Upstream changes:
0.051 2013-12-20 07:34:14 America/New_York
[FIXED]
- Fixed file order bug in the new test file
0.050 2013-12-20 07:27:20 America/New_York
[FIXED]
- Recursive iteration won't throw an exception if a directory is
removed or unreadable during iteration.
0.049 2013-12-12 00:48:01 America/New_York
[FIXED]
- Generates filename for atomic writes independent of thread-ID.
Fixes crashing bug on Win32 when fork() is called.
0.048 2013-12-11 21:56:23 America/New_York
[ADDED]
- Added 'subsumes' method
[CHANGED]
- The 'chomp' option for 'lines' will remove any end-of-line sequences
fully instead of just chomping the last character
- The 'flock' package will no longer indexed by PAUSE
[FIXED]
- Hides warnings and fixes possible fatal errors from pure-perl Cwd,
particularly on MSWin32
Upstream changes:
0.047 2013-11-26 15:11:13 America/New_York
[FIXED]
- Previous lock testing fixes broke on Windows (sigh); now fixed,
I hope.
0.046 2013-11-22 17:07:24 America/New_York
[FIXED]
- Revised locking tests for portability again: locks are now tested
from a separate process
0.045 2013-11-22 15:28:50 America/New_York
[FIXED]
- Fixed locking test on AIX
Upstream changes:
0.044 2013-10-17 17:00:41 America/New_York
[FIXED]
- Fixed child path construction against the root path.
- Fixed path construction when a relative volume is provided as the
first argument on Windows; e.g. path("C:", "lib") must be like
path("C:lib"), not path("C:/lib").
- On AIX, shared locking is replaced by exclusive locking on a R/W
filehandle, as locking read handles is not supported
0.043 2013-10-14 06:24:06 America/New_York
[CHANGED]
- Calling 'absolute' on Windows will add the volume if it is missing
(E.g. "/foo" will become "C:/foo"). This matches the behavior
of File::Spec->rel2abs.
[FIXED]
- Fixed t/00-report-prereqs.t for use with older versions of
CPAN::Meta::Requirements
0.042 2013-10-13 11:02:02 America/New_York
[FIXED]
- When 'realpath' can't be resolved (because intermediate directories
don't exist), the exception now explains the error clearly instead of
complaining about path() needing a defined, positive-length argument.
- On Windows, fixed resolution of relative paths with a volume.
E.g. "C:foo" is now correctly translated into getdcwd on "C:"
plus "foo".
0.041 2013-10-11 08:56:31 America/New_York
[FIXES]
- Removes duplicate test dependency on File::Spec that triggers
a CPAN.pm bug
0.040 2013-10-08 22:01:50 America/New_York
[FIXES]
- Fixed broken locking test on *bsd
- When using 'filehandle' to request a locked handle that truncates an
existing file and has a binmode starting with ":unix", this fixes a
bug where pseudo-layers weren't being cleared properly.
0.039 2013-10-08 16:39:23 America/New_York
[ADDITIONS]
- The 'filehandle' method now offers an option to return locked handles
based on the file mode. Input-output methods now rely on this
feature internally. Truncating file modes defer truncation until
after an exclusive lock is acquired.
[FIXES]
- The 'filehandle' method now respects default encoding set by
the caller's open pragma.
0.038 2013-10-01 18:20:05 America/New_York
[ADDITIONS]
- Added 'is_rootdir' method to simplify testing if a path is
the root directory
0.037 2013-09-25 13:00:25 America/New_York
[FIXES]
- Fixed for v5.8
0.036 2013-09-25 09:34:28 America/New_York
[PREREQS]
- No longer lists 'threads' as a prerequisite. If you have a threaded
perl, you have it and if you're not, Path::Tiny doesn't care.
0.035 2013-09-24 07:21:55 America/New_York
[FIXED]
- Fixed flock warning on BSD that was broken with the autodie
removal; now also applies to all BSD flavors
0.034 2013-09-23 16:16:36 America/New_York
[INCOMPATIBLE CHANGE]
- Exceptions are now Path::Tiny::Error objects, not autodie exceptions;
this removes the last dependency on autodie, which allows us to
support Perls as far back as v5.8.1
[FIXED]
- BSD/NFS flock fix was not backwards compatible before v5.14. This
fixes it harder.
[PREREQS]
- dropped autodie
- lowered ExtUtils::MakeMaker configure_requires version to 6.17
0.033 2013-09-12 08:54:30 America/New_York
[FIXED]
- Perl on BSD may not support locking on an NFS filesystem. If this is
detected, Path::Tiny warns and continues in an unsafe mode. The
'flock' warning category may be fatalized to die instead.
[DOCUMENTED]
- Added 'iterator' example showing defaults
0.032 2013-09-06 17:52:48 America/New_York
[PREREQS]
- Removed several test dependencies. Path::Tiny now only needs
core modules, though some must be upgraded on old Perls
Changes since 1.6.2:
OpenAFS 1.6.5
commit 5f5b02a57102af1a85fb9bdaaec31b6094d0c9c4
Author: Michael Meffie <mmeffie@sinenomine.net>
Date: Wed Jul 17 23:10:42 2013 +0100
ubik: Fix encryption selection in ugen
Make sure that we encrypt when requested to by the application
Change-Id: If4c2ba2257bf060d3e9169ccdbcae54f54dfe5d7
commit 0e41558190a5190dee3037c08e8df31e61e5134e
Author: Simon Wilkinson <sxw@your-file-system.com>
Date: Tue Jul 16 19:37:00 2013 +0100
Make OpenAFS 1.6.5
Change-Id: I693297ef6e20358966930cb29116d45b9151811f
commit 9e1c24a583634e6102091388dedc47745efce78a
Author: Ben Kaduk <kaduk@mit.edu>
Date: Sat Jul 13 10:49:27 2013 +0100
Add support for deriving DES keys to klog.krb5
(cherry picked from commit e79102e7918ce5196e870a806879135743ec3abb)
Change-Id: Ia7ebfdd10dcfd6cd164b10275016147630748bac
commit 4b7553600a7659d117df0bde7b1c1dfde031deb8
Author: Andrew Deason <adeason@sinenomine.net>
Date: Wed Jul 10 12:52:28 2013 -0500
Reload rxkad.keytab on CellServDB modification
Make the reloading of rxkad.keytab keys occur in the same way that
KeyFile keys are reloaded. That is, we only try to reload them if the
CellServDB mtime has changed. This is intended to have exactly the
same reloading behavior as KeyFile reloads.
