From da7b0e4e45c3c329954ba69eacc99129026f5106 Mon Sep 17 00:00:00 2001 From: AlmaLinux RelEng Bot Date: Wed, 15 Jul 2026 09:40:42 -0400 Subject: [PATCH] import Oracle_OSS cifs-utils-7.6-2.el9_8 --- .cifs-utils.metadata | 2 +- .gitignore | 2 +- SOURCES/cifs.upcall-Adjust-log-level.patch | 41 -- ...call-add-option-to-enable-debug-logs.patch | 68 --- ...pcall-fix-compiler-warning-with-Wvla.patch | 46 +++ ...all-fix-regression-with-krb5-creduid.patch | 391 ++++++++++++++++++ SOURCES/docs-Enable-debug-logs.patch | 41 -- SPECS/cifs-utils.spec | 24 +- 8 files changed, 454 insertions(+), 161 deletions(-) delete mode 100644 SOURCES/cifs.upcall-Adjust-log-level.patch delete mode 100644 SOURCES/cifs.upcall-add-option-to-enable-debug-logs.patch create mode 100644 SOURCES/cifs.upcall-fix-compiler-warning-with-Wvla.patch create mode 100644 SOURCES/cifs.upcall-fix-regression-with-krb5-creduid.patch delete mode 100644 SOURCES/docs-Enable-debug-logs.patch diff --git a/.cifs-utils.metadata b/.cifs-utils.metadata index d05d745..1691541 100644 --- a/.cifs-utils.metadata +++ b/.cifs-utils.metadata @@ -1 +1 @@ -75c4eadf2b789ba0e504b4991f3284e15bf9266a SOURCES/cifs-utils-7.5.tar.bz2 +8b97d2168a05703176a5cedd9982aa658ef5c47a SOURCES/cifs-utils-7.6.tar.bz2 diff --git a/.gitignore b/.gitignore index e849fb2..952cff2 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/cifs-utils-7.5.tar.bz2 +SOURCES/cifs-utils-7.6.tar.bz2 diff --git a/SOURCES/cifs.upcall-Adjust-log-level.patch b/SOURCES/cifs.upcall-Adjust-log-level.patch deleted file mode 100644 index 8732668..0000000 --- a/SOURCES/cifs.upcall-Adjust-log-level.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 927123ede36fab4a68aea6f6a3495ad909430ed1 Mon Sep 17 00:00:00 2001 -From: Pierguido Lambri -Date: Fri, 30 Jan 2026 14:11:28 +0000 -Subject: [PATCH 3/3] cifs.upcall: Adjust log level - -Because now only error message are logged, let's switch some messages -from DEBUG to ERROR level. -This will help see when an error occurred with cifs.upcall and -eventually turn on the debug mode. - -Signed-off-by: Pierguido Lambri -Reviewed-by: Paulo Alcantara (Red Hat) ---- - cifs.upcall.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/cifs.upcall.c b/cifs.upcall.c -index b57a48c743e4..9d0eecf3aa11 100644 ---- a/cifs.upcall.c -+++ b/cifs.upcall.c -@@ -1618,7 +1618,7 @@ int main(const int argc, char *const argv[]) - __func__); - } else { - if (!get_tgt_time(ccache)) { -- syslog(LOG_DEBUG, "%s: valid TGT is not present in credential cache", -+ syslog(LOG_ERR, "%s: valid TGT is not present in credential cache", - __func__); - krb5_cc_close(context, ccache); - ccache = NULL; -@@ -1721,7 +1721,7 @@ retry_new_hostname: - } - - if (rc) { -- syslog(LOG_DEBUG, "Unable to obtain service ticket"); -+ syslog(LOG_ERR, "Unable to obtain service ticket"); - goto out; - } - --- -2.52.0 - diff --git a/SOURCES/cifs.upcall-add-option-to-enable-debug-logs.patch b/SOURCES/cifs.upcall-add-option-to-enable-debug-logs.patch deleted file mode 100644 index 8b8f7af..0000000 --- a/SOURCES/cifs.upcall-add-option-to-enable-debug-logs.patch +++ /dev/null @@ -1,68 +0,0 @@ -From 3047b9ccefdcf6327bf060ebf0d40864c5b1a11e Mon Sep 17 00:00:00 2001 -From: Pierguido Lambri -Date: Fri, 30 Jan 2026 14:11:26 +0000 -Subject: [PATCH 1/3] cifs.upcall: add option to enable debug logs - -cifs.upcall uses two levels of logs, DEBUG and ERR. -However, when using systemd, these logs will always be recorded. -When the system does a lot of upcalls, the journal could be filled -with debug logs, which may not be useful at that time. -Added then a new option '-d' to enable debug logs only when needed. -This will set a logmask up to LOG_DEBUG instead of the default -of LOG_ERR, thus reducing the amount of logs when no debug is needed. - -Signed-off-by: Pierguido Lambri -Reviewed-by: Paulo Alcantara (Red Hat) ---- - cifs.upcall.c | 13 +++++++++++-- - 1 file changed, 11 insertions(+), 2 deletions(-) - -diff --git a/cifs.upcall.c b/cifs.upcall.c -index 69e27a34f637..b57a48c743e4 100644 ---- a/cifs.upcall.c -+++ b/cifs.upcall.c -@@ -1356,10 +1356,11 @@ lowercase_string(char *c) - - static void usage(void) - { -- fprintf(stderr, "Usage: %s [ -K /path/to/keytab] [-k /path/to/krb5.conf] [-E] [-t] [-v] [-l] [-e nsecs] key_serial\n", prog); -+ fprintf(stderr, "Usage: %s [ -K /path/to/keytab] [-k /path/to/krb5.conf] [-d] [-E] [-t] [-v] [-l] [-e nsecs] key_serial\n", prog); - } - - static const struct option long_options[] = { -+ {"debug", 0, NULL, 'd'}, - {"no-env-probe", 0, NULL, 'E'}, - {"krb5conf", 1, NULL, 'k'}, - {"legacy-uid", 0, NULL, 'l'}, -@@ -1379,6 +1380,7 @@ int main(const int argc, char *const argv[]) - size_t datalen; - long rc = 1; - int c; -+ int mask; - bool try_dns = false, legacy_uid = false , env_probe = true; - char *buf; - char hostbuf[NI_MAXHOST], *host; -@@ -1395,12 +1397,19 @@ int main(const int argc, char *const argv[]) - hostbuf[0] = '\0'; - - openlog(prog, 0, LOG_DAEMON); -+ mask = LOG_UPTO(LOG_ERR); -+ setlogmask(mask); - -- while ((c = getopt_long(argc, argv, "cEk:K:ltve:", long_options, NULL)) != -1) { -+ while ((c = getopt_long(argc, argv, "cdEk:K:ltve:", long_options, NULL)) != -1) { - switch (c) { - case 'c': - /* legacy option -- skip it */ - break; -+ case 'd': -+ /* enable debug logs */ -+ mask = LOG_UPTO(LOG_DEBUG); -+ setlogmask(mask); -+ break; - case 'E': - /* skip probing initiating process env */ - env_probe = false; --- -2.52.0 - diff --git a/SOURCES/cifs.upcall-fix-compiler-warning-with-Wvla.patch b/SOURCES/cifs.upcall-fix-compiler-warning-with-Wvla.patch new file mode 100644 index 0000000..5ef0dc1 --- /dev/null +++ b/SOURCES/cifs.upcall-fix-compiler-warning-with-Wvla.patch @@ -0,0 +1,46 @@ +From d2f39a20d68aa55023b63e575f06941721e644c6 Mon Sep 17 00:00:00 2001 +From: Paulo Alcantara +Date: Tue, 23 Jun 2026 15:06:20 -0300 +Subject: [PATCH] cifs.upcall: fix compiler warning with -Wvla +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The length value for @path array in get_uidgid() needs to be evaluated +at compile time, so replace strlen() with sizeof() when defining +PROC_PID_PATH_MAXLEN and then fix the following warning: + + cifs.upcall.c: In function ‘get_uidgid’: + cifs.upcall.c:1400:9: warning: ISO C90 forbids array ‘path’ whose size + cannot be evaluated [-Wvla] + 1400 | char path[PROC_PID_PATH_MAXLEN] = {}, buf[256]; + | ^~~~ + +Fixes: 972c5b5ff95e ("cifs.upcall: remove getpwuid() dependency") +Signed-off-by: Paulo Alcantara (Red Hat) +Reviewed-by: David Howells +Cc: Enzo Matsumiya +Cc: linux-cifs@vger.kernel.org +Signed-off-by: Steve French +--- + cifs.upcall.