1 User-Visible OpenAFS Changes
7 * Fix initial Rx Connection ID (CID) generation.
8 Remove stale initialization and overflow detection logic that resulted
9 in connection failures due to all CIDs being set to 0x80000002.
12 * Fix RPC hangs if a server is restarted while a client is sending
13 data (13875 13758 13876).
15 * Fix xstat_cm_test/xstat_fs_test -period option bug introduced
16 by pthreaded xstats. (14366)
18 * Fix remote_is_server field in Rx RPC statistics. Before this fix, the
19 rxstat_get_process and rxstat_get_peer programs reported all RPC stats
20 as "accessed as a client" (14374).
22 * Fix an incorrect server type reported by rxstat_get_process and
23 rxstat_get_peer programs (14375).
25 * Fix the clock square calculation for stats reported by xstat_fs_test,
26 xstat_cm_test, rxstat_get_process, and rxstat_get_peer (14376)
28 * Avoid packet resend delays when ICMP socket errors are
31 * Report RxRPC packet statistics for version packets, that had previously
34 * Fix various issues detected by static-analyzer tools (13155, 13156,
35 13163, 13206, 13333, 14501).
39 * Add support for multiple audit log interfaces and options (13774).
41 * Fix a directory handle leak in the convertROtoRWvolume procedure
42 when a new transaction cannot be created (14342).
44 * Fix out of range memory access when orphaned vnodes are encountered
45 during salvages (14385).
47 * Add KeyFileExt and rxkey.keytab access rights checks to the
48 bosserver and log all access check failures instead of stopping
49 on the first failure (14239, 14330).
51 * Fix creation of the bosserver audit log file when the bosserver
52 is started with the -auditlog option (14381)
54 * Fix 'bos salvage -forceDAFS' when the DAFS fileserver is stopped (14382).
56 * Add VL_DBBAD ("Database is inconsistent") error code to indicate vlserver
57 database inconsistencies, and report VL_DBBAD when unable to remove
58 deleted vlentries from the database hash chains (13382, 13383)
60 * Fix possible memory leaks when under memory pressure (13156 13313).
62 * Fix possible double release of volume locks in vos release
63 and vos convertROtoRW (14426).
65 * Fix -partition option requires a -server option checks in vos (14005).
67 * Take the target read/write volume offline during the conversion
68 to a read-only volume by vos convertRWtoRO (14340).
70 * Check for volume lock inconsistencies in vldb_check (14307).
72 * Document vos restore -readonly option (14348).
74 * Consolidate implementation of, and more reliably use, logged warnings
75 for single-DES or missing keys (10831).
79 * Avoid panic when failing to allocate a new vnode or
80 failing to write a dcache (13701, 13804).
82 * Fix double release of afs_xvcb lock (14411).
84 * Log process name and PID on disk cache read errors (14416).
86 * Add cache-too-full and wait-for-drain cache manager stats (13168).
88 * Add afsio readdir and afsio fidreaddir commands to dump
89 AFS3 directories (12381).
91 * Fix diagnostic messages from "vos partinfo" to correctly refer to
96 * Fix file leak in background thread regression introduced by
97 13284 (LINUX: Turn on AFS_NEW_BKG). (13984)
99 * Avoid getcwd() and bind-mount call errors by returning
100 errors from the d_revalidate callback (14417).
102 * Fix 64/32bit compatibility mode checks for Linux 5.11
103 support (14499, 14500).
105 * Support Linux 5.12-RC2 (14548, 14549).
109 * Add the OpenAFS provider for the Solaris kstat framework (13170).
113 * Import the start of a series of locking and stability fixes developed by
114 Tim Creech and Andrew Deason that will culminate in a client that
115 supports FreeBSD 12.2 (13854, 13856, 13858..13860, 13998..14000, 14162,
123 Introduce the rxgk Rx security class, initially limited to server-to-server
124 traffic and local keys (gerrit topic: rxgk-phase1).
126 Add options to the vos and pts commands for server-to-server rxgk support.
128 Add support to add and delete rxgk keys with asetkey. Add support to
129 generate random keys with asetkey, which can be useful to create certain
132 Raise implementation-defined anti-DoS length limits for prdb-related XDR
133 array types, which were being reached at some sites (13838).
135 Bring "-setpag" functionality in klog to parity with aklog (14146).
137 Fix potential Rx hang when an incoming call must wait (14158).
139 Fix latent bug preventing RX_CONN_NAT_PING from working (13041).
141 Fix potential rx_connection leak in pthreaded programs (13042).
143 Avoid NatPing storm with many connections to the same server (14312).
145 Do not leave empty directories behind in the file server vice partition
146 when running the "vos zap -force" command (12879, 12839).
148 Make non-verbose "vos remsite" output output more readable (14127).
150 Display the usage of simple commands (commands without subcommands) when run
151 only with the -help option (10983).
153 Replace SOURCE-MAP with a README.md (14003).
155 Improve documentation of minimum required dependency versions (14305).
157 Remove unused definition of LINUX_PKGREL from configure.ac (14117).
159 Improve logging and diagnostic messages:
160 * Add a warning message to vos when performing an incremental volume
161 restore over an existing volume which is newer than the dump
163 * Log the binding address and port during startup in the cache manager and
164 all of the server processes (13272)
165 * Improve volume server logging to provide better information during
166 volume restore failures (13252)
167 * Improved cache manager syslog tracing (11858)
168 * Improved database server logging to log important messages at the
169 default logging level, log information during database synchronizations,
170 and log diagnostic messages during recovery aborts (12617, 13079, 12618)
171 * Set a thread name for rx listener threads (13600)
172 * Avoid truncating authentication information in vlserver log
174 * Log when ubik recovery aborts a running remote transaction (13862).
176 Fix warnings issued by static code analyzers:
177 * Fix possible undefined variable in disconnected mode (13207)
178 * Remove redundant conditionals (13158, 13157)
179 * Exit if out of memory while attempting to format command help
181 * Fix possible undefined variable when reading old vldb formats (13755)
183 Assorted memory-handling fixes (13461, 12293, 13355, 13395, 13396, 13161,
184 13659, 13714, 13715, 13760, 13716, 13761).
186 Fix many (but not all) of the new warnings issued by recent versions of
187 gcc and clang (12987..12989, 13010, 13287, 13462..13464, 13467..13468,
188 13470..13476, 13494, 13660..13664, 13684, 13726, 13754, 14049, 14092,
189 14106, 14207, 14273, 14277, 14274, 14275, 14279, 14292, 14125).
191 Added unit tests for functions mapping vice partition to id (13176).
193 Fix issues resulting in parallel "make install" to fail (13786, 14137).
195 Updated libauth test program (13394).
197 General code cleanup; remove unused code or obsolete code, old comments,
198 or refactor for clarity
199 (12988, 13204, 13209, 13210, 13213, 13226, 13227, 13260, 13271, 13277,
200 13309, 13310, 13324, 13325, 13339, 13345, 13346, 13351, 13361, 13362, 13363,
201 13390, 13397, 13408, 13414, 13458, 13490, 13500, 13509, 13514, 13557, 13640,
202 13655, 13282, 13683, 13995, 14218, 14219, 14236, 14246, 14322, 14338).
204 Build system clean up and fixes
205 (12956, 12961, 12962, 12963, 12992, 12993, 12994, 13237, 13275, 13338,
206 13357, 13360, 13387, 13419, 13594, 13652, 14115, 14148..14150, 14132,
207 14133, 14135, 14153).
211 Improve database server logging by logging messages when and why a server
212 is marked as down (12616).
214 Log a warning message when starting server processes with no encryption
215 keys available (13911).
217 Fix use of triple-DES cell-wide keys for rxkad.krb5 (14203).
219 Remove redundant lseek system calls and use positional I/O in the database
220 servers to improve performance (12271, 12272).
222 Fix option parsing to enable parallel salvageserver operation (14201).
224 Fix an edge case where writes were errneously allowed on readonly
227 Add an option to allow members of system:administrators to perform
228 write operations on otherwise readonly fileservers (13707).
230 Allow "vos rename" to be re-run to finish a previously interrupted
231 volume rename operation (13720).
233 Return errors for short reads during volume dumps instead of silently
234 padding with NUL bytes (14255).
236 Work around potential deadlocks when the salvageserver spawns a child
237 at the same time another thread is writing to the log (14239).
239 Do not overwrite the errno variable when logging certain database sendfile
242 Avoid confusing log message ("Unable to create the volume") when
243 restoring over an existing volume (14208).
245 Fix vldb listing of created-but-not-released RO replicas (14154).
247 Avoid confusing "half-locked" state for interrupted volume renames (14157).
249 Prevent attempts to grow the VLDB past the maximum 2GB size (14180).
251 Fix a bug that prevented logging of discarded callbacks (14256).
253 Code migration to POSIX Threads (pthreads) from LWP.
254 * Convert upserver and upclient to pthreads (12754)
255 * Convert xstat libraries and related utilities to pthreads (12745, 12746,
256 12747, 12753, 13454, 13455)
260 Attempt to detect and report some common types of cache corruption
261 (13436, 13747, 13969, 14002).
263 Log a warning when the cache is "stressed" (almost full) to suggest
264 possible re-tuning (13255).
266 Require opt-in to use the historical/deprecated single-DES krb5
267 encryption types, which are being removed from krb5 distributions (13689).
269 Fix incorrect informational messages when the AFSCELL environment
270 variable is set (13371).
272 Assorted cleanup and microoptimizations (12655, 13254, 12656, 13253, 14241,
275 Tidy up the shutdown sequence, closing some memory leaks and not
276 generatin Rx traffic while Rx datastructures are being deconstructed
279 Fix reading entries of historic vldb formats (13465).
281 Suppress warning about running unauthenticated for `bos -noauth` (14306).
285 Support upstream kernels through Linux 5.9.
287 Be more careful about overriding the current credentials for operations
288 on cache files, preventing spurious permission errors when systems like
289 AppArmor and SELinux are in use (13751, 14098).
291 Avoid panics from procfs when the kernel module is loaded but afsd is
294 Improve ppc64le support (13980, 14046).
296 Improve RPM packaging (14114, 14116, 14266)
300 Simplify background-move return-code processing (13280).
302 Support macOS Catalina (13935, 13936, 13668..13671, 13928, 14062, 14222).
304 Add OpenAFS.pkg to the list of files to be codesigned (14221).
308 Remove references to (unspported) SunOS 4 (13506).
310 Build system fixes for parallel make on Solaris.
312 Support function attributes when building with recent versions of Solaris
315 Fix many (but not all) of the compiler warnings when building on the Solaris
318 Add autoconf support for Studio 12.6 tools (13867).
322 General improvements to VFS compliance.
324 Create destination kernel module directory when installing on
325 FreeBSD (13653, 13690)).
327 Add param.h files and sysnames for FreeBSD 11.2 (13534), 11.3 (13792),
330 Fix fcntl-style locks by adapting to quirky historical behavior (12579).
332 Support kernels that use VIMAGE support at runtime, not just at
335 Change LWP stack strategy to avoid SIGBUS errors (13691).
337 Skip SIGBUS test (for reasons unrelated to the previous) (14145).
344 * Address warnings and errors encountered when building OpenAFS with
345 modern compilers like gcc9 or recent clang (13727..45 13749..50 13756
348 * Avoid some rare cases of Rx calls getting stuck in the incoming queue
351 * Display the usage of simple commands (commands without subcommands) when
352 run only with the -help option (13894)
354 * Fix a memory leak in the cache manager and the fileserver while
355 processing "fs uuid" or "fs setcbaddr" (13899)
357 * Fix a memory leak when reopening krb local realms configuration (13900)
359 * Avoid possible crashes when freeing kerberos contexts (13902)
363 * Do not leave empty directories behind in the file server vice partition
364 when running the "vos zap -force" command (13897)
366 * Fix "vos zap -force" failures when the volume being zapped does not have
367 an entry in the fileserver's volume group cache (e.g., during fileserver
370 * Relax the length limits on some membership lists used in ptserver RPCs,
371 introduced in release 1.8.0 to prevent denial of service attacks, to
372 accommodate use cases of some larger existing sites (13844)
374 * Improved diagnostics and error messages (13898 13906..8 13938)
376 * Ensure that fileservers running in readonly mode actually reject all
377 write requests, but introduce a -admin-write switch allowing writes
378 by members of the system:administrators group (14018 14019)
382 * Require the -insecure_des switch to be passed to aklog and klog.krb5
383 to make them work with single-DES encryption types (13791)
385 * Avoid a panic due to a retryable error - retry in a background request
388 * Avoid blocking other functions on the completion of some potentially
389 long-running RPCs issued by the server (13893)
391 * Fix a potential memory leak in "fs getserverprefs" when the pioctl fails
394 * Avoid the local cache incorrectly reflecting the state of a file on the
395 fileserver after flushing large chunks of data to the server. This
396 issue was present on FreeBSD clients, but probably not Linux/Solaris
397 ones (13951) (RT #135041)
399 * After a VLDB lookup of a read-write volume already failed, don't bother
400 looking up corresponding read-only or backup volumes since those lookups
401 are bound to fail, in order to make the client more responsive and
402 avoid unnecessary load on the vlserver (13968)
404 * Allow a "vos rename" to succeed if the new volume name is the same as
405 that in the current VLDB, to make it possible to complete a previously
406 interrupted volume rename (14055)
408 * Allow processes which are sleeping due to PAG throttling to be killable
411 * Fix set PAG failures due to signals (13975).
415 * Support mainline kernels up to and including 5.7 (14069 14094 14095
418 * Make builds succeed with --enable-checking for mainline kernels
419 5.3-rc2 and later (13910)
421 * Avoid possible deadlocks (13748 13765)
423 * Fix build of libuafs on ppc64le (14104)
425 * Fix build on certain recent 32-bit distributions (14234) (RT #135084)
429 * Support building, packaging and notarization on macOS 10.15 "Catalina"
434 * Build fixes (13848..52)
440 * Fix OPENAFS-SA-2019-001: information leakage in failed RPC output
441 Generated RPC handler routines ran output variables through XDR encoding
442 even when the call had failed and would shortly be aborted (and for
443 which uninitialized output variables is common); any complete packets
444 assembled in the process would be sent to the peer, leaking the contents
445 of the uninitialized memory in question.
447 * Fix OPENAFS-SA-2019-002: information leakage from uninitialized scalars
448 Generated RPC handler routines did not initialize output variables of
449 scalar (fixed-length) type, since they did not require dedicated logic to
450 free. Such variables allocated on the stack could remain uninitialized
451 in some cases (including those affected by OPENAFS-SA-2019-001), and the
452 contents of uninitialized memory would be returned to the peer.
456 * Fix OPENAFS-SA-2019-003: fix crash in database servers
457 The ubik debugging RPCs prioritize being fast and non-disruptive to
458 database operations over strict correctness, and do not adhere to the
459 usual locking protocol for data access. A data race could cause a NULL
460 dereference if the second memory load was not optimized out by the
467 Build system updates to remove obsolete autoconf macros and remove missing
468 script warning during builds (13480, 13481, 13482, 13483, 13484, 13486,
471 Build system update to fix a conditional check in the pthread.m4 autoconf
474 Build system update to create the man3 subdirectory, fixing a
475 reported build failure (13535).
477 Remove the last reference to src/mcas in the documentation (13558).
481 Fix fileserver's parsing of the options -vlruthresh, -vlruinterval,
482 -vlrumax and -novbc (13680).
484 Fixes to make ptserver's behaviour when run in restricted mode consistent
485 with the documentation: Non-members of the system:administrators group
486 are no longer allowed to issue the adduser, setfields and delete pts
487 commands, and all members of system:administrators are now allowed to
488 issue pts commands in this mode, not just the admin principal (13686..88).
492 Fix missing Rx call clean-up after failing to read dcaches from a file
495 Fix an Rx call leak for calls aborted by a connection abort after the call
496 was initialized but before use (13517).
498 Remove the obsolete afs_xosi lock to remove unnecessary serialization of
499 VOP_GETATTR calls. This can lead to improved performance under heavy
502 Increase the size of the Directory Name Lookup Cache (DNLC) to improve
503 cache performance (13559).
505 Fix getting tokens for cells with a three character name (13679).
507 Avoid a misleading message about the cell being used when aklog is run
508 with the -cell parameter but the AFSCELL environment variable is set to
509 a different cell (13676).
511 Build system update to honor the CFLAGS environment variable when building
516 Support for mainline kernels up to 5.3 (13787, 13789).
518 More fixes for improper use of ENOENT fixes to avoid incorrect use of linux
519 negative dentry cache, which can lead to false ENOENT errors (13542, 13543,
520 13590, 13692) (RT #134904).
522 Return errors instead of returning incomplete directory listings when the
523 directory objects are incomplete in the cache (13591).
525 Add ppc64le_linux26 sysname for the ppc64le architecture (13636, 13637,
528 Fix configure check for a kernel time function in order to build on
531 RPM packaging update for RHEL8 adding a build requirement to ensure the
532 kernel module can be built from the SRPM (13563) (RT #134900).
534 On systemd based RHEL/Fedora systems, start the client after dkms startup
535 is finished if the latter is installed and enabled, to avoid attempting
536 starts without the kernel module being available yet (13674) (RT #134974).
540 Build system updates for MacOS (13584).
544 Add CTF debugging records to userspace objects to improve debugging
547 Convert the cache manager vnodes to be non-embebbed on Solaris 11 in order
548 to make the cache manager more resilient across Solaris 11 changes (13524,
549 13525, 13526, 13527, 13528).
556 * Improved diagnostics and error messages (13186 13411 13417)
558 * Avoid sending RX packets with random garbage in the userStatus field
561 * Fixed detection of the RX initialization status (13416)
563 * Assorted fixes to avoid segmentation faults and other potential problems
564 by detecting internal errors rather than letting them go unnoticed
569 * Fixed a build problem accidentally introduced in release 1.8.2 (13328)
571 * Assorted efficiency improvements in the ubik implementation (13153 13218
574 * Fixed locking around transaction list processing in volserver to avoid
575 segmentation faults and other potential problems (13336 13337)
577 * When the volserver attempts to remove a temporary volume after a
578 transaction, but the volume was already removed, e.g., by the salvager,
579 this is no longer treated as an error (13235)
583 * Update the CellServDB to the latest version from grand.central.org from
584 May 14th 2018 (13409)
586 * Avoid a panic during cache initialization when allocating the required
589 * Add back the packet counters and timestamps to "vos status" output
590 which had been missing since release 1.8.0 (13421)
592 * Correctly handle errors encountered while reading data from the server
593 and writing it to the cache, e.g., due to a full cache partition (13443)
595 * Avoid a panic due to a recoverable error while flushing cache items
600 * Support mainline kernels 4.20 and 5.0 and distribution kernels with
601 backports from those (13405 13406 13440 13441 13442)
603 * DKMS-related fixes in Red Hat packaging (13438 13479)
607 * Support building and packaging on macOS 10.14 "Mojave" (13412 13413)
614 * Fix OPENAFS-SA-2018-002: information leakage in RPC output variables
615 Various RPC routines did not always initialize all output fields,
616 exposing memory contents to network attackers. The relevant RPCs include
617 an AFSCB_ RPC, so cache managers are affected as well as servers.
621 * Fix OPENAFS-SA-2018-003: denial of service due to excess resource consumption
622 Various RPCs were defined as allowing unbounded arrays as input, allowing
623 an unauthenticated attacker to cause excess memory allocation and tie up
624 network bandwidth by sending (or claiming to send) large input arrays.
626 * Fix OPENAFS-SA-2018-001: unauthenticated volume operations via butc
627 On systems using the in-tree backup system, the butc process was running
628 with administrative credentials, but accepted incoming RPCs over
629 unauthenticated connections; these incoming RPCs in turn triggered
630 outgoing RPCs using the administrative credentials. Unauthenticated
631 attackers could construct volue dumps containing arbitrary contents
632 and cause these dumps to be restored and overwrite arbitrary volume
633 contents; afterward, the backup database could be restored to its
634 initial state, hiding evidence of the unauthorized changes.
636 Running butc with -localauth now requires authenticated incoming
637 connections, and the backup utility makes authenticated connections to
638 the butc. Audit capabilities have been added to the butc RPC handlers.
639 Command-line arguments are provided to retain the (insecure) historical
640 behavior until all systems have been upgraded.
646 * Support for mainline kernel 4.18 and distribution kernels with backports
653 * Improve the usability and consistency of the public API: install missing
654 headers, and add additional symbols to the export list for shared libraries.
656 * Improved Rx abort generation: use the proper serial number for an existing
657 connection if possible, and 0 otherwise (to improve debugging).
659 * Assorted minor fixes in response to static analysis of the codebase.
661 * Fix memory-safety error in XDR decoding of enumerated types.
665 * Fix reference counting error that could cause an assertion failure
668 * vldb_check -fix will no longer corrupt the vldb when multiple MH blocks are present.
670 * Assorted cleanups and efficiency improvements in the ubik implementation.
672 * Return a valid InlineBulkStatus response in error cases.
674 * The fileserver now rejects invalid partition names when attaching partitions.
678 * Fix volume callbacks (e.g., when running 'vos release').
680 * Treat failure to obtain a DSlot as a hard error for that cache partition,
681 avoiding a flood of "disk cache read error in CacheItems" log messages,
682 and reducing the chance of subsequent panic.
684 * Improve error messages for invalid values with -volume-ttl.
686 * Remove useless error message:
687 "find_preferred_connection: no connection and !create".
689 * Avoid passing NULL to a kernel memory deallocator, which is not guaranteed
690 to be safe on all systems.
694 * Add support for 64-bit ARM clients ("arm64").
696 * Fix panic when cache bypass is enabled.
698 * Improve cache manager behavior when unable to open cache files.
700 * Improvements to the RPM packaging.
702 * Detect out-of-memory when using kernel pages for writing.
706 * Fix various issues in the build process for recent Solaris versions.
710 * Fix clients on OS X 10.13.
712 FreeBSD / NetBSD / OpenBSD
714 * Fix panic triggered during periodic cleanup operations and shutdown.
720 * Substantial code quality improvements, largely spotted by Coverity and
721 clang's static analysis.
722 - Add new library for platform independent functions (opr).
723 - Remove arbitrary path name length limits.
724 - Convert to Heimdal's roken library for reliability.
725 - Avoid garbage in allocated buffers (calloc).
726 - Modernize signal handling in pthreaded server processes (softsig).
727 - Improve code comments and additional Doxygen style comments.
728 - Reduce compiler warnings, dead code, unused variables, and
730 - Fix bugs found by static code analyzer (clang-analyzer).
731 - Improved unit test coverage.
732 - Make VLDB flag definitions consistent.
733 - Improve use of run-time assertions and add static assertions.
734 - Add compiler attributes to assist static analyzers.
735 - Clean up include headers in the entire tree.
736 - Improve command-line handling library (libcmd).
737 - Replace hash functions with Jenkin's hash function for faster
738 and more evenly distributed lookups.
739 - Provide a red-black tree data structure to enable algorithmic speedups.
740 - Convert backup and salvage servers to the common logging API (libutil).
741 - Improve volume id data type consistency (VolumeId).
742 - Import APIs for kerberos-style profile configuration support.
743 - Add new APIs to support UserList identities.