I would have triggered this from afsconf_Check, but that approach
has annoyances. (Calling ticket5_keytab functions directly from
cellconfig pulls in libkrb5 dependencies for everything that uses
cellconfig, and we'd have to trigger an afsconf_Check call by calling
some other cellconfig function.)
9102f49a3bdc67ed74e254349eb55b529472f45c
commit d2024c158e3a879305ff17cf726d3958f20677f4
Author: Andrew Deason <adeason@sinenomine.net>
Date: Mon Jun 10 17:49:12 2013 -0500
Avoid calling afsconf_GetLatestKey directly
Don't call afsconf_GetLatestKey to determine whether we can print our
own local tokens, since we may have keytab 'local' keys, but no DES
keys. Just try to construct them and see if it fails, using
afsconf_PickClientSecObj or afsconf_ClientAuth{,Secure} as
appropriate.
commit d4788f6e283b79a1b974dda1e8fae213efd34930
Author: Andrew Deason <adeason@sinenomine.net>
Date: Mon Jun 10 17:15:27 2013 -0500
auth: Do not always fallback to noauth
Make afsconf_PickClientSecObj error out if we can't construct
localauth tokens (unless the caller explicitly requested rxnull
fallback). afsconf_ClientAuth{,Secure} still falls back, as always.
commit 95d57c74476c5a02ce6d9ca913dcbf88ac5c1143
Author: Ben Kaduk <kaduk@mit.edu>
Date: Tue May 14 19:37:59 2013 -0400
Clean up akimpersonate and use for server-to-server
Since a6d7cacfd, aklog has been able to print a krb5 ticket to
itself for an arbitrary client principal, allowing a user with
access to the cell's krb5 key to get tokens as an arbitrary user.
Now that it is possible to use native krb5 tickets with non-DES
enctypes for authentication, and akimpersonate is available from libauth,
use printed native krb5 tickets for server-to-server communication (as well
as the -localauth versions of the client utilities).
Remove the early call to afsconf_GetLatestKey() in
afsconf_PickClientSecObj() so that we do not end up picking an old DES
key before we try to find a better key to use.
Before doing so, refactor the akimpersonate code to be more usable
and readable, and eliminate some dead code. For example, we always printed
addressless tickets, so that code could be removed. Other code had excessive
stack usage for a library routine, which is eliminated. Use a start time
of 0 instead of 300 so that the printed ticket will always be
detected as infinite-lifetime.
In order to ensure usability on all platforms (in particular Solaris),
provide a couple more compat shims to implement routines which are not
always available from the krb5 library, in particular encode_krb5_ticket
and encode_krb5_enc_tkt_part. Thanks to Andrew Deason for implementing
these compatability routines.
UKERNEL doesn't need this stuff.
commit 15b77552b22e3ff3e7478008673775a45047f600
Author: Alexander Chernyakhovsky <achernya@mit.edu>
Date: Tue May 14 18:12:08 2013 -0400
Move akimpersonate to libauth
Give it its own source file and header, install the header at
depinstall time, and have aklog get the akimpersonate functionality
from libauth.
Keep the linux box copyright from aklog_main.c (but strip the trailing
whitespace), as that block was added with the akimpersonate code.
Remove all calls to afs_com_err() as is fitting for library code,
to let it build. Do not bother removing curly braces which are
no longer needed; a future cleanup commit will catch that.
commit 1c7fa1405940a136a992d65023cc690b1111ab3e
Author: Chaskiel Grundman <cg2v@andrew.cmu.edu>
Date: Sun Mar 17 21:58:47 2013 -0400
Derive DES/fcrypt session key from other key types
If a kerberos 5 ticket has a session key with a non-DES enctype,
use the NIST SP800-108 KDF in counter mode with HMAC_MD5 as the PRF to
construct a DES key to be used by rxkad.
To satisfy the requirements of the KDF, DES3 keys are first compressed into a
168 bit form by reversing the RFC3961 random-to-key algorithm
Change-Id: I4dc8e83a641f9892b31c109fb9025251de3dcb27
commit 33eecea7db14d06c59e1081b970d4caf0af773ca
Author: Chaskiel Grundman <cg2v@andrew.cmu.edu>
Date: Sun Feb 10 13:27:03 2013 -0500
Integrate keytab-based decryption into afsconf_BuildServerSecurityObjects
Now all servers can have it.
authcon.o grows a krb5 dependency and needs to get KRB5_CPPFLAGS.
Change-Id: I95fecb3f88c19b3d5193ea8200fa20c86ec08ad7
commit 14db1a40e5be3b7325951d002885bbf288d570c1
Author: Chaskiel Grundman <cg2v@andrew.cmu.edu>
Date: Sat Feb 9 12:42:20 2013 -0500
New optional rxkad functionality for decypting krb5 tokens
An additional, optional mechanism for decrypting krb5-format tokens
is provided that uses the krb5 api with a key from a keytab
instead of using libdes and the AFS KeyFile.
