This release makes the ltotape driver thread-safe, as libltfs expects
it to be. This fixes a lot of problems because of race conditions on
SCSI I/O structures.
Linear Tape File System (LTFS) is a filesystem to mount a LTFS
formatted tape in a tape drive. Once LTFS mounts a LTFS formatted
tape as filesystem, user can access to the tape via filesystem API.
Objective of this project is being the reference implementation of
the LTFS format Specifications in SNIA
(https://www.snia.org/tech_activities/standards/curr_standards/ltfs).
At this time, the LTFS format specifications 2.4 is the target
Use reclaim2 to fix reclaim/lookup race conditions
The PUFFS reclaim operation had a race condition with lookups: we could
be asked to lookup a node, then to reclaim it before lookup completion.
At lookup completion, we would then create a leaked node.
Enter the PUFFS reclaim2 operation, which features a nlookup argument.
That let us count how many lookups are pending and avoid the above
described scenario. It also makes the codes simplier.
-
Fix directory filehandle usage with libufse. Fix lookup count
libfuse does not use filehandle the same way for directories and other
objects. As a result, filehandles obtained by OPENDIR should not be
sent on non-directory related operations like READ/WRITE/GETATTR...
While there, fix the lookup count sent to the FORGET operation, which
led to leaked nodes.
PyFilesystem is a Python module that provides a common interface to any
filesystem.
Think of PyFilesystem FS objects as the next logical step to Python's file
objects. In the same way that file objects abstract a single file, FS objects
abstract an entire filesystem.
- MASTER_SITE_GITHUB only needs the repository owner username, adjust it in
DISTNAME in order to avoid DIST_SUBDIR and WRKSRC redefinition
- Add LICENSE
- Append to USE_TOOLS
- Both INSTALLATION_DIRS and pre-install target are not needed because it is
done via Makefile (needed a little adjustements of patch-Makefile
`install -d' of ${MANDIR})
Last item discussed with <maya> (any possible regression is mine though!)
- fixed NEWS file ;-)
- reverted meta directory name back to .unionfs (from .unionfs-fuse)
this was never meant to be changed and slipped in in 1.0 release
- fixes and speed improvements
from dziltener in PR pkg/52866 with some changes from myself
(I did not test functionality following the changes)
Upstream changes:
0.108 2018-07-30 15:35:23-04:00 America/New_York
- No changes from 0.107-TRIAL.
0.107 2018-07-24 15:10:36-04:00 America/New_York (TRIAL RELEASE)
[Fixes]
- Fixed a bug where failure to load optional modules would trigger
an external $SIG{__DIE__} handler.
0.106 2018-07-14 09:37:00-04:00 America/New_York
[Tests]
- Protected t/locking.t from PERL_PATH_TINY_NO_FLOCK already
in the environment.
0.105 2018-07-07 10:09:04-04:00 America/New_York (TRIAL RELEASE)
[Additions]
- The PERL_PATH_TINY_NO_FLOCK environment variable has been added to
allow users to disable file locking (and any associated warnings).
[Changes]
- Detection of unsupported 'flock' is no longer BSD-specific. This
allows detecting and warning, for example, with the Luster filesystem
on Linux.
[Tests]
- Improve reliability and diagnostics of tests run via 'do'.
Performing substitutions during post-patch breaks tools such as mkpatches,
making it very difficult to regenerate correct patches after making changes,
and often leading to substituted string replacements being committed.
STABLE Version 2017.3.2:
Delegated processing of special reparse points to external plugins
Allowed kernel cacheing by lowntfs-3g when not using Posix ACLs
Enabled fallback to read-only mount when the volume is hibernated
Made a full check for whether an extended attribute is allowed
Moved secaudit and usermap to ntfsprogs (now ntfssecaudit and ntfsusermap)
Enabled encoding broken UTF-16 into broken UTF-8
Autoconfigured selecting <sys/sysmacros.h> vs <sys/mkdev>
Allowed using the full library API on systems without extended attributes support
Fixed DISABLE_PLUGINS as the condition for not using plugins
Corrected validation of multi sector transfer protected records
Denied creating/removing files from $Extend
Returned the size of locale encoded target as the size of symlinks
The actual fix as been done by "pkglint -F */*/buildlink3.mk", and was
reviewed manually.
There are some .include lines that still are indented with zero spaces
although the surrounding .if is indented. This is existing practice.
