID for PAGless - platforms. + Linux clients - * Proper disconnected vnode reference tracking. + * Support for mainline kernel 4.5 and distribution kernels with + backports from it (12300..12302) - * Update server site blacklisting to not return success if nothing was - blacklisted. - * Avoid a panic during vcache contention due to CVInit vcache - racing. (127645) +OpenAFS 1.6.18 - FreeBSD + All platforms - * Update for network stack in 8.1/9.0. + * Documentation improvements (12224 11675 11613 12197) - HP-UX + * Improved diagnostics and error messages (12129 12207 12185 12211 12113 + 12215 12216) - * Bug fixes. + * Check that CellServDB entries are valid IPv4 addresses, to avoid + occasional hangs or potentially other erratic behaviour due to invalid + entries (12210) (RT #131794) - Linux + All client platforms - * 2.6.36 support + * Gracefully handle cases where a client shutdown sequence is initiated + while the client is already shutting down, rather than cause a panic + (12179) - * Disable PMTU error packet handling. + * Fixed several bugs that could cause erratic behaviour when the write + offset into a file was more than 2 GiB beyond the file's current end + on the server (12213 12214) - * flock() fixes. + All server platforms - * Debian packaging updated. + * Avoid a possible volserver crash during volume dump or restore due + to invalid ACL entries (12127) - * freezer interface updates. + * Allow recovering from a DAFS fileserver operation which allocates a + new vnode but fails to update the vnode index, rather than crashing the + server (12209) - MacOS + * Fixed a longstanding bug which could damage the volume location database + when "vos changeaddr" was run with "-oldaddr" and "-newaddr" and the + old address was present in a multi-homed entry (12089) - * Hold references to disconnected mode written vnodes properly. + FreeBSD - Solaris + * Added support for releases 10.2 and 10.3 (12232) - * Handle NFS translator module references for amd64. + Linux clients - * INODE fileserver backend support now exists for amd64. + * Support for mainline kernel 4.4 and distribution kernels with + backports from it, alas at a performance penalty (12226 12227 12228) + (RT #132677 #132819) + * Avoid using excessive amounts of kernel memory for dynamically + allocated vcaches, by improving the algorithm to free unused ones + (12256 12257) -OpenAFS 1.5.75 (2010-07-07) + * In Red Hat packaging, make the init script use "ip" if available, with + "ifconfig" as a fallback (12193) - All platforms + OS X - * Prevent rx_rpc_stats global lock from being a bottleneck. + * Basic support for release 10.11 "El Capitan" (12212) - * Path MTU discovery is now provided to allow traffic to pass networks - with sub-1500 byte MTUs and poor fragment handling. + IRIX clients - * Further reduce Rx NAT ping transmission when enabled. + * Fixed kernel module builds with optimization (12198) (RT #131261) - * Update Kerberos 5-based token handling in rxkad from upstream - Heimdal. (127554) - * Update version numbers emitted during build to reflect what is - actually being built. +OpenAFS 1.6.17 (Security Release) - * Add "-human" switch for human-readable units in fs diskfree and - listquota. (124529) + All server platforms - * vos provides reasons for locked volumes when known. + * Fix for OPENAFS-SA-2016-001: foreign users can create groups as + if they were an administrator (RT #132822) (CVE-2016-2860) - * Do not count retransmission and ping acks as non-idle for Rx - connections. + All client platforms - * Rx: provide service-specific data getter and setter routines. + * Fix for OPENAFS-SA-2016-002: information leakage from sending + uninitialized memory over the network. Multiple call sites + were vulnerable, with potential for leaking both kernel and + userland stack data (RT #132847) - * Update build-time Kerberos detection. + * Update to the GCO CellServDB update from 01 January 2016 (12188) - * Updated userspace AFS client. + Linux clients - * Beginning of a modernized test suite. + * Fix a crash when the root volume is not found and dynroot is not + in use, a regression introduced in 1.6.14.1 (12166) - * Additional documentation. + * Avoid introducing a dependency on the kernel-devel package corresponding + to the currently running system while building the srpm (12195) - * Updated documentation, notably the Administrators Guide. + * Create systemd unit files with mode 0644 instead of 0755 + (12196) (RT #132662) - * Substantial code cleanup. +OpenAFS 1.6.16 + + All platforms + + * Documentation improvements (11932 12096 12100 12112 12120) + + * Improved diagnostics and error messages (11586 11587) + + * Distribute the contributor code of conduct with the stable release (12056) All server platforms - * Update handling of vnode allocation failures. + * Create PID files in the right location when bosserver is started with + the "-pidfiles" argument and transarc paths are not being used (12086) - * DAFS: allow salvaging volumes not known to the fileserver, to allow - cleanup of data not attached to a current volume. + * Several fixes regarding volume dump creation and restore (11433 11553 + 11825 11826 12082) - * Properly handle volumes slated for destruction. + * Avoid a reported bosserver crash, and potentially others, by replacing + fixed size buffers with dynamically allocated ones in some user handling + functions (11436) (RT #130719) - * Handle volumes with many files properly. + * Obey the "-toname" parameter in "vos clone" operations (11434) - * Force core file generation in bosserver by overriding default - resource limits when possible. + * Avoid writing a loopback address into the server CellServDB - search + for a non-loopback one, and fail if none is found (12083 12105) - * Update vlclient and vldb_check. + * Rebuild the vldb free list with "vldb_check -fix" (12084) - * Avoid potentially corrupting a volume on creation if files are left - from previous failed cleanup. + * Fixed and improved the "check_sysid" utility (12090) - * Note volume changed during salvage as needed. + * Fixed and improved the "prdb_check" utility (12101..04) - * DAFS: do not assume invalid addresses are in fileserver address hash - table. + All client platforms - * Avoid tying up fileserver threads with volumes that are being taken - offline. + * Avoid a potential denial of service issue, by fixing a bug in pioctl + logic that allowed a local user to overrun a kernel buffer with a single + NUL byte (commit 2ef86372) (RT #132256) (CVE-2015-8312) - * Do not set inUse on volumes for non-DAFS other than in fileserver. + * Refuse to change multi-homed server entries with "vos changeaddr", + unless "-force" is given, to avoid corruption of those entries (12087) - * Break origin's callback on target of rename operation. + * Provide a new vos subcommand "remaddrs" for removing server entries, to + replace the slightly confusing "vos changeaddr -remove" (12092 12094) - * Avoid unneeded parent directory link updates during some rename - operations. + * Make "fs flushall" actually invalidate all cached data (11894) - * Do not open /dev/console for writing in the fileserver. + * Prevent spurious call aborts due to erroneous idle timeouts (11594) - * DAFS: avoid spurious restarts when binary restarts are configured. + * Provide a "--disable-gtx" configure switch to avoid building and + installing libgtx and its header files as well as the depending + "scout" and "afsmonitor" applications (12095) - * Avoid spurious and unneeded calls to sync(), which can slow down the - fileserver. + * Fixed building the gtx applications against newer ncurses (12125) - Microsoft Windows + * Allow pioctls to work in environments where the syscall emulation + pseudo file is created in a read-only pseudo filesystem, like in + containers under recent versions of docker (12124) - * Revised SMB QuerySecurityInfo to address issues caused by MS10-020 - (http://support.microsoft.com/kb/980232) + Linux clients - * Prevent use of the AFSCache file contents if mapped to a new - address. + * In Red Hat packaging, avoid following a symbolic link when writing + the client CellServDB, which could overwrite the server CellServDB, + by removing an existing symlink before writing the file (12081) - * Make fs newcell include behavior compatible with the non-Windows - version. + * In Red Hat packaging, avoid a conflict of openafs-debuginfo with + krb5-debuginfo by excluding our kpasswd executable from debuginfo + processing (12128) (RT #131771) - * Provide a registry option (FreelanceImportCellServDB) to pre-create - mount points in the AFS root for all cells in CellServDB. +OpenAFS 1.6.15 (Security Release) - * Fix a memory leak in the cm_FreeServerList() routine. + All client and server platforms - * Reduce privilege when reading registry CellServDB. + * Fix for OPENAFS-SA-2015-007 "Tattletale" - * Add support for RPC Pipe Service NetWkstaGetInfo levels needed for - Windows 7. + When constructing an Rx acknowledgment (ACK) packet, Andrew-derived + Rx implementations do not initialize three octets of data that are + padding in the C language structure and were inadvertently included + in the wire protocol (CVE-2015-7762). Additionally, OpenAFS Rx in + versions 1.5.75 through 1.5.78, 1.6.0 through 1.6.14, and 1.7.0 + through 1.7.32 include a variable-length padding at the end of the + ACK packet, in an attempt to detect the path MTU, but only four octets + of the additional padding are initialized (CVE-2015-7763). - * Prevent overflow when computing quota percentage in Explorer Shell. - (126846) +OpenAFS 1.6.14.1 - * Generate meaningful errors for ACL operations on freelance AFS root. + Linux clients - * Fix error handling on InlineBulkStatus RPCs. + * Support kernels up to 4.2 - * Show configuration pages for all types of MSI installations. + Due to changes to internal data structures with this kernel release, + the OpenAFS client can no longer reset the link count during path + lookups. Since volume root directories must behave like symlinks + instead of normal directories in order to satisfy Linux kernel + invariants, looking up paths containing more than 40 mount points + will fail with ELOOP on such kernels. - * Improve freemount AFS root directory handling and operations. +OpenAFS 1.6.14 - * Properly validate GetVolumeStatus pioctl responses. + All server platforms - * Commit file length changes and dirty buffers when flushing a file. + * Prior to the OpenAFS security release 1.6.13, the Volume Location + Server (vlserver) RPC VL_ListAttributesN2() supported wildcard volume + name lookups via regular expression (regex) pattern matching. This + support was completely disabled in 1.6.13 because it was judged to be + a security risk due to buffer overruns in the implementation, as well + as the possibility of denial of service attacks where certain regular + expressions could cause excessive CPU usage in some regex + implementations. + + Unfortunately, after 1.6.13 was released, it was discovered that + the native OpenAFS 'backup' system uses the VL_ListAttributesN2() + regex support to evaluate configured volume sets. If you use the + OpenAFS 'backup' system (or another backup system which relies on it, + such as Tivoli Storage Manager (TSM, aka Tivoli ADSM)), and are using + volume sets which require regular expressions for the volume name, + then those volume sets cannot be resolved by OpenAFS 1.6.13. The next + paragraph provides details on how to identify any affected volume sets. + + OpenAFS backup volume sets may be described by fileserver, partition + name, and volume name. The fileserver and partition specifications + never require regular expression support. The volume name specification + always requires regular expression support except for when specifying + _all_ volumes via two special cases: the universal wildcard ".*", or "". + For example, volume name "proj" or "*.backup" or "homevol.*" all + require regex support - even if the specification contains no wildcard + characters and/or exactly matches an existing volume name. + + As a result of this issue, OpenAFS 1.6.14 replaces the 1.6.13 changes + to VL_ListAttributesN2. 