Release Notes 3 5 0
These are the release notes for SRB 3.5.0, released December 3, 2007.
Please note that the passphrase for this release has changed. Contact us for the new one.
MCAT Security/Performance Improvements
A major change in querying the MCAT database has been implemented. The database accesses are upgraded to use parameter-based SQLs ("bind variables") instead of SQL statements with constants. This change was done for two reasons.
- The main reason was to make sure that SQL injection type of attacks are minimized. This is particularly true for ODBC-based databases such as PostgreSQL. With the changes we have made, such an attack is negated.
- The secondary reason was to improve performance. By using parametric SQL, query planning and parsing for similar queries are reduced to a minimum. This leads to performance improvements.
Since the changes made to the SQL processing is mainly to enhance security of the MCAT database, we urge users and SRB administrators to immediately upgrade to the new version. Even though the MCAT-enabled servers are mainly affected by this version change, we recommend upgrading the other (non-MES) SRB servers also. We also encourage upgrading the clients if you want to take advantage of some of the restart functionality that have been added in this version.
As with other recent security improvements, this was done as part of a collaboration with a security team at the University of Wisconsin-Madison: James Kupsch and Barton Miller.
New bulk replication and backup capabilities
The new -b option of Sreplicate and Sbkupsrb can be used to improve the performance of replicating and backing up a large number of files.
New restart capability to bulk Sput/Sget operations
The -x option can now be used to swtich on the restart capability of the bulk Sput/Sget operations so that these long running operations can be restarted from where they left off in case of premature termination.
Other improvements and bug fixes
- Improved robustness of data transfer
Sput/Sget will now reset the connection (disconnect and then reconnect to the server) if a read/write operation to the network fails. This is only automatically done for non-bulk data transfer since it is difficult to recover from a failed bulk transfer. This is the -R (retry) option of Sput/Sget.
A bug was fixed in the routine that reads the header of file transfer packet that could result in not reading in the entire header packet. This bug can result in CLI_ERR_BROKEN_PIPE and UNIX_EINVAL: UNIX error type error messages.
Connection timeout is handled better.
- NCAR Mass Storage System driver improvements
Refinements and bug fixes were made to the driver. These were put into production when developed.
- Java Admin tool
Physical resources can now be removed from compound resources.
Default connection parameters are now read from the environment files.
A fix was made where it was not properly handling files with more than 1 copy.
A correction was made dealing with registering files with sizes larger than 2 GBytes.
- mkdir in '/'
A problem with making a collection that is directly beneath '/'. e.g. /xyz was fixed.
- OSX O_TRUNC
A difference in the definition O_TRUNC in Mac osx vs other Unix platforms was accounted for.
- HP-UX supported
Support was added to again run on HP-UX systems
Improvements were made to the installation and make scripts