From 7cdf4bf9c9133af13a7d2ef34a7ce4c7819c6920 Mon Sep 17 00:00:00 2001 From: Kory Draughn Date: Fri, 10 Apr 2026 17:32:16 -0400 Subject: [PATCH 01/12] [irods/irods 8749] Add release notes for 5.1.0 --- docs/release_notes.md | 60 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) diff --git a/docs/release_notes.md b/docs/release_notes.md index e484091..0e9e346 100644 --- a/docs/release_notes.md +++ b/docs/release_notes.md @@ -1,5 +1,65 @@ # +## 5.1.0 + +Release Date: 2026-0X-YY + +The iRODS Consortium and RENCI are pleased to announce iRODS 5.1.0. + +This release ... WORDS + +MORE WORDS ... + +The latest binary packages for Enterprise Linux 9, Enterprise Linux 10, Ubuntu 22.04, Ubuntu 24.04, Debian 12, and Debian 13 are available at . + +### Changed + +- Use `CHKSUM_LEN` instead of `NAME_LEN` for checksums (#8731). +- Remove redundant checksum verification in `bulkProcAndRegSubfile` (#8734). +- GenQuery2: Expose user type through permission-related columns (#8754). <-- CONTINUE FROM HERE + +### Removed + +- Remove undefined `getValByInx` declaration (#8707). +- Remove undefined `untarBuf` and `tarToBuf` declarations (#8708). +- Remove undefined `resolveStatForStructFileOpr` declaration (#8709). +- Remove undefined `addIntArray` declaration (#8710). +- Remove undefined `irodsCloseSock` declaration (#8713). +- Remove undefined `getParentPathlen` declaration (#8714). +- Remove undefined `svrReconnect` declaration (#8715). + +### Deprecated + +- Deprecate `isPathSymlink` function (#8711). + +### Fixed + +- Fix memory leak related to `bytesBuf_t` (irods/irods_rule_engine_plugin_policy_composition#5). +- Fix too many arguments in format string (#858). +- Fix zone reports for server-to-server connect errors (#8607). +- Make `imiscsvrinfo` report an error when connected to a server older than 4.3.4 (#8653). +- Make physical quota count the largest overrun (#8691). +- Make total quota update only apply to correct `resc_id` (#8699). +- Check return value of `base64_encode` in hashers (#8703). +- Do not ignore errors from hashers (#8703). +- Expand internal buffer used by sha512 hasher (#8703). +- Do not cross lib->server boundary unconditionally (#8740). +- Specify byte order when invoking `to_bytes` Python method for CRC64/NVME (#8763). <-- REVISIT + +### Added + +- GeneralAdmin API: Add support for removing passwords (#2899). +- Add CRC64/NVME hash strategy (#8554). +- Add resource operation for reading checksums from storage device (#8554). +- Add and use common tool to get password from stdin (#8697). +- Add python script to ease removal of user passwords (#8697). +- Add password hashing utilities for server (#8697). +- Add hashed password support (#8697). +- Add authentication session token support (#8697). +- Add new **irods** authentication scheme (#8697). + +[Full GitHub commit history](https://github.com/irods/irods/compare/5.0.2...5.1.0) + ## 5.0.2 Release Date: 2025-10-01 From a0a7c07acff61d9cbd3388f05ff24701b8d651c4 Mon Sep 17 00:00:00 2001 From: Kory Draughn Date: Sun, 19 Apr 2026 21:32:17 -0400 Subject: [PATCH 02/12] squash. first pass over irods/irods commits completed --- docs/release_notes.md | 62 +++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 60 insertions(+), 2 deletions(-) diff --git a/docs/release_notes.md b/docs/release_notes.md index 0e9e346..871a4e9 100644 --- a/docs/release_notes.md +++ b/docs/release_notes.md @@ -14,9 +14,20 @@ The latest binary packages for Enterprise Linux 9, Enterprise Linux 10, Ubuntu 2 ### Changed +- GenQuery2: Return parser error information via rError stack (#8094). +- Update help text for `irsync` (#8288). +- Skip policy layer when setting up access control for GenQuery1 (#8304). +- Update feature test