[Samba] ANNOUNCE: cifs-utils release 5.6 is ready for download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Time for another cifs-utils release! Nothing terribly earth shattering here. Some distros (like Fedora) are moving krb5 credcaches out of /tmp by default. Users of these distros will definitely want to upgrade. Highlights: * Fixes for mounting with '/' in usernames with sec=krb5 * Support for DIR: type krb5 ccaches * support for nofail option in mount.cifs webpage:https://wiki.samba.org/index.php/LinuxCIFS_utils tarball:ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/ git:git://git.samba.org/cifs-utils.git gitweb: http://git.samba.org/?p=cifs-utils.git;a=summary Detailed list of changes since 5.6: commit 692842e34c1f2fcc84b6b64136f5e28dd7062f46 Author: Jeff Layton jlay...@samba.org Date: Tue Aug 7 11:06:41 2012 -0400 autoconf: set version to 5.6.1 for interim builds Signed-off-by: Jeff Layton jlay...@samba.org commit 569cfcb3a467dfdf967a36ed6f7896559edab2ba Author: Jeff Layton jlay...@samba.org Date: Tue Aug 7 11:11:26 2012 -0400 mount.cifs: deprecate the DOMAIN/username%password username syntax mount.cifs has in the past allowed users to specify a username using the above syntax, which would populate the domain and password fields with the different pieces. Unfortunately, there are cases where it is legit to have a '/' in a username. krb5 SPNs generally contain a '/' and we have no clear way to distinguish between the two. I don't see any real value in keeping that syntax allowed. It's no easier than specifying pass= and domain= on the command line. Ditto for credential files. Begin the transition away from that syntax by adding a warning message that support for it will be removed in 5.9. Signed-off-by: Jeff Layton jlay...@samba.org commit 3a965467611637ca05bcd55460ff69fec6ad8be7 Author: Jeff Layton jlay...@samba.org Date: Tue Aug 7 11:52:15 2012 -0400 mount.cifs: handle username= differently depending on sec= option This patch is intended as a temporary workaround for krb5 users that need to specify usernames with '/' in them. I intend to remove this hack from mount.cifs once the legacy username handling code is removed. The idea here is to save off the raw username string while we're parsing options. If the mount options specify sec=krb5 or sec=krb5i then we'll not do the legacy username parsing and will instead just pass in the username string as-is. Obviously, this is a nasty hack and we don't really want to carry this in perpetuity, so this can go away once the legacy username parsing has gone away. Signed-off-by: Jeff Layton jlay...@samba.org commit 377898e63a8689b0e8c5c656ce9cfa98223cf74b Author: Jeff Layton jlay...@samba.org Date: Tue Aug 21 15:18:54 2012 -0400 cifs-utils: fix up references to getcifsacl and setcifsacl files When I moved the manpages for this to section 1, I missed some references to them. Also, get rid of the unneeded clean-local-aclprogs makefile target. Signed-off-by: Jeff Layton jlay...@samba.org commit d006986221b7f1aad50e894851dc573650b7611c Author: Nalin Dahyabhai na...@redhat.com Date: Thu Aug 23 11:14:45 2012 -0400 cifs.upcall: also consider DIR:-type ccaches If we encounter a subdirectory while scanning a directory for a user's ccache, check if it's a DIR ccache. Otherwise, continue as before, checking if it's a FILE ccache if it looks like a regular file. commit ca0894e40480a9115c6bad670149b075646ead2c Author: Nalin Dahyabhai na...@redhat.com Date: Thu Aug 23 11:14:56 2012 -0400 cifs.upcall: scan /run/user/${UID} for ccaches, too When scanning for credential caches, check the user's directory under /run/user first, then fall back to /tmp as we have previously. Because we now call find_krb5_cc() twice (once for each directory), we move its state to be outside of the function. We also add a substitution mechanism to make the process of resolving the location of the user's home directory before searching it a bit more explicable. commit 72bce53289d939c3539b7d3cb957b748a4b1d2ec Author: Jeff Layton jlay...@samba.org Date: Thu Aug 23 07:46:40 2012 -0400 cifs.upcall: use strncmp in scandir filter function We want to require that the filename begins with the correct string, not just that it contains it somewhere. Signed-off-by: Jeff Layton jlay...@samba.org commit a0bf123541ec6fd53948f41f17c9dba5d6a43648 Author: Jeff Layton jlay...@samba.org Date: Thu Aug 23 10:18:02 2012 -0400 mount.cifs: silence compiler warnings about ignoring return code In this case we explicitly don't care what these functions return, so declare a couple of unused variables to catch the results. Signed-off-by: Jeff Layton jlay...@samba.org commit 82f93c44343f281ce61f547ff8f9e5f79945cb20 Author: Jeff Layton