744 - Add new APIs to support tabular output from command-line utilities.
745 - Convert vnode macros to inline-functions.
747 * Improved support for non-DES encryption types:
748 - Convert to Heimdal's hcrypto library to support RFC 3961.
749 - Add extended key file format replacing rxkad.keytab, and
750 new key management APIs.
751 - Add support for extended key types to asetkey.
752 - Add akeyconvert to assist in upgrading to OpenAFS 1.8.x by converting an
753 existing rxkad.keytab file to an extended key file.
754 - Do not install the kaserver and related utilities by default to
755 discourage the use of these DES-dependent components.
756 - Remove obsolete klogin and klogin.krb programs.
757 - Add new token APIs to support new rx security classes.
759 * Migrate from LWP to POSIX threads (pthreads):
760 - Convert the ptserver and vlserver from LWP to pthreads.
761 - Remove LWP version of the file server binary.
762 - Convert afsd, aklog, asetkey, klog.krb5, pts, udebug, and vos, from LWP
765 * Improvements to Rx:
766 - Restructure the Rx API to privatize the implementation.
767 - Convert rx events to a red-black tree data structure to improve
769 - Convert from mutexes to atomic operations for counters to reduce lock
771 - Provide per-opcode Rx statistics.
772 - Add an rx_opaque data type to support non-DES encryption types
773 and general code cleanup.
774 - Wake up the application thread after 'twind' is updated to avoid 100ms
775 transmit delays when the receive window transitions from closed to
777 - Fix for OPENAFS-SA-2017-001: sanity-check peer transport parmeters
778 received in ack trailers
780 * Libraries (both internal and installed) are built using libtool, including
781 libuafs. The resulting shared libraries for libafsrpc and libafsauthent
782 should be more usable than previously.
784 * Improvements to the build system:
785 - Convert to libtool to build shared libraries.
786 - Clean up and improve the build system.
787 - Support out of tree builds.
788 - Add a makefile target to generate Doxygen source code documentation.
789 - Link the Java API for OpenAFS with libuafs.a and remove the
791 - Always build the rxperf tool.
792 - Fix man-page generation by make after ./regen.sh -q
793 - Support the SOURCE_DATE_EPOCH environment variable to improve build
795 - Modernize language specific SWIG typemaps for libuafs Perl bindings.
796 - Refactor acinclude.m4 into a set of smaller m4 files (12876, 12877, 12878)
798 * Improvements to documentation:
799 - Document the new KeyFileExt file.
800 - Reorganized the README files.
801 - Improvements and fixes to documentation generation.
802 - Add experimental epub and mobi support
803 - Remove obsolete LWP information from the file server documentation.
804 - Update and reorganize the Quick Start Guide.
805 - Update the Admin Guide.
806 - Remove AIX, HP-UX, and IRIX information from the Quick Start Guide.
807 - Document the vldb and prdb (ubik) file formats.
808 - Add PtLog man page.
809 - Corrections and clarifications to man pages.
810 - Add ubik threading analysis doc.
811 - Normalize the location of text documents in the source tree.
813 * Improvements for troublshooting, debugging, and testing:
814 - Log more details on volume-server-to-fileserver communication errors
816 - Set thread names in pthreaded servers on platforms which support
818 - Add dynroot lock tracking to cmdebug
819 - Fix tracking of an fstrace call site in the cache manager background
821 - Add the afsload tool to simulate multiple cache managers for file server
823 - Add run-time checks for refcount imbalances in the cache manager.
824 - Fix missing newlines in afsd -debug output.
826 * Developer tool improvements:
827 - Improvements and fixes for rxgen (used to generate Rx RPC bindings).
828 - Add tool for man page verification of command options.
829 - Add tool to find Unix cache manager lock identification numbers.
830 - Add an option for pretty build output.
832 * RPM packaging updates:
833 - Update the spec file to keep up with accumulated changes.
834 - Move the klog.krb5 man page to the openafs-krb5 sub-package.
835 - Remove stray man pages. (12870, 12871)
836 - Prevent double-starting client on RHEL7
837 - Convert rpm spec file from deprecated 'make dest' to 'make install'.
838 - Fix rpmbuild command line option default handling.
839 - Support older versions of rpmbuild which do not support the
840 rpmbuild %exclude directive. (12873)
841 - Move the legacy kaserver and related programs to separate sub-packages,
842 which are only built when rpmbuild is given the '--with kauth' option
844 - Package the libuafs perl bindings (12921)
846 * Add a new protection error code (PRNAMETOOLONG) instead of silently
847 truncating names which exceed the maximum name length (PR_MAXNAMELEN).
849 * Add an implementation limit (50000) on the number of names/ids which can
850 be transmitted by unauthenticated clients to the ptserver, avoiding
851 excessive resource consumption from unauthenticated requests.
853 * Add the -config option to vos, pts, and aklog to specify the path to the
854 cell configuration files.
856 * Add more details in vos release -verbose output.
858 * Add the cacheout -encrypt option to encrypt communication between the
859 cacheout client and the fileserver.
861 * Add the command line options to the afsio program to enable encryption of
862 traffic between afsio and the fileserver (-clear, -crypt).
864 * Add the vos release -force-reclone option to force recloning the volume to
865 be released without forcing a full volume dump being transmitted to all
868 * Fix vos to avoid writing loopback addresses into the VLDB in
871 * Print bos and pts error messages to standard error instead of
874 * Improve formatting of the -help output of all commands.
876 * Change -n to -dryrun in all backup subcommands.
878 * Change the backup deletedump -port command line option to -portoffset.
880 * Add user and build host in the version string returned by
883 * Support recent versions of gcc (7.2.1) (12897)
887 * Ubik servers using pthreads are now available and are used by default
889 * As part of improving Ubik reliability in certain edge cases, an extra
890 election cycle (about 60 seconds) may be needed before writes are
891 permitted. This is a conservative change that may be removed in
894 * Avoid continually retransmitting the ubik database to remote sites when
895 a write transaction occurs as remote sites are attempting to rejoin the
896 ubik cluster. (12896)
898 * Ensure the ubik database version number is updated on remote sites at the
899 point the database is transferred to remote sites instead of waiting for
900 the next ubik beacon. This avoids write transaction failures during the
901 window between the database transfer and the next ubik beacon (12885).
903 * Remove periodic background fsync by the fileserver (ihandle fsync thread).
905 * Fix potential file handle leak in the file server ihandle caching layer.
907 * Disable the so-called "hot threads" feature in the file server. The hot
908 threads feature was intended as an optimization for dispatching incoming
909 calls to the current listener thread, but has been reported to incur a
910 performance penalty on modern multi-core systems.
912 * Do not permit creation of users with id of ANONYMOUSID.
914 * Do not save/restore host states in the fsstate.dat file for hosts which
915 are in the process of retrieving CPS information from the ptserver when
916 the fileserver is being shutdown. This fixes a bug in which the fileserver
917 will incorrectly block all threads following a restart.
919 * Add the ptserver -restrict_anonymous option to inhibit exposure of user
920 names from the ptserver.
922 * Do not truncate server log files by default when server processes
923 are started. The -transarc-logs option provides backward compatibility
924 with IBM AFS log handling on server startup. Log messages may be lost
925 in back-to- back restarts when a server is running in this mode.
927 * Reopen server logs on SIGUSR1. This may be used by third-party log
928 rotation tools, such as logrotate, to reopen the log file handles after
929 log files have been renamed.
931 * Fix various bugs when logging with -mrafslogs enabled.
933 * Dynamically reload the kerberos realm to AFS cell mapping (krb.conf) and
934 exclusions for mapping kerberos principals to AFS identities (krb.excl)
935 configuration when the CellServDB cell configuration file is touched.
936 Previously, a restart of the file server was required after updating the
937 kerberos mapping configuration files.
939 * Add a command line option (-restricted_query) to the vlserver and
940 volserver to restrict information queries about volumes to a specific
943 * Add a command line option to the server programs to specify an alternate
944 fully qualified log file name (-logfile).
946 * Add a command line option (-config) to the server programs to specify
947 an alternate path to the server configuration.
949 * Add a command line option to the ptserver and vlserver to specify an
950 alternate path to the database data files.
952 * Add a command line option to the volume server to enable encryption of
953 volume-server-to-volume-server-traffic (-s2scrypt).
955 * Increase the maximum number of LWP threads allowed for the ptserver and
956 vlserver from 16 to 64 (-lwp).
958 * Remove an unused file server command line option (-k).
960 * Fix an incorrect assertion in Demand Attach File Server which could cause
961 the file server process to abort in certain rare conditions.
963 * Deprecate the -bitmap-later configure option for non-Demand-Attach File
966 * Add -vhashsize support to non-Demand-Attach File Servers (DAFS).
968 * Add support for subnet ranges in the NetInfo and NetRestrict
971 * Add the GetXStats RPC to the audit log.
973 * Fix directory creation by bosserver when built for non-Transarc paths.
975 * Fix incomplete list of server addresses retreived by vos listaddr when the
976 vldb contains unreferenced multi-homed server entries.
978 * Remove obsolete bos blockscanner and unblockscanner commands that
979 were only needed for the removed MR-AFS functionality.
981 * Remove obsolete bos salvage options that were only used by the
982 removed MR-AFS functionality..
984 * Remove calls to the deprecated sbrk() function.
986 * Add an experimental feature to database servers to support ubik reads
987 while write transactions are in progress, enabled at build time with the
988 --enable-ubik-read-while-write configure option. This feature is not
989 considered ready for production usage at this time.
991 * Avoid filling the FileLog with "Volume x offline: not in service" when
992 a volume is administratively taken offline with vos offline.
994 * Print an error message when bosserver is started with an unknown
997 * Modify the volume updateDate when the volume is changed by a salvage.
999 * Volume usage statistics are now preserved during reclone and restore
1000 operations by default, the behavior previously enabled by
1001 the -preserve-vol-stats flag to the volserver. The historical behavior
1002 can be retained via the -clear-vol-stats argument.
1004 All Client Platforms
1006 * Use rxkad_crypt by default for connections to fileservers. This matches
1007 the existing behavior of the Windows client and has been applied by
1008 the distribution packaging on many platforms already.
1010 * Add support for relative ACL changes with fs setacl. If a single plus (+)
1011 or minus (-) character is appended to the rights' letters argument, the
1012 new rights are computed relatively to the existing ones.
1014 * Remove afsd -settime and afsd -nosettime support.
1016 * Add the afsd -inumcalc option to specify the method used to calculate
1017 inode numbers presented by AFS.
1019 * Add the afsd -volume-ttl option to specify set the maximum amount of time
1020 information retrieved from the vlserver will be cached, regardless of
1021 callback expiry times.
1023 * Return EIO on internal errors instead of the misleading ENOENT.
1025 * Log ICMP errors received, if any, for unreachable servers.
1027 * Improve performance of clients with multiple PAGs for different cells.
1029 * Fix race condition between changing and using user tokens among cache
1032 * Fix fs sysname for users with UID 2748 and 2750 when not running
1035 * Add Perl bindings for the user-space cache manager library (libuafs).
1037 * Fixes to the bypasscache feature.
1039 * Fix fs getcacheparms miscounts.
1041 * Remove the obsolete Netscape plugin.
1043 * Fix building gtx when ncurses is linked against libtinfo.
1045 * Update to the GCO CellServDB update from 14 March 2017.
1049 * Remove Linux 2.2 and 2.4 support.
1051 * Changes to avoid EIO errors with multiple processes doing intensive mmap
1052 writing. (Drop PageReclaim AOP_WRITEPAGE_ACTIVATE.)
1054 * Prevent fakestat data inconsistencies in certain cases (131855).
1056 * Fix dentry leak which can cause a crash on shutdown.
1058 * Fix improper use of ENOENT and avoid incorrect use of linux negative
1061 * Use a more correct (less aggressive) scheme to react to downward
1062 pressure on cache usage, avoiding d_invalidate(), which can cause
1063 getcwd() failures on RHEL 7.4.
1065 * Apply a workaround to be compatible with RHEL 7.5's KABI preservation
1066 strategy for reading directories.
1068 * Improve error reporting when encountering corrupt directories.
1070 * Improve rx error handling in the Linux cache manager.
1072 * Rename kpasswd to kapasswd when packaging RPMs to avoid colliding with
1075 * Do not use the obsolete --enable-largefile-fileservers configure option
1076 when packaging RPMs.
1078 * In Red Hat packaging, use a separate rpm for kmod debuginfo,
1079 removing a needless tight version dependency on the userspace package.
1082 * Use the RemainAfterExit systemd feature to avoid premature exit
1083 when -afsdb is not given, for RPM packages.
1085 * Remove Debian packaging files from the OpenAFS source tree. Debian
1086 packaging files are currently maintained in the downstream Debian
1089 * Add the sparc_linux26 sysname.
1091 * Desupport 32-bit Linux kernels on s390/s390x.
1093 * Fix Debian/Ubuntu build regression on kernel 3.16.39.
1095 * Fix --enable-kernel-debug for linux 4.8+.
1097 * Fix a hang encountered when accessing a previously removed
1098 directory entry (12811).
1100 * Support linux 4.10, 4.11, 4.12, 4.13, 4.14, 4.15
1104 * Remove support for all Solaris and SunOS platforms prior to Solaris 8.
1106 * Build 64-bit binaries for Solaris x86 by default.
1108 * Use one-group PAGs on Solaris 11, which is required for PAG support
1109 on Solaris 11 since supplemental groups must be sorted starting with
1112 * Update search paths for solaris cc for recent versions Solaris Studio.
1114 * Modernize declaration of module dependences by converting from the
1115 deprecated _depends_on symbol to ELF dependencies.
1117 * Avoid BAD TRAP panic due to invalid opcodes on x86 with Studio 12.5.
1119 * Add ctf debug records to Solaris kernel modules when debug builds
1120 are enabled and the ctf tools are present (ctfconvert/ctfmerge).
1122 * Save kernel module function arguments on x86 for debugging purposes.
1126 * Stop processing upcalls once rx shutdown starts.
1128 * Enable atomics for the darwin kernel.
1130 * Add a syscall to enable/disable bulkstat at run-time, which is
1131 disabled by default.
1133 * Fix path to binaries in the prefpane.
1135 * Fix builds on MacOS 10.12 by building only the active architecture
1138 * Support versions up through 10.13 (High Sierra) and APFS
1142 * Use the native kernel module build system instead of an ad hoc
1143 replacement build system.
1145 * Remove FreeBSD packaging files from the OpenAFS source tree. FreeBSD
1146 packaging files are currently maintained in the downstream FreeBSD Ports
1149 * Stay up to date with new FreeBSD releases (through 10.3).
1151 * Do not claim AFS_VM_RDWR_ENV
1153 * Add sysnames and files for i386 and amd64 10.4, 11.1, and 12.0
1154 (12-CURRENT, at present). (12887, 12888)
1156 * Remove trailing semicolons to fix the build on FreeBSD (12899)
1160 * Stay up to date with new NetBSD releases (through 7.x)
1162 * Update to use cprng(9) as the randomness source on NetBSD 6.99/7.x.
1164 * Build system updates for NetBDS 6.99.x
1166 * Do not claim AFS_VM_RDWR_ENV
1170 * Stay up to date with new OpenBSD releases (through 4.7)
1172 * Do not claim AFS_VM_RDWR_ENV
1176 * Updates for AIX support.
1178 * Fix build system for AIX exports.
1180 * Add the uidpag and localuid runtime options to the aklog LAM plugin.
1181 (These runtime options override the use of UID-based PAGs, which were
1182 introduced to appease the CDE screensaver.)
1189 * Avoid a possible 100ms transmit delay in the RX protocol when a peer's
1190 receive window transitions from closed to open (12627)
1192 * Documentation improvements (12476 12477 12559[RT #133339])
1194 All server platforms
1196 * When bosserver is started with an unknown option, print an error message
1197 and exit with a non-zero value rather than failing silently (12631)
1199 All DB server platforms
1201 * Hold the DB lock while checking for an aborted write transaction (12516)
1203 All file server platforms
1205 * On demand attach fileservers, don't save or restore a client's host
1206 state if CPS ("Current Protection Subdomain") recalculation for it is
1207 in progress, to avoid fileserver thread exhaustion (12568)
1209 * On demand attach fileservers, avoid flooding the log with error messages,
1210 which could happen when the fileserver was restarted while a volume was
1213 * Update a volume's "Last Update" time when its content is modified by
1214 the salvager, to make the change visible in the output of "vos examine"
1215 and to backup services (12633)
1217 All client platforms
1219 * Corrected the DCentries bucket counts for very large and zero length
1220 files in the output of "fs getcacheparms -excessive" (12604 12605)
1222 * Fixed a bug that prevented users with GID 2748 and 2750 from executing
1223 the "fs sysname" command on clients running afsd with -rmtsys (12607)
1225 * Provide a new -inumcalc switch for afsd to allow enabling the alternative
1226 MD5 method of inode number calculation, which was previously only
1227 possible on Linux and through the sysctl interface (12608 12632)
1231 * Support for mainline kernel 4.12 and distribution kernels with backports
1232 from it (12624 12626)
1234 * Re-added the improved algorithm for freeing unused vcaches to reduce
1235 memory consumption first introduced with the 1.6.18 release, together
1236 with a fix for the issue leading to its removal in 1.6.18.2 (12448..12451)
1240 * Fixed a crash while stopping the client on macOS 10.12 "Sierra" (12602)
1247 * Build fixes required by recent compilers or platforms (12514 12521 12534
1250 * Allow the bos server to start successfully in the presence of those, by
1251 accepting a now checked return value indicating that the client ThisCell
1252 and CellServDB already exist (12522)
1256 * Support for mainline kernels 4.10 and - most likely - 4.11 and
1257 distribution kernels with backports from them (12530 12588..12590 12598)
1259 * Support for distribution kernels with partial backports from 4.9 (12535)
1262 * In Red Hat packaging, moved the klog.krb5 manual page into the krb5
1265 * In Red Hat packaging, prevent systemd from double-starting the client
1268 * Allow aklog to function on current S390/S390x (12499)
1272 * Make process authentication groups work on Solaris 11, now using a single
1273 group ID (12524..12527)
1275 * Fix a BAD TRAP panic on Solaris 11 clients built with Studio 12.5 (12567)
1279 * Fixed the preference pane for OS X 10.11 and later (12512)
1285 * Build fixes required by recent compilers (12482..12484)
1289 * Support for mainline kernel 4.9 and distribution kernels with
1290 backports from it (12478..12480)
1292 * In Red Hat packaging, make systemd deal correctly with the client
1293 when no userland processes remain after starting it (12481)
1298 * Support for release 10.12 "Sierra" (12431 12432)
1300 * Avoid a crash in the Mounts tab of the OpenAFS preference pane (12447)
1302 OpenAFS 1.6.20 (Security Release)
1306 * Fix for OPENAFS-SA-2016-003: file and directory names leak due to
1307 reuse of directory objects without zeroing the contents
1308 (12461 12462 12463 12464 12465)
1314 * Documentation improvements (12304)
1315 * Fixes for test failures (12396 12415)
1317 All DB server platforms
1319 * Avoid potentially writing to an out of date volume location or protection
1320 database, or losing a database write, which could happen in rare cases
1321 under special conditions during database leader election
1326 * Allow the fsinfo::: DTrace provider to work with AFS files (12371)
1330 * Don't commit more data to a file than was actually copied during writes,
1331 which could happen on architectures with a page size > 4 KiB (12413)
1332 * Fixed build on PPC64 with GCC 6.1 (12388) (RT #133407)
1333 * Fixed build on x86_64 with recent GCC (12365 12366)
1340 * Support for mainline kernel 4.7 and distribution kernels with
1341 backports from it (12348)
1345 * Fixed memory mapped I/O on files >= 4 GiB (12349 12350)
1347 Note that there is a suspicion that this might break the client
1348 on very old Solaris releases (2.6). If it does, the breakage should
1349 occur at build time.
1353 * Added tooling to build a package for OS X 10.10 "Yosemite" and
1354 10.11 "El Capitan" (12335 12351)
1361 * Support for mainline kernel 4.6 and distribution kernels with
1362 backports from it (12332)
1364 * Switch back to the pre-1.6.18 algorithm for freeing unused vcaches.
1365 While the new algorithm is still believed to be correct, it turned
1366 out that at least on some kernels, including 4.5 and 4.6, the dentry
1367 for the current working directory may be erroneously invalidated.