Unsorted entries in PLIST files have generated a pkglint warning for at
least 12 years. Somewhat more recently, pkglint has learned to sort
PLIST files automatically. Since pkglint 5.4.23, the sorting is only
done in obvious, simple cases. These have been applied by running:
pkglint -Cnone,PLIST -Wnone,plist-sort -r -F
The actual cleanup has been done by pkglint:
* Added missing identifier comments
* Replaced ${PKGMANDIR} with a simple man, since the infrastructure does
all the magic for PLISTs
There is an important performance bug fix specific to NetBSD here,
which disable gfid2path by default. This features causes a huge
amount of different extended attributes to be created, and the
NetBSD implementation does not scale well with it.
In order to recover a server after the feature is disabled, stop
glusterfs daemones, disable extended attributes using extattrctl,
remove ${BRICK_ROOT}/.attribute/system/trusted.gfid2path.*
re-enable extended attributes and restart glusterfs.
- fix a use-after-free bug that was introduced in v1.9-rc1 (#214)
- cast booleans to int before writing the XML config (#343)
- support reading the config file from pipes (#253)
- add "-t" option to set syslog tag
- allow read/write in standard reverse mode (#301)
- reject empty passwords
- support building with openssl 1.1
ARMv6 (Pi). Support for further family revisions in NetBSD is controlled
by the presence of src/config/param.armv$_nbsd$$.h to set the CPU family version
and major OS version number.
- Add description to most patches
0.012 2017-04-05 23:17:14Z
- repository migrated to the github moose organization
- switch from Test::Requires to Test::Needs in tests
- add MooseX::Getopt option type maps when MooseX::Getopt is installed
(thanks, Gregory Oschwald!)
This package uses a custom "do-install" target to install all of
the package's files. Change the command to install the manpage to
put it under ${PKGMANDIR}.
User-Visible OpenAFS Changes
OpenAFS 1.6.21
All platforms
* Avoid a possible 100ms transmit delay in the RX protocol when a peer's
receive window transitions from closed to open (12627)
* Documentation improvements (12476 12477 12559[RT #133339])
All server platforms
* When bosserver is started with an unknown option, print an error message
and exit with a non-zero value rather than failing silently (12631)
All DB server platforms
* Hold the DB lock while checking for an aborted write transaction (12516)
All file server platforms
* On demand attach fileservers, don't save or restore a client's host
state if CPS ("Current Protection Subdomain") recalculation for it is
in progress, to avoid fileserver thread exhaustion (12568)
* On demand attach fileservers, avoid flooding the log with error messages,
which could happen when the fileserver was restarted while a volume was
offline (12569)
* Update a volume's "Last Update" time when its content is modified by
the salvager, to make the change visible in the output of "vos examine"
and to backup services (12633)
All client platforms
* Corrected the DCentries bucket counts for very large and zero length
files in the output of "fs getcacheparms -excessive" (12604 12605)
* Fixed a bug that prevented users with GID 2748 and 2750 from executing
the "fs sysname" command on clients running afsd with -rmtsys (12607)
* Provide a new -inumcalc switch for afsd to allow enabling the alternative
MD5 method of inode number calculation, which was previously only
possible on Linux and through the sysctl interface (12608 12632)
Linux clients
* Support for mainline kernel 4.12 and distribution kernels with backports
from it (12624 12626)
* Re-added the improved algorithm for freeing unused vcaches to reduce
memory consumption first introduced with the 1.6.18 release, together
with a fix for the issue leading to its removal in 1.6.18.2 (12448..12451)
macOS clients
* Fixed a crash while stopping the client on macOS 10.12 "Sierra" (12602)
Upstream changes:
0.104 2017-02-17 07:17:00-05:00 America/New_York
- No changes from 0.103-TRIAL.
0.103 2017-02-10 17:25:06-05:00 America/New_York (TRIAL RELEASE)
[Bug fixes]
- Path::Tiny 0.101 on Windows made `$path->absolute("/foo")` return an
absolute path starting with 'C:/foo', which was an unintentional
behavior change. This release now uses any absolute base without
further normalization.
0.101 2017-02-05 09:56:46-05:00 America/New_York (TRIAL RELEASE)
[Changes]
- The 'absolute' method now always returns an absolute path, even if a
user provided a relative path for the base path. The old, odd
behavior was documented, but people often don't read docs. The new
behavior avoids suprises.
[Additions]
- Added 'cached_temp' method.
0.100 2017-01-14 22:47:55-05:00 America/New_York
- No changes from 0.099-TRIAL.
0.099 2017-01-10 15:12:13-05:00 America/New_York (TRIAL RELEASE)
[Tests]
- Fixed tests for eventual removal of '.' from `@INC` in Perl.
