1 openafs (1.5.73.3-1) experimental; urgency=low
3 This version of the OpenAFS client is built with experimental
4 disconnected support. This support should not change the normal
5 operation of the client unless it is used. If you wish to use it,
6 please be aware that it is an experimental feature, may not work
7 correctly, and may lose data. Disconnected mode is configured through
8 the fs discon command, which is not yet documented.
10 The communication protocol between afsd (in openafs-client) and the
11 OpenAFS kernel module has changed in 1.5. You must upgrade your kernel
12 module to a 1.5.x kernel module when using this or newer versions of
13 openafs-client, or OpenAFS will not start correctly.
15 -- Russ Allbery <rra@debian.org> Tue, 06 Apr 2010 14:51:38 -0700
17 openafs (1.4.10+dfsg1-1) unstable; urgency=high
19 This release of OpenAFS contains security fixes in the kernel module.
20 Be sure to also upgrade openafs-modules-source, build a new kernel
21 module for your system following the instructions in
22 /usr/share/doc/openafs-client/README.modules.gz, and then either stop
23 and restart openafs-client or reboot the system to reload the kernel
26 -- Russ Allbery <rra@debian.org> Mon, 06 Apr 2009 15:51:14 -0700
28 openafs (1.4.2-6) unstable; urgency=medium
30 As of this release of the OpenAFS kernel module, all cells, including
31 the local cell, have setuid support turned off by default due to the
32 possibility of an attacker forging AFS fileserver responses to create a
33 fake setuid binary. Prior releases enabled setuid support for the local
34 cell. Those binaries will now run with normal permissions by default.
36 This security fix will only take effect once you've installed a kernel
37 module from openafs-modules-source 1.4.2-6 or later. Doing so is highly
38 recommended. In the meantime, you can disable setuid support by
41 fs setcell -cell <localcell> -nosuid
43 as root (where <localcell> is your local cell, the one listed in
44 /etc/openafs/ThisCell).
46 If you are certain there is no security risk of an attacker forging AFS
47 fileserver responses, you can enable setuid status selectively using the
50 -- Russ Allbery <rra@debian.org> Sun, 11 Mar 2007 22:28:07 -0700