(Illustration by Gaich Muramatsu)
Coda-6.0.15 is available for download. There are also new versions of linux-coda, lwp, rpc2 and rvm. linux-coda 6.4 lwp 2.2 rpc2 2.0 rvm 1.12 Sources, Fedora Core 2 rpms and Debian packages can be found at ftp.coda.cs.cmu.edu:/pub/coda/ linux-coda, lwp and rvm only contain build fixes for recent Linux kernels and the new gcc-4.1 compiler in Fedora Core 5. The most notable change is RPC2-2.0, this release introduces strong (AES-based) encryption for client-server connections. However, to ease migration, the new library still supports the existing binary API so you can install the new version of librpc2 everywhere without being forced to upgrade to Coda-6.0.15. Also it is compatible with clients or servers that are still running older RPC2 versions. So you can safely install RPC2-2.0 on server without having to worry about losing connectivity with older clients. If a client and server are both running RPC2-2.0, they will always negotiate a secure connection. This is mostly unnoticable, the way you can tell is by typing a wrong password in clog, it will time out with RPC2_NOBINDING instead of immediately returning RPC2_NOTAUTHENTICATED. Of course the backward compatibility does introduce the possibility for someone in the middle to force the connection to non-AES encrypted, so if you don't care about compatibility, you can set the RPC2SEC_ONLY environment variable before starting venus or any other RPC2 using applications which will prevent the application from setting up any non-encrypted connections. Coda-6.0.15 itself is mostly backported server-side fixes. The main reason there is a Coda-6.0.15 release simultaneously with this new RPC2 library is that I've used the new rpc2/secure encryption code to improve the security of the Coda token. Because the format of the Coda token has changed you have to upgrade all Coda servers to 6.0.15. Older server will reject the new token, so users will not be able to authenticate to your realm when you have a mix of older and newer servers. The new Coda token has the same size as the old tokens, so it is not necessary to upgrade old clients at the same time. Jan Changes: rpc2-2.0 rpc2 doesn't build on netbsd/sparc64 2.0ish (Greg Troxel) Attempt to fix conflicts with the official Debian package. Added strong pseudo random number generator. Various encryption/authentication modes. AES-CBC - encryption AES-XCBC-MAC-96 - authentication AES-CCM - combined encryption/authentication Allow user to set minimum key length with RPC2_KEYSIZE envvar. Log auditable security events to syslog. Added RPC2SEC_ONLY envvar to disable backward compatibility. Multicast related code removal. When displaying addrinfo, use ip-address when the hostname is long. Use a real password-based key derivation function FC5 build fixes coda-6.0.14 Make sure we pass valid 'owner' to resolution log entries. Weakly equal VVs should not trigger a R/U file conflict. Fix large file trickle reintegration. Interpret setmode argument in the fix file as an octal value Use unsigned int for partition blocks free/available counts. Use unsigned long for partition used/free block counts. FC5 compilation fixes that were sent to the bug tracker. Allow updates even when the rwcdb is opened read-only. Fix rwcdb_read on in-memory records. Look for libX11 in /usr/lib as well as /usr/X11R6/lib. Remove mmap code in rwcdb. Fix kerberos checks in configure. (Maurice van der Pot) Agressively disconnect clients when tokens expire. Close pipe to the parent when we crash during startup. (avoids getting the init scripts stuck during boot). Kick the FSO daemon whenever we hit yellow or red zones. (avoids unnecessary stalls waiting for cache space). Set root directory mode-bits on a new volume to 0755. Implemented a new Coda token format. Fix pathnames for binaries called by venus-setup. FC5 compile fixes Add a pretty ugly, but seemingly working make dist target linux-coda-6.4 Fix kernel oops with 2.6.15 Dentry struct layout changed (2.6.16-rc1). Inode semaphores replaced by mutexes (2.6.16-rc1) lwp-2.2 Avoid stack overflow in the tdb test program on sparc64. Removed cross-compilation spec files FC5 build fixes rvm-1.12 Removed cross-compilation spec files FC5 build fixesReceived on 2006-05-30 16:46:17