./filesystems/openafs, File system for sharing, scalability and transparent data migration

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 1.6.15, Package name: openafs-1.6.15, Maintainer: gendalia

AFS is a distributed filesystem product, pioneered at Carnegie Mellon
University and supported and developed as a product by Transarc
Corporation (now IBM Pittsburgh Labs). It offers a client-server
architecture for file sharing, providing location independence,
scalability and transparent migration capabilities for data. IBM
branched the source of the AFS product, and made a copy of the source
available for community development and maintenance. They called the
release OpenAFS.

Package options: namei, server, supergroups

Master sites:

SHA1: f6d300a408943a1f3edada4d12a8f0b60635d839
RMD160: b88ff1914fa5566649f218aec063a0b1be1fc54a
Filesize: 14050.974 KB

Version history: (Expand)

CVS history: (Expand)

   2015-11-04 18:41:21 by Alistair G. Crooks | Files touched by this commit (78)
Log message:
Remove duplicate SHA512 digests that crept in.
   2015-11-03 01:15:02 by Alistair G. Crooks | Files touched by this commit (39)
Log message:
Add SHA512 digests for distfiles for filesystems category

Existing SHA1 digests verified, all found to be the same on the
machine holding the existing distfiles (morden).  Existing SHA1
digests retained for now as an audit trail.
   2015-10-28 20:43:01 by Jonathan A. Kollasch | Files touched by this commit (2) | Package updated
Log message:
update openafs to 1.6.15

OpenAFS 1.6.15 (Security Release)

  All client and server platforms

    * Fix for OPENAFS-SA-2015-007 "Tattletale"

      When constructing an Rx acknowledgment (ACK) packet, Andrew-derived
      Rx implementations do not initialize three octets of data that are
      padding in the C language structure and were inadvertently included
      in the wire protocol (CVE-2015-7762).  Additionally, OpenAFS Rx in
      versions 1.5.75 through 1.5.78, 1.6.0 through 1.6.14, and 1.7.0
      through 1.7.32 include a variable-length padding at the end of the
      ACK packet, in an attempt to detect the path MTU, but only four octets
      of the additional padding are initialized (CVE-2015-7763).
   2015-09-29 18:58:02 by Jonathan A. Kollasch | Files touched by this commit (2) | Package updated
Log message:
Update openafs to 1.6.14.

                       User-Visible OpenAFS Changes

OpenAFS 1.6.10

  All platforms

    * Don't hide the "version" subcommand in help output (11214)

    * Documentation improvements (11126 11216 11222 11223 11225 11226)

    * Improved diagnostics and error messages (11154 11246 11247 11249 11181
      11182 11183)

    * Build system improvements (11158 11221 11224 11225 11227..11241 11282
      11342 11350 11353 11242 11367 11392)

    * Avoid potentially erratic behaviour under certain error conditions by
      either avoiding or at least not ignoring them, in various places (11008
      11010..11065 11112 11148 11196 11530)


    * Support releases 9.3 and 10.1 (11368 11369 11402 11403 11404)

    * Makes a disk cache more likely to work on FreeBSD, though such
      configurations remain not very tested (11448)

  All server platforms

    * Added volscan(8) (11252..11280 11387 11388)

    * Fixed a bug causing subgroups not to function correctly if their
      ptdb entry had more than one continuation entry (11352)

    * Logging improvements (10946 11153)

    * Allow log rotation via copy and truncate (11193)

    * Avoid a server crash during startup only observed on a single platform
      and when using a 3rd party library under certain circumstances, which is
      a collateral effect of the security improvements introduced in OpenAFS
      release 1.6.5 (11075) (RT #131852)

  All client platforms

    * Raised the free space reported for /afs to the maximum possible value of
      just under 2 TiB - the old value was 9 GiB on most platforms (10984)

    * Reduced the amount of stack space used (11162 11163 11203 11164..11167
      11338 11339 11364..11366 11381)