1368 This could lead to errors like "Unable to read current working directory"
1369 when a directory wasn't accessed for a few minutes. (12323)
1371 * Use a secure URL to retrieve the CellServDB in the script to create
1372 the Red Hat source package (12330)
1376 * Added sysname IDs for 10.2 and 10.3 to fix the build on those platforms
1384 * Support for mainline kernel 4.5 and distribution kernels with
1385 backports from it (12300..12302)
1392 * Documentation improvements (12224 11675 11613 12197)
1394 * Improved diagnostics and error messages (12129 12207 12185 12211 12113
1397 * Check that CellServDB entries are valid IPv4 addresses, to avoid
1398 occasional hangs or potentially other erratic behaviour due to invalid
1399 entries (12210) (RT #131794)
1401 All client platforms
1403 * Gracefully handle cases where a client shutdown sequence is initiated
1404 while the client is already shutting down, rather than cause a panic
1407 * Fixed several bugs that could cause erratic behaviour when the write
1408 offset into a file was more than 2 GiB beyond the file's current end
1409 on the server (12213 12214)
1411 All server platforms
1413 * Avoid a possible volserver crash during volume dump or restore due
1414 to invalid ACL entries (12127)
1416 * Allow recovering from a DAFS fileserver operation which allocates a
1417 new vnode but fails to update the vnode index, rather than crashing the
1420 * Fixed a longstanding bug which could damage the volume location database
1421 when "vos changeaddr" was run with "-oldaddr" and "-newaddr" and the
1422 old address was present in a multi-homed entry (12089)
1426 * Added support for releases 10.2 and 10.3 (12232)
1430 * Support for mainline kernel 4.4 and distribution kernels with
1431 backports from it, alas at a performance penalty (12226 12227 12228)
1432 (RT #132677 #132819)
1434 * Avoid using excessive amounts of kernel memory for dynamically
1435 allocated vcaches, by improving the algorithm to free unused ones
1438 * In Red Hat packaging, make the init script use "ip" if available, with
1439 "ifconfig" as a fallback (12193)
1443 * Basic support for release 10.11 "El Capitan" (12212)
1447 * Fixed kernel module builds with optimization (12198) (RT #131261)
1450 OpenAFS 1.6.17 (Security Release)
1452 All server platforms
1454 * Fix for OPENAFS-SA-2016-001: foreign users can create groups as
1455 if they were an administrator (RT #132822) (CVE-2016-2860)
1457 All client platforms
1459 * Fix for OPENAFS-SA-2016-002: information leakage from sending
1460 uninitialized memory over the network. Multiple call sites
1461 were vulnerable, with potential for leaking both kernel and
1462 userland stack data (RT #132847)
1464 * Update to the GCO CellServDB update from 01 January 2016 (12188)
1468 * Fix a crash when the root volume is not found and dynroot is not
1469 in use, a regression introduced in 1.6.14.1 (12166)
1471 * Avoid introducing a dependency on the kernel-devel package corresponding
1472 to the currently running system while building the srpm (12195)
1474 * Create systemd unit files with mode 0644 instead of 0755
1475 (12196) (RT #132662)
1481 * Documentation improvements (11932 12096 12100 12112 12120)
1483 * Improved diagnostics and error messages (11586 11587)
1485 * Distribute the contributor code of conduct with the stable release (12056)
1487 All server platforms
1489 * Create PID files in the right location when bosserver is started with
1490 the "-pidfiles" argument and transarc paths are not being used (12086)
1492 * Several fixes regarding volume dump creation and restore (11433 11553
1495 * Avoid a reported bosserver crash, and potentially others, by replacing
1496 fixed size buffers with dynamically allocated ones in some user handling
1497 functions (11436) (RT #130719)
1499 * Obey the "-toname" parameter in "vos clone" operations (11434)
1501 * Avoid writing a loopback address into the server CellServDB - search
1502 for a non-loopback one, and fail if none is found (12083 12105)
1504 * Rebuild the vldb free list with "vldb_check -fix" (12084)
1506 * Fixed and improved the "check_sysid" utility (12090)
1508 * Fixed and improved the "prdb_check" utility (12101..04)
1510 All client platforms
1512 * Avoid a potential denial of service issue, by fixing a bug in pioctl
1513 logic that allowed a local user to overrun a kernel buffer with a single
1514 NUL byte (commit 2ef86372) (RT #132256) (CVE-2015-8312)
1516 * Refuse to change multi-homed server entries with "vos changeaddr",
1517 unless "-force" is given, to avoid corruption of those entries (12087)
1519 * Provide a new vos subcommand "remaddrs" for removing server entries, to
1520 replace the slightly confusing "vos changeaddr -remove" (12092 12094)
1522 * Make "fs flushall" actually invalidate all cached data (11894)
1524 * Prevent spurious call aborts due to erroneous idle timeouts (11594)
1526 * Provide a "--disable-gtx" configure switch to avoid building and
1527 installing libgtx and its header files as well as the depending
1528 "scout" and "afsmonitor" applications (12095)
1530 * Fixed building the gtx applications against newer ncurses (12125)
1532 * Allow pioctls to work in environments where the syscall emulation
1533 pseudo file is created in a read-only pseudo filesystem, like in
1534 containers under recent versions of docker (12124)
1538 * In Red Hat packaging, avoid following a symbolic link when writing
1539 the client CellServDB, which could overwrite the server CellServDB,
1540 by removing an existing symlink before writing the file (12081)
1542 * In Red Hat packaging, avoid a conflict of openafs-debuginfo with
1543 krb5-debuginfo by excluding our kpasswd executable from debuginfo
1544 processing (12128) (RT #131771)
1546 OpenAFS 1.6.15 (Security Release)
1548 All client and server platforms
1550 * Fix for OPENAFS-SA-2015-007 "Tattletale"
1552 When constructing an Rx acknowledgment (ACK) packet, Andrew-derived
1553 Rx implementations do not initialize three octets of data that are
1554 padding in the C language structure and were inadvertently included
1555 in the wire protocol (CVE-2015-7762). Additionally, OpenAFS Rx in
1556 versions 1.5.75 through 1.5.78, 1.6.0 through 1.6.14, and 1.7.0
1557 through 1.7.32 include a variable-length padding at the end of the
1558 ACK packet, in an attempt to detect the path MTU, but only four octets
1559 of the additional padding are initialized (CVE-2015-7763).
1565 * Support kernels up to 4.2
1567 Due to changes to internal data structures with this kernel release,
1568 the OpenAFS client can no longer reset the link count during path
1569 lookups. Since volume root directories must behave like symlinks
1570 instead of normal directories in order to satisfy Linux kernel
1571 invariants, looking up paths containing more than 40 mount points
1572 will fail with ELOOP on such kernels.
1576 All server platforms
1578 * Prior to the OpenAFS security release 1.6.13, the Volume Location
1579 Server (vlserver) RPC VL_ListAttributesN2() supported wildcard volume
1580 name lookups via regular expression (regex) pattern matching. This
1581 support was completely disabled in 1.6.13 because it was judged to be
1582 a security risk due to buffer overruns in the implementation, as well
1583 as the possibility of denial of service attacks where certain regular
1584 expressions could cause excessive CPU usage in some regex
1587 Unfortunately, after 1.6.13 was released, it was discovered that
1588 the native OpenAFS 'backup' system uses the VL_ListAttributesN2()
1589 regex support to evaluate configured volume sets. If you use the
1590 OpenAFS 'backup' system (or another backup system which relies on it,
1591 such as Tivoli Storage Manager (TSM, aka Tivoli ADSM)), and are using
1592 volume sets which require regular expressions for the volume name,
1593 then those volume sets cannot be resolved by OpenAFS 1.6.13. The next
1594 paragraph provides details on how to identify any affected volume sets.
1596 OpenAFS backup volume sets may be described by fileserver, partition
1597 name, and volume name. The fileserver and partition specifications
1598 never require regular expression support. The volume name specification
1599 always requires regular expression support except for when specifying
1600 _all_ volumes via two special cases: the universal wildcard ".*", or "".
1601 For example, volume name "proj" or "*.backup" or "homevol.*" all
1602 require regex support - even if the specification contains no wildcard
1603 characters and/or exactly matches an existing volume name.
1605 As a result of this issue, OpenAFS 1.6.14 replaces the 1.6.13 changes
1606 to VL_ListAttributesN2. 1.6.14 prevents the buffer overruns and
1607 reenables the regex support, but restricts it to OpenAFS super-users
1608 and -localauth only. This is sufficient to restore the OpenAFS 'backup'
1609 system's ability to work correctly with any previously supported volume
1610 set. The OpenAFS 'backup' commands are already documented to require
1611 super-user authorization, so this restriction is moot for the backup
1614 There are no other direct consumers of the VL_ListAttributesN2() regex
1615 support in the OpenAFS tree. However, the VL_ListAttributesN2 RPC is
1616 publicly accessible and might be used by third party tools directly or
1617 indirectly via OpenAFS's libadmin. Any such tools that issue
1618 VL_ListAttributesN2 RPCs must now be executed using super-user or
1621 None of the other security fixes in OpenAFS 1.6.13 are known to have
1622 any issues, and are still included unchanged in OpenAFS 1.6.14.
1624 If there are any questions concerning the possible impact of OpenAFS
1625 1.6.13 or 1.6.14 at your site, please contact your OpenAFS support
1626 provider or the openafs-info@openafs.org mailing list for further
1631 All server platforms
1633 * Fix for CVE-2015-3282: vos leaks stack data onto the wire in the
1634 clear when creating vldb entries
1636 * Workaround for CVE-2015-3283: bos commands can be spoofed, including
1637 some which alter server state
1639 * Disabled searching the VLDB by volume name regular expression to avoid
1640 possible buffer overruns in the volume location server
1642 All client platforms
1644 * Fix for CVE-2015-3284: pioctls leak kernel memory
1646 * Fix for CVE-2015-3285: kernel pioctl support for OSD command passing
1651 * Fix for CVE-2015-3286: Solaris grouplist modifications for PAGs can
1652 panic or overwrite memory
1656 All server platforms
1658 * Avoid database corruption if a database server is shut down and then
1659 brought up again quickly with an altered database (11773 11774)
1662 All client platforms
1664 * Fixed a potential buffer overflow in aklog (11808)
1666 * Avoid a bogus warning regarding the checkserver daemon, which could be
1667 logged during startup when the cache initialization was very fast (11680)
1669 * Added documentation of the inaccuracy of the 'partition' field in
1670 'fs listquota' output for partitions larger than 2 TiB (11626)
1674 * Support kernels up to 4.1 (11872 11873)
1676 * Avoid spurious EIO errors when writing large chunks of data to
1677 mmapped files (11877)
1681 * Build fixes required at least on OS X 10.10 Yosemite with the latest
1682 XCode (11859 11876 11842..11845 11863 11878 11879)
1688 * Support kernels up to 4.0 (11760 11761)
1692 * Fixed kernel module build on systems with an updated clang which no
1693 longer accepts the -mno-align-long-strings as a no-op (11809)
1699 * Allow aklog to succeed creating native K5 tokens even when mapping
1700 the K5 principal to a K4 one fails (11538)
1702 * Build fixes (11435 11636)
1704 All client platforms
1706 * Avoid a potential kernel panic due to connection reference overcounts
1707 (11645) (RT #131885)
1709 * Avoid potential corruption of files written using memory mapped I/O
1710 when the file is larger than the cache (11656) (RT #131976)
1714 * Support kernels at least up to 3.19 (11549 11550 11569 11570 11595
1715 11658..11662 11694 11752)
1717 Note: By default this excludes kernels 3.17 to 3.17.2, which will leak
1718 an inode reference when an error occurs in d_splice_alias(). The
1719 module will build and work, but leak kernel memory, leading to
1720 performance degradation and eventually system failure due to
1721 memory exhaustion. Since it's impossible to detect this condition
1722 automatically, the switch --enable-linux-d_splice_alias-extra-iput
1723 must be passed to configure when building the module for those
1724 kernels. The same would be necessary for any kernel with backports
1725 of commit 908790fa3b779d37365e6b28e3aa0f6e833020c3 or commit
1726 95ad5c291313b66a98a44dc92b57e0b37c1dd589 but not the fix in commit
1727 51486b900ee92856b977eacfc5bfbe6565028070 in the linux-stable repo
1728 (git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git) or
1729 the corresponding changes on other branches.
1731 * Fixed a regression introduced in OpenAFS release 1.6.10 which could
1732 make the spurious "getcwd: cannot access parent directories" problem
1733 return (11558 11568) (RT #131780)
1735 * Avoid leaking memory when scanning a corrupt directory (11707)
1739 * Support OS X 10.10 "Yosemite" (11571 11572 11611) (RT #131946)
1743 * Avoid reading random data rather than correct cache content when using
1744 ZFS as the cache file system on Solaris >= 11, and fix potential similar
1745 problems on other platforms (11713 11714)
1749 * Build fix for releases >= 11.0 (11610)
1753 * Support release 5.4 (11700)
1760 * Don't hide the "version" subcommand in help output (11214)
1762 * Documentation improvements (11126 11216 11222 11223 11225 11226)
1764 * Improved diagnostics and error messages (11154 11246 11247 11249 11181
1767 * Build system improvements (11158 11221 11224 11225 11227..11241 11282
1768 11342 11350 11353 11242 11367 11392)
1770 * Avoid potentially erratic behaviour under certain error conditions by
1771 either avoiding or at least not ignoring them, in various places (11008
1772 11010..11065 11112 11148 11196 11530)
1776 * Support releases 9.3 and 10.1 (11368 11369 11402 11403 11404)
1778 * Makes a disk cache more likely to work on FreeBSD, though such
1779 configurations remain not very tested (11448)
1781 All server platforms
1783 * Added volscan(8) (11252..11280 11387 11388)
1785 * Fixed a bug causing subgroups not to function correctly if their
1786 ptdb entry had more than one continuation entry (11352)
1788 * Logging improvements (10946 11153)
1790 * Allow log rotation via copy and truncate (11193)
1792 * Avoid a server crash during startup only observed on a single platform
1793 and when using a 3rd party library under certain circumstances, which is
1794 a collateral effect of the security improvements introduced in OpenAFS
1795 release 1.6.5 (11075) (RT #131852)
1797 All client platforms
1799 * Raised the free space reported for /afs to the maximum possible value of
1800 just under 2 TiB - the old value was 9 GiB on most platforms (10984)
1802 * Reduced the amount of stack space used (11162 11163 11203 11164..11167
1803 11338 11339 11364..11366 11381)
1805 * Sped up a periodic client task which could be problematically slow
1806 on systems with a large number of PAGs and files in use (11307)
1808 * Fixed failure of the up command with large ACLs (11111)
1810 * Avoid a potential crash of aklog (11218)
1812 * Avoid potential crashes of scout and xstat_fs_test (11155)
1816 * Support kernels up to 3.16 (11308 11309)
1818 * Fixed a regression introduced in OpenAFS release 1.6.6 that made
1819 checking for existing write locks incorrectly fail on readonly volumes
1822 * Fixed a regression introduced in OpenAFS release 1.6.8 that could
1823 cause VFS cache inconsistencies when a previously-accessed directory
1824 entry was removed and recreated with the same name but pointing to a
1825 different file on another client (11358)
1827 * Use the right path to depmod in Red Hat packaging to avoid dependency
1828 calculation incorrectly failing unless a link /sbin -> /usr/sbin is
1829 present on the system performing it (11171) (RT #131860)
1831 * Do not ignore kernel module build errors (11205)
1835 All server platforms
1837 * Fix for OPENAFS-SA-2014-002
1843 * Documentation improvements (10751 10875 10931 10897 10883 10954 10955)
1845 * Improved diagnostics and error messages (10756 10814 10949)
1847 * Fixed a bug in RX that could make errors during packet reception go
1850 * Fixed a bug that made "vos size -dump" display the wrong size for
1851 large volumes. (10933) (RT #131819)
1853 All server platforms
1855 * Change the default fileserver sync behavior from "delayed" to "onclose".
1856 This means that explicit syncing only happens when a volume is detached.
1859 * Added the -offline-timeout and -offline-shutdown-timeout options to the
1860 fileserver, to implement interrupting clients accessing volumes we are
1861 trying to take offline. (6266 10799)
1863 All client platforms
1865 * When a client is shut down, it will give up its callbacks. The Windows
1866 client has been doing this since 2007. Note that older fileservers
1867 (1.3.50 to 1.4.5 and 1.5.0 to 1.5.27) had a bug in the implementation of
1868 the relevant RPC that could cause crashes or other undefined behavior
1869 when this happens. (6272 8840 10855)
1871 * Restored the pre-1.6 behavior of "vos e" being an alias for "vos examine".
1874 * Avoid flooding logs with warnings about byte-range locks, by throttling
1875 them per file. Also, make the messages more useful by including the
1878 * Avoid a possible panic during shutdown while tracing. (10932)
1882 * Fixed a bug that could cause the "getcwd: cannot access parent
1883 directories" problem (10804 10984)
1885 * Avoid a delay when accessing uncached data in AFS in a confined
1886 context under SELinux. (10598)
1888 * Red Hat packaging improvements (10600 10767 10807)
1892 All server platforms
1894 * Fix for OPENAFS-SA-2014-001
1896 * Fix for a potential DOS attack against RX servers
1902 * As of this release, OpenAFS no longer ships uncompressed source tarballs.
1903 Tarballs are still shipped with both compression formats, gzip and bzip2.
1906 * Documentation improvements (10136 10314 10601)
1908 * Improved diagnostics and error messages (9412 10085 10274)
1910 * Avoid redefining "assert" in our public header files, which could
1911 cause failures when building some applications using them. (10096)
1913 * Fixes for parallel builds (10005 10309 10337)
1915 * Added a -s switch to afscp (not installed by default) to help simulate
1916 a slow client. (9416 9417)
1918 * Added a -probe switch to vlclient test program (not installed by default)
1919 to ping all vlservers in a cell in parallel. (9570)
1921 All server platforms
1922 * The fileserver now ignores any vice partitions with a NeverAttach flag
1923 file present in the root directory. (RT #130561) (9470 9471)
1925 * Restrict forcing CPS ("Current Protection Subdomain") recalculation in
1926 the fileserver to administrators. Also fixed a bug that could cause this
1927 operation to be incomplete. (9485 9487)
1929 * Allow non-DAFS fileservers to attach unusable volumes, restoring pre-1.6
1930 behaviour. (RT #131505) (9499)
1932 * Restored the pre-1.6 behaviour when running vos examine for a volume
1933 currently in a transaction, showing the volume as busy again rather than
1934 offline. (9685 9915 9916)
1936 * Reduced the minimum time a bos salvage takes from 5 seconds to 1. (9476)
1938 * Fixed buserver to not segfault when started with the -servers option.
1939 (RT #131706) (10166)
1941 * Salvager fixes, addressing a wide variety of possible problems from
1942 unnecessary salvaging to aborts (9282 9283 9457 9458 9459 9461 9462 9480
1945 * Fixed a bug that could cause saved state information to be discarded
1946 when restarting a large or busy fileserver, which negatively impacted
1949 * Fixed a bug that could have caused undefined behaviour in the vlserver
1950 in rare cases when a fileserver registered its addresses in the VLDB.
1953 * Added the -preserve-vol-stats switch to volserver, allowing it to keep
1954 the access statistics across volume restore and reclone operations
1955 instead of resetting them. (9477)
1957 * Inserted an exponential delay between retries when bosserver attempts to
1958 restart a server process. (9571 10199)
1960 * Improved vldb_check (not installed by default) to cope with broken
1961 vlentry names and volids, and provide more output to aid debugging.
1964 * Releasing a volume after adding a new RO site no longer touches any of
1965 the existing RO sites, if the RW data hasn't changed since the last
1968 * Make the copyDate field for RO clones have the same meaning as for
1969 remote RO volumes. Previously, the copyDate field for clones was updated
1970 every time we released. (9451)
1972 * Fixed potentially undefined behaviour in ptserver when too many pts
1973 ids are allocated. (10124)
1975 * Note that the server side NAT pings feature present in the prereleases
1976 was removed before the final release, since no positive feedback
1977 was provided during prerelease testing. (9420 10135)
1981 * Start bosserver with -nofork in the systemd unit file, to allow systemd
1982 to track its state (10093)
1984 All client platforms
1986 * No longer track file locks on read-only volumes. Write locks can't
1987 succeed, read locks always will. Avoids log messages about this kind
1990 * Added the "fs flushall" subcommand, which makes the client discard all
1991 cached data. This was previously available on Windows only. (9065 9388
1994 * Fixed a bug that could make the client incorrectly believe its cache
1995 is up to date. This change could negatively impact AFS <-> DFS
1996 translators, should those still be running anywhere. (8898)
1998 * Several changes to avoid panicing in certain error conditions.
1999 (9131 9287 10354 10355 10356 10357) (partially addressing RT #131747)
2001 * Added the -rxmaxfrags switch to afsd, allowing to limit the number
2002 of UDP fragments sent or received per RX packet. (9430)
2004 * Build fixes for aklog on several platforms (RT #131716) (9917 10107 10275)
2006 * Require that the AFS mountpoint specified in the cacheinfo file is
2007 an absolute path. Relative paths result in a client that basically
2008 works but is not fully functional. (10253)
2010 * Fixed a bug that could cause one of the afsd threads to enter an infinite
2011 loop (10431 .. 10436)
2015 * Support Linux kernels up to 3.13 (10241)
2017 * Fixed a bug that made readv/writev calls in AFS space fail with Linux
2018 kernels where generic_file_aio_read exists but those operations have
2019 not been switched to using aio_read/aio_write. This was a regression
2020 introduced with release 1.6.3 and affected at least RHEL 5.9 kernels.
2023 * Fixed a similar bug making core dumps fail in AFS space, affecting
2024 a much wider range of kernels including the most recent ones.
2025 (RT #131729) (10254)
2027 * Enhanced the keyring code to make PAGs work correctly on kernels with a
2028 distribution specific change to the Linux keyring code. This affected at
2029 least SLES 11 SP3 kernels. (10252)
2031 * Fixed a bug that could make failures during PAG instantiation go
2034 * Fixed a bug that made compilation fail for Linux kernels without
2035 keyring support. This affected at least the SLE 10 SDK and an
2036 OEM version of SLES 11 SP1. (10325)
2038 * Fixed build for kernels with user namespace support enabled. Likely
2039 to be required for Ubuntu 14.04 and eventually other distributions.
2040 (10456 10457 10458 10518 10472)
2042 * Support RHEL 6.5 kernels, and possibly others with changes backported
2043 from recent mainline kernels that touch getname/putname, by no longer
2044 using those functions. Previously, the client could cause a kernel
2045 panic when syscall auditing was enabled. (10578)
2047 * Make tmpfs usable as the cache filesystem again. This had been broken
2048 since kernel 3.1 (9950 10193)
2050 * When starting the client fails, clean up the backing device information
2051 created in sysfs, to avoid error messages during a subsequent start
2052 and possible system instability later on (10454)
2054 * Update Red Hat packaging to support Fedora >= 20, RHEL >= 7 and
2055 ELrepo kernels (10597 10619 10622 10703 10704)
2059 * Support OS X 10.9 "Mavericks" (10519 10541 10542 10543 10548 10549)
2063 * Fixed a bug that caused the 1.6 AIX client to never receive any RX
2064 packets in the kernel. (RT #131725)
2068 * Support Solaris 11 (9454 9455)
2070 * Allow other users to access filesystems mounted by root. (9452)
2074 * Build tvolser and dvolser on this platform (10122)
2075 * Several fixes to catch up with newer releases (10374 .. 10381)
2079 * Build tsalvaged, tvolser and dvolser on this platform (10121)
2080 * Fixed build on NetBSD 5 and newer. (10138)
2086 * Fixes for OpenAFS-SA-2013-0003 and OpenAFS-SA-2013-0004
2092 * Obey the jumbo/nojumbo settings for ubik servers (the DB servers)
2093 too. In previous releases, those servers may have used jumbograms
2094 even if they were not configured to do so. This change corrects
2095 the actual behaviour, and will improve performance and reliability
2096 for sites where jumbograms are problematic. It could cause a decrease
2097 in performance for sites where jumbograms work, but those can turn
2098 them back on manually.
2100 * Dozens of fixes for common coding problems like use after free,
2101 use of possibly uninitialised memory, reading or writing past the
2102 end of arrays and potential NULL pointer derefences. Spotted by
2103 code analysis tools or human inspection.
2105 * Documentation improvements.
2107 * Fixes and improvements to the diagnostic or log messages printed by
2108 vos, the fileserver and others.
2110 * Build fixes, making parallel builds more reliable with certain
2111 configuration options and helping various platforms including
2112 recent releases of IRIX, Solaris and several flavours of Linux.
2114 * Avoid sending a small amount of data over the wire unencrypted
2115 under certain conditions, and emit the correct error message in
2118 All server platforms
2120 * Avoid generating duplicate IDs for readonly and backup volumes,
2121 which could happen under certain conditions.
2123 * Allow the fileserver to return volume data like quota or free space,
2124 which is available publicly elsewhere, without the additional access
2125 check for read permissions on a volume's root directory the fileserver
2128 * The fileserver now emits a log message when it ran out of memory for
2131 * Avoid several potential fileserver problems, including memory
2132 corruption and segmentation faults, due to client bookkeeping.
2134 * Avoid known cases of silent data corruption due to background syncs
2135 on the fileserver, especially during Copy on Write.
2137 * Make the fileserver sync behaviour runtime configurable. Up to 1.4.5,
2138 we had synchronous syncs which were safe but really slow. Since 1.4.5,
2139 we've had asynchronous syncs which are much faster but believed to
2140 be the cause of rare data corruption issues, and while all known cases
2141 of these happening are believed to be fixed in the 1.6.3 release, doubts
2142 remain. This change allows choosing between those, and in addition allows
2143 to turn syncs by the fileserver off altogether, thus relying on the vice
2144 partition's backend filesystem and the operating system, or to just
2145 execute them when a volume is detached. The default behaviour is
2146 unchanged from releases since 1.4.5, but it's highly recommended to
2147 consider the additional options this change provides. Future OpenAFS
2148 releases will default to "-sync=none".
