Hopefully NetBSD/x86 -current also works.
Should merely be a build fix, but bump PKGREVISION anyway.
This commit allocates sysname numbers that have not yet been submitted
upstream.
User-Visible OpenAFS Changes
OpenAFS 1.6.17 (Security Release)
All server platforms
* Fix for OPENAFS-SA-2016-001: foreign users can create groups as
if they were an administrator (RT #132822) (CVE-2016-2860)
All client platforms
* Fix for OPENAFS-SA-2016-002: information leakage from sending
uninitialized memory over the network. Multiple call sites
were vulnerable, with potential for leaking both kernel and
userland stack data (RT #132847)
* Update to the GCO CellServDB update from 01 January 2016 (12188)
Linux clients
* Fix a crash when the root volume is not found and dynroot is not
in use, a regression introduced in 1.6.14.1 (12166)
* Avoid introducing a dependency on the kernel-devel package corresponding
to the currently running system while building the srpm (12195)
* Create systemd unit files with mode 0644 instead of 0755
(12196) (RT #132662)
OpenAFS 1.6.16
All platforms
* Documentation improvements (11932 12096 12100 12112 12120)
* Improved diagnostics and error messages (11586 11587)
* Distribute the contributor code of conduct with the stable release (12056)
All server platforms
* Create PID files in the right location when bosserver is started with
the "-pidfiles" argument and transarc paths are not being used (12086)
* Several fixes regarding volume dump creation and restore (11433 11553
11825 11826 12082)
* Avoid a reported bosserver crash, and potentially others, by replacing
fixed size buffers with dynamically allocated ones in some user handling
functions (11436) (RT #130719)
* Obey the "-toname" parameter in "vos clone" operations (11434)
* Avoid writing a loopback address into the server CellServDB - search
for a non-loopback one, and fail if none is found (12083 12105)
* Rebuild the vldb free list with "vldb_check -fix" (12084)
* Fixed and improved the "check_sysid" utility (12090)
* Fixed and improved the "prdb_check" utility (12101..04)
All client platforms
* Avoid a potential denial of service issue, by fixing a bug in pioctl
logic that allowed a local user to overrun a kernel buffer with a single
NUL byte (commit 2ef86372) (RT #132256) (CVE-2015-8312)
* Refuse to change multi-homed server entries with "vos changeaddr",
unless "-force" is given, to avoid corruption of those entries (12087)
* Provide a new vos subcommand "remaddrs" for removing server entries, to
replace the slightly confusing "vos changeaddr -remove" (12092 12094)
* Make "fs flushall" actually invalidate all cached data (11894)
* Prevent spurious call aborts due to erroneous idle timeouts (11594)
* Provide a "--disable-gtx" configure switch to avoid building and
installing libgtx and its header files as well as the depending
"scout" and "afsmonitor" applications (12095)
* Fixed building the gtx applications against newer ncurses (12125)
* Allow pioctls to work in environments where the syscall emulation
pseudo file is created in a read-only pseudo filesystem, like in
containers under recent versions of docker (12124)
Linux clients
* In Red Hat packaging, avoid following a symbolic link when writing
the client CellServDB, which could overwrite the server CellServDB,
by removing an existing symlink before writing the file (12081)
* In Red Hat packaging, avoid a conflict of openafs-debuginfo with
krb5-debuginfo by excluding our kpasswd executable from debuginfo
processing (12128) (RT #131771)
Upstream changes:
0.084 2016-03-04 07:17:49-05:00 America/New_York
[Fixes]
- Fixed relative() for the case with regex metacharacters in the path
0.082 2016-03-01 18:23:26-05:00 America/New_York
[!!! INCOMPATIBLE CHANGES !!!]
- (This warning repeated from 0.079-TRIAL) The relative() method no
longer uses File::Spec's buggy rel2bs method. The new Path::Tiny
algorithm should be comparable and passes File::Spec rel2abs test
cases, except that it correctly accounts for symlinks. For common
use, you are not likely to notice any difference. For uncommon use,
this should be an improvement. As a side benefit, this change drops
the minimum File::Spec version required, allowing Path::Tiny to be
fatpacked if desired.
[Changes]
- no other changes from 0.081
0.081 2016-02-18 16:55:37-05:00 America/New_York (TRIAL RELEASE)
[Fixed]
- Fixed lines_utf8+chomp and relative() bugs on Windows
0.079 2016-02-15 20:52:10-07:00 America/Mazatlan (TRIAL RELEASE)
[!!! INCOMPATIBLE CHANGES !!!]
- The relative() method no longer uses File::Spec's buggy rel2bs
method. The new Path::Tiny algorithm should be comparable and passes
File::Spec rel2abs test cases, except that it correctly accounts for
symlinks. For common use, you are not likely to notice any
difference. For uncommon use, this should be an improvement. As a
side benefit, this change drops the minimum File::Spec version
required, allowing Path::Tiny to be fatpacked if desired.
[FIXED]
- Fixed lines_utf8() with chomping for repeated empty lines.