    * Sped up a periodic client task which could be problematically slow
      on systems with a large number of PAGs and files in use (11307)

    * Fixed failure of the up command with large ACLs (11111)

    * Avoid a potential crash of aklog (11218)

    * Avoid potential crashes of scout and xstat_fs_test (11155)

  Linux clients

    * Support kernels up to 3.16 (11308 11309)

    * Fixed a regression introduced in OpenAFS release 1.6.6 that made
      checking for existing write locks incorrectly fail on readonly volumes

    * Fixed a regression introduced in OpenAFS release 1.6.8 that could
      cause VFS cache inconsistencies when a previously-accessed directory
      entry was removed and recreated with the same name but pointing to a
      different file on another client (11358)

    * Use the right path to depmod in Red Hat packaging to avoid dependency
      calculation incorrectly failing unless a link /sbin -> /usr/sbin is
      present on the system performing it (11171) (RT #131860)

    * Do not ignore kernel module build errors (11205)

                       User-Visible OpenAFS Changes

OpenAFS 1.6.11

  All platforms

    * Allow aklog to succeed creating native K5 tokens even when mapping
      the K5 principal to a K4 one fails (11538)

    * Build fixes (11435 11636)

  All client platforms

    * Avoid a potential kernel panic due to connection reference overcounts
      (11645) (RT #131885)

    * Avoid potential corruption of files written using memory mapped I/O
      when the file is larger than the cache (11656) (RT #131976)

  Linux clients

    * Support kernels at least up to 3.19 (11549 11550 11569 11570 11595
      11658..11662 11694 11752)

      Note: By default this excludes kernels 3.17 to 3.17.2, which will leak
            an inode reference when an error occurs in d_splice_alias(). The
            module will build and work, but leak kernel memory, leading to
	    performance degradation and eventually system failure due to
	    memory exhaustion. Since it's impossible to detect this condition
	    automatically, the switch --enable-linux-d_splice_alias-extra-iput
	    must be passed to configure when building the module for those
	    kernels. The same would be necessary for any kernel with backports
	    of commit 908790fa3b779d37365e6b28e3aa0f6e833020c3 or commit
	    95ad5c291313b66a98a44dc92b57e0b37c1dd589 but not the fix in commit
	    51486b900ee92856b977eacfc5bfbe6565028070 in the linux-stable repo
	    (git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git) or
	    the corresponding changes on other branches.

    * Fixed a regression introduced in OpenAFS release 1.6.10 which could
      make the spurious "getcwd: cannot access parent directories" problem
      return (11558 11568) (RT #131780)

    * Avoid leaking memory when scanning a corrupt directory (11707)

  OS X clients

    * Support OS X 10.10 "Yosemite" (11571 11572 11611) (RT #131946)

  Solaris clients

    * Avoid reading random data rather than correct cache content when using
      ZFS as the cache file system on Solaris >= 11, and fix potential similar
      problems on other platforms (11713 11714)


    * Build fix for releases >= 11.0 (11610)


    * Support release 5.4 (11700)

                       User-Visible OpenAFS Changes


  Linux clients

    * Support kernels up to 4.0 (11760 11761)

  FreeBSD clients

    * Fixed kernel module build on systems with an updated clang which no
      longer accepts the -mno-align-long-strings as a no-op (11809)
                       User-Visible OpenAFS Changes

OpenAFS 1.6.12

  All server platforms

    * Avoid database corruption if a database server is shut down and then
      brought up again quickly with an altered database (11773 11774)
      (RT #131997)

  All client platforms

    * Fixed a potential buffer overflow in aklog (11808)

    * Avoid a bogus warning regarding the checkserver daemon, which could be
      logged during startup when the cache initialization was very fast (11680)

    * Added documentation of the inaccuracy of the 'partition' field in
      'fs listquota' output for partitions larger than 2 TiB (11626)

  Linux clients

    * Support kernels up to 4.1 (11872 11873)

    * Avoid spurious EIO errors when writing large chunks of data to
      mmapped files (11877)