1.6.14 prevents the buffer overruns and + reenables the regex support, but restricts it to OpenAFS super-users + and -localauth only. This is sufficient to restore the OpenAFS 'backup' + system's ability to work correctly with any previously supported volume + set. The OpenAFS 'backup' commands are already documented to require + super-user authorization, so this restriction is moot for the backup + system. + + There are no other direct consumers of the VL_ListAttributesN2() regex + support in the OpenAFS tree. However, the VL_ListAttributesN2 RPC is + publicly accessible and might be used by third party tools directly or + indirectly via OpenAFS's libadmin. Any such tools that issue + VL_ListAttributesN2 RPCs must now be executed using super-user or + -localauth tokens. + + None of the other security fixes in OpenAFS 1.6.13 are known to have + any issues, and are still included unchanged in OpenAFS 1.6.14. + + If there are any questions concerning the possible impact of OpenAFS + 1.6.13 or 1.6.14 at your site, please contact your OpenAFS support + provider or the openafs-info@openafs.org mailing list for further + assistance. + +OpenAFS 1.6.13 - All UNIX client platforms + All server platforms - * Update version of files for disk cache. + * Fix for CVE-2015-3282: vos leaks stack data onto the wire in the + clear when creating vldb entries - * Do not call afs_FlushVCBs with xvcache lock held, to improve - parallelization. + * Workaround for CVE-2015-3283: bos commands can be spoofed, including + some which alter server state - * Add mariner log messages for creating and removing files. + * Disabled searching the VLDB by volume name regular expression to avoid + possible buffer overruns in the volume location server - * Don't hold xvcache lock while creating symlinks, to improve - parallelization. + All client platforms - * Provide -dynroot-sparse mode to not show all cells in CellServDB in - dynroot mode. + * Fix for CVE-2015-3284: pioctls leak kernel memory - * Avoid a potential crash in aklog in linked cell handling. + * Fix for CVE-2015-3285: kernel pioctl support for OSD command passing + can trigger a panic - * Log MTU-caused packet retransmission. + Solaris clients - * Prevent crashes caused be fs checkservers while cache is being set - up. + * Fix for CVE-2015-3286: Solaris grouplist modifications for PAGs can + panic or overwrite memory - * fs getserverprefs now has a buffer large enough for the default - CellServDB. +OpenAFS 1.6.12 - * Report server address when logging warnings. + All server platforms - * Avoid panic in GetCapabilities when cell is not known. + * Avoid database corruption if a database server is shut down and then + brought up again quickly with an altered database (11773 11774) + (RT #131997) - * Lock process name and id for advisory lock warnings when possible. + All client platforms - * Handle need for allocating additional Rx packets. + * Fixed a potential buffer overflow in aklog (11808) - * Properly handle errors from InlineBulkStatus operations. + * Avoid a bogus warning regarding the checkserver daemon, which could be + logged during startup when the cache initialization was very fast (11680) - * Fix errors returned from fcntl() on readonly files locked for write. + * Added documentation of the inaccuracy of the 'partition' field in + 'fs listquota' output for partitions larger than 2 TiB (11626) - * Flush pending changes to the server on LOCK_EX unlock. + Linux clients - * Reflect length changes as a result of callbacks even when file is - open for write. + * Support kernels up to 4.1 (11872 11873) - * Avoid hanging due to error exit when attempting to store a large - file to a non-largefile fileserver. + * Avoid spurious EIO errors when writing large chunks of data to + mmapped files (11877) - * Recover from afs_GetVolSlot errors. + OS X - FreeBSD + * Build fixes required at least on OS X 10.10 Yosemite with the latest + XCode (11859 11876 11842..11845 11863 11878 11879) - * Bugfixes for kernel VFS and network routines. +OpenAFS 1.6.11.1 - IRIX + Linux clients - * Provide makesname(). + * Support kernels up to 4.0 (11760 11761) - Linux + FreeBSD clients - * Avoid syscall probes when keyrings are present, by default. (125215) + * Fixed kernel module build on systems with an updated clang which no + longer accepts the -mno-align-long-strings as a no-op (11809) - * Remove "Big Kernel Lock" from VFS operations. +OpenAFS 1.6.11 - * Use filehandles for all Linux 2.6 versions to avoid need for matched - afsd. (127530) + All platforms - * Updated RPM packaging. + * Allow aklog to succeed creating native K5 tokens even when mapping + the K5 principal to a K4 one fails (11538) - * Fix dkms configuration provided with RPMs. + * Build fixes (11435 11636) - * Hold reference on pages during background I/O for cache bypass. + All client platforms - * Fix cache bypass handling of non-largefile fileservers. + * Avoid a potential kernel panic due to connection reference overcounts + (11645) (RT #131885) - * Protect truncate_inode_pages mappings with mutex or semaphore as - needed. + * Avoid potential corruption of files written using memory mapped I/O + when the file is larger than the cache (11656) (RT #131976) - * Fix pagevec use in cache bypass. (127505) + Linux clients - * Updates for 2.6.35 + * Support kernels at least up to 3.19 (11549 11550 11569 11570 11595 + 11658..11662 11694 11752) - MacOS + Note: By default this excludes kernels 3.17 to 3.17.2, which will leak + an inode reference when an error occurs in d_splice_alias(). The + module will build and work, but leak kernel memory, leading to + performance degradation and eventually system failure due to + memory exhaustion. Since it's impossible to detect this condition + automatically, the switch --enable-linux-d_splice_alias-extra-iput + must be passed to configure when building the module for those + kernels. The same would be necessary for any kernel with backports + of commit 908790fa3b779d37365e6b28e3aa0f6e833020c3 or commit + 95ad5c291313b66a98a44dc92b57e0b37c1dd589 but not the fix in commit + 51486b900ee92856b977eacfc5bfbe6565028070 in the linux-stable repo + (git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git) or + the corresponding changes on other branches. - * Improve launchd configuration. + * Fixed a regression introduced in OpenAFS release 1.6.10 which could + make the spurious "getcwd: cannot access parent directories" problem + return (11558 11568) (RT #131780) - * Avoid hanging on recursive cache file lock acquisition when user - notification is enabled. + * Avoid leaking memory when scanning a corrupt directory (11707) - * Fix and re-enable bulkstat mode. + OS X clients - OpenBSD + * Support OS X 10.10 "Yosemite" (11571 11572 11611) (RT #131946) - * Build updates. + Solaris clients - Solaris + * Avoid reading random data rather than correct cache content when using + ZFS as the cache file system on Solaris >= 11, and fix potential similar + problems on other platforms (11713 11714) - * Precluding unmount while AFS is busy. + FreeBSD - * Avoid deadlocking when releasing the VFS object. + * Build fix for releases >= 11.0 (11610) - * Stop network interface poller in kernel on AFS shutdown. + OpenBSD - * Avoid issues with lookups on empty directory names. (127356) + * Support release 5.4 (11700) -OpenAFS 1.5.74 (2010-04-22) +OpenAFS 1.6.10 All platforms - * Add "vos setaddrs" command. - - * Rx library lock contention avoidance between rx_NewCall and - rx_EndCall. + * Don't hide the "version" subcommand in help output (11214) - * Rx library races due to inconsistent use of rx_connection - conn_data_lock to protect the flags field. + * Documentation improvements (11126 11216 11222 11223 11225 11226) - * Rx library inconsistent use of RX_CALL_TQ_WAIT which could result in - deadlocks. + * Improved diagnostics and error messages (11154 11246 11247 11249 11181 + 11182 11183) - * Rx library must signal transmit queue waiters when flushing. + * Build system improvements (11158 11221 11224 11225 11227..11241 11282 + 11342 11350 11353 11242 11367 11392) - * afsmonitor shows busy counts now. + * Avoid potentially erratic behaviour under certain error conditions by + either avoiding or at least not ignoring them, in various places (11008 + 11010..11065 11112 11148 11196 11530) - * afsmonitor displays xstat callback statistics. + FreeBSD - * Provide expandgroups for pts mem on a supergroups server. + * Support releases 9.3 and 10.1 (11368 11369 11402 11403 11404) - * Provide supergroup option to liste nested groups during pts mem. + * Makes a disk cache more likely to work on FreeBSD, though such + configurations remain not very tested (11448) All server platforms - * Avoid volume lock contention during DAFS startup. + * Added volscan(8) (11252..11280 11387 11388) - Microsoft Windows + * Fixed a bug causing subgroups not to function correctly if their + ptdb entry had more than one continuation entry (11352) - * Avoid a race when updating cell vldb server lists that can result in - a crash. + * Logging improvements (10946 11153) - * Avoid a deadlock when managing CM_SCACHESYNC_STOREDATA state - operations for directory objects. + * Allow log rotation via copy and truncate (11193) - * Add new Windows Application Event log messages for VBUSY, - VRESTARTING, ALL_BUSY, ALL_OFFLINE, and ALL_DOWN. + * Avoid a server crash during startup only observed on a single platform + and when using a 3rd party library under certain circumstances, which is + a collateral effect of the security improvements introduced in OpenAFS + release 1.6.5 (11075) (RT #131852) - * Reduce lock contention by waiting for cm_buf_t I/O operations. + All client platforms - * Split the cm_buf_t flags field to separate the flags that are - protected by the cm_buf_t mutex from those protected by the - buf_globalLock. + * Raised the free space reported for /afs to the maximum possible value of + just under 2 TiB - the old value was 9 GiB on most platforms (10984) - * In cm_UpdateVolumeLocation, avoid searching for a ".readonly" volume - on a numeric volume name. + * Reduced the amount of stack space used (11162 11163 11203 11164..11167 + 11338 11339 11364..11366 11381) - * File buffer allocations whose offsets are beyond server EOF should - be locally allocated and zero filled. The file server should not be - issued a FetchData rpc which is guaranteed to fail. + * Sped up a periodic client task which could be problematically slow + on systems with a large number of PAGs and files in use (11307) - * Enable integrated logon to work with Windows 7/2008 when user logons - are performed with a non-Domain Kerberos principal. + * Fixed failure of the up command with large ACLs (11111) - * Add Protection Error messages to aklog output. + * Avoid a potential crash of aklog (11218) - All UNIX client platforms + * Avoid potential crashes of scout and xstat_fs_test (11155) - * Provide a FUSE-interfacing userspace afs client. + Linux clients - * Updates to libuafs userspace cache manager. + * Support kernels up to 3.16 (11308 11309) - * Probe servers using GetCapabilities instead of GetTime, thus - requiring fewer RPCs. + * Fixed a regression introduced in OpenAFS release 1.6.6 that made + checking for existing write locks incorrectly fail on readonly volumes + (11361) - * Fix DNS SRV record handling for cell lookup. + * Fixed a regression introduced in OpenAFS release 1.6.8 that could + cause VFS cache inconsistencies when a previously-accessed directory + entry was removed and recreated with the same name but pointing to a + different file on another client (11358) - FreeBSD + * Use the right path to depmod in Red Hat packaging to avoid dependency + calculation incorrectly failing unless a link /sbin -> /usr/sbin is + present on the system performing it (11171) (RT #131860) - * Fix sleep/wakeup routines. + * Do not ignore kernel module build errors (11205) - * Update for 8.0 release. +OpenAFS 1.6.9 - Linux + All server platforms - * Handle high memory addresses correctly. + * Fix for OPENAFS-SA-2014-002 - MacOS +OpenAFS 1.6.8 - * Make 32 bit AFS syscalls work again. + All platforms - * Work around finder "Duplicate" failure (caused by setting modes on - symlinks). + * Documentation improvements (10751 10875 10931 10897 10883 10954 10955) - * Disable bulkstat again (will be re-enabled at or before .75). + * Improved diagnostics and error messages (10756 10814 10949) - * Provide symlink type hints during readdir. + * Fixed a bug in RX that could make errors during packet reception go + unnoticed. (10733) + * Fixed a bug that made "vos size -dump" display the wrong size for + large volumes. (10933) (RT #131819) -OpenAFS 1.5.73 (2010-03-24) + All server platforms - All platforms + * Change the default fileserver sync behavior from "delayed" to "onclose". + This means that explicit syncing only happens when a volume is detached. + (10809) - * NAT keepalive support at Rx level. + * Added the -offline-timeout and -offline-shutdown-timeout options to the + fileserver, to implement interrupting clients accessing volumes we are + trying to take offline. (6266 10799) - * Corrected SRV record support for cell name canonicalization. + All client platforms - All server platforms + * When a client is shut down, it will give up its callbacks. The Windows + client has been doing this since 2007. Note that older fileservers + (1.3.50 to 1.4.5 and 1.5.0 to 1.5.27) had a bug in the implementation of + the relevant RPC that could cause crashes or other undefined behavior + when this happens. (6272 8840 10855) - * Fix volume callback notification to not notify unaffected clients. - (126497) + * Restored the pre-1.6 behavior of "vos e" being an alias for "vos examine". + (10886) - * Allow root directory recreation by salvager. (94658) + * Avoid flooding logs with warnings about byte-range locks, by throttling + them per file. Also, make the messages more useful by including the + FID. (10836..10839) - * Numerous DAFS fixes. + * Avoid a possible panic during shutdown while tracing. (10932) - * Improvements to callback table overflow handling. (126451) + Linux clients - * bosserver now shuts down cleanly on SIGTERM. + * Fixed a bug that could cause the "getcwd: cannot access parent + directories" problem (10804 10984) - Microsoft Windows + * Avoid a delay when accessing uncached data in AFS in a confined + context under SELinux. (10598) - * Prevent the Explorer Shell extension from crashing if symlink - creation failed. (126406) + * Red Hat packaging improvements (10600 10767 10807) - * A Rx level NAT ping has been implemented. A registry value enables. +OpenAFS 1.6.7 - * Adds krb5 error message translation to aklog, afscreds, - afslogon.dll, the network identity manager afs provider and - translate_et. + All server platforms - * Default mode bit settings for file and directory creation are now - provided, and can be configured. + * Fix for OPENAFS-SA-2014-001 - * An SMB request trace facility is provided and can be enabled for - debugging. + * Fix for a potential DOS attack against RX servers - All UNIX client platforms +OpenAFS 1.6.6 - * Rx idle deadtime does not stop file writes. + All platforms - * Disconnected AFS no longer has a race condition during remove ops. + * As of this release, OpenAFS no longer ships uncompressed source tarballs. + Tarballs are still shipped with both compression formats, gzip and bzip2. + (10131) - * Fakestat avoids a condition which could cause it to block on network - activity. + * Documentation improvements (10136 10314 10601) - * Several fixes to handle interruptions in vos operations. (33360, - 125535) + * Improved diagnostics and error messages (9412 10085 10274) - * Allow more sysnames in a sysname list. + * Avoid redefining "assert" in our public header files, which could + cause failures when building some applications using them. (10096) - * Attempt to enforce timeouts on AFSDB lookups. + * Fixes for parallel builds (10005 10309 10337) - AIX + * Added a -s switch to afscp (not installed by default) to help simulate + a slow client. (9416 9417) - * Clean up properly on mount failure. + * Added a -probe switch to vlclient test program (not installed by default) + to ping all vlservers in a cell in parallel. (9570) - * Add entry to /etc/vfs to allow umount to work. + All server platforms + * The fileserver now ignores any vice partitions with a NeverAttach flag + file present in the root directory. (RT #130561) (9470 9471) - Linux + * Restrict forcing CPS ("Current Protection Subdomain") recalculation in + the fileserver to administrators. Also fixed a bug that could cause this + operation to be incomplete. (9485 9487) - * Several issues to deal with older kernels. + * Allow non-DAFS fileservers to attach unusable volumes, restoring pre-1.6 + behaviour. (RT #131505) (9499) - * Avoid leaking the global lock in the /proc cellservdb code. + * Restored the pre-1.6 behaviour when running vos examine for a volume + currently in a transaction, showing the volume as busy again rather than + offline. (9685 9915 9916) - * Keyring destruction now cleans up all tokens. + * Reduced the minimum time a bos salvage takes from 5 seconds to 1. (9476) - * Keyring quotas are not enforced against root. + * Fixed buserver to not segfault when started with the -servers option. + (RT #131706) (10166) - MacOS + * Salvager fixes, addressing a wide variety of possible problems from + unnecessary salvaging to aborts (9282 9283 9457 9458 9459 9461 9462 9480 + 9481 10165 10167) - * Some FSEvents hinting for authentication events now done. (23781) + * Fixed a bug that could cause saved state information to be discarded + when restarting a large or busy fileserver, which negatively impacted + performance. (9683) - * Update uninstaller. (125634) + * Fixed a bug that could have caused undefined behaviour in the vlserver + in rare cases when a fileserver registered its addresses in the VLDB. + (9429) - * Rewrite afssettings and fstab code to avoid licensing issue with - APSL. + * Added the -preserve-vol-stats switch to volserver, allowing it to keep + the access statistics across volume restore and reclone operations + instead of resetting them. (9477) - * Growl client for user monitoring of AFS events included. + * Inserted an exponential delay between retries when bosserver attempts to + restart a server process. (9571 10199) - * Properly support insert-only dropboxes. + * Improved vldb_check (not installed by default) to cope with broken + vlentry names and volids, and provide more output to aid debugging. + (10268) - * Add bulkstat support. + * Releasing a volume after adding a new RO site no longer touches any of + the existing RO sites, if the RW data hasn't changed since the last + release. (10174) - * Include support for moving in Finder across mount points. + * Make the copyDate field for RO clones have the same meaning as for + remote RO volumes. Previously, the copyDate field for clones was updated + every time we released. (9451) - * Preferences Pane includes support for Kerberos 5 ticket renewal. + * Fixed potentially undefined behaviour in ptserver when too many pts + ids are allocated. (10124) + * Note that the server side NAT pings feature present in the prereleases + was removed before the final release, since no positive feedback + was provided during prerelease testing. (9420 10135) -OpenAFS 1.5.72 (2010-02-15) + Linux servers - All platforms + * Start bosserver with -nofork in the systemd unit file, to allow systemd + to track its state (10093) - * Provide internationalization support in com_err. + All client platforms - * Fix array length checking to avoid crashes when checking for a - volume type based on name in vos. + * No longer track file locks on read-only volumes. Write locks can't + succeed, read locks always will. Avoids log messages about this kind + of lock. (8910) - All server platforms + * Added the "fs flushall" subcommand, which makes the client discard all + cached data. This was previously available on Windows only. (9065 9388 + 9389 9390) - * Provide backward compatible "-f" flag to salvager for force mode. + * Fixed a bug that could make the client incorrectly believe its cache + is up to date. This change could negatively impact AFS <-> DFS + translators, should those still be running anywhere. (8898) - Microsoft Windows + * Several changes to avoid panicing in certain error conditions. + (9131 9287 10354 10355 10356 10357) (partially addressing RT #131747) - * Restore use of DNS AFSDB and SRV records by kaserver clients. + * Added the -rxmaxfrags switch to afsd, allowing to limit the number + of UDP fragments sent or received per RX packet. (9430) - All UNIX client platforms + * Build fixes for aklog on several platforms (RT #131716) (9917 10107 10275) - * Fix client cache file truncation to not lose chunks when truncating - a large file. + * Require that the AFS mountpoint specified in the cacheinfo file is + an absolute path. Relative paths result in a client that basically + works but is not fully functional. (10253) - * Ensure a cache writeback hook is installed in the client (bug from - 1.5.71). + * Fixed a bug that could cause one of the afsd threads to enter an infinite + loop (10431 .. 10436) - * Avoid spurious free memory warnings during clean shutdown. + Linux clients - * Fakestat mode avoids AFSDB lookups. + * Support Linux kernels up to 3.13 (10241) - * "fs storebehind" now correctly reports errors on readonly volumes. + * Fixed a bug that made readv/writev calls in AFS space fail with Linux + kernels where generic_file_aio_read exists but those operations have + not been switched to using aio_read/aio_write. This was a regression + introduced with release 1.6.3 and affected at least RHEL 5.9 kernels. + (10248) - * Additional documentation for "fs getcacheparms" + * Fixed a similar bug making core dumps fail in AFS space, affecting + a much wider range of kernels including the most recent ones. + (RT #131729) (10254) - * Forced new uuid generation with "fs uuid -generate" now works - enforced permission correctly. + * Enhanced the keyring code to make PAGs work correctly on kernels with a + distribution specific change to the Linux keyring code. This affected at + least SLES 11 SP3 kernels. (10252) - MacOS + * Fixed a bug that could make failures during PAG instantiation go + unnoticed. (10255) - * Add optimized Rx event handler in kernel. + * Fixed a bug that made compilation fail for Linux kernels without + keyring support. This affected at least the SLE 10 SDK and an + OEM version of SLES 11 SP1. (10325) - * Installer now allows installing an older version. + * Fixed build for kernels with user namespace support enabled. Likely + to be required for Ubuntu 14.04 and eventually other distributions. + (10456 10457 10458 10518 10472) - * Panic decoder can now deal with MacOS 10.5 again. + * Support RHEL 6.5 kernels, and possibly others with changes backported + from recent mainline kernels that touch getname/putname, by no longer + using those functions. Previously, the client could cause a kernel + panic when syscall auditing was enabled. (10578) - * MacOS ._ files are now correctly not looked up as cellnames. + * Make tmpfs usable as the cache filesystem again. This had been broken + since kernel 3.1 (9950 10193) - Linux + * When starting the client fails, clean up the backing device information + created in sysfs, to avoid error messages during a subsequent start + and possible system instability later on (10454) - * To deal with SELinux file labeling, try cache accesses with current - credentials in event of failure. + * Update Red Hat packaging to support Fedora >= 20, RHEL >= 7 and + ELrepo kernels (10597 10619 10622 10703 10704) - * Rx XDR encoding bug on i386 Linux is fixed (bug introduced in - 1.5.71). + OS X Clients - IRIX + * Support OS X 10.9 "Mavericks" (10519 10541 10542 10543 10548 10549) - * Code compilation fixes. + AIX clients - OpenBSD + * Fixed a bug that caused the 1.6 AIX client to never receive any RX + packets in the kernel. (RT #131725) - * Update for OpenBSD 4.6. + FUSE client + * Support Solaris 11 (9454 9455) -OpenAFS 1.5.69 (2010-01-19) + * Allow other users to access filesystems mounted by root. (9452) - All platforms + FreeBSD - * Configuration of BOSserver no longer defaults to weekly restarts - enabled. + * Build tvolser and dvolser on this platform (10122) + * Several fixes to catch up with newer releases (10374 .. 10381) - * Provide BOS restricted mode by default. + NetBSD - * Add support for "vos endtrans" command. + * Build tsalvaged, tvolser and dvolser on this platform (10121) + * Fixed build on NetBSD 5 and newer. (10138) - * Default to providing full output from vos listvol. +OpenAFS 1.6.5 - * Correct additional-address tracking in the fileserver. +All platforms - * Improve Rx performance by not unnecessarily dropping and reacquiring - call locks in read and write processes. + * Fixes for OpenAFS-SA-2013-0003 and OpenAFS-SA-2013-0004 - * Avoid crashes when monitoring volserver transactions across - potential transaction garbage collection. +OpenAFS 1.6.4 - * Numerous warning fixes. +All platforms - All server platforms + * Obey the jumbo/nojumbo settings for ubik servers (the DB servers) + too. In previous releases, those servers may have used jumbograms + even if they were not configured to do so. This change corrects + the actual behaviour, and will improve performance and reliability + for sites where jumbograms are problematic. It could cause a decrease + in performance for sites where jumbograms work, but those can turn + them back on manually. - * Avoid saving fileserver state in demand attach fileserver when - panicing. + * Dozens of fixes for common coding problems like use after free, + use of possibly uninitialised memory, reading or writing past the + end of arrays and potential NULL pointer derefences. Spotted by + code analysis tools or human inspection. - * Demand attach fileserver allows other callers to schedule salvages. + * Documentation improvements. - * Demand attach "bos salvage" now works correctly with restricted - mode. + * Fixes and improvements to the diagnostic or log messages printed by + vos, the fileserver and others. - Microsoft Windows: + * Build fixes, making parallel builds more reliable with certain + configuration options and helping various platforms including + recent releases of IRIX, Solaris and several flavours of Linux. - * Numerous changes to the client-internal btree directory handling to - prevent errors. + * Avoid sending a small amount of data over the wire unencrypted + under certain conditions, and emit the correct error message in + this case. - * fs examine reports owner and group ids as signed values (PTS groups - are negative). +All server platforms - * Preclude corruption due to races writing to smb buffers. + * Avoid generating duplicate IDs for readonly and backup volumes, + which could happen under certain conditions. - * Allow MTU settings in registry to be used. + * Allow the fileserver to return volume data like quota or free space, + which is available publicly elsewhere, without the additional access + check for read permissions on a volume's root directory the fileserver + performed before. - * Apply MTU to both send and receive sizes. + * The fileserver now emits a log message when it ran out of memory for + callbacks. - All UNIX client platforms + * Avoid several potential fileserver problems, including memory + corruption and segmentation faults, due to client bookkeeping. - * Avoid double-freeing Rx call structure if reading a response from - the file server results in a short read. + * Avoid known cases of silent data corruption due to background syncs + on the fileserver, especially during Copy on Write. - * Handle negative lengths in FetchStatus results correctly. + * Make the fileserver sync behaviour runtime configurable. Up to 1.4.5, + we had synchronous syncs which were safe but really slow. Since 1.4.5, + we've had asynchronous syncs which are much faster but believed to + be the cause of rare data corruption issues, and while all known cases + of these happening are believed to be fixed in the 1.6.3 release, doubts + remain. This change allows choosing between those, and in addition allows + to turn syncs by the fileserver off altogether, thus relying on the vice + partition's backend filesystem and the operating system, or to just + execute them when a volume is detached. The default behaviour is + unchanged from releases since 1.4.5, but it's highly recommended to + consider the additional options this change provides. Future OpenAFS + releases will default to "-sync=none". - * Properly clean up allocated memory at shutdown. + * For dbservers, avoid a situation where misinterpreting transient + network errors causes long-term issues with achieving ubik quorum. - * Default to AFSDB compiled into the cache manager. +All UNIX client platforms - * Avoid inadvertant disclosure of stat() information to clients not so - entitled. + * Improvements to the detection of an aklog-specific krb5 configuration + file, for the purposes of turning on "weak crypto" for aklog. - * Correct a bug with AFSDB lookups introduced with SRV record support. + * Fixed a regression introduced in release 1.6.2 which caused the + supposedly persistent disk cache to be discarded upon client start. + (RT #131655) - MacOS +Linux clients - * Install kernel panic processing tool in /Library/OpenAFS/Tools. + * Support Linux kernels up to 3.10 - * Include debugging symbols for kernel extension in additional package. + * Fixed two bugs making it impossible to unmount a disk cache filesystem + after it has been used by the client. (RT #131613) - * Support "Application Firewall" users. + * Fixed a bug that could cause an oops with kernels 3.6 and later - * Avoid ._cellname AFSDB lookups. +OpenBSD - * Compile preferences pane as a universal binary. + * Improved support for OpenBSD 4.9 to 5.3 - Linux +OpenAFS 1.6.3 - * Use splice to speed up storing files. + This release number had to be skipped for technical reasons. - * When