[Documentation]
- Fixed filehandle mode typo.
- Fixed typo in relative() that mentioned rel2abs instead of abs2rel.
Upstream changes:
0.098 2016-10-09 23:25:11-04:00 America/New_York
- No changes from 0.097-TRIAL.
0.097 2016-09-30 22:03:10-04:00 America/New_York (TRIAL RELEASE)
[Additions]
- Added 'realpath' option for 'tempfile' and 'tempdir' for situations
where an absolute temporary path just isn't enough.
This project allows ordinary users to directly mount OS X disk images under
Linux via FUSE. darling-dmg is part of Darling - http://www.darlinghq.org
Without darling-dmg, the only way to do this would be to manually extract
the DMG file, become root and mount the HFS+ filesystem as root. This is slow,
wasteful and may even crash your system. The project's author has seen the
Linux HFS+ implementation cause kernel crashes.
Mac OS X v10.5 (Leopard) introduced the concept of sparse-bundle disk images,
where the data is stored as a collection of small, fixed-size band-files
instead of as a single monolithic file. This allows for more efficient
backups of the disk image, as only the changed bands need to be stored.
One common source of sparse-bundles is Mac OS' backup utility, Time Machine,
which stores the backup data within a sparse-bundle image on the chosen
backup volume.
This software package implements a FUSE virtual filesystem for read-only
access to the sparse-bundle, as if it was a single monolithic image.
Add filesystem/squashfs 4.3
Squashfs is a highly compressed read-only filesystem for Linux.
It uses either gzip/xz/lzo/lz4 compression to compress both files, inodes
and directories. Inodes in the system are very small and all blocks are
packed to minimise data overhead. Block sizes greater than 4K are supported
up to a maximum of 1Mbytes (default block size 128K).
Squashfs is intended for general read-only filesystem use, for archival
use (i.e. in cases where a .tar.gz file may be used), and in constrained
block device/memory systems (e.g. embedded systems) where low overhead is
needed.
This package contains tools to manipulate squashfs archive files.
Upstream changes:
0.096 2016-07-02 21:25:33-04:00 America/New_York
- No changes from 0.095
0.095 2016-06-28 12:05:03-04:00 America/New_York (TRIAL RELEASE)
[Tests]
- Improved method for hiding some modules during tests.
0.094 2016-05-23 12:45:19-04:00 America/New_York
- Fixed Changes note typo in 0.092. 0.092 had no changes since 0.091,
not 0.090, meaning that all 0.091 changes were (and are) included.
0.092 2016-05-23 11:36:54-04:00 America/New_York
- No changes from 0.091
0.091 2016-05-17 13:32:21-04:00 America/New_York (TRIAL RELEASE)
[Changes]
- Path::Tiny will prefer PerlIO::utf8_strict over encoding(UTF-8)
if available and Unicode::UTF8 is not installed.
[Fixes]
- The 'touch' method can now set the current time on files that aren't
owned, as long as they are writeable.
[Tests]
- Improved consistency of symlink support inspection; now always
looks at $Config{d_symlink}.
- Skips impossible test on 'msys' platform.
0.090 2016-05-02 07:08:58-04:00 America/New_York
- No changes from 0.089
0.089 2016-04-26 22:21:00-04:00 America/New_York (TRIAL RELEASE)
[Fixes]
- Fix spew_utf8 to allow array references as input.
From http://blog.gluster.org/2016/06/glusterfs-3-8-released/
Gluster.org announces the release of 3.8 on June 14, 2016, marking
a decade of active development.
The 3.8 release focuses on:
- containers with inclusion of Heketi
- hyperconvergence
- ecosystem integration
- protocol improvements with NFS Ganesha
Contributed features are marked with the supporting organizations.
Automatic conflict resolution, self-healing improvements (Facebook)
Synchronous Replication receives a major boost with features
contributed from Facebook. Multi-threaded self-healing makes
self-heal perform at a faster rate than before. Automatic
Conflict resolution ensures that conflicts due to network
partitions are handled without the need for administrative
intervention
NFSv4.1 (Ganesha) - protocol
Gluster's native NFSv3 server is disabled by default with this
release. Gluster's integration with NFS Ganesha provides NFS
v3, v4 and v4.1 accesses to data stored in Gluster volume.
BareOS - backup / data protection
Gluster 3.8 is ready for integration with BareOS 16.2. BareOS
16.2 leverages glusterfind for intelligently backing up objects
stored in a Gluster volume.
