Welcome to the home of OpenAFS

24-October-2014 - OpenAFS 1.6.10 - Maintenance release for UNIX/Linux

OpenAFS 1.6.10 is the next in the current series of OpenAFS stable releases for UNIX/Linux systems. Significant changes on top of the security fixes in 1.6.9 include:

• The addition of volscan(8), a swiss army knife utility for gathering information about volume content efficiently on the fileserver hosting it.
• The client now reports just under 2 TiB free space in /afs. Previously, it reported 9 GiB on most platforms, which could cause problems with software checking for sufficient free space before attempting to write files larger than that.
• Client support for Linux kernels up to 3.16
• Support for FreeBSD 9.3 and 10.1
• Improved documentation, diagnostics and error messages
• Dozens of bug fixes and other improvements

Note: There is a known issue affecting Linux clients, causing spurious ENOENT errors on fakestat mounts, often showing up as getcwd() failures. This problem had been fixed in the 1.6.8 release, but seems to be back in 1.6.10 due to a change fixing another issue. Please find the details in the later comments in the bug report.

For more information:

• Read the 1.6.10 release notes
• Go to the distribution page
• Read the release announcement

12-June-2014 - OpenAFS Security Advisory 2014-002

OpenAFS fileservers version 1.6.8 for all UNIX/Linux platforms. Earlier releases are not affected. An attacker with the ability to connect to an OpenAFS fileserver can trigger the use of uninitialized memory, crashing the server. This vulnerability is being tracked as CVE-2014-4044.

• Go to the advisory

12-June-2014 - OpenAFS 1.6.9 - Security release for UNIX/Linux fileservers

OpenAFS 1.6.9 is the next in the current series of OpenAFS stable releases for UNIX/Linux systems. This release includes the fix for Security Advisory 2014-002. Sites running OpenAFS 1.6.8 fileservers should to update them to 1.6.9. Other systems can continue to use the 1.6.8 release.

For more information:

• Read the 1.6.9 release notes
• Go to the distribution page
• Read the release announcement

21-May-2014 - OpenAFS 1.6.8 - Maintenance release for UNIX/Linux

OpenAFS 1.6.8 is the next in the current series of OpenAFS stable releases for UNIX/Linux systems. Significant changes on top of the security fixes in 1.6.7 include:

• The default fileserver sync behavior changes from "delayed" to "onclose". This means that explicit syncing only happens when a volume is detached. This was the recommended option in recent stable releases, and it's believed to improve data integrity.
• When a client is shut down, it will give up its callbacks. The Windows client has been doing this since 2007. Note that older fileservers (1.3.50 to 1.4.5 and 1.5.0 to 1.5.27) had a bug in the implementation of the relevant RPC that could cause crashes or other undefined behavior when this happens.
• Improved documentation, diagnostics and error messages
• Dozens of bug fixes and other improvements

For more information:

• Read the 1.6.8 release notes
• Go to the distribution page
• Read the release announcement

13-May-2014 - OpenAFS 1.7.31 - Native File System client for Microsoft Windows

OpenAFS 1.7.31 is the next a series of OpenAFS clients for the Microsoft Windows platform that is implemented as a native file system.  Significant changes since 1.7.30:

• Fixes a variety of rare errors that can lead to data corruption.
  • one specific to synchronous file writes on Server 2012 R2.
• File copies from readonly volumes could fail with a Media Protected error due to failure of the afs redirector to permit setting file position on a readonly file handle.
• Prevent applications from unintentionally clearing the Reparse Point or Directory attribute when setting other attributes on files and directories.
• If a file has the DOS readonly attribute set, deny all writes, truncations, and overwrites in the redirector and not the afsd_service. Waiting for the afsd_service to see the store operation is too late. The Windows cache manager has already accepted the data.
• Fix a potential BSOD when afs redirector trace is enabled.
• Improved support for applications that set the Last Modified Timestamp to -1 to indicate that the timestamp should not be modified.

