The OpenAFS Gatekeepers announce the availability of OpenAFS version
1.4.4.  Source files and available binaries can be accessed via the web at:

       http://www.openafs.org/dl/openafs/1.4.4/

or via AFS at:

/afs/grand.central.org/software/openafs/1.4.4/
\\afs\grand.central.org\software\openafs\1.4.4\

This is the current recommended release for all Unix platforms; For Windows, we 
recommend use of the current 1.5 series release for best performance.

                   OpenAFS Release Notes - Version 1.4.4
      _________________________________________________________________
All Unix systems: Major security bugfix. Minor bugfixes.
Windows: Minor bugfixes.
      _________________________________________________________________

* Security bugfix:

- SetUID is no longer honored for the local cell by default. The
   "fs setcellstatus" command must be issued for any cell the system
   administrator wishes to allow setuid files in.

>From 1.4.3:

* Bugfixes:

Windows:
- Return the correct error code when attempting to remove a
   directory that still contains entries.

- Allow renames on inexact case match to allow offline folders to work
   correctly.

- VICECONNBAD and VICETOKENDEAD force the use of a new rx connection.

- Fix afslogon.dll to not publish environment variables into
   the subprocesses started from winlogon.exe

- Fix afslogon.dll to initialize and uninitialize winsock so
   that Kerberos 4 send_to_kdc() can succeed

- When opening a directory, CIFS read privilege requires PRSFS_LOOKUP
   not PRSFS_READ.

All unix systems:

- Make new connection forcing apply even when there is only one interface,
   so we can recover servers marked down due to our address changing.

- Fix Universal AFS Error mapping when the local OS does not define some
   errors.

- Avoid byte range locking for java when it means to ask for a whole file
   lock but uses a -1 length.

- Avoid overwriting random memory if the system has too many addresses at
   cache manager start time.

- Allow foreign vlservers to properly time out before first use.

- Attempt to clean up from dead tokens without discarding valid ones.

- Reinit resolver library on afsdb failure.

Linux:

- Allow PAG to be stored as a single "large" group instead of 2 16 bit groups.

- Fix use of tasklist lock based on availability of lock.

- Avoid leaking cred references in the kernel during failed lookups.

- Further fixes to syscall table probing.

- Updates for kernel header changes.

- Use the AFS vfs magic number.

- Fix keyring based PAGs to persist across a change.

- Avoid leaking locks when closing Firefox.

- Fix lock pid tracking to allow better cleanup and avoid bogus assert.

- Remove deadlock-prone cred pool implementation entirely.

MacOS:

- Fake more free disk for apps which do not actually check.

Solaris:

- Updates to use only public kernel interfaces.

All systems:

- Make rxdebug be less aggressive when retransmitting.

- Allow unix domain socket for fileserver-volserver communication.

- Fix server fake address support when NetRestrict is being used.

- Fix crash when 3.4 jumbograms are part of an Rx connection.

- Fix crashes in pts chown and pts rename.

- Make asetkey buildable with Heimdal.

- Avoid potential orphaned files during vos restore.

- Improve ubik debug logging.

- Add vldb repair tool.

- Avoid potential bosserver process list corruption.

- Revert to previous fileserver startup attachment order.

Binary releases are available for AIX 5.1, 5.2 and 5.3; Irix 6.5; Solaris 7, 8, 
9 and 10 on Sparc and 10 on Intel; RedHat Enterprise Linux 3 and 4 on 
Intel and AMD64; Fedora Core 3, 4, 5 and 6 on Intel and 5 and 6 on 
AMD64; MacOS 10.4 Universal; HP-UX11i on PA-RISC; and Windows 
2000, XP and 2003 on Intel, while source is available in gzipped, bzipped, and 
uncompressed tar files.

Bug reports should be filed to openafs-bugs@openafs.org.

Thanks are due as usual to our dedicated team of binary builders without whom 
the broad range of released binaries would not be possible.

Derrick J Brashear
for the OpenAFS gatekeepers