macros (#8580). +- Merge iCommands source back into server repository (#8591). +- Modify calculations for physical quotas to account for coordinating resources (#8667). - Use `CHKSUM_LEN` instead of `NAME_LEN` for checksums (#8731). +- Update help text for physical quotas `iadmin` subcommands (#8618). - Remove redundant checksum verification in `bulkProcAndRegSubfile` (#8734). -- GenQuery2: Expose user type through permission-related columns (#8754). <-- CONTINUE FROM HERE +- Prevent removal of password for currently authenticated user (#8747). +- Prevent removal of password for service account rodsadmin (#8747). +- GenQuery2: Expose user type through permission-related columns (#8754). +- Use `irods::authentication::scheme_name` instead of string literals (#8834). +- Use Hasher options to control session token hashes (#8909). ### Removed @@ -30,25 +41,67 @@ The latest binary packages for Enterprise Linux 9, Enterprise Linux 10, Ubuntu 2 ### Deprecated +- Deprecate `check_sent_sid`, `sign_server_sid`, `remote_SID_key_map` (#5948). +- Deprecate `msiDataObjPut` (#8229). +- Deprecate adding custom `user_type` tokens (#8233). +- Deprecate user authentication names (#8408). +- Deprecate legacy authentication API numbers (#8424). - Deprecate `isPathSymlink` function (#8711). +- Deprecate interactive mode for `iadmin` (#8738). +- Deprecate interactive mode for `igroupadmin` (#8738). +- Deprecate token addition and removal (#8892). ### Fixed - Fix memory leak related to `bytesBuf_t` (irods/irods_rule_engine_plugin_policy_composition#5). - Fix too many arguments in format string (#858). +- Stop server from incrementing ticket `write-file` count after reaching limit (#2720). +- Return correct error code to client when ticket limit is exceeded (#2720). +- Honor logical locking in registration/unregistration APIs (#5763). +- Update modification time of replica on open with `O_TRUNC` (#7128). +- Fix `ils` page boundary bug involving linkPoint collections (#7712). +- Harden DataObjRename API's use of Logical Locking (#7935, #8888). +- Fix memory leaks in delay server (#8254, #8575). +- Check for `nullptr` in data_object_modify_info API (#8307). +- Fix potential memory leak in `resolveRodsTarget` (#8334). +- Fix potential `collHandle` memory leaks (#8334). +- Fix memory leak in `getUtil` (#8334). +- Update modification time on empty overwrite for copy operation (#8413). +- Remove `imeta ls -C` path length constraint of 256 bytes (#8519). +- Fix double-free/corruption by setting free'd pointers to `nullptr` in network plugins (#8593). - Fix zone reports for server-to-server connect errors (#8607). +- Make `RESC_NAME_KW` (`-R`) a directive for DataObjOpen API (#8627). - Make `imiscsvrinfo` report an error when connected to a server older than 4.3.4 (#8653). - Make physical quota count the largest overrun (#8691). - Make total quota update only apply to correct `resc_id` (#8699). - Check return value of `base64_encode` in hashers (#8703). - Do not ignore errors from hashers (#8703). - Expand internal buffer used by sha512 hasher (#8703). +- Replace spaces with hyphens for agent information (`ips`) (#8733). - Do not cross lib->server boundary unconditionally (#8740). -- Specify byte order when invoking `to_bytes` Python method for CRC64/NVME (#8763). <-- REVISIT +- Use `OWN` permissions instead of `data_owner_name` when calculating physical quota totals (#8750). +- Refactor physical quotas query so that quotas are properly processed (#8758). <-- CONTINUE FROM HERE +- Specify byte order when invoking `to_bytes` Python method for CRC64/NVME (#8763). <-- REVISIT +- Prevent checksum without status update in replica_close API (#8801). +- DataObjOpen: Rework update to replica