commit d6b622833d0a5d679a8ed3f37b7e661d51a19188
Author: Stephan Wiesand <stephan.wiesand@desy.de>
Date:   Tue Aug 4 14:13:38 2015 +0200

    Make OpenAFS 1.6.14
    
    Update version strings for release 1.6.14.
    
    Change-Id: I123d9f764a4b8496e0a85032ec8848e9a46a0428
    Reviewed-on: http://gerrit.openafs.org/11974
    Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
    Tested-by: Stephan Wiesand <stephan.wiesand@desy.de>

commit e47846dccbca3ef4118d8434786fafe7c99b5ae4
Author: Stephan Wiesand <stephan.wiesand@desy.de>
Date:   Thu Aug 13 12:44:44 2015 +0200

    Update NEWS for 1.6.14
    
    Release notes for OpenAFS 1.6.14
    
    Change-Id: I9caed2c8e8737deccbe72eae1d35e810c48a685a
    Reviewed-on: http://gerrit.openafs.org/11980
    Tested-by: BuildBot <buildbot@rampaginggeek.com>
    Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>

commit 60be338c2de58f2a33c64bdb41c006574ba7fd0e
Author: Jeffrey Altman <jaltman@your-file-system.com>
Date:   Sat Aug 1 09:32:35 2015 -0400

    vlserver: ListAttributesN2 volume name safety
    
    The vlserver ListAttributesN2 RPC permits filtering the result set
    by volume name in addition by site or volume id.
    
    Two issues identified by Andrew Deason (Sine Nomine Associates) are
    addressed by this patch.  First, the size of the volumename[] buffer
    is insufficient to store the valid input read over the network.  The
    buffer needs to be able to store VL_MAXNAMELEN characters of the volume
    name, two characters for the regular expression '^' and '$', and the
    trailing NUL.
    
    Second, sprintf() is used to write to the buffer and even with valid
    input from the caller SVL_ListAttributesN2 can overflow the buffer
    when ".backup" and ".readonly" are appended to the volume name.  If
    there is an overflow the search name is invalid and there can not be
    a valid match.
    
    This patch increases the size of volumename[] to VL_MAXNAMELEN+3.
    
    It also uses snprintf() instead of sprintf() and performs error
    checking.  The error VL_BADNAME is returned when the network input is
    invalid.
    
    Reviewed-on: http://gerrit.openafs.org/11969
    Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
    Reviewed-by: Nathaniel Filardo <nwfilardo@gmail.com>
    Reviewed-by: Daria Brashear <shadow@your-file-system.com>
    Tested-by: BuildBot <buildbot@rampaginggeek.com>
    (cherry picked from commit c9f430fd8f479bbfe28829f7032ecd325a4f833d)
    
    Change-Id: I1b48cc8ed1a52afc36465f2fbd5bfd5345e90c41
    Reviewed-on: http://gerrit.openafs.org/11976
    Tested-by: BuildBot <buildbot@rampaginggeek.com>
    Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
    Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
    Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
    Tested-by: Benjamin Kaduk <kaduk@mit.edu>
    Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>

commit 0b4cad31128623b1cf381384b8cf50336a86be9c
Author: D Brashear <shadow@your-file-system.com>
Date:   Fri Jul 18 16:00:12 2014 -0400

    vlserver: limit use of regex to admins always
    
    allow regexes only if the querying user is a superuser.
    if the superuser uses up all the resources, well, they could just do
    whatever damage directly anyway. means even in unrestricted mode
    we are not vulnerable
    
    Reviewed-on: http://gerrit.openafs.org/11968
    Reviewed-by: Daria Brashear <shadow@your-file-system.com>
    Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
    Tested-by: BuildBot <buildbot@rampaginggeek.com>
    Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
    (cherry picked from commit 049323e7e03c64f534a73ff452d218f19d5b8132)
    
    Change-Id: I1e3f11bd14b071be69eb6e00c26ea2209596c82a
    Reviewed-on: http://gerrit.openafs.org/11975
    Tested-by: BuildBot <buildbot@rampaginggeek.com>
    Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
    Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
    Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
    Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>

commit 3803e6acbe625c3b298dde7a6f9d0fd560cfe635
Author: Stephan Wiesand <stephan.wiesand@desy.de>
Date:   Tue Aug 4 16:05:06 2015 +0200

    Revert "vlserver: Disable regex volume name processing in ListAttributesN2"
    
    This reverts commit 63087b338e3d0fbbb26ee183a039052bf07aaaec.
    
    Change-Id: I4bb759893224b8c53a1deb50f34e8395ed44fb4a
    Reviewed-on: http://gerrit.openafs.org/11971
    Reviewed-by: Daria Brashear <shadow@your-file-system.com>
    Tested-by: BuildBot <buildbot@rampaginggeek.com>
    Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
    Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