The AIX compat stub for krb5_c_decrypt is contributed by Andrew Deason.
Change-Id: I97c08122c60482b84d602d6fa6482f1d5deef142
commit 5e0cbc930508a697331bad07cc201c1e1985ff84
Author: Chaskiel Grundman <cg2v@andrew.cmu.edu>
Date: Sat Feb 9 12:01:37 2013 -0500
Add rxkad server hook function to decrypt more types of tokens
Allow tokens to be encrypted with algorithms other than DES.
The security object owner must provide an implementation
by calling rxkad_SetAltDecryptProc.
Make sure plainsiz is initialized before calling the alternate decrypt
proc.
User-Visible OpenAFS Changes
OpenAFS 1.6.4
All platforms
* Obey the jumbo/nojumbo settings for ubik servers (the DB servers)
too. In previous releases, those servers may have used jumbograms
even if they were not configured to do so. This change corrects
the actual behaviour, and will improve performance and reliability
for sites where jumbograms are problematic. It could cause a decrease
in performance for sites where jumbograms work, but those can turn
them back on manually.
* Dozens of fixes for common coding problems like use after free,
use of possibly uninitialised memory, reading or writing past the
end of arrays and potential NULL pointer derefences. Spotted by
code analysis tools or human inspection.
* Documentation improvements.
* Fixes and improvements to the diagnostic or log messages printed by
vos, the fileserver and others.
* Build fixes, making parallel builds more reliable with certain
configuration options and helping various platforms including
recent releases of IRIX, Solaris and several flavours of Linux.
* Avoid sending a small amount of data over the wire unencrypted
under certain conditions, and emit the correct error message in
this case.
All server platforms
* Avoid generating duplicate IDs for readonly and backup volumes,
which could happen under certain conditions.
* Allow the fileserver to return volume data like quota or free space,
which is available publicly elsewhere, without the additional access
check for read permissions on a volume's root directory the fileserver
performed before.
* The fileserver now emits a log message when it ran out of memory for
callbacks.
* Avoid several potential fileserver problems, including memory
corruption and segmentation faults, due to client bookkeeping.
* Avoid known cases of silent data corruption due to background syncs
on the fileserver, especially during Copy on Write.
* Make the fileserver sync behaviour runtime configurable. Up to 1.4.5,
we had synchronous syncs which were safe but really slow. Since 1.4.5,
we've had asynchronous syncs which are much faster but believed to
be the cause of rare data corruption issues, and while all known cases
of these happening are believed to be fixed in the 1.6.3 release, doubts
remain. This change allows choosing between those, and in addition allows
to turn syncs by the fileserver off altogether, thus relying on the vice
partition's backend filesystem and the operating system, or to just
execute them when a volume is detached. The default behaviour is
unchanged from releases since 1.4.5, but it's highly recommended to
consider the additional options this change provides. Future OpenAFS
releases will default to "-sync=none".
* For dbservers, avoid a situation where misinterpreting transient
network errors causes long-term issues with achieving ubik quorum.
All UNIX client platforms
* Improvements to the detection of an aklog-specific krb5 configuration
file, for the purposes of turning on "weak crypto" for aklog.
* Fixed a regression introduced in release 1.6.2 which caused the
supposedly persistent disk cache to be discarded upon client start.
(RT #131655)
Linux clients
* Support Linux kernels up to 3.10
* Fixed two bugs making it impossible to unmount a disk cache filesystem
after it has been used by the client. (RT #131613)
* Fixed a bug that could cause an oops with kernels 3.6 and later
OpenBSD
* Improved support for OpenBSD 4.9 to 5.3
OpenAFS 1.6.3
This release number had to be skipped for technical reasons.
* Improvements for Virtual Machine Image Storage
A number of improvements have been performed to let Gluster volumes provide
storage for Virtual Machine Images. Some of them include:
- qemu / libgfapi integration.
- Causal ordering in write-behind translator.
- Tunables for a gluster volume in group-virt.example.
The above results in significant improvements in performance for VM image
hosting.
* Synchronous Replication Improvements
GlusterFS 3.4 features significant improvements in performance for
the replication (AFR) translator. This is in addition to bug fixes
for volumes that used replica 3.
* Open Cluster Framework compliant Resource Agents
Resource Agents (RA) plug glusterd into Open Cluster Framework
(OCF) compliant cluster resource managers, like Pacemaker.
The glusterd RA manages the glusterd daemon like any upstart or
systemd job would, except that Pacemaker can do it in a cluster-aware
fashion.
The volume RA starts a volume and monitors individual brick?s
daemons in a cluster aware fashion, recovering bricks when their
processes fail.
* POSIX ACL support over NFSv3
setfacl and getfacl commands now can be used on a nfs mount that
exports a gluster volume to set or read posix ACLs.
* 3.3.x compatibility
The new op-version infrastructure provides compatibility with 3.3.x
release of GlusterFS. 3.3.x clients can talk to 3.4.x servers and
the vice-versa is also possible.
If a volume option that corresponds to 3.4 is enabled, then 3.3
clients cannot mount the volume.
* Packaging changes
New RPMs for libgfapi and OCF RA are present with 3.4.0.
* Experimental Features
- RDMA-connection manager (RDMA-CM)
- New Block Device translator
- Support for NUFA
As experimental features, we don?t expect them to work perfectly
for this release, but you can expect them to improve dramatically
as we make successive 3.4.x releases.
* Minor Improvements:
- The Ext4 file system change which affected readdir workloads for
Gluster volumes has been addressed.