[DOCS]
- Documented that subclassing is not supported
0.077 2016-02-10 14:17:32-07:00 America/Mazatlan (TRIAL RELEASE)
[ADDED]
- Added 'edit' and 'edit_lines' plus _utf8 and _raw variants; this
is similar to perl's -i flag (though without backups)
0.076 2015-11-16 10:47:24-05:00 America/New_York
- no changes from 0.075
0.075 2015-11-15 21:02:18-05:00 America/New_York (TRIAL RELEASE)
[FIXED]
- Tilde expansion on Windows was resulting in backslashes. Now they
are correctly normalized to forward slashes.
[DOCS]
- Typos fixed
0.073 2015-10-30 10:36:18-04:00 America/New_York (TRIAL RELEASE)
[FIXED]
- Fixed spewing to a symlink that crosses a filesystem boundary
[PREREQS]
- Add Test::MockRandom to META as an recommended test prerequisite.
* Integrated osxfuse's copy of sshfs, which means that sshfs now works
on OS X out of the box.
* Added -o cache_max_size=N option to let users tune the maximum size of
the cache in number of entries.
* Added -o cache_clean_interval=N and -o cache_min_clean_interval=N
options to let users tune the cleaning behavior of the cache.
This is a filesystem client based on the SSH File Transfer Protocol.
Since most SSH servers already support this protocol it is very easy to
set up: i.e. on the server side there's nothing to do. On the client
side mounting the filesystem is as easy as logging into the server with
ssh.
The idea of sshfs was taken from the SSHFS filesystem distributed with
LUFS. There were some limitations in that codebase, and this
implementation features:
- Based on FUSE
- Multithreading
- Large reads (max 64k)
- Caching directory contents
- Reconnect on failure
The FUSE-based pCacheFS file system provides a simple caching layer for
other filesystems. This makes slow, remote filesystems seem very fast
to access. Moreover, the cache does not disappear when you start or
stop pCacheFS or if you reboot your computer -- it is persistent.
pCacheFS is designed for caching large amounts of data on remote
filesystems that don't change very much, such as movie or music
libraries.
1.0
- add unionfsctl utility to control unionfs-fuse over ioctl
- better apple support
- dropped stats
- better test suite
- probably lots of other things, it's been a while since last release ;-)
0.26
- use BUILD_PATH instead of snprintf, which will
return -ENAMETOOLONG if the path is too long instead of simply
using a wrong path
- new options "-o relaxed_permissions" and "-o hide_meta_dir"
- included the debian directory
- Properly check on rmdir() if sub-branches are also empty
- Always compile with debug code, but only enable debugging on request
- New option -o debug_file
- Lots of bugs fixed in BUILD_PATH()
- Improved search of white-out files
- Properly fix Debian Bug#509516.
- More debug output.
- Add syslog support without the risk of possible dead locks
- Use fuse big-writes (and reads) if available
0.25
- Alternate way to specify branches
- Minor fixes
0.24
- Support for liveCDs / live USB sticks (-o chroot)
- Build-in support to change the maximum number of open files
- Added recursive directory COW.
- relative paths: Critical bug fix, had been completely broken in 0.23
0.23
- remove to_user() and to_root() calls for autorization and use fuse build-in
default_permissions checks
- bugfix: rename created wrong whiteout type
0.22
- Fix a bug reported by Jens Hoelldampf <jens@hoelldampf.net>, in 0.21 cow
didn't work for pathes.
0.21
- Fix a segmentation fault when COW was enabled, but no rw-branch was specified.
- Proper handling when ro-branches are on top of rw-branches.
- Disabled syslog entries for now, since it might cause deadlocks.
- Fixed a license issue with the elfhash, since the CPL is not compatible
with the BSD license.
- Fix a bug when stat() was called instead of lstat().
- Many internal code changes (renaming of "root" to "branch").
- Better directory structure.
- Add this NEWS file.
- Add a man page.
0.20
- Fix a critical bug introduced in 0.19 when we disabled threadding.
0.19
- Several copy-on-write fixes (readdir, unlink, rmdir, rename).
- Whiteout files are now located in branch/.unionfs/ subdirectories.
- Disable threadding, since our current permissions-model is not compatible
with the NPTL implementation and the Posix-Thread model in general.
- Add supplementary group support.
0.18
- First release with copy-on-write (COW) support.
- Many many internal code changes.
Changes to NTFS-3G:
-------------------
Fixed inserting a new ACL after wiping out by chkdsk
Fixed Windows-type inheritance
Fixed ignoring the umask mount option when permissions are used
Fixed checking permissions when Posix ACLs are compiled in but not enabled
Disabled option remove_hiberfile on read-only mounts
Implemented an extended attribute to get/set EAs
Avoid full runlist updating in more situations
Update ctime after setting an ACL
Use MFT record 15 for the first extent to MFT:DATA
Ignore the sloppy mount option (-s)
Implemented FITRIM (fstrim) ioctl
Reengineered the compression algorithm
Changes to ntfsprogs:
---------------------
Return success from ntfsprogs utilities with options –version and the like
Implemented configure option –enable-quarantined for non functional utilities
Added manuals for ntfsdecrypt, ntfswipe, ntfstruncate and ntfsfallocate
Existing SHA1 digests verified, all found to be the same on the
machine holding the existing distfiles (morden). Existing SHA1
digests retained for now as an audit trail.