using memcache, avoid duplicating work in readpages. +OpenAFS 1.6.2.1 - * Use dget_parent to safely find an inode's parent. + Linux clients - * Disable access time updates in our superblock. + * Support Linux kernels up to 3.8. - * Avoid crashing doing writeback if no credentials were stashed at - file open. + * Make the init script cope with the output of ifconfig on recent Fedora. - * Simplify keyring support. +OpenAFS 1.6.2 - * Properly clean up vcache in event of failed mount. + All platforms - FreeBSD + * Fix buffer overflows in fileserver and ptserver. - * Update for current FreeBSD 8. + * Abort an rx connection when given an unknown service (Gerrit 7593). - Solaris + * "idle dead" behavior improvements. - * Abstractly manipulate groups as now required. + * Documentation updates. - * Abstractly access time instead of using lbolt directly. + All server platforms + * Fix rare file corruption during background sync (Gerrit 8796). -OpenAFS 1.5.68 (2009-12-08) + * Fix corrupting clients' metadata cache during certain errors (Gerrit + 6957). - All platforms + * Avoid saying a volume doesn't exist when accessed as the volume is + going offline (Gerrit 7488). - * aklog now attempts to convert non-AFS errors to human-readable - strings. + * Fix fileservers to properly report >2 TiB partitions. - * Make stack not executable when compiling assembler source with GCC. + * Fix stale volume info from vos examine on non-DAFS filservers. - * Numerous source warning cleanups and code reorganization. + * Fix possible volume corruption with vos convertROtoRW. - All server platforms + * Fix bosserver to preserve all command-line options over restart. - * Compute midnight for volume statistics calculation from local time. + * Fix bosserver to properly kill hung processes during shutdown. - * Salvager now orphans duplicate special inodes when running to allow - recovery in event of a problem, instead of simply ignoring the - issue. + All UNIX client platforms - * Support to ensure a server panic attempt leaves a core and thus - restarts in a timely manner, rather than potentially hanging. Use - panic to attempt cleanup before leaving a core when possible. + * Fixes for memcache, especially on Solaris. - * Volume sync data reported during bulkstatus is now set correctly. + * Increase the size of the DNS resolver answer buffer to allow sites + with a long response list to use SRV and AFSDB records. - * Provide better tuning for fileserver file descriptor caching. + * Fix a crash when a server appears to run out of addresses (Gerrit + 7487). - * Allow more than 128 threads in fileserver by modifying host - structure in-use tracking. + * Fix cache corruption when reading from a file another client is + simultaneously writing to (Gerrit 7994). - * Avoid crashes getting volume server status during transaction - cleanup. + * Improve handling of disk cache disk errors. - * Improved logging of offline volume conditions. + Linux - * Correct volume statistics when cloning a volume. + * fix DKMS configuration for DKMS 2.2. - * Avoid referencing host structures in the fileserver which are marked - for deletion. + * Avoid generating inode number 0 with md5 inodes (Gerrit 7276). - * Demand attach fileserver corrections to avoid coring during an - aborted startup. + * Fix a crash when reading /proc/fs/openafs/unixusers (Gerrit 7914). - * host array bounds checking corrections to avoid buffer overflow. + * Make PAG-less access use the real UID of the calling process + instead of the effective UID, when determining what credentials to + use (Gerrit 7931). - * Handle special inodes correctly when promoting an inode fileserver - readonly volume to read-write. + * Fix possible abuse of fs mkmount. + Prior to 1.6.2, users could crash a client by nesting volume mounts. - Microsoft Windows + * Fix fileserver memory corruption on RHEL 6 + Prior to 1.6.2, fileservers on RHEL 6 may crash under heavy load. - * Set the DOS Readonly attribute on a file/directory whenever the unix - mode combined with the mask 0200 is true. Previously there was a - discrepency between the mask used for testing for readonly behavior - and that used for setting the attribute. + * Fix client page cache corruption on Linux + When multiple clients read and write to a file, the reading client + may see first page (4096 bytes) of a file as nulls. - * Disable AFSVolSync based .readonly "whole-volume callback" support - because the all file servers prior to 1.5.67 (and perhaps 1.4.12) do - not properly assign a value to the AFSVolSync structure in bulk - status RPC responses. + * Support Linux kernels up to 3.7. - * Improve the error output from aklog to output the value from krb5 - error_message() if the afs_com_err output indicates an unknown - value. + * Support newer glibc versions. - * Convert VBUSY and VRESTARTING to CM_ERROR_ALLBUSY and do not permit - them to be exposed to the smb redirector. + * Improve client systemd unit file. - * Convert STATUS_TIMEOUT responses to STATUS_IO_TIMEOUT to avoid - confusion within the smb redirector. + * Update Red Hat packaging. - * Fix the byte order assigned to port numbers associated with AFSDB - record lookups. They must be network byte order not host byte - order. + OS X - * Add dynamic server ranking based on RPC round trip time - measurements. + * Fix crashes on shutdown. - All UNIX client platforms + * Prevent unloading the module before shutdown completes. - * Additional shutdown-time memory leaks removed. + * Security improvement for the OpenAFS preference pane. - * Improved logging of resource contention. + Solaris - * Provide dumping for Rx debug packet tracking support in source. + * Support newer versions of the Sun Studio compiler software. - * Update afscp test client to build, and provide an unlock client. + * Support compiling on newer versions of Solaris 11 and Solaris 10. - * Client buffers for directory parsing can now be allocated beyond the - fixed set formerly provided. - * Work around race condition when manipulating read-only volume - callbacks. +OpenAFS 1.6.0 (2011-08-15) - * Bugfixes to get PAG value pioctl. + All platforms - * Bugfixes to SRV record support. + * Substantial Rx updates to correct erroneous behavior. - Linux + * vos now properly deals with matching sites when servers are + multihomed. - * Path MTU tracking code cleanup. + * Don't stop Rx keepalives after an ackall is received, avoiding + spurious connection timeouts. (128848) - * Avoid an oops due to racing with vcache recycling thread. + * Don't retry Rx calls on channels returning busy errors and improve + Rx busy call channel error handling. (128671) - * Changes to keyring PAG handling: for sufficiently new kernels, use - only keyring-based PAGs, and disable group PAGs entirely. + * Properly enable Rx connection hard timeouts. - * Updates to the kernel page cache interface: writing pages will now - not spuriously leak page locks, and will avoid requiring duplicate - work. + * Rx NAT pings are not enabled until peer has answered. - * Credential references are now tracked using native atomic counters. + * Initialize rx_multi lock before use. - * Kernel mutex/semaphore lock ordering fix to avoid deadlocks. + * Avoid spurious crashes when initializing in "backup" client. - * Manipulate disk cache with credentials used to initialize it, to - avoid security issues. + * Revert UUID support in vos. - MacOS + * pt_util fixed to properly create new databases. - * Fix fstrace message catalog location. + * MTU discovery now properly shut down on call reset. - * Fix kernel fstrace logging. + * Avoid leaking references to hosts during callback break multi-Rx + operations. (129376) + * xstat tools now cope with differing timeval structures between + endpoints. -OpenAFS 1.5.66 (2009-10-25) + * Numerous fixes to command argument parsing. - All platforms + * Documentation updates. - * Avoid calling exit() in library code. + All server platforms - * Add rx window size and peer timeout tuning APIs. + * A file descriptor leak which could result in corrupted files in the + fileserver was fixed. An IMMEDIATE upgrade from previous 1.5 release + fileservers is recommended. - * Correct rx peer timeout handling to disallow 0ms timeouts. + * Fix ptserver supergroups support on 64 bit platforms. - * Correct calculation of rx RTT by disregarding retransmitted packets. + * Demand attach salvaging doesn't use freed volume pointers. - * vos manpages updated to reflect changes in recent versions. + * Properly hold host lock during host enumeration in fileserver. - * GNU-style long options (e.g. --cell) are now supported in all - commands. + * Attempt to recovery more quickly from timed out volume release + transactions. - * fs listacl can now print a command to recreate the current ACL. + * Auditing now properly byte order swaps IP addresses when printing. - All server platforms + * vos split now has improved error handling. - * Fix a race on transaction objects in the volserver which can cause a - crash. + * Many changes to again support Windows fileservers. - * Avoid destroying and setting to NULL the callback connection when it - could still be being used. + * During volume removal, data removal speed improved. - * Correct unlink handling in salvager. + * Improve CPU utilization during volume attaching by DAFS. - * Improve error messages due to I/O errors in the volserver. + * In salvager check-only mode, avoid potentially fixing a vnode. - * Correct an issue which caused converted RO to RW volumes on namei - fileservers to not come online immediately. + * Fix support for large (greater than 2gb) volume special files. - Microsoft Windows + * Salvager will not crash if multiple or bad volume link tables are + encountered. - * Official support for Windows 7 and Server 2008 R2. + * Avoid erroneous full dump by remembering which sites were out of + date at the start of the release. - * Prevent a file server bug (FetchData returning an invalid length - instead of zero) from causing an "unexpected network error" when - writing to files. + * A deleted volume can now be recreated properly. - * Promote DNS SRV records as superior to DNS AFSDB records. Support - arbitrary port numbers for vldb servers. + * Callbacks are again not broken during whole partition salvages. - * Add AFSVolSync based .readonly "whole-volume callback" support. - With this functionality, multiple objects from a .readonly volume - can have their status validated by issuing a single - RXAFS_FetchStatus RPC. + * Positional vectored IO fixed for largefile (>2GB) capable systems. - * Remove drive mapping functionality and service start/stop from - afscreds.exe. + * Fileserver per-client thread usage again properly enforced. - * Remove drive mapping functionality from afs_config.exe. + * Anonymous dropbox support improved and drawbacks documented. - * Use {HKLM,HKCU}\SOFTWARE\OpenAFS\Client DWORD "ShowMountTab" to - restore access to drive mapping functionality in afscreds.exe and - afs_config.exe. + * Demand attach: ensure vnodes are not reallocated while in use due to + volume bitmap errors. - * Adjust SMB error return codes to avoid returning STATUS_TIMEOUT - which results in the SMB redirector disconnecting. + * Properly support large volume numbers (larger than 2147483647). - * Network Identity Manager OpenAFS Provider now provides its own "AFS - lock" notification icon to report the status of "have tokens, have - no tokens, service not started, service started but inaccessible". - Hovering over the icon lists the cells for which tokens exist (if - any) and the OpenAFS version number. Double-clicking executes the - Network Identity Manager default action. + * Allow salvager to be run manually again when DAFS is being + used. (129458) - * Prevent pioctl calls from retrying indefinitely when a sharing - violation error occurs. + * Avoid leaking references to hosts during callback break multi-Rx + operations. (129376) - All UNIX client platforms + * Demand attach: unlink fileserver state file on standalone salvage. - * Correct a condition which could discard the error from initializing - a fetch request. + * Salvager tries harder to detect linktable issues. + + * Demand attach: don't attach volumes with special status set. + + * Avoid crashing on host table exhaustion. Instead, defer clients. + + Microsoft Windows + + * afs_config will not longer set the Tray Icon State in the registry + if the checkbox is not present in the dialog. (128591) + + * AFS Explorer Shell Extension now works from folder backgrounds. + Overlays for mount points and symlinks are present in the dll, but + are not registered at present by the installers. + + * Do not use RankServerInterval registry value as the value for + PerformanceTuningInterval. + + * When the data version of a mountpoint or symlink changes, the target + string in the cm_scache_t object must be cleared. + + * "fs checkservers" now includes vldb servers in the output and only + lists multi-homed servers once. A multi-homed server that has at + least one up interface is no longer considered to be down. + + * When asynchronously storing dirty data buffers to the file server + ensure that (a) the cm_scache_t object and the cm_buf_t object are + for the same File ID so that locking and signalling work properly; + and (b) if the FID no longer exists on the file server, do not + panic, just discard the buffer. + + * When processing VNOVOL, VMOVED and VOFFLINE errors perform server + comparisons by UUID or address and not simply by cm_server_t + pointer. Otherwise, server failover may not succeed. + + * Do not preserve status information for cm_scache_t objects when the + issuing server is multi-homed. + + * Giving up all callbacks when shutting down or suspending the machine + is now significantly faster due to the use of an rx_multi + implementation. (This functionality is still off by default and + must be activated by a registry value.) + + * Race conditions were possible when updating the state of the + cm_volume_t flags and when moving the volumes within the least + recently used list. + + * Ensure