From: Stephan Wiesand <stephan.wiesand@desy.de>
Date: Mon, 14 Dec 2015 14:11:37 +0000 (+0100)
Subject: Update NEWS for 1.6.16
X-Git-Tag: upstream/1.6.17^2~17
X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=4bb4602c71ac53e5603f65e40e28bc6bcec835aa;p=packages%2Fo%2Fopenafs.git

Update NEWS for 1.6.16

Release notes for OpenAFS 1.6.16

Change-Id: I5c1676b2bad4e94039691fb17f33fb5e278fadbf
Reviewed-on: http://gerrit.openafs.org/12131
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
---

diff --git a/NEWS b/NEWS
index 509c95ce0..803afd452 100644
--- a/NEWS
+++ b/NEWS
@@ -1,10 +1,10 @@
                        User-Visible OpenAFS Changes
 
-OpenAFS 1.6.16 (in progress)
+OpenAFS 1.6.16
 
   All platforms
 
-    * Documentation improvements (11932 12096 12100)
+    * Documentation improvements (11932 12096 12100 12112 12120)
 
     * Improved diagnostics and error messages (11586 11587)
 
@@ -18,6 +18,10 @@ OpenAFS 1.6.16 (in progress)
     * Several fixes regarding volume dump creation and restore (11433 11553
       11825 11826 12082)
 
+    * Avoid a reported bosserver crash, and potentially others, by replacing
+      fixed size buffers with dynamically allocated ones in some user handling
+      functions (11436) (RT #130719)
+
     * Obey the "-toname" parameter in "vos clone" operations (11434)
 
     * Avoid writing a loopback address into the server CellServDB - search
@@ -31,6 +35,10 @@ OpenAFS 1.6.16 (in progress)
 
   All client platforms
 
+    * Avoid a potential denial of service issue, by fixing a bug in pioctl
+      logic that allowed a local user to overrun a kernel buffer with a single
+      NUL byte (commit 2ef86372) (RT #132256) (CVE-2015-8312)
+
     * Refuse to change multi-homed server entries with "vos changeaddr",
       unless "-force" is given, to avoid corruption of those entries (12087)
 
@@ -45,12 +53,22 @@ OpenAFS 1.6.16 (in progress)
       installing libgtx and its header files as well as the depending
       "scout" and "afsmonitor" applications (12095)
 
+    * Fixed building the gtx applications against newer ncurses (12125)
+
+    * Allow pioctls to work in environments where the syscall emulation
+      pseudo file is created in a read-only pseudo filesystem, like in
+      containers under recent versions of docker (12124)
+
   Linux clients
 
     * In Red Hat packaging, avoid following a symbolic link when writing
       the client CellServDB, which could overwrite the server CellServDB,
       by removing an existing symlink before writing the file (12081)
 
+    * In Red Hat packaging, avoid a conflict of openafs-debuginfo with
+      krb5-debuginfo by excluding our kpasswd executable from debuginfo
+      processing (12128) (RT #131771)
+
 OpenAFS 1.6.15 (Security Release)
 
   All client and server platforms