2150 * For dbservers, avoid a situation where misinterpreting transient
2151 network errors causes long-term issues with achieving ubik quorum.
2153 All UNIX client platforms
2155 * Improvements to the detection of an aklog-specific krb5 configuration
2156 file, for the purposes of turning on "weak crypto" for aklog.
2158 * Fixed a regression introduced in release 1.6.2 which caused the
2159 supposedly persistent disk cache to be discarded upon client start.
2164 * Support Linux kernels up to 3.10
2166 * Fixed two bugs making it impossible to unmount a disk cache filesystem
2167 after it has been used by the client. (RT #131613)
2169 * Fixed a bug that could cause an oops with kernels 3.6 and later
2173 * Improved support for OpenBSD 4.9 to 5.3
2177 This release number had to be skipped for technical reasons.
2183 * Support Linux kernels up to 3.8.
2185 * Make the init script cope with the output of ifconfig on recent Fedora.
2191 * Fix buffer overflows in fileserver and ptserver.
2193 * Abort an rx connection when given an unknown service (Gerrit 7593).
2195 * "idle dead" behavior improvements.
2197 * Documentation updates.
2199 All server platforms
2201 * Fix rare file corruption during background sync (Gerrit 8796).
2203 * Fix corrupting clients' metadata cache during certain errors (Gerrit
2206 * Avoid saying a volume doesn't exist when accessed as the volume is
2207 going offline (Gerrit 7488).
2209 * Fix fileservers to properly report >2 TiB partitions.
2211 * Fix stale volume info from vos examine on non-DAFS filservers.
2213 * Fix possible volume corruption with vos convertROtoRW.
2215 * Fix bosserver to preserve all command-line options over restart.
2217 * Fix bosserver to properly kill hung processes during shutdown.
2219 All UNIX client platforms
2221 * Fixes for memcache, especially on Solaris.
2223 * Increase the size of the DNS resolver answer buffer to allow sites
2224 with a long response list to use SRV and AFSDB records.
2226 * Fix a crash when a server appears to run out of addresses (Gerrit
2229 * Fix cache corruption when reading from a file another client is
2230 simultaneously writing to (Gerrit 7994).
2232 * Improve handling of disk cache disk errors.
2236 * fix DKMS configuration for DKMS 2.2.
2238 * Avoid generating inode number 0 with md5 inodes (Gerrit 7276).
2240 * Fix a crash when reading /proc/fs/openafs/unixusers (Gerrit 7914).
2242 * Make PAG-less access use the real UID of the calling process
2243 instead of the effective UID, when determining what credentials to
2246 * Fix possible abuse of fs mkmount.
2247 Prior to 1.6.2, users could crash a client by nesting volume mounts.
2249 * Fix fileserver memory corruption on RHEL 6
2250 Prior to 1.6.2, fileservers on RHEL 6 may crash under heavy load.
2252 * Fix client page cache corruption on Linux
2253 When multiple clients read and write to a file, the reading client
2254 may see first page (4096 bytes) of a file as nulls.
2256 * Support Linux kernels up to 3.7.
2258 * Support newer glibc versions.
2260 * Improve client systemd unit file.
2262 * Update Red Hat packaging.
2266 * Fix crashes on shutdown.
2268 * Prevent unloading the module before shutdown completes.
2270 * Security improvement for the OpenAFS preference pane.
2274 * Support newer versions of the Sun Studio compiler software.
2276 * Support compiling on newer versions of Solaris 11 and Solaris 10.
2279 OpenAFS 1.6.0 (2011-08-15)
2283 * Substantial Rx updates to correct erroneous behavior.
2285 * vos now properly deals with matching sites when servers are
2288 * Don't stop Rx keepalives after an ackall is received, avoiding
2289 spurious connection timeouts. (128848)
2291 * Don't retry Rx calls on channels returning busy errors and improve
2292 Rx busy call channel error handling. (128671)
2294 * Properly enable Rx connection hard timeouts.
2296 * Rx NAT pings are not enabled until peer has answered.
2298 * Initialize rx_multi lock before use.
2300 * Avoid spurious crashes when initializing in "backup" client.
2302 * Revert UUID support in vos.
2304 * pt_util fixed to properly create new databases.
2306 * MTU discovery now properly shut down on call reset.
2308 * Avoid leaking references to hosts during callback break multi-Rx
2309 operations. (129376)
2311 * xstat tools now cope with differing timeval structures between
2314 * Numerous fixes to command argument parsing.
2316 * Documentation updates.
2318 All server platforms
2320 * A file descriptor leak which could result in corrupted files in the
2321 fileserver was fixed. An IMMEDIATE upgrade from previous 1.5 release
2322 fileservers is recommended.
2324 * Fix ptserver supergroups support on 64 bit platforms.
2326 * Demand attach salvaging doesn't use freed volume pointers.
2328 * Properly hold host lock during host enumeration in fileserver.
2330 * Attempt to recovery more quickly from timed out volume release
2333 * Auditing now properly byte order swaps IP addresses when printing.
2335 * vos split now has improved error handling.
2337 * Many changes to again support Windows fileservers.
2339 * During volume removal, data removal speed improved.
2341 * Improve CPU utilization during volume attaching by DAFS.
2343 * In salvager check-only mode, avoid potentially fixing a vnode.
2345 * Fix support for large (greater than 2gb) volume special files.
2347 * Salvager will not crash if multiple or bad volume link tables are
2350 * Avoid erroneous full dump by remembering which sites were out of
2351 date at the start of the release.
2353 * A deleted volume can now be recreated properly.
2355 * Callbacks are again not broken during whole partition salvages.
2357 * Positional vectored IO fixed for largefile (>2GB) capable systems.
2359 * Fileserver per-client thread usage again properly enforced.
2361 * Anonymous dropbox support improved and drawbacks documented.
2363 * Demand attach: ensure vnodes are not reallocated while in use due to
2364 volume bitmap errors.
2366 * Properly support large volume numbers (larger than 2147483647).
2368 * Allow salvager to be run manually again when DAFS is being
2371 * Avoid leaking references to hosts during callback break multi-Rx
2372 operations. (129376)
2374 * Demand attach: unlink fileserver state file on standalone salvage.
2376 * Salvager tries harder to detect linktable issues.
2378 * Demand attach: don't attach volumes with special status set.
2380 * Avoid crashing on host table exhaustion. Instead, defer clients.
2384 * afs_config will not longer set the Tray Icon State in the registry
2385 if the checkbox is not present in the dialog. (128591)
2387 * AFS Explorer Shell Extension now works from folder backgrounds.
2388 Overlays for mount points and symlinks are present in the dll, but
2389 are not registered at present by the installers.
2391 * Do not use RankServerInterval registry value as the value for
2392 PerformanceTuningInterval.
2394 * When the data version of a mountpoint or symlink changes, the target
2395 string in the cm_scache_t object must be cleared.
2397 * "fs checkservers" now includes vldb servers in the output and only
2398 lists multi-homed servers once. A multi-homed server that has at
2399 least one up interface is no longer considered to be down.
2401 * When asynchronously storing dirty data buffers to the file server
2402 ensure that (a) the cm_scache_t object and the cm_buf_t object are
2403 for the same File ID so that locking and signalling work properly;
2404 and (b) if the FID no longer exists on the file server, do not
2405 panic, just discard the buffer.
2407 * When processing VNOVOL, VMOVED and VOFFLINE errors perform server
2408 comparisons by UUID or address and not simply by cm_server_t
2409 pointer. Otherwise, server failover may not succeed.
2411 * Do not preserve status information for cm_scache_t objects when the
2412 issuing server is multi-homed.
2414 * Giving up all callbacks when shutting down or suspending the machine
2415 is now significantly faster due to the use of an rx_multi
2416 implementation. (This functionality is still off by default and
2417 must be activated by a registry value.)
2419 * Race conditions were possible when updating the state of the
2420 cm_volume_t flags and when moving the volumes within the least
2423 * Ensure that the lanahelper library does not perform a NCBRESET of
2424 each lan adapter when enumerating the current network bindings.
2425 Correcting this permits OpenAFS to work on Windows 7 when the
2426 network adapter settings change.
2428 * Fix creation of mount points and symlinks as \\AFS\xxxx
2430 * Icon tray state now conditionally set. (128591)
2432 * Properly create new cell mount points in freelance mode.
2434 * Avoid recursive offline volume checks.
2436 * Fix caching of non-existent volumes. The test to trigger an
2437 immediate CM_ERROR_NOSUCHVOLUME in cm_UpdateVolumeLocation() was
2440 * Prevent the background daemon from checking the status of
2441 non-existent volumes. cm_CheckOfflineVolumes() should skip volume
2442 groups with the CM_VOLUMEFLAG_NOEXIST flag set.
2444 * The afskfw library should return an error immediately if the
2445 krb5_32.dll library cannot be loaded. Affects afslogon.dll and
2448 * No longer depend on leashw32.dll in afskfw library.
2450 * NPLogonNotify must provide the user password in all calls to
2451 KFW_AFS_get_cred(). It cannot count on a credential cache being
2452 preserved between calls. Permits tokens to be acquired for all
2453 cells listed in the TheseCells registry value for a domain.
2455 * Improve the trace logging from NPLogonNotify().
2457 * Avoid a race when writing the cm_scache_t mountPointString
2458 when acquiring mount point or symlink target data via
2459 cm_GetData(). The race could result in bogus target
2462 * Permit the use of des-cbc-md5 and des-cbc-md4 enctypes
2463 as DES keys in asetkey.exe.
2465 * aklog supports dotted Kerberos v5 principal names.
2467 * afskfw library always attempts afs/cell@USER-REALM
2469 * afskfw library must test return code from krb5_cc_start_seq_get() or
2470 will trigger a null pointer exception when using Heimdal.
2472 * Lock protected fields must be 32-bit in order to avoid memory
2475 * Add support for NTFS symlinks.
2477 * Handle file search requests for virtual syscall ioctl file.
2479 * Process SyncOps properly to enforce ordered operations.
2481 * Avoid recursing during NewServer operations.
2483 * Correct lock acquisition order during SMB locking.
2485 * Add shutdown message to event log.
2487 * Check offline volume status by policy rather than on each daemon
2490 * Return error on directory object not found instead of crashing.
2492 * Improve error message output.
2494 * afslogin.dll can start afsd_service if it's not starting or started.
2496 * Optimize away release lock RPCs for deleted files.
2498 * Background Daemon will not perform operations on deleted files.
2500 * Resort recently used directories to the top of the LRU if the
2501 directory is larger than the stat cache.
2503 * Resort deleted objects to the bottom of the LRU.
2505 * Use interlocked operations for state and queue fields to allow safe
2506 bit set and clear on multiprocessor systems.
2508 All UNIX client platforms
2510 * Servers now marked down when GetCapabilities returns error.
2512 * In-use vcache count is now properly tracked.
2514 * Check for /afs existance before starting, unless -nomount is
2517 * Avoid a potential panic when using /afs/.:mount syntax.
2519 * Avoid a panic in memcache mode due to missing CellItems file.
2521 * FUSE client support fixed for non-/afs mounts.
2523 * Avoid a potential deadlock (which times out) when we need to
2524 allocate more callback returns and must flush some already in use.
2526 * Deal with libcom_err conflicts with other packages using it
2527 (e.g. krb5) (128640)
2529 * Fall back to afs3-vlserver SRV record values when afs3-ptserver SRV
2530 record is not available.
2532 * Avoid holding unneeded locks when probing server capabilties.
2534 * Do not attempt page flushes for directories.
2536 * Rx connection reference counting is enabled.
2538 * An Rx connection reference count leak is fixed in bulkstat.
2540 * Handle unparsable directory objects.
2542 * Handle Kerberos cred cache errors in aklog.
2546 * Fix PAG usage to track by PAG identifier, not group list.
2550 * Fix socket termination on shutdown.
2552 * Support for 7.2, 7.3, 7.4 and 8.2 included.
2554 * References to vcaches are no longer leaked during root or reclaim.
2556 * Remove support for "Giant" lock as we no longer need to use it.
2558 * Don't sleep with AFS GLOCK.
2560 * Properly enable 64 bit long long support.
2562 * Restore support for FreeBSD 7 (128612)
2564 * Fix locking issues at shutdown and avoid panic at shutdown due to
2567 * Support for virtual network stacks.
2569 * New RC script, updated packaging.
2573 * Properly create new vnodes to avoid crashing in the client.
2577 * Support through kernel 2.6.39. Treat Linux 3.0 as Linux 2.6 for
2580 * Use rx_Readv in cache bypass to improve performance.
2582 * Properly handle 0-length replies during cache bypass operations.
2584 * Properly handle non-contiguous readpage cache bypass operations.
2586 * Do proper locking when transitioning to or from cache bypass.
2588 * Avoid extra runs of vcache freeing routine. (128756)
2590 * Perform vcache eviction via a fast path before visiting vcaches
2591 where sleep is needed.
2593 * setpag() errors are now properly reported.
2595 * Avoid attempting to free stat cache entries when we are below
2596 user-specified number of entries in use.
2598 * Properly track user-specified number of stat cache entries to use as
2599 a desired usage target.
2601 * Don't read pages beyond EOF in the cache. (128452)
2603 * Various corrections and improvements to Red Hat packaging, including
2604 modifying the init script to allow deferring for a new binary
2605 restart and properly supporting RHEL6.
2607 * Fix lockup in 2.6.38 due to erroneous kernel feature configure test.
2609 * Improve RPM building tools.
2611 * Attempt to properly handle SELinux in packaging.
2613 * Init script properly returns status as exit code.
2615 * RPM packaging fixes (executable libraries, no postinstall message)
2617 * Kill i386 from RPM packaging.
2621 * MacOS 10.7 support.
2623 * Properly handle setpag errors. PAGs are not supported.
2625 * Check for unloaded kernel extensions when decoding AFS panics.
2627 * Disable "get tokens at login" in prefs pane if AD authentication
2628 plugin is configured.
2630 * aklog AuthorizationPlugin now provided.
2632 * Preferences Pane behavior fixed for 1.6 series (version detection is
2633 used to select default behavior).
2635 * A potential kernel panic during bulkstat operations is
2638 * 64-bit MacOS kernel performance is greatly improved. (128934)
2640 * Properly shut down AFS, closing the Rx socket in the upcall handler
2641 to avoid attempting to process data after we can no longer do so.
2643 * Rework logic for bulk status operations to avoid a potential hang.
2645 * Avoid panic when doing FSEvent synthesis.
2647 * Fix bug when using non-dynroot.
2649 * Update Kerberos support in PreferencesPane.
2653 * Updates for platform support.
2657 * Bug fixes for issues introduced previously in 1.5 series.
2659 * Support through OpenBSD 4.8.
2663 * Switch to ioctl() syscall replacement for Solaris 11 since syscall
2666 * Fix support for Solaris pre-10.
2668 * Corrected Solaris 11 startup script.
2670 * vcache mappings freed on shutdown to avoid panic.
2672 * Properly report errors for AFS system call callers.
2674 * Don't leave dangling function references if kernel extension fails
2677 * Try harder to avoid deadlocks on file-larger-than-cache operations.
2679 * Avoid panic on shutdown when mount failed.
2684 All systems: Minor bugfixes.
2686 ADDITIONAL CHANGES IN 1.6.0PRE2
2690 - Documentation updates.
2692 - Don't stop Rx keepalives after an ackall is received, avoiding
2693 spurious connection timeouts. (128848)
2695 - Don't retry Rx calls on channels returning busy errors. (128671)
2697 - vos will not die with a double free error at command completion.
2699 - Properly enable Rx connection hard timeouts.
2701 - Initialize rx_multi lock before use.
2703 - Avoid spurious crashes when initializing in "backup" client.
2707 - Check for /afs existance before starting, unless -nomount is specified.
2709 - Avoid a potential panic when using /afs/.:mount syntax.
2711 - Avoid a panic in memcache mode due to missing CellItems file.
2713 All server platforms:
2715 - Attempt to recovery more quickly from timed out volume release
2718 - Auditing now properly byte order swaps IP addresses when printing.
2720 - vos split now has improved error handling.
2722 - Many changes to again support Windows fileservers.
2724 - During volume removal, data removal speed improved.
2726 - Improve CPU utilization during volume attaching by DAFS.
2728 - In salvager check-only mode, avoid potentially fixing a vnode.
2730 - Fix support for large (greater than 2gb) volume special files.
2732 - Salvager will not crash if multiple or bad volume link tables
2735 - Avoid erroneous full dump by remembering which sites were out of date
2736 at the start of the release.
2740 - Remove support for "Giant" lock as we no longer need to use it.
2742 - Don't sleep with AFS GLOCK.
2744 - Properly enable 64 bit long long support.
2746 - Restore support for FreeBSD 7 (128612)
2748 - Fix locking issues at shutdown.
2752 - support through kernel 2.6.38.
2754 - RedHat packaging now properly supports RHEL6.
2756 - Use rx_Readv in cache bypass to improve performance.
2758 - Properly handle 0-length replies during cache bypass operations.
2760 - Properly handle non-contiguous readpage cache bypass operations.
2762 - Do proper locking when transitioning to or from cache bypass.
2764 - Avoid extra runs of vcache freeing routine. (128756)
2768 - Check for unloaded kernel extensions when decoding AFS panics.
2770 - Properly handle setpag errors. PAGs are not supported.
2772 - Disable "get tokens at login" in prefs pane if AD authentication
2773 plugin is configured.
2777 - support through OpenBSD 4.8.
2781 - Fix support for Solaris pre-10.
2785 - afs_config will not longer set the Tray Icon State
2786 in the registry if the checkbox is not present in
2787 the dialog. (128591)
2789 - AFS Explorer Shell Extension now works from folder
2790 backgrounds. Overlays for mount points and symlinks
2791 are present in the dll, but are not registered at present
2794 - Do not use RankServerInterval registry value as the value for
2795 PerformanceTuningInterval.
2797 - When the data version of a mountpoint or symlink changes,
2798 the target string in the cm_scache_t object must be cleared.
2800 - "fs checkservers" now includes vldb servers in the output
2801 and only lists multi-homed servers once. A multi-homed
2802 server that has at least one up interface is no longer
2803 considered to be down.
2805 - When asynchronously storing dirty data buffers to the
2806 file server ensure that (a) the cm_scache_t object and
2807 the cm_buf_t object are for the same File ID so that
2808 locking and signalling work properly; and (b) if the
2809 FID no longer exists on the file server, do not panic,
2810 just discard the buffer.
2812 - When processing VNOVOL, VMOVED and VOFFLINE errors perform
2813 server comparisons by UUID or address and not simply by
2814 cm_server_t pointer. Otherwise, server failover may not
2817 - Do not preserve status information for cm_scache_t objects
2818 when the issuing server is multi-homed.
2820 - Giving up all callbacks when shutting down or suspending
2821 the machine is now significantly faster due to the use
2822 of an rx_multi implementation. (This functionality is
2823 still off by default and must be activated by a registry
2826 - Race conditions were possible when updating the state
2827 of the cm_volume_t flags and when moving the volumes
2828 within the least recently used list.
2830 - Ensure that the lanahelper library does not perform a
2831 NCBRESET of each lan adapter when enumerating the
2832 current network bindings. Correcting this permits OpenAFS
2833 to work on Windows 7 when the network adapter settings
2836 - Fix creation of mount points and symlinks as \\AFS\xxxx
2842 - vos now properly deals with matching sites when servers are multihomed.
2846 - Servers now marked down when GetCapabilities returns error.
2848 - In-use vcache count is now properly tracked.
2850 All server platforms:
2852 - Fix ptserver supergroups support on 64 bit platforms.
2854 - Demand attach salvaging doesn't use freed volume pointers.
2856 - Properly hold host lock during host enumeration in fileserver.
2860 - Fix socket termination on shutdown.
2862 - Support for 7.2, 7.3, 7.4 and 8.2 included.
2864 - References to vcaches are no longer leaked during root or reclaim.
2868 - Define llseek handler to avoid ESPIPE error in 2.6.37.
2870 - Mount interface replaces get_sb (new for 2.6.37, not yet required).
2872 - RedHat init script allows deferring for a new binary restart.
2874 - DEFINE_MUTEX replaces DECLARE_MUTEX for 2.6.37.
2878 - Correct return value from setpag syscall.
2882 - Bug fixes for issues introduced previously in 1.5 series.
2886 - Switch to ioctl() syscall replacement for Solaris 11 since syscall 65
2890 OpenAFS 1.5.78 (2010-11-04)
2894 * Revisions to Rx to fix performance issues.
2896 * Make fs getfid behave consistently across all platforms. (128372)
2898 * Properly check IDs handed to pts when creating users or groups so
2899 useful error messages can be provided. (128343)
2901 * Correct byte order handling of port in afsconf_LookupServer for SRV
2904 * Force a full dump when releasing to a site which was previously
2905 marked "don't use", in case the previous clone was out of date.
2907 All server platforms
2909 * Demand salvage of attached volumes now correctly track attachment
2912 * Avoid a potential crash due to failure to hold a lock when attaching
2917 * Track SMB connections by SID rather than username.
2919 * Error write attempts to known-readonly volumes earlier.
2921 * Validate directory buffers to avoid potential crashes.
2923 * Handle VIO errors from bulkstatus.
2925 * Make PMTU discovery configurable and register error handlers for it.
2927 All UNIX client platforms
2929 * Use larger I/O sizes in memcache to improve performance.
2931 * Avoid potential alignment issues doing I/O for pioctl calls.
2935 * Avoid panicing if the listener process is not findable.
2937 * Avoid deadlock issues while performing lookups.
2941 * Handle stale file handle errors for some cache partition types.
2943 * Avoid blocking with xvcache lock when attempting to free in-use
2946 * Build fixes for older kernels.
2948 * Properly configure LWP to use ucontext() on platforms where it
2951 * Eliminate spurious errors from AFS system call returns. (126230)
2955 * Attempt to honor configured Kerberos defaults in Preferences Pane.
2958 OpenAFS 1.5.77 (2010-09-08)
2962 * Rx path MTU detection will terminate detection in cases where the
2963 minimum required packet size cannot be transferred.
2965 * vos dryrun mode now shows effects for syncvldb single volume case.
2967 * vos dryrun mode now shows "status after" for syncvldb and syncserv.
2969 All server platforms
2971 * RXAFS_GetStatistics64 now returns statistics properly.
2975 * Attempt to properly identify the local system SMB connection for
2978 * Remap timeout and offline errors to proper NT RPC errors.
2980 * Properly fail over to other replicas on bulkstat IO errors.
2982 * Properly error delete-mode createfile if a file is set readonly.
2984 * Validate directory entry buffers to avoid crashing the service.
2986 * Log file modes properly.
2988 * Log cell name when logging server information.
2990 All UNIX client platforms
2992 * cacheout program for discarding callbacks is now built.
2994 * bulkstatus kernel locking is corrected to avoid a potential panic.
2998 * userspace support update
3002 * Updated vnode locking for children returned via lookup().