"Next generation" tiering and sharding - VM images
Sharding is now stable for VM image storage. Geo-replication
has been enhanced to integrate with sharding for offsite
backup/disaster recovery of VM images. Self-healing and data
tiering with sharding makes it an excellent candidate for
hyperconverged virtual machine image storage.
block device & iSCSI with LIO - containers
File backed block devices are usable from Gluster through iSCSI.
This release of Gluster integrates with tcmu-runner
[https://github.com/agrover/tcmu-runner] to access block devices
natively through libgfapi.
Heketi - containers, dynamic provisioning
Heketi provides the ability to dynamically provision Gluster
volumes without administrative intervention. Heketi can manage
multiple Gluster clusters and will be the cornerstone for
integration with Container and Storage as a Service management
ecosystems.
glusterfs-coreutils (Facebook) - containers
Native coreutils for Gluster developed by Facebook that uses
libgfapi to interact with gluster volumes. Useful for systems
and containers that do not have FUSE.
For more details, our release notes are included:
https://github.com/gluster/glusterfs/blob/release-3.8/doc/release-notes/3.8.0.md
The release of 3.8 also marks the end of life for GlusterFS 3.5,
there will no further updates for this version.
for all pkgsrc dir/file ownership rules. Fixes unprivileged
user/group names from leaking into binary packages, manifest as
non-fatal chown/chgrp failure messages at pkg_add time.
Bump respective packages' PKGREVISION.
-------------------------------------------
=== WikipediaFS 0.4 ===
2010-05-12 Zephaniah E. Loss-Cutler-Hull <mercury@users.sourceforge.net>
- If a write attempt fails, try to log back in once and writing again,
instead of immediately failing.
- Additional debugging under the debug log level.
- Support for the new login controls for MediaWiki 1.15.3.
2009-09-17 Zephaniah E. Loss-Cutler-Hull <mercury@users.sourceforge.net>
- Added a "login-cache-time" option in the config file in order to
control how long we cache the login session.
- Report mtime for stats of files.
- Report back to the application when a write fails, to prevent data
loss.
- Quite a bit of additional debug logging, if you turn debug logging on.
2009-03-27 Mathieu Blondel <mblondel@users.sourceforge.net>
- Made logging more flexible (user.py).
2008-09-17 Mathieu Blondel <mblondel@users.sourceforge.net>
- Added a "domain" option in the config file in order to add support
for LDAP/AD authentication. Patch by Matthieu Moy and Hannes H旦rl.
Fixes#1745542.
2007-05-30 Mathieu Blondel <mblondel@users.sourceforge.net>
- Set default cache time if article-cache-time is not present in config.
2007-05-27 Mathieu Blondel <mblondel@users.sourceforge.net>
- Fixed the problem with articles having special characters like & (article.py).
- Made the man page optional in the install process (setup.py).
- Check invalid characters in article name. (fs.py)
Hopefully NetBSD/x86 -current also works.
Should merely be a build fix, but bump PKGREVISION anyway.
This commit allocates sysname numbers that have not yet been submitted
upstream.
User-Visible OpenAFS Changes
OpenAFS 1.6.17 (Security Release)
All server platforms
* Fix for OPENAFS-SA-2016-001: foreign users can create groups as
if they were an administrator (RT #132822) (CVE-2016-2860)
All client platforms
* Fix for OPENAFS-SA-2016-002: information leakage from sending
uninitialized memory over the network. Multiple call sites
were vulnerable, with potential for leaking both kernel and
userland stack data (RT #132847)
* Update to the GCO CellServDB update from 01 January 2016 (12188)
Linux clients
* Fix a crash when the root volume is not found and dynroot is not
in use, a regression introduced in 1.6.14.1 (12166)
* Avoid introducing a dependency on the kernel-devel package corresponding
to the currently running system while building the srpm (12195)
* Create systemd unit files with mode 0644 instead of 0755
(12196) (RT #132662)
OpenAFS 1.6.16
All platforms
* Documentation improvements (11932 12096 12100 12112 12120)
* Improved diagnostics and error messages (11586 11587)
* Distribute the contributor code of conduct with the stable release (12056)
All server platforms
* Create PID files in the right location when bosserver is started with
the "-pidfiles" argument and transarc paths are not being used (12086)
* Several fixes regarding volume dump creation and restore (11433 11553
11825 11826 12082)
