openafs 1.6.7-1~ubuntu12.04.1 source package in Ubuntu

Changelog

openafs (1.6.7-1~ubuntu12.04.1) precise-backports; urgency=medium

  * No-change backport to precise (LP: #1324288)

openafs (1.6.7-1) unstable; urgency=high

  * New upstream security release.
    - OPENAFS-SA-2014-001: Fix potential buffer overflow in the
      fileserver.  (CVE-2014-0159)
    - Fix a potential DoS attack against Rx servers by avoiding suspending
      the listener thread when delaying connection abort messages.

openafs (1.6.6-1) unstable; urgency=low

  * New upstream release.
    - Remove server-side NAT pings since there's no evidence they help.
  * Fix linking of /usr/share/doc directories for libpam-openafs-kaserver,
    openafs-fuse, and openafs-kpasswd.  This was broken in previous
    releases by a miswritten debian/rules override.  Thanks to Andreas
    Beckmann for finding the problem and solution.  (Closes: #736305)
  * Accept AFS_DYNROOT=true as an alias for Yes in afs.conf.client,
    matching behavior of releases prior to 1.6.2.1-1.  (Closes: #729353)

openafs (1.6.6~pre2-1) unstable; urgency=low

  * New upstream pre-release.
    - Linux kernels up to 3.12 are now supported, including kernels with
      user namespace support enabled (which affects Debian's 3.12-1 kernel
      and newer).
    - Fixed core dumps into AFS with current kernels.
    - When starting the client fails, backing device information created
      in sysfs is now properly cleared.
    - The AFS mountpoint specified in the cacheinfo file must now be an
      absolute path.
    - Stop tracking file locks on read-only volumes.  Write locks always
      fail and read locks always succeed.
    - New fs flushall command to discard all cached data.
    - Fixed a bug that could cause the client to incorrectly believe its
      cache was up to date.
    - New -rxmaxfrags switch to afsd to limit the number of UDP fragments
      sent or received per RX packet.
    - Fixed afsd threads entering an infinite loop.
    - The file server now ignores any vice partitions with a NeverAttach
      flag file present in the root directory.
    - Enabled server-side NAT pings to refresh NAT timeouts.
    - Forcing file server CPS recalculation (for IP ACLs) is now
      restricted to administrators.
    - vos examine of a volume in a transaction is now shown as busy again
      rather than off-line.
    - Multiple bug fixes to the salvager.
    - Fixed a bug that could cause state information to be discarded when
      restarting a large or busy file server.
    - Fixed a vlserver bug during file server address registration.
    - volserver supports a new -preserve-vol-stats option, which preserves
      access statistics across volume restore and reclone operations.
    - Releasing a volume after adding a new RO site no longer touches the
      existing RO sites if the volume has not changed since the last
      release.
    - Fixed undefined ptserver behavior with too many allocated PTS ids.
    - Avoid redefining assert in public header files.
    - Documentation, diagnostics, and error message improvements.

openafs (1.6.5.2-1) unstable; urgency=medium

  * New upstream release.
    - Fix support for tmpfs as the cache filesystem.
    - Support kernels with backported changes affecting getname/putname.
  * Exit successfully in the openafs-client init script if /sbin/afsd
    doesn't exist, indicating that openafs-client is not installed.
  * Load /lib/lsdb/init-functions in the openafs-client init script as the
    first step towards upstart or systemd support.
  * Update standards version to 3.9.5 (no changes required).

openafs (1.6.5.1-1) unstable; urgency=low

  * New upstream release.
    - Support for Linux 3.11 and 3.12 (up to 3.12-rc3).
    - Fixed core dumps into AFS with some Linux kernels.
  * Cherry-pick additional upstream fixes.
    - [7242e25a] Fix library ordering when building aklog.
    - [514fc63d] Fix budb crash when the -servers command-line option
      is given.  (Closes: #718253)
  * Ignore errors when reading ThisCell in the openafs-client config
    script.  If the file doesn't end in a newline, read will still succeed
    and set the variable, but will exit with a non-zero status.  This
    would abort configuration of the package without a useful error
    message.
  * Drop Recommends of libjs-jquery in openafs-doc.  We're no longer
    replacing the embedded jQuery, pending a better fix in the Doxygen
    packaging.
  * Optimize the get-orig-source target.  Thanks, Anders Kaseorg.
  * Translation updates:
    - German, thanks Erik Pfannenstein.  (Closes: #719154)