3004 * Avoid file open undercount with needed calls to
3005 FakeOpen/FakeClose().
3007 * Use vnode_pager_setsize to properly track file size during kernel
3010 * Update system call installation.
3012 * Fix shutdown of Rx kernel listener to avoid potential dereference
3015 * Avoid closing vnodes during vnode recycle.
3017 * Fix bogus call to FlushVS for vnode reclaims.
3021 * Packaging updated for current configure options and built files.
3023 * Cache bypass now holds reference on pages during readpage.
3025 * s390x setgroups32 patching update.
3029 * DNS resolver is reinitialized on IP address change. (126440)
3032 OpenAFS 1.5.76 (2010-08-16)
3036 * Updates to build-time configuration.
3038 * Fix XDR support in Rx to match header definition.
3040 * vos status now shows transaction creation, not action creation.
3042 * Rx avoids reporting loopback adapters when listing interfaces.
3044 All server platforms
3046 * Demand-Attach Fileserver always built and installed (dafileserver,
3047 davolserver, dasalvager).
3049 * Return VNOVOL from fileserver when a volume is deleted.
3051 * Ignore duplicate tags during volume restore operation.
3053 * Update inode array after salvage repairs volume.
3055 * Zero a corrupted header in memory during salvage to avoid further
3058 * Fix NAMEI backend to allow low-numbered volumes to work properly.
3060 * ptserver does not include cell name as part of length check for
3063 * Updated error messages for unblessed volumes.
3065 * vlserver avoids buffer overflow with regex pattern
3067 * Attach-time failures now note failures as the rest of the fileserver
3070 * Server argument logging will no longer overflow stack.
3072 * Provide fast-restart-like unsafe-nosalvage option for DAFS.
3074 * Deal with host hash collisions in the fileserver.
3078 * Avoid crashing when interpreting a drive letter as potentially
3079 matching a cell name.
3081 * Properly handle volume package errors.
3083 * Allow page recycling from known-readonly content without ensuring
3086 * 32 bit tools installer should not override client configuration.
3088 * Ensure root scache item has a valid callback when use is attempted.
3090 * Freelance directory changes now properly invalidate and replace the
3093 All UNIX client platforms
3095 * Support disconnected reconnecting with specified UID for PAGless
3098 * Proper disconnected vnode reference tracking.
3100 * Update server site blacklisting to not return success if nothing was
3103 * Avoid a panic during vcache contention due to CVInit vcache
3108 * Update for network stack in 8.1/9.0.
3118 * Disable PMTU error packet handling.
3122 * Debian packaging updated.
3124 * freezer interface updates.
3128 * Hold references to disconnected mode written vnodes properly.
3132 * Handle NFS translator module references for amd64.
3134 * INODE fileserver backend support now exists for amd64.
3137 OpenAFS 1.5.75 (2010-07-07)
3141 * Prevent rx_rpc_stats global lock from being a bottleneck.
3143 * Path MTU discovery is now provided to allow traffic to pass networks
3144 with sub-1500 byte MTUs and poor fragment handling.
3146 * Further reduce Rx NAT ping transmission when enabled.
3148 * Update Kerberos 5-based token handling in rxkad from upstream
3151 * Update version numbers emitted during build to reflect what is
3152 actually being built.
3154 * Add "-human" switch for human-readable units in fs diskfree and
3157 * vos provides reasons for locked volumes when known.
3159 * Do not count retransmission and ping acks as non-idle for Rx
3162 * Rx: provide service-specific data getter and setter routines.
3164 * Update build-time Kerberos detection.
3166 * Updated userspace AFS client.
3168 * Beginning of a modernized test suite.
3170 * Additional documentation.
3172 * Updated documentation, notably the Administrators Guide.
3174 * Substantial code cleanup.
3176 All server platforms
3178 * Update handling of vnode allocation failures.
3180 * DAFS: allow salvaging volumes not known to the fileserver, to allow
3181 cleanup of data not attached to a current volume.
3183 * Properly handle volumes slated for destruction.
3185 * Handle volumes with many files properly.
3187 * Force core file generation in bosserver by overriding default
3188 resource limits when possible.
3190 * Update vlclient and vldb_check.
3192 * Avoid potentially corrupting a volume on creation if files are left
3193 from previous failed cleanup.
3195 * Note volume changed during salvage as needed.
3197 * DAFS: do not assume invalid addresses are in fileserver address hash
3200 * Avoid tying up fileserver threads with volumes that are being taken
3203 * Do not set inUse on volumes for non-DAFS other than in fileserver.
3205 * Break origin's callback on target of rename operation.
3207 * Avoid unneeded parent directory link updates during some rename
3210 * Do not open /dev/console for writing in the fileserver.
3212 * DAFS: avoid spurious restarts when binary restarts are configured.
3214 * Avoid spurious and unneeded calls to sync(), which can slow down the
3219 * Revised SMB QuerySecurityInfo to address issues caused by MS10-020
3220 (http://support.microsoft.com/kb/980232)
3222 * Prevent use of the AFSCache file contents if mapped to a new
3225 * Make fs newcell include behavior compatible with the non-Windows
3228 * Provide a registry option (FreelanceImportCellServDB) to pre-create
3229 mount points in the AFS root for all cells in CellServDB.
3231 * Fix a memory leak in the cm_FreeServerList() routine.
3233 * Reduce privilege when reading registry CellServDB.
3235 * Add support for RPC Pipe Service NetWkstaGetInfo levels needed for
3238 * Prevent overflow when computing quota percentage in Explorer Shell.
3241 * Generate meaningful errors for ACL operations on freelance AFS root.
3243 * Fix error handling on InlineBulkStatus RPCs.
3245 * Show configuration pages for all types of MSI installations.
3247 * Improve freemount AFS root directory handling and operations.
3249 * Properly validate GetVolumeStatus pioctl responses.
3251 * Commit file length changes and dirty buffers when flushing a file.
3253 All UNIX client platforms
3255 * Update version of files for disk cache.
3257 * Do not call afs_FlushVCBs with xvcache lock held, to improve
3260 * Add mariner log messages for creating and removing files.
3262 * Don't hold xvcache lock while creating symlinks, to improve
3265 * Provide -dynroot-sparse mode to not show all cells in CellServDB in
3268 * Avoid a potential crash in aklog in linked cell handling.
3270 * Log MTU-caused packet retransmission.
3272 * Prevent crashes caused be fs checkservers while cache is being set
3275 * fs getserverprefs now has a buffer large enough for the default
3278 * Report server address when logging warnings.
3280 * Avoid panic in GetCapabilities when cell is not known.
3282 * Lock process name and id for advisory lock warnings when possible.
3284 * Handle need for allocating additional Rx packets.
3286 * Properly handle errors from InlineBulkStatus operations.
3288 * Fix errors returned from fcntl() on readonly files locked for write.
3290 * Flush pending changes to the server on LOCK_EX unlock.
3292 * Reflect length changes as a result of callbacks even when file is
3295 * Avoid hanging due to error exit when attempting to store a large
3296 file to a non-largefile fileserver.
3298 * Recover from afs_GetVolSlot errors.
3302 * Bugfixes for kernel VFS and network routines.
3306 * Provide makesname().
3310 * Avoid syscall probes when keyrings are present, by default. (125215)
3312 * Remove "Big Kernel Lock" from VFS operations.
3314 * Use filehandles for all Linux 2.6 versions to avoid need for matched
3317 * Updated RPM packaging.
3319 * Fix dkms configuration provided with RPMs.
3321 * Hold reference on pages during background I/O for cache bypass.
3323 * Fix cache bypass handling of non-largefile fileservers.
3325 * Protect truncate_inode_pages mappings with mutex or semaphore as
3328 * Fix pagevec use in cache bypass. (127505)
3330 * Updates for 2.6.35
3334 * Improve launchd configuration.
3336 * Avoid hanging on recursive cache file lock acquisition when user
3337 notification is enabled.
3339 * Fix and re-enable bulkstat mode.
3347 * Precluding unmount while AFS is busy.
3349 * Avoid deadlocking when releasing the VFS object.
3351 * Stop network interface poller in kernel on AFS shutdown.
3353 * Avoid issues with lookups on empty directory names. (127356)
3356 OpenAFS 1.5.74 (2010-04-22)
3360 * Add "vos setaddrs" command.
3362 * Rx library lock contention avoidance between rx_NewCall and
3365 * Rx library races due to inconsistent use of rx_connection
3366 conn_data_lock to protect the flags field.
3368 * Rx library inconsistent use of RX_CALL_TQ_WAIT which could result in
3371 * Rx library must signal transmit queue waiters when flushing.
3373 * afsmonitor shows busy counts now.
3375 * afsmonitor displays xstat callback statistics.
3377 * Provide expandgroups for pts mem on a supergroups server.
3379 * Provide supergroup option to liste nested groups during pts mem.
3381 All server platforms
3383 * Avoid volume lock contention during DAFS startup.
3387 * Avoid a race when updating cell vldb server lists that can result in
3390 * Avoid a deadlock when managing CM_SCACHESYNC_STOREDATA state
3391 operations for directory objects.
3393 * Add new Windows Application Event log messages for VBUSY,
3394 VRESTARTING, ALL_BUSY, ALL_OFFLINE, and ALL_DOWN.
3396 * Reduce lock contention by waiting for cm_buf_t I/O operations.
3398 * Split the cm_buf_t flags field to separate the flags that are
3399 protected by the cm_buf_t mutex from those protected by the
3402 * In cm_UpdateVolumeLocation, avoid searching for a ".readonly" volume
3403 on a numeric volume name.
3405 * File buffer allocations whose offsets are beyond server EOF should
3406 be locally allocated and zero filled. The file server should not be
3407 issued a FetchData rpc which is guaranteed to fail.
3409 * Enable integrated logon to work with Windows 7/2008 when user logons
3410 are performed with a non-Domain Kerberos principal.
3412 * Add Protection Error messages to aklog output.
3414 All UNIX client platforms
3416 * Provide a FUSE-interfacing userspace afs client.
3418 * Updates to libuafs userspace cache manager.
3420 * Probe servers using GetCapabilities instead of GetTime, thus
3421 requiring fewer RPCs.
3423 * Fix DNS SRV record handling for cell lookup.
3427 * Fix sleep/wakeup routines.
3429 * Update for 8.0 release.
3433 * Handle high memory addresses correctly.
3437 * Make 32 bit AFS syscalls work again.
3439 * Work around finder "Duplicate" failure (caused by setting modes on
3442 * Disable bulkstat again (will be re-enabled at or before .75).
3444 * Provide symlink type hints during readdir.
3447 OpenAFS 1.5.73 (2010-03-24)
3449 All systems: Minor bugfixes. New features.
3451 * New functionality:
3455 - NAT keepalive support at Rx level.
3461 - Corrected server IP address output in vos syncvldb verbose mode.
3463 - Corrected server IP address output for last "yes" host in udebug.
3465 - Corrected SRV record support for canonicalizing cell names.
3469 - Fixed a potential race in Disconnected AFS "remove" support.
3471 - Fix a potential blocking condition in fakestat mode.
3473 - Avoid some errors and stack overflow reports when vos is interrupted.
3476 - Clean up several minor memory leaks.
3478 - If a large file is stored to a non-largefile fileserver, avoid
3479 a potential deadlock.
3481 - Increase maximum number of sysnames to 32.
3483 - Readd fs mariner "storing" message, missing since AFS 3.3.
3485 - Attempt timeouts on AFSDB lookups in userspace.
3487 - Avoid interrupting writes due to an idle deadtime timeout.
3489 All server platforms:
3491 - Properly notify only affected hosts for volume callbacks. (126497)
3493 - Allow volumes with trashed root directory to be recovered. (94658)
3495 - Hold lock in file and volservers when traversing partition list.
3497 - Use finer-grained locking in DAFS: volume, instead of partition locks.
3499 - Schedule all DAFS salvages via FSSYNC.
3501 - Avoid stale ptserver credential caching issue on keyfile update.
3503 - Improve callback table overflow handling. (126451)
3505 - Preclude deadlocks on when attempting to save DAFS state.
3507 - Avoid races deleting hosts. (126454)
3509 - Improve salvage speed for DAFS (124488)
3511 - The bosserver now handles SIGTERM.
3515 - Prevent the Explorer Shell extension from crashing if symlink
3516 creation failed. (126406)
3518 - A Rx level NAT ping has been implemented. A registry value enables.
3520 - Adds krb5 error message translation to aklog, afscreds,
3521 afslogon.dll, the network identity manager afs provider and
3524 - Default mode bit settings for file and directory creation are now
3525 provided, and can be configured.
3527 - An SMB request trace facility is provided and can be enabled for
3532 - Clean up properly on mount failure.
3534 - Add entry to /etc/vfs to allow umount to work.
3538 - Additional work to support FreeBSD 8-current.
3542 - Fix build issues with library order.
3546 - Fix s390 support conflict with executable stack patches.
3548 - Don't count root's AFS session keyrings against quota.
3550 - Correct dkms support in RPM config file.
3552 - Keyring destructor now properly cleans up all tokens.
3554 - Build again on old 2.6 kernels.
3556 - Avoid GLOCK leak when updating CellServDB in-core.
3558 - Fix byte-range lock handling.
3560 - Attempt to deal with bdi issues. (126514)
3564 - Some FSEvents hinting for authentication events now done. (23781)
3566 - Update uninstaller. (125634)
3568 - Rewrite afssettings and fstab code to avoid licensing issue with APSL.
3570 - Growl client for user monitoring of AFS events included.
3572 - Properly support insert-only dropboxes.
3574 - Add bulkstat support.
3576 - Include support for moving in Finder across mount points.
3578 - Preferences Pane includes support for Kerberos 5 ticket renewal.
3582 - Some support for OpenBSD 4.7.
3585 OpenAFS 1.5.72 (2010-02-15)
3589 * Provide internationalization support in com_err.
3591 * Fix array length checking to avoid crashes when checking for a
3592 volume type based on name in vos.
3594 All server platforms
3596 * Provide backward compatible "-f" flag to salvager for force mode.
3600 * Restore use of DNS AFSDB and SRV records by kaserver clients.
3602 All UNIX client platforms
3604 * Fix client cache file truncation to not lose chunks when truncating
3607 * Ensure a cache writeback hook is installed in the client (bug from
3610 * Avoid spurious free memory warnings during clean shutdown.
3612 * Fakestat mode avoids AFSDB lookups.
3614 * "fs storebehind" now correctly reports errors on readonly volumes.
3616 * Additional documentation for "fs getcacheparms"
3618 * Forced new uuid generation with "fs uuid -generate" now works
3619 enforced permission correctly.
3623 * Add optimized Rx event handler in kernel.
3625 * Installer now allows installing an older version.
3627 * Panic decoder can now deal with MacOS 10.5 again.
3629 * MacOS ._ files are now correctly not looked up as cellnames.
3633 * To deal with SELinux file labeling, try cache accesses with current
3634 credentials in event of failure.
3636 * Rx XDR encoding bug on i386 Linux is fixed (bug introduced in
3641 * Code compilation fixes.
3645 * Update for OpenBSD 4.6.
3648 OpenAFS 1.5.69 (2010-01-19)
3652 * Configuration of BOSserver no longer defaults to weekly restarts
3655 * Provide BOS restricted mode by default.
3657 * Add support for "vos endtrans" command.
3659 * Default to providing full output from vos listvol.
3661 * Correct additional-address tracking in the fileserver.
3663 * Improve Rx performance by not unnecessarily dropping and reacquiring
3664 call locks in read and write processes.
3666 * Avoid crashes when monitoring volserver transactions across
3667 potential transaction garbage collection.
3669 * Numerous warning fixes.
3671 All server platforms
3673 * Avoid saving fileserver state in demand attach fileserver when
3676 * Demand attach fileserver allows other callers to schedule salvages.
3678 * Demand attach "bos salvage" now works correctly with restricted
3683 * Numerous changes to the client-internal btree directory handling to
3686 * fs examine reports owner and group ids as signed values (PTS groups
3689 * Preclude corruption due to races writing to smb buffers.
3691 * Allow MTU settings in registry to be used.
3693 * Apply MTU to both send and receive sizes.
3695 All UNIX client platforms
3697 * Avoid double-freeing Rx call structure if reading a response from
3698 the file server results in a short read.
3700 * Handle negative lengths in FetchStatus results correctly.
3702 * Properly clean up allocated memory at shutdown.
3704 * Default to AFSDB compiled into the cache manager.
3706 * Avoid inadvertant disclosure of stat() information to clients not so
3709 * Correct a bug with AFSDB lookups introduced with SRV record support.
3713 * Install kernel panic processing tool in /Library/OpenAFS/Tools.
3715 * Include debugging symbols for kernel extension in additional package.
3717 * Support "Application Firewall" users.
3719 * Avoid ._cellname AFSDB lookups.
3721 * Compile preferences pane as a universal binary.
3725 * Use splice to speed up storing files.
3727 * When using memcache, avoid duplicating work in readpages.
3729 * Use dget_parent to safely find an inode's parent.
3731 * Disable access time updates in our superblock.
3733 * Avoid crashing doing writeback if no credentials were stashed at
3736 * Simplify keyring support.
3738 * Properly clean up vcache in event of failed mount.
3742 * Update for current FreeBSD 8.
3746 * Abstractly manipulate groups as now required.
3748 * Abstractly access time instead of using lbolt directly.
3751 OpenAFS 1.5.68 (2009-12-08)
3755 * aklog now attempts to convert non-AFS errors to human-readable
3758 * Make stack not executable when compiling assembler source with GCC.
3760 * Numerous source warning cleanups and code reorganization.
3762 All server platforms
3764 * Compute midnight for volume statistics calculation from local time.
3766 * Salvager now orphans duplicate special inodes when running to allow
3767 recovery in event of a problem, instead of simply ignoring the
3770 * Support to ensure a server panic attempt leaves a core and thus
3771 restarts in a timely manner, rather than potentially hanging. Use
3772 panic to attempt cleanup before leaving a core when possible.
3774 * Volume sync data reported during bulkstatus is now set correctly.
3776 * Provide better tuning for fileserver file descriptor caching.
3778 * Allow more than 128 threads in fileserver by modifying host
3779 structure in-use tracking.
3781 * Avoid crashes getting volume server status during transaction
3784 * Improved logging of offline volume conditions.
3786 * Correct volume statistics when cloning a volume.
3788 * Avoid referencing host structures in the fileserver which are marked
3791 * Demand attach fileserver corrections to avoid coring during an
3794 * host array bounds checking corrections to avoid buffer overflow.
3796 * Handle special inodes correctly when promoting an inode fileserver
3797 readonly volume to read-write.
3801 * Set the DOS Readonly attribute on a file/directory whenever the unix
3802 mode combined with the mask 0200 is true. Previously there was a
3803 discrepency between the mask used for testing for readonly behavior
3804 and that used for setting the attribute.
3806 * Disable AFSVolSync based .readonly "whole-volume callback" support
3807 because the all file servers prior to 1.5.67 (and perhaps 1.4.12) do
3808 not properly assign a value to the AFSVolSync structure in bulk
3809 status RPC responses.
3811 * Improve the error output from aklog to output the value from krb5
3812 error_message() if the afs_com_err output indicates an unknown
3815 * Convert VBUSY and VRESTARTING to CM_ERROR_ALLBUSY and do not permit
3816 them to be exposed to the smb redirector.
3818 * Convert STATUS_TIMEOUT responses to STATUS_IO_TIMEOUT to avoid
3819 confusion within the smb redirector.
3821 * Fix the byte order assigned to port numbers associated with AFSDB
3822 record lookups. They must be network byte order not host byte
3825 * Add dynamic server ranking based on RPC round trip time
3828 All UNIX client platforms
3830 * Additional shutdown-time memory leaks removed.
3832 * Improved logging of resource contention.
3834 * Provide dumping for Rx debug packet tracking support in source.
3836 * Update afscp test client to build, and provide an unlock client.
3838 * Client buffers for directory parsing can now be allocated beyond the
3839 fixed set formerly provided.
3841 * Work around race condition when manipulating read-only volume
3844 * Bugfixes to get PAG value pioctl.
3846 * Bugfixes to SRV record support.
3850 * Path MTU tracking code cleanup.
3852 * Avoid an oops due to racing with vcache recycling thread.
3854 * Changes to keyring PAG handling: for sufficiently new kernels, use
3855 only keyring-based PAGs, and disable group PAGs entirely.
3857 * Updates to the kernel page cache interface: writing pages will now
3858 not spuriously leak page locks, and will avoid requiring duplicate
3861 * Credential references are now tracked using native atomic counters.
3863 * Kernel mutex/semaphore lock ordering fix to avoid deadlocks.
3865 * Manipulate disk cache with credentials used to initialize it, to
3866 avoid security issues.
3870 * Fix fstrace message catalog location.
3872 * Fix kernel fstrace logging.
3875 OpenAFS 1.5.66 (2009-10-25)
3879 * Avoid calling exit() in library code.
3881 * Add rx window size and peer timeout tuning APIs.
3883 * Correct rx peer timeout handling to disallow 0ms timeouts.
3885 * Correct calculation of rx RTT by disregarding retransmitted packets.
3887 * vos manpages updated to reflect changes in recent versions.
3889 * GNU-style long options (e.g. --cell) are now supported in all
3892 * fs listacl can now print a command to recreate the current ACL.
3894 All server platforms
3896 * Fix a race on transaction objects in the volserver which can cause a
3899 * Avoid destroying and setting to NULL the callback connection when it
3900 could still be being used.
3902 * Correct unlink handling in salvager.
3904 * Improve error messages due to I/O errors in the volserver.
3906 * Correct an issue which caused converted RO to RW volumes on namei
3907 fileservers to not come online immediately.
3911 * Official support for Windows 7 and Server 2008 R2.
3913 * Prevent a file server bug (FetchData returning an invalid length
3914 instead of zero) from causing an "unexpected network error" when
3917 * Promote DNS SRV records as superior to DNS AFSDB records. Support
3918 arbitrary port numbers for vldb servers.
3920 * Add AFSVolSync based .readonly "whole-volume callback" support.
3921 With this functionality, multiple objects from a .readonly volume
3922 can have their status validated by issuing a single
3923 RXAFS_FetchStatus RPC.
3925 * Remove drive mapping functionality and service start/stop from
3928 * Remove drive mapping functionality from afs_config.exe.
3930 * Use {HKLM,HKCU}\SOFTWARE\OpenAFS\Client DWORD "ShowMountTab" to
3931 restore access to drive mapping functionality in afscreds.exe and
3934 * Adjust SMB error return codes to avoid returning STATUS_TIMEOUT
3935 which results in the SMB redirector disconnecting.
3937 * Network Identity Manager OpenAFS Provider now provides its own "AFS
3938 lock" notification icon to report the status of "have tokens, have
3939 no tokens, service not started, service started but inaccessible".
3940 Hovering over the icon lists the cells for which tokens exist (if
3941 any) and the OpenAFS version number. Double-clicking executes the
3942 Network Identity Manager default action.
3944 * Prevent pioctl calls from retrying indefinitely when a sharing
3945 violation error occurs.
3947 All UNIX client platforms
3949 * Correct a condition which could discard the error from initializing
3952 * Avoid using invalid references to afs_Conn connection structures,
3953 and thus potentially producing invalid data when a retry is needed.
