jimzah/openafs
1
0
Fork 0
mirror of https://git.openafs.org/openafs.git synced 2025-01-18 06:50:12 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Synchronize NEWS with 1.8.5

Browse Source 
Pull in all the updates to NEWS that occurred on the 1.8.x branch
in preparation for adding entries for 1.9.0.

Change-Id: I713d1576ef96793f24824f909b26da802b21ec23
Reviewed-on: https://gerrit.openafs.org/14103
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
This commit is contained in:
Benjamin Kaduk 2020-03-20 09:17:13 -07:00
parent befc727498
commit 1547db2226
1 changed files with 335 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

338
NEWS
View File

@ -1,6 +1,286 @@
User-Visible OpenAFS Changes
OpenAFS 1.8.0pre2
OpenAFS 1.8.5
All platforms
* Fix OPENAFS-SA-2019-001: information leakage in failed RPC output
Generated RPC handler routines ran output variables through XDR encoding
even when the call had failed and would shortly be aborted (and for
which uninitialized output variables is common); any complete packets
assembled in the process would be sent to the peer, leaking the contents
of the uninitialized memory in question.
* Fix OPENAFS-SA-2019-002: information leakage from uninitialized scalars
Generated RPC handler routines did not initialize output variables of
scalar (fixed-length) type, since they did not require dedicated logic to
free. Such variables allocated on the stack could remain uninitialized
in some cases (including those affected by OPENAFS-SA-2019-001), and the
contents of uninitialized memory would be returned to the peer.
All server platforms
* Fix OPENAFS-SA-2019-003: fix crash in database servers
The ubik debugging RPCs prioritize being fast and non-disruptive to
database operations over strict correctness, and do not adhere to the
usual locking protocol for data access. A data race could cause a NULL
dereference if the second memory load was not optimized out by the
compiler.
OpenAFS 1.8.4
All platforms
Build system updates to remove obsolete autoconf macros and remove missing
script warning during builds (13480, 13481, 13482, 13483, 13484, 13486,
13789, 13790).
Build system update to fix a conditional check in the pthread.m4 autoconf
file (13595)
Build system update to create the man3 subdirectory, fixing a
reported build failure (13535).
Remove the last reference to src/mcas in the documentation (13558).
All server platforms
Fix fileserver's parsing of the options -vlruthresh, -vlruinterval,
-vlrumax and -novbc (13680).
Fixes to make ptserver's behaviour when run in restricted mode consistent
with the documentation: Non-members of the system:administrators group
are no longer allowed to issue the adduser, setfields and delete pts
commands, and all members of system:administrators are now allowed to
issue pts commands in this mode, not just the admin principal (13686..88).
All client platforms
Fix missing Rx call clean-up after failing to read dcaches from a file
server (13511).
Fix an Rx call leak for calls aborted by a connection abort after the call
was initialized but before use (13517).
Remove the obsolete afs_xosi lock to remove unnecessary serialization of
VOP_GETATTR calls. This can lead to improved performance under heavy
workloads (13529).
Increase the size of the Directory Name Lookup Cache (DNLC) to improve
cache performance (13559).
Fix getting tokens for cells with a three character name (13679).
Avoid a misleading message about the cell being used when aklog is run
with the -cell parameter but the AFSCELL environment variable is set to
a different cell (13676).
Build system update to honor the CFLAGS environment variable when building
libuafs (13544).
Linux
Support for mainline kernels up to 5.3 (13787, 13789).
More fixes for improper use of ENOENT fixes to avoid incorrect use of linux
negative dentry cache, which can lead to false ENOENT errors (13542, 13543,
13590, 13692) (RT #134904).
Return errors instead of returning incomplete directory listings when the
directory objects are incomplete in the cache (13591).
Add ppc64le_linux26 sysname for the ppc64le architecture (13636, 13637,
13589).
Fix configure check for a kernel time function in order to build on
Linux 5.0 (13523).
RPM packaging update for RHEL8 adding a build requirement to ensure the
kernel module can be built from the SRPM (13563) (RT #134900).
On systemd based RHEL/Fedora systems, start the client after dkms startup
is finished if the latter is installed and enabled, to avoid attempting
starts without the kernel module being available yet (13674) (RT #134974).
MacOS
Build system updates for MacOS (13584).
Solaris
Add CTF debugging records to userspace objects to improve debugging
of servers (13487).
Convert the cache manager vnodes to be non-embebbed on Solaris 11 in order
to make the cache manager more resilient across Solaris 11 changes (13524,
13525, 13526, 13527, 13528).
