From 1547db22264f21b5d553f54498aee51879539786 Mon Sep 17 00:00:00 2001 From: Benjamin Kaduk Date: Fri, 20 Mar 2020 09:17:13 -0700 Subject: [PATCH] Synchronize NEWS with 1.8.5 Pull in all the updates to NEWS that occurred on the 1.8.x branch in preparation for adding entries for 1.9.0. Change-Id: I713d1576ef96793f24824f909b26da802b21ec23 Reviewed-on: https://gerrit.openafs.org/14103 Tested-by: BuildBot Reviewed-by: Benjamin Kaduk --- NEWS | 338 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 335 insertions(+), 3 deletions(-) diff --git a/NEWS b/NEWS index 55cd568..0746710 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,286 @@ User-Visible OpenAFS Changes -OpenAFS 1.8.0pre2 +OpenAFS 1.8.5 + +All platforms + + * Fix OPENAFS-SA-2019-001: information leakage in failed RPC output + Generated RPC handler routines ran output variables through XDR encoding + even when the call had failed and would shortly be aborted (and for + which uninitialized output variables is common); any complete packets + assembled in the process would be sent to the peer, leaking the contents + of the uninitialized memory in question. + + * Fix OPENAFS-SA-2019-002: information leakage from uninitialized scalars + Generated RPC handler routines did not initialize output variables of + scalar (fixed-length) type, since they did not require dedicated logic to + free. Such variables allocated on the stack could remain uninitialized + in some cases (including those affected by OPENAFS-SA-2019-001), and the + contents of uninitialized memory would be returned to the peer. + +All server platforms + + * Fix OPENAFS-SA-2019-003: fix crash in database servers + The ubik debugging RPCs prioritize being fast and non-disruptive to + database operations over strict correctness, and do not adhere to the + usual locking protocol for data access. A data race could cause a NULL + dereference if the second memory load was not optimized out by the + compiler. + +OpenAFS 1.8.4 + + All platforms + + Build system updates to remove obsolete autoconf macros and remove missing + script warning during builds (13480, 13481, 13482, 13483, 13484, 13486, + 13789, 13790). + + Build system update to fix a conditional check in the pthread.m4 autoconf + file (13595) + + Build system update to create the man3 subdirectory, fixing a + reported build failure (13535). + + Remove the last reference to src/mcas in the documentation (13558). + + All server platforms + + Fix fileserver's parsing of the options -vlruthresh, -vlruinterval, + -vlrumax and -novbc (13680). + + Fixes to make ptserver's behaviour when run in restricted mode consistent + with the documentation: Non-members of the system:administrators group + are no longer allowed to issue the adduser, setfields and delete pts + commands, and all members of system:administrators are now allowed to + issue pts commands in this mode, not just the admin principal (13686..88). + + All client platforms + + Fix missing Rx call clean-up after failing to read dcaches from a file + server (13511). + + Fix an Rx call leak for calls aborted by a connection abort after the call + was initialized but before use (13517). + + Remove the obsolete afs_xosi lock to remove unnecessary serialization of + VOP_GETATTR calls. This can lead to improved performance under heavy + workloads (13529). + + Increase the size of the Directory Name Lookup Cache (DNLC) to improve + cache performance (13559). + + Fix getting tokens for cells with a three character name (13679). + + Avoid a misleading message about the cell being used when aklog is run + with the -cell parameter but the AFSCELL environment variable is set to + a different cell (13676). + + Build system update to honor the CFLAGS environment variable when building + libuafs (13544). + + Linux + + Support for mainline kernels up to 5.3 (13787, 13789). + + More fixes for improper use of ENOENT fixes to avoid incorrect use of linux + negative dentry cache, which can lead to false ENOENT errors (13542, 13543, + 13590, 13692) (RT #134904). + + Return