3955 * SRV records are now supported for discovering AFS servers.
3959 * Correct writepage behavior.
3961 * Fix error code handling in the writepage code.
3963 * Avoid leaking page locks, which could potentially hang a machine.
3967 * Preferences Pane improvements.
3971 * Avoiding attempting to handle critical signals in servers, so that
3972 core file handling works correctly.
3975 OpenAFS 1.5.65 (2009-10-06)
3979 * Code compilation warning fixes, to enable better finding and
3982 * Provide configure-time switch to enable code warning compilation.
3984 All server platforms
3986 * Demand-attach fileserver now makes volume LRU list operations
3987 exclusive operations to avoid races during adding to the list.
3989 * Fileservers now avoid potential "negative length" fetches.
3991 * A leak in host tracking objects in the fileserver has been fixed.
3993 * Salvager now unlinks all files by full path, to deal with the change
3994 to not chdir for core file tracking.
3996 * Salvager avoids asserting if the volume header is unreadable.
3998 * Demand-attach fileserver puts back volume references from fssync
4003 * Improved service response to suspend and shutdown event
4006 * Avoid a bug in the file server that can result in an invalid length
4007 being returned as part of a fetch data response if the client
4008 attempts to read beyond the length of the file.
4010 * Do not publish a default stream object for directories and mount
4011 point objects. This was impacting the ability of some Windows XP
4012 systems to save roaming profiles.
4014 All UNIX client platforms
4016 * A bug which could cause erroneous handling of lengths on data reads
4019 * A bug where erroneous length returns from the fileserver could
4020 result in a false error has been fixed.
4024 * Background page copies are now supported for enhanced disk cache
4027 * Blocking readahead is supported in readpages() to reduce overhead.
4029 * Use readpage() instead of read() to access cache data to avail disk
4030 cache users of the kernel backing cache for improved performance.
4032 * Minimize credential handling for improved performance.
4036 * Preferences Pane cleanup.
4040 * Provide a fs_pathconf method with sensible defaults.
4042 * Provide a _PC_FILESIZEBITS method to fix some NFS translator
4046 OpenAFS 1.5.64 (2009-09-22)
4048 All server platforms
4050 * The demand attach fileserver now puts back volume references gotten
4051 via the fssync interface.
4053 * The demand attach fileserver had a structure reference error, which
4054 has been correected.
4058 * Restores Windows 2000 compatibility.
4060 * Fixes a data consistency error between the output of NetWkstaGetInfo
4061 and NetServerGetInfo RPCs, specify the Lan workstation group name
4062 "AFS", and report server name as "AFS" instead of "\\AFS" when the
4063 caller asks for "\\AFS".
4065 * Enables executables to be run from \\AFS on Windows 7. Returns
4066 "Name not found" instead of "File not found" when a directory or
4067 file name cannot be found. This avoids loader errors when system
4068 dlls cannot be located in the executable directory.
4070 * Prevents cache manager from marking the file server "down" when the
4071 data returned in response to either RXAFS_FetchData64 or
4072 RXAFS_StoreData64 is invalid.
4074 * Adds pioctl data validation to the AFS Explorer Shell extension.
4076 All UNIX client platforms
4078 * A bug which could cause a kernel panic in 1.5.63 has been corrected.
4079 This would manifest as a GetDCache panic or oops.
4083 * aklog -setpag works again with recent kernels when keyring is in
4088 * When Fast User Switch is in use, AFS login is now handled correctly
4089 by the integration tool included with the preferences pane.
4091 * Several packaging bugs have been corrected.
4094 OpenAFS 1.5.63 (2009-09-11)
4098 * The restorevol command is now documented and installed as a user
4101 * The uss command now properly translates vldb entries to its expected
4102 format when handling them in all cases.
4104 * Documentation now refers to Kerberos instead of kaserver.
4106 All server platforms
4108 * bosserver now handles BosConfig.new when restarting, allowing
4109 configuration to be replaced at restart time rather than with bos
4110 delete and bos create. Documentation is updated to reflect this.
4112 * The demand attach fileservice not longer potentially hangs trying to
4113 terminate demand-salvages which have already exited.
4115 * The demand attach fileservice has been modified to avoid spurious
4116 'SYNC_putRes: write failed' warnings when some protocol messages
4117 cannot be acknowledged due to the sender terminating the connection.
4119 * In the event of failure to contact the vlserver or ptserver, the
4120 fileserver will not exit and trigger a forced salvage. It will
4121 continue to try in the background to contact the needed services.
4123 * The salvager can now repair certain cases of a damamged vnode index.
4125 * The accessDate metadata for a volume is now updated correctly.
4129 * CRITICAL: Some applications for example those based on Cygwin were
4130 unable to access data stored in the AFS name space. Explorer Shell
4131 also experienced inconsistent behavior. This is fixed.
4133 * CRITICAL: Multiple AFS pioctl requests issued nearly simultaneously
4134 by applications could result in pioctl responses being received by
4135 the wrong requester. This in turn could result in application
4136 crashes. symlink.exe, fs.exe, afslogon.dll, afscreds.exe, and the
4137 netidmgr afscred.dll plugin were all affected.
4139 * Some XP machines running 1.5.62 had trouble saving roaming profile
4140 data. This is fixed.
4142 * Integrated Logon (afslogon.dll) did not function with domain
4143 specific configurations.
4145 * Ensure that access denied and over quota errors experienced while
4146 storing data to the file server do not result in on-going retry
4149 All UNIX client platforms
4151 * Except on Solaris and AIX, the compiler may now be overriden at
4152 configure time by setting the CC environment variable.
4154 * afsd now properly deals with large cache partitions.
4158 * Build shared libafsauthent and libafsrpc.
4162 * Kernel module DKMS support now installs an unstripped module to
4163 allow debugging information to be collected.
4167 * Preferences pane properly updates token information.
4171 * klog will now properly handle passwords of 8 or fewer characters
4172 with an AFS string to key on hosts able to run 64 bit binaries.
4174 * A panic at AFS shutdown due to "NO PCB" on a udp_lock has been
4177 * The panic decoder script included in the source now properly handles
4178 32 and 64 bit panics.
4182 * Avoid defining AFS_KERBEROS_ENV globally as it creates a circular
4185 * Build shared libafsauthent and libafsrpc.
4189 * Build shared libafsauthent and libafsrpc.
4192 OpenAFS 1.5.62 (2009-08-28)
4196 * Numerous invisible changes to improve code maintainability,
4197 portability and enhanceability.
4201 * CRITICAL: Fixes two errors that can result in data loss when storing
4202 data to the file server.
4203 1. Failure to Store Portions of Unaligned Writes
4204 2. Failure to Store Data to File Servers Lacking Large File Support
4205 Read the announcement for more details:
4206 http://www.openafs.org/pipermail/openafs-announce/2009/000305.html
4208 * CRITICAL: The cache manager daemon thread could terminate when the
4209 machine enters suspend mode. This daemon thread performs the
4210 background check of down servers, offline volumes, callback
4213 * CRITICAL: Integrated Logon (afslogon.dll) was terminating
4214 unexpectedly. Error checking has been improved and NULL pointer
4215 dereferences after Lsa API calls fail have been eliminated.
4217 * For the first time, the OpenAFS SMB Server supports the DCE RPC
4218 services SRVSVC and WKSSVC. Browsing \\AFS with the Explorer Shell
4219 or NET VIEW will now be faster and provide additional functionality.
4220 No longer will cell names longer than 12 characters be truncated.
4222 * Improvements to DFS Referral request processing have been
4225 * Unnecessary DNS lookups of share names are avoided improving
4228 All UNIX client platforms
4230 * Non-Kerberos PAM modules work correctly again.
4234 * MacOS 10.6 (Snowleopard) is now supported, both 32 and 64 bit mode.
4236 * Updates to the AFSCommander preferences pane.
4238 * Installer now permits cell names with dashes.
4241 OpenAFS 1.5.61 (2009-08-06)
4245 * Correct another race condition in the Rx library that could result
4246 in an unexpected panic while freeing the Rx call iovq.
4248 * rx packet resend and data packets sent counts were incorrect.
4250 * fs setquota, fs setcachesize, vos setfields, and vos create now
4251 accept human readable orders of magnitude. (K, M, G)
4253 * fs listquota fixed to permit large quota sizes to be displayed.
4255 * Correct documentation of bosserver permissions requirements.
4257 * Modify vlserver to avoid potentially corrupting the database through
4260 * Generalized support for fast Rx timeout due to network
4263 All server platforms
4265 * Allow audit logs to be sent via sys5 IPC message queues instead of
4270 * If a file server becomes inaccessible while the cache manager has
4271 dirty buffers to write, the afsd_service buf_IncrSync thread can
4272 attempt to use 100% of the cpu.
4274 * Fix "fs newcell" which was broken in 1.5.60.
4276 * Do not attempt to synchronize dirty buffers if the associated volume
4277 is known to be unavailable.
4279 * Modify behavior of a Freelance mountpoint target that does not
4280 specify a cell. Instead of assuming the target volume is in the
4281 Freelance.Local cell, use the workstation "Cell" specified in the
4282 registry. A mountpoint target of "#root.cell." will now mean the
4283 root.cell volume in the workstation cell for the current session.
4284 If the workstation cell changes from "athena.mit.edu" to
4285 "andrew.cmu.edu", the referenced volume will also change without
4286 requiring that the mount point targets be altered.
4288 * Add cm_FindServerByUuid(). Re-implement RXAFS_InitCallBackState3()
4289 to permit the server Uuid to be used to lookup the server object and
4290 from that determine the cell. This permits callbacks that are
4291 received from alternate addresses to be processed with a known
4292 server object. Previously a request from an unknown server would
4293 clear all callbacks from all cells.
4295 * Fix a bug that prevented optimal performance when using a non-zero
4296 value for 'daemonCheckVolCBInterval'. As a reminder, when
4297 "daemonCheckVolCBInterval" is set to a non-zero value, all .readonly
4298 volume callbacks are automatically renewed 90 minutes before their
4301 * Fix automatic ranking of vldb servers whose values are obtained from
4302 the CellServDB file.
4304 * Add failover for RX CALL TIMEOUT errors when the volume is readonly
4305 or the call is to a vldb server.
4307 * Add registry based cell search functionality to NetIdMgr,
4308 afs_config.exe, and klog.exe.
4310 * afsconf_GetCellInfo() has been modified to perform gethostbyname()
4311 lookups on the host names in the CellServDB instead of using the
4312 specified IP addresses. This provides aklog, pts, vos, etc. the
4313 same CellServDB behavior that the Windows Cache Manager uses.
4315 * When updating the stat cache entry callback of a .readonly object
4316 from the volume group object, update the file server reference to
4317 ensure it matches the most update to date callback.
4319 * Add proper support for processing callbacks from multi-homed file
4320 servers. Instead of comparing servers by cm_server_t pointer,
4321 compare them by UUID when the UUID is known.
4323 * During a shutdown short circuit the offline volume check daemon
4326 * Return the error code of RXAFS_FetchData / RXAFS_StoreData in
4327 preference to an error code reported by rx_EndCall.
4329 * Add "PerFileAccessCheck" registry value to permit testing against
4330 experimental file servers that include per-file acl support. This
4331 value is intentionally undocumented. It is not to be used by
4332 production environment deployments.
4334 * Fix a bug introduced in 1.5.60 that prevents the afs netidmgr
4335 provider from obtaining tokens when referrals are in play.
4337 * Add "fs chown" and "fs chgrp" commands to permit the owner and group
4338 of objects stored in AFS to be set from Windows.
4340 * Avoid performing background daemon operations when the machine is
4341 going into suspend mode.
4343 * Perform offline volume checks in most recently used order.
4345 * Prevent crash when a data version for a cache object goes backwards.
4347 * Multi-thread safe library versions are now being generated and used.
4348 mtafsubik.lib, mtafsutil.lib, mtafsvldb.lib, mtafsvol.lib.
4350 * Microsoft SMB Redirector (mrxsmb.sys) support for
4351 ExtendedSessTimeout values are now available on XP through Windows
4352 7. Add functionality to autodetect if such support is present on
4353 the machine. If so, configure it if necessary and dynamically
4354 adjust the AFS Rx timeout values accordingly.
4356 All UNIX client platforms
4358 * Fix out-of-tree source builds.
4362 * GUI installer now asks for local cell information.
4364 * AFS Commander preferences pane is now installed by default.
4368 * Avoid kernel panics due to null pointer dereferences in the network
4369 interface poller kernel thread.
4372 OpenAFS 1.5.60 (2009-05-31)
4376 * Retry volserver transaction creation on failure.
4378 * Allow building HTML and PDF documentation from included XML copies
4379 of User Guide, Admin Guide and Quick Start Guide for Unix.
4381 * Documentation updates and additional documentation.
4383 * Add -encrypt support to pts client.
4385 * Convert MR-AFS fs commands to OSD commands.
4387 All server platforms
4389 * Updated background sync process in fileserver to avoid a race which
4390 could result in a volume being taken offline.
4394 * On April 9th Microsoft released a Hot Fix for Windows Server 2003
4395 SP2 that corrects a deadlock in the smb redirector and also adds new
4396 functionality that permits the AFS SMB server to be given a longer
4397 timeout than is normally the case. New functionality has been added
4398 to configure these additional LanmanWorkstation\Parameter values.
4399 (This functionality has been backported to XP SP3 and is scheduled
4400 to be released on June 5th.)
4402 * Fix RT#124787, a race condition between "fs flush <dir>", "fs
4403 flushvolume", or "fs flushall" and on-going directory operations
4404 that can result in afsd_service.exe crashing.
4406 * Release Notes, User and Administrator guides are now shipped as
4407 indexed Windows HtmlHelp Files. (.chm). Shortcuts are provided from
4410 * A method of specifying Client CellServDB information within the
4411 registry has been added that can be used to either override the
4412 CellServDB file or force the use of DNS lookups for a given cell.
4413 See the release notes for details.
4415 * The pioctl interface now properly handles drive letter substitution
4416 to UNC paths. (SUBST <d:> <\\afs\cell\path>)
4418 * The BackConnectionHostNames registry value configuration was broken
4419 when dynamic re-establishment of Netbios Name registrations was
4420 added. This release restores the functionality.
4422 * All hidden vos.exe commands are now revealed.
4424 * Attempts to store the same dirty file chunk from multiple threads
4427 * The IsPathInAfs test in Explorer Shell Extension and fs.exe now
4428 permits broken symlinks to be treated as being in AFS.
4430 * vos.exe commands that output 64-bit integer values once again do so.
4431 This was broken in 1.5.59.
4433 * Cygwin Import Libraries are provided in the SDK for all OpenAFS
4434 DLLs. This permits building cygwin applications against OpenAFS
4437 * NSIS installer does a much better job of cleaning up files left over
4438 from previous installs.
4440 * libafsconf.dll moved from Client\Program to Common directory as is
4441 is now used by all modules for CellServDB processing.
4443 All UNIX client platforms
4445 * Write back changes on last store for memcache to avoid discarding
4448 * Abstract disk cache support to allow for path, fh, inode based
4449 caches with no need for messy ifdef structures each time a new type
4454 * Support as a userland port.
4458 * Corrected structure definition for userspace cache manager to allow
4463 * Corrected client locking support.
4465 * Updated patch to stop deadlocking in the kernel during mmap.
4467 * Avoid oops when setting up groups for PAGs to match keyrings.
4469 * Use Linux fh-based cache in cases where possible by default.
4473 * Corrected structure definition for userspace cache manager to allow
4478 * Support for OpenBSD 4.5.
4482 * Corrected support for server-side vos split interface.
4485 OpenAFS 1.5.59 (2009-04-06)
4489 * Increased service priority class to "High" to match the priority of
4490 system components that are dependent upon the a timely response.
4492 * SMB error responses avoid returning errors that could confuse the
4493 Microsoft SMB redirector into disconnecting the connection to \\AFS.
4495 All UNIX client platforms (except MacOS X 10.4 and 10.5)
4497 * OpenAFS 1.5.59 contains fixes for the client issues addressed by the
4498 security advisories OPENAFS-SA-2009-001 and OPENAFS-SA-2009-002.
4502 * Support for prerelease Linux 2.6.30 kernels.
4505 OpenAFS 1.5.58 (2009-03-30)
4509 * Code cleanup and prototyping.
4511 * Avoid unnecessary blocking in Rx periodic cleanup code.
4513 All server platforms
4515 * Fileserver CopyOnWrite routine optimized for performance.
4517 * Make fileserver callback dumps 64 bit safe.
4519 * Fix byte order issues with fileserver host hashing.
4521 * Fix buffer size issues with butc.
4523 * Fix several Ubik recovery issues.
4525 * Avoid leaking file references in the fileserver.
4527 * Fix a race in DAFS while closing vnodes, and another offlining
4530 * volserver interfaces for volume splitting client.
4534 * [RT 124293] A race condition exists which can result in a crash.
4536 * [RT 124276] If the vldb is out of sync with the contents of the file
4537 servers, afsd_service will retry too many times when a file server
4538 reports a volume as not being present. Now if the list reported by
4539 the vldb is the same as the previously seen list, then the retry is
4542 * [RT 124276] Read-only volume failover was broken in 1.5.53 whenever
4543 accessing a volume results in VNOVOL or VMOVED.
4545 * [RT 124276] Prior to 1.3.70 the volume server reference list was not
4546 reference counted and would be prematurely freed while in use. When
4547 reference counting was added in 1.3.70 a bug was introduced that
4548 could result in service reference list corruption.
4550 * Add Windows Application Event Log warning messages for "Client SMB
4551 MPX value too large" and "Client SMB Buffer Size too small".
4553 * Renaming of files across directory boundaries would result in an
4554 invalid handle error when attempting to access the files after the
4557 * Fix the handling of Tran2 Set Path Info RPCs. Do not fail when a
4558 smb file descriptor cannot be found. The whole point of using a
4559 Path Info function is because an smb file descriptor wasn't
4562 * More edge cases in which dynamic addition of Freelance root.afs
4563 entries would get the wrong FID or where the root.afs directory
4564 would not be refreshed.
4566 * Buffer overflow could occur if the workstation cell name was longer
4567 than 64 characters. Crashes could occur in afscreds.exe,
4568 afslogon.dll, and afsd_service.exe.
4570 * VNOSERVICE and VOFFLINE errors were leaking and were exposed to the
4573 * Log file server uuid values as part of the cm_server object when
4574 available. Dump the cm_server object list in response to "fs
4577 * Optimize the performance of resetting access control lists when
4578 tokens are set or removed.
4580 * Remove symlink recursion tests and increase max symlink count to 64
4583 * Windows specific Rx performance improvements.
4585 * Support for Network Identity Manager 2.0
4587 All UNIX client platforms
4589 * Avoid issues with freeing resources at shutdown.
4591 * Numerous fixes to disconnected AFS.
4593 * Disconnected AFS fixes for replaying changes without double-freeing.
4595 * Attempt to use krb524 principal conversion in aklog if available.
4599 * Kerberos configuration at build time corrected.
4603 * Default to dynamic allocation of AFS kernel cache entries to allow
4604 growth for inotify()-pinned entries. (beagle, famd, etc)
4606 * Change client truncation routines to avoid locking issues.
4608 * IA64 port clients fixed on Linux 2.6.
4610 * RPMs now install fstrace message catalog.
4612 * Support through kernel 2.6.29 tested.
4614 * Fix locking issues on CellServDB file in /proc.
4618 * Support OpenBSD 4.4
4621 OpenAFS 1.5.57 (2009-01-23)
4625 * Conditional compilation of rxdebug support is now possible.
4627 * Documentation updates.
4629 * Further race connditions in Rx have been corrected.
4631 All server platforms
4633 * Salvager no longer attempts to recreate headers in the wrong
4636 * Volumes are properly marked in use on creation and subsequently on
4637 examination with vos.
4641 * Undo the "UAC manifest fix" applied to afs_config.exe.
4643 * Ensure that Freelance allocation of vnodes follow the AFS convention
4644 of odd vnodes are directories and everything else is an even vnode.
4646 * Add Freelance logic to mount point and symlink evaluation functions.
4648 * Enhance smb_ParseASCIIBlock() so that it can handle all of the
4649 STRING formats defined by the CIFS Technical Report 1.0.
4651 * Validate the output of smb_ParseASCIIBlock() in all callers. Return
4652 CM_ERROR_BADSMB if the STRING field cannot be parsed.
4653 CM_ERROR_BADSMB will cause the contents of the packet to be logged.
4655 * If multiple SMB Raw Write operations were taking place at the same
4656 time, there could be data corruption because unique event objects
4657 were not generated for each Netbios receive operation.
4659 All UNIX client platforms
4661 * Userspace AFS library can now deal with large files when supported
4664 * Numerous updates to disconnected AFS support, including changes to
4665 allow reconnection to work in more circumstances.
4669 * FreeBSD unstrategy code has been updated.
4673 * A race during file truncation has been corrected.
4675 * System call probing routines have been updated.
4677 * 2.6.29 is now supported.
4681 * 10.3 support has been corrected.
4685 * Initial OpenBSD 4.4 support.
4689 * Updates to allow compiling on newer OpenSolaris are now included.
4692 OpenAFS 1.5.56 (2008-12-30)
4696 * libuafs (userspace cache manager) updated to correct several errors.
4698 * Additional rx debugging support is available as a conditional
4701 * A race condition in Rx leading to a panic has been corrected.
4703 * Rx idle time tracking has been corrected.
4705 * ubik clone server support has been corrected.
4707 All server platforms
4709 * Salvager no longer leaves cores in vice partitions.
4711 * The vol-dump tool now supports dumps larger than 2gb where possible.
4713 * Operations on multiple files now report all FIDs in the audit log.
4715 * butc XBSA support now works correctly on amd64.
4719 * The NetIDMgr AFS Provider automated configuration logic was broken
4720 by the introduction of Kerberos referrals. If the realm of the
4721 identity cannot be determined, the workstation cell is now assumed
4722 to belong to the newly created identity.
4724 * Avoid a reference count under flow during rename operations.
4726 * Avoid a crash caused by treating an arbitrary length directory
4727 search mask as an 8.3 mask.
4729 * Prevent rename operations if a case insensitive match for the target
4730 name already exists and does not refer to the object being renamed.
4732 * Increase the maximum number of background daemons to 64.
4734 * Fix the UAC manifest applied to afs_config.exe
4736 All UNIX client platforms
4738 * Updates to disconnected AFS support.
4742 * FreeBSD 7.1 is now supported.
4744 * amd64 FreeBSD is now supported.
4748 * Generic fh (exportfs API) cache type is now available.
4750 * Avoid some oopses due to backing_dev_info inode fields not being
4753 * 2.6.28 is now supported.
4757 * 10.3 support has been corrected.
4761 * Large partition support has been corrected.
4763 * Filesystem-agnostic cache is now available on Solaris 10 and 11.
4766 OpenAFS 1.5.55 (2009-11-10)
4770 * Salvager avoids leaving core files in vice partitions.
4772 * NFS translator fixes.
4774 * Unresponsive server handling fixes.
4776 * A volserver race which could result in duplicate transactions is
4781 * Fixes a panic caused by corruption of the SMB virtual circuit list.
