Merge branch '1.6-security' into HEAD

Conflicts:
	NEWS
	configure-libafs.ac
	configure.ac
	src/config/NTMakefile.amd64_w2k
	src/config/NTMakefile.i386_nt40
	src/config/NTMakefile.i386_w2k

Change-Id: If4cf26d5559229a35b2754957f856350a8100ffb

diff --cc NEWS
index a327e0430d31b0709751450eae85e129e7a56d75,0b82a08e53375b04535a2d40fb1f5ac298bc4d88..ce4417f2243de3d5e21fc8813bd22d522e759a37
--- 1/NEWS
--- 2/NEWS
+++ b/NEWS
@@@ -1,57 -1,12 +1,63 @@@
                         User-Visible OpenAFS Changes
  
- OpenAFS 1.6.7 (reserved for a security only release)
 +OpenAFS 1.6.8 (in progress)
 +
 +  All Platforms
 +
 +    * Documentation improvements (10751 10875 10931 10897 10883 10954 10955)
 +
 +    * Improved diagnostics and error messages (10756 10814 10949)
 +
 +    * Fixed a bug in RX that could make errors during packet reception go
 +      unnoticed. (10733)
 +
 +    * Fixed a bug that made "vos size -dump" display the wrong size for
 +      large volumes. (10933)  (RT #131819)
 +
 +  All server platforms
 +
 +    * Change the default fileserver sync behavior from "delayed" to "onclose".
 +      This means that explicit syncing only happens when a volume is detached.
 +      (10809)
 +
 +    * Added the -offline-timeout and -offline-shutdown-timeout options to the
 +      fileserver, to implement interrupting clients accessing volumes we are
 +      trying to take offline. (6266 10799)
 +
 +  All client platforms
 +
 +    * When a client is shut down, it will give up its callbacks. The Windows
 +      client has been doing this since 2007. Note that older fileservers
 +      (1.3.50 to 1.4.5 and 1.5.0 to 1.5.27) had a bug in the implementation of
 +      the relevant RPC that could cause crashes or other undefined behavior
 +      when this happens. (6272 8840 10855)
 +
 +    * Restored the pre-1.6 behavior of "vos e" being an alias for "vos examine".
 +      (10886)
 +
 +    * Avoid flooding logs with warnings about byte-range locks, by throttling
 +      them per file. Also, make the messages more useful by including the
 +      FID. (10836..10839)
 +
 +    * Avoid a possible panic during shutdown while tracing. (10932)
 +
 +  Linux Clients
 +
 +    * Fixed a bug that could cause the "getcwd: cannot access parent
 +      directories" problem (10804 10984)
 +
 +    * Avoid a delay when accessing uncached data in AFS in a confined
 +      context under SELinux. (10598)
 +
 +    * Red Hat packaging improvements (10600 10767 10807)
 +
+ OpenAFS 1.6.7
+ 
+   All server platforms
+ 
+     * Fix for OPENAFS-SA-2014-001
+ 
+     * Fix for a potential DOS attack against RX servers
  
  OpenAFS 1.6.6
  

diff --cc src/viced/afsfileprocs.c
index fd40171b569bbe4092046c16cd664689d5fb9c3b,465d6f1e38fcb9d21a5e90662a98ca1bfe3bf4fe..126203cf91d0c8ebf4ca6b6cb602302a187c890c
--- 1/src/viced/afsfileprocs.c
--- 2/src/viced/afsfileprocs.c
+++ b/src/viced/afsfileprocs.c
@@@ -5953,9 -5889,14 +5953,14 @@@ SRXAFS_GetStatistics64(struct rx_call *
      FT_GetTimeOfDay(&opStartTime, 0);
  #endif /* FS_STATS_DETAILED */
  
 -    if ((code = CallPreamble(acall, NOTACTIVECALL, &tcon, &thost)))
 +    if ((code = CallPreamble(acall, NOTACTIVECALL, NULL, &tcon, &thost)))
        goto Bad_GetStatistics64;
  
+     if (statsVersion != STATS64_VERSION) {
+       code = EINVAL;
+       goto Bad_GetStatistics64;
+     }
+ 
      ViceLog(1, ("SAFS_GetStatistics64 Received\n"));
      Statistics->ViceStatistics64_val =
        malloc(statsVersion*sizeof(afs_int64));