that the lanahelper library does not perform a NCBRESET of + each lan adapter when enumerating the current network bindings. + Correcting this permits OpenAFS to work on Windows 7 when the + network adapter settings change. + + * Fix creation of mount points and symlinks as \\AFS\xxxx + + * Icon tray state now conditionally set. (128591) + + * Properly create new cell mount points in freelance mode. + + * Avoid recursive offline volume checks. + + * Fix caching of non-existent volumes. The test to trigger an + immediate CM_ERROR_NOSUCHVOLUME in cm_UpdateVolumeLocation() was + backwards. + + * Prevent the background daemon from checking the status of + non-existent volumes. cm_CheckOfflineVolumes() should skip volume + groups with the CM_VOLUMEFLAG_NOEXIST flag set. + + * The afskfw library should return an error immediately if the + krb5_32.dll library cannot be loaded. Affects afslogon.dll and + afscreds.exe. + + * No longer depend on leashw32.dll in afskfw library. + + * NPLogonNotify must provide the user password in all calls to + KFW_AFS_get_cred(). It cannot count on a credential cache being + preserved between calls. Permits tokens to be acquired for all + cells listed in the TheseCells registry value for a domain. + + * Improve the trace logging from NPLogonNotify(). + + * Avoid a race when writing the cm_scache_t mountPointString + when acquiring mount point or symlink target data via + cm_GetData(). The race could result in bogus target + data being cached. + + * Permit the use of des-cbc-md5 and des-cbc-md4 enctypes + as DES keys in asetkey.exe. + + * aklog supports dotted Kerberos v5 principal names. + + * afskfw library always attempts afs/cell@USER-REALM + + * afskfw library must test return code from krb5_cc_start_seq_get() or + will trigger a null pointer exception when using Heimdal. + + * Lock protected fields must be 32-bit in order to avoid memory + overwrite races. + + * Add support for NTFS symlinks. + + * Handle file search requests for virtual syscall ioctl file. + + * Process SyncOps properly to enforce ordered operations. + + * Avoid recursing during NewServer operations. + + * Correct lock acquisition order during SMB locking. + + * Add shutdown message to event log. + + * Check offline volume status by policy rather than on each daemon + thread run. + + * Return error on directory object not found instead of crashing. + + * Improve error message output. + + * afslogin.dll can start afsd_service if it's not starting or started. + + * Optimize away release lock RPCs for deleted files. + + * Background Daemon will not perform operations on deleted files. + + * Resort recently used directories to the top of the LRU if the + directory is larger than the stat cache. + + * Resort deleted objects to the bottom of the LRU. + + * Use interlocked operations for state and queue fields to allow safe + bit set and clear on multiprocessor systems. + + All UNIX client platforms + + * Servers now marked down when GetCapabilities returns error. + + * In-use vcache count is now properly tracked. + + * Check for /afs existance before starting, unless -nomount is + specified. + + * Avoid a potential panic when using /afs/.:mount syntax. + + * Avoid a panic in memcache mode due to missing CellItems file. + + * FUSE client support fixed for non-/afs mounts. + + * Avoid a potential deadlock (which times out) when we need to + allocate more callback returns and must flush some already in use. + + * Deal with libcom_err conflicts with other packages using it + (e.g. krb5) (128640) + + * Fall back to afs3-vlserver SRV record values when afs3-ptserver SRV + record is not available. + + * Avoid holding unneeded locks when probing server capabilties. + + * Do not attempt page flushes for directories. + + * Rx connection reference counting is enabled. + + * An Rx connection reference count leak is fixed in bulkstat. + + * Handle unparsable directory objects. + + * Handle Kerberos cred cache errors in aklog. + + AIX + + * Fix PAG usage to track by PAG identifier, not group list. + + FreeBSD + + * Fix socket termination on shutdown. + + * Support for 7.2, 7.3, 7.4 and 8.2 included. + + * References to vcaches are no longer leaked during root or reclaim. + + * Remove support for "Giant" lock as we no longer need to use it. + + * Don't sleep with AFS GLOCK. + + * Properly enable 64 bit long long support. + + * Restore support for FreeBSD 7 (128612) + + * Fix locking issues at shutdown and avoid panic at shutdown due to + vcache flushing. + + * Support for virtual network stacks. + + * New RC script, updated packaging. + + IRIX + + * Properly create new vnodes to avoid crashing in the client. + + Linux + + * Support through kernel 2.6.39. Treat Linux 3.0 as Linux 2.6 for + sysname purposes. + + * Use rx_Readv in cache bypass to improve performance. + + * Properly handle 0-length replies during cache bypass operations. + + * Properly handle non-contiguous readpage cache bypass operations. + + * Do proper locking when transitioning to or from cache bypass. + + * Avoid extra runs of vcache freeing routine. (128756) + + * Perform vcache eviction via a fast path before visiting vcaches + where sleep is needed. + + * setpag() errors are now properly reported. + + * Avoid attempting to free stat cache entries when we are below + user-specified number of entries in use. + + * Properly track user-specified number of stat cache entries to use as + a desired usage target. + + * Don't read pages beyond EOF in the cache. (128452) + + * Various corrections and improvements to Red Hat packaging, including + modifying the init script to allow deferring for a new binary + restart and properly supporting RHEL6. + + * Fix lockup in 2.6.38 due to erroneous kernel feature configure test. + + * Improve RPM building tools. + + * Attempt to properly handle SELinux in packaging. + + * Init script properly returns status as exit code. + + * RPM packaging fixes (executable libraries, no postinstall message) + + * Kill i386 from RPM packaging. + + MacOS + + * MacOS 10.7 support. + + * Properly handle setpag errors. PAGs are not supported. + + * Check for unloaded kernel extensions when decoding AFS panics. + + * Disable "get tokens at login" in prefs pane if AD authentication + plugin is configured. + + * aklog AuthorizationPlugin now provided. + + * Preferences Pane behavior fixed for 1.6 series (version detection is + used to select default behavior). + + * A potential kernel panic during bulkstat operations is + fixed. (128511) + + * 64-bit MacOS kernel performance is greatly improved. (128934) + + * Properly shut down AFS, closing the Rx socket in the upcall handler + to avoid attempting to process data after we can no longer do so. + + * Rework logic for bulk status operations to avoid a potential hang. + + * Avoid panic when doing FSEvent synthesis. + + * Fix bug when using non-dynroot. + + * Update Kerberos support in PreferencesPane. + + NetBSD + + * Updates for platform support. + + OpenBSD + + * Bug fixes for issues introduced previously in 1.5 series. + + * Support through OpenBSD 4.8. + + Solaris + + * Switch to ioctl() syscall replacement for Solaris 11 since syscall + 65 is not safe. + + * Fix support for Solaris pre-10. + + * Corrected Solaris 11 startup script. + + * vcache mappings freed on shutdown to avoid panic. + + * Properly report errors for AFS system call callers. + + * Don't leave dangling function references if kernel extension fails + to load. + + * Try harder to avoid deadlocks on file-larger-than-cache operations. + + * Avoid panic on shutdown when mount failed. + + +OpenAFS 1.6.0pre2 + + All systems: Minor bugfixes. + + ADDITIONAL CHANGES IN 1.6.0PRE2 + + All platforms: + + - Documentation updates. + + - Don't stop Rx keepalives after an ackall is received, avoiding + spurious connection timeouts. (128848) + + - Don't retry Rx calls on channels returning busy errors. (128671) + + - vos will not die with a double free error at command completion. + + - Properly enable Rx connection hard timeouts. + + - Initialize rx_multi lock before use. + + - Avoid spurious crashes when initializing in "backup" client. + + All unix platforms: + + - Check for /afs existance before starting, unless -nomount is specified. + + - Avoid a potential panic when using /afs/.:mount syntax. + + - Avoid a panic in memcache mode due to missing CellItems file. + + All server platforms: + + - Attempt to recovery more quickly from timed out volume release + transactions. + + - Auditing now properly byte order swaps IP addresses when printing. + + - vos split now has improved error handling. + + - Many changes to again support Windows fileservers. + + - During volume removal, data removal speed improved. + + - Improve CPU utilization during volume attaching by DAFS. + + - In salvager check-only mode, avoid potentially fixing a vnode. + + - Fix support for large (greater than 2gb) volume special files. + + - Salvager will not crash if multiple or bad volume link tables + are encountered. + + - Avoid erroneous full dump by remembering which sites were out of date + at the start of the release. + + FreeBSD: + + - Remove support for "Giant" lock as we no longer need to use it. + + - Don't sleep with AFS GLOCK. + + - Properly enable 64 bit long long support. + + - Restore support for FreeBSD 7 (128612) + + - Fix locking issues at shutdown. + + Linux: + + - support through kernel 2.6.38. + + - RedHat packaging now properly supports RHEL6. + + - Use rx_Readv in cache bypass to improve performance. + + - Properly handle 0-length replies during cache bypass operations. + + - Properly handle non-contiguous readpage cache bypass operations. + + - Do proper locking when transitioning to or from cache bypass. + + - Avoid extra runs of vcache freeing routine. (128756) + + MacOS: + + - Check for unloaded kernel extensions when decoding AFS panics. + + - Properly handle setpag errors. PAGs are not supported. + + - Disable "get tokens at login" in prefs pane if AD authentication + plugin is configured. + + OpenBSD: + + - support through OpenBSD 4.8. + + Solaris: + + - Fix support for Solaris pre-10. + + Windows: + + - afs_config will not longer set the Tray Icon State + in the registry if the checkbox is not present in + the dialog. (128591) + + - AFS Explorer Shell Extension now works from folder + backgrounds. Overlays for mount points and symlinks + are present in the dll, but are not registered at present + by the installers. + + - Do not use RankServerInterval registry value as the value for + PerformanceTuningInterval. + + - When the data version of a mountpoint or symlink changes, + the target string in the cm_scache_t object must be cleared. + + - "fs checkservers" now includes vldb servers in the output + and only lists multi-homed servers once. A multi-homed + server that has at least one up interface is no longer + considered to be down. + + - When asynchronously storing dirty data buffers to the + file server ensure that (a) the cm_scache_t object and + the cm_buf_t object are for the same File ID so that + locking and signalling work properly; and (b) if the + FID no longer exists on the file server, do not panic, + just discard the buffer. + + - When processing VNOVOL, VMOVED and VOFFLINE errors perform + server comparisons by UUID or address and not simply by + cm_server_t pointer. Otherwise, server failover may not + succeed. + + - Do not preserve status information for cm_scache_t objects + when the issuing server is multi-homed. + + - Giving up all callbacks when shutting down or suspending + the machine is now significantly faster due to the use + of an rx_multi implementation. (This functionality is + still off by default and must be activated by a registry + value.) + + - Race conditions were possible when updating the state + of the cm_volume_t flags and when moving the volumes + within the least recently used list. + + - Ensure that the lanahelper library does not perform a + NCBRESET of each lan adapter when enumerating the + current network bindings. Correcting this permits OpenAFS + to work on Windows 7 when the network adapter settings + change. + + - Fix creation of mount points and symlinks as \\AFS\xxxx + + PREVIOUS CHANGES: + + All platforms: + + - vos now properly deals with matching sites when servers are multihomed. + + All Unix platforms: + + - Servers now marked down when GetCapabilities returns error. + + - In-use vcache count is now properly tracked. + + All server platforms: + + - Fix ptserver supergroups support on 64 bit platforms. + + - Demand attach salvaging doesn't use freed volume pointers. + + - Properly hold host lock during host enumeration in fileserver. + + FreeBSD: + + - Fix socket termination on shutdown. + + - Support for 7.2, 7.3, 7.4 and 8.2 included. + + - References to vcaches are no longer leaked during root or reclaim. + + Linux: + + - Define llseek handler to avoid ESPIPE error in 2.6.37. + + - Mount interface replaces get_sb (new for 2.6.37, not yet required). + + - RedHat init script allows deferring for a new binary restart. + + - DEFINE_MUTEX replaces DECLARE_MUTEX for 2.6.37. + + MacOS: + + - Correct return value from setpag syscall. + + OpenBSD: + + - Bug fixes for issues introduced previously in 1.5 series. + + Solaris: + + - Switch to ioctl() syscall replacement for Solaris 11 since syscall 65 + is not safe. + + +OpenAFS 1.5.78 (2010-11-04) + + All platforms + + * Revisions to Rx to fix performance issues. + + * Make fs getfid behave consistently across all platforms. (128372) + + * Properly check IDs handed to pts when creating users or groups so + useful error messages can be provided. (128343) + + * Correct byte order handling of port in afsconf_LookupServer for SRV + records. + + * Force a full dump when releasing to a site which was previously + marked "don't use", in case the previous clone was out of date. + + All server platforms + + * Demand salvage of attached volumes now correctly track attachment + state. + + * Avoid a potential crash due to failure to hold a lock when attaching + a volume fails. + + Microsoft