User-Visible OpenAFS Changes OpenAFS 1.6.16 All platforms * Documentation improvements (11932 12096 12100 12112 12120) * Improved diagnostics and error messages (11586 11587) * Distribute the contributor code of conduct with the stable release (12056) All server platforms * Create PID files in the right location when bosserver is started with the "-pidfiles" argument and transarc paths are not being used (12086) * Several fixes regarding volume dump creation and restore (11433 11553 11825 11826 12082) * Avoid a reported bosserver crash, and potentially others, by replacing fixed size buffers with dynamically allocated ones in some user handling functions (11436) (RT #130719) * Obey the "-toname" parameter in "vos clone" operations (11434) * Avoid writing a loopback address into the server CellServDB - search for a non-loopback one, and fail if none is found (12083 12105) * Rebuild the vldb free list with "vldb_check -fix" (12084) * Fixed and improved the "check_sysid" utility (12090) * Fixed and improved the "prdb_check" utility (12101..04) All client platforms * Avoid a potential denial of service issue, by fixing a bug in pioctl logic that allowed a local user to overrun a kernel buffer with a single NUL byte (commit 2ef86372) (RT #132256) (CVE-2015-8312) * Refuse to change multi-homed server entries with "vos changeaddr", unless "-force" is given, to avoid corruption of those entries (12087) * Provide a new vos subcommand "remaddrs" for removing server entries, to replace the slightly confusing "vos changeaddr -remove" (12092 12094) * Make "fs flushall" actually invalidate all cached data (11894) * Prevent spurious call aborts due to erroneous idle timeouts (11594) * Provide a "--disable-gtx" configure switch to avoid building and installing libgtx and its header files as well as the depending "scout" and "afsmonitor" applications (12095) * Fixed building the gtx applications against newer ncurses (12125) * Allow pioctls to work in environments where the syscall emulation pseudo file is created in a read-only pseudo filesystem, like in containers under recent versions of docker (12124) Linux clients * In Red Hat packaging, avoid following a symbolic link when writing the client CellServDB, which could overwrite the server CellServDB, by removing an existing symlink before writing the file (12081) * In Red Hat packaging, avoid a conflict of openafs-debuginfo with krb5-debuginfo by excluding our kpasswd executable from debuginfo processing (12128) (RT #131771)