access table to avoid potential uninitialized values (#8808). +- Avoid brace-initialization when constructing nlohmann JSON objects with other JSON objects (#8839). +- Do not use `memset` on RsComm (#8843). +- Fix memory leaks stemming from `clearMsParam` (#8857). +- Do not crash delay server when in-memory delay queue buffer is too small (#8859). +- Fix memory leaks in iRODS Rule Language (#8864). +- Fix stalling of delay rule processing in delay server by removing unnecessary use of pool memory resource (#8868). +- GenQuery2: Do not duplicate rows when user has access via multiple groups (#8880). +- Allow empty context strings for resources (#8900). +- Use `FETCH FIRST ROWS ONLY` instead of `LIMIT` (#8907). +- Fix group permission expansion in filesystem library (#8912). ### Added +- Add `sign_server_sid` replacement: `sign_zone_key` (#2295). +- Add configuration for zone key signing hash scheme (#2295, #3403). <-- CHANGED: WAS 3404? - GeneralAdmin API: Add support for removing passwords (#2899). +- GenQuery2: Expose new columns for querying when metadata is attached (#7889). +- Serialize `TicketAdminInput` data structure for policy enforcement (#8518). - Add CRC64/NVME hash strategy (#8554). - Add resource operation for reading checksums from storage device (#8554). - Add and use common tool to get password from stdin (#8697). @@ -57,6 +110,11 @@ The latest binary packages for Enterprise Linux 9, Enterprise Linux 10, Ubuntu 2 - Add hashed password support (#8697). - Add authentication session token support (#8697). - Add new **irods** authentication scheme (#8697). +- Add `user_password_storage_mode` grid configuration option (#8748). +- Add `R_USER_CREDENTIALS` table on database upgrade (#8769). +- Add `password_reuse_previous` grid configuration option for PAM-generated passwords (#8789). <-- REVISIT FOR CLARITY +- Add option to skip post-install PUT test during setup (#8901). +- Hasher: Add digest overload to control output string (#8909). [Full GitHub commit history](https://github.com/irods/irods/compare/5.0.2...5.1.0) From 89d36c687e79f437af4172d07b2eac9ced0b12d5 Mon Sep 17 00:00:00 2001 From: Kory Draughn Date: Sun, 19 Apr 2026 21:35:18 -0400 Subject: [PATCH 03/12] UPDATE MY CONTINUATION MARKER --- docs/release_notes.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/release_notes.md b/docs/release_notes.md index 871a4e9..761f88f 100644 --- a/docs/release_notes.md +++ b/docs/release_notes.md @@ -80,8 +80,8 @@ The latest binary packages for Enterprise Linux 9, Enterprise Linux 10, Ubuntu 2 - Replace spaces with hyphens for agent information (`ips`) (#8733). - Do not cross lib->server boundary unconditionally (#8740). - Use `OWN` permissions instead of `data_owner_name` when calculating physical quota totals (#8750). -- Refactor physical quotas query so that quotas are properly processed (#8758). <-- CONTINUE FROM HERE -- Specify byte order when invoking `to_bytes` Python method for CRC64/NVME (#8763). <-- REVISIT +- Refactor physical quotas query so that quotas are properly processed (#8758). +- Specify byte order when invoking `to_bytes` Python method for CRC64/NVME (#8763). <-- REVISIT - Prevent checksum without status update in replica_close API (#8801). - DataObjOpen: Rework update to replica access table to avoid potential uninitialized values (#8808). - Avoid brace-initialization when constructing nlohmann JSON objects with other JSON objects (#8839). @@ -98,7 +98,7 @@ The latest binary packages for Enterprise Linux 9, Enterprise Linux 10, Ubuntu 2 ### Added - Add `sign_server_sid` replacement: `sign_zone_key` (#2295). -- Add configuration for zone key signing hash scheme (#2295, #3403). <-- CHANGED: WAS 3404? +- Add configuration for