import Oracle_OSS cifs-utils-7.6-2.el9_8

This commit is contained in:
AlmaLinux RelEng Bot 2026-07-15 09:40:42 -04:00
parent e1e0de1641
commit da7b0e4e45
8 changed files with 454 additions and 161 deletions

View File

@ -1 +1 @@
75c4eadf2b789ba0e504b4991f3284e15bf9266a SOURCES/cifs-utils-7.5.tar.bz2
8b97d2168a05703176a5cedd9982aa658ef5c47a SOURCES/cifs-utils-7.6.tar.bz2

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/cifs-utils-7.5.tar.bz2
SOURCES/cifs-utils-7.6.tar.bz2

View File

@ -1,41 +0,0 @@
From 927123ede36fab4a68aea6f6a3495ad909430ed1 Mon Sep 17 00:00:00 2001
From: Pierguido Lambri <plambri@redhat.com>
Date: Fri, 30 Jan 2026 14:11:28 +0000
Subject: [PATCH 3/3] cifs.upcall: Adjust log level
Because now only error message are logged, let's switch some messages
from DEBUG to ERROR level.
This will help see when an error occurred with cifs.upcall and
eventually turn on the debug mode.
Signed-off-by: Pierguido Lambri <plambri@redhat.com>
Reviewed-by: Paulo Alcantara (Red Hat) <pc@manguebit.org>
---
cifs.upcall.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/cifs.upcall.c b/cifs.upcall.c
index b57a48c743e4..9d0eecf3aa11 100644
--- a/cifs.upcall.c
+++ b/cifs.upcall.c
@@ -1618,7 +1618,7 @@ int main(const int argc, char *const argv[])
__func__);
} else {
if (!get_tgt_time(ccache)) {
- syslog(LOG_DEBUG, "%s: valid TGT is not present in credential cache",
+ syslog(LOG_ERR, "%s: valid TGT is not present in credential cache",
__func__);
krb5_cc_close(context, ccache);
ccache = NULL;
@@ -1721,7 +1721,7 @@ retry_new_hostname:
}
if (rc) {
- syslog(LOG_DEBUG, "Unable to obtain service ticket");
+ syslog(LOG_ERR, "Unable to obtain service ticket");
goto out;
}
--
2.52.0

View File

@ -1,68 +0,0 @@
From 3047b9ccefdcf6327bf060ebf0d40864c5b1a11e Mon Sep 17 00:00:00 2001
From: Pierguido Lambri <plambri@redhat.com>
Date: Fri, 30 Jan 2026 14:11:26 +0000
Subject: [PATCH 1/3] cifs.upcall: add option to enable debug logs
cifs.upcall uses two levels of logs, DEBUG and ERR.
However, when using systemd, these logs will always be recorded.
When the system does a lot of upcalls, the journal could be filled
with debug logs, which may not be useful at that time.
Added then a new option '-d' to enable debug logs only when needed.
This will set a logmask up to LOG_DEBUG instead of the default
of LOG_ERR, thus reducing the amount of logs when no debug is needed.
Signed-off-by: Pierguido Lambri <plambri@redhat.com>
Reviewed-by: Paulo Alcantara (Red Hat) <pc@manguebit.org>
---
cifs.upcall.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/cifs.upcall.c b/cifs.upcall.c
index 69e27a34f637..b57a48c743e4 100644
--- a/cifs.upcall.c
+++ b/cifs.upcall.c
@@ -1356,10 +1356,11 @@ lowercase_string(char *c)
static void usage(void)
{
- fprintf(stderr, "Usage: %s [ -K /path/to/keytab] [-k /path/to/krb5.conf] [-E] [-t] [-v] [-l] [-e nsecs] key_serial\n", prog);
+ fprintf(stderr, "Usage: %s [ -K /path/to/keytab] [-k /path/to/krb5.conf] [-d] [-E] [-t] [-v] [-l] [-e nsecs] key_serial\n", prog);
}
static const struct option long_options[] = {
+ {"debug", 0, NULL, 'd'},
{"no-env-probe", 0, NULL, 'E'},
{"krb5conf", 1, NULL, 'k'},
{"legacy-uid", 0, NULL, 'l'},
@@ -1379,6 +1380,7 @@ int main(const int argc, char *const argv[])
size_t datalen;
long rc = 1;
int c;
+ int mask;
bool try_dns = false, legacy_uid = false , env_probe = true;
char *buf;
char hostbuf[NI_MAXHOST], *host;
@@ -1395,12 +1397,19 @@ int main(const int argc, char *const argv[])
hostbuf[0] = '\0';
openlog(prog, 0, LOG_DAEMON);
+ mask = LOG_UPTO(LOG_ERR);
+ setlogmask(mask);
- while ((c = getopt_long(argc, argv, "cEk:K:ltve:", long_options, NULL)) != -1) {
+ while ((c = getopt_long(argc, argv, "cdEk:K:ltve:", long_options, NULL)) != -1) {
switch (c) {
case 'c':
/* legacy option -- skip it */
break;
+ case 'd':
+ /* enable debug logs */
+ mask = LOG_UPTO(LOG_DEBUG);
+ setlogmask(mask);
+ break;
case 'E':
/* skip probing initiating process env */
env_probe = false;
--
2.52.0