OpenAFS 1.6.15 (Security Release)
All client and server platforms
* Fix for OPENAFS-SA-2015-007 "Tattletale"
When constructing an Rx acknowledgment (ACK) packet, Andrew-derived
Rx implementations do not initialize three octets of data that are
padding in the C language structure and were inadvertently included
in the wire protocol (CVE-2015-7762). Additionally, OpenAFS Rx in
versions 1.5.75 through 1.5.78, 1.6.0 through 1.6.14, and 1.7.0
through 1.7.32 include a variable-length padding at the end of the
ACK packet, in an attempt to detect the path MTU, but only four octets
of the additional padding are initialized (CVE-2015-7763).
User-Visible OpenAFS Changes
OpenAFS 1.6.10
All platforms
* Don't hide the "version" subcommand in help output (11214)
* Documentation improvements (11126 11216 11222 11223 11225 11226)
* Improved diagnostics and error messages (11154 11246 11247 11249 11181
11182 11183)
* Build system improvements (11158 11221 11224 11225 11227..11241 11282
11342 11350 11353 11242 11367 11392)
* Avoid potentially erratic behaviour under certain error conditions by
either avoiding or at least not ignoring them, in various places (11008
11010..11065 11112 11148 11196 11530)
FreeBSD
* Support releases 9.3 and 10.1 (11368 11369 11402 11403 11404)
* Makes a disk cache more likely to work on FreeBSD, though such
configurations remain not very tested (11448)
All server platforms
* Added volscan(8) (11252..11280 11387 11388)
* Fixed a bug causing subgroups not to function correctly if their
ptdb entry had more than one continuation entry (11352)
* Logging improvements (10946 11153)
* Allow log rotation via copy and truncate (11193)
* Avoid a server crash during startup only observed on a single platform
and when using a 3rd party library under certain circumstances, which is
a collateral effect of the security improvements introduced in OpenAFS
release 1.6.5 (11075) (RT #131852)
All client platforms
* Raised the free space reported for /afs to the maximum possible value of
just under 2 TiB - the old value was 9 GiB on most platforms (10984)
* Reduced the amount of stack space used (11162 11163 11203 11164..11167
11338 11339 11364..11366 11381)
* Sped up a periodic client task which could be problematically slow
on systems with a large number of PAGs and files in use (11307)
* Fixed failure of the up command with large ACLs (11111)
* Avoid a potential crash of aklog (11218)
* Avoid potential crashes of scout and xstat_fs_test (11155)
Linux clients
* Support kernels up to 3.16 (11308 11309)
* Fixed a regression introduced in OpenAFS release 1.6.6 that made
checking for existing write locks incorrectly fail on readonly volumes
(11361)
* Fixed a regression introduced in OpenAFS release 1.6.8 that could
cause VFS cache inconsistencies when a previously-accessed directory
entry was removed and recreated with the same name but pointing to a
different file on another client (11358)
* Use the right path to depmod in Red Hat packaging to avoid dependency
calculation incorrectly failing unless a link /sbin -> /usr/sbin is
present on the system performing it (11171) (RT #131860)
* Do not ignore kernel module build errors (11205)
User-Visible OpenAFS Changes
OpenAFS 1.6.11
All platforms
* Allow aklog to succeed creating native K5 tokens even when mapping
the K5 principal to a K4 one fails (11538)
* Build fixes (11435 11636)
All client platforms
* Avoid a potential kernel panic due to connection reference overcounts
(11645) (RT #131885)
* Avoid potential corruption of files written using memory mapped I/O
when the file is larger than the cache (11656) (RT #131976)
Linux clients
* Support kernels at least up to 3.19 (11549 11550 11569 11570 11595
11658..11662 11694 11752)
Note: By default this excludes kernels 3.17 to 3.17.2, which will leak
an inode reference when an error occurs in d_splice_alias(). The
module will build and work, but leak kernel memory, leading to
performance degradation and eventually system failure due to
memory exhaustion. Since it's impossible to detect this condition
automatically, the switch --enable-linux-d_splice_alias-extra-iput
must be passed to configure when building the module for those
kernels. The same would be necessary for any kernel with backports
of commit 908790fa3b779d37365e6b28e3aa0f6e833020c3 or commit
95ad5c291313b66a98a44dc92b57e0b37c1dd589 but not the fix in commit
51486b900ee92856b977eacfc5bfbe6565028070 in the linux-stable repo
(git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git) or
the corresponding changes on other branches.
