Features Download

From: Jeff Layton <jlayton-eUNUBHrolfbYtjvyW6yDsg <at> public.gmane.org>
Subject: ANNOUNCE: cifs-utils release 5.4 is ready for download
Newsgroups: gmane.linux.kernel.cifs
Date: Wednesday 18th April 2012 21:49:22 UTC (over 6 years ago)
Hash: SHA1

Since we now have a fix of sorts for CVE-2012-1586, it seems like as
good a time as any to do a new release. Go forth, download and build


 * the "rootsbindir" can now be specified at configure time

 * mount.cifs now supports the -s option by passing "sloppy" to the
   kernel in the options string

 * cifs.upcall now properly respects the domain_realm section in

 * unprivileged users can no longer mount onto dirs into which they
   can't chdir (fixes CVE-2012-1586) 

webpage:    https://wiki.samba.org/index.php/LinuxCIFS_utils
tarball:    ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/
git:        git://git.samba.org/cifs-utils.git
gitweb:     http://git.samba.org/?p=cifs-utils.git;a=summary

Detailed list of changes since 5.3:

commit 9d74366169305bd3ea3c4bac036bfc982aa15648
Author: Jeff Layton 
Date:   Sun Feb 12 07:32:27 2012 -0500

    autoconf: set release to 5.3.1 for interim builds
    Signed-off-by: Jeff Layton 

commit f9524f772c62bbfd7c190b8249ed66990ed3227a
Author: Jeff Layton 
Date:   Sun Feb 12 07:33:01 2012 -0500

    autoconf: set release to 5.3.1 for interim builds
    Signed-off-by: Jeff Layton 

commit c753cfe5491cfb1f1f74ca41444706383ab9f0e3
Author: Jeff Layton 
Date:   Sun Feb 12 07:33:05 2012 -0500

    cifs-utils: allow specifying rootsbindir at configure time
    ...via the $ROOTSBINDIR environment variable, and AC_ARG_VAR macro.
    The default is to use /sbin for this value, which only currently
    affects the installation location of mount.cifs.
    Signed-off-by: Jeff Layton 

commit 1c2f85a6aecffa7260709e5a44d77335bcade13f
Author: Jeff Layton 
Date:   Mon Feb 20 09:02:54 2012 -0500

    manpage: update wsize= entry to account for change in default wsize
    Signed-off-by: Jeff Layton 

commit f6384b4fe1ffdeebee3e9d73dd533a4fbf83b6d8
Author: Jeff Layton 
Date:   Thu Feb 23 10:42:09 2012 -0500

    mount.cifs: fix tests for strtoul success
    The current test just looks to see if errno was 0 after the conversion
    but we need to do a bit more. According to the strtoul manpage:
        If there were no digits at all, strtoul() stores the original
        of nptr in *endptr (and returns 0).
    So, if you pass in a string of letters, strtoul will return 0, but
    won't actually have converted anything. Luckily, in most cases,
    papers over this bug by doing uid/gid conversions itself before
    Fix this by also checking to ensure that strtoul() converted the
    string in addition to checking that it didn't set errno. While we're
    it, fix the test in backupuid/backupgid options as well which don't
    currently check whether errno got set.
    Reported-by: Kyle Squizzato 
    Signed-off-by: Jeff Layton 

commit b0bc3861bfc7b258045d1d456cf2ef4a43ea9562
Author: Jeff Layton 
Date:   Tue Mar 6 10:54:28 2012 -0500

    mount.cifs: add support for -s option
    autofs generally calls mount helpers with '-s'. Handle that the same
    way we do for NFS -- append ",sloppy" option to the mount options.
    The kernel can look for that option to decide whether to ignore
    unknown mount options, warn, or error out.
    Signed-off-by: Jeff Layton 

commit c5dcf26c0d87d9e8342d2c946e039066de29d30a
Author: Jeff Layton 
Date:   Thu Mar 29 09:11:29 2012 -0400

    cifs.upcall: use krb5_sname_to_principal to construct principal name
    Currently, we build the string by hand then then construct the
    principal name with krb5_parse_name. That bypasses the domain_realm
    section in krb5.conf however.
    Switch the code to use krb5_sname_to_principal instead which is more
    suited to this task. In order for that to work, we change a couple of
    calling functions to pass down a hostname instead of a principal
    name, and then pass in "cifs" as the service name.
    Reported-and-Tested-by: Nirupama Karandikar 
    Signed-off-by: Jeff Layton 