* Avoid a reported bosserver crash, and potentially others, by replacing
fixed size buffers with dynamically allocated ones in some user handling
functions (11436) (RT #130719)
* Obey the "-toname" parameter in "vos clone" operations (11434)
* Avoid writing a loopback address into the server CellServDB - search
for a non-loopback one, and fail if none is found (12083 12105)
* Rebuild the vldb free list with "vldb_check -fix" (12084)
* Fixed and improved the "check_sysid" utility (12090)
* Fixed and improved the "prdb_check" utility (12101..04)
All client platforms
* Avoid a potential denial of service issue, by fixing a bug in pioctl
logic that allowed a local user to overrun a kernel buffer with a single
NUL byte (commit 2ef86372) (RT #132256) (CVE-2015-8312)
* Refuse to change multi-homed server entries with "vos changeaddr",
unless "-force" is given, to avoid corruption of those entries (12087)
* Provide a new vos subcommand "remaddrs" for removing server entries, to
replace the slightly confusing "vos changeaddr -remove" (12092 12094)
* Make "fs flushall" actually invalidate all cached data (11894)
* Prevent spurious call aborts due to erroneous idle timeouts (11594)
* Provide a "--disable-gtx" configure switch to avoid building and
installing libgtx and its header files as well as the depending
"scout" and "afsmonitor" applications (12095)
* Fixed building the gtx applications against newer ncurses (12125)
* Allow pioctls to work in environments where the syscall emulation
pseudo file is created in a read-only pseudo filesystem, like in
containers under recent versions of docker (12124)
Linux clients
* In Red Hat packaging, avoid following a symbolic link when writing
the client CellServDB, which could overwrite the server CellServDB,
by removing an existing symlink before writing the file (12081)
* In Red Hat packaging, avoid a conflict of openafs-debuginfo with
krb5-debuginfo by excluding our kpasswd executable from debuginfo
processing (12128) (RT #131771)
Upstream changes:
0.084 2016-03-04 07:17:49-05:00 America/New_York
[Fixes]
- Fixed relative() for the case with regex metacharacters in the path
0.082 2016-03-01 18:23:26-05:00 America/New_York
[!!! INCOMPATIBLE CHANGES !!!]
- (This warning repeated from 0.079-TRIAL) The relative() method no
longer uses File::Spec's buggy rel2bs method. The new Path::Tiny
algorithm should be comparable and passes File::Spec rel2abs test
cases, except that it correctly accounts for symlinks. For common
use, you are not likely to notice any difference. For uncommon use,
this should be an improvement. As a side benefit, this change drops
the minimum File::Spec version required, allowing Path::Tiny to be
fatpacked if desired.
[Changes]
- no other changes from 0.081
0.081 2016-02-18 16:55:37-05:00 America/New_York (TRIAL RELEASE)
[Fixed]
- Fixed lines_utf8+chomp and relative() bugs on Windows
0.079 2016-02-15 20:52:10-07:00 America/Mazatlan (TRIAL RELEASE)
[!!! INCOMPATIBLE CHANGES !!!]
- The relative() method no longer uses File::Spec's buggy rel2bs
method. The new Path::Tiny algorithm should be comparable and passes
File::Spec rel2abs test cases, except that it correctly accounts for
symlinks. For common use, you are not likely to notice any
difference. For uncommon use, this should be an improvement. As a
side benefit, this change drops the minimum File::Spec version
required, allowing Path::Tiny to be fatpacked if desired.
[FIXED]
- Fixed lines_utf8() with chomping for repeated empty lines.
[DOCS]
- Documented that subclassing is not supported
0.077 2016-02-10 14:17:32-07:00 America/Mazatlan (TRIAL RELEASE)
[ADDED]
- Added 'edit' and 'edit_lines' plus _utf8 and _raw variants; this
is similar to perl's -i flag (though without backups)
0.076 2015-11-16 10:47:24-05:00 America/New_York
- no changes from 0.075
0.075 2015-11-15 21:02:18-05:00 America/New_York (TRIAL RELEASE)
[FIXED]
- Tilde expansion on Windows was resulting in backslashes. Now they
are correctly normalized to forward slashes.
[DOCS]
- Typos fixed
0.073 2015-10-30 10:36:18-04:00 America/New_York (TRIAL RELEASE)
[FIXED]
- Fixed spewing to a symlink that crosses a filesystem boundary
[PREREQS]
- Add Test::MockRandom to META as an recommended test prerequisite.
* Integrated osxfuse's copy of sshfs, which means that sshfs now works
on OS X out of the box.
* Added -o cache_max_size=N option to let users tune the maximum size of
the cache in number of entries.
* Added -o cache_clean_interval=N and -o cache_min_clean_interval=N
options to let users tune the cleaning behavior of the cache.
