--- /dev/null
+openafs (1.8.0~pre4-1) unstable; urgency=low
+
+ - Client time management support (afsd -settime and afsd -nosettime)
+ has been removed.
+ - Linux versions prior to 2.6 are no longer supported by the client.
+
+ -- Benjamin Kaduk <kaduk@mit.edu> Tue, 13 Dec 2016 01:49:46 -0500
+
+openafs (1.5.73.3-1) experimental; urgency=low
+
+ This version of the OpenAFS client is built with experimental
+ disconnected support. This support should not change the normal
+ operation of the client unless it is used. If you wish to use it,
+ please be aware that it is an experimental feature, may not work
+ correctly, and may lose data. Disconnected mode is configured through
+ the fs discon command, which is not yet documented.
+
+ The communication protocol between afsd (in openafs-client) and the
+ OpenAFS kernel module has changed in 1.5. You must upgrade your kernel
+ module to a 1.5.x kernel module when using this or newer versions of
+ openafs-client, or OpenAFS will not start correctly.
+
+ -- Russ Allbery <rra@debian.org> Tue, 06 Apr 2010 14:51:38 -0700
+
+openafs (1.4.10+dfsg1-1) unstable; urgency=high
+
+ This release of OpenAFS contains security fixes in the kernel module.
+ Be sure to also upgrade openafs-modules-source, build a new kernel
+ module for your system following the instructions in
+ /usr/share/doc/openafs-client/README.modules.gz, and then either stop
+ and restart openafs-client or reboot the system to reload the kernel
+ module.
+
+ -- Russ Allbery <rra@debian.org> Mon, 06 Apr 2009 15:51:14 -0700
+
+openafs (1.4.2-6) unstable; urgency=medium
+
+ As of this release of the OpenAFS kernel module, all cells, including
+ the local cell, have setuid support turned off by default due to the
+ possibility of an attacker forging AFS fileserver responses to create a
+ fake setuid binary. Prior releases enabled setuid support for the local
+ cell. Those binaries will now run with normal permissions by default.
+
+ This security fix will only take effect once you've installed a kernel
+ module from openafs-modules-source 1.4.2-6 or later. Doing so is highly
+ recommended. In the meantime, you can disable setuid support by
+ running:
+
+ fs setcell -cell <localcell> -nosuid
+
+ as root (where <localcell> is your local cell, the one listed in
+ /etc/openafs/ThisCell).
+
+ If you are certain there is no security risk of an attacker forging AFS
+ fileserver responses, you can enable setuid status selectively using the
+ fs setcell command.
+
+ -- Russ Allbery <rra@debian.org> Sun, 11 Mar 2007 22:28:07 -0700
+