* Fixed a regression introduced in OpenAFS release 1.6.10 which could
make the spurious "getcwd: cannot access parent directories" problem
return (11558 11568) (RT #131780)
* Avoid leaking memory when scanning a corrupt directory (11707)
OS X clients
* Support OS X 10.10 "Yosemite" (11571 11572 11611) (RT #131946)
Solaris clients
* Avoid reading random data rather than correct cache content when using
ZFS as the cache file system on Solaris >= 11, and fix potential similar
problems on other platforms (11713 11714)
FreeBSD
* Build fix for releases >= 11.0 (11610)
OpenBSD
* Support release 5.4 (11700)
User-Visible OpenAFS Changes
OpenAFS 1.6.11.1
Linux clients
* Support kernels up to 4.0 (11760 11761)
FreeBSD clients
* Fixed kernel module build on systems with an updated clang which no
longer accepts the -mno-align-long-strings as a no-op (11809)
User-Visible OpenAFS Changes
OpenAFS 1.6.12
All server platforms
* Avoid database corruption if a database server is shut down and then
brought up again quickly with an altered database (11773 11774)
(RT #131997)
All client platforms
* Fixed a potential buffer overflow in aklog (11808)
* Avoid a bogus warning regarding the checkserver daemon, which could be
logged during startup when the cache initialization was very fast (11680)
* Added documentation of the inaccuracy of the 'partition' field in
'fs listquota' output for partitions larger than 2 TiB (11626)
Linux clients
* Support kernels up to 4.1 (11872 11873)
* Avoid spurious EIO errors when writing large chunks of data to
mmapped files (11877)
OS X
* Build fixes required at least on OS X 10.10 Yosemite with the latest
XCode (11859 11876 11842..11845 11863 11878 11879)
User-Visible OpenAFS Changes
OpenAFS 1.6.13
All server platforms
* Fix for CVE-2015-3282: vos leaks stack data onto the wire in the
clear when creating vldb entries
* Workaround for CVE-2015-3283: bos commands can be spoofed, including
some which alter server state
* Disabled searching the VLDB by volume name regular expression to avoid
possible buffer overruns in the volume location server
All client platforms
* Fix for CVE-2015-3284: pioctls leak kernel memory
* Fix for CVE-2015-3285: kernel pioctl support for OSD command passing
can trigger a panic
Solaris clients
* Fix for CVE-2015-3286: Solaris grouplist modifications for PAGs can
panic or overwrite memory
User-Visible OpenAFS Changes
OpenAFS 1.6.14
All server platforms
* Prior to the OpenAFS security release 1.6.13, the Volume Location
Server (vlserver) RPC VL_ListAttributesN2() supported wildcard volume
name lookups via regular expression (regex) pattern matching. This
support was completely disabled in 1.6.13 because it was judged to be
a security risk due to buffer overruns in the implementation, as well
as the possibility of denial of service attacks where certain regular
expressions could cause excessive CPU usage in some regex
implementations.
Unfortunately, after 1.6.13 was released, it was discovered that
the native OpenAFS 'backup' system uses the VL_ListAttributesN2()
regex support to evaluate configured volume sets. If you use the
OpenAFS 'backup' system (or another backup system which relies on it,
such as Tivoli Storage Manager (TSM, aka Tivoli ADSM)), and are using
volume sets which require regular expressions for the volume name,
then those volume sets cannot be resolved by OpenAFS 1.6.13. The next
paragraph provides details on how to identify any affected volume sets.
OpenAFS backup volume sets may be described by fileserver, partition
name, and volume name. The fileserver and partition specifications
never require regular expression support. The volume name specification
always requires regular expression support except for when specifying
_all_ volumes via two special cases: the universal wildcard ".*", or "".
For example, volume name "proj" or "*.backup" or "homevol.*" all
require regex support - even if the specification contains no wildcard
characters and/or exactly matches an existing volume name.
As a result of this issue, OpenAFS 1.6.14 replaces the 1.6.13 changes
to VL_ListAttributesN2. 1.6.14 prevents the buffer overruns and
reenables the regex support, but restricts it to OpenAFS super-users
and -localauth only. This is sufficient to restore the OpenAFS 'backup'
system's ability to work correctly with any previously supported volume
set. The OpenAFS 'backup' commands are already documented to require
super-user authorization, so this restriction is moot for the backup
system.
There are no other direct consumers of the VL_ListAttributesN2() regex
support in the OpenAFS tree. However, the VL_ListAttributesN2 RPC is
publicly accessible and might be used by third party tools directly or
indirectly via OpenAFS's libadmin. Any such tools that issue
VL_ListAttributesN2 RPCs must now be executed using super-user or
-localauth tokens.
None of the other security fixes in OpenAFS 1.6.13 are known to have
any issues, and are still included unchanged in OpenAFS 1.6.14.
If there are any questions concerning the possible impact of OpenAFS
1.6.13 or 1.6.14 at your site, please contact your OpenAFS support
provider or the openafs-info@openafs.org mailing list for further
assistance.
Release 1.10.2 (2015-07-30)
'''''''''''''''''''''''''''
Packaging Changes
-----------------
This release no longer requires the ``mock`` library (which was previously
used in the unit test suite). Shortly after the Tahoe-LAFS 1.10.1 release, a
new version of ``mock`` was released (1.1.0) that proved to be incompatible
with Tahoe's fork of setuptools, preventing Tahoe-1.10.1 from building at
all. `#2465`_
The ``tahoe --version`` output is now less likely to include scary diagnostic
warnings that look deceptively like stack traces. `#2436`_
The pyasn1 requirement was increased to >= 0.1.8.