zone key signing hash scheme (#2295, #3403). <-- CHANGED: WAS 3404? - GeneralAdmin API: Add support for removing passwords (#2899). - GenQuery2: Expose new columns for querying when metadata is attached (#7889). - Serialize `TicketAdminInput` data structure for policy enforcement (#8518). @@ -110,7 +110,7 @@ The latest binary packages for Enterprise Linux 9, Enterprise Linux 10, Ubuntu 2 - Add hashed password support (#8697). - Add authentication session token support (#8697). - Add new **irods** authentication scheme (#8697). -- Add `user_password_storage_mode` grid configuration option (#8748). +- Add `user_password_storage_mode` grid configuration option (#8748). <-- CONTINUE FROM HERE - Add `R_USER_CREDENTIALS` table on database upgrade (#8769). - Add `password_reuse_previous` grid configuration option for PAM-generated passwords (#8789). <-- REVISIT FOR CLARITY - Add option to skip post-install PUT test during setup (#8901). From 9baa63287e4a3900bd8997b1d032e306334de424 Mon Sep 17 00:00:00 2001 From: Kory Draughn Date: Mon, 20 Apr 2026 19:33:16 -0400 Subject: [PATCH 04/12] squash. add oracle plugin deprecation --- docs/release_notes.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/release_notes.md b/docs/release_notes.md index 761f88f..2e139c2 100644 --- a/docs/release_notes.md +++ b/docs/release_notes.md @@ -49,6 +49,7 @@ The latest binary packages for Enterprise Linux 9, Enterprise Linux 10, Ubuntu 2 - Deprecate `isPathSymlink` function (#8711). - Deprecate interactive mode for `iadmin` (#8738). - Deprecate interactive mode for `igroupadmin` (#8738). +- Deprecate Oracle database plugin (#8829). <-- CONTINUE FROM HERE - Deprecate token addition and removal (#8892). ### Fixed @@ -110,7 +111,7 @@ The latest binary packages for Enterprise Linux 9, Enterprise Linux 10, Ubuntu 2 - Add hashed password support (#8697). - Add authentication session token support (#8697). - Add new **irods** authentication scheme (#8697). -- Add `user_password_storage_mode` grid configuration option (#8748). <-- CONTINUE FROM HERE +- Add `user_password_storage_mode` grid configuration option (#8748). - Add `R_USER_CREDENTIALS` table on database upgrade (#8769). - Add `password_reuse_previous` grid configuration option for PAM-generated passwords (#8789). <-- REVISIT FOR CLARITY - Add option to skip post-install PUT test during setup (#8901). From 6d7ce600a0158f3caf9fb3842599e69dac8a35b1 Mon Sep 17 00:00:00 2001 From: Kory Draughn Date: Tue, 21 Apr 2026 15:56:17 -0400 Subject: [PATCH 05/12] squash. add univmss plugin bug fix --- docs/release_notes.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/release_notes.md b/docs/release_notes.md index 2e139c2..cd2c652 100644 --- a/docs/release_notes.md +++ b/docs/release_notes.md @@ -49,7 +49,7 @@ The latest binary packages for Enterprise Linux 9, Enterprise Linux 10, Ubuntu 2 - Deprecate `isPathSymlink` function (#8711). - Deprecate interactive mode for `iadmin` (#8738). - Deprecate interactive mode for `igroupadmin` (#8738). -- Deprecate Oracle database plugin (#8829). <-- CONTINUE FROM HERE +- Deprecate Oracle database plugin (#8829). - Deprecate token addition and removal (#8892). ### Fixed @@ -95,6 +95,7 @@ The latest binary packages for Enterprise Linux 9, Enterprise Linux 10, Ubuntu 2 - Allow empty context strings for resources (#8900). - Use `FETCH FIRST ROWS ONLY` instead of `LIMIT` (#8907). - Fix group permission expansion in filesystem library (#8912). +- Fix handling of single quotes in paths for univmss resource plugin (#8928). <-- CONTINUE FROM HERE ### Added From bc532e91eb7a568c38d3721bc5f26dc076b5945e Mon Sep 17 00:00:00 2001 From: Kory Draughn Date: Thu, 23 Apr 2026 16:37:47 -0400 Subject: [PATCH 06/12] squash. add ref for using irods auth on first-time setup --- docs/release_notes.