Log message: openafs: the build system needs to be adapted for each version of an OPSYS Mark as not for NetBSD 10+ because it hasn't been adapted yet. 

Log message: update openafs to 1.8.13: User-Visible OpenAFS Changes OpenAFS 1.8.13 All client platforms * Fix OPENAFS-SA-2024-001: theft of credentials in Unix client PAGs (CVE-2024-10394) Local users can bypass the PAG throttling mechanism in Unix clients and create a PAG using an existing id number and thereby gain access to any credentials in that PAG. * Fix OPENAFS-SA-2024-003: buffer overflows in XDR responses (CVE-2024-10397) A malicious server can return more data than the preallocated buffer holds and cause a buffer overflow, which can crash the OpenAFS cache manager and other client utilities, and possibly result in arbitrary code execution. All platforms * Fix OPENAFS-SA-2024-002: unsafe memory access in ACL processing (CVE-2024-10396) Authenticated users can provide malformed ACLs to the fileserver's StoreACL RPC, causing the fileserver to crash, possibly expose the contents of uninitialized memory, and possibly store garbage data in the audit log. Malicious servers or network MITM can provide malformed ACLs to clients, possibly causing the process to crash and possibly storing the contents of uninitialized memory in ACLs stored on the server. 

Log message: openafs: simplify MASTER_SITES 

Log message: Update openafs to 1.8.12 User-Visible OpenAFS Changes OpenAFS 1.8.12 All client platforms * Avoid panics when writing to the cache fails while creating or extending directories. (15742..15744, 15758) Linux clients * Add support for Linux 6.9 (15739) * Add support for Linux 6.8 (15679..15706, 15727) * Resolve a kernel module loading issue on the AArch64 architecture, which occurs due to an unsupported RELA relocation (15728) 

Log message: Update openafs to 1.8.11 User-Visible OpenAFS Changes OpenAFS 1.8.11 All platforms * Check Rx RPC call number in incoming packets before allocating new RPC calls to avoid re-running RPC calls when spurious packets are received (15562) * Fix memory leaks (15516 15517) * Fix build failure when building with _FORTIFY_SOURCE (15518 15519) * Fix build failures when building with the clang compiler (15540 15541 15547 15548) * Improve error detection in OpenAFS directories for both clients and servers (15544 15545 15546) * Add a Makefile target to build Red Hat RPM packages (15514) * Add support for custom version numbers in Red Hat RPM packages (15513) All server platforms * Fix File Server and Protection Server crashes due to recursive thread lock bug (15609) * Fix fileserver crashes during startup (15509 15543) * The bosserver no longer creates the client configuration directory and "ThisCell" and "CellServDB" symlinks. The \ "vos", "pts", and "bos" commands now read cell configuration from the server cell configuration directory when the client cell configuration directory is not present. This change allows server packaging to be independent of client packaging and removes the need for client configuration artifacts on hosts running server processes only (15510 15511 15512) * Print a warning in the volserver log when an older version of a volume is restored over an existing volume, unless the volume was restored with "-overwrite full" (15531) * Print a warning in the bosserver log when the bosserver was not started in restricted mode (15537) * Avoid unbounded string copies when looking up volumes by name in the vlserver (15538) * Fix off-by-one directory entry name size check in salvager (15598) All client platforms * Updated the CellServDB to the latest version from grand.central.org (15603) All UNIX/Linux client platforms * Fix PAG object memory leak which can degrade performance (15506) * Improve kernel memory reclamation after accessing a large number of files (15536) * Improve cache corruption detection and refetch cache entries when cache entry size mismatches are detected (15532 15533 15535) * Fix panic in user-space client (libuafs, Fuse client) (15539) Linux clients * Add support for Linux 6.7 (15600) * Add support for Linux 6.6 (15575 15589 15590) * Add support for Linux 6.5 (15520 15521 15522 15523 15558) * Fix BUG when directory entry names are longer than 16 characters. Affects Linux 6.5 or higher built with GCC 13 or higher (15599) * Invalidate Linux VFS dentry caches in the AFS filesystem when running "fs flush*" commands. This reduces the need to drop Linux VFS caches by writing to the "/proc/sys/vm/drop_caches" file when troubleshooting (15515) * Fix build failures (15507 15508 15596 15542 15549) macOS * Add support for MacOS 14 ("Sonoma") (15602) 