openafs (1.6.5-1) unstable; urgency=high

  * New upstream release.
    - OPENAFS-SA-2013-003: New support for non-DES enctypes in the
      long-lived AFS key.  This requires deploying rxkad.keytab files on
      each server containing all of the encryption types for the cell AFS
      key.  Once this is deployed on servers, DES will only be used for
      the session key.  Once deployed on all clients, a stronger security
      mechanism will be used that allows the DES keys to be removed from
      the AFS principal in the Kerberos KDC (but still uses DES for some
      session encryption purposes).  (CVE-2013-4134)
    - OPENAFS-SA-2013-004: Properly support the -encrypt option in vos,
      including with -localauth.  (CVE-2013-4135)
  * Move the documentation and kernel module build dependencies to
    Build-Depends-Indep and only do those parts of the build if building
    architecture-independent packages.
  * Drop the sequence numbers from the openafs-client init script
    registration.  Debian now always uses dependency-based boot ordering.
  * Translation updates:
    - Japanese, thanks victory.  (Closes: #714223)

openafs (1.6.4-1) unstable; urgency=low

  * New upstream release.

openafs (1.6.3-1) unstable; urgency=low

  * New upstream release.
    - Support for Linux 3.9 and 3.10.  (Closes: #711920)
    - Multiple fixes for use after free, use of uninitialized memory,
      and similar C memory management bugs found via code analysis.
    - Obey jumbo/nojumbo settings for Ubik (database) servers.
    - General improvements in diagnostic and log messages.
    - Avoid incorrectly sending small amounts of data over the wire
      unencrypted in some situations and report the correct error message
      in this case.
    - Avoid generating duplicate IDs for readonly and backup volumes.
    - Return quota and free space information without an access check.
    - Improve client bookkeeping in the file server, fixing several
      potential corruption and segfault issues.
    - Avoid known cases of silent data corruption in background syncs in
      the file server.
    - Run-time configuration support for fileserver synchronization.
    - Fix transient network error interference with establishing a ubik
      quorum.
    - Do not discard the persistent client disk cache on restart.
    - Fix bugs that made it impossible to unmount a disk cache file system
      after it had been used by the client.
  * Give openafs-dbserver its own documentation directory rather than
    linking it to openafs-client, allowing relaxation of the versioned
    dependency on openafs-client to Recommends.  (However, openafs-client
    will still have to be installed for the openafs-fileserver init
    script, which uses the bos binary, so will still be pulled in by
    dependencies.)
  * Cleanup of the openafs-client postinst script.
    - Perform all work unconditionally to handle various rare error
      recovery cases properly.
    - Only force creation of CellServDB on initial installation or if
      AFSDB/SRV records are not being used.
  * Remove openafs-fileserver postinst support for upgrades from ancient
    versions (1.4.4.dfsg1-4 and 1.4.11+dfsg-3).
  * General coding style cleanup of maintainer scripts.

openafs (1.6.2.1-2) unstable; urgency=low

  * Upload to unstable.
  * Translation updates:
    - Brazilian Portuguese, thanks Albino B Neto.  (Closes: #706627)

openafs (1.6.2.1-1) experimental; urgency=low

  * New upstream release.
    - Support for Linux 3.8.
  * Support configuring -dynroot-sparse via debconf.  The AFS_DYNROOT
    option in /etc/openafs/afs.conf.client is now tri-valued instead of a
    boolean, and the boolean values will be mapped to the corresponding
    options on upgrade.  Based on work by Jakob Haufe.  (Closes: #644564)
  * Translation updates:
    - Czech, thanks Martin Šín.  (Closes: #705013)
    - Russian, thanks Yuri Kozlov.  (Closes: #705159)
    - French, thanks Christian Perrier.  (Closes: #705296)
    - Portuguese, thanks Miguel Figueiredo.  (Closes: #705307)
    - Danish, thanks Joe Hansen.  (Closes: #705660)
    - Italian, thanks Beatrice Torracca.  (Closes: #705864)