OpenAFS 1.8.3
All platforms
* Improved diagnostics and error messages (13186 13411 13417)
* Avoid sending RX packets with random garbage in the userStatus field
(13332)
* Fixed detection of the RX initialization status (13416)
* Assorted fixes to avoid segmentation faults and other potential problems
by detecting internal errors rather than letting them go unnoticed
(13329 13372)
All server platforms
* Fixed a build problem accidentally introduced in release 1.8.2 (13328)
* Assorted efficiency improvements in the ubik implementation (13153 13218
13188 13353)
* Fixed locking around transaction list processing in volserver to avoid
segmentation faults and other potential problems (13336 13337)
* When the volserver attempts to remove a temporary volume after a
transaction, but the volume was already removed, e.g., by the salvager,
this is no longer treated as an error (13235)
All client platforms
* Update the CellServDB to the latest version from grand.central.org from
May 14th 2018 (13409)
* Avoid a panic during cache initialization when allocating the required
memory fails (13307)
* Add back the packet counters and timestamps to "vos status" output
which had been missing since release 1.8.0 (13421)
* Correctly handle errors encountered while reading data from the server
and writing it to the cache, e.g., due to a full cache partition (13443)
* Avoid a panic due to a recoverable error while flushing cache items
(13503)
Linux clients
* Support mainline kernels 4.20 and 5.0 and distribution kernels with
backports from those (13405 13406 13440 13441 13442)
* DKMS-related fixes in Red Hat packaging (13438 13479)
macOS
* Support building and packaging on macOS 10.14 "Mojave" (13412 13413)
OpenAFS 1.8.2
All platforms
* Fix OPENAFS-SA-2018-002: information leakage in RPC output variables
Various RPC routines did not always initialize all output fields,
exposing memory contents to network attackers. The relevant RPCs include
an AFSCB_ RPC, so cache managers are affected as well as servers.
All server platforms
* Fix OPENAFS-SA-2018-003: denial of service due to excess resource consumption
Various RPCs were defined as allowing unbounded arrays as input, allowing
an unauthenticated attacker to cause excess memory allocation and tie up
network bandwidth by sending (or claiming to send) large input arrays.
* Fix OPENAFS-SA-2018-001: unauthenticated volume operations via butc
On systems using the in-tree backup system, the butc process was running
with administrative credentials, but accepted incoming RPCs over
unauthenticated connections; these incoming RPCs in turn triggered
outgoing RPCs using the administrative credentials. Unauthenticated
attackers could construct volue dumps containing arbitrary contents
and cause these dumps to be restored and overwrite arbitrary volume
contents; afterward, the backup database could be restored to its
initial state, hiding evidence of the unauthorized changes.
Running butc with -localauth now requires authenticated incoming
connections, and the backup utility makes authenticated connections to
the butc. Audit capabilities have been added to the butc RPC handlers.
Command-line arguments are provided to retain the (insecure) historical
behavior until all systems have been upgraded.
OpenAFS 1.8.1.1
Linux Clients
* Support for mainline kernel 4.18 and distribution kernels with backports
from it (13268)
OpenAFS 1.8.1
All Platforms
* Improve the usability and consistency of the public API: install missing
headers, and add additional symbols to the export list for shared libraries.
* Improved Rx abort generation: use the proper serial number for an existing
connection if possible, and 0 otherwise (to improve debugging).
* Assorted minor fixes in response to static analysis of the codebase.
* Fix memory-safety error in XDR decoding of enumerated types.
All Server Platforms
* Fix reference counting error that could cause an assertion failure
in some workloads.
* vldb_check -fix will no longer corrupt the vldb when multiple MH blocks are present.
* Assorted cleanups and efficiency improvements in the ubik implementation.
* Return a valid InlineBulkStatus response in error cases.
* The fileserver now rejects invalid partition names when attaching partitions.
All Client Platforms
* Fix volume callbacks (e.g., when running 'vos release').
* Treat failure to obtain a DSlot as a hard error for that cache partition,
avoiding a flood of "disk cache read error in CacheItems" log messages,
and reducing the chance of subsequent panic.
* Improve error messages for invalid values with -volume-ttl.
* Remove useless error message:
"find_preferred_connection: no connection and !create".
* Avoid passing NULL to a kernel memory deallocator, which is not guaranteed
to be safe on all systems.
Linux
* Add support for 64-bit ARM clients ("arm64").
* Fix panic when cache bypass is enabled.
* Improve cache manager behavior when unable to open cache files.
* Improvements to the RPM packaging.
* Detect out-of-memory when using kernel pages for writing.
Solaris
* Fix various issues in the build process for recent Solaris versions.
MacOS
* Fix clients on OS X 10.13.
FreeBSD / NetBSD / OpenBSD
* Fix panic triggered during periodic cleanup operations and shutdown.
OpenAFS 1.8.0
All Platforms
@ -61,6 +341,8 @@ OpenAFS 1.8.0pre2
- Wake up the application thread after 'twind' is updated to avoid 100ms
transmit delays when the receive window transitions from closed to
open.
- Fix for OPENAFS-SA-2017-001: sanity-check peer transport parmeters
received in ack trailers
* Libraries (both internal and installed) are built using libtool, including
libuafs. The resulting shared libraries for libafsrpc and libafsauthent
@ -78,6 +360,7 @@ OpenAFS 1.8.0pre2
- Support the SOURCE_DATE_EPOCH environment variable to improve build
reproducibility.
- Modernize language specific SWIG typemaps for libuafs Perl bindings.