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/cifs.upcall.c b/cifs.upcall.c +index 01690dfcade1..11dbc6186a74 100644 +--- a/cifs.upcall.c ++++ b/cifs.upcall.c +@@ -1375,8 +1375,8 @@ static int ip_to_fqdn(const char *addrstr, char *host, size_t hostlen) + return 0; + } + +-/* cover worst case/impossible scenarios, + 1 for NUL */ +-#define PROC_PID_PATH_MAXLEN ((int)strlen("/proc/2147483647/status") + 1) ++/* cover worst case/impossible scenarios */ ++#define PROC_PID_PATH_MAXLEN ((int)sizeof("/proc/2147483647/status")) + /* max valid UID/GID is (UINT_MAX - 1) */ + #define INVALID_UIDGID UINT_MAX + +-- +2.54.0 + diff --git a/SOURCES/cifs.upcall-fix-regression-with-krb5-creduid.patch b/SOURCES/cifs.upcall-fix-regression-with-krb5-creduid.patch new file mode 100644 index 0000000..6e74e13 --- /dev/null +++ b/SOURCES/cifs.upcall-fix-regression-with-krb5-creduid.patch @@ -0,0 +1,391 @@ +From e9495963e0d5c26f7d0137829d8dc625130b53cc Mon Sep 17 00:00:00 2001 +From: Enzo Matsumiya +Date: Mon, 6 Jul 2026 10:55:55 -0300 +Subject: [PATCH] cifs.upcall: fix regression with krb5 + creduid + +Commit 972c5b5ff95e ("cifs.upcall: remove getpwuid() dependency") +introduced a regression when using creduid != uid (e.g. +"mount.cifs -o sec=krb5,cruid=X"), so 'uid' local var is replaced +with procfs "Uid" value (in the example, the one from mount.cifs). + +That commit ignored the fact that: + mount UID can be different from creds UID, and that calling-app + process (post-mount) can be different from both + +This patch "reverts" 972c5b5ff95e ("cifs.upcall: remove getpwuid() +dependency"); transform the "emergency"-added function get_uidgid() +into map_uidgid(), now only used to do NS UID/GID mapping. + +Also add getpwuid() back, but this time called while still on host +namespace, so any possible custom NSS module is ran as allowed by +sysadmin. + +Any scenario involving unmapped UIDs or GIDs is unsupported; this +means that any UID:GID in a child user namespace _must_ map back to +a valid and existing host UID:GID. + +Fixes: 972c5b5ff95e ("cifs.upcall: remove getpwuid() dependency") +Reported-by: Paulo Alcantara (Red Hat) +Signed-off-by: Enzo Matsumiya +Signed-off-by: Paulo Alcantara (Red Hat) +Signed-off-by: Steve French +--- + cifs.upcall.c | 279 ++++++++++++++++++++++++++++++++------------------ + 1 file changed, 177 insertions(+), 102 deletions(-) + +diff --git a/cifs.upcall.c b/cifs.upcall.c +index 747617790576..42205e66a676 100644 +--- a/cifs.upcall.c ++++ b/cifs.upcall.c +@@ -52,6 +52,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -1375,118 +1376,170 @@ static int ip_to_fqdn(const char *addrstr, char *host, size_t hostlen) + return 0; + } + +-/* cover worst case/impossible scenarios */ +-#define PROC_PID_PATH_MAXLEN ((int)sizeof("/proc/2147483647/status")) +-/* max valid UID/GID is (UINT_MAX - 1) */ +-#define INVALID_UIDGID UINT_MAX ++#define ID_MAP_PATH_MAX ((int)sizeof("/proc/2147483647/uid_map")) + +-/* +- * get_uidgid - Get @pid's (real) UID and/or GID. +- * @pid: process to get UID/GID from +- * @uidp: pointer to store @pid's UID (can be NULL) +- * @gidp: pointer to store @pid's GID (can be NULL) +- * +- * Extract "Uid:" and "Gid:" fields from /proc/@pid/status. +- * Do so based on whether @uidp or @gidp are NULL. +- * +- * This function assumes we're on the same namespace as @pid. +- * +- * Return: 0 on success, -1 otherwise (errno set). +- * +- * On errors, *@uidp and *@gidp are set to INVALID_UIDGID. +- */ +-static int get_uidgid(pid_t pid, uid_t *uidp, gid_t *gidp) ++static int map_id(pid_t pid, const char *map, unsigned int *idp) + { +- char path[PROC_PID_PATH_MAXLEN] = {}, buf[256]; ++ unsigned long long ns_start, host_start, range; ++ char map_path[ID_MAP_PATH_MAX]; ++ int map_path_size = sizeof(map_path); ++ unsigned int id; + FILE *fp = NULL; +- int ret; ++ int ret = 1; + +- errno = 0; +- if (pid < 0 || (!uidp && !gidp)) { +- errno = EINVAL; +- return -1; +- } ++ errno = EINVAL; ++ if (pid < 0 || !map || !idp || *idp == UINT_MAX) ++ goto out; + +- if (uidp) +- *uidp = INVALID_UIDGID; +- +- if (gidp) +- *gidp = INVALID_UIDGID; +- +- ret = snprintf(path, PROC_PID_PATH_MAXLEN, "/proc/%d/status", pid); +- if (ret < 0 || ret >= PROC_PID_PATH_MAXLEN) { +- if (!errno) ++ ret = snprintf(map_path, map_path_size, "/proc/%d/%s", pid, map); ++ if (ret < 0 || ret >= map_path_size) { ++ if (ret >= map_path_size) + errno = ENAMETOOLONG; +- return -1; ++ ret = 1; ++ goto out; + } + +- fp = fopen(path, "r"); +- if (!fp) { +- ret = -1; ++ ret = 1; ++ fp = fopen(map_path, "r"); ++ if (!fp) + goto out; +- } + +- /* Parse /proc/pid/status fields */ +- errno = 0; +- ret = -1; +- while (fgets(buf, 256, fp)) { +- unsigned long long val; ++ /* ++ * The map files have the same format: ++ * ++ * ... ( = (*@idp - ) + ++ * ++ * - IDs: [0, UINT_MAX - 1] ++ * - range: [1, UINT_MAX], where range == UINT_MAX requires both ID ranges to start at 0, ++ * which then means this is an init host NS mapping (and that's ok) ++ * ++ * The formula itself would be enough to "validate" a matching NS ID, but we don't want to ++ * keep parsing a malformed map file, no matter how unlikely/impossible it is to happen. ++ * Same reason values are parsed as 'unsigned long long', so we can check for bogus data. ++ */ ++ id = UINT_MAX; ++ errno = ENODATA; ++ while (fscanf(fp, "%llu %llu %llu", &ns_start, &host_start, &range) == 3) { ++ if (ns_start >= UINT_MAX || host_start >= UINT_MAX || ++ range > UINT_MAX || range == 0) { ++ errno = EINVAL; ++ ret = 1; ++ break; ++ } + +- errno = ENODATA; +- if ((!uidp || strncmp(buf, "Uid:", 4)) && (!gidp || strncmp(buf, "Gid:", 4))) +- continue; ++ if (range == UINT_MAX && (ns_start != 0 || host_start != 