View File

@ -0,0 +1,46 @@
From d2f39a20d68aa55023b63e575f06941721e644c6 Mon Sep 17 00:00:00 2001
From: Paulo Alcantara <pc@manguebit.org>
Date: Tue, 23 Jun 2026 15:06:20 -0300
Subject: [PATCH] cifs.upcall: fix compiler warning with -Wvla
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The length value for @path array in get_uidgid() needs to be evaluated
at compile time, so replace strlen() with sizeof() when defining
PROC_PID_PATH_MAXLEN and then fix the following warning:
cifs.upcall.c: In function get_uidgid:
cifs.upcall.c:1400:9: warning: ISO C90 forbids array path whose size
cannot be evaluated [-Wvla]
1400 | char path[PROC_PID_PATH_MAXLEN] = {}, buf[256];
| ^~~~
Fixes: 972c5b5ff95e ("cifs.upcall: remove getpwuid() dependency")
Signed-off-by: Paulo Alcantara (Red Hat) <pc@manguebit.org>
Reviewed-by: David Howells <dhowells@redhat.com>
Cc: Enzo Matsumiya <ematsumiya@suse.de>
Cc: linux-cifs@vger.kernel.org
Signed-off-by: Steve French <stfrench@microsoft.com>
---
cifs.upcall.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/cifs.upcall.c b/cifs.upcall.c
index 01690dfcade1..11dbc6186a74 100644
--- a/cifs.upcall.c
+++ b/cifs.upcall.c
@@ -1375,8 +1375,8 @@ static int ip_to_fqdn(const char *addrstr, char *host, size_t hostlen)
return 0;
}
-/* cover worst case/impossible scenarios, + 1 for NUL */
-#define PROC_PID_PATH_MAXLEN ((int)strlen("/proc/2147483647/status") + 1)
+/* cover worst case/impossible scenarios */
+#define PROC_PID_PATH_MAXLEN ((int)sizeof("/proc/2147483647/status"))
/* max valid UID/GID is (UINT_MAX - 1) */
#define INVALID_UIDGID UINT_MAX
--
2.54.0