.. _`#2465`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2465
.. _`#2436`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2436
Other Fixes
-----------
A WebAPI ``GET`` would sometimes hang when using the HTTP Range header to
read just part of the file. `#2459`_
Using ``tahoe cp`` to copy two different files of the same name into the same
target directory now raises an error, rather than silently overwriting one of
them. `#2447`_
All tickets closed in this release: 2328 2436 2446 2447 2459 2460 2461 2462
2465 2470.
.. _`#2459`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2459
.. _`#2447`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2447
Upstream changes:
0.19 2015-03-16 NEILB
- Added [MetaJSON] to dist.ini, so META.json will go into the distribution,
as well as META.yml. Thanks to Lucas Kanashiro.
- Dropped the -r test on directories, as we only actually need -d and -x.
Thanks to Lucas Kanashiro.
Upstream changes:
0.072 2015-07-20 16:07:20-04:00 America/New_York
- No changes from 0.071
0.071 2015-07-17 13:40:08-04:00 America/New_York (TRIAL RELEASE)
[FIXED]
- Fixed incorrect error argument for File::Path functions
(mkpath and remove_tree)
0.070 2015-06-28 13:50:16-04:00 America/New_York
- No changes from 0.069
0.069 2015-06-18 18:09:44-04:00 America/New_York (TRIAL RELEASE)
[CHANGED]
- The 'copy' method now returns the object for the copied file
[FIXED]
- The 'visit' method only dereferences the callback return value
for scalar refs, avoiding some common bugs
{perl>=5.16.6,p5-ExtUtils-ParseXS>=3.15}:../../devel/p5-ExtUtils-ParseXS
since pkgsrc enforces the newest perl version anyway, so they
should always pick perl, but sometimes (pkg_add) don't due to the
design of the {,} syntax.
No effective change for the above reason.
Ok joerg
Release 1.10.1 (2015-06-15)
'''''''''''''''''''''''''''
User Interface / Configuration Changes
--------------------------------------
The "``tahoe cp``" CLI command's ``--recursive`` option is now more predictable,
but behaves slightly differently than before. See below for details. Tickets
`#712`_, `#2329`_.
The SFTP server can now use public-key authentication (instead of only
password-based auth). Public keys are configured through an "account file",
just like passwords. See docs/frontends/FTP-and-SFTP for examples of the
format. `#1411`_
The Tahoe node can now be configured to disable automatic IP-address
detection. Using "AUTO" in tahoe.cfg [node]tub.location= (which is now the
default) triggers autodetection. Omit "AUTO" to disable autodetection. "AUTO"
can be combined with static addresses to e.g. use both a stable
UPnP-configured tunneled address and a DHCP-assigned dynamic (local subnet
only) address. See `configuration.rst`_ for details. `#754`_
The web-based user interface ("WUI") Directory and Welcome pages have been
redesigned, with improved CSS for narrow windows and more-accessible icons
(using distinctive shapes instead of just colors). `#1931`_ `#1961`_ `#1966`_
`#1972`_ `#1901`_
.. _`#712`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/712
.. _`#754`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/754
.. _`#1411`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1411
.. _`#1901`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1901
.. _`#1931`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1931
.. _`#1961`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1961
.. _`#1966`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1966
.. _`#1972`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1972
.. _`#2329`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2329
.. _`configuration.rst`: docs/configuration.rst
"tahoe cp" changes
------------------
The many ``cp``-like tools in the Unix world (POSIX ``/bin/cp``, the ``scp``
provided by SSH, ``rsync``) all behave slightly differently in unusual
circumstances, especially when copying whole directories into a target that
may or may not already exist. The most common difference is whether the user
is referring to the source directory as a whole, or to its contents. For
example, should "``cp -r foodir bardir``" create a new directory named
"``bardir/foodir``"? Or should it behave more like "``cp -r foodir/* bardir``"?
Some tools use the presence of a trailing slash to indicate which behavior
you want. Others ignore trailing slashes.
"``tahoe cp``" is no exception to having exceptional cases. This release fixes
some bad behavior and attempts to establish a consistent rationale for its
behavior. The new rule is:
- If the thing being copied is a directory, and it has a name (e.g. it's not
a raw Tahoe-LAFS directorycap), then you are referring to the directory
itself.
- If the thing being copied is an unnamed directory (e.g. raw dircap or
alias), then you are referring to the contents.
- Trailing slashes do not affect the behavior of the copy (although putting
a trailing slash on a file-like target is an error).
- The "``-r``" (``--recursive``) flag does not affect the behavior of the
copy (although omitting ``-r`` when the source is a directory is an error).
- If the target refers to something that does not yet exist:
- and if the source is a single file, then create a new file;
- otherwise, create a directory.
There are two main cases where the behavior of Tahoe-LAFS v1.10.1 differs
from that of the previous v1.10.0 release:
- "``cp DIRCAP/file.txt ./local/missing``" , where "``./local``" is a
directory but "``./local/missing``" does not exist. The implication is
that you want Tahoe to create a new file named "``./local/missing``" and
fill it with the contents of the Tahoe-side ``DIRCAP/file.txt``. In
v1.10.0, a plain "``cp``" would do just this, but "``cp -r``" would do
"``mkdir ./local/missing``" and then create a file named
"``./local/missing/file.txt``". In v1.10.1, both "``cp``" and "``cp -r``"
create a file named "``./local/missing``".