This is a filesystem client based on the SSH File Transfer Protocol.
Since most SSH servers already support this protocol it is very easy to
set up: i.e. on the server side there's nothing to do. On the client
side mounting the filesystem is as easy as logging into the server with
ssh.
The idea of sshfs was taken from the SSHFS filesystem distributed with
LUFS. There were some limitations in that codebase, and this
implementation features:
- Based on FUSE
- Multithreading
- Large reads (max 64k)
- Caching directory contents
- Reconnect on failure
The FUSE-based pCacheFS file system provides a simple caching layer for
other filesystems. This makes slow, remote filesystems seem very fast
to access. Moreover, the cache does not disappear when you start or
stop pCacheFS or if you reboot your computer -- it is persistent.
pCacheFS is designed for caching large amounts of data on remote
filesystems that don't change very much, such as movie or music
libraries.
1.0
- add unionfsctl utility to control unionfs-fuse over ioctl
- better apple support
- dropped stats
- better test suite
- probably lots of other things, it's been a while since last release ;-)
0.26
- use BUILD_PATH instead of snprintf, which will
return -ENAMETOOLONG if the path is too long instead of simply
using a wrong path
- new options "-o relaxed_permissions" and "-o hide_meta_dir"
- included the debian directory
- Properly check on rmdir() if sub-branches are also empty
- Always compile with debug code, but only enable debugging on request
- New option -o debug_file
- Lots of bugs fixed in BUILD_PATH()
- Improved search of white-out files
- Properly fix Debian Bug#509516.
- More debug output.
- Add syslog support without the risk of possible dead locks
- Use fuse big-writes (and reads) if available
0.25
- Alternate way to specify branches
- Minor fixes
0.24
- Support for liveCDs / live USB sticks (-o chroot)
- Build-in support to change the maximum number of open files
- Added recursive directory COW.
- relative paths: Critical bug fix, had been completely broken in 0.23
0.23
- remove to_user() and to_root() calls for autorization and use fuse build-in
default_permissions checks
- bugfix: rename created wrong whiteout type
0.22
- Fix a bug reported by Jens Hoelldampf <jens@hoelldampf.net>, in 0.21 cow
didn't work for pathes.
0.21
- Fix a segmentation fault when COW was enabled, but no rw-branch was specified.
- Proper handling when ro-branches are on top of rw-branches.
- Disabled syslog entries for now, since it might cause deadlocks.
- Fixed a license issue with the elfhash, since the CPL is not compatible
with the BSD license.
- Fix a bug when stat() was called instead of lstat().
- Many internal code changes (renaming of "root" to "branch").
- Better directory structure.
- Add this NEWS file.
- Add a man page.
0.20
- Fix a critical bug introduced in 0.19 when we disabled threadding.
0.19
- Several copy-on-write fixes (readdir, unlink, rmdir, rename).
- Whiteout files are now located in branch/.unionfs/ subdirectories.
- Disable threadding, since our current permissions-model is not compatible
with the NPTL implementation and the Posix-Thread model in general.
- Add supplementary group support.
0.18
- First release with copy-on-write (COW) support.
- Many many internal code changes.
Changes to NTFS-3G:
-------------------
Fixed inserting a new ACL after wiping out by chkdsk
Fixed Windows-type inheritance
Fixed ignoring the umask mount option when permissions are used
Fixed checking permissions when Posix ACLs are compiled in but not enabled
Disabled option remove_hiberfile on read-only mounts
Implemented an extended attribute to get/set EAs
Avoid full runlist updating in more situations
Update ctime after setting an ACL
Use MFT record 15 for the first extent to MFT:DATA
Ignore the sloppy mount option (-s)
Implemented FITRIM (fstrim) ioctl
Reengineered the compression algorithm
Changes to ntfsprogs:
---------------------
Return success from ntfsprogs utilities with options –version and the like
Implemented configure option –enable-quarantined for non functional utilities
Added manuals for ntfsdecrypt, ntfswipe, ntfstruncate and ntfsfallocate
Existing SHA1 digests verified, all found to be the same on the
machine holding the existing distfiles (morden). Existing SHA1
digests retained for now as an audit trail.
OpenAFS 1.6.15 (Security Release)
All client and server platforms
* Fix for OPENAFS-SA-2015-007 "Tattletale"
When constructing an Rx acknowledgment (ACK) packet, Andrew-derived
Rx implementations do not initialize three octets of data that are
padding in the C language structure and were inadvertently included
in the wire protocol (CVE-2015-7762). Additionally, OpenAFS Rx in
versions 1.5.75 through 1.5.78, 1.6.0 through 1.6.14, and 1.7.0
through 1.7.32 include a variable-length padding at the end of the
ACK packet, in an attempt to detect the path MTU, but only four octets
of the additional padding are initialized (CVE-2015-7763).