  OS X

    * Build fixes required at least on OS X 10.10 Yosemite with the latest
      XCode (11859 11876 11842..11845 11863 11878 11879)

                       User-Visible OpenAFS Changes

OpenAFS 1.6.13

  All server platforms

    * Fix for CVE-2015-3282: vos leaks stack data onto the wire in the
      clear when creating vldb entries

    * Workaround for CVE-2015-3283: bos commands can be spoofed, including
      some which alter server state

    * Disabled searching the VLDB by volume name regular expression to avoid
      possible buffer overruns in the volume location server

  All client platforms

    * Fix for CVE-2015-3284: pioctls leak kernel memory

    * Fix for CVE-2015-3285: kernel pioctl support for OSD command passing
      can trigger a panic

  Solaris clients

    * Fix for CVE-2015-3286: Solaris grouplist modifications for PAGs can
      panic  or overwrite memory

                       User-Visible OpenAFS Changes

OpenAFS 1.6.14

  All server platforms

    * Prior to the OpenAFS security release 1.6.13, the Volume Location
      Server (vlserver) RPC VL_ListAttributesN2() supported wildcard volume
      name lookups via regular expression (regex) pattern matching. This
      support was completely disabled in 1.6.13 because it was judged to be
      a security risk due to buffer overruns in the implementation, as well
      as the possibility of denial of service attacks where certain regular
      expressions could cause excessive CPU usage in some regex

      Unfortunately, after 1.6.13 was released, it was discovered that
      the native OpenAFS 'backup' system uses the VL_ListAttributesN2()
      regex support to evaluate configured volume sets. If you use the
      OpenAFS 'backup' system (or another backup system which relies on it,
      such as Tivoli Storage Manager (TSM, aka Tivoli ADSM)), and are using
      volume sets which require regular expressions for the volume name,
      then those volume sets cannot be resolved by OpenAFS 1.6.13. The next
      paragraph provides details on how to identify any affected volume sets.

      OpenAFS backup volume sets may be described by fileserver, partition
      name, and volume name. The fileserver and partition specifications
      never require regular expression support. The volume name specification
      always requires regular expression support except for when specifying
      _all_ volumes via two special cases: the universal wildcard \ 
".*", or "".
      For example, volume name "proj" or "*.backup" or \ 
"homevol.*" all
      require regex support - even if the specification contains no wildcard
      characters and/or exactly matches an existing volume name.

      As a result of this issue, OpenAFS 1.6.14 replaces the 1.6.13 changes
      to VL_ListAttributesN2. 1.6.14 prevents the buffer overruns and
      reenables the regex support, but restricts it to OpenAFS super-users
      and -localauth only. This is sufficient to restore the OpenAFS 'backup'
      system's ability to work correctly with any previously supported volume
      set. The OpenAFS 'backup' commands are already documented to require
      super-user authorization, so this restriction is moot for the backup

      There are no other direct consumers of the VL_ListAttributesN2() regex
      support in the OpenAFS tree. However, the VL_ListAttributesN2 RPC is
      publicly accessible and might be used by third party tools directly or
      indirectly via OpenAFS's libadmin. Any such tools that issue
      VL_ListAttributesN2 RPCs must now be executed using super-user or
      -localauth tokens.

      None of the other security fixes in OpenAFS 1.6.13 are known to have
      any issues, and are still included unchanged in OpenAFS 1.6.14.

      If there are any questions concerning the possible impact of OpenAFS
      1.6.13 or 1.6.14 at your site, please contact your OpenAFS support
      provider or the openafs-info@openafs.org mailing list for further
   2014-06-13 01:44:04 by Tracy Di Marco White | Files touched by this commit (2)
Log message:
Upgrade to OpenAFS 1.6.9

OpenAFS 1.6.9

  All server platforms

    * Fix for OPENAFS-SA-2014-002

OpenAFS 1.6.8

  All platforms

    * Documentation improvements (10751 10875 10931 10897 10883 10954 10955)

    * Improved diagnostics and error messages (10756 10814 10949)

    * Fixed a bug in RX that could make errors during packet reception go
      unnoticed. (10733)

    * Fixed a bug that made "vos size -dump" display the wrong size for
      large volumes. (10933)  (RT #131819)

  All server platforms

    * Change the default fileserver sync behavior from "delayed" to \ 
      This means that explicit syncing only happens when a volume is detached.