- "``cp -r PARENTCAP/dir ./local/missing``", where ``PARENTCAP/dir/``
contains "``file.txt``", and again "``./local``" is a directory but
"``./local/missing``" does not exist. In both v1.10.0 and v1.10.1, this
first does "``mkdir ./local/missing``". In v1.10.0, it would then copy
the contents of the source directory into the new directory, resulting
in "``./local/missing/file.txt``". In v1.10.1, following the new rule
of "a named directory source refers to the directory itself", the tool
creates "``./local/missing/dir/file.txt``".
Compatibility and Dependency Updates
------------------------------------
Windows now requires Python 2.7. Unix/OS-X platforms can still use either
Python 2.6 or 2.7, however this is probably the last release that will
support 2.6 (it is no longer receiving security updates, and most OS
distributions have switched to 2.7). Tahoe-LAFS now has the following
dependencies:
- Twisted >= 13.0.0
- Nevow >= 0.11.1
- foolscap >= 0.8.0
- service-identity
- characteristic >= 14.0.0
- pyasn1 >= 0.1.4
- pyasn1-modules >= 0.0.5
On Windows, if pywin32 is not installed then the dependencies on Twisted
and Nevow become:
- Twisted >= 11.1.0, <= 12.1.0
- Nevow >= 0.9.33, <= 0.10
On all platforms, if pyOpenSSL >= 0.14 is installed, then it will be used,
but if not then only pyOpenSSL >= 0.13, <= 0.13.1 will be built when directly
invoking `setup.py build` or `setup.py install`.
We strongly advise OS packagers to take the option of making a tahoe-lafs
package depend on pyOpenSSL >= 0.14. In order for that to work, the following
additional Python dependencies are needed:
- cryptography
- cffi >= 0.8
- six >= 1.4.1
- enum34
- pycparser
as well as libffi (for Debian/Ubuntu, the name of the needed OS package is
`libffi6`).
Tahoe-LAFS is now compatible with Setuptools version 8 and Pip version 6 or
later, which should fix execution on Ubuntu 15.04 (it now tolerates PEP440
semantics in dependency specifications). `#2354`_ `#2242`_
Tahoe-LAFS now depends upon foolscap-0.8.0, which creates better private keys
and certificates than previous versions. To benefit from the improvements
(2048-bit RSA keys and SHA256-based certificates), you must re-generate your
Tahoe nodes (which changes their TubIDs and FURLs). `#2400`_
.. _`#2242`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2242
.. _`#2354`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2354
.. _`#2400`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2400
Packaging
---------
A preliminary OS-X package, named "``tahoe-lafs-VERSION-osx.pkg``", is now
being generated. It is a standard double-clickable installer, which creates
``/Applications/tahoe.app`` that embeds a complete runtime tree. However
launching the ``.app`` only brings up a notice on how to run tahoe from the
command line. A future release may turn this into a fully-fledged application
launcher. `#182`_ `#2393`_ `#2323`_
Preliminary Docker support was added. Tahoe container images may be available
on DockerHub. `PR#165`_ `#2419`_ `#2421`_
Old and obsolete Debian packaging tools have been removed. `#2282`_
.. _`#182`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/182
.. _`#2282`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2282
.. _`#2323`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2323
.. _`#2393`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2393
.. _`#2419`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2419
.. _`#2421`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2421
.. _`PR#165`: https://github.com/tahoe-lafs/tahoe-lafs/pull/165
Minor Changes
-------------
- Welcome page: add per-server "(space) Available" column. `#648`_
- check/deep-check learned to accept multiple location arguments. `#740`_
- Checker reports: remove needs-rebalancing, add count-happiness. `#1784`_ `#2105`_
- CLI ``--help``: cite (but don't list) global options on each command. `#2233`_
- Fix ftp "``ls``" to work with Twisted 15.0.0. `#2394`_
.. _`#648`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/648
.. _`#740`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/740
.. _`#1784`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1784
.. _`#2105`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2105
.. _`#2233`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2233
.. _`#2394`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2394
Roughly 75 tickets were closed in this release: 623 648 712 740 754 898 1146
1159 1336 1381 1411 1634 1674 1698 1707 1717 1737 1784 1800 1807 1842 1847
1901 1918 1953 1960 1961 1966 1969 1972 1974 1988 1992 2005 2008 2023 2027
2028 2034 2048 2067 2086 2105 2121 2128 2165 2193 2208 2209 2233 2235 2242
2245 2248 2249 2249 2280 2281 2282 2290 2305 2312 2323 2340 2354 2380 2393
2394 2398 2400 2415 2416 2417 2433. Another dozen were referenced but not
closed: 182 666 982 1064 1258 1531 1536 1742 1834 1931 1935 2286. Roughly 40
GitHub pull-requests were closed: 32 48 50 56 57 61 62 62 63 64 69 73 81 82
84 85 87 91 94 95 96 103 107 109 112 114 120 122 125 126 133 135 136 137 142
146 149 152 165.