Windows + + * Track SMB connections by SID rather than username. + + * Error write attempts to known-readonly volumes earlier. + + * Validate directory buffers to avoid potential crashes. + + * Handle VIO errors from bulkstatus. + + * Make PMTU discovery configurable and register error handlers for it. + + All UNIX client platforms + + * Use larger I/O sizes in memcache to improve performance. + + * Avoid potential alignment issues doing I/O for pioctl calls. + + FreeBSD + + * Avoid panicing if the listener process is not findable. + + * Avoid deadlock issues while performing lookups. + + Linux + + * Handle stale file handle errors for some cache partition types. + + * Avoid blocking with xvcache lock when attempting to free in-use + vcaches. + + * Build fixes for older kernels. + + * Properly configure LWP to use ucontext() on platforms where it + should. + + * Eliminate spurious errors from AFS system call returns. (126230) + + MacOS + + * Attempt to honor configured Kerberos defaults in Preferences Pane. + + +OpenAFS 1.5.77 (2010-09-08) + + All platforms + + * Rx path MTU detection will terminate detection in cases where the + minimum required packet size cannot be transferred. + + * vos dryrun mode now shows effects for syncvldb single volume case. + + * vos dryrun mode now shows "status after" for syncvldb and syncserv. + + All server platforms + + * RXAFS_GetStatistics64 now returns statistics properly. + + Microsoft Windows + + * Attempt to properly identify the local system SMB connection for + token tracking. + + * Remap timeout and offline errors to proper NT RPC errors. + + * Properly fail over to other replicas on bulkstat IO errors. + + * Properly error delete-mode createfile if a file is set readonly. + + * Validate directory entry buffers to avoid crashing the service. + + * Log file modes properly. + + * Log cell name when logging server information. + + All UNIX client platforms + + * cacheout program for discarding callbacks is now built. + + * bulkstatus kernel locking is corrected to avoid a potential panic. + + Dragonfly BSD + + * userspace support update + + FreeBSD + + * Updated vnode locking for children returned via lookup(). + + * Avoid file open undercount with needed calls to + FakeOpen/FakeClose(). + + * Use vnode_pager_setsize to properly track file size during kernel + IO. + + * Update system call installation. + + * Fix shutdown of Rx kernel listener to avoid potential dereference + after it's gone. + + * Avoid closing vnodes during vnode recycle. + + * Fix bogus call to FlushVS for vnode reclaims. + + Linux + + * Packaging updated for current configure options and built files. + + * Cache bypass now holds reference on pages during readpage. + + * s390x setgroups32 patching update. + + MacOS + + * DNS resolver is reinitialized on IP address change. (126440) + + +OpenAFS 1.5.76 (2010-08-16) + + All platforms + + * Updates to build-time configuration. + + * Fix XDR support in Rx to match header definition. + + * vos status now shows transaction creation, not action creation. + + * Rx avoids reporting loopback adapters when listing interfaces. + + All server platforms + + * Demand-Attach Fileserver always built and installed (dafileserver, + davolserver, dasalvager). + + * Return VNOVOL from fileserver when a volume is deleted. + + * Ignore duplicate tags during volume restore operation. + + * Update inode array after salvage repairs volume. + + * Zero a corrupted header in memory during salvage to avoid further + corruption. + + * Fix NAMEI backend to allow low-numbered volumes to work properly. + + * ptserver does not include cell name as part of length check for + names. + + * Updated error messages for unblessed volumes. + + * vlserver avoids buffer overflow with regex pattern + + * Attach-time failures now note failures as the rest of the fileserver + would. + + * Server argument logging will no longer overflow stack. + + * Provide fast-restart-like unsafe-nosalvage option for DAFS. + + * Deal with host hash collisions in the fileserver. + + Microsoft Windows + + * Avoid crashing when interpreting a drive letter as potentially + matching a cell name. + + * Properly handle volume package errors. + + * Allow page recycling from known-readonly content without ensuring + they are not dirty. + + * 32 bit tools installer should not override client configuration. + + * Ensure root scache item has a valid callback when use is attempted. + + * Freelance directory changes now properly invalidate and replace the + old root object. + + All UNIX client platforms + + * Support disconnected reconnecting with specified UID for PAGless + platforms. + + * Proper disconnected vnode reference tracking. + + * Update server site blacklisting to not return success if nothing was + blacklisted. + + * Avoid a panic during vcache contention due to CVInit vcache + racing. (127645) + + FreeBSD + + * Update for network stack in 8.1/9.0. + + HP-UX + + * Bug fixes. + + Linux + + * 2.6.36 support + + * Disable PMTU error packet handling. + + * flock() fixes. + + * Debian packaging updated. + + * freezer interface updates. + + MacOS + + * Hold references to disconnected mode written vnodes properly. + + Solaris + + * Handle NFS translator module references for amd64. + + * INODE fileserver backend support now exists for amd64. + + +OpenAFS 1.5.75 (2010-07-07) + + All platforms + + * Prevent rx_rpc_stats global lock from being a bottleneck. + + * Path MTU discovery is now provided to allow traffic to pass networks + with sub-1500 byte MTUs and poor fragment handling. + + * Further reduce Rx NAT ping transmission when enabled. + + * Update Kerberos 5-based token handling in rxkad from upstream + Heimdal. (127554) + + * Update version numbers emitted during build to reflect what is + actually being built. + + * Add "-human" switch for human-readable units in fs diskfree and + listquota. (124529) + + * vos provides reasons for locked volumes when known. + + * Do not count retransmission and ping acks as non-idle for Rx + connections. + + * Rx: provide service-specific data getter and setter routines. + + * Update build-time Kerberos detection. + + * Updated userspace AFS client. + + * Beginning of a modernized test suite. + + * Additional documentation. + + * Updated documentation, notably the Administrators Guide. + + * Substantial code cleanup. + + All server platforms + + * Update handling of vnode allocation failures. + + * DAFS: allow salvaging volumes not known to the fileserver, to allow + cleanup of data not attached to a current volume. + + * Properly handle volumes slated for destruction. + + * Handle volumes with many files properly. + + * Force core file generation in bosserver by overriding default + resource limits when possible. + + * Update vlclient and vldb_check. + + * Avoid potentially corrupting a volume on creation if files are left + from previous failed cleanup. + + * Note volume changed during salvage as needed. + + * DAFS: do not assume invalid addresses are in fileserver address hash + table. + + * Avoid tying up fileserver threads with volumes that are being taken + offline. + + * Do not set inUse on volumes for non-DAFS other than in fileserver. + + * Break origin's callback on target of rename operation. + + * Avoid unneeded parent directory link updates during some rename + operations. + + * Do not open /dev/console for writing in the fileserver. + + * DAFS: avoid spurious restarts when binary restarts are configured. + + * Avoid spurious and unneeded calls to sync(), which can slow down the + fileserver. + + Microsoft Windows + + * Revised SMB QuerySecurityInfo to address issues caused by MS10-020 + (http://support.microsoft.com/kb/980232) + + * Prevent use of the AFSCache file contents if mapped to a new + address. + + * Make fs newcell include behavior compatible with the non-Windows + version. + + * Provide a registry option (FreelanceImportCellServDB) to pre-create + mount points in the AFS root for all cells in CellServDB. + + * Fix a memory leak in the cm_FreeServerList() routine. + + * Reduce privilege when reading registry CellServDB. + + * Add support for RPC Pipe Service NetWkstaGetInfo levels needed for + Windows 7. + + * Prevent overflow when computing quota percentage in Explorer Shell. + (126846) + + * Generate meaningful errors for ACL operations on freelance AFS root. + + * Fix error handling on InlineBulkStatus RPCs. + + * Show configuration pages for all types of MSI installations. + + * Improve freemount AFS root directory handling and operations. + + * Properly validate GetVolumeStatus pioctl responses. + + * Commit file length changes and dirty buffers when flushing a file. + + All UNIX client platforms + + * Update version of files for disk cache. + + * Do not call afs_FlushVCBs with xvcache lock held, to improve + parallelization. + + * Add mariner log messages for creating and removing files. + + * Don't hold xvcache lock while creating symlinks, to improve + parallelization. + + * Provide -dynroot-sparse mode to not show all cells in CellServDB in + dynroot mode. + + * Avoid a potential crash in aklog in linked cell handling. + + * Log MTU-caused packet retransmission. + + * Prevent crashes caused be fs checkservers while cache is being set + up. + + * fs getserverprefs now has a buffer large enough for the default + CellServDB. + + * Report server address when logging warnings. + + * Avoid panic in GetCapabilities when cell is not known. + + * Lock process name and id for advisory lock warnings when possible. + + * Handle need for allocating additional Rx packets. + + * Properly handle errors from InlineBulkStatus operations. + + * Fix errors returned from fcntl() on readonly files locked for write. + + * Flush pending changes to the server on LOCK_EX unlock. + + * Reflect length changes as a result of callbacks even when file is + open for write. + + * Avoid hanging due to error exit when attempting to store a large + file to a non-largefile fileserver. + + * Recover from afs_GetVolSlot errors. + + FreeBSD + + * Bugfixes for kernel VFS and network routines. + + IRIX + + * Provide makesname(). + + Linux + + * Avoid syscall probes when keyrings are present, by default. (125215) + + * Remove "Big Kernel Lock" from VFS operations. + + * Use filehandles for all Linux 2.6 versions to avoid need for matched + afsd. (127530) + + * Updated RPM packaging. + + * Fix dkms configuration provided with RPMs. + + * Hold reference on pages during background I/O for cache bypass. + + * Fix cache bypass handling of non-largefile fileservers. + + * Protect truncate_inode_pages mappings with mutex or semaphore as + needed. + + * Fix pagevec use in cache bypass. (127505) + + * Updates for 2.6.35 + + MacOS + + * Improve launchd configuration. + + * Avoid hanging on recursive cache file lock acquisition when user + notification is enabled. + + * Fix and re-enable bulkstat mode. + + OpenBSD + + * Build updates. + + Solaris + + * Precluding unmount while AFS is busy. + + * Avoid deadlocking when releasing the VFS object. + + * Stop network interface poller in kernel on AFS shutdown. + + * Avoid issues with lookups on empty directory names. (127356) + + +OpenAFS 1.5.74 (2010-04-22) + + All platforms + + * Add "vos setaddrs" command. + + * Rx library lock contention avoidance between rx_NewCall and + rx_EndCall. + + * Rx library races due to inconsistent use of rx_connection + conn_data_lock to protect the flags field. + + * Rx library inconsistent use of RX_CALL_TQ_WAIT which could result in + deadlocks. + + * Rx library must signal transmit queue waiters when flushing. + + * afsmonitor shows busy counts now. + + * afsmonitor displays xstat callback statistics. + + * Provide expandgroups for pts mem on a supergroups server. + + * Provide supergroup option to liste nested groups during pts mem. + + All server platforms + + * Avoid volume lock contention during DAFS startup. + + Microsoft Windows + + * Avoid a race when updating cell vldb server lists that can result in + a crash. + + * Avoid a deadlock when managing CM_SCACHESYNC_STOREDATA state + operations for directory objects. + + * Add new Windows Application Event log messages for VBUSY, + VRESTARTING, ALL_BUSY, ALL_OFFLINE, and ALL_DOWN. + + * Reduce lock contention by waiting for cm_buf_t I/O operations. + + * Split the cm_buf_t flags field to separate the flags that are + protected by the cm_buf_t mutex from those protected by the + buf_globalLock. + + * In cm_UpdateVolumeLocation, avoid searching for a ".readonly" volume + on a numeric volume name. + + * File buffer allocations whose offsets are beyond server EOF should + be locally allocated and zero filled. The file server should not be + issued a FetchData rpc which is guaranteed to fail. + + * Enable integrated logon to work with Windows 7/2008 when user logons + are performed with a non-Domain Kerberos principal. + + * Add Protection Error messages to aklog output. + + All UNIX client platforms + + * Provide a FUSE-interfacing userspace afs client. + + * Updates to libuafs userspace cache manager. + + * Probe servers using GetCapabilities instead of GetTime, thus + requiring fewer RPCs. + + * Fix DNS SRV record handling for cell lookup. + + FreeBSD + + * Fix sleep/wakeup routines. + + * Update for 8.0 release. + + Linux + + * Handle high memory addresses correctly. + + MacOS + + * Make 32 bit AFS syscalls work again. + + * Work around finder "Duplicate" failure (caused by setting modes on + symlinks). + + * Disable bulkstat again (will be re-enabled at or before .75). + + * Provide symlink type hints during readdir. + + +OpenAFS 1.5.73 (2010-03-24) + + All systems: Minor bugfixes. New features. + + * New functionality: + + All systems: + + - NAT keepalive support at Rx level. + + * Bugfixes: + + All systems: + + - Corrected server IP address output in vos syncvldb verbose mode. + + - Corrected server IP address output for last "yes" host in udebug. + + - Corrected SRV record support for canonicalizing cell names. + + All UNIX clients: + + - Fixed a potential race in Disconnected AFS "remove" support. + + - Fix a potential blocking condition in fakestat mode. + + - Avoid some errors and stack overflow reports when vos is interrupted. + (33360,125535) + + - Clean up several minor memory leaks. + + - If a large file is stored to a non-largefile fileserver, avoid + a potential deadlock. + + - Increase maximum number of sysnames to 32. + + - Readd fs mariner "storing" message, missing since AFS 3.3. + + - Attempt timeouts on AFSDB lookups in userspace. + + - Avoid interrupting writes due to an idle deadtime timeout. + + All server platforms: + + - Properly notify only affected hosts for volume callbacks. (126497) + + - Allow volumes with trashed root directory to be recovered. (94658) + + - Hold lock in file and volservers when traversing partition list. + + - Use finer-grained locking in DAFS: volume, instead of partition locks. + + - Schedule all DAFS salvages via FSSYNC. + + - Avoid stale ptserver credential caching issue on keyfile update. + + - Improve callback table overflow handling. (126451) + + - Preclude deadlocks on when attempting to save DAFS state. + + - Avoid races deleting hosts. (126454) + + - Improve salvage speed for DAFS (124488) + + - The bosserver now handles SIGTERM. + + Microsoft Windows + + - Prevent the Explorer Shell extension from crashing if symlink + creation failed. (126406) + + - A Rx level NAT ping has been implemented. A registry value enables. + + - Adds krb5 error message translation to aklog, afscreds, + afslogon.dll, the network identity manager afs provider and + translate_et. + + - Default mode bit settings for file and directory creation are now + provided, and can be configured. + + - An SMB request trace facility is provided and can be enabled for + debugging. + + AIX: + + - Clean up properly on mount failure. + + - Add entry to /etc/vfs to allow umount to work. + + FreeBSD: + + - Additional work to support FreeBSD 8-current. + + IRIX: + + - Fix build issues with library order. + + Linux: + + - Fix s390 support conflict with executable stack patches. + + - Don't count root's AFS session keyrings against quota. + + - Correct dkms support in RPM config file. + + - Keyring destructor now properly cleans up all tokens. + + - Build again on old 2.6 kernels. + + - Avoid GLOCK leak when updating CellServDB in-core. + + - Fix byte-range lock handling. + + - Attempt to deal with bdi issues. (126514) + + MacOS: + + - Some FSEvents hinting for authentication events now done. (23781) + + - Update uninstaller. (125634) + + - Rewrite afssettings and fstab code to avoid licensing issue with APSL. + + - Growl client for user monitoring of AFS events included. + + - Properly support insert-only dropboxes. + + - Add bulkstat support. + + - Include support for moving in Finder across mount points. + + - Preferences Pane includes support for Kerberos 5 ticket renewal. + + OpenBSD: + + - Some support for OpenBSD 4.7. + + +OpenAFS 1.5.72 (2010-02-15) + + All platforms + + * Provide internationalization support in com_err. + + * Fix array length checking to avoid crashes when checking for a + volume type based on name in vos. + + All server platforms + + * Provide backward compatible "-f" flag to salvager for force mode. + + Microsoft Windows + + * Restore use of DNS AFSDB and SRV records by kaserver clients. + + All UNIX client platforms + + * Fix client cache file truncation to not lose chunks when truncating + a large file. + + * Ensure a cache writeback hook is installed in the client (bug from + 1.5.71). + + * Avoid spurious free memory warnings during clean shutdown. + + * Fakestat mode avoids AFSDB lookups. + + * "fs storebehind" now correctly reports errors on readonly volumes. + + * Additional documentation for "fs getcacheparms" + + * Forced new uuid generation with "fs uuid -generate" now works + enforced permission correctly. + + MacOS + + * Add optimized Rx event handler in kernel. + + * Installer now allows installing an older version. + + * Panic decoder can now deal with MacOS 10.5 again. + + * MacOS ._ files are now correctly not looked up as cellnames. + + Linux + + * To deal with SELinux file labeling, try cache accesses with current + credentials in event of failure. + + * Rx XDR encoding bug on i386 Linux is fixed (bug introduced in + 1.5.71). + + IRIX + + * Code compilation fixes. + + OpenBSD + + * Update for OpenBSD 4.6. + + +OpenAFS 1.5.69 (2010-01-19) + + All platforms + + * Configuration of BOSserver no longer defaults to weekly restarts + enabled. + + * Provide BOS restricted mode by default. + + * Add support for "vos endtrans" command. + + * Default to providing full output from vos listvol. + + * Correct additional-address tracking in the fileserver. + + * Improve Rx performance by not unnecessarily dropping and reacquiring + call locks in read and write processes. + + * Avoid crashes when monitoring volserver transactions across + potential transaction garbage collection. + + * Numerous warning fixes. + + All server platforms + + * Avoid saving fileserver state in demand attach fileserver when + panicing. + + * Demand attach fileserver allows other callers to schedule salvages. + + * Demand attach "bos salvage" now works correctly with restricted + mode. + + Microsoft Windows: + + * Numerous changes to the client-internal btree directory handling to + prevent errors. + + * fs examine reports owner and group ids as signed values (PTS groups + are negative). + + * Preclude corruption due to races writing to smb buffers. + + * Allow MTU settings in registry to be used. + + * Apply MTU to both send and receive sizes. + + All UNIX client platforms + + * Avoid double-freeing Rx call structure if reading a response from + the file server results in a short read. + + * Handle negative lengths in FetchStatus results correctly. + + * Properly clean up allocated memory at shutdown. + + * Default to AFSDB compiled into the cache manager. + + * Avoid inadvertant disclosure of stat() information to clients not so + entitled. + + * Correct a bug with AFSDB lookups introduced with SRV record support. + + MacOS + + * Install kernel panic processing tool in /Library/OpenAFS/Tools. + + * Include debugging symbols for kernel extension in additional package. + + * Support "Application Firewall" users. + + * Avoid ._cellname AFSDB lookups. + + * Compile preferences pane as a universal binary. + + Linux + + * Use splice to speed up storing files. + + * When using memcache, avoid duplicating work in readpages. + + * Use dget_parent to safely find an inode's parent. + + * Disable access time updates in our superblock. + + * Avoid crashing doing writeback if no credentials were stashed at + file open. + + * Simplify keyring support. + + * Properly clean up vcache in event of failed mount. + + FreeBSD + + * Update for current FreeBSD 8. + + Solaris + + * Abstractly manipulate groups as now required. + + * Abstractly access time instead of using lbolt directly. + + +OpenAFS 1.5.68 (2009-12-08) + + All platforms + + * aklog now attempts to convert non-AFS errors to human-readable + strings. + + * Make stack not executable when compiling assembler source with GCC. + + * Numerous source warning cleanups and code reorganization. + + All server platforms + + * Compute midnight for volume statistics calculation from local time. + + * Salvager now orphans duplicate special inodes when running to allow + recovery in event of a problem, instead of simply ignoring the + issue. + + * Support to ensure a server panic attempt leaves a core and thus + restarts in a timely manner, rather than potentially hanging. Use + panic to attempt cleanup before leaving a core when possible. + + * Volume sync data reported during bulkstatus is now set correctly. + + * Provide better tuning for fileserver file descriptor caching. + + * Allow more than 128 threads in fileserver by modifying host + structure in-use tracking. + + * Avoid crashes getting volume server status during transaction + cleanup. + + * Improved logging of offline volume conditions. + + * Correct volume statistics when cloning a volume. + + * Avoid referencing host structures in the fileserver which are marked + for deletion. + + * Demand attach fileserver corrections to avoid coring during an + aborted startup. + + * host array bounds checking corrections to avoid buffer overflow. + + * Handle special inodes correctly when promoting an inode fileserver + readonly volume to read-write. + + Microsoft Windows + + * Set the DOS Readonly attribute on a file/directory whenever the unix + mode combined with the mask 0200 is true. Previously there was a + discrepency between the mask used for testing for readonly behavior + and that used for setting the attribute. + + * Disable AFSVolSync based .readonly "whole-volume callback" support + because the all file servers prior to 1.5.67 (and perhaps 1.4.12) do + not properly assign a value to the AFSVolSync structure in bulk + status RPC responses. + + * Improve the error output from aklog to output the value from krb5 + error_message() if the afs_com_err output indicates an unknown + value. + + * Convert VBUSY and VRESTARTING to CM_ERROR_ALLBUSY and do not permit + them to be exposed to the smb redirector. + + * Convert STATUS_TIMEOUT responses to STATUS_IO_TIMEOUT to avoid + confusion within the smb redirector. + + * Fix the byte order assigned to port numbers associated with AFSDB + record lookups. They must be network byte order not host byte + order. + + * Add dynamic server ranking based on RPC round trip time + measurements. + + All UNIX client platforms + + * Additional shutdown-time memory leaks removed. + + * Improved logging of resource contention. + + * Provide dumping for Rx debug packet tracking support in source. + + * Update afscp test client to build, and provide an unlock client. + + * Client buffers for directory parsing can now be allocated beyond the + fixed set formerly provided. + + * Work around race condition when manipulating read-only volume + callbacks. + + * Bugfixes to get PAG value pioctl. + + * Bugfixes to SRV record support. + + Linux + + * Path MTU tracking code cleanup. + + * Avoid an oops due to racing with vcache recycling thread. + + * Changes to keyring PAG handling: for sufficiently new kernels, use + only keyring-based PAGs, and disable group PAGs entirely. + + * Updates to the kernel page cache interface: writing pages will now + not spuriously leak page locks, and will avoid requiring duplicate + work. + + * Credential references are now tracked using native atomic counters. + + * Kernel mutex/semaphore lock ordering fix to avoid deadlocks. + + * Manipulate disk cache with credentials used to initialize it, to + avoid security issues. + + MacOS + + * Fix fstrace message catalog location. + + * Fix kernel fstrace logging. + + +OpenAFS 1.5.66 (2009-10-25) + + All platforms + + * Avoid calling exit() in library code. + + * Add rx window size and peer timeout tuning APIs. + + * Correct rx peer timeout handling to disallow 0ms timeouts. + + * Correct calculation of rx RTT by disregarding retransmitted packets. + + * vos manpages updated to reflect changes in recent versions. + + * GNU-style long options (e.g. --cell) are now supported in all + commands. + + * fs listacl can now print a command to recreate the current ACL. + + All server platforms + + * Fix a race on transaction objects in the volserver which can cause a + crash. + + * Avoid destroying and setting to NULL the callback connection when it + could still be being used. + + * Correct unlink handling in salvager. + + * Improve error messages due to I/O errors in the volserver. + + * Correct an issue which caused converted RO to RW volumes on namei + fileservers to not come online immediately. + + Microsoft Windows + + * Official support for Windows 7 and Server 2008 R2. + + * Prevent a file server bug (FetchData returning an invalid length + instead of zero) from causing an "unexpected network error" when + writing to files. + + * Promote DNS SRV records as superior to DNS AFSDB records. Support + arbitrary port numbers for vldb servers. + + * Add AFSVolSync based .readonly "whole-volume callback" support. + With this functionality, multiple objects from a .readonly volume + can have their status validated by issuing a single + RXAFS_FetchStatus RPC. + + * Remove drive mapping functionality and service start/stop from + afscreds.exe. + + * Remove drive mapping functionality from afs_config.exe. + + * Use {HKLM,HKCU}\SOFTWARE\OpenAFS\Client DWORD "ShowMountTab" to + restore access to drive mapping functionality in afscreds.exe and + afs_config.exe. + + * Adjust SMB error return codes to avoid returning STATUS_TIMEOUT + which results in the SMB redirector disconnecting. + + * Network Identity Manager OpenAFS Provider now provides its own "AFS + lock" notification icon to report the status of "have tokens, have + no tokens, service not started, service started but inaccessible". + Hovering over the icon lists the cells for which tokens exist (if + any) and the OpenAFS version number. Double-clicking executes the + Network Identity Manager default action. + + * Prevent pioctl calls from retrying indefinitely when a sharing + violation error occurs. + + All UNIX client platforms + + * Correct a condition which could discard the error from initializing + a fetch request. + + * Avoid using invalid references to afs_Conn connection structures, + and thus potentially producing invalid data when a retry is needed. + + * SRV records are now supported for discovering AFS servers. + + Linux + + * Correct writepage behavior. + + * Fix error code handling in the writepage code. + + * Avoid leaking page locks, which could potentially hang a machine. + + MacOS X + + * Preferences Pane improvements. + + HP-UX + + * Avoiding attempting to handle critical signals in servers, so that + core file handling works correctly. + + +OpenAFS 1.5.65 (2009-10-06) + + All platforms + + * Code compilation warning fixes, to enable better finding and + tracking bugs. + + * Provide configure-time switch to enable code warning compilation. + + All server platforms + + * Demand-attach fileserver now makes volume LRU list operations + exclusive operations to avoid races during adding to the list. + + * Fileservers now avoid potential "negative length" fetches. + + * A leak in host tracking objects in the fileserver has been fixed. + + * Salvager now unlinks all files by full path, to deal with the change + to not chdir for core file tracking. + + * Salvager avoids asserting if the volume header is unreadable. + + * Demand-attach fileserver puts back volume references from fssync + handlers when done. + + Microsoft Windows + + * Improved service response to suspend and shutdown event + notifications. + + * Avoid a bug in the file server that can result in an invalid length + being returned as part of a fetch data response if the client + attempts to read beyond the length of the file. + + * Do not publish a default stream object for directories and mount + point objects. This was impacting the ability of some Windows XP + systems to save roaming profiles. + + All UNIX client platforms + + * A bug which could cause erroneous handling of lengths on data reads + has been fixed. + + * A bug where erroneous length returns from the fileserver could + result in a false error has been fixed. + + Linux + + * Background page copies are now supported for enhanced disk cache + read performance. + + * Blocking readahead is supported in readpages() to reduce overhead. + + * Use readpage() instead of read() to access cache data to avail disk + cache users of the kernel backing cache for improved performance. + + * Minimize credential handling for improved performance. + + MacOS X + + * Preferences Pane cleanup. + + Solaris + + * Provide a fs_pathconf method with sensible defaults. + + * Provide a _PC_FILESIZEBITS method to fix some NFS translator + consumers. + + +OpenAFS 1.5.64 (2009-09-22) + + All server platforms + + * The demand attach fileserver now puts back volume references gotten + via the fssync interface. + + * The demand attach fileserver had a structure reference error, which + has been correected. + + Microsoft Windows + + * Restores Windows 2000 compatibility. + + * Fixes a data consistency error between the output of NetWkstaGetInfo + and NetServerGetInfo RPCs, specify the Lan workstation group name + "AFS", and report server name as "AFS" instead of "\\AFS" when the + caller asks for "\\AFS". + + * Enables executables to be run from \\AFS on Windows 7. Returns + "Name not found" instead of "File not found" when a directory or + file name cannot be found. This avoids loader errors when system + dlls cannot be located in the executable directory. + + * Prevents cache manager from marking the file server "down" when the + data returned in response to either RXAFS_FetchData64 or + RXAFS_StoreData64 is invalid. + + * Adds pioctl data validation to the AFS Explorer Shell extension. + + All UNIX client platforms + + * A bug which could cause a kernel panic in 1.5.63 has been corrected. + This would manifest as a GetDCache panic or oops. + + Linux + + * aklog -setpag works again with recent kernels when keyring is in + use. + + MacOS + + * When Fast User Switch is in use, AFS login is now handled correctly + by the integration tool included with the preferences pane. + + * Several packaging bugs have been corrected. + + +OpenAFS 1.5.63 (2009-09-11) + + All platforms + + * The restorevol command is now documented and installed as a user + command. + + * The uss command now properly translates vldb entries to its expected + format when handling them in all cases. + + * Documentation now refers to Kerberos instead of kaserver. + + All server platforms + + * bosserver now handles BosConfig.new when restarting, allowing + configuration to be replaced at restart time rather than with bos + delete and bos create. Documentation is updated to reflect this. + + * The demand attach fileservice not longer potentially hangs trying to + terminate demand-salvages which have already exited. + + * The demand attach fileservice has been modified to avoid spurious + 'SYNC_putRes: write failed' warnings when some protocol messages + cannot be acknowledged due to the sender terminating the connection. + + * In the event of failure to contact the vlserver or ptserver, the + fileserver will not exit and trigger a forced salvage. It will + continue to try in the background to contact the needed services. + + * The salvager can now repair certain cases of a damamged vnode index. + + * The accessDate metadata for a volume is now updated correctly. + + Microsoft Windows + + * CRITICAL: Some applications for example those based on Cygwin were + unable to access data stored in the AFS name space. Explorer Shell + also experienced inconsistent behavior. This is fixed. + + * CRITICAL: Multiple AFS pioctl requests issued nearly simultaneously + by applications could result in pioctl responses being received by + the wrong requester. This in turn could result in application + crashes. symlink.exe, fs.exe, afslogon.dll, afscreds.exe, and the + netidmgr afscred.dll plugin were all affected. + + * Some XP machines running 1.5.62 had trouble saving roaming profile + data. This is fixed. + + * Integrated Logon (afslogon.dll) did not function with domain + specific configurations. + + * Ensure that access denied and over quota errors experienced while + storing data to the file server do not result in on-going retry + attempts. + + All UNIX client platforms + + * Except on Solaris and AIX, the compiler may now be overriden at + configure time by setting the CC environment variable. + + * afsd now properly deals with large cache partitions. + + FreeBSD + + * Build shared libafsauthent and libafsrpc. + + Linux + + * Kernel module DKMS support now installs an unstripped module to + allow debugging information to be collected. + + MacOS + + * Preferences pane properly updates token information. + + MacOS 10.6 + + * klog will now properly handle passwords of 8 or fewer characters + with an AFS string to key on hosts able to run 64 bit binaries. + + * A panic at AFS shutdown due to "NO PCB" on a udp_lock has been + addressed. + + * The panic decoder script included in the source now properly handles + 32 and 64 bit panics. + + NetBSD + + * Avoid defining AFS_KERBEROS_ENV globally as it creates a circular + dependency. + + * Build shared libafsauthent and libafsrpc. + + OpenBSD + + * Build shared libafsauthent and libafsrpc. + + +OpenAFS 1.5.62 (2009-08-28) + + All platforms + + * Numerous invisible changes to improve code maintainability, + portability and enhanceability. + + Microsoft Windows + + * CRITICAL: Fixes two errors that can result in data loss when storing + data to the file server. + 1. Failure to Store Portions of Unaligned Writes + 2. Failure to Store Data to File Servers Lacking Large File Support + Read the announcement for more details: + http://www.openafs.org/pipermail/openafs-announce/2009/000305.html + + * CRITICAL: The cache manager daemon thread could terminate when the + machine enters suspend mode. This daemon thread performs the + background check of down servers, offline volumes, callback + expirations, etc. + + * CRITICAL: Integrated Logon (afslogon.dll) was terminating + unexpectedly. Error checking has been improved and NULL pointer + dereferences after Lsa API calls fail have been eliminated. + + * For the first time, the OpenAFS SMB Server supports the DCE RPC + services SRVSVC and WKSSVC. Browsing \\AFS with the Explorer Shell + or NET VIEW will now be faster and provide additional functionality. + No longer will cell names longer than 12 characters be truncated. + + * Improvements to DFS Referral request processing have been + implemented. + + * Unnecessary DNS lookups of share names are avoided improving + performance. + + All UNIX client platforms + + * Non-Kerberos PAM modules work correctly again. + + MacOS X + + * MacOS 10.6 (Snowleopard) is now supported, both 32 and 64 bit mode. + + * Updates to the AFSCommander preferences pane. + + * Installer now permits cell names with dashes. + + +OpenAFS 1.5.61 (2009-08-06) + + All platforms + + * Correct another race condition in the Rx library that could result + in an unexpected panic while freeing the Rx call iovq. + + * rx packet resend and data packets sent counts were incorrect. + + * fs setquota, fs setcachesize, vos setfields, and vos create now + accept human readable orders of magnitude. (K, M, G) + + * fs listquota fixed to permit large quota sizes to be displayed. + + * Correct documentation of bosserver permissions requirements. + + * Modify vlserver to avoid potentially corrupting the database through + volume id reuse. + + * Generalized support for fast Rx timeout due to network + down/unreachable. + + All server platforms + + * Allow audit logs to be sent via sys5 IPC message queues instead of + logged directly. + + Microsoft Windows + + * If a file server becomes inaccessible while the cache manager has + dirty buffers to write, the afsd_service buf_IncrSync thread can + attempt to use 100% of the cpu. + + * Fix "fs newcell" which was broken in 1.5.60. + + * Do not attempt to synchronize dirty buffers if the associated volume + is known to be unavailable. + + * Modify behavior of a Freelance mountpoint target that does not + specify a cell. Instead of assuming the target volume is in the + Freelance.Local cell, use the workstation "Cell" specified in the + registry. A mountpoint target of "#root.cell." will now mean the + root.cell volume in the workstation cell for the current session. + If the workstation cell changes from "athena.mit.edu" to + "andrew.cmu.edu", the referenced volume will also change without + requiring that the mount point targets be altered. + + * Add cm_FindServerByUuid(). Re-implement RXAFS_InitCallBackState3() + to permit the server Uuid to be used to lookup the server object and + from that determine the cell. This permits callbacks that are + received from alternate addresses to be processed with a known + server object. Previously a request from an unknown server would + clear all callbacks from all cells. + + * Fix a bug that prevented optimal performance when using a non-zero + value for 'daemonCheckVolCBInterval'. As a reminder, when + "daemonCheckVolCBInterval" is set to a non-zero value, all .readonly + volume callbacks are automatically renewed 90 minutes before their + expiration. + + * Fix automatic ranking of vldb servers whose values are obtained from + the CellServDB file. + + * Add failover for RX CALL TIMEOUT errors when the volume is readonly + or the call is to a vldb server. + + * Add registry based cell search functionality to NetIdMgr, + afs_config.exe, and klog.exe. + + * afsconf_GetCellInfo() has been modified to perform gethostbyname() + lookups on the host names in the CellServDB instead of using the + specified IP addresses. This provides aklog, pts, vos, etc. the + same CellServDB behavior that the Windows Cache Manager uses. + + * When updating the stat cache entry callback of a .readonly object + from the volume group object, update the file server reference to + ensure it matches the most update to date callback. + + * Add proper support for processing callbacks from multi-homed file + servers. Instead of comparing servers by cm_server_t pointer, + compare them by UUID when the UUID is known. + + * During a shutdown short circuit the offline volume check daemon + functionality. + + * Return the error code of RXAFS_FetchData / RXAFS_StoreData in + preference to an error code reported by rx_EndCall. + + * Add "PerFileAccessCheck" registry value to permit testing against + experimental file servers that include per-file acl support. This + value is intentionally undocumented. It is not to be used by + production environment deployments. + + * Fix a bug introduced in 1.5.60 that prevents the afs netidmgr + provider from obtaining tokens when referrals are in play. + + * Add "fs chown" and "fs chgrp" commands to permit the owner and group + of objects stored in AFS to be set from Windows. + + * Avoid performing background daemon operations when the machine is + going into suspend mode. + + * Perform offline volume checks in most recently used order. + + * Prevent crash when a data version for a cache object goes backwards. + + * Multi-thread safe library versions are now being generated and used. + mtafsubik.lib, mtafsutil.lib, mtafsvldb.lib, mtafsvol.lib. + + * Microsoft SMB Redirector (mrxsmb.sys) support for + ExtendedSessTimeout values are now available on XP through Windows + 7. Add functionality to autodetect if such support is present on + the machine. If so, configure it if necessary and dynamically + adjust the AFS Rx timeout values accordingly. + + All UNIX client platforms + + * Fix out-of-tree source builds. + + MacOS + + * GUI installer now asks for local cell information. + + * AFS Commander preferences pane is now installed by default. + + Solaris + + * Avoid kernel panics due to null pointer dereferences in the network + interface poller kernel thread. + + +OpenAFS 1.5.60 (2009-05-31) + + All platforms + + * Retry volserver transaction creation on failure. + + * Allow building HTML and PDF documentation from included XML copies + of User Guide, Admin Guide and Quick Start Guide for Unix. + + * Documentation updates and additional documentation. + + * Add -encrypt support to pts client. + + * Convert MR-AFS fs commands to OSD commands. + + All server platforms + + * Updated background sync process in fileserver to avoid a race which + could result in a volume being taken offline. + + Microsoft Windows + + * On April 9th Microsoft released a Hot Fix for Windows Server 2003 + SP2 that corrects a deadlock in the smb redirector and also adds new + functionality that permits the AFS SMB server to be given a longer + timeout than is normally the case. New functionality has been added + to configure these additional LanmanWorkstation\Parameter values. + (This functionality has been backported to XP SP3 and is scheduled + to be released on June 5th.) + + * Fix RT#124787, a race condition between "fs flush