User-Visible OpenAFS Changes
OpenAFS 1.6.10
All platforms
* Don't hide the "version" subcommand in help output (11214)
* Documentation improvements (11126 11216 11222 11223 11225 11226)
* Improved diagnostics and error messages (11154 11246 11247 11249 11181
11182 11183)
* Build system improvements (11158 11221 11224 11225 11227..11241 11282
11342 11350 11353 11242 11367 11392)
* Avoid potentially erratic behaviour under certain error conditions by
either avoiding or at least not ignoring them, in various places (11008
11010..11065 11112 11148 11196 11530)
FreeBSD
* Support releases 9.3 and 10.1 (11368 11369 11402 11403 11404)
* Makes a disk cache more likely to work on FreeBSD, though such
configurations remain not very tested (11448)
All server platforms
* Added volscan(8) (11252..11280 11387 11388)
* Fixed a bug causing subgroups not to function correctly if their
ptdb entry had more than one continuation entry (11352)
* Logging improvements (10946 11153)
* Allow log rotation via copy and truncate (11193)
* Avoid a server crash during startup only observed on a single platform
and when using a 3rd party library under certain circumstances, which is
a collateral effect of the security improvements introduced in OpenAFS
release 1.6.5 (11075) (RT #131852)
All client platforms
* Raised the free space reported for /afs to the maximum possible value of
just under 2 TiB - the old value was 9 GiB on most platforms (10984)
* Reduced the amount of stack space used (11162 11163 11203 11164..11167
11338 11339 11364..11366 11381)
* Sped up a periodic client task which could be problematically slow
on systems with a large number of PAGs and files in use (11307)
* Fixed failure of the up command with large ACLs (11111)
* Avoid a potential crash of aklog (11218)
* Avoid potential crashes of scout and xstat_fs_test (11155)
Linux clients
* Support kernels up to 3.16 (11308 11309)
* Fixed a regression introduced in OpenAFS release 1.6.6 that made
checking for existing write locks incorrectly fail on readonly volumes
(11361)
* Fixed a regression introduced in OpenAFS release 1.6.8 that could
cause VFS cache inconsistencies when a previously-accessed directory
entry was removed and recreated with the same name but pointing to a
different file on another client (11358)
* Use the right path to depmod in Red Hat packaging to avoid dependency
calculation incorrectly failing unless a link /sbin -> /usr/sbin is
present on the system performing it (11171) (RT #131860)
* Do not ignore kernel module build errors (11205)
User-Visible OpenAFS Changes
OpenAFS 1.6.11
All platforms
* Allow aklog to succeed creating native K5 tokens even when mapping
the K5 principal to a K4 one fails (11538)
* Build fixes (11435 11636)
All client platforms
* Avoid a potential kernel panic due to connection reference overcounts
(11645) (RT #131885)
* Avoid potential corruption of files written using memory mapped I/O
when the file is larger than the cache (11656) (RT #131976)
Linux clients
* Support kernels at least up to 3.19 (11549 11550 11569 11570 11595
11658..11662 11694 11752)
Note: By default this excludes kernels 3.17 to 3.17.2, which will leak
an inode reference when an error occurs in d_splice_alias(). The
module will build and work, but leak kernel memory, leading to
performance degradation and eventually system failure due to
memory exhaustion. Since it's impossible to detect this condition
automatically, the switch --enable-linux-d_splice_alias-extra-iput
must be passed to configure when building the module for those
kernels. The same would be necessary for any kernel with backports
of commit 908790fa3b779d37365e6b28e3aa0f6e833020c3 or commit
95ad5c291313b66a98a44dc92b57e0b37c1dd589 but not the fix in commit
51486b900ee92856b977eacfc5bfbe6565028070 in the linux-stable repo
(git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git) or
the corresponding changes on other branches.