4784 * Fixes a panic caused by receipt of a UTF-16 string that cannot be
4787 * Implements a more aggressive recovery algorithm for Netbios errors
4788 that result in loss of communication to the AFS SMB server.
4790 * Improve pioctl response time when testing whether or not a PATH is
4793 * Adds support for linked cells.
4795 * Increases the length of the cell and realm names that can be input
4796 into the Network Identity Manage AFS provider configuration dialog.
4798 All UNIX client platforms
4800 * Disconnected AFS avoids infinite recursion during rmdir.
4804 * Support for 2.6.28 (not complete for NFS translator modules).
4806 * Support for using exportfs API for filesystem-agnostic cache.
4808 * Disable backing store readahead.
4810 * Avoid deadlocks when writing back mmapped files larger than the
4813 * Avoid Oops when doing PAG garbage collection.
4816 OpenAFS 1.5.54 (2008-10-08)
4820 * Updates for new Tivoli X/Open API finding.
4822 * A double-free is corrected in Rx.
4824 All server platforms
4826 * Ubik cleans up file descriptor cache correctly when doing recovery.
4828 * Enhanced vldb error checker included.
4832 * Prevent a crash that could occur when multiple file / directory
4833 change notifications are processed simultaneously.
4837 * AFS claims more free space so Finder will attempt file copies.
4841 * Avoid spurious ENOENT when calling gwtcwd() on a volume root.
4843 * Avoid spurious ENOTDIR during fakestat.
4846 OpenAFS 1.5.53 (2008-09-26)
4850 * rx avoids many packet leaks.
4852 * rx jumbogram disabling now works (and is the default).
4854 All server platforms
4856 * Demand Attach fileserver tries to avoid issues tracking offline
4861 * Many potential deadlock conditions due to out of order lock
4862 acquisitions have been corrected.
4864 * A race condition resulting in an undercount on the cm_scache_t
4865 reference counts has been corrected.
4867 * An empty string when sent as an ioctl path is now properly
4868 interpreted as meaning the current directory. This affects "fs
4869 lsm", "symlink list", etc.
4871 * Fix smb string parsing differences where the smb protocol
4872 documentation does not match the actual Windows implementation.
4874 * Random access denied errors fixed.
4876 * A file server lock synchronization issue was corrected in SMB
4877 NTCreateX and NTTranCreate operations. This bug prevented properly
4878 operation when loading roaming profiles.
4880 * Fix a heap overwrite error during server probe operations if a new
4881 server is added while a probe operation is in progress.
4883 * Fix an LSA memory leak that was the result of an LSA error.
4885 * Do not leak cm_cell_t objects if the VLDB server lookup fails.
4887 * Only initialize rx mutex/lock objects once.
4889 * Do not nul terminate the AFS volume name when reported to Windows.
4891 * Improve VNOVOL error handling. Prevent updated vl information from
4892 being destroyed immediately after it was acquired. This bug
4893 prevented proper fail over when volumes are moved or removed from a
4896 * Remove volume id from the server volume list in response to VMOVED
4899 * "fs flushXXX" commands now destroy locally built B+ directory trees.
4901 * Prevent mixture of locally modified directory pages and file server
4904 * Fail over to alternate vl servers if a ubik error is returned.
4906 All UNIX client platforms
4908 * Disconnected AFS now supports read-write mode.
4910 * volserver now builds correctly.
4914 * AIX 6 is now supported.
4918 * FreeBSD 7 is now supported.
4922 * cache bypass is now supported.
4924 * 2.6.x kmod compilation now uses kernel compile options always.
4926 * Support through 2.6.27.
4930 * Show more space free so Finder doesn't get confused.
4934 * Default to namei rather than inode.
4937 OpenAFS 1.5.52 (2008-08-18)
4941 * Initialize volume updateDate at volume creation.
4943 * Avoid potential corruption of directories during salvage.
4945 * Check for out of memory condition during allocation of additional Rx
4950 * Restore support for Windows 2000 (broken in 1.5.50).
4952 * Perform additional validation on volume names in mount points during
4953 creation and evaluation.
4955 * Fix several deadlocks, races, and reference count issues.
4957 * Further optimize SMB Directory Search processing and minimize the
4958 number of InlineBulkStatus RPCs sent to the file server.
4960 * Enable "bos restricted" operations.
4962 * Fix the create of submounts used by the AFSCreds and afs_config
4965 * Fix a short name truncation bug. (1.5.50)
4967 * Fix the error code reported when attempting to delete a file on a
4968 readonly volume or one that is marked with the readonly DOS
4971 * Fix a heap corruption error when reading the CellServDB file
4974 * Add the "RxUdpBufSize" registry value. The new default is 256KB.
4976 * Do not include trailing NULs in the directory search output.
4979 * Pre-allocate 64 Rx Packet buffers per thread in order to improve
4982 * For debugging: add smb lock requests and stat cache lock allocations
4983 to the output from "fs memdump".
4987 * Workaround broken sigwait() to allow fileserver to shut down
4988 correctly pre NetBSD 5.0.
4992 * Default to namei fileserver; Allow inode fileserver at configure
4997 * Try harder to avoid kernel panics for malformed requests.
5000 OpenAFS 1.5.51 (2008-07-29)
5004 * salvager tries harder to arrange for clients to get VBUSY while
5005 salvaging single volumes.
5007 * salvager avoids certain corruption when salvaging directories.
5009 * Rx connection clones disabled.
5013 * The 32-bit EXE 1.5.50 installer failed to properly install the C
5014 Runtime library. When used as an upgrade OpenAFS would continue to
5015 work but when used as a new installation, OpenAFS binaries would
5018 * Fixes the "fs" and "symlink" commands to properly parse Unicode path
5019 prefixes during the pioctl remote procedure call. This bug would
5020 result in file not found errors for files and directories that
5021 clearly exist. (Bug introduced in 1.5.50)
5023 * Large File support is disabled. (Bug introduced in 1.5.50)
5025 * Removes the possibility of a deadlock during volume location update
5026 operation if all of the reported file servers are unreachable at the
5029 * Ensures that reference counts are properly incremented/decremented
5030 on Rx connection objects used for volume location RPCs.
5032 * Over Quota errors during cm_FSync() calls would lead to an infinite
5033 loop as the error was never propagated to the caller.
5035 All UNIX client platforms
5037 * Bugfixes to disconnected AFS support in the cache manager.
5040 OpenAFS 1.5.50 (2008-07-16)
5044 * volserver puts recloned volumes back online before returning the
5045 volume to the fileserver, avoiding spurious VNOVOL errors.
5047 * Updated TSM X/Open API support available.
5049 * Demand Attach fileserver will not crash due to accesses during
5052 * Substantial documentation updates.
5054 * Demand Attach fileserver state tracking and analyzer tool
5057 * UAFS userspace cachemanager updates.
5059 * Corrected support for anti-meltdown protection in the client.
5063 * UNICODE Character Set Support.
5065 * Pioctl interfaces to the cache manager have been refactored to
5066 provide layering between the SMB specific code and the general
5067 purpose ioctl operation.
5069 * Garbage collect dead SMB virtual circuits as soon as they are no
5070 longer being referenced. This avoids problems with outstanding
5071 locks not being dropped when the virtual circuit becomes invalid.
5073 * Remove the IBM Administration Reference documentation and replace it
5074 with the OpenAFS Command Reference Manual.
5076 * Avoid calling rx_SetDeadTime and rx_SetHardDeadTime functions each
5077 time a connection is about to be used. Do not hold a lock on the rx
5078 connection object while it is being selected. This avoids a race
5079 between threads attempting to set the timeout values and removes a
5080 bottleneck that was hampering performance.
5082 * Ensure that the smb directory attribute is set for all directory
5085 * Replace the VC Runtime EXE installer with the MSI installer in the
5086 NSIS installer scripts.
5090 * Support for updates to OpenSolaris.
5094 * Correct dentry revalidation for cross-directory renames.
5096 * Updated rpm packaging materials for 1.5 release series and 2.4
5099 * Corrected syscall table probing.
5101 * NFS translator updates for current kernels.
5104 OpenAFS 1.5.39 (2008-06-24)
5108 * Updates for Demand Attach fileserver.
5112 * Fix two memory leaks.
5114 * Fix one missing lock.
5116 * Handle access denied errors when writing dirty buffers.
5118 * Fix two errors that would cause the *experimental* AFS Servers
5122 OpenAFS 1.5.38 (2008-05-24)
5126 * Add read-only disconnected support.
5129 OpenAFS 1.5.37 (2008-05-21)
5133 * Includes a number of optimizations for testing.
5136 OpenAFS 1.5.36 (2008-05-09)
5140 * Rx optimizations now attempt to deal with high latency WANs.
5142 * Client will not wait infinitely for a server which is not providing
5143 data. Additional servers will be polled without marking the server
5144 which is not providing data down.
5146 * vos move will not erroneously unlock locked vldb entries on failure.
5148 All server platforms
5150 * Fileserver avoids a potential infinite loop when a client
5151 relinquishes an address.
5153 * Fileserver large setting now configures more threads.
5155 * Fileserver properly registers uuids of new clients.
5157 * Ubik servers do not improperly hide updates from clients.
5159 * Fileservers reserve enough file descriptors such that each thread
5160 can cache one to avoid spurious errors.
5164 * Fix a cm_buf_t reference count leak when attempts to write dirty
5165 buffers to the file server from within cm_IncrSyncer() fail.
5167 * Prevent udebug from crashing.
5169 * Another VNOVNODE issue fixed. When writing a dirty buffer to the
5170 file server, if VNOVNODE is received, mark all buffers as invalid
5171 without further attempts to contact the file server.
5176 All client systems: Major bugfixes.
5177 File servers: Major bugfixes.
5179 * New functionality:
5183 - Provide portable (pioctl) method for discovering what PAG a user is
5184 in. Required to support userspace PAG information collection on AIX
5185 5.1, and knowing whether Linux uses one group, two group, or only
5186 keyring based PAGs. (124709)
5192 - Fixes to avoid issues cleaning up deleted hosts in the fileserver (126454)
5194 - Fixes to avoid dropping writes due to server idle timeouts.
5196 - Don't miss cache chunks of large files while truncating.
5198 - Avoid null pointer dereference for unexpected volume names in volume
5201 - Don't mark connections waiting for additional packet window availability
5204 - Kerberos 5 utilities (klog.krb5, aklog) enable weak encryption support.
5206 - Avoid a double-free of an Rx call structure during a client fetch error.
5208 - Avoid losing hosts during address changes. (125215)
5210 - Clients shouldn't trust Fetchdata replies for the size of returned data.
5212 - fileserver will not hang when attempting to cleanup and dump core.
5214 - salvager will not leave core files in random directories.
5216 - avoid letting retransmit timer get to 0 seconds.
5218 - in event of dbserver contact failure, shut fileserver down cleanly.
5220 - handle large partitions during check for needed disk space at
5223 - time out Rx connections if network unreachable error received.
5225 - avoid dereferencing NULL pointer freeing Rx packets in receive. (125110)
5227 - mark stack not executable in LWP. (125491)
5229 - return a correct VolumeSync structure from Bulkstat RPCs in fileserver.
5231 - client attempts to better free memory at shutdown.
5233 - clear rx call queue safely. (125110)
5235 - retry VLserver registration on failure in fileserver.
5237 - update accessdate for volumes on access in fileserver.
5239 - additional safety checks on vlserver operations to avoid
5240 database corruption.
5242 - make ktc_curpag available on all builds. (125155)
5250 - Handle kernel changes through 2.6.33.
5252 - Fix oops in clear_inode due to missed locking. (125589)
5254 - Better handle /afs mount failures.
5256 - Clean up after failures creating our kernel kmem cache.
5258 - Work around memory management issues with some kernels when configuring
5259 the buffer cache/bdi (126514)
5261 - Rename compile_et to afs_compile_et to avoid RPM conflicts.
5263 - Handle whole-file locks properly. (126561)
5265 - Deal with kernel autoconf header renaming.
5267 - Handle SELinux cache backing file labels better to avoid potential oops.
5272 - klog now works correctly on 64 bit machines.
5274 - launchd now used to launch AFS at boot.
5276 - Preferences pane included for 10.4 and later.
5278 - Older versions can now be installed from packages.
5280 - Finder does not trigger bogus AFSDB lookups in /afs in dynroot mode.
5282 - Include package with debug kernel module symbols.
5288 - Support for x86_64.
5292 - Handle ZFS caches usefully. (125365)
5294 - Implement additional pathconf support.
5298 Linux client systems: Major bugfixes.
5299 All client systems: Minor bugfixes.
5300 File servers: Major bugfixes.
5302 * New functionality:
5306 - Provide portable (pioctl) method for discovering what PAG a user is
5307 in. Required to support userspace PAG information collection on AIX
5308 5.1, and knowing whether Linux uses one group, two group, or only
5309 keyring based PAGs. (124709)
5315 - Fix bosserver to invoke salvager with "-force" instead of ambiguous
5318 - Cleanup for ptserver argument parsing to allow debug mode to work. (124893)
5320 - Sanity checking for ptserver log levels. (124894)
5322 - Fix for uninitialized memory dereference in klog.krb5.
5324 - Fix an overflow in the cellconfig code used by client and server. (124891)
5326 - Fix an erroneous vos verbose mode format string.
5328 - Avoid losing writes on mmap()ed files when cache is memcache. (124671)
5330 - Provide an afsd switch to allow override of the maximum MTU. (124880)
5332 - Provide support for encrypt mode in pts.
5334 - Fix race in background sync code which could cause volumes to go offline.
5337 - Fix fileserver to avoid a null pointer dereference in client identity
5338 lookup routines. (125020)
5340 - Improve handling of moves of volumes from 1.5 series fileservers. (18349)
5344 - UKERNEL build fix. (124681)
5348 - Allow syscall probing to be disabled by switch to configure at build time.
5350 - Fix bug in anti-recursion protection for mmap clients. (124627)
5352 - Avoid a panic caused by changing credentials during VFS operations. (124737)
5354 - Avoid need for rcu subsystem when unavailable. (124986)
5356 - Improve keyring PAG setup code. (125001)
5358 - Avoid possible ext3 cache truncation issues. (124942)
5362 - MacOS 10.3 UKERNEL build fix. (124681)
5366 - Update support for 4.5 (124719)
5370 - Updates for newer OpenSolaris kernels. (124116, 124924)
5374 All client systems: Security fixes.
5375 File servers: Major bugfixes.
5376 All systems: Minor bugfixes.
5382 - Avoid a potential kernel memory overrun if more items than requested are
5383 returned from an InlineBulk or BulkStatus message. (124579)
5385 Linux client systems:
5387 - Avoid converting negative errors into invalid kernel memory pointers. (124580)
5393 - Don't build aklog NAS module when krb5 is not available. (124522)
5397 - Additional fixes and support. (124107, 123917)
5401 - Support 2.6.28. (123580)
5403 - Support 2.6.29. (124115)
5405 - Attempt to support 2.6.30 (124560)
5407 - Avoid race during truncation. (124094)
5409 - Dynamic vcache allocation support, to deal with inotify vcache pinning. (124334)
5411 - Correct use of truncate_inode_pages to vmtruncate for locking issues. (124128)
5413 - Update RPM configuration. (123650, 102673, 124272)
5415 - Update kernel feature detection. (124507, 123604)
5417 - Do appropriate locking for CellServDB in /proc. (124407)
5421 - Fix MacOS 10.3 support.
5423 - Add candidate Darwin 10 support.
5427 - Corrected NetBSD version tests. (123647)
5431 - Update support for 4.4 (124541)
5435 - Support cache filesystems which do not allow open by inode number, enabled by
5436 default on Solaris 9 and later. (123677)
5438 - Improve error code return quality. (124426)
5440 - Allow large partitions on Solaris servers.
5444 - Avoid improper error messages about key version when krb5 is in use. (124220)
5446 - Avoid attempting to free kernel memory which was already freed. (124531)
5448 - Properly count offline volumes in vos client. (124333)
5452 - Avoid 64 bit time issues in callback dump files. (124451)
5454 - Support more than one local Kerberos realm; Usernames are assumed to be the
5457 - Ubik recovery is corrected to avoid spurious errors. (123723)
5459 - Do proper host address hashing for little endian machines in fileserver. (124447)
5461 - Update backup utility to properly compute header needs in the backup buffer.
5464 - Avoid blocking during Rx unused connection reaping.
5466 - Avoid leaking file handles in the fileserver when closing a volume. (124359)
5468 - Fix bosserver corefile naming to be y2k-safe. (124340)
5470 - Avoid potential infinite loop in deleted host handling in the fileserver.
5472 - Support large volume dumps in vol-dump. (123984)
5474 - Build butc XBSA support on 64 bit systems.
5478 - Properly track Rx connection idleness for timeouts.
5480 - Additional documentation. (124472)
5482 - Avoid a race which may result in an in-use Rx packet being freed. (123799)
5486 All client systems: Security fixes.
5492 - Avoid a potential kernel memory overrun if more items than requested are
5493 returned from an InlineBulk or BulkStatus message. (124579)
5495 Linux client systems:
5497 - Avoid converting negative errors into invalid kernel memory pointers. (124580)
5501 File servers: Major bugfixes.
5502 All systems: Minor bugfixes.
5508 - AIX 6.1 is now supported.
5510 - Unpin kernel memory references after free. (99456)
5514 - FreeBSD 7 is now supported.
5518 - Avoid deadlock when writing back pages in an mmap()ed file larger than
5521 - Update process tree walking for PAG garbage collection to avoid oopses.
5524 - fakestat mode now correctly avoids spurious ENOTDIR errors.
5526 - Use kernel build system for all platforms.
5528 - Remove openafs directory from proc in correct order. (112910)
5530 - Handle renames across directories correctly in the linux dcache. (74672)
5532 - Probe syscall table when possible. (105457)
5534 - Mount point parsing is now updated to handle only well-formed mount
5535 points rather than similarly-formed symlinks. (113558, 100836)
5537 - ucontext-style LWP is now anbled for glibc versions newer than 2.3.
5541 - Update available space shown. (112910)
5545 - Work around broken SIGWAIT. (111404)
5549 - Solaris 10 now defaults to namei fileservers.
5551 - NFS translator issues fixed.
5553 - Changes to address Solaris updates. (105495)
5557 - udebug correctly displays the last "yes" host.
5559 - Allow more vldb lookups to be cached in the client.
5561 - Fix aklog to not be excessively verbose when not requested.
5563 - Add support for timing out accesses which are not completing in a timely
5566 - Properly flag backup volumes being added to the vldb by vos syncvldb.
5570 - fileserver "large" setting now implies 128 threads instead of 12.
5572 - fileserver check for duplicate uuids is now applied correctly.
5574 - Newer xbsa APIs are supported for TSM integration in butc.
5576 - salvager avoids corrupting length of directory objects. (111585, 107767)
5578 - volserver avoids a race during volume release so a volume will not
5579 appear to be offline. (107258)
5581 - Add support for returning errors when accesses are not completing
5584 - Avoid potential race in the volserver when creating transactions. (121263)
5586 - Return sensible error when a release or restore exhausts server
5589 - volserver now returns EXDEV if a new replica would duplicate one which
5590 already existed elsewhere on the server.
5592 - Disable jumbograms by default.
5594 - volserver updates a volume's updateDate on volume creation. (110943)
5596 - Partitions over 2tb are now supported. (88811)
5600 - Re-enable Rx client keepalives. (20727)
5602 - Support autoconf 2.62. (118058)
5604 - Update Rx to avoid leaking packets.
5606 - vos supports the -noresolve options to avoid issues with 127.0.0.1 being
5607 named in /etc/hosts.
5609 - Additional documentation. (104110)
5613 File servers: Major bugfixes.
5614 All systems: Minor bugfixes.
5620 - Kerberos as included in AIX has missing symbols. AFS krb5 tools now
5623 - AIX LAM aklog plugin can now be used CDE screenlocker.
5625 - Add support for getting the current PAG in pagsh and PAM.
5627 - Avoid sending a terminal hangup to STREAMS in aklog.
5629 - Fix afsdb support in the client.
5633 - Kernels through 2.6.25 are now supported. (77370,88000,83716,83890,80463)
5635 - Client now only hashes dirty inodes. (78544)
5637 - Fix to avoid returning invalid mount point data when -fakestat-all is in use.
5640 - RPM build system updates. (93616)
5642 - Restored write-on-close-or-fsync semantics when possible. (17509)
5644 - Enabled support for flock() on files in AFS. (53457)
5646 - ARM Linux now supported.
5648 - Kernel keyring support updated.
5650 - Fix client-displayed timestamp ordering by zeroing nanosecond field.
5654 - Boot time init script now uses afs.conf to store config options. (81825)
5656 - Avoid kernel panic due to excessive lock tracking when removing files.
5658 - Avoid leaking kernel memory when trying to read() a directory.
5662 - Avoid potential kernel panic if the root vnode of AFS changes.
5664 - Avoid potential kernel panic when shutting down if contracts are in use.
5666 - Avoid potential delays when creating new PAGs if the system clock
5671 - At client shutdown, try harder to clean up in-use resources. (74479)
5673 - When fakestat is in use, enable optimization for Gnome Nautilus lookups.
5675 - Properly hold lock when updating disk cache metadata to avoid
5676 kernel panic. (59136)
5678 - Avoid wrapping to the start of a file when attempting to write a large file
5679 to a pre-largefile fileserver. (73720)
5683 - Fixed to avoid truncating ubik databases during recovery. (77183)
5685 - fileserver issue with internal file cache filling has been fixed. (87977)
5687 - fileserver thread quota enforcement now done in all cases. (87416)
5689 - fileserver avoids potential network-related deadlock when breaking
5692 - fileserver avoids crash due to race of resource creation and user requests
5695 - fileserver avoids crash when reinitializing Ubik connections.
5697 - volserver fixed to avoid leaving orphaned files during restore. (46937)
5699 - volserver now supports convertROtoRW for inode fileservers.
5701 - Support disabling kerberos 4 style username protection in servers. (75101)
5705 - Fix to butc to avoid crash due to threaded library variant.
5707 - Fix to avoid network retransmission issues if the system clock goes
5710 - vos syncvldb and syncserver now support a dryrun (do nothing) mode.
5712 - vos addsite now supports adding a site where a replica is already
5715 - vos clone now supports creating properly-named readonly and backup clones.
5717 - vos restore now allows an older copy of a volume at an alternate site to
5720 - cmdebug now supports dumping a client's CellServDB.
5722 - cmdebug now supports showing human-readable expiration times.
5724 - aklog now handles Kerberos referrals.
5726 - Additional documentation now included. (89288,89289,86677)
5730 All systems: Major bugfixes.
5736 - fileserver host tracking code had a missing lock on a host structure;
5737 that lock has been added.
5739 - fileserver handling for clients which are giving up callbacks did not
5740 hold a lock, making it unsafe and allowing clients to potentially
5741 crash the server by racing.
5743 - fileserver will now leave a corefile when it is doing a shutdown due
5744 to error conditions.
5746 - fileserver again allows ufs as a valid filesystem type (regression in 1.4.5).
5748 - cbd handler for fileserver status data has an interpretation error which
5749 could cause crashes corrected.
5751 - fileserver accurately tracks number of callbacks on a given file.