commit fd31a7c0ba7f1282d2d81193d4d100fdc926b99b
Author: Jeff Layton 
Date:   Mon Apr 2 15:28:56 2012 -0400

    mount.cifs: don't allow unprivileged users to mount onto dirs to which
    can't chdir
    If mount.cifs is installed as a setuid root program, then a user can
    use it to gather information about files and directories to which he
    does not have access.
    One of the first things that mount.cifs does is to chdir() into the
    mountpoint and then proceeds to perform the mount onto ".". A
    user could exploit this fact to determine information about
    to which he does not have access. Specifically, whether the dentry in
    question is a file or directory and whether it exists at all.
    This patch fixes this by making the program switch the fsuid to the
    real uid for unprivileged users when mounting.
    Note that this is a behavior change. mount.cifs has in the past
    users to mount onto any directory as long as it's listed in /etc/fstab
    as a user mount. With this change, the user must also be able to chdir
    into the mountpoint without needing special privileges. Hopefully not
    many people have such a pathological configuration.
    This patch should fix CVE-2012-1586.
    Reported-by: Jesus Olmos 
    Signed-off-by: Jeff Layton 

commit ea9407fc4ae72a5d4245cbb25f7429f46d664d23
Author: Jeff Layton 
Date:   Sun Apr 15 08:11:53 2012 -0400

    autoconf: fix tests for wbclient to use pkgconfig
    Use the pkgconfig file that's included with wbclient to perform the
    for wbclient usability, and to set the correct CFLAGS and LDADD.
    This is particularly necessary on recent Fedora with samba4 since it
    puts the wbclient.h file in a different directory than before.
    Also, remove a redundant test for wbclient.h from configure.ac.
    Signed-off-by: Jeff Layton 

commit 730af950428eab6fd131b560a3ee41f4d5fbf405
Author: Jeff Layton 
Date:   Sun Apr 15 08:14:59 2012 -0400

    asn1: fix up some compiler warnings in asn1.c
    These have been around for quite some time.
    gcc -DHAVE_CONFIG_H -I.    -Wall -Wextra -g -O2 -MT asn1.o -MD -MP -MF
    .deps/asn1.Tpo -c -o asn1.o asn1.c
    asn1.c: In function ‘asn1_write’:
    asn1.c:45:19: warning: comparison between signed and unsigned integer
    expressions [-Wsign-compare]
    asn1.c: In function ‘asn1_peek’:
    asn1.c:411:22: warning: comparison between signed and unsigned integer
    expressions [-Wsign-compare]
    asn1.c: In function ‘asn1_tag_remaining’:
    asn1.c:541:16: warning: comparison between signed and unsigned integer
    expressions [-Wsign-compare]
    asn1.c: In function ‘_ber_read_OID_String_impl’:
    asn1.c:570:22: warning: comparison between signed and unsigned integer
    expressions [-Wsign-compare]
    Almost all of these are due to the fact that asn1_data->ofs is a
    signed value, and ->length is unsigned.
    This should clear the way to add -Werror to the cflags in the near
    Signed-off-by: Jeff Layton 

commit dc0dd017a856185422d2f3691062737a9e93ecae
Author: Jeff Layton 
Date:   Mon Apr 16 14:13:14 2012 -0400

    automake: add -Werror to CFLAGS
    With the recent patch to fix the warnings in asn1.c, cifs-utils now
    builds without any warnings. Ban them henceforth by adding -Werror for
    Signed-off-by: Jeff Layton 

commit 63893320b4c8f0f43da1efd40c4ba4b0af990789
Author: Jeff Layton 
Date:   Wed Apr 18 14:47:47 2012 -0400

    docs: update to project resources in README
    ...and add Igor Druzhinin and Pavel Shilovsky to AUTHORS.
    Signed-off-by: Jeff Layton 

commit 0d9cbfa3574c5dce0680f1845cd7bee33e7164d6
Author: Jeff Layton 
Date:   Wed Apr 18 15:40:06 2012 -0400

    autoconf: set version to 5.4
    Signed-off-by: Jeff Layton 

- -- 
Jeff Layton 
Version: GnuPG v2.0.18 (GNU/Linux)

CD: 3ms