Hi Troy, All,
On Fri, 21 Dec 2007, Troy Dawson wrote:
> Send comments/issues/test reports to [log in to unmask]
The day before this announcement, OpenAFS 1.4.6. was released. It's a bug
fix only release, addressing issues present in 1.4.5 and earlier releases.
Except for one patch relevant for Solaris only, all changes address bugs
in callback handling in the fileserver. That's the issue Thomas reported,
and they deemed it serious enough to issue a security advisory
http://www.openafs.org/security/OPENAFS-SA-2007-003.txt
and push out 1.4.6. It's a DOS issue only, but crashing a fileserver
can of course cause data loss as well. In addition, some sites have
experienced fileserver crashes simply due to using certain versions of the
windows client under special circumstances.
I wonder whether we could still get 1.4.6 into 5.1? I put up
http://www-zeuthen.desy.de/~wiesand/SL5/openafs.SLx-1.4.6-58.src.rpm
which is very little different from the 1.4.5-56 build in RC1: Of the four
patches in 1.4.6 that really matter, three were already in that build.
Other than that, I just removed one or two very minor client fixes I had
in -56, making 1.4.6-58 a completely unpatched build of an OpenAFS
release.
I know this is a bit late, and I'm sorry that I couldn't come up with this
earlier. But a few sites do use our server packages (even though few are
on SL5 yet, but this should also go into 4.6 eventually).
I could briefly test 1.4.6-58 on a few clients, and a fileserver just
receiving its burn-in. No problems found.
Cheers,
Stephan
--
Stephan Wiesand
DESY - DV -
Platanenallee 6
15738 Zeuthen, Germany
|