[OpenAFS-announce] OpenAFS 1.4.4 available
Derrick J Brashear
Mon, 19 Mar 2007 15:36:58 -0400 (EDT)
The OpenAFS Gatekeepers announce the availability of OpenAFS version
1.4.4. Source files and available binaries can be accessed via the web at:
or via AFS at:
This is the current recommended release for all Unix platforms; For Windows, we
recommend use of the current 1.5 series release for best performance.
OpenAFS Release Notes - Version 1.4.4
All Unix systems: Major security bugfix. Minor bugfixes.
Windows: Minor bugfixes.
* Security bugfix:
- SetUID is no longer honored for the local cell by default. The
"fs setcellstatus" command must be issued for any cell the system
administrator wishes to allow setuid files in.
- Return the correct error code when attempting to remove a
directory that still contains entries.
- Allow renames on inexact case match to allow offline folders to work
- VICECONNBAD and VICETOKENDEAD force the use of a new rx connection.
- Fix afslogon.dll to not publish environment variables into
the subprocesses started from winlogon.exe
- Fix afslogon.dll to initialize and uninitialize winsock so
that Kerberos 4 send_to_kdc() can succeed
- When opening a directory, CIFS read privilege requires PRSFS_LOOKUP
All unix systems:
- Make new connection forcing apply even when there is only one interface,
so we can recover servers marked down due to our address changing.
- Fix Universal AFS Error mapping when the local OS does not define some
- Avoid byte range locking for java when it means to ask for a whole file
lock but uses a -1 length.
- Avoid overwriting random memory if the system has too many addresses at
cache manager start time.
- Allow foreign vlservers to properly time out before first use.
- Attempt to clean up from dead tokens without discarding valid ones.
- Reinit resolver library on afsdb failure.
- Allow PAG to be stored as a single "large" group instead of 2 16 bit groups.
- Fix use of tasklist lock based on availability of lock.
- Avoid leaking cred references in the kernel during failed lookups.
- Further fixes to syscall table probing.
- Updates for kernel header changes.
- Use the AFS vfs magic number.
- Fix keyring based PAGs to persist across a change.
- Avoid leaking locks when closing Firefox.
- Fix lock pid tracking to allow better cleanup and avoid bogus assert.
- Remove deadlock-prone cred pool implementation entirely.
- Fake more free disk for apps which do not actually check.
- Updates to use only public kernel interfaces.
- Make rxdebug be less aggressive when retransmitting.
- Allow unix domain socket for fileserver-volserver communication.
- Fix server fake address support when NetRestrict is being used.
- Fix crash when 3.4 jumbograms are part of an Rx connection.
- Fix crashes in pts chown and pts rename.
- Make asetkey buildable with Heimdal.
- Avoid potential orphaned files during vos restore.
- Improve ubik debug logging.
- Add vldb repair tool.
- Avoid potential bosserver process list corruption.
- Revert to previous fileserver startup attachment order.
Binary releases are available for AIX 5.1, 5.2 and 5.3; Irix 6.5; Solaris 7, 8,
9 and 10 on Sparc and 10 on Intel; RedHat Enterprise Linux 3 and 4 on
Intel and AMD64; Fedora Core 3, 4, 5 and 6 on Intel and 5 and 6 on
AMD64; MacOS 10.4 Universal; HP-UX11i on PA-RISC; and Windows
2000, XP and 2003 on Intel, while source is available in gzipped, bzipped, and
uncompressed tar files.
Bug reports should be filed to firstname.lastname@example.org.
Thanks are due as usual to our dedicated team of binary builders without whom
the broad range of released binaries would not be possible.
Derrick J Brashear
for the OpenAFS gatekeepers