View File

@ -0,0 +1,391 @@
From e9495963e0d5c26f7d0137829d8dc625130b53cc Mon Sep 17 00:00:00 2001
From: Enzo Matsumiya <ematsumiya@suse.de>
Date: Mon, 6 Jul 2026 10:55:55 -0300
Subject: [PATCH] cifs.upcall: fix regression with krb5 + creduid
Commit 972c5b5ff95e ("cifs.upcall: remove getpwuid() dependency")
introduced a regression when using creduid != uid (e.g.
"mount.cifs -o sec=krb5,cruid=X"), so 'uid' local var is replaced
with procfs "Uid" value (in the example, the one from mount.cifs).
That commit ignored the fact that:
mount UID can be different from creds UID, and that calling-app
process (post-mount) can be different from both
This patch "reverts" 972c5b5ff95e ("cifs.upcall: remove getpwuid()
dependency"); transform the "emergency"-added function get_uidgid()
into map_uidgid(), now only used to do NS UID/GID mapping.
Also add getpwuid() back, but this time called while still on host
namespace, so any possible custom NSS module is ran as allowed by
sysadmin.
Any scenario involving unmapped UIDs or GIDs is unsupported; this
means that any UID:GID in a child user namespace _must_ map back to
a valid and existing host UID:GID.
Fixes: 972c5b5ff95e ("cifs.upcall: remove getpwuid() dependency")
Reported-by: Paulo Alcantara (Red Hat) <pc@manguebit.org>
Signed-off-by: Enzo Matsumiya <ematsumiya@suse.de>
Signed-off-by: Paulo Alcantara (Red Hat) <pc@manguebit.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
---
cifs.upcall.c | 279 ++++++++++++++++++++++++++++++++------------------
1 file changed, 177 insertions(+), 102 deletions(-)
diff --git a/cifs.upcall.c b/cifs.upcall.c
index 747617790576..42205e66a676 100644
--- a/cifs.upcall.c
+++ b/cifs.upcall.c
@@ -52,6 +52,7 @@
#include <arpa/inet.h>
#include <ctype.h>
#include <grp.h>
+#include <pwd.h>
#include <stdbool.h>
#include <errno.h>
#include <sched.h>
@@ -1375,118 +1376,170 @@ static int ip_to_fqdn(const char *addrstr, char *host, size_t hostlen)
return 0;
}
-/* cover worst case/impossible scenarios */
-#define PROC_PID_PATH_MAXLEN ((int)sizeof("/proc/2147483647/status"))
-/* max valid UID/GID is (UINT_MAX - 1) */
-#define INVALID_UIDGID UINT_MAX
+#define ID_MAP_PATH_MAX ((int)sizeof("/proc/2147483647/uid_map"))
-/*
- * get_uidgid - Get @pid's (real) UID and/or GID.
- * @pid: process to get UID/GID from
- * @uidp: pointer to store @pid's UID (can be NULL)
- * @gidp: pointer to store @pid's GID (can be NULL)
- *
- * Extract "Uid:" and "Gid:" fields from /proc/@pid/status.
- * Do so based on whether @uidp or @gidp are NULL.
- *
- * This function assumes we're on the same namespace as @pid.
- *
- * Return: 0 on success, -1 otherwise (errno set).
- *
- * On errors, *@uidp and *@gidp are set to INVALID_UIDGID.
- */
-static int get_uidgid(pid_t pid, uid_t *uidp, gid_t *gidp)
+static int map_id(pid_t pid, const char *map, unsigned int *idp)
{
- char path[PROC_PID_PATH_MAXLEN] = {}, buf[256];
+ unsigned long long ns_start, host_start, range;
+ char map_path[ID_MAP_PATH_MAX];
+ int map_path_size = sizeof(map_path);
+ unsigned int id;
FILE *fp = NULL;
- int ret;
+ int ret = 1;
- errno = 0;
- if (pid < 0 || (!uidp && !gidp)) {
- errno = EINVAL;
- return -1;
- }
+ errno = EINVAL;
+ if (pid < 0 || !map || !idp || *idp == UINT_MAX)
+ goto out;
- if (uidp)
- *uidp = INVALID_UIDGID;
-
- if (gidp)
- *gidp = INVALID_UIDGID;
-
- ret = snprintf(path, PROC_PID_PATH_MAXLEN, "/proc/%d/status", pid);
- if (ret < 0 || ret >= PROC_PID_PATH_MAXLEN) {
- if (!errno)
+ ret = snprintf(map_path, map_path_size, "/proc/%d/%s", pid, map);
+ if (ret < 0 || ret >= map_path_size) {
+ if (ret >= map_path_size)
errno = ENAMETOOLONG;
- return -1;
+ ret = 1;
+ goto out;
}
- fp = fopen(path, "r");
- if (!fp) {
- ret = -1;
+ ret = 1;