    * Added the -offline-timeout and -offline-shutdown-timeout options to the
      fileserver, to implement interrupting clients accessing volumes we are
      trying to take offline. (6266 10799)
   2014-04-16 19:51:43 by Tracy Di Marco White | Files touched by this commit (2)
Log message:
Upgrade OpenAFS to 1.6.7:
OpenAFS 1.6.7

  All server platforms

    * Fix for OPENAFS-SA-2014-001

    * Fix for a potential DOS attack against RX servers
   2014-03-11 15:05:19 by Jonathan Perkin | Files touched by this commit (350)
Log message:
Remove example rc.d scripts from PLISTs.

These are now handled dynamically if INIT_SYSTEM is set to "rc.d", or
ignored otherwise.
   2014-02-21 22:33:51 by Tracy Di Marco White | Files touched by this commit (8) | Package updated
Log message:
Upgrade OpenAFS to 1.6.6.
Remove unused options bos-new-config, fast-restart, & largefile.
Remove patches fixed upstream.

OpenAFS 1.6.6

  All platforms

    * As of this release, OpenAFS no longer ships uncompressed source tarballs.
      Tarballs are still shipped with both compression formats, gzip and bzip2.

    * Documentation improvements (10136 10314 10601)

    * Improved diagnostics and error messages (9412 10085 10274)

    * Avoid redefining "assert" in our public header files, which could
      cause failures when building some applications using them. (10096)

    * Fixes for parallel builds (10005 10309 10337)

    * Added a -s switch to afscp (not installed by default) to help simulate
      a slow client. (9416 9417)

    * Added a -probe switch to vlclient test program (not installed by default)
      to ping all vlservers in a cell in parallel. (9570)

  All server platforms
    * The fileserver now ignores any vice partitions with a NeverAttach flag
      file present in the root directory. (RT #130561) (9470 9471)

    * Restrict forcing CPS ("Current Protection Subdomain") \ 
recalculation in
      the fileserver to administrators. Also fixed a bug that could cause this
      operation to be incomplete. (9485 9487)

    * Allow non-DAFS fileservers to attach unusable volumes, restoring pre-1.6
      behaviour. (RT #131505) (9499)

    * Restored the pre-1.6 behaviour when running vos examine for a volume
      currently in a transaction, showing the volume as busy again rather than
      offline. (9685 9915 9916)

    * Reduced the minimum time a bos salvage takes from 5 seconds to 1. (9476)

    * Fixed buserver to not segfault when started with the -servers option.
      (RT #131706) (10166)

    * Salvager fixes, addressing a wide variety of possible problems from
      unnecessary salvaging to aborts (9282 9283 9457 9458 9459 9461 9462 9480
      9481 10165 10167)

    * Fixed a bug that could cause saved state information to be discarded
      when restarting a large or busy fileserver, which negatively impacted
      performance. (9683)

    * Fixed a bug that could have caused undefined behaviour in the vlserver
      in rare cases when a fileserver registered its addresses in the VLDB.

    * Added the -preserve-vol-stats switch to volserver, allowing it to keep
      the access statistics across volume restore and reclone operations
      instead of resetting them. (9477)

    * Inserted an exponential delay between retries when bosserver attempts to
      restart a server process. (9571 10199)

    * Improved vldb_check (not installed by default) to cope with broken
      vlentry names and volids, and provide more output to aid debugging.