For more information about any ticket, visit e.g.
https://tahoe-lafs.org/trac/tahoe-lafs/ticket/754
Complete list of changes since 3.7.1:
- doc: add 1233044, 1232179 in 3.7.2 release-notes
- features/bitrot: fix fd leak in truncate (stub)
- doc: add release notes for 3.7.2
- libgfchangelog: Fix crash in gf_changelog_process
- glusterd: Fix snapshot of a volume with geo-rep
- cluster/ec: Avoid parallel executions of the same state machine
- quota: fix double accounting with rename operation
- cluster/dht: Prevent use after free bug
- cluster/ec: Wind unlock fops at all cost
- glusterd: Buffer overflow causing crash for glusterd
- NFS-Ganesha: Automatically export vol that was exported before vol restart
- common-ha: cluster HA setup sometimes fails
- cluster/ec: Prevent double unwind
- quota/glusterd: porting to new logging framework.
- bitrot/glusterd: gluster volume set command for bitrot should not supported
- tests: fix spurious failure in bug-857330/xml.t
- features/bitrot: tuanble object signing waiting time value for bitrot
- quota: don't log error when disk quota exceeded
- protocol/client : porting log messages to new framework
- cluster/afr: Do not attempt entry self-heal if the last lookup on entry
failed on src
- changetimerecorder : port log messages to a new framework
- tier/volume set: Validate volume set option for tier
- glusterd/tier: glusterd crashed with detach-tier commit force
- rebalance,store,glusterd/glusterd: porting to new logging framework.
- libglusterfs: Enabling the fini() in cleanup_and_exit()
- sm/glusterd: Porting messages to new logging framework
- nfs: Authentication performance improvements
- common-ha: cluster HA setup sometimes fails
- glusterd: subvol_count value for replicate volume should be calculate
correctly
- common-ha : Clean up cib state completely
- NFS-Ganesha : Return correct return value
- glusterd: Porting messages to new logging framework.
- glusterd: Stop tcp/ip listeners during glusterd exit
- storage/posix: Handle MAKE_INODE_HANDLE failures
- cluster/ec: Prevent Null dereference in dht-rename
- doc: fix markdown formatting
- upcall: prevent busy loop in reaper thread
- protocol/server : port log messages to a new framework
- nfs.c nfs3.c: port log messages to a new framework
- logging: log "Stale filehandle" on the client as Debug
- snapshot/scheduler: Modified main() function to take arguments.
- tools/glusterfind: print message for good cases
- geo-rep: ignore symlink and harlink errors in geo-rep
- tools/glusterfind: ignoring deleted files
- spec/geo-rep: Add rsync as dependency for georeplication rpm
- features/changelog: Do htime setxattr without XATTR_REPLACE flag
- tools/glusterfind: Cleanup glusterfind dir after a volume delete
- tools/glusterfind: Cleanup session dir after delete
- geo-rep: Validate use_meta_volume option
- spec: correct the vendor string in spec file
- tools/glusterfind: Fix GFID to Path conversion for dir
- libglusterfs: update glfs-message header for reserved segments
- features/qemu-block: Don't unref root inode
- features/changelog: Avoid setattr fop logging during rename
- common-ha: handle long node names and node names with '-' and '.' in them
- features/marker : Pass along xdata to lower translator
- tools/glusterfind: verifying volume is online
- build: fix compiling on older distributions
- snapshot/scheduler: Handle OSError in os. callbacks
- snapshot/scheduler: Check if GCRON_TASKS exists before
- features/quota: Fix ref-leak
- tools/glusterfind: verifying volume presence
- stripe: fix use-after-free
- Upcall/cache-invalidation: Ignore fops with frame->root->client not set
- rpm: correct date and order of entries in the %changelog
- nfs: allocate and return the hashkey for the auth_cache_entry
- doc: add release notes for 3.7.1
- snapshot: Fix finding brick mount path logic
- glusterd/snapshot: Return correct errno in events of failure - PATCH 2
- rpc: call transport_unref only on non-NULL transport
- heal : Do not invoke glfs_fini for glfs-heal commands
- Changing log level from Warning to Debug
- features/shard: Handle symlinks appropriately in fops
- cluster/ec: EC_XATTR_DIRTY doesn't come in response
- worm: Let lock, zero xattrop calls succeed
- bitrot/glusterd: scrub option should be disabled once bitrot option is
reset
- glusterd/shared_storage: Provide a volume set option to create and mount
the shared storage
- dht: Add lookup-optimize configuration option for DHT
- glusterfs.spec.in: move libgf{db,changelog}.pc from -api-devel to -devel
- fuse: squash 64-bit inodes in readdirp when enable-ino32 is set
- glusterd: do not show pid of brick in volume status if brick is down.