All users of previous 1.7 releases should upgrade.

The 1.7 series is for Microsoft Windows only.

• Read the release announcement
• Go to the Microsoft Windows page
• Go to the distribution page

9-April-2014 - OpenAFS Security Advisory 2014-001

OpenAFS servers versions 1.4.8 through 1.6.6 for all platforms. (The first prerelease of 1.6.8, 1.6.8pre1 is also affected. The final release of 1.6.8 will not be affected.) An attacker with the ability to connect to an OpenAFS fileserver can trigger a buffer overflow, crashing the server. This vulnerability is being tracked as CVE-2014-0159.

• Go to the advisory

9-April-2014 - OpenAFS 1.6.7 - Security release for UNIX/Linux servers

OpenAFS 1.6.7 is the next in the current series of OpenAFS stable releases for UNIX/Linux systems. This includes the fix for Security Advisory 2014-001

For more information:

• Read the 1.6.7 release notes
• Go to the distribution page
• Read the release announcement

24-January-2014 - OpenAFS 1.6.6 - Maintenance release for UNIX/Linux

OpenAFS 1.6.6 is the next in the current series of OpenAFS stable releases for UNIX/Linux systems. Significant changes on top of the fixes in 1.6.5.1 and 1.6.5.2 include:

• Improved documentation, diagnostics and error messages
• Support for the latest Linux kernels
• New command to flush all data from the client cache, which was previously available on Windows only
• New switch for the cache manager to limit UDP fragmentation
• Dozens of bug fixes and other improvements

For more information:

• Read the 1.6.6 release notes
• Go to the distribution page
• Read the release announcement

24-July-2013 - SECURITY RELEASES - OpenAFS 1.4.15, 1.6.5 and 1.7.26 available

With the release of OpenAFS security advisories 2013-003 and 2013-004, we have released OpenAFS 1.6 and 1.7 versions with code to address the issues disclosed. Additionally, 1.4.15 has been released to address advisory 2013-003, but not 2013-004. 1.4.15 is expected to be the final release in the 1.4 series.

We recommend all sites update their servers immediately, following the documentation about how to install the new binaries and rekey your servers.

For more information:

• Go to the 1.7.26 distribution page for Windows
• Go to the 1.6.5 distribution page for non-Windows systems
• Go to the 1.4.15 distribution page for systems running older OpenAFS
• Go to the release announcements
• Go to the security advisories

4-Mar-2013 - OpenAFS Security Advisory 2013-001

OpenAFS servers versions before 1.6.2 for all platforms.   An attacker with the ability to manipulate AFS directory ACLs may crash the fileserver hosting that volume. In addition, once a corrupt ACL is placed on a fileserver, its existence may crash client utilities manipulating ACLs on that server. This vulnerability is being tracked as CVE-2013-1794.

• Go to the advisory

4-Mar-2013 - OpenAFS Security Advisory 2013-002

OpenAFS servers versions before 1.6.2 for all platforms.   An attacker who can send an IdToName RPC can crash a ptserver. This vulnerability is being tracked as CVE-2013-1795.

• Go to the advisory

25-Apr-2012 - 2012 European AFS and Kerberos Conference & Call for Papers

Announcing the 2012 European AFS and Kerberos Conference taking place at the University of Edinburgh School of Informatics from Tuesday 16th to Thursday 18th October 2012.Full details are available at: http://openafs2012.inf.ed.ac.uk/

The call for abstracts is open and so please feel free to submit your presentation proposals. As always the conference will examine the development outlook for AFS and Kerberos implementations, it will highlight current projects and will offer space to proposals and new ideas. Also, sites will be able to present their AFS and Kerberos activities in site reports. Please submit proposals by email to openafs-conf@inf.ed.ac.uk.

27-Jul-2011 - OpenAFS Newsletter

The latest issue of the monthly OpenAFS newsletter is available at http://www.openafs.org/newsletter/newsletter-2011-07-volume003-issue07.html.