- More options for selecting read-child with afr available now.
- Custom layouts possible with distribute translator.
- No 32-aux-gid limit
- SSL support for socket connections.
- Known issues with replica count greater than 2 addressed.
- quick-read and md-cache translators have been refactored.
- open-behind translator introduced.
- Ability to avoid glusterfs bind to reserved ports.
- statedumps are now created in /var/run/gluster instead of /tmp by default.
Upstream changes:
0.031 2013-08-27 10:03:57 America/New_York
[FIXED]
- parent() on paths with internal double dots (e.g. /foo..bar.txt) now works
correctly
0.030 2013-08-20 16:10:04 America/New_York
[FIXED]
- t/zzz-spec.t used getcwd() instead of getdcwd(), which breaks
on Windows if the build directory isn't on the 'C' drive
0.029 2013-08-19 11:52:24 America/New_York
[FIXED]
- On Win32, "C:/" no longer is changed to "C:". Also, "C:" is
converted to the absolute path of cwd on the "C:" volume. UNC paths
("//server/share/") now retain their trailing slash to correctly
distinguish volume and directory paths when split
0.028 2013-08-14 13:12:49 America/New_York
[ADDED]
- The 'children()' method now takes an optional regular expression to
filter the results
Upstream changes:
0.027 2013-07-25 19:38:44 America/New_York
[ADDED]
- Added the 'digest' method to produce a hexadecimal SHA-256
(or user-specified) digest of a file
0.026 2013-07-14 21:25:22 America/New_York
[FIXED]
- Fixed bug where lines() with a count longer than the
file would return undef for the extra lines. Now returns
only the lines in the file if the count is greater than
the number of lines.
0.025 2013-07-10 09:32:13 America/New_York
[FIXED]
- Spew to an existing symlink now atomically replaces
the resolved destination, not the symlink
are replaced with .include "../../devel/readline/buildlink3.mk", and
USE_GNU_READLINE are removed,
* .include "../../devel/readline/buildlink3.mk" without USE_GNU_READLINE
are replaced with .include "../../mk/readline.buildlink3.mk".
into filesystems/p5-MooseX-Types-Path-Tiny.
This module provides Path::Tiny types for Moose. It handles two important
types of coercion:
* coercing objects with overloaded stringification
* coercing to absolute paths
It also can check to ensure that files or directories exist.
filesystems/p5-Path-Tiny.
This module attempts to provide a small, fast utility for working with
file paths. It is friendlier to use than File::Spec and provides easy
access to functions from several other core file handling modules.
It doesn't attempt to be as full-featured as IO::All or Path::Class,
nor does it try to work for anything except Unix-like and Win32 platforms.
Even then, it might break if you try something particularly obscure or
tortuous. (Quick! What does this mean: ///../../..//./././a//b/.././c/././?
And how does it differ on Win32?)
All paths are forced to have Unix-style forward slashes. Stringifying the
object gives you back the path (after some clean up).
File input/output methods flock handles before reading or writing, as
appropriate.
The *_utf8 methods (slurp_utf8, lines_utf8, etc.) operate in raw mode
without CRLF translation. Installing Unicode::UTF8 0.58 or later will speed
up several of them and is highly recommended.
It uses autodie internally, so most failures will be thrown as exceptions.
filesystems/p5-Module-Path.
Module::Path provides a single function, module_path(), which will find
where a module is installed locally.
It works by looking in all the directories in @INC for an appropriately
named file:
* Foo::Bar becomes Foo/Bar.pm, using the correct directory path
separator for your operating system.
* Iterate over @INC, ignoring any references (see "require" in
"perlfunc" if you're surprised to hear that you might find references
in @INC).
* For each directory in @INC, append the partial path (Foo/Bar.pm),
again using the correct directory path separator. If the resulting
file exists, return this path.
* If no file was found, return undef.
I don't think we can assume that ufs headers will be included in all cases
when this file is included, so do it unconditionally. This will fail on
6.99 from before ROOTINO turned into UFS_ROOTINO; if anyone wants to
figure out how to make a more precise check, be my guest.
to address issues with NetBSD-6(and earlier)'s fontconfig not being
new enough for pango.
While doing that, also bump freetype2 dependency to current pkgsrc
version.
Suggested by tron in PR 47882
a) refer 'perl' in their Makefile, or
b) have a directory name of p5-*, or
c) have any dependency on any p5-* package
Like last time, where this caused no complaints.
Release 1.10.0 (2013-05-01)
'''''''''''''''''''''''''''
New Features
------------
- The Welcome page has been redesigned. This is a preview of the design style
that is likely to be used in other parts of the WUI in future Tahoe-LAFS
versions. (`#1713`_, `#1457`_, `#1735`_)
- A new extensible Introducer protocol has been added, as the basis for
future improvements such as accounting. Compatibility with older nodes is
not affected. When server, introducer, and client are all upgraded, the
welcome page will show node IDs that start with "v0-" instead of the old
tubid. See `<docs/nodekeys.rst>`__ for details. (`#466`_)
- The web-API has a new ``relink`` operation that supports directly moving
files between directories. (`#1579`_)
Security Improvements
---------------------
- The ``introducer.furl`` for new Introducers is now unguessable. In previous
releases, this FURL used a predictable swissnum, allowing a network
eavesdropper who observes any node connecting to the Introducer to access
the Introducer themselves, and thus use servers or offer storage service to
clients (i.e. "join the grid"). In the new code, the only way to join a
grid is to be told the ``introducer.furl`` by someone who already knew it.