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/release_notes.md b/docs/release_notes.md index cd2c652..f253494 100644 --- a/docs/release_notes.md +++ b/docs/release_notes.md @@ -95,7 +95,7 @@ The latest binary packages for Enterprise Linux 9, Enterprise Linux 10, Ubuntu 2 - Allow empty context strings for resources (#8900). - Use `FETCH FIRST ROWS ONLY` instead of `LIMIT` (#8907). - Fix group permission expansion in filesystem library (#8912). -- Fix handling of single quotes in paths for univmss resource plugin (#8928). <-- CONTINUE FROM HERE +- Fix handling of single quotes in paths for univmss resource plugin (#8928). ### Added @@ -111,9 +111,9 @@ The latest binary packages for Enterprise Linux 9, Enterprise Linux 10, Ubuntu 2 - Add password hashing utilities for server (#8697). - Add hashed password support (#8697). - Add authentication session token support (#8697). -- Add new **irods** authentication scheme (#8697). +- Add new **irods** authentication scheme (#8697, #8729). - Add `user_password_storage_mode` grid configuration option (#8748). -- Add `R_USER_CREDENTIALS` table on database upgrade (#8769). +- Add `R_USER_CREDENTIALS` table on database upgrade (#8729, #8769). <-- CONTINUE FROM HERE - Add `password_reuse_previous` grid configuration option for PAM-generated passwords (#8789). <-- REVISIT FOR CLARITY - Add option to skip post-install PUT test during setup (#8901). - Hasher: Add digest overload to control output string (#8909). From b0d93e391462bb1f49baa81206c1222294f2715e Mon Sep 17 00:00:00 2001 From: Kory Draughn Date: Mon, 4 May 2026 13:46:17 -0400 Subject: [PATCH 07/12] squash. new commits --- docs/release_notes.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/docs/release_notes.md b/docs/release_notes.md index f253494..ae8e7d7 100644 --- a/docs/release_notes.md +++ b/docs/release_notes.md @@ -42,6 +42,7 @@ The latest binary packages for Enterprise Linux 9, Enterprise Linux 10, Ubuntu 2 ### Deprecated - Deprecate `check_sent_sid`, `sign_server_sid`, `remote_SID_key_map` (#5948). +- Deprecate `itree -J` (#7943). - Deprecate `msiDataObjPut` (#8229). - Deprecate adding custom `user_type` tokens (#8233). - Deprecate user authentication names (#8408). @@ -51,6 +52,8 @@ The latest binary packages for Enterprise Linux 9, Enterprise Linux 10, Ubuntu 2 - Deprecate interactive mode for `igroupadmin` (#8738). - Deprecate Oracle database plugin (#8829). - Deprecate token addition and removal (#8892). +- Deprecate `PUBLIC_USER_NAME` macro (#8951). +- Deprecate `PUBLIC_USER_AUTH` macro (#8951). <-- CONTINUE FROM HERE ### Fixed @@ -69,6 +72,7 @@ The latest binary packages for Enterprise Linux 9, Enterprise Linux 10, Ubuntu 2 - Fix memory leak in `getUtil` (#8334). - Update modification time on empty overwrite for copy operation (#8413). - Remove `imeta ls -C` path length constraint of 256 bytes (#8519). +- Remove duplicate definitions from `rodsKeyWdDef.h` (#8550). - Fix double-free/corruption by setting free'd pointers to `nullptr` in network plugins (#8593). - Fix zone reports for server-to-server connect errors (#8607). - Make `RESC_NAME_KW` (`-R`) a directive for DataObjOpen API (#8627). @@ -103,6 +107,7 @@ The latest binary packages for Enterprise Linux 9, Enterprise Linux 10, Ubuntu 2 - Add configuration for zone key signing hash scheme (#2295, #3403). <-- CHANGED: WAS 3404? - GeneralAdmin API: Add support for removing passwords (#2899). - GenQuery2: Expose new columns for querying when metadata is attached (#7889). +- Add `-j` option to `itree` for showing JSON output (#7943). - Serialize `TicketAdminInput` data structure for policy enforcement (#8518). - Add