18-Jul-2011 - OpenAFS 1.4.14.1 available

OpenAFS 1.4.14.1 is a patch release for 1.4.14, containing only updates for 1.4.14 on Linux and Solaris. No changes are included for other platforms.

• Read the 1.4.14.1 release notes
• Go to the release page
• Go to the release announcement

14-Jul-2011 - OpenAFS available for MacOS 10.7 (Lion)

Concurrent with the expected release of MacOS Lion, an initial version of OpenAFS is now available. More details are available on the MacOS page.

23-Feb-2011 - CVE-2011-0431 corrections

OpenAFS 1.4.14 NOT vulnerable    CVE-2011-0431, while correctly describing 1.4.14 as containing the fix for this issue, describes in its summary the release as broken. It is not. We recommend sites upgrade to 1.4.14; However, the impact of the issue is limited to a denial of service attack by a user with the ability to affect a lock of AFS though the client on a host.

23-Feb-2011 - OpenAFS Security Advisory 2011-001

OpenAFS servers versions 1.2.8 - 1.4.12.1, 1.5.0-1.5.74 for all platforms.   An attacker with control of a client, or the ability to forge RX packets, can crash a server of affected hosts. This vulnerability is being tracked as CVE-2011-0430. Currently the advisory erroneously states 1.4.14 is vulnerable.

• Go to the advisory

24-Oct-2009 - Microsoft Windows 7 and Server 2008 R2 now supported

The OpenAFS Elders are pleased to announce that with the release of OpenAFS for Windows version 1.5.66 that Microsoft Windows 7 becomes an officially supported platform. All versions of Windows 7 including "Home Basic", "Home Premium", "Business", and "Ultimate" are supported on both X86 and X86_64 CPU architectures.  Users that are upgrading to Windows 7 from Vista must reinstall OpenAFS after the upgrade.

28-Aug-2009 - MacOS 10.6 Snow Leopard support announced

Concurrent with the release of MacOS 10.6, OpenAFS has released OpenAFS 1.5.62 with 32 and 64 bit kernel and userspace support for Snow Leopard. Additionally, a backport of the necessary support is available and is being distributed with OpenAFS 1.4.11 effective immediately.

• Go to the support announcement

28-Aug-2009 - Data Loss in Pre-1.5.62 OpenAFS for Windows Releases

Releases of OpenAFS for Windows prior 1.5.62 may fail to store data to file servers. There are two issues that are addressed in the 1.5.62 release.

1. Failure to Store Portions of Unaligned Writes
2. Failure to Store Data to File Servers Lacking Large File Support

• Read the announcement

9-Jul-2009 - OpenAFS Changes Source Code Version Control System to Git

After more than eighteen months of attempts to migrate source code management away from cvs OpenAFS has finally converted to Git. This change will not have any visible impact on end users. For developers there are major changes in the tools required to work with the OpenAFS source repository and the workflow used to submit contributions to OpenAFS. Along with the conversion to Git, OpenAFS is now using the Gerrit source code review application which makes it significantly easier for developers to review and comment on each other's contributions.

• Go to the announcement

6-Apr-2009 - OpenAFS Security Advisory 2009-002

OpenAFS clients versions 1.0-1.4.8, 1.5.0-1.5.58 for all Linux 2.4-2.6 platforms.   An attacker with control of a fileserver, or the ability to forge RX packets, can crash the cache manager, and hence the kernel, of affected Linux AFS clients. This vulnerability is being tracked as CVE-2009-1250.

• Go to the advisory

6-Apr-2009 - OpenAFS Security Advisory 2009-001

OpenAFS clients versions 1.0-1.4.8, 1.5.0-1.5.58 for all Unix platforms except MacOS 10.4, 10.5.   An attacker with control of a fileserver, or the ability to forge RX packets, can crash the cache manager, and hence the kernel, of any Unix AFS client. It may be possible for an attacker to cause the kernel to execute arbitrary code. This vulnerability is being tracked as CVE-2009-1251.