+ fp = fopen(map_path, "r");
+ if (!fp)
goto out;
- }
- /* Parse /proc/pid/status fields */
- errno = 0;
- ret = -1;
- while (fgets(buf, 256, fp)) {
- unsigned long long val;
+ /*
+ * The map files have the same format:
+ * <NS ID start> <host ID start> <range>
+ * ... (<multiple entries are supported) ...
+ *
+ * Formula and validation:
+ * <final NS ID> = (*@idp - <host ID start>) + <NS ID start>
+ *
+ * - IDs: [0, UINT_MAX - 1]
+ * - range: [1, UINT_MAX], where range == UINT_MAX requires both ID ranges to start at 0,
+ * which then means this is an init host NS mapping (and that's ok)
+ *
+ * The formula itself would be enough to "validate" a matching NS ID, but we don't want to
+ * keep parsing a malformed map file, no matter how unlikely/impossible it is to happen.
+ * Same reason values are parsed as 'unsigned long long', so we can check for bogus data.
+ */
+ id = UINT_MAX;
+ errno = ENODATA;
+ while (fscanf(fp, "%llu %llu %llu", &ns_start, &host_start, &range) == 3) {
+ if (ns_start >= UINT_MAX || host_start >= UINT_MAX ||
+ range > UINT_MAX || range == 0) {
+ errno = EINVAL;
+ ret = 1;
+ break;
+ }
- errno = ENODATA;
- if ((!uidp || strncmp(buf, "Uid:", 4)) && (!gidp || strncmp(buf, "Gid:", 4)))
- continue;
+ if (range == UINT_MAX && (ns_start != 0 || host_start != 0)) {
+ errno = EINVAL;
+ ret = 1;
+ break;
+ }
- errno = 0;
+ if (host_start + range > UINT_MAX || ns_start + range > UINT_MAX) {
+ errno = EINVAL;
+ ret = 1;
+ break;
+ }
/*
- * Example line format (same for both Uid/Gid):
- * "Uid:\t%u\t%u\%u\%u"
+ * Check if host ID fits this line.
+ * Our desired NS ID may be in any line of the file.
*
- * Where the numbers represents:
- * <real> <effective> <saved> <fsuid>
+ * Note: new{uid,gid}map tools (that creates the map files) don't allow multiple
+ * maps (NS IDs) to the same host ID.
*
- * We're only interested in the <real> value.
+ * If we get a match here, we'll save it, but we continue parsing the file.
+ * If we happen to find a duplicate, it's possible this is a rogue file trying to
+ * bypass these checks.
*
- * (field names "Uid:"/"Gid:" parsed above, skip it)
+ * In such cases, discard the match and return EOPNOTSUPP, as returning a
+ * successful match could lead to disastrous results.
*/
- ret = sscanf(&buf[0] + 4, "%llu", &val);
- if (ret != 1) {
- ret = -1;
- if (errno)
+ if (*idp >= host_start && *idp < host_start + range) {
+ /* This means we found a duplicate */
+ if (!ret) {
+ ret = 1;
+ errno = EOPNOTSUPP;
+ syslog(LOG_ERR, "%s has multiple mapped IDs for %u (unsupported)",
+ map, *idp);
break;
- continue;
- }
+ }
- ret = -1;
- if (val >= UINT_MAX) {
- errno = EINVAL;
- break;
- }
-
- if (uidp && !strncmp(buf, "Uid:", 4))
- *uidp = (uid_t)val;
- else
- *gidp = (gid_t)val;
-
- if ((!uidp || *uidp != INVALID_UIDGID) && (!gidp || *gidp != INVALID_UIDGID)) {
- errno = 0;
+ id = (*idp - host_start) + ns_start;
ret = 0;
- break;
+ errno = 0;
}
}
+
+ /* This means errno was reset by fscanf() without finding anything */
+ if (ret && errno == 0)
+ errno = ENODATA;
out:
- if (fp)
+ if (fp) {
+ int err = errno;
+
fclose(fp);
+ /* Ignore fclose() errors */
+ errno = err;
+ }
+ if (!ret) {
+ *idp = id;
+ errno = 0;
+ } else {
+ syslog(LOG_DEBUG, "%s(pid=%d, map=%s, id=%u): %s", __func__, pid, map, *idp,
+ strerror(errno));
+ }
+
+ return ret;
+}
+
+/*
+ * map_uidgid() - Map (real) UID/GID from init host NS to user NS.
+ * @pid: host NS PID
+ * @uidp: (in) host UID, (out) NS UID
+ * @gidp: (in) host GID, (out) NS GID
+ *
+ * Parse /proc/@pid/{uid,gid}_map files to get NS UID/GID values.
+ * Since @pid is expected to be a host NS PID, this must be called before switching namespaces.
+ *