    * Releasing a volume after adding a new RO site no longer touches any of
      the existing RO sites, if the RW data hasn't changed since the last
      release. (10174)

    * Make the copyDate field for RO clones have the same meaning as for
      remote RO volumes. Previously, the copyDate field for clones was updated
      every time we released. (9451)

    * Fixed potentially undefined behaviour in ptserver when too many pts
      ids are allocated. (10124)

    * Note that the server side NAT pings feature present in the prereleases
      was removed before the final release, since no positive feedback
      was provided during prerelease testing. (9420 10135)

  Linux servers

    * Start bosserver with -nofork in the systemd unit file, to allow systemd
      to track its state (10093)

  All client platforms

    * No longer track file locks on read-only volumes. Write locks can't
      succeed, read locks always will. Avoids log messages about this kind
      of lock. (8910)

    * Added the "fs flushall" subcommand, which makes the client \ 
discard all
      cached data. This was previously available on Windows only. (9065 9388
      9389 9390)

    * Fixed a bug that could make the client incorrectly believe its cache
      is up to date. This change could negatively impact AFS <-> DFS
      translators, should those still be running anywhere. (8898)

    * Several changes to avoid panicing in certain error conditions.
      (9131 9287 10354 10355 10356 10357) (partially addressing RT #131747)

    * Added the -rxmaxfrags switch to afsd, allowing to limit the number
      of UDP fragments sent or received per RX packet. (9430)

    * Build fixes for aklog on several platforms (RT #131716) (9917 10107 10275)

    * Require that the AFS mountpoint specified in the cacheinfo file is
      an absolute path. Relative paths result in a client that basically
      works but is not fully functional. (10253)

    * Fixed a bug that could cause one of the afsd threads to enter an infinite
      loop (10431 .. 10436)

  Linux clients

    * Support Linux kernels up to 3.13 (10241)

    * Fixed a bug that made readv/writev calls in AFS space fail with Linux
      kernels where generic_file_aio_read exists but those operations have
      not been switched to using aio_read/aio_write. This was a regression
      introduced with release 1.6.3 and affected at least RHEL 5.9 kernels.

    * Fixed a similar bug making core dumps fail in AFS space, affecting
      a much wider range of kernels including the most recent ones.
      (RT #131729) (10254)

    * Enhanced the keyring code to make PAGs work correctly on kernels with a
      distribution specific change to the Linux keyring code. This affected at
      least SLES 11 SP3 kernels. (10252)

    * Fixed a bug that could make failures during PAG instantiation go
      unnoticed. (10255)

    * Fixed a bug that made compilation fail for Linux kernels without
      keyring support. This affected at least the SLE 10 SDK and an
      OEM version of SLES 11 SP1. (10325)

    * Fixed build for kernels with user namespace support enabled. Likely
      to be required for Ubuntu 14.04 and eventually other distributions.
      (10456 10457 10458 10518 10472)

    * Support RHEL 6.5 kernels, and possibly others with changes backported
      from recent mainline kernels that touch getname/putname, by no longer
      using those functions. Previously, the client could cause a kernel
      panic when syscall auditing was enabled. (10578)

    * Make tmpfs usable as the cache filesystem again. This had been broken
      since kernel 3.1 (9950 10193)

    * When starting the client fails, clean up the backing device information
      created in sysfs, to avoid error messages during a subsequent start
      and possible system instability later on (10454)

    * Update Red Hat packaging to support Fedora >= 20, RHEL >= 7 and
      ELrepo kernels (10597 10619 10622 10703 10704)

  OS X Clients

    * Support OS X 10.9 "Mavericks" (10519 10541 10542 10543 10548 10549)

  AIX clients

    * Fixed a bug that caused the 1.6 AIX client to never receive any RX
      packets in the kernel. (RT #131725)

  FUSE client

    * Support Solaris 11 (9454 9455)

    * Allow other users to access filesystems mounted by root. (9452)


    * Build tvolser and dvolser on this platform (10122)
    * Several fixes to catch up with newer releases (10374 .. 10381)


    * Build tsalvaged, tvolser and dvolser on this platform (10121)
    * Fixed build on NetBSD 5 and newer. (10138)