• Go to the advisory

18-Mar-2009 - OpenAFS Accepted into Google Summer of Code(TM) 2009

Following last year's successful participation in GSoC 2008, OpenAFS has been accepted for a second straight year. Students and OpenAFS experts are encouraged to participate. Student proposals are due April 3. Students and mentors interested in participating in an OpenAFS project should read the OpenAFS Summer of Code page.

17-Mar-2008 - OpenAFS participating in Google Summer of Code

Once again, Google will be doing their Summer of Code. For the first year, OpenAFS will be participating as a mentoring organization. Students interested are encouraged to discuss potential projects on the openafs development list. We have a list of suggested projects online, but we would be happy to discuss any relevant project with you.

20-Dec-2007 - OpenAFS Security Advisory 2007-003

OpenAFS fileserver versions 1.3.50 - 1.4.5, 1.5.0 - 1.5.27.   Fileservers of affected versions can be crashed by a client-triggered race condition. Fixes are available in 1.4.6 and 1.5.28.

• Go to the advisory

OpenAFS Elders Newsletter for November online

The OpenAFS Elders newsletter for November is available now.

OpenAFS Elders Newsletter for August online

The OpenAFS Elders newsletter for August is available now.

19-Apr-2007 - OpenAFS Security Advisory 2007-002

OpenAFS for Windows clients versions 1.3.64 - 1.3.99, 1.4.0 - 1.4.4, 1.5.0 - 1.5.18.   When MIT Kerberos for Windows (any version) is installed a user with the ability to alter the contents of the Kerberos v5 configuration profile can prevent Microsoft Windows from successfully booting.  This issue has been corrected in OpenAFS 1.5.19.

• Go to the advisory

20-Mar-2007 - OpenAFS Security Advisory 2007-001

Unix clients in OpenAFS versions before 1.5.17 and 1.4.4 allow a potential privilege escalation via setuid functionality which can be enabled by the client administration but is enabled by default for the client's local cell. To avoid this issue, 1.5.17 and 1.4.4 have been issued with setuid disabled by default in all cases.

• Go to the advisory

28-Dec-2006 - OpenAFS Elders announce "No More DES" roadmap

AFSv3 was designed and implemented during the late 80s and early 90s when the state of the art in distributed computer authentication and data confidentiality was to use Kerberos 4 and the United States' Data Encryption Standard (DES). Over the last two years the U.S. National Institutes of Standards and Technology (NIST) has withdrawn the DES standard and MIT has announced the end of life of Kerberos 4. In response, the OpenAFS Elders have approved a roadmap to transition from DES to stronger ciphers which includes the deprecation of the OpenAFS kaserver.

• Go to the announcement

6-Dec-2006 - pam-afs-session 1.0 released

pam-afs-session is a PAM module intended for use with a Kerberos v5 PAM module to obtain an AFS PAG and AFS tokens on login. It puts every new session in a PAG regardless of whether it was authenticated with Kerberos and runs a configurable external program to obtain tokens. It supports using Heimdal's libkafs for the AFS interface and falls back to an internal Linux-only implementation if libkafs isn't available.

• Go to the announcement

1-Dec-2006 - Announcing OpenAFS "Works with Windows Vista"

The OpenAFS Elders are pleased to announce that with the release of OpenAFS for Windows version 1.5.12 that Microsoft Windows Vista becomes an officially supported platform. All versions of Vista including "Home Basic", "Home Premium", "Business", and "Ultimate" are supported on both X86 and X86_64 CPU architectures.

• Go to the announcement

31-May-2006 - OpenAFS council of elders meeting minutes from 30 May

The minutes of the most recent OpenAFS Council of Elders meeting are online now.

• Minutes of the 30 May 2006 elders meeting

[Frames]   [No Frames]

---

<webmaster@openafs.org>