Note that pre-existing introducers are not changed. To force an introducer
to generate a new FURL, delete the existing ``introducer.furl`` file and
restart it. After doing this, the ``[client]introducer.furl`` setting of
every client and server that should connect to that introducer must be
updated. Note that other users of a shared machine may be able to read
``introducer.furl`` from your ``tahoe.cfg`` file unless you configure the
file permissions to prevent them. (`#1802`_)
- Both ``introducer.furl`` and ``helper.furl`` are now censored from the
Welcome page, to prevent users of your gateway from learning enough to
create gateway nodes of their own. For existing guessable introducer
FURLs, the ``introducer`` swissnum is still displayed to show that a
guessable FURL is in use. (`#860`_)
Command-line Syntax Changes
---------------------------
- Global options to ``tahoe``, such as ``-d``/``--node-directory``, must now
come before rather than after the command name (for example,
``tahoe -d BASEDIR cp -r foo: bar:`` ). (`#166`_)
Notable Bugfixes
----------------
- In earlier versions, if a connection problem caused a download failure for
an immutable file, subsequent attempts to download the same file could also
fail. This is now fixed. (`#1679`_)
- Filenames in WUI directory pages are now displayed correctly when they
contain characters that require HTML escaping. (`#1143`_)
- Non-ASCII node nicknames no longer cause WUI errors. (`#1298`_)
- Checking a LIT file using ``tahoe check`` no longer results in an
exception. (`#1758`_)
- The SFTP frontend now works with recent versions of Twisted, rather than
giving errors or warnings about use of ``IFinishableConsumer``. (`#1926`_,
`#1564`_, `#1525`_)
- ``tahoe cp --verbose`` now counts the files being processed correctly.
(`#1805`_, `#1783`_)
- Exceptions no longer trigger an unhelpful crash reporter on Ubuntu 12.04
("Precise") or later. (`#1746`_)
- The error message displayed when a CLI tool cannot connect to a gateway has
been improved. (`#974`_)
- Other minor fixes: `#1781`_, `#1812`_, `#1915`_, `#1484`_, `#1525`_
Other Changes
-------------
- The provisioning/reliability pages were removed from the main client's web
interface, and moved into a standalone web-based tool. Use the ``run.py``
script in ``misc/operations_helpers/provisioning/`` to access them.
- Web clients can now cache (ETag) immutable directory pages. (`#443`_)
- `<docs/convergence_secret.rst>`__ was added to document the adminstration
of convergence secrets. (`#1761`_)
Upstream release notes:
User-Visible OpenAFS Changes
OpenAFS 1.6.2
All platforms
* Fix buffer overflows in fileserver and ptserver.
* Abort an rx connection when given an unknown service (Gerrit 7593).
* "idle dead" behavior improvements.
* Documentation updates.
All server platforms
* Fix rare file corruption during background sync (Gerrit 8796).
* Fix corrupting clients' metadata cache during certain errors (Gerrit
6957).
* Avoid saying a volume doesn't exist when accessed as the volume is
going offline (Gerrit 7488).
* Fix fileservers to properly report >2 TiB partitions.
* Fix stale volume info from vos examine on non-DAFS filservers.
* Fix possible volume corruption with vos convertROtoRW.
* Fix bosserver to preserve all command-line options over restart.
* Fix bosserver to properly kill hung processes during shutdown.
All UNIX client platforms
* Fixes for memcache, especially on Solaris.
* Increase the size of the DNS resolver answer buffer to allow sites
with a long response list to use SRV and AFSDB records.
* Fix a crash when a server appears to run out of addresses (Gerrit
7487).
* Fix cache corruption when reading from a file another client is
simultaneously writing to (Gerrit 7994).
* Improve handling of disk cache disk errors.
Linux
* fix DKMS configuration for DKMS 2.2.
* Avoid generating inode number 0 with md5 inodes (Gerrit 7276).
* Fix a crash when reading /proc/fs/openafs/unixusers (Gerrit 7914).
* Make PAG-less access use the real UID of the calling process
instead of the effective UID, when determining what credentials to
use (Gerrit 7931).
* Fix possible abuse of fs mkmount.
Prior to 1.6.2, users could crash a client by nesting volume mounts.
* Fix fileserver memory corruption on RHEL 6
Prior to 1.6.2, fileservers on RHEL 6 may crash under heavy load.
* Fix client page cache corruption on Linux
When multiple clients read and write to a file, the reading client
may see first page (4096 bytes) of a file as nulls.
* Support Linux kernels up to 3.7.
* Support newer glibc versions.
* Improve client systemd unit file.
* Update Red Hat packaging.
OS X
* Fix crashes on shutdown.
* Prevent unloading the module before shutdown completes.
* Security improvement for the OpenAFS preference pane.
Solaris
* Support newer versions of the Sun Studio compiler software.
* Support compiling on newer versions of Solaris 11 and Solaris 10.
Upstream release notes for 1.6.0 and 1.6.1:
OpenAFS Release Notes - Version 1.6.1
_________________________________________________________________
All server platforms: Critical bugfixes.
All systems: Major bugfixes.
_________________________________________________________________
Sites running 1.6.0 fileserver are urged to update immediately to
avoid data loss.
Sites running 1.6.0 UNIX clients are urged to update immediately to
avoid excess network traffic.
All platforms:
- Updated idle dead handling to avoid issues with retrying
calls which could succeed but error and then error on a retry.
- libafscp updates.
- uafs userspace cache manager updates.
All server platforms:
- A bug which can lose data on a fileserver for volumes which are
replicated or backed up has been fixed. Sites running 1.6.0 are urged to
upgrade immediately! (130295)
- Fix salvaging of volumes with large numeric IDs.
- Further correct tracking of alternate and changed addresses in
the fileserver.