errors instead of returning incomplete directory listings when the + directory objects are incomplete in the cache (13591). + + Add ppc64le_linux26 sysname for the ppc64le architecture (13636, 13637, + 13589). + + Fix configure check for a kernel time function in order to build on + Linux 5.0 (13523). + + RPM packaging update for RHEL8 adding a build requirement to ensure the + kernel module can be built from the SRPM (13563) (RT #134900). + + On systemd based RHEL/Fedora systems, start the client after dkms startup + is finished if the latter is installed and enabled, to avoid attempting + starts without the kernel module being available yet (13674) (RT #134974). + + MacOS + + Build system updates for MacOS (13584). + + Solaris + + Add CTF debugging records to userspace objects to improve debugging + of servers (13487). + + Convert the cache manager vnodes to be non-embebbed on Solaris 11 in order + to make the cache manager more resilient across Solaris 11 changes (13524, + 13525, 13526, 13527, 13528). + + +OpenAFS 1.8.3 + + All platforms + + * Improved diagnostics and error messages (13186 13411 13417) + + * Avoid sending RX packets with random garbage in the userStatus field + (13332) + + * Fixed detection of the RX initialization status (13416) + + * Assorted fixes to avoid segmentation faults and other potential problems + by detecting internal errors rather than letting them go unnoticed + (13329 13372) + + All server platforms + + * Fixed a build problem accidentally introduced in release 1.8.2 (13328) + + * Assorted efficiency improvements in the ubik implementation (13153 13218 + 13188 13353) + + * Fixed locking around transaction list processing in volserver to avoid + segmentation faults and other potential problems (13336 13337) + + * When the volserver attempts to remove a temporary volume after a + transaction, but the volume was already removed, e.g., by the salvager, + this is no longer treated as an error (13235) + + All client platforms + + * Update the CellServDB to the latest version from grand.central.org from + May 14th 2018 (13409) + + * Avoid a panic during cache initialization when allocating the required + memory fails (13307) + + * Add back the packet counters and timestamps to "vos status" output + which had been missing since release 1.8.0 (13421) + + * Correctly handle errors encountered while reading data from the server + and writing it to the cache, e.g., due to a full cache partition (13443) + + * Avoid a panic due to a recoverable error while flushing cache items + (13503) + + Linux clients + + * Support mainline kernels 4.20 and 5.0 and distribution kernels with + backports from those (13405 13406 13440 13441 13442) + + * DKMS-related fixes in Red Hat packaging (13438 13479) + + macOS + + * Support building and packaging on macOS 10.14 "Mojave" (13412 13413) + + +OpenAFS 1.8.2 + + All platforms + + * Fix OPENAFS-SA-2018-002: information leakage in RPC output variables + Various RPC routines did not always initialize all output fields, + exposing memory contents to network attackers. The relevant RPCs include + an AFSCB_ RPC, so cache managers are affected as well as servers. + + All server platforms + + * Fix OPENAFS-SA-2018-003: denial of service due to excess resource consumption + Various RPCs were defined as allowing unbounded arrays as input, allowing + an unauthenticated attacker to cause excess memory allocation and tie up + network bandwidth by sending (or claiming to send) large input arrays. + + * Fix OPENAFS-SA-2018-001: unauthenticated volume operations via butc + On systems using the in-tree backup system, the butc process was running + with administrative credentials, but accepted incoming RPCs over + unauthenticated connections; these incoming RPCs in turn triggered + outgoing RPCs using the administrative credentials. Unauthenticated + attackers could construct volue dumps containing arbitrary contents + and cause these dumps to be restored and overwrite arbitrary volume + contents; afterward, the backup database could