* Fixed a regression introduced in OpenAFS release 1.6.10 which could
make the spurious "getcwd: cannot access parent directories" problem
return (11558 11568) (RT #131780)
* Avoid leaking memory when scanning a corrupt directory (11707)
OS X clients
* Support OS X 10.10 "Yosemite" (11571 11572 11611) (RT #131946)
Solaris clients
* Avoid reading random data rather than correct cache content when using
ZFS as the cache file system on Solaris >= 11, and fix potential similar
problems on other platforms (11713 11714)
FreeBSD
* Build fix for releases >= 11.0 (11610)
OpenBSD
* Support release 5.4 (11700)
User-Visible OpenAFS Changes
OpenAFS 1.6.11.1
Linux clients
* Support kernels up to 4.0 (11760 11761)
FreeBSD clients
* Fixed kernel module build on systems with an updated clang which no
longer accepts the -mno-align-long-strings as a no-op (11809)
User-Visible OpenAFS Changes
OpenAFS 1.6.12
All server platforms
* Avoid database corruption if a database server is shut down and then
brought up again quickly with an altered database (11773 11774)
(RT #131997)
All client platforms
* Fixed a potential buffer overflow in aklog (11808)
* Avoid a bogus warning regarding the checkserver daemon, which could be
logged during startup when the cache initialization was very fast (11680)
* Added documentation of the inaccuracy of the 'partition' field in
'fs listquota' output for partitions larger than 2 TiB (11626)
Linux clients
* Support kernels up to 4.1 (11872 11873)
* Avoid spurious EIO errors when writing large chunks of data to
mmapped files (11877)
OS X
* Build fixes required at least on OS X 10.10 Yosemite with the latest
XCode (11859 11876 11842..11845 11863 11878 11879)
User-Visible OpenAFS Changes
OpenAFS 1.6.13
All server platforms
* Fix for CVE-2015-3282: vos leaks stack data onto the wire in the
clear when creating vldb entries
* Workaround for CVE-2015-3283: bos commands can be spoofed, including
some which alter server state
* Disabled searching the VLDB by volume name regular expression to avoid
possible buffer overruns in the volume location server
All client platforms
* Fix for CVE-2015-3284: pioctls leak kernel memory
* Fix for CVE-2015-3285: kernel pioctl support for OSD command passing
can trigger a panic
Solaris clients
* Fix for CVE-2015-3286: Solaris grouplist modifications for PAGs can
panic or overwrite memory
User-Visible OpenAFS Changes
OpenAFS 1.6.14
All server platforms
* Prior to the OpenAFS security release 1.6.13, the Volume Location
Server (vlserver) RPC VL_ListAttributesN2() supported wildcard volume
name lookups via regular expression (regex) pattern matching. This
support was completely disabled in 1.6.13 because it was judged to be
a security risk due to buffer overruns in the implementation, as well
as the possibility of denial of service attacks where certain regular
expressions could cause excessive CPU usage in some regex
implementations.
Unfortunately, after 1.6.13 was released, it was discovered that
the native OpenAFS 'backup' system uses the VL_ListAttributesN2()
regex support to evaluate configured volume sets. If you use the
OpenAFS 'backup' system (or another backup system which relies on it,
such as Tivoli Storage Manager (TSM, aka Tivoli ADSM)), and are using
volume sets which require regular expressions for the volume name,
then those volume sets cannot be resolved by OpenAFS 1.6.13. The next
paragraph provides details on how to identify any affected volume sets.
OpenAFS backup volume sets may be described by fileserver, partition
name, and volume name. The fileserver and partition specifications
never require regular expression support. The volume name specification
always requires regular expression support except for when specifying
_all_ volumes via two special cases: the universal wildcard ".*", or "".
For example, volume name "proj" or "*.backup" or "homevol.*" all
require regex support - even if the specification contains no wildcard
characters and/or exactly matches an existing volume name.
As a result of this issue, OpenAFS 1.6.14 replaces the 1.6.13 changes
to VL_ListAttributesN2. 1.6.14 prevents the buffer overruns and
reenables the regex support, but restricts it to OpenAFS super-users
and -localauth only. This is sufficient to restore the OpenAFS 'backup'
system's ability to work correctly with any previously supported volume
set. The OpenAFS 'backup' commands are already documented to require
super-user authorization, so this restriction is moot for the backup
system.
There are no other direct consumers of the VL_ListAttributesN2() regex
support in the OpenAFS tree. However, the VL_ListAttributesN2 RPC is
publicly accessible and might be used by third party tools directly or
indirectly via OpenAFS's libadmin. Any such tools that issue
VL_ListAttributesN2 RPCs must now be executed using super-user or
-localauth tokens.
None of the other security fixes in OpenAFS 1.6.13 are known to have
any issues, and are still included unchanged in OpenAFS 1.6.14.
If there are any questions concerning the possible impact of OpenAFS
1.6.13 or 1.6.14 at your site, please contact your OpenAFS support
provider or the openafs-info@openafs.org mailing list for further
assistance.