CRC64/NVME hash strategy (#8554). - Add resource operation for reading checksums from storage device (#8554). @@ -113,7 +118,7 @@ The latest binary packages for Enterprise Linux 9, Enterprise Linux 10, Ubuntu 2 - Add authentication session token support (#8697). - Add new **irods** authentication scheme (#8697, #8729). - Add `user_password_storage_mode` grid configuration option (#8748). -- Add `R_USER_CREDENTIALS` table on database upgrade (#8729, #8769). <-- CONTINUE FROM HERE +- Add `R_USER_CREDENTIALS` table on database upgrade (#8729, #8769). - Add `password_reuse_previous` grid configuration option for PAM-generated passwords (#8789). <-- REVISIT FOR CLARITY - Add option to skip post-install PUT test during setup (#8901). - Hasher: Add digest overload to control output string (#8909). From 085a54a44d3c024dd63d1d4233bde9888e6eebc9 Mon Sep 17 00:00:00 2001 From: Kory Draughn Date: Tue, 5 May 2026 17:16:25 -0400 Subject: [PATCH 08/12] squash. systemd template files and irods auth bug fix --- docs/release_notes.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/release_notes.md b/docs/release_notes.md index ae8e7d7..5ab8718 100644 --- a/docs/release_notes.md +++ b/docs/release_notes.md @@ -22,6 +22,7 @@ The latest binary packages for Enterprise Linux 9, Enterprise Linux 10, Ubuntu 2 - Modify calculations for physical quotas to account for coordinating resources (#8667). - Use `CHKSUM_LEN` instead of `NAME_LEN` for checksums (#8731). - Update help text for physical quotas `iadmin` subcommands (#8618). +- Set RuntimeDirectory in systemd service file templates (#8717). - Remove redundant checksum verification in `bulkProcAndRegSubfile` (#8734). - Prevent removal of password for currently authenticated user (#8747). - Prevent removal of password for service account rodsadmin (#8747). @@ -53,7 +54,7 @@ The latest binary packages for Enterprise Linux 9, Enterprise Linux 10, Ubuntu 2 - Deprecate Oracle database plugin (#8829). - Deprecate token addition and removal (#8892). - Deprecate `PUBLIC_USER_NAME` macro (#8951). -- Deprecate `PUBLIC_USER_AUTH` macro (#8951). <-- CONTINUE FROM HERE +- Deprecate `PUBLIC_USER_AUTH` macro (#8951). ### Fixed @@ -116,7 +117,7 @@ The latest binary packages for Enterprise Linux 9, Enterprise Linux 10, Ubuntu 2 - Add password hashing utilities for server (#8697). - Add hashed password support (#8697). - Add authentication session token support (#8697). -- Add new **irods** authentication scheme (#8697, #8729). +- Add new **irods** authentication scheme (#8697, #8729, #8963). <-- CONTINUE FROM HERE - Add `user_password_storage_mode` grid configuration option (#8748). - Add `R_USER_CREDENTIALS` table on database upgrade (#8729, #8769). - Add `password_reuse_previous` grid configuration option for PAM-generated passwords (#8789). <-- REVISIT FOR CLARITY From e96a28a872698a5c419a01b744dd28487ac8f367 Mon Sep 17 00:00:00 2001 From: Kory Draughn Date: Thu, 7 May 2026 14:46:52 -0400 Subject: [PATCH 09/12] squash. more commits --- docs/release_notes.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/docs/release_notes.md b/docs/release_notes.md index 5ab8718..92b3da9 100644 --- a/docs/release_notes.md +++ b/docs/release_notes.md @@ -22,6 +22,7 @@ The latest binary packages for Enterprise Linux 9, Enterprise Linux 10, Ubuntu 2 - Modify calculations for physical quotas to account for coordinating resources (#8667). - Use `CHKSUM_LEN` instead of `NAME_LEN` for checksums (#8731). - Update help text for physical quotas `iadmin` subcommands (#8618). +- Warn users of compatibility issues between iCommands and server (#8638). - Set RuntimeDirectory in systemd service file templates (#8717). - Remove redundant checksum verification in `bulkProcAndRegSubfile` (#8734). - Prevent removal of password for currently authenticated user (#8747). @@ -29,6 +30,8 @@ The latest binary packages for Enterprise Linux 9, Enterprise Linux 10, Ubuntu 2 - GenQuery2: Expose user type through permission-related columns (#8754). - Use `irods::authentication::scheme_name` instead of string literals (#8834). - Use Hasher options to control session token hashes (#8909). +- Warn administrator when non-owner attempts to launch server (#8960). +- Disallow running server with root privileges (#8960). ### Removed @@ -101,23 +104,29 @@ The latest binary packages for Enterprise Linux 9, Enterprise Linux 10, Ubuntu 2 - Use `FETCH FIRST ROWS ONLY` instead of `LIMIT` (#8907). - Fix group permission expansion in filesystem library (#8912). - Fix handling of single quotes in paths for univmss resource plugin (#8928). +- Set server boot time for GetMiscSvrInfo API (#8943). +- `iqstat`: Check `RcComm` for `nullptr` before use (#8956). +- `itree`: Fix build error stemming from redefinition of symbol (#8958). +- Write PID file creation error messages to stderr (#8971). <-- CONTINUE FROM HERE ### Added - Add `sign_server_sid` replacement: `sign_zone_key` (#2295). - Add configuration for zone key signing hash scheme (#2295, #3403). <-- CHANGED: WAS 3404? - GeneralAdmin API: Add support for removing passwords (#2899). +- Add support for configuring TLS during setup (#7717). - GenQuery2: Expose new columns for querying when metadata is attached (#7889). - Add `-j` option to `itree` for showing JSON output (#7943). - Serialize `TicketAdminInput` data structure for policy enforcement (#8518). - Add CRC64/NVME hash strategy (#8554). - Add resource operation for reading checksums from storage device (#8554). +- Implement passive logical quotas in-server (#8632). - Add and use common tool to get password from stdin (#8697). - Add python script to ease removal of user passwords (#8697). - Add password hashing utilities for server (#8697). - Add hashed password support (#8697). - Add authentication session token support (#8697). -- Add new **irods** authentication scheme (#8697, #8729, #8963). <-- CONTINUE FROM HERE +- Add new **irods** authentication scheme (#8697, #8729, #8963). - Add `user_password_storage_mode` grid configuration option (#8748). - Add `R_USER_CREDENTIALS` table on database upgrade (#8729, #8769). - Add `password_reuse_previous` grid configuration option for PAM-generated passwords (#8789). <-- REVISIT FOR CLARITY From 06920a47677752c68861d90817d6e187777e8579 Mon Sep 17 00:00:00 2001 From: Kory Draughn Date: Thu, 14 May 2026 18:46:43 -0400 Subject: [PATCH 10/12] squash. more commits --- docs/release_notes.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/docs/release_notes.md b/docs/release_notes.md index 92b3da9..4b5ef56 100644 --- a/docs/release_notes.md +++ b/docs/release_notes.md @@ -14,6 +14,7 @@ The latest binary packages for Enterprise Linux 9, Enterprise Linux 10, Ubuntu 2 ### Changed +- Allow resource rebalance to continue on stale and missing replicas (#6111). - GenQuery2: Return parser error information via rError stack (#8094). - Update help text for `irsync` (#8288). - Skip policy layer when setting up access control for GenQuery1 (#8304). @@ -97,6 +98,7 @@ The latest binary packages for Enterprise Linux 9, Enterprise Linux 10, Ubuntu 2 - Do not use `memset` on RsComm (#8843). - Fix memory leaks stemming from `clearMsParam` (#8857). - Do not crash delay server when in-memory delay queue buffer is too small (#8859). +- Fix memory leak in Hasher (#8861). <-- CONTINUE FROM HERE - Fix memory leaks in iRODS Rule Language (#8864). - Fix stalling of delay rule processing in delay server by removing unnecessary