- cluster/dht: fix incorrect dst subvol info in inode_ctx
- common-ha: fix race between setting grace and virt IP fail-over
- heal: Do not call glfs_fini in final builds
- dht/rebalance : Fixed rebalance failure
- cluster/dht: Fix dht_setxattr to follow files under migration
- meta: implement fsync(dir)
- socket: throttle only connected transport
- contrib/timer-wheel: fix deadlock in del_timer()
- snapshot/scheduler: Return proper error code in case of failure
- quota: retry connecting to quotad on ENOTCONN error
- features/quota: prevent statfs frame loss when an error happens during
ancestry
- features/quota : Make "quota-deem-statfs" option "on" by default, when
quota is enabled
- cluster/dht: pass a destination subvol to fop2 variants to avoid races.
- cli: Fix incorrect parse logic for volume heal commands
- glusterd: Bump op version and max op version for 3.7.2
- cluster/dht: Don't rely on linkto xattr to find destination subvol
- afr: honour selfheal enable/disable volume set options
- features/shard: Fix incorrect parameter to get_lowest_block()
- libglusterfs: Copy d_len and dict as well into dst dirent
- features/quota : Do unwind if postbuf is NULL
- cluster/ec: Fix incorrect check for iatt differences
- features/shard: Fix issue with readdir(p) fop
- glusterfs.spec.in: python-gluster should be 'noarch'
- glusterd: Bump op version and max op version for 3.7.1
- glusterd: fix repeated connection to nfssvc failed msgs
Bitrot detection is a technique used to identify an ?insidious?
type of disk error where data is silently corrupted with no indication
from the disk to the storage software layer that an error has
occurred. When bitrot detection is enabled on a volume, gluster
performs signing of all files/objects in the volume and scrubs data
periodically for signature verification. All anomalies observed
will be noted in log files.
* Multi threaded epoll for performance improvements
Gluster 3.7 introduces multiple threads to dequeue and process more
requests from epoll queues. This improves performance by processing
more I/O requests. Workloads that involve read/write operations on
a lot of small files can benefit from this enhancement.
* Volume Tiering [Experimental]
Policy based tiering for placement of files. This feature will serve
as a foundational piece for building support for data classification.
Volume Tiering is marked as an experimental feature for this release.
It is expected to be fully supported in a 3.7.x minor release.
Trashcan
This feature will enable administrators to temporarily store deleted
files from Gluster volumes for a specified time period.
* Efficient Object Count and Inode Quota Support
This improvement enables an easy mechanism to retrieve the number
of objects per directory or volume. Count of objects/files within
a directory hierarchy is stored as an extended attribute of a
directory. The extended attribute can be queried to retrieve the
count.
This feature has been utilized to add support for inode quotas.
* Pro-active Self healing for Erasure Coding
Gluster 3.7 adds pro-active self healing support for erasure coded
volumes.
* Exports and Netgroups Authentication for NFS
This feature adds Linux-style exports & netgroups authentication
to the native NFS server. This enables administrators to restrict
access to specific clients & netgroups for volume/sub-directory
NFSv3 exports.
* GlusterFind
GlusterFind is a new tool that provides a mechanism to monitor data
events within a volume. Detection of events like modified files is
made easier without having to traverse the entire volume.
* Rebalance Performance Improvements
Rebalance and remove brick operations in Gluster get a performance
boost by speeding up identification of files needing movement and
a multi-threaded mechanism to move all such files.
* NFSv4 and pNFS support
Gluster 3.7 supports export of volumes through NFSv4, NFSv4.1 and
pNFS. This support is enabled via NFS Ganesha. Infrastructure changes
done in Gluster 3.7 to support this feature include:
- Addition of upcall infrastructure for cache invalidation.
- Support for lease locks and delegations.
- Support for enabling Ganesha through Gluster CLI.
- Corosync and pacemaker based implementation providing resource
monitoring and failover to accomplish NFS HA.
pNFS support for Gluster volumes and NFSv4 delegations are in beta
for this release. Infrastructure changes to support Lease locks and
NFSv4 delegations are targeted for a 3.7.x minor release.
* Snapshot Scheduling
With this enhancement, administrators can schedule volume snapshots.
* Snapshot Cloning
Volume snapshots can now be cloned to create a new writeable volume.
* Sharding [Experimental]
Sharding addresses the problem of fragmentation of space within a
volume. This feature adds support for files that are larger than
the size of an individual brick. Sharding works by chunking files
to blobs of a configurabe size.
Sharding is an experimental feature for this release. It is expected
to be fully supported in a 3.7.x minor release.
* RCU in glusterd
Thread synchronization and critical section access has been improved
by introducing userspace RCU in glusterd
* Arbiter Volumes
Arbiter volumes are 3 way replicated volumes where the 3rd brick
of the replica is automatically configured as an arbiter. The 3rd
brick contains only metadata which provides network partition
tolerance and prevents split-brains from happening.
Update to GlusterFS 3.7.1
* Better split-brain resolution
split-brain resolutions can now be also driven by users without
administrative intervention.
* Geo-replication improvements
There have been several improvements in geo-replication for stability
and performance.
* Minor Improvements
- Message ID based logging has been added for several translators.
- Quorum support for reads.
- Snapshot names contain timestamps by default.Subsequent access
to the snapshots should be done by the name listed in gluster
snapshot list
- Support for gluster volume get <volname> added.
- libgfapi has added handle based functions to get/set POSIX ACLs
based on common libacl structures.