- Do not perform Rx keepalives during disk IO to allow timeouts
to occur in event IO cannot complete.
- Properly associate link tables recreated during salvage with the volume
group ID.
- Demand attach: better error handling during volume attachment.
- Confirm vnode lengths are as expected during fileserver operations.
- Demand attach: better handling of volumes being passed for salvage
and being returned from salvage.
- Conditions which cause a restored volume to immediately need salvage
are now properly tracked.
- Bosserver properly honors rxbind mode.
- Ensure salvager returns volumes to fileserver even when
no applicable vnodes are found.
- DAFS: perform additional verification of data restored about
clients and callbacks.
All UNIX platforms:
- Correct handling of server NAT pings to avoid unnecessary growth of
NAT ping traffic.
- Fix hard mount retry behavior to retry all servers.
- Several lock order inversions which could deadlock fixed.
- Handle issues updating mtab.
- Fix fs setserverprefs to work again for DB servers.
FreeBSD:
- Track kernel API changes for 9.0
Linux:
- Support for kernel versions through 3.4.
- Avoid potential panic due to an error being returned as a positive
number when doing inode operations.
- Fix vcache lock ordering during readdir.
- Updated RPM packaging.
- Updated dkms support.
- Updated systemd support.
MacOS:
- Fix panic at shutdown due to not stopping network listener.
- Updated Kerberos support for additional issues in Lion.
NetBSD:
- Updated support for 5.0 userspace binaries.
- Add support for 6.0.
Solaris:
- Avoid panic on shutdown when mount failed.
- Disable SSE instructions when compiling to avoid panics on non-SSE hosts.
Windows:
- Properly handle VNOSERVICE, which indicates a fileserver has
done an idle timeout of a call.
- Improved tracking of volume groups.
- Do not recycle buffers in the current file if they are in the active chunk
and up to date.
- Support Windows 7 Advanced Firewall.
- Default to maximum 2 CPUs unless registry overrides.
- Failover and retry for VBUSY.
- Properly fetch unix mode when requested.
OpenAFS Release Notes - Version 1.6.0
_________________________________________________________________
All UNIX systems: Security bugfixes.
All systems: Major bugfixes.
_________________________________________________________________
All platforms:
- Rx NAT pings are not enabled until peer has answered.
- Numerous fixes to command argument parsing.
All server platforms:
- Avoid crashing on host table exhaustion. Instead, defer clients.
All UNIX platforms:
- Rx connection reference counting is enabled.
- An Rx connection reference count leak is fixed in bulkstat.
- Handle unparsable directory objects.
- Handle Kerberos cred cache errors in aklog.
Linux:
- Init script properly returns status as exit code.
- RPM packaging fixes (executable libraries, no postinstall message)
- Kill i386 from RPM packaging.
MacOS:
- Fix 32 bit Lion client support.
- Avoid panic when doing FSEvent synthesis.
- Fix bug when using non-dynroot.
- Update Kerberos support in PreferencesPane.
Solaris:
- Avoid panic on shutdown when mount failed.
Windows:
- Add shutdown message to event log.
- Check offline volume status by policy rather than on each daemon thread
run.
- Return error on directory object not found instead of crashing.
- Improve error message output.
- afslogin.dll can start afsd_service if it's not starting or started.
- Optimize away release lock RPCs for deleted files.
- Background Daemon will not perform operations on deleted files.
- Resort recently used directories to the top of the LRU if the directory
is larger than the stat cache.
- Resort deleted objects to the bottom of the LRU.
- Use interlocked operations for state and queue fields to allow safe
bit set and clear on multiprocessor systems.
CHANGES IN 1.6.0PRE7
All platforms:
- Substantial Rx updates to correct erroneous behavior.
- Salvager tries harder to detect linktable issues.
- Additional documentation.
- xstat tools now cope with differing timeval structures between endpoints.
All UNIX platforms:
- New build targets to make distribution tarfiles (make dist) and
srpms (srpm).
Demand Attach Fileserver platforms:
- Don't attach volumes with special status set.
FreeBSD:
- Avoid panic at shutdown due to vcache flushing.
- Support virtual network stacks.
Linux:
- Treat Linux 3.0 as Linux 2.6 for sysname purposes.
- Attempt to properly handle SELinux in packaging.
MacOS:
- MacOS 10.7 support.
Solaris:
- Try harder to avoid deadlocks on file-larger-than-cache operations.
Windows:
- Add support for NTFS symlinks.
- Handle file search requests for virtual syscall ioctl file.
- Process SyncOps properly to enforce ordered operations.
- Avoid recursing during NewServer operations.
- Correct lock acquisition order during SMB locking.
CHANGES IN 1.6.0PRE6
All UNIX platforms:
- Fall back to afs3-vlserver SRV record values when afs3-ptserver SRV
record is not available.
- Avoid holding unneeded locks when probing server capabilties.
- Do not attempt page flushes for directories.
Demand Attach Fileserver platforms:
- Unlink fileserver state file on standalone salvage.
FreeBSD:
- Support for virtual network stacks.
Linux:
- Further corrections to Redhat packaging.
- Avoid showing files larger than one cache chunk size as full of NULLs.
(129880) This bug was in unissued pre5 only, not in pre4.
- Fix lockup in 2.6.38 due to erroneous kernel feature configure test.
MacOS:
- Rework logic for bulk status operations to avoid a potential hang.
Solaris:
- Don't leave dangling function references if kernel extension fails to load.
Windows:
- aklog supports dotted Kerberos v5 principal names.
- afskfw library always attempts afs/cell@USER-REALM
- afskfw library must test return code from
krb5_cc_start_seq_get() or will trigger a null
pointer exception when using Heimdal.