use of pool memory resource (#8868). - GenQuery2: Do not duplicate rows when user has access via multiple groups (#8880). @@ -107,7 +109,7 @@ The latest binary packages for Enterprise Linux 9, Enterprise Linux 10, Ubuntu 2 - Set server boot time for GetMiscSvrInfo API (#8943). - `iqstat`: Check `RcComm` for `nullptr` before use (#8956). - `itree`: Fix build error stemming from redefinition of symbol (#8958). -- Write PID file creation error messages to stderr (#8971). <-- CONTINUE FROM HERE +- Write PID file creation error messages to stderr (#8971). ### Added @@ -120,7 +122,7 @@ The latest binary packages for Enterprise Linux 9, Enterprise Linux 10, Ubuntu 2 - Serialize `TicketAdminInput` data structure for policy enforcement (#8518). - Add CRC64/NVME hash strategy (#8554). - Add resource operation for reading checksums from storage device (#8554). -- Implement passive logical quotas in-server (#8632). +- Implement passive logical quotas in-server (#8632, #8970). - Add and use common tool to get password from stdin (#8697). - Add python script to ease removal of user passwords (#8697). - Add password hashing utilities for server (#8697). From 7570ec4c4fc9d86627ac564f6fe2ffdeb7d5f023 Mon Sep 17 00:00:00 2001 From: Kory Draughn Date: Fri, 15 May 2026 14:40:00 -0400 Subject: [PATCH 11/12] squash. new commits --- docs/release_notes.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/release_notes.md b/docs/release_notes.md index 4b5ef56..5ca3d1c 100644 --- a/docs/release_notes.md +++ b/docs/release_notes.md @@ -98,7 +98,7 @@ The latest binary packages for Enterprise Linux 9, Enterprise Linux 10, Ubuntu 2 - Do not use `memset` on RsComm (#8843). - Fix memory leaks stemming from `clearMsParam` (#8857). - Do not crash delay server when in-memory delay queue buffer is too small (#8859). -- Fix memory leak in Hasher (#8861). <-- CONTINUE FROM HERE +- Fix memory leak in Hasher (#8861). - Fix memory leaks in iRODS Rule Language (#8864). - Fix stalling of delay rule processing in delay server by removing unnecessary use of pool memory resource (#8868). - GenQuery2: Do not duplicate rows when user has access via multiple groups (#8880). @@ -110,6 +110,7 @@ The latest binary packages for Enterprise Linux 9, Enterprise Linux 10, Ubuntu 2 - `iqstat`: Check `RcComm` for `nullptr` before use (#8956). - `itree`: Fix build error stemming from redefinition of symbol (#8958). - Write PID file creation error messages to stderr (#8971). +- Restore printing of INFO-level log messages during initial setup (#8981). <-- CONTINUE FROM HERE ### Added From 5cfa8b773f2b2dbfc94263232f15f94f67913113 Mon Sep 17 00:00:00 2001 From: Kory Draughn Date: Thu, 21 May 2026 09:21:50 -0400 Subject: [PATCH 12/12] squash. more commits --- docs/release_notes.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/release_notes.md b/docs/release_notes.md index 5ca3d1c..d383450 100644 --- a/docs/release_notes.md +++ b/docs/release_notes.md @@ -33,6 +33,7 @@ The latest binary packages for Enterprise Linux 9, Enterprise Linux 10, Ubuntu 2 - Use Hasher options to control session token hashes (#8909). - Warn administrator when non-owner attempts to launch server (#8960). - Disallow running server with root privileges (#8960). +- Reject relative paths to PID file on server startup (#8980). ### Removed @@ -43,6 +44,8 @@ The latest binary packages for Enterprise Linux 9, Enterprise Linux 10, Ubuntu 2 - Remove undefined `irodsCloseSock` declaration (#8713). - Remove undefined `getParentPathlen` declaration (#8714). - Remove undefined `svrReconnect` declaration (#8715). +- Remove `iGet`, `iDel`, `iTicket` scripts and related files (#8976). +- Remove `rulegen` tool and related files (#8977). ### Deprecated