+ * Note: we can't use /proc/self here because we haven't switched NS yet, so {uid,gid}_map files
+ * would contain host NS values.
+ *
+ * Return: 0 on success, 1 otherwise (errno set).
+ */
+static int map_uidgid(pid_t pid, uid_t *uidp, gid_t *gidp)
+{
+ uid_t orig_uid;
+ gid_t orig_gid;
+ int ret = 1;
+
+ errno = EINVAL;
+ if (!uidp || !gidp)
+ goto out;
+
+ orig_uid = *uidp;
+ orig_gid = *gidp;
+
+ ret = map_id(pid, "uid_map", uidp);
if (ret) {
- syslog(LOG_DEBUG, "%s(pid=%d): %s", __func__, pid, strerror(errno));
- if (uidp)
- *uidp = INVALID_UIDGID;
-
- if (gidp)
- *gidp = INVALID_UIDGID;
+ if (errno == ENODATA)
+ syslog(LOG_ERR, "UID %u not mapped in this namespace (unsupported)",
+ orig_uid);
+ goto out;
}
+ ret = map_id(pid, "gid_map", gidp);
+ if (ret && errno == ENODATA)
+ syslog(LOG_ERR, "GID %u not mapped in this namespace (unsupported)",
+ orig_gid);
+out:
+ if (ret && errno != ENODATA)
+ syslog(LOG_ERR, "%s: %s", __func__, strerror(errno));
+ else if (!ret)
+ syslog(LOG_DEBUG, "host %u:%u -> NS %u:%u", orig_uid, orig_gid, *uidp, *gidp);
+
return ret;
}
@@ -1534,6 +1587,7 @@ int main(const int argc, char *const argv[])
const char *oid;
uid_t uid;
gid_t gid;
+ struct passwd *pw;
char *keytab_name = NULL;
char *env_cachename = NULL;
krb5_ccache ccache = NULL;
@@ -1680,12 +1734,52 @@ int main(const int argc, char *const argv[])
goto out;
}
+ /*
+ * 'uid' always points to a host UID, so we must get the corresponding host GID.
+ * It's safe to call getpwuid() here because we're still on host NS, i.e. caller
+ * application has no control over custom NSS modules.
+ *
+ * FIXME: if UID is from another NS, or a subuid, this will fail on mount.
+ */
+ errno = 0;
+ pw = getpwuid(uid);
+ if (!pw) {
+ syslog(LOG_ERR, "failed to retrieve GID from UID %u: %s", uid,
+ strerror(errno ? errno : ENOENT));
+ rc = 1;
+ goto out;
+ }
+
+ gid = pw->pw_gid;
+
+ /*
+ * We can't reasonably do this for root. When mounting a DFS share,
+ * for instance we can end up with creds being overridden, but the env
+ * variable left intact.
+ *
+ * Always check this before NS UID mapping.
+ */
+ if (uid == 0)
+ env_probe = false;
+
/*
* Change to the process's namespace. This means that things will work
* acceptably in containers, because we'll be looking at the correct
* filesystem and have the correct network configuration.
*/
if (arg->upcall_target == UPTARGET_APP || arg->upcall_target == UPTARGET_UNSPECIFIED) {
+ /*
+ * Map host 'uid' and 'gid' to the target user NS.
+ *
+ * Any scenario that involves unmapped UIDs or primary GIDs is not supported -- we
+ * don't have, and can't find, all the info that would be necessary to find a
+ * UID/GID within all the possible NS combinations.
+ */
+ if (!in_same_user_ns(arg->pid, getpid())) {
+ rc = map_uidgid(arg->pid, &uid, &gid);
+ if (rc)
+ goto out;
+ }
syslog(LOG_INFO, "upcall_target=app, switching namespaces to application thread");
arg->upcall_target = UPTARGET_APP;
rc = switch_to_process_ns(arg->pid);
@@ -1700,25 +1794,6 @@ int main(const int argc, char *const argv[])
syslog(LOG_INFO, "upcall_target=mount, not switching namespaces to application thread");
}
- /*
- * We can't reasonably do this for root. When mounting a DFS share,
- * for instance we can end up with creds being overridden, but the env
- * variable left intact.
- */
- if (uid == 0)
- env_probe = false;
-
- /*
- * FIXME: this only works if we haven't switched PID namespaces.
- * If we did, /proc/arg->pid/ might not exist, or worse, point to something else.
- */
- rc = get_uidgid(arg->pid, &uid, &gid);
- if (rc) {
- syslog(LOG_ERR, "get_uidgid (NS): %s", strerror(errno));
- rc = 1;
- goto out;
- }
-
rc = setgid(gid);
if (rc) {
syslog(LOG_ERR, "setgid: %s", strerror(errno));
--
2.55.0

