Commit | Line | Data |
---|---|---|
b7cfede0 BK |
1 | openafs (1.8.0~pre4-1) unstable; urgency=low |
2 | ||
3 | - Client time management support (afsd -settime and afsd -nosettime) | |
4 | has been removed. | |
5 | - Linux versions prior to 2.6 are no longer supported by the client. | |
6 | ||
7 | -- Benjamin Kaduk <kaduk@mit.edu> Tue, 13 Dec 2016 01:49:46 -0500 | |
8 | ||
9 | openafs (1.5.73.3-1) experimental; urgency=low | |
10 | ||
11 | This version of the OpenAFS client is built with experimental | |
12 | disconnected support. This support should not change the normal | |
13 | operation of the client unless it is used. If you wish to use it, | |
14 | please be aware that it is an experimental feature, may not work | |
15 | correctly, and may lose data. Disconnected mode is configured through | |
16 | the fs discon command, which is not yet documented. | |
17 | ||
18 | The communication protocol between afsd (in openafs-client) and the | |
19 | OpenAFS kernel module has changed in 1.5. You must upgrade your kernel | |
20 | module to a 1.5.x kernel module when using this or newer versions of | |
21 | openafs-client, or OpenAFS will not start correctly. | |
22 | ||
23 | -- Russ Allbery <rra@debian.org> Tue, 06 Apr 2010 14:51:38 -0700 | |
24 | ||
25 | openafs (1.4.10+dfsg1-1) unstable; urgency=high | |
26 | ||
27 | This release of OpenAFS contains security fixes in the kernel module. | |
28 | Be sure to also upgrade openafs-modules-source, build a new kernel | |
29 | module for your system following the instructions in | |
30 | /usr/share/doc/openafs-client/README.modules.gz, and then either stop | |
31 | and restart openafs-client or reboot the system to reload the kernel | |
32 | module. | |
33 | ||
34 | -- Russ Allbery <rra@debian.org> Mon, 06 Apr 2009 15:51:14 -0700 | |
35 | ||
36 | openafs (1.4.2-6) unstable; urgency=medium | |
37 | ||
38 | As of this release of the OpenAFS kernel module, all cells, including | |
39 | the local cell, have setuid support turned off by default due to the | |
40 | possibility of an attacker forging AFS fileserver responses to create a | |
41 | fake setuid binary. Prior releases enabled setuid support for the local | |
42 | cell. Those binaries will now run with normal permissions by default. | |
43 | ||
44 | This security fix will only take effect once you've installed a kernel | |
45 | module from openafs-modules-source 1.4.2-6 or later. Doing so is highly | |
46 | recommended. In the meantime, you can disable setuid support by | |
47 | running: | |
48 | ||
49 | fs setcell -cell <localcell> -nosuid | |
50 | ||
51 | as root (where <localcell> is your local cell, the one listed in | |
52 | /etc/openafs/ThisCell). | |
53 | ||
54 | If you are certain there is no security risk of an attacker forging AFS | |
55 | fileserver responses, you can enable setuid status selectively using the | |
56 | fs setcell command. | |
57 | ||
58 | -- Russ Allbery <rra@debian.org> Sun, 11 Mar 2007 22:28:07 -0700 | |
59 |