be restored to its + initial state, hiding evidence of the unauthorized changes. + + Running butc with -localauth now requires authenticated incoming + connections, and the backup utility makes authenticated connections to + the butc. Audit capabilities have been added to the butc RPC handlers. + Command-line arguments are provided to retain the (insecure) historical + behavior until all systems have been upgraded. + +OpenAFS 1.8.1.1 + + Linux Clients + + * Support for mainline kernel 4.18 and distribution kernels with backports + from it (13268) + +OpenAFS 1.8.1 + + All Platforms + + * Improve the usability and consistency of the public API: install missing + headers, and add additional symbols to the export list for shared libraries. + + * Improved Rx abort generation: use the proper serial number for an existing + connection if possible, and 0 otherwise (to improve debugging). + + * Assorted minor fixes in response to static analysis of the codebase. + + * Fix memory-safety error in XDR decoding of enumerated types. + + All Server Platforms + + * Fix reference counting error that could cause an assertion failure + in some workloads. + + * vldb_check -fix will no longer corrupt the vldb when multiple MH blocks are present. + + * Assorted cleanups and efficiency improvements in the ubik implementation. + + * Return a valid InlineBulkStatus response in error cases. + + * The fileserver now rejects invalid partition names when attaching partitions. + + All Client Platforms + + * Fix volume callbacks (e.g., when running 'vos release'). + + * Treat failure to obtain a DSlot as a hard error for that cache partition, + avoiding a flood of "disk cache read error in CacheItems" log messages, + and reducing the chance of subsequent panic. + + * Improve error messages for invalid values with -volume-ttl. + + * Remove useless error message: + "find_preferred_connection: no connection and !create". + + * Avoid passing NULL to a kernel memory deallocator, which is not guaranteed + to be safe on all systems. + + Linux + + * Add support for 64-bit ARM clients ("arm64"). + + * Fix panic when cache bypass is enabled. + + * Improve cache manager behavior when unable to open cache files. + + * Improvements to the RPM packaging. + + * Detect out-of-memory when using kernel pages for writing. + + Solaris + + * Fix various issues in the build process for recent Solaris versions. + + MacOS + + * Fix clients on OS X 10.13. + + FreeBSD / NetBSD / OpenBSD + + * Fix panic triggered during periodic cleanup operations and shutdown. + +OpenAFS 1.8.0 All Platforms @@ -61,6 +341,8 @@ OpenAFS 1.8.0pre2 - Wake up the application thread after 'twind' is updated to avoid 100ms transmit delays when the receive window transitions from closed to open. + - Fix for OPENAFS-SA-2017-001: sanity-check peer transport parmeters + received in ack trailers * Libraries (both internal and installed) are built using libtool, including libuafs. The resulting shared libraries for libafsrpc and libafsauthent @@ -78,6 +360,7 @@ OpenAFS 1.8.0pre2 - Support the SOURCE_DATE_EPOCH environment variable to improve build reproducibility. - Modernize language specific SWIG typemaps for libuafs Perl bindings. + - Refactor acinclude.m4 into a set of smaller m4 files (12876, 12877, 12878) * Improvements to documentation: - Document the new KeyFileExt file. @@ -92,6 +375,7 @@ OpenAFS 1.8.0pre2 - Add PtLog man page. - Corrections and clarifications to man pages. - Add ubik threading analysis doc. + - Normalize the location of text documents in the source tree. * Improvements for troublshooting, debugging, and testing: - Log more details on volume-server-to-fileserver communication errors @@ -112,12 +396,19 @@ OpenAFS 1.8.0pre2 - Add tool to find Unix cache manager lock identification numbers. - Add an option for pretty build output. - * RPM packaging updated: + * RPM packaging updates: - Update the spec file to keep up with accumulated changes. - Move the klog.krb5 man page to the openafs-krb5 sub-package. + - Remove stray man pages. (12870, 