openafs (1.5.73.3-1) experimental; urgency=low This version of the OpenAFS client is built with experimental disconnected support. This support should not change the normal operation of the client unless it is used. If you wish to use it, please be aware that it is an experimental feature, may not work correctly, and may lose data. Disconnected mode is configured through the fs discon command, which is not yet documented. The communication protocol between afsd (in openafs-client) and the OpenAFS kernel module has changed in 1.5. You must upgrade your kernel module to a 1.5.x kernel module when using this or newer versions of openafs-client, or OpenAFS will not start correctly. -- Russ Allbery Tue, 06 Apr 2010 14:51:38 -0700 openafs (1.4.10+dfsg1-1) unstable; urgency=high This release of OpenAFS contains security fixes in the kernel module. Be sure to also upgrade openafs-modules-source, build a new kernel module for your system following the instructions in /usr/share/doc/openafs-client/README.modules.gz, and then either stop and restart openafs-client or reboot the system to reload the kernel module. -- Russ Allbery Mon, 06 Apr 2009 15:51:14 -0700 openafs (1.4.2-6) unstable; urgency=medium As of this release of the OpenAFS kernel module, all cells, including the local cell, have setuid support turned off by default due to the possibility of an attacker forging AFS fileserver responses to create a fake setuid binary. Prior releases enabled setuid support for the local cell. Those binaries will now run with normal permissions by default. This security fix will only take effect once you've installed a kernel module from openafs-modules-source 1.4.2-6 or later. Doing so is highly recommended. In the meantime, you can disable setuid support by running: fs setcell -cell -nosuid as root (where is your local cell, the one listed in /etc/openafs/ThisCell). If you are certain there is no security risk of an attacker forging AFS fileserver responses, you can enable setuid status selectively using the fs setcell command. -- Russ Allbery Sun, 11 Mar 2007 22:28:07 -0700