- lock protected fields must be 32-bit in order
to avoid memory overwrite races.
CHANGES IN 1.6.0PRE5
All server platforms:
- Avoid leaking references to hosts during callback break multi-Rx
operations. (129376)
All UNIX platforms:
- Avoid a potential deadlock (which times out) when we need to allocate more
callback returns and must flush some already in use.
- Deal with libcom_err conflicts with other packages using it (e.g. krb5)
(128640)
AIX:
- Fix PAG usage to track by PAG identifier, not group list.
Irix:
- Properly create new vnodes to avoid crashing in the client.
Linux:
- Support 2.6.39.
- Avoid attempting to free stat cache entries when we are below user-specified
number of entries in use.
- Properly track user-specified number of stat cache entries to use as a
desired usage target.
- Don't read pages beyond EOF in the cache. (128452)
MacOS:
- Properly shut down AFS, closing the Rx socket in the upcall handler to
avoid attempting to process data after we can no longer do so.
NetBSD:
- Updates for platform support.
Windows:
- Fix caching of non-existent volumes. The test to
trigger an immediate CM_ERROR_NOSUCHVOLUME in
cm_UpdateVolumeLocation() was backwards.
- Prevent the background daemon from checking the
status of non-existent volumes. cm_CheckOfflineVolumes()
should skip volume groups with the CM_VOLUMEFLAG_NOEXIST
flag set.
- The afskfw library should return an error immediately
if the krb5_32.dll library cannot be loaded. Affects
afslogon.dll and afscreds.exe.
- No longer depend on leashw32.dll in afskfw library.
- NPLogonNotify must provide the user password in all
calls to KFW_AFS_get_cred(). It cannot count on a
credential cache being preserved between calls. Permits
tokens to be acquired for all cells listed in the
TheseCells registry value for a domain.
- Improve the trace logging from NPLogonNotify().
- Avoid a race when writing the cm_scache_t mountPointString
when acquiring mount point or symlink target data via
cm_GetData(). The race could result in bogus target
data being cached.
- Permit the use of des-cbc-md5 and des-cbc-md4 enctypes
as DES keys in asetkey.exe.
CHANGES IN 1.6.0PRE4
All server platforms:
- A file descriptor leak which could result in corrupted files
in the fileserver was fixed. An IMMEDIATE upgrade from previous
1.6 release candidates as well as 1.5 release fileserver is
SUGGESTED!
- Properly support large volume numbers (larger than 2147483647).
All platforms:
- Documentation updates.
Demand Attach Fileserver platforms:
- Allow salvager to be run manually again when DAFS is being used. (129458)
FreeBSD:
- New RC script, updated packaging.
Linux:
- Improve RPM building tools.
- setpag() errors are now properly reported.
MacOS:
- Preferences Pane behavior fixed for 1.6 series (version detection
is used to select default behavior).
- A potential kernel panic during bulkstat operations is fixed. (128511)
- 64-bit MacOS kernel performance is greatly improved. (128934)
Solaris:
- Properly report errors for AFS system call callers.
Windows:
- Properly create new cell mount points in freelance mode.
- Avoid recursive offline volume checks.
CHANGES IN 1.6.0PRE3
All platforms:
- Revert UUID support in vos.
- pt_util fixed to properly create new databases.
- Rx busy call channel error handling improved.
- MTU discovery now properly shut down on call reset.
- FUSE client support fixed for non-/afs mounts.
All server platforms:
- A deleted volume can now be recreated properly.
- Callbacks are again not broken during whole partition salvages.
- Positional vectored IO fixed for largefile (>2GB) capable systems.
- Fileserver per-client thread usage again properly enforced.
- Anonymous dropbox support improved and drawbacks documented.
Demand Attach Fileserver platforms:
- Ensure vnodes are not reallocated while in use due to volume
bitmap errors.
Linux:
- Perform vcache eviction via a fast path before visiting vcaches
where sleep is needed.
MacOS:
- aklog AuthorizationPlugin now provided.
Solaris:
- Corrected Solaris 11 startup script.
- vcache mappings freed on shutdown to avoid panic.
Windows:
- icon tray state now conditionally set (128591)
CHANGES IN 1.6.0PRE2
All platforms:
- Documentation updates.
- Don't stop Rx keepalives after an ackall is received, avoiding
spurious connection timeouts. (128848)
- Don't retry Rx calls on channels returning busy errors. (128671)
- vos will not die with a double free error at command completion.
- Properly enable Rx connection hard timeouts.
- Initialize rx_multi lock before use.
- Avoid spurious crashes when initializing in "backup" client.
All unix platforms:
- Check for /afs existance before starting, unless -nomount is specified.
- Avoid a potential panic when using /afs/.:mount syntax.
- Avoid a panic in memcache mode due to missing CellItems file.
All server platforms:
- Attempt to recovery more quickly from timed out volume release
transactions.
- Auditing now properly byte order swaps IP addresses when printing.
- vos split now has improved error handling.
- Many changes to again support Windows fileservers.
- During volume removal, data removal speed improved.
- Improve CPU utilization during volume attaching by DAFS.
- In salvager check-only mode, avoid potentially fixing a vnode.
- Fix support for large (greater than 2gb) volume special files.
- Salvager will not crash if multiple or bad volume link tables
are encountered.
- Avoid erroneous full dump by remembering which sites were out of date
at the start of the release.
FreeBSD:
- Remove support for "Giant" lock as we no longer need to use it.
- Don't sleep with AFS GLOCK.
- Properly enable 64 bit long long support.
- Restore support for FreeBSD 7 (128612)
- Fix locking issues at shutdown.
Linux:
- support through kernel 2.6.38.