12871) - Prevent double-starting client on RHEL7 - Convert rpm spec file from deprecated 'make dest' to 'make install'. - Fix rpmbuild command line option default handling. + - Support older versions of rpmbuild which do not support the + rpmbuild %exclude directive. (12873) + - Move the legacy kaserver and related programs to separate sub-packages, + which are only built when rpmbuild is given the '--with kauth' option + (12600, 12872) + - Package the libuafs perl bindings (12921) * Add a new protection error code (PRNAMETOOLONG) instead of silently truncating names which exceed the maximum name length (PR_MAXNAMELEN). @@ -156,6 +447,8 @@ OpenAFS 1.8.0pre2 * Add user and build host in the version string returned by rxdebug -version. + * Support recent versions of gcc (7.2.1) (12897) + All Server Platforms * Ubik servers using pthreads are now available and are used by default @@ -165,6 +458,15 @@ OpenAFS 1.8.0pre2 permitted. This is a conservative change that may be removed in the future. + * Avoid continually retransmitting the ubik database to remote sites when + a write transaction occurs as remote sites are attempting to rejoin the + ubik cluster. (12896) + + * Ensure the ubik database version number is updated on remote sites at the + point the database is transferred to remote sites instead of waiting for + the next ubik beacon. This avoids write transaction failures during the + window between the database transfer and the next ubik beacon (12885). + * Remove periodic background fsync by the fileserver (ihandle fsync thread). * Fix potential file handle leak in the file server ihandle caching layer. @@ -305,6 +607,10 @@ OpenAFS 1.8.0pre2 * Remove the obsolete Netscape plugin. + * Fix building gtx when ncurses is linked against libtinfo. + + * Update to the GCO CellServDB update from 14 March 2017. + Linux * Remove Linux 2.2 and 2.4 support. @@ -319,6 +625,13 @@ OpenAFS 1.8.0pre2 * Fix improper use of ENOENT and avoid incorrect use of linux negative dentry cache. + * Use a more correct (less aggressive) scheme to react to downward + pressure on cache usage, avoiding d_invalidate(), which can cause + getcwd() failures on RHEL 7.4. + + * Apply a workaround to be compatible with RHEL 7.5's KABI preservation + strategy for reading directories. + * Improve error reporting when encountering corrupt directories. * Improve rx error handling in the Linux cache manager. @@ -329,6 +642,10 @@ OpenAFS 1.8.0pre2 * Do not use the obsolete --enable-largefile-fileservers configure option when packaging RPMs. + * In Red Hat packaging, use a separate rpm for kmod debuginfo, + removing a needless tight version dependency on the userspace package. + (12822, 12875) + * Use the RemainAfterExit systemd feature to avoid premature exit when -afsdb is not given, for RPM packages. @@ -344,7 +661,10 @@ OpenAFS 1.8.0pre2 * Fix --enable-kernel-debug for linux 4.8+. - * Support linux 4.10, 4.11, 4.12 + * Fix a hang encountered when accessing a previously removed + directory entry (12811). + + * Support linux 4.10, 4.11, 4.12, 4.13, 4.14, 4.15 Solaris @@ -363,6 +683,11 @@ OpenAFS 1.8.0pre2 * Avoid BAD TRAP panic due to invalid opcodes on x86 with Studio 12.5. + * Add ctf debug records to Solaris kernel modules when debug builds + are enabled and the ctf tools are present (ctfconvert/ctfmerge). + + * Save kernel module function arguments on x86 for debugging purposes. + MacOS * Stop processing upcalls once rx shutdown starts. @@ -377,6 +702,8 @@ OpenAFS 1.8.0pre2 * Fix builds on MacOS 10.12 by building only the active architecture by default. + * Support versions up through 10.13 (High Sierra) and APFS + FreeBSD * Use the native kernel module build system instead of an ad hoc @@ -390,6 +717,11 @@ OpenAFS 1.8.0pre2 * Do not claim AFS_VM_RDWR_ENV + * Add sysnames and files for i386 and amd64 10.4, 11.1, and 12.0 + (12-CURRENT, at present). (12887, 12888) + + * Remove trailing semicolons to fix the build on FreeBSD (12899) + NetBSD * Stay up to date with new NetBSD releases (through 7.x) -- 1.9.4