[Samba] ANNOUNCE: cifs-utils release 5.6 is ready for download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Time for another cifs-utils release! Highlights: * binaries are now built by default with PIE and RELRO support for better protection against exploits * better debugging and warnings for cifs.upcall and cifscreds * better integration with systemd by having mount.cifs use systemd-ask-password if it's appropriate and available webpage:https://wiki.samba.org/index.php/LinuxCIFS_utils tarball:ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/ git:git://git.samba.org/cifs-utils.git gitweb: http://git.samba.org/?p=cifs-utils.git;a=summary Detailed list of changes since 5.5: commit df561d40947e0b520deb48e1a4749afe9787949a Author: Jeff Layton jlay...@samba.org Date: Fri Jun 1 13:56:21 2012 -0400 autoconf: set version to 5.5.1 for interim builds Signed-off-by: Jeff Layton jlay...@samba.org commit 74edf24d9780900f3ce15d2403c6e331b031d454 Author: Jeff Layton jlay...@samba.org Date: Thu Jun 14 10:59:18 2012 -0400 automake: revert -Werror by default I think in hindsight, that adding -Werror by default was a mistake. cifs-utils is built in a wide range of environments and tools, and it's very difficult to eliminate all of the possible warnings. Let's go ahead and remove it and reduce the steady trickle of patches that are simply to silence obscure warnings. Cc: Suresh Jayaraman sjayara...@suse.com Signed-off-by: Jeff Layton jlay...@samba.org commit 0eb3daa4b17ee64b464594f1a5d413ecb364957c Author: Jeff Layton jlay...@samba.org Date: Thu Jun 14 10:59:18 2012 -0400 mount.cifs: set rc to 0 in libcap toggle_dac_capability Thus spake Jochen: The mount.cifs program from the cifs-utils package 5.5 did not work on my Linux system. It just exited without an error message and did not mount anything. [...] I think, when this variable rc is now used in this function, it has also to be properly initialized there. Reported-by: Jochen Roderburg roderb...@uni-koeln.de Signed-off-by: Jeff Layton jlay...@samba.org commit b7bea5254443cb121b0cf03a64b123b85d7f9fbb Author: Jeff Layton jlay...@samba.org Date: Thu Jun 14 11:05:43 2012 -0400 cifs.upcall: more debug logging for krb5 upcalls While helping to track down a configuration problem, I found this little bit of extra debug logging to be helpful. Might as well make it part of the stock binary. Signed-off-by: Jeff Layton jlay...@samba.org commit a8611e25d44211cd57a91dce4fe7d7a7ad7534d4 Author: Jeff Layton jlay...@samba.org Date: Fri Jul 6 11:48:18 2012 -0400 replace: remove bzero() redefinition from replace.h I borrowed replace.h from samba when I split off the package, and we have a ton of definitions in there that we don't really need. This is one of them and it causes a warning when we build on RHEL5. Reported-by: Andreas Schneider a...@samba.org Signed-off-by: Jeff Layton jlay...@samba.org commit 233e17db8ef7edba1fea660e076a03a56b0117d2 Author: Jeff Layton jlay...@samba.org Date: Mon Jul 9 14:12:33 2012 -0400 autoconf: add --enable-pie and --enable-relro -pie and -fpie enable the building of position-independent executables, and -Wl,-z,relro turns on read-only relocation support in gcc. These options are important for security purposes to guard against possible buffer overflows that lead to exploits. Follow the example of samba here and enable these by default, but add configure options that allow people to turn them off at build-time if necessary. We may also want to eventually add checks to ensure that the compiler and linker understand these options, but I'll wait until we have some evidence that it's needed before I expend the effort. Reported-by: Andreas Schneider a...@samba.org Signed-off-by: Jeff Layton jlay...@samba.org commit ced19dedc0fa7b36087b8eaeef6a6a9dc76aa55e Author: Andreas Schneider a...@cryptomilk.org Date: Mon Jul 9 22:21:04 2012 -0400 autoconf: Fix building with autoconf version older than 2.60. AC_PROG_SED is only avaliable in recent autoconf versions. Use AC_CHECK_PROG instead if AC_PROG_SED is not present. Signed-off-by: Andreas Schneider a...@cryptomilk.org commit 4e264031d0da7d3f2a287337e86b623e814f5c56 Author: Ankit Jain jan...@suse.de Date: Wed Jul 18 06:47:07 2012 -0400 mount.cifs: Use systemd's mechanism for getting password, if present. If systemd is running and /bin/systemd-ask-password if available, then use that else fallback on getpass(..). And add a --enable-systemd configure option, which defaults to yes. Signed-off-by: Ankit Jain jan...@suse.com commit 877701f3cc23df3cb2a293c060bdbf05a87bff6a Author: Luk Claes l...@debian.org Date: Thu Jul 19 09:27:01 2012 -0400 mount.cifs: Use errno instead of having unknown error