similar to: ANNOUNCE: cifs-utils release 4.1 available for download

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The last release (4.7) was back in October. We've had a number of good fixes committed in the last few weeks, so it's a good time to cut a new release. Also, note that I've transplanted the cifs-utils manpage to the Samba Wiki. The old URL still works and redirects browsers to the new page. o hardcoded paths in the cifs.upcall manpage

The main change in this release is to address some regressions that crept in when we switched to a scheme that does not rely on walking /tmp to look for credcaches. We now will use the information from the kernel about the initiating pid, reach into that task's environment and scrape out the $KRB5CCNAME variable. This can be problematic in setuid situations, so we avoid doing that for the

Time for a new cifs-utils release! The main change in this release is a set of cleanups to cifs.upcall to make it more efficient and work better with alternate style credcaches. No longer does it blithely stumble around in /tmp looking for credcaches. We now just use the default credcache that to which the krb5.conf points. Go forth and download!

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It has been a while since I've cut a new release for cifs-utils. This one has more visible changes than were in the last few releases. Major highlights: - - documentation additions for the fsc option - - mount.cifs deals with _netdev, mand and nomand options correctly now - - a change in how mount.cifs handles the MS_MANDLOCK flag. It used to

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Things have been relatively quiet lately. Time for a release! Highlights: * A lot of manpage updates, additions and corrections * cifs.idmap can now map uid/gid to SID in addition to the other way around * getcifsacl/setcifsacl are now installed by default in /usr/bin instead of /usr/sbin. The manpages are now in section 1. * cifs.upcall has a

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Again, nothing earth-shattering in this release. Mostly some minor bugfixes and cleanups. Some highlights: - - setcifsacl can now work without a plugin - - systemd-ask-password is found using $PATH now - - cifs.upcall now works with KEYRING: credcaches Go forth and download! webpage: https://wiki.samba.org/index.php/LinuxCIFS_utils tarball:

It has been a few months since the last cifs-utils release, and again there's been almost no activity. Still, at some point we need to get the bugfixes into the field, no matter how minor they are. So, nothing much earth-shattering here, mostly just bugfixes, and one new feature to allow cifs.upcall to use a dedicated keytab. Go forth and download! webpage:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This release contains a significant overhaul of mount.cifs that is intended to make it safer to install setuid root. With this release, setuid capability is no longer disabled by default. Among the changes are: - - mount.cifs now does privilege separation. It forks very early and the child drops privileges. Most of the mount option processing is

We've had a number of changes since the last release, and we have some other upcoming kernel changes that might require corresponding cifs-utils changes. So it's probably as good a time as any for a new release. Highlights: + fix for a minor security issue that can corrupt the mtab + new getcifsacl/setcifsacl tools that allow you to fetch and set raw Windows ACLs via an xattr. + a

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 With the overhaul of the cifscreds utility, I figured this would be a good time to do a new release. Highlights: * admins can now tell cifs.upcall to use an alternate krb5.conf file * on remount, mount.cifs no longer adds a duplicate mtab entry * the cifscreds utility has seen a major overhaul to allow for multiuser mounts without krb5 auth

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It's been a while since our last release and Shirish's new cifs.idmap utility has now been merged. The last release was 4.9, so I've been a bit torn -- should I call this one 4.10 or 5.0? Then I figured...when in doubt, copy Linus. Since he just bumped the major version number of the kernel, this is now version 5.0. The main changes: -

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Time for another cifs-utils release! Highlights: * binaries are now built by default with PIE and RELRO support for better protection against exploits * better debugging and warnings for cifs.upcall and cifscreds * better integration with systemd by having mount.cifs use systemd-ask-password if it's appropriate and available webpage:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Time for another cifs-utils release! Nothing terribly earth shattering here. Some distros (like Fedora) are moving krb5 credcaches out of /tmp by default. Users of these distros will definitely want to upgrade. Highlights: * Fixes for mounting with '/' in usernames with sec=krb5 * Support for DIR: type krb5 ccaches * support for

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Since we now have a fix of sorts for CVE-2012-1586, it seems like as good a time as any to do a new release. Go forth, download and build cifs-utils-5.4. Highlights: * the "rootsbindir" can now be specified at configure time * mount.cifs now supports the -s option by passing "sloppy" to the kernel in the options string *

On Mon, 2017-02-13 at 05:02 -0500, Simo Sorce wrote: > On Sat, 2017-02-11 at 10:16 -0500, Jeff Layton wrote: > > On Sat, 2017-02-11 at 08:41 -0500, Jeff Layton wrote: > > > Chad reported that he was seeing a regression in cifs-utils-6.6. > > > Prior > > > to that, cifs.upcall was able to find credcaches in non-default > > > FILE: > > >

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Time for a new cifs-utils release! The big bullet point in this release is a new pam_cifscreds module that has been added by Orion Poplawski. This release also cleans some unused cruft out of some of the binaries so they're quite a bit smaller now and fixes a few bugs that Coverity turned up. Go forth and download! webpage:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Nothing terribly earth-shattering in this release. We had a number of reports of build-breaking problems in version 5.4, mostly due to the fact that we now turn on -Werror by default, and a number of patches to fix them. I'm starting to have doubts as to whether it's a good idea to keep - -Werror in the default CFLAGS. This is built in a

First official release! As previously noted, I'm declaring this version 4.0 to help ease the transition for distro packagers. There are only a couple of small changes since 4.0rc1 -- a small #include change in cifs.spnego and an autotools fix. I'm still working on a more permanent location for the webpage and FTP repo, but I don't see that as a reason to hold up the initial release.

On Thu, 2017-02-09 at 14:45 -0600, Chad William Seys wrote: > Hi Jeff, > Could you look at the following mailing list posting? > > https://lists.samba.org/archive/samba/2017-February/206468.html > > It looks like cifs.upcall has changed its behavior. As described in > that post, I can mount with root / kerberos, but then cannot access with > another user who has

On Fri, 2017-02-10 at 14:14 -0500, Simo Sorce wrote: > On Fri, 2017-02-10 at 13:30 -0500, Jeff Layton wrote: > > On Fri, 2017-02-10 at 12:39 -0500, Jeff Layton wrote: > > > On Fri, 2017-02-10 at 11:15 -0600, Chad William Seys wrote: > > > > Hi Jeff, > > > > > > > > > So we have a default credcache for the user for whom we are > > >