[OpenAFS-announce] OpenAFS 1.4.4 available

Derrick J Brashear openafs-info@openafs.org
Mon, 19 Mar 2007 15:36:58 -0400 (EDT)

The OpenAFS Gatekeepers announce the availability of OpenAFS version
1.4.4.  Source files and available binaries can be accessed via the web at:


or via AFS at:


This is the current recommended release for all Unix platforms; For Windows, we 
recommend use of the current 1.5 series release for best performance.

                   OpenAFS Release Notes - Version 1.4.4
All Unix systems: Major security bugfix. Minor bugfixes.
Windows: Minor bugfixes.

* Security bugfix:

- SetUID is no longer honored for the local cell by default. The
   "fs setcellstatus" command must be issued for any cell the system
   administrator wishes to allow setuid files in.

>From 1.4.3:

* Bugfixes:

- Return the correct error code when attempting to remove a
   directory that still contains entries.

- Allow renames on inexact case match to allow offline folders to work

- VICECONNBAD and VICETOKENDEAD force the use of a new rx connection.

- Fix afslogon.dll to not publish environment variables into
   the subprocesses started from winlogon.exe

- Fix afslogon.dll to initialize and uninitialize winsock so
   that Kerberos 4 send_to_kdc() can succeed

- When opening a directory, CIFS read privilege requires PRSFS_LOOKUP
   not PRSFS_READ.

All unix systems:

- Make new connection forcing apply even when there is only one interface,
   so we can recover servers marked down due to our address changing.

- Fix Universal AFS Error mapping when the local OS does not define some

- Avoid byte range locking for java when it means to ask for a whole file
   lock but uses a -1 length.

- Avoid overwriting random memory if the system has too many addresses at
   cache manager start time.

- Allow foreign vlservers to properly time out before first use.

- Attempt to clean up from dead tokens without discarding valid ones.

- Reinit resolver library on afsdb failure.


- Allow PAG to be stored as a single "large" group instead of 2 16 bit groups.

- Fix use of tasklist lock based on availability of lock.

- Avoid leaking cred references in the kernel during failed lookups.

- Further fixes to syscall table probing.

- Updates for kernel header changes.

- Use the AFS vfs magic number.

- Fix keyring based PAGs to persist across a change.

- Avoid leaking locks when closing Firefox.

- Fix lock pid tracking to allow better cleanup and avoid bogus assert.

- Remove deadlock-prone cred pool implementation entirely.


- Fake more free disk for apps which do not actually check.


- Updates to use only public kernel interfaces.

All systems:

- Make rxdebug be less aggressive when retransmitting.

- Allow unix domain socket for fileserver-volserver communication.

- Fix server fake address support when NetRestrict is being used.

- Fix crash when 3.4 jumbograms are part of an Rx connection.

- Fix crashes in pts chown and pts rename.

- Make asetkey buildable with Heimdal.

- Avoid potential orphaned files during vos restore.

- Improve ubik debug logging.

- Add vldb repair tool.

- Avoid potential bosserver process list corruption.

- Revert to previous fileserver startup attachment order.

Binary releases are available for AIX 5.1, 5.2 and 5.3; Irix 6.5; Solaris 7, 8, 
9 and 10 on Sparc and 10 on Intel; RedHat Enterprise Linux 3 and 4 on 
Intel and AMD64; Fedora Core 3, 4, 5 and 6 on Intel and 5 and 6 on 
AMD64; MacOS 10.4 Universal; HP-UX11i on PA-RISC; and Windows 
2000, XP and 2003 on Intel, while source is available in gzipped, bzipped, and 
uncompressed tar files.

Bug reports should be filed to openafs-bugs@openafs.org.

Thanks are due as usual to our dedicated team of binary builders without whom 
the broad range of released binaries would not be possible.

Derrick J Brashear
for the OpenAFS gatekeepers