openafs (1.6.2-1) experimental; urgency=low

  * New upstream release.
    - OPENAFS-SA-2013-001: Fix fileserver buffer overflow when parsing
      client-supplied ACL entries and protect against client parsing of
      bad ACL entries.  (CVE-2013-1794)
    - OPENAFS-SA-2013-002: Fix ptserver buffer overflow via integer
      overflow in the IdToName RPC.  (CVE-2013-1795)
    - Fix aklog warning about allow_weak_crypto.
  * Update CellServDB to the 2013-01-28 version.
  * Fix DKMS builds of the OpenAFS kernel module for amd64 kernels on the
    i386 architecture by parsing the kernel version for the architecture
    and kernel class and using that to tell the OpenAFS build system what
    sysname to use.  Patch from Thorsten Alteholz.
  * Avoid re-running setup after build when building modules from the
    openafs-modules-source package with module-assistant.  This will
    hopefully avoid an issue where, following an upgrade of
    openafs-modules-source, module-assistant cannot build new module
    packages without an intervening module-assistant clean.  Patch from
    Thorsten Alteholz.  (Closes: #660622)
  * Make another attempt at suppressing the wildcard action for building
    debian/rules to fix problems building module packages using
    make-kpkg.  Patch from Thorsten Alteholz.  (Closes: #639475)

openafs (1.6.2~pre3-1) experimental; urgency=low

  * New upstream prerelease.
    - Avoid unnecessary panic in kernel module when freeing vcaches.
    - Add additional objects to the *_pic libraries in support of the AFS
      Perl bindings.
  * Remove unnecessary change to the upstream Debian packaging files to
    support armhf.  These files aren't used during a package build, so no
    need to carry a Debian patch.

openafs (1.6.2~pre2-2) experimental; urgency=low

  * Restore include of <sys/param.h> in userspace builds of rx/rx_packet.h
    to get a definition of MIN and MAX on, at least, powerpc.  Thanks,
    Andrew Deason.

openafs (1.6.2~pre2-1) experimental; urgency=low

  * New upstream prerelease.
    - Support Linux kernels up to 3.7.  (Closes: #685973)
    - Fix fileservers to properly report >2 TiB partitions.
    - Fix stale volume info from vos examine on non-DAFS filservers.
    - Fix possible volume corruption with vos convertROtoRW.
    - Fix bosserver to preserve all command-line options over restart.
    - Fix bosserver to properly kill hung processes during shutdown.
    - Fixes for memcache, especially on Solaris.
    - Increase the size of the DNS resolver answer buffer to allow sites
      with a long response list to use SRV and AFSDB records.
    - Fix possible abuse of fs mkmount.  In previous versions, users could
      crash a client by nesting volume mounts.
    - Fix client page cache corruption on Linux.  When multiple clients
      read and write to a file, the reading client may see first couple
      bytes of a file as nulls.
    - Support newer glibc versions.
  * Build-Depend on hardening-wrapper and enable it to work around the
    current upstream munging of CFLAGS and LDFLAGS.  (Closes: #659663)
  * Fix server installation instructions in README.servers, which used the
    early demand-attach syntax before separate demand-attach binaries were
    built.  Thanks, Björn Torkelsson.  (Closes: #693311)
  * Remove the symlink from the openafs-fileserver doc directory to the
    openafs-client doc directory.  We used to install this symlink and
    share doc directories, but this stopped in 1.4.12+dfsg-1.  However,
    dpkg doesn't remove symlinks to a directory, so systems that had
    upgraded from the older package were overwriting openafs-client doc
    files with the openafs-fileserver versions.  Thanks, Andreas
    Beckmann.  (Closes: #694063)
  * Switch to xz compression for the upstream tarball, Debian tarball, and
    binary packages.
  * Remove debian/import-upstream and change README.source to document
    using git-import-orig with --upstream-vcs-tag instead.
  * Move single-debian-patch to local-options and patch-header to
    local-patch-header so that they only apply to the packages I build and
    NMUs get regular version-numbered patches.
  * Update Vcs-* URLs for the new anonscm.debian.org URL layout.
  * Update standards version to 3.9.4 (no changes required).

openafs (1.6.1-2) unstable; urgency=low

  * Translation updates:
    - Fix German translation encoding.  Thanks, Christian PERRIER.
      (Closes: #678736)
    - Italian, thanks Beatrice Torracca.  (Closes: #671640)
 -- Felix Geyer <email address hidden>   Thu, 05 Jun 2014 19:02:36 +0200