User-Visible OpenAFS Changes

OpenAFS 1.6.17 (Security Release)

  All server platforms

    * Fix for OPENAFS-SA-2016-001: foreign users can create groups as
      if they were an administrator (RT #132822) (CVE-2016-2860)

  All client platforms

    * Fix for OPENAFS-SA-2016-002: information leakage from sending
      uninitialized memory over the network.  Multiple call sites
      were vulnerable, with potential for leaking both kernel and
      userland stack data (RT #132847)

    * Update to the GCO CellServDB update from 01 January 2016 (12188)

  Linux clients

    * Fix a crash when the root volume is not found and dynroot is not
      in use, a regression introduced in 1.6.14.1 (12166)

    * Avoid introducing a dependency on the kernel-devel package corresponding
      to the currently running system while building the srpm (12195)

    * Create systemd unit files with mode 0644 instead of 0755
      (12196) (RT #132662)