- Refactor acinclude.m4 into a set of smaller m4 files (12876, 12877, 12878)
* Improvements to documentation:
- Document the new KeyFileExt file.
@ -92,6 +375,7 @@ OpenAFS 1.8.0pre2
- Add PtLog man page.
- Corrections and clarifications to man pages.
- Add ubik threading analysis doc.
- Normalize the location of text documents in the source tree.
* Improvements for troublshooting, debugging, and testing:
- Log more details on volume-server-to-fileserver communication errors
@ -112,12 +396,19 @@ OpenAFS 1.8.0pre2
- Add tool to find Unix cache manager lock identification numbers.
- Add an option for pretty build output.
* RPM packaging updated:
* RPM packaging updates:
- Update the spec file to keep up with accumulated changes.
- Move the klog.krb5 man page to the openafs-krb5 sub-package.
- Remove stray man pages. (12870, 12871)
- Prevent double-starting client on RHEL7
- Convert rpm spec file from deprecated 'make dest' to 'make install'.
- Fix rpmbuild command line option default handling.
- Support older versions of rpmbuild which do not support the
rpmbuild %exclude directive. (12873)
- Move the legacy kaserver and related programs to separate sub-packages,
which are only built when rpmbuild is given the '--with kauth' option
(12600, 12872)
- Package the libuafs perl bindings (12921)
* Add a new protection error code (PRNAMETOOLONG) instead of silently
truncating names which exceed the maximum name length (PR_MAXNAMELEN).
@ -156,6 +447,8 @@ OpenAFS 1.8.0pre2
* Add user and build host in the version string returned by
rxdebug -version.
* Support recent versions of gcc (7.2.1) (12897)
All Server Platforms
* Ubik servers using pthreads are now available and are used by default
@ -165,6 +458,15 @@ OpenAFS 1.8.0pre2
permitted. This is a conservative change that may be removed in
the future.
* Avoid continually retransmitting the ubik database to remote sites when
a write transaction occurs as remote sites are attempting to rejoin the
ubik cluster. (12896)
* Ensure the ubik database version number is updated on remote sites at the
point the database is transferred to remote sites instead of waiting for
the next ubik beacon. This avoids write transaction failures during the
window between the database transfer and the next ubik beacon (12885).
* Remove periodic background fsync by the fileserver (ihandle fsync thread).
* Fix potential file handle leak in the file server ihandle caching layer.
@ -305,6 +607,10 @@ OpenAFS 1.8.0pre2
* Remove the obsolete Netscape plugin.
* Fix building gtx when ncurses is linked against libtinfo.
* Update to the GCO CellServDB update from 14 March 2017.
Linux
* Remove Linux 2.2 and 2.4 support.
@ -319,6 +625,13 @@ OpenAFS 1.8.0pre2
* Fix improper use of ENOENT and avoid incorrect use of linux negative
dentry cache.
* Use a more correct (less aggressive) scheme to react to downward
pressure on cache usage, avoiding d_invalidate(), which can cause
getcwd() failures on RHEL 7.4.
* Apply a workaround to be compatible with RHEL 7.5's KABI preservation
strategy for reading directories.
* Improve error reporting when encountering corrupt directories.
* Improve rx error handling in the Linux cache manager.
@ -329,6 +642,10 @@ OpenAFS 1.8.0pre2
* Do not use the obsolete --enable-largefile-fileservers configure option
when packaging RPMs.
* In Red Hat packaging, use a separate rpm for kmod debuginfo,
removing a needless tight version dependency on the userspace package.
(12822, 12875)
* Use the RemainAfterExit systemd feature to avoid premature exit
when -afsdb is not given, for RPM packages.
@ -344,7 +661,10 @@ OpenAFS 1.8.0pre2
* Fix --enable-kernel-debug for linux 4.8+.
* Support linux 4.10, 4.11, 4.12
* Fix a hang encountered when accessing a previously removed
directory entry (12811).
* Support linux 4.10, 4.11, 4.12, 4.13, 4.14, 4.15
Solaris
@ -363,6 +683,11 @@ OpenAFS 1.8.0pre2
* Avoid BAD TRAP panic due to invalid opcodes on x86 with Studio 12.5.
* Add ctf debug records to Solaris kernel modules when debug builds
are enabled and the ctf tools are present (ctfconvert/ctfmerge).
* Save kernel module function arguments on x86 for debugging purposes.
MacOS
* Stop processing upcalls once rx shutdown starts.
@ -377,6 +702,8 @@ OpenAFS 1.8.0pre2
* Fix builds on MacOS 10.12 by building only the active architecture
by default.
* Support versions up through 10.13 (High Sierra) and APFS
FreeBSD
* Use the native kernel module build system instead of an ad hoc
@ -390,6 +717,11 @@ OpenAFS 1.8.0pre2
* Do not claim AFS_VM_RDWR_ENV
* Add sysnames and files for i386 and amd64 10.4, 11.1, and 12.0
(12-CURRENT, at present). (12887, 12888)
* Remove trailing semicolons to fix the build on FreeBSD (12899)
NetBSD
* Stay up to date with new NetBSD releases (through 7.x)