View File

@ -1,41 +0,0 @@
From 224512b9e62c886fd8d9802bc50a7702c4fe4517 Mon Sep 17 00:00:00 2001
From: Pierguido Lambri <plambri@redhat.com>
Date: Fri, 30 Jan 2026 14:11:27 +0000
Subject: [PATCH 2/3] docs: Enable debug logs
Documented a new option '-d' to enable debug logs.
By default only error logs are enabled, with this new option
debug logs can be enabled when needed.
Signed-off-by: Pierguido Lambri <plambri@redhat.com>
Reviewed-by: Paulo Alcantara (Red Hat) <pc@manguebit.org>
---
cifs.upcall.rst.in | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/cifs.upcall.rst.in b/cifs.upcall.rst.in
index 09d0503591d6..895efc53ef50 100644
--- a/cifs.upcall.rst.in
+++ b/cifs.upcall.rst.in
@@ -11,7 +11,7 @@ Userspace upcall helper for Common Internet File System (CIFS)
SYNOPSIS
********
- cifs.upcall [--trust-dns|-t] [--version|-v] [--legacy-uid|-l]
+ cifs.upcall [--trust-dns|-t] [--version|-v] [--legacy-uid|-l] [--debug|-d]
[--krb5conf=/path/to/krb5.conf|-k /path/to/krb5.conf]
[--keytab=/path/to/keytab|-K /path/to/keytab] [--expire|-e nsecs] {keyid}
@@ -38,6 +38,9 @@ OPTIONS
-c
This option is deprecated and is currently ignored.
+--debug|-d
+ Enable debug logs. By default no debug messages are logged, only errors.
+
--no-env-probe|-E
Normally, ``cifs.upcall`` will probe the environment variable space of
the process that initiated the upcall in order to fetch the value of
--
2.52.0

View File

@ -1,8 +1,8 @@
## START: Set by rpmautospec
## (rpmautospec version 0.6.5)
## (rpmautospec version 0.8.4)
## RPMAUTOSPEC: autorelease, autochangelog
%define autorelease(e:s:pb:n) %{?-p:0.}%{lua:
release_number = 1;
release_number = 2;
base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}"));
print(release_number + base_release_number - 1);
}%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}}
@ -14,7 +14,7 @@
%global bash_completion_dir %(pkg-config --variable=completionsdir bash-completion || echo /etc/bash_completion.d)
Name: cifs-utils
Version: 7.5
Version: 7.6
Release: %autorelease
Summary: Utilities for mounting and managing CIFS mounts
@ -34,9 +34,8 @@ Recommends: %{name}-info%{?_isa} = %{version}-%{release}
Source0: https://download.samba.org/pub/linux-cifs/cifs-utils/%{name}-%{version}.tar.bz2
Patch0: cifs.upcall-add-option-to-enable-debug-logs.patch
Patch1: docs-Enable-debug-logs.patch
Patch2: cifs.upcall-Adjust-log-level.patch
Patch0: cifs.upcall-fix-compiler-warning-with-Wvla.patch
Patch1: cifs.upcall-fix-regression-with-krb5-creduid.patch
%description
The SMB/CIFS protocol is a standard file sharing protocol widely deployed
@ -144,11 +143,18 @@ about CIFS mount.
%changelog
## START: Generated by rpmautospec
* Wed Feb 04 2026 Paulo Alcantara <paalcant@redhat.com> - 7.5-1
- resolves: RHEL-146305 - Enable debug logs in cifs.upcall
* Tue Jul 07 2026 Paulo Alcantara <paalcant@redhat.com> - 7.6-2
- resolves: RHEL-192982 - fix krb5 mount regression
* Wed Jun 24 2026 Paulo Alcantara <paalcant@redhat.com> - 7.6-1
- Update to version 7.6
- resolves: RHEL-185761 - CVE-2026-12505 cifs-utils: LPE via cifs.spnego
* Tue Feb 03 2026 Paulo Alcantara <paalcant@redhat.com> - 7.5-1
- resolves: RHEL-127499 - Enable debug logs in cifs.upcall
* Wed Nov 26 2025 Paulo Alcantara <paalcant@redhat.com> - 7.4-1
- resolves: RHEL-131406 - fix regression with cifscreds(1)
- resolves: RHEL-110765 - fix regression with cifscreds(1)
* Fri Mar 07 2025 Paulo Alcantara <paalcant@redhat.com> - 7.2-1
- resolves: RHEL-82680 - Update to version 7.2