- RedHat packaging now properly supports RHEL6.
- Use rx_Readv in cache bypass to improve performance.
- Properly handle 0-length replies during cache bypass operations.
- Properly handle non-contiguous readpage cache bypass operations.
- Do proper locking when transitioning to or from cache bypass.
- Avoid extra runs of vcache freeing routine. (128756)
MacOS:
- Check for unloaded kernel extensions when decoding AFS panics.
- Properly handle setpag errors. PAGs are not supported.
- Disable "get tokens at login" in prefs pane if AD authentication
plugin is configured.
OpenBSD:
- support through OpenBSD 4.8.
Solaris:
- Fix support for Solaris pre-10.
Windows:
- afs_config will not longer set the Tray Icon State
in the registry if the checkbox is not present in
the dialog. (128591)
- AFS Explorer Shell Extension now works from folder
backgrounds. Overlays for mount points and symlinks
are present in the dll, but are not registered at present
by the installers.
- Do not use RankServerInterval registry value as the value for
PerformanceTuningInterval.
- When the data version of a mountpoint or symlink changes,
the target string in the cm_scache_t object must be cleared.
- "fs checkservers" now includes vldb servers in the output
and only lists multi-homed servers once. A multi-homed
server that has at least one up interface is no longer
considered to be down.
- When asynchronously storing dirty data buffers to the
file server ensure that (a) the cm_scache_t object and
the cm_buf_t object are for the same File ID so that
locking and signalling work properly; and (b) if the
FID no longer exists on the file server, do not panic,
just discard the buffer.
- When processing VNOVOL, VMOVED and VOFFLINE errors perform
server comparisons by UUID or address and not simply by
cm_server_t pointer. Otherwise, server failover may not
succeed.
- Do not preserve status information for cm_scache_t objects
when the issuing server is multi-homed.
- Giving up all callbacks when shutting down or suspending
the machine is now significantly faster due to the use
of an rx_multi implementation. (This functionality is
still off by default and must be activated by a registry
value.)
- Race conditions were possible when updating the state
of the cm_volume_t flags and when moving the volumes
within the least recently used list.
- Ensure that the lanahelper library does not perform a
NCBRESET of each lan adapter when enumerating the
current network bindings. Correcting this permits OpenAFS
to work on Windows 7 when the network adapter settings
change.
- Fix creation of mount points and symlinks as \\AFS\xxxx
PREVIOUS CHANGES:
All platforms:
- vos now properly deals with matching sites when servers are multihomed.
All Unix platforms:
- Servers now marked down when GetCapabilities returns error.
- In-use vcache count is now properly tracked.
All server platforms:
- Fix ptserver supergroups support on 64 bit platforms.
- Demand attach salvaging doesn't use freed volume pointers.
- Properly hold host lock during host enumeration in fileserver.
FreeBSD:
- Fix socket termination on shutdown.
- Support for 7.2, 7.3, 7.4 and 8.2 included.
- References to vcaches are no longer leaked during root or reclaim.
Linux:
- Define llseek handler to avoid ESPIPE error in 2.6.37.
- Mount interface replaces get_sb (new for 2.6.37, not yet required).
- RedHat init script allows deferring for a new binary restart.
- DEFINE_MUTEX replaces DECLARE_MUTEX for 2.6.37.
MacOS:
- Correct return value from setpag syscall.
OpenBSD:
- Bug fixes for issues introduced previously in 1.5 series.
Solaris:
- Switch to ioctl() syscall replacement for Solaris 11 since syscall 65
is not safe.
This package is still broken on DragonFly after this fix.
error:
vfs.o: In function `vfs_file_begin':
vfs.c:(.text+0x244): undefined reference to `DTTOIF'
The package can't find pthread_create without this LDFLAG. I tried used
the mk-pthread buildlink and it didn't fix it. I am not sure why only
DragonFly sees the problem, so leaving it as a platform-specific fix for
now is probably wise.
Release 1.9.2 (2012-07-03)
----------------------------
Notable Bugfixes
''''''''''''''''
- Several regressions in support for reading (`#1636`_), writing/modifying
(`#1670`_, `#1749`_), verifying (`#1628`_) and repairing (`#1655`_, `#1669`_,
`#1676`_, `#1689`_) mutable files have been fixed.
- FTP can now list directories containing mutable files, although it
still does not support reading or writing mutable files. (`#680`_)
- The FTP frontend would previously show Jan 1 1970 for all timestamps;
now it shows the correct modification time of the directory entry.
(`#1688`_)
- If a node is configured to report incidents to a log gatherer, but the
gatherer is offline when some incidents occur, it would previously not
"catch up" with those incidents as intended. (`#1725`_)
- OpenBSD 5 is now supported. (`#1584`_)
- The ``count-good-share-hosts`` field of file check results is now
computed correctly. (`#1115`_)
Configuration/Behavior Changes
''''''''''''''''''''''''''''''
- The capability of the upload directory for the drop-upload frontend
is now specified in the file ``private/drop_upload_dircap`` under
the gateway's node directory, rather than in its ``tahoe.cfg``.
(`#1593`_)
This isn't strictly true; foolscap needs to be >= 0.6.3 if Twisted is
> 10, but it's easier to just require it than invent new compound
dependencies.
PKGREVISION++, because tahoe-lafs built with Twisted > 10 and foolscap
0.6.1 (from today or earlier in pkgsrc) fails to work.
Remove devel/py-ctypes (only needed by and supporting python24).
Remove PYTHON_VERSIONS_ACCEPTED and PYTHON_VERSIONS_INCOMPATIBLE
lines that just mirror defaults now.
Miscellaneous cleanup while editing all these files.