Log message: Update openafs to 1.8.10 User-Visible OpenAFS Changes OpenAFS 1.8.10 All platforms * Improved error messages and diagnostics (15302 15313) * Fixes for parallel or out of tree builds (15297..9) * Fixed "make clean" to remove several artifacts overlooked in the past (15377) * Fixed the autoconf check for ncurses to catch libs built with "--enable-reentrant" (15296) * Removed the obsolete kdump debugging tool (15315) * Avoid some more possible string buffer overflows (15240) All client platforms * Take the readonly volume offline during "vos convertROtoRW" (15233) * Updated the CellServDB to the latest version from grand.central.org (15323) All UNIX/Linux client platforms * Trim trailing slashes from paths given to "fs lsmount" and "fs flushmount" (15242) * Provide the "-literal" option for the "fs getfid" \ command, which allows querying a symlink or mount point rather than the object pointed to (15235) * Avoid some potential kernel panics (15295 15324 15331) AIX * Improved support for this platform, including releases 7.1, 7.2 and 7.3 (15309 15368..76 15378..86 15403 15422 15424..5 15441..2) macOS * Added support for Apple Silicon and macOS releases up to 13 \ ("Ventura") (15246 15250..1 15254 15258..64) * Fixes around signing and notarization of the OpenAFS packages (15255..7) * Build "afscell" on supported platforms, and only those (15247) Linux * Support building for newer distributions and compilers (15266..71 15273..5 15277) Linux clients * Support mainline kernels up to 6.4 and distribution kernels derived from those (15228 15281 15388..9 15410..11) * Fixes and enhancements around the kernel module build (15229..31 15265) * Fixed potential cache inconsistencies for symbolic link metadata (15443) 

Log message: openafs: update to 1.8.9 User-Visible OpenAFS Changes OpenAFS 1.8.9 All platforms * Support for building with more recent compilers (14970 14982..14987 14990 14991 15056 15057 15061..15064) * Build fixes and improvements around the test suite (14879 14880 14909..14911 15133) * Removed a vestigial autoconf check for GSSAPI support that could cause unnecessary configure errors (15137) * Documentation improvements (14980 15047) * Improved diagnostics and error messages. In particular, warn when server processes are started without keys and properly print the volume transaction flags in "vos status" output (14594 14968) All server platforms * Avoid several second delays in some situations when the file server is breaking callbacks on clients with alternate addresses. Avoid unnecessary several second delays in some cases during database quorum processing (14815) * Detect invalid (negative) inputs to FetchData RPCs and reject them early. The previous behavior only detected the error when actually attempting to read from storage, which resulted in the volume being taken offline since errors were assumed to originate from the underlying storage (15224) All UNIX/Linux client platforms * Do not perform DNS SRV/AFSDB record queries when running "fs getcellstatus", "fs checkservers", and "fs \ setcell". The DNS lookups incur network delays and were not needed to process these commands. (14814) * Avoid possible string buffer overflows with long cell names (15151) FreeBSD * Added support for release 12.3 and further improvements (14878 14920 14921) Linux clients * Support mainline kernels up to 6.0 (14942..14944 14989 14945 14946 15058 15065 15094 15095 15148) * Fixed a potential memory leak (15096) * Avoid a possible performance penalty during file reads when the file was opened for both reading and writing (15129) * Fixed a type cast which could make builds fail against older kernels (15134) * In Red Hat packaging, systemd will no longer load the openafs module during boot (15128) Most client platforms * Handle certain failure conditions rather than panicking the system (14927 15052) 

Log message: filesystems/openafs: fix build on Linux; switch to gmake