OpenAFS Release Notes - Version 1.4.4 _________________________________________________________________ All Unix systems: Major security bugfix. Minor bugfixes. Windows: Minor bugfixes. _________________________________________________________________ * Security bugfix: - SetUID is no longer honored for the local cell by default. The "fs setcellstatus" command must be issued for any cell the system administrator wishes to allow setuid files in. From 1.4.3: * Bugfixes: Windows: - Return the correct error code when attempting to remove a directory that still contains entries. - Allow renames on inexact case match to allow offline folders to work correctly. - VICECONNBAD and VICETOKENDEAD force the use of a new rx connection. - Fix afslogon.dll to not publish environment variables into the subprocesses started from winlogon.exe - Fix afslogon.dll to initialize and uninitialize winsock so that Kerberos 4 send_to_kdc() can succeed - When opening a directory, CIFS read privilege requires PRSFS_LOOKUP not PRSFS_READ. All unix systems: - Make new connection forcing apply even when there is only one interface, so we can recover servers marked down due to our address changing. - Fix Universal AFS Error mapping when the local OS does not define some errors. - Avoid byte range locking for java when it means to ask for a whole file lock but uses a -1 length. - Avoid overwriting random memory if the system has too many addresses at cache manager start time. - Allow foreign vlservers to properly time out before first use. - Attempt to clean up from dead tokens without discarding valid ones. - Reinit resolver library on afsdb failure. Linux: - Allow PAG to be stored as a single "large" group instead of 2 16 bit groups. - Fix use of tasklist lock based on availability of lock. - Avoid leaking cred references in the kernel during failed lookups. - Further fixes to syscall table probing. - Updates for kernel header changes. - Use the AFS vfs magic number. - Fix keyring based PAGs to persist across a change. - Avoid leaking locks when closing Firefox. - Fix lock pid tracking to allow better cleanup and avoid bogus assert. - Remove deadlock-prone cred pool implementation entirely. MacOS: - Fake more free disk for apps which do not actually check. Solaris: - Updates to use only public kernel interfaces. All systems: - Make rxdebug be less aggressive when retransmitting. - Allow unix domain socket for fileserver-volserver communication. - Fix server fake address support when NetRestrict is being used. - Fix crash when 3.4 jumbograms are part of an Rx connection. - Fix crashes in pts chown and pts rename. - Make asetkey buildable with Heimdal. - Avoid potential orphaned files during vos restore. - Improve ubik debug logging. - Add vldb repair tool. - Avoid potential bosserver process list corruption. - Revert to previous fileserver startup attachment order.