5755 All systems: Minor bugfixes.
5756 New systems: MacOS 10.5.
5760 - fileserver address tracking is improved to avoid potentially merging
5763 - Documentation updates.
5765 - namei fileserver now does fsync()s in background batches for performance
5768 - Kerberos ticket support corrected in bundled Kerberos 4 utilities on 64
5771 - fileserver includes limited per-host thread quota support to avoid
5772 resource starvation.
5774 - fileserver deals with more damaged volumes without asserting.
5776 - vos validates dumpfiles before attempting restores.
5778 - vos clone will no longer potentially delete the parent volume.
5780 - Client no longer permits empty UUID to be created.
5782 - fs uuid command for checking, regenerating UUID added.
5784 - Updates for gcc 4.2.
5786 - fileserver treats w (write) permission as granting read lock permission
5787 in addition to write.
5791 - Bundled NAS Kerberos is now supported. (5.x)
5793 - LAM aklog module is provided. (5.x)
5795 - Associate cache files with correct filesystem to avoid snapshots when
5796 performing maintenance on local filesystems.
5804 - Kernels throigh 2.6.23 are known to work.
5806 - Updates to syscall table probing.
5808 - Bug fix in keyring PAG support to avoid oops.
5810 - updated sample RPM configuration.
5812 - sparc32 lwp support updated.
5814 - Avoid potential oops in symlink support in certain older kernels.
5816 - Avoid potential deadlock during vmalloc.
5818 - Corrected locking while interacting with kernel task list.
5822 - Several panics fixed, including remove_fsref. (10.4 and later)
5824 - IP address changes now tracked.
5826 - Corrected support for dropboxes (li access without r) with cp and Finder.
5828 - fstrace and ancillary files now included.
5830 - man pages are now installed in the default MANPATH.
5832 - Servers will be timed out quickly if there is no route available.
5834 - Temporary files from remove-while-busy now cleaned up correctly.
5838 - Updates to accomodate kernel interface changes. (10u4 and later)
5840 - knfs and NFS translator support updated.
5842 - Changes to accomodate version 5.4 xbsa library.
5844 - Updates for new SunStudio defaults.
5848 All systems: Major bugfixes.
5854 * A bug in the namei volserver which could erroneously make a replicated or
5855 moved volume go offline has been fixed.
5857 * Volume package users (fileserver, volserver, salvager) avoid using lockf to
5858 avoid leaking byte range locks on volume internal files.
5862 * A bug where the client kernel module could free stack memory (which caused
5863 issues with 64 bit Intel most commonly) has been fixed.
5867 * A missing kernel feature test has been fixed.
5869 * group based PAG support is still enabled when possible.
5871 * ia32 syscall table support for amd64 has build fixes for modern kernels.
5875 * fopen() is not safe for use with more than 255 file descriptors open;
5876 Emulate it in the afsconf package so afsconf can be used in the fileserver.
5880 * DNS registration is disabled for the loopback adapter, and we make sure
5881 Netbios is turned on.
5886 * Remove use of ubik_Call in the source code so prototypes are used.
5888 * Avoid synchrony in call from the fileserver to the ptserver.
5890 * Fix a bug in the backup suite when restoring.
5892 * fileserver and volserver now log for error conditions which may cause
5895 * rx avoids a stack overrun when more packets are needed.
5897 * volserver avoids holding a lock too long when purging volumes.
5899 * volserver lock initialization fixes
5901 * volserver volume nuke fixes to avoid leaving files behind
5903 * fileserver avoids error when authenticating ptserver requests
5905 * fileserver no longer crashes when GetCPS fails
5907 * salvager enhancements to deal better with corrupt volumes for namei
5911 * aklog deals with KDCs which give "generic" replies to principals not
5914 * Fix bug in cache parameter autotuning
5922 * amd64 pthread library family updates.
5924 * autoconf fixes for kernel feature testing
5926 * keyring PAG support now only enabled if needed features are present
5929 * inline a version of BUG() so we get better oopses
5933 * tsm is updated to work with the new AIX 5 interface.
5937 * Cross compile fixes
5939 * Packaging improvements
5941 * Large file support fixed (Thanks to Chaskiel Grundman)
5943 * Fixes for Leopard seed.
5945 * Installer image updates
5949 * Removes race conditions and a deadlock introduced in 1.4.1
5951 * Fixes ANSI filename option.
5953 * Establishes new connections to file servers when
5954 IP address configuration changes are detected.
5956 * Improved CIFS compatibility
5958 * Cache Manager optimizations
5960 * Fixes vlserver failover when mounting 'root.afs'
5961 (Freelance mode disabled)
5963 * Installs help files in the correct location for use by afscreds.exe
5964 and afs control panel.
5966 * Improve reporting of "over quota" and "disk full" errors.
5968 * Prevent crash when evaluating mount points to volumes that do
5971 * Removes auto-registration of AFS ID in foreign ptservers from
5972 Integrated Logon DLL. This prevents crashes if the DLL is loaded
5973 and unloaded prior to termination of the process.
5975 * SDK moved to \Program Files\OpenAFS\SDK
5977 * NSIS and WiX Installer Frameworks update to the latest versions
5979 * Improvements to the Kerberos Logon Integration
5981 * Prevents exception in Integrated Logon DLL during SysPrep
5983 * Prevents displays of MessageBox dialogs in response to Network Adapter
5986 * Hard Dead and Connection Timeout values restricted to the CIFS Session
5989 * Correct writing of BackConnectionsHostNames registry value.
5991 * Properly recycles Volume entries
5993 * The AFS Explorer Shell Extension always finds its resource library.
5995 * The export list for AFSAUTHENT.DLL has been corrected. (The AFS
5996 plugin for NetIDMgr will no longer use 100% of CPU.)
5998 * Renaming files on Microsoft Vista Build 5536 works.
6000 * Better handling of "." directory in fs commands
6002 * Add OpenAFS License text to installers
6004 * fs setquota and fs mkmount commands behave the same as the UNIX
6009 All systems: Major bugfixes.
6015 - Volume dump parsing code in the volserver has better error checking.
6017 - salvager has improved damaged volume handling on namei fileservers.
6019 - fileserver has size validity checks for when large file support is disabled.
6021 - fileserver avoids potentially multiply adding a host to its hash table.
6023 - rxkad client private data storage is allocated dynamically on ticket size.
6025 - Handle universal error code translation for file locking.
6027 - fileserver needs to swap callback connections on a client IP change.
6029 - fileserver host package revised to reduce lock contention.
6031 - Rx has been fixed to count hard acks, thus opening the congestion window.
6033 - All servers support bound Rx sockets (on one interface).
6035 - namei fileserver no longer use lockf() to avoid range locking issues.
6037 - most binaries now support the -version switch.
6039 - backup suite fixes for 64 bit platforms.
6041 - volserver avoids holding holds during volume purges.
6043 - volserver avoids losing files on namei during vos zap.
6047 - fileserver now properly supports large files.
6049 - TSM updates for AIX 5
6051 - Kernel module avoids leaking Rx packets.
6053 - Avoid use of global ubik client structure in fileserver.
6055 - Update ubik call client interface to allow for prototyping.
6057 - audit logging fixes when stdarg does not provide integral va_list type.
6061 - A bug where the client kernel module could free stack memory (which
6062 caused issues with 64 bit Intel most commonly) has been fixed.
6064 - Packaging fixes and updates.
6066 - Uninstaller added.
6068 - Fix large file support.
6072 - autoconf kernel feature testing has been restructured.
6074 - PAG garbage collection is enabled by default.
6076 - Kerberos updates for RHEL3.
6078 - Fix POSIX lock enrollment for older Linux kernels.
6080 - Updates for new 2.6 kernels.
6082 - Avoid deadlocks in put_inode handler.
6084 - Keyring-based PAG support.
6086 - Fixes to avoid getting better oops info in the kernel.
6090 - Remove some kernel symbol bindings for symbols we don't use.
6092 - Cleanup for loopback mount of AFS on Solaris 10.
6094 - Avoid issues with stdio not supporting file descriptors above 255 on
6095 Solaris 8 and lower in the fileserver.
6099 All systems: Major bugfixes.
6100 New systems: MacOS 10.4 (PowerPC and Intel)
6106 - Several race conditions in the host tracking and handling in the fileserver
6107 which could cause inconsistent behavior and crashes have been fixed.
6109 - A fileserver bug where a reference to a volume could be leaked and later
6110 cause a deadlock as a result of a bulk status call
6112 - Reference counting of fileserver objects in unsigned 32 bit integers
6113 instead of signed 16 bit integers.
6115 - Avoid type mismatches when handling time values (betweemn 32 bit and 64 bit
6118 - Fix a memory leak during multilevel packet queue handling.
6120 - Audit log output had been updated to include FIDs for newly created files.
6124 - 64 bit (large file) inodes are supported.
6126 - Salvager will now handle large (>4gb) partitions.
6132 - asetkey is now included to ease Kerberos 5 integration for server
6135 - A new fileserver statistics collection including callback statistics was
6138 - man pages are now generated.
6142 - Fixes error message problems experienced by fs.exe and the AFS Explorer
6143 Shell Extensions related to the use of Universal Error Codes by the
6146 - Adds full SMB/CIFS support for byte range locking. In this implementation
6147 all locks are allocated locally and the AFS lock privilege is ignored.
6148 While this will not prevent two processes on different machines from
6149 simultaneously writing to the same file, it will prevent two processes
6150 on the same machine from doing so.
6152 - The UP server check period has been reduced to once every ten minutes to
6153 match the period used by the UNIX clients. The shorter period will
6154 assist clients maintain RX connections through NATs.
6156 - Fixes the DOWN server check logic to ensure that any server that responds
6157 to a check is marked UP unless it is in the process of restarting.
6159 - Add logic to better handle objects that no longer exist on the file server.
6162 - Prevent the removal of existing drive mappings by "afscreds.exe -M"
6164 - Fixes the procmgmt library so that it doesn't cause applications that
6167 - Improves the warnings written to the afsd_init.log file when the
6168 Windows RPC Protocol drivers are improperly configured.
6170 - Fixes "fs setserverprefs -vlserver". Multiple calls with the same
6171 server parameter could result in a crash of afsd_service.exe.
6173 - The SMB/CIFS layer was audited for reference miscounts and memory leaks.
6174 All SMB objects are now properly counted, locked, and released when
6177 - Prevent file truncation of the user does not have the appropriate access.
6179 - Token management was re-written to allow user tokens to be preserved
6180 during integrated login and freed after logoff is complete.
6182 - Added a mechanism by which abandoned SMB virtual circuits can be
6183 detected and the associated resources cleaned up.
6185 - Prevent the allocation of SMB file handles with a value of 0 or 0xFFFF
6186 which would be considered invalid by Windows applications.
6188 - Fixed the processing of cell names to ensure that they are always
6189 treated as case insensitive strings.
6191 - Fixed the network provider code to avoid querying the profile location
6192 if integrated login is disabled.
6194 - If a mount point string is empty, return Path Not Found to the application.
6196 - Windows returns WSAECONNRESET when an ICMP packet is received in response
6197 to a transmitted UDP packet that cannot be delivered. Do not mark the
6198 connection as bad but instead retry the request.
6200 - Fix the data written to the registry as part of the BackConnectionHostnames
6203 - Fixed the rx-lwp implementation to always generate unique rx call
6206 - The default "fs minidump" type now includes data segments.
6211 * -nosettime is now the default for afsd. Use "-settime" to get the
6214 * OpenBSD is now supported.
6216 * Mountpoint directory information is now only faked for cross-cell
6217 mountpoints when using the -fakestat flag (e.g. for the directories
6218 under /afs, but not for most other volumes mounted inside the cell).
6219 The -fakestat-all switch can be used to fake information for all
6222 * When fakestat is enabled on MacOSX, the Finder can be used to browse
6223 a fully-populated /afs directory. However, this precludes reliable
6224 use of entire volumes as MacOS bundles (i.e. containing a Contents
6225 directory in the root of the volume).
6227 * Mountpoint directory information can be faked by the cache manager,
6228 making operations such as stat'ing all cells under /afs much faster.
6229 This is enabled by passing -fakestat to afsd, but might not be stable
6235 * The kaserver now defaults to not allowing interrealm authentication,
6236 due to security vulnerabilities in the krb4 protocol. The new
6237 "-crossrealm" flag to the kaserver is provided to reenable interrealm
6238 authentication if desired.
6240 * RedHat Linux 9.0 is now supported.
6242 * Solaris 9 12/02 is now supported. Solaris 7 and 8 x86 should now
6245 * On Linux machines using 2.2 series kernels, 2.2.19 or higher is now
6248 * An OpenAFS 1.2.9 afsd will not work with kernel modules built from
6249 an earlier OpenAFS release. In general, using a mismatched afsd and
6250 kernel modules set is unsupported; it is not recommended that you use
6251 such a configuration on a regular basis.
6256 * Mountpoint directory information is now only faked for cross-cell
6257 mountpoits when using the -fakestat flag (e.g. for the directories
6258 under /afs, but not for most other volumes mounted inside the cell).
6259 The -fakestat-all switch can be used to fake information for all
6262 * HPUX 11.0 is now supported.
6264 * It is now possible for AFS to use Kerberos 5 directly, via rxkad 2b.
6265 See the OpenAFS 1.2.8 Release Notes for more information on using this
6268 * An NFS translator kernel module is now included and compiled by
6269 default for Solaris only.
6274 * MacOS X 10.2 is now supported. FreeBSD 4.3 and later support is
6275 included in this release, but is still under active development and
6276 should only be used by those doing active development on the OpenAFS
6279 * When fakestat is enabled on MacOSX, the Finder can be used to browse a
6280 fully-populated /afs directory. However, this precludes reliable use
6281 of entire volumes as MacOS bundles (i.e. containing a Contents
6282 directory in the root of the volume).
6284 * The fileserver will now use Rx pings to determine if clients are
6285 reachable prior to allocating resources to them, to prevent asymmetric
6286 clients from consuming all fileserver resources.
6291 * Mountpoint directory information can be faked by the cache manager,
6292 making operations such as stat'ing all cells under /afs much faster.
6293 This is enabled by passing -fakestat to afsd.
6295 * Solaris 9 FCS and Solaris 7 and 8 x86 are now supported.
6300 * A remote denial of service attack in the AIX and IRIX clients has been
6301 fixed. Users of those platforms are strongly encouraged to upgrade.
6303 * Fixed race conditions in fileserver that could result in crash.
6308 * Server logfiles now more consistant about format in which hosts are
6311 * vfsck on Solaris will now allow force runs (using -y flag) even if old
6317 * Cell aliases for dynroot can be specified in the CellAlias file in
6318 /usr/vice/etc or /usr/local/etc/openafs, in format "realname alias",
6319 one per line. They can also be managed at runtime with "fs newalias"
6320 and "fs listaliases".
6325 * Solaris 9 and Linux PA-RISC are now supported.
6327 * fileserver will not erroneously delay legitimate errors for 3 seconds
6328 after 10 errors are returned (e.g. stat() on a directory you can't
6331 * Rx MTU calculation now works for Irix, Solaris and Linux
6333 * If afsd is started with the -dynroot flag, /afs will be locally
6334 generated from the CellServDB. AFSDB cells will be mounted
6335 automatically upon access.
6337 * The namei fileserver allows vice "partitions" to be directories
6338 instead of partitions and will attach and display accordingly.
6339 Creating the file "AlwaysAttach" in the /vicepX directory is used as
6340 the trigger to attach it.
6342 * TSM support for butc no longer requires editing a Makefile, simply
6343 specify the --enable-tivoli-tsm configure option.
6345 * Linux builds no longer require source changes every time the kernel
6346 inode structure changes; the OpenAFS sources will now configure itself
6347 to the actual inode structure as defined in the kernel sources.
6352 * vfsck on Digital UNIX and Solaris will now refuse to fsck mounted
6358 * AFS now supports --prefix and the other directory options of
6359 configure. By default AFS builds assuming it will be installed in
6360 /usr/local. In order to get traditional AFS directory paths (/usr/afs
6361 and /usr/vice/etc) use the --enable-transarc-paths option to
6362 configure. More details on the new directory layout are found in
6368 * Windows 95/98/ME/NT/2000 - Consistent versioning: Installation, AFS
6369 Control Center, Client dialog boxes and properties pages for
6370 executables display a consistent OpenAFS version number. Installation
6371 detects previous installation and prompts the user for upgrade
6374 * Windows 95/98/ME/NT/2000 - Installation features: During installation
6375 the user can select the source of the CellservDB file, AFS home cell,
6376 and drive mappings. During installation a drive path mapping can
6377 include a variable that will be substituted with the current UserName
6380 * Windows 2000/NT - Integrated logon: The Integrated Logon feature
6383 * Windows 95/98/ME - Logon script features: The Windows 95/98/ME client
6384 now offers a command-line option for starting up the AFS client
6385 without authenication. It is now possilbe to start the AFS client
6386 first and obtain tokens, and map drives all through Windows scripts.
6387 This helps using Windows 95/98/ME client in Kerberos 5 environment.
6389 * Windows 2000/NT - LANA numbers: AFS client now scans the LANA numbers
6390 to establish the correct NETBIOS connection. NetBEUI is no longer
6391 needed. The user no longer needs to find the correct LANA number.
6393 * Windows 2000/NT - OpenAFS naming consistancy: Further progress has
6394 been made to remove references to "Transarc AFS" and replace with
6400 * AFS now builds with configure. The README for building has been
6401 updated and includes full details.
6403 * A client system can now have multiple sysname values for @sys. They
6404 will be searched in order when looking up files in AFS. The
6405 -newsysname argument to fs sysname can be repeated to set multiple
6408 * A new system group is created for new cells (system:ptsviewers with id
6409 -203). If this group exists, members of this group can examine and
6410 read the entire protection database. They can examine all users and
6411 groups and can get the membership of any group.
6413 * A new program, pt_util has been added to the distribution. This
6414 program allows users to print the contents of the protection database
6415 or to edit the protection database without running a ptserver. It can
6416 be used to set up a new cell without ever running in noauth mode. Run
6417 pt_util -h for help.
6419 * The fs setcrypt and fs getcrypt commands have been added. These
6420 commands allow the system administrator to require that the client
6421 encrypt all authenticated traffic between the client workstation and
6422 AFS. The encryption used is weak, but is likely better than sending
6423 unencrypted traffic in most environments. Some functions, such as
6424 looking for a volume may not be encrypted, but data transfer certainly
6425 is. By default data is not encrypted. At this time no significant
6426 experimentation with server performance has been conducted.
6428 * By default AFS is compiled with AFS_AFSDB_ENV, enabling the -afsdb
6429 option to be given to afsd on startup. If this option is used, then
6430 new cells will be looked up using AFSDB records stored in DNS if they
6431 are not found in CellServDB. This means that users can create
6432 cross-cell mountpoints in directories they control to access cells not
6433 in root.afs, and that cells in root.afs need not be in the client's
6436 * AFS database servers can be marked as read-only clones. Surround the
6437 hostname in square brackets on the bos addhost command and the
6438 database server will never be elected sync site. This is useful for
6439 cells distributed over a wide region.
6441 * The AFS servers now support the -syslog flag. This flag causes them
6442 to log to syslog rather than to files. This flag is not supported on
6443 NT. For all servers besides the salvager, the flag can also be
6444 specified as -syslog=facility, where facility is an integer facility
6445 code from syslog.h. A -syslogfacility option is provided for the
6446 salvager to accomplish the same goal.
6448 * If the --enable-fast-restart flag is given when configuring AFS, then
6449 the salvager supports the -dontsalvage flag which causes it to exit
6450 without salvaging any volumes. If this is configured into the third
6451 command of a fs process, then the fileserver will start without
6452 salvaging. It will fail to attach volumes that need salvaging and
6453 they can be salvaged manually. This provides significantly better
6454 server startup performance at the cost of administrative complexity.
6456 * If the --enable-bitmap-later flag is given when configuring AFS, then
6457 the fileserver creates bitmaps for free vnodes on demand, allowing
6460 * If bosserver finds a BosConfig.new file at startup, it reads this file
6461 and renames it to BosConfig. This allows bosserver to be reconfigured
6464 * The bosserver can be placed in a restricted mode in which AFS
6465 superusers are only granted limited access to the server host. The
6466 following functionality is disabled when restricted mode is in use:
6469 bos getlog (except for files with no '/'s in their name)*
6475 specific exceptions are made for functionality that "bos salvage"
6478 A cron bnode who's name is "salvage-tmp", time is now, and command
6479 begins with "/usr/afs/bin/salvager" may be created. This bnode deletes
6480 itself when complete, so no special "delete" support is needed. This
6481 functionality may be removed in the future if a "Salvage" RPC is
6484 The file with the exact path /usr/afs/logs/SalvageLog may be fetched,
6485 since that is how bos salvage [...] -showlog is implimented.
6487 Restricted mode is enabled using a new bos command (bos setrestricted)
6488 or bossever command line switch (bosserver -restricted). Restricted
6489 mode can be disabled by a) sending the bosserver process a SIGFPE
6490 (which will then allow restricted operations until the next restart or
6491 setrestricted command) or b) editing /usr/afs/local/BosConfig (or
6492 BosConfig.new), and restarting the bosserver.
6494 * The bos UserList of trusted administrators can now contain cross-realm
6495 Kerberos principals.
6497 * udebug now takes --server not --servers.
6499 * Several error messages have been improved to include volume numbers.
6501 * Several new ports have been included for UNIX platforms: Darwin
6502 (ppc_darwin_12 and ppc_darwin_13), Linux 2.4 (i386_linux24), Linux on
6503 the Powerpc (ppc_linux22 and ppc_linux24), Linux on the Sparc
6504 (sparc_linux22, sparc64_linux22 and sparc64_linux24).
6506 * Incomplete FreeBSD and Alpha Linux ports are included. The FreeBSD
6507 port has a working server and the Alpha Linux port has a partially
6510 * A native client for Windows 95/98/ME has been added to the
6511 distribution. With this program, a gateway machine is no longer
6512 required for Windows 9x to access AFS files. One drive letter will be
6513 created on your machine by default - Z:. The Z: drive will be the
6514 root of the AFS tree, allowing you to browse all sites that have AFS
6515 servers available. Additional drive letters can be defined for other
6516 AFS directories. A Windows Explorer shell extension is included that
6517 allows you to right click on items within an AFS tree to bring up an
6518 "AFS" menu item and perform various operations on a file or directory.
6519 The most useful item is "Access Control Lists", which allows you to
6520 view and edit the permissions of a particular directory. Command line
6521 tools are also available in the install directory. These commands
6522 include klog, unlog, tokens, kpasswd, symlink, fs and pts. The
6523 installable includes a readme file that contains more information on
6524 how to use the client program and known issues.
6526 * Support for large caches in afsd. Cachefiles are stored in
6527 subdirectories. The default is 2048 files per subdirectory, which
6528 should work fine in most situations. You can use the new afsd option
6529 -files_per_subdir to change this number. Note that the first time you
6530 run afsd with this patch, your cachefiles will get moved into
6531 subdirectories. If you subsequently run an older version of afsd, you
6532 will lose all your cached files.
git://git.openafs.org / openafs.git / blob