0)) { ++ errno = EINVAL; ++ ret = 1; ++ break; ++ } + +- errno = 0; ++ if (host_start + range > UINT_MAX || ns_start + range > UINT_MAX) { ++ errno = EINVAL; ++ ret = 1; ++ break; ++ } + + /* +- * Example line format (same for both Uid/Gid): +- * "Uid:\t%u\t%u\%u\%u" ++ * Check if host ID fits this line. ++ * Our desired NS ID may be in any line of the file. + * +- * Where the numbers represents: +- * ++ * Note: new{uid,gid}map tools (that creates the map files) don't allow multiple ++ * maps (NS IDs) to the same host ID. + * +- * We're only interested in the value. ++ * If we get a match here, we'll save it, but we continue parsing the file. ++ * If we happen to find a duplicate, it's possible this is a rogue file trying to ++ * bypass these checks. + * +- * (field names "Uid:"/"Gid:" parsed above, skip it) ++ * In such cases, discard the match and return EOPNOTSUPP, as returning a ++ * successful match could lead to disastrous results. + */ +- ret = sscanf(&buf[0] + 4, "%llu", &val); +- if (ret != 1) { +- ret = -1; +- if (errno) ++ if (*idp >= host_start && *idp < host_start + range) { ++ /* This means we found a duplicate */ ++ if (!ret) { ++ ret = 1; ++ errno = EOPNOTSUPP; ++ syslog(LOG_ERR, "%s has multiple mapped IDs for %u (unsupported)", ++ map, *idp); + break; +- continue; +- } ++ } + +- ret = -1; +- if (val >= UINT_MAX) { +- errno = EINVAL; +- break; +- } +- +- if (uidp && !strncmp(buf, "Uid:", 4)) +- *uidp = (uid_t)val; +- else +- *gidp = (gid_t)val; +- +- if ((!uidp || *uidp != INVALID_UIDGID) && (!gidp || *gidp != INVALID_UIDGID)) { +- errno = 0; ++ id = (*idp - host_start) + ns_start; + ret = 0; +- break; ++ errno = 0; + } + } ++ ++ /* This means errno was reset by fscanf() without finding anything */ ++ if (ret && errno == 0) ++ errno = ENODATA; + out: +- if (fp) ++ if (fp) { ++ int err = errno; ++ + fclose(fp); ++ /* Ignore fclose() errors */ ++ errno = err; ++ } + ++ if (!ret) { ++ *idp = id; ++ errno = 0; ++ } else { ++ syslog(LOG_DEBUG, "%s(pid=%d, map=%s, id=%u): %s", __func__, pid, map, *idp, ++ strerror(errno)); ++ } ++ ++ return ret; ++} ++ ++/* ++ * map_uidgid() - Map (real) UID/GID from init host NS to user NS. ++ * @pid: host NS PID ++ * @uidp: (in) host UID, (out) NS UID ++ * @gidp: (in) host GID, (out) NS GID ++ * ++ * Parse /proc/@pid/{uid,gid}_map files to get NS UID/GID values. ++ * Since @pid is expected to be a host NS PID, this must be called before switching namespaces. ++ * ++ * Note: we can't use /proc/self here because we haven't switched NS yet, so {uid,gid}_map files ++ * would contain host NS values. ++ * ++ * Return: 0 on success, 1 otherwise (errno set). ++ */ ++static int map_uidgid(pid_t pid, uid_t *uidp, gid_t *gidp) ++{ ++ uid_t orig_uid; ++ gid_t orig_gid; ++ int ret = 1; ++ ++ errno = EINVAL; ++ if (!uidp || !gidp) ++ goto out; ++ ++ orig_uid = *uidp; ++ orig_gid = *gidp; ++ ++ ret = map_id(pid, "uid_map", uidp); + if (ret) { +- syslog(LOG_DEBUG, "%s(pid=%d): %s", __func__, pid, strerror(errno)); +- if (uidp) +- *uidp = INVALID_UIDGID; +- +- if (gidp) +- *gidp = INVALID_UIDGID; ++ if (errno == ENODATA) ++ syslog(LOG_ERR, "UID %u not mapped in this namespace (unsupported)", ++ orig_uid); ++ goto out; + } + ++ ret = map_id(pid, "gid_map", gidp); ++ if (ret && errno == ENODATA) ++ syslog(LOG_ERR, "GID %u not mapped in this namespace (unsupported)", ++ orig_gid); ++out: ++ if (ret && errno != ENODATA) ++ syslog(LOG_ERR, "%s: %s", __func__, strerror(errno)); ++ else if (!ret) ++ syslog(LOG_DEBUG, "host %u:%u -> NS %u:%u", orig_uid, orig_gid, *uidp, *gidp); ++ + return ret; + } + +@@ -1534,6 +1587,7 @@ int main(const int argc, char *const argv[]) + const char *oid; + uid_t uid; + gid_t gid; ++ struct passwd *pw; + char *keytab_name = NULL; + char *env_cachename = NULL; + krb5_ccache ccache = NULL; +@@ -1680,12 +1734,52 @@ int main(const int argc, char *const argv[]) + goto out; + } + ++ /* ++ * 'uid' always points to a host UID, so we must get the corresponding host GID. ++ * It's safe to call getpwuid() here because we're still on host NS, i.e. caller ++ * application has no control over custom NSS modules. ++ * ++ * FIXME: if UID is from another NS, or a subuid, this will fail on mount. ++ */ ++ errno = 0; ++ pw = getpwuid(uid); ++ if (!pw) { ++ syslog(LOG_ERR, "failed to retrieve GID from UID %u: %s", uid, ++ strerror(errno ? errno : ENOENT)); ++ rc = 1; ++ goto out; ++ } ++ ++ gid = pw->pw_gid; ++ ++ /* ++ * We can't reasonably do this for root. When mounting a DFS share, ++ * for instance we can end up with creds being overridden, but the env ++ * variable left intact. ++ * ++ * Always check this before NS UID mapping. ++ */ ++ if (uid == 0) ++ env_probe = false; ++ + /* + * Change to the process's namespace. This means that things will work + * acceptably in containers, because we'll be looking at the correct + * filesystem and have the correct network configuration. + */ + if (arg->upcall_target == UPTARGET_APP || arg->upcall_target == UPTARGET_UNSPECIFIED) { ++ /* ++ * Map host 'uid' and 'gid' to the target user NS. ++ * ++ * Any scenario that involves unmapped UIDs or primary GIDs is not supported -- we ++ * don't have, and can't find, all the info that would be necessary to find a ++ * UID/GID within all the possible NS combinations. ++ */ ++ if (!in_same_user_ns(arg->pid, getpid())) { ++ rc = map_uidgid(arg->pid, &uid, &gid); ++ if (rc) ++ goto out; ++ } + syslog(LOG_INFO, "upcall_target=app, switching namespaces to application thread"); + arg->upcall_target = UPTARGET_APP; + rc = switch_to_process_ns(arg->pid); +@@ -1700,25 +1794,6 @@ int main(const int argc, char *const argv[]) + syslog(LOG_INFO, "upcall_target=mount, not switching namespaces to application thread"); + } + +- /* +- * We can't reasonably do this for root. When mounting a DFS share, +- * for instance we can end up with creds being overridden, but the env +- * variable left intact. +- */ +- if (uid == 0) +- env_probe = false; +- +- /* +- * FIXME: this only works if we haven't switched PID namespaces. +- * If we did, /proc/arg->pid/ might not exist, or worse, point to something else. +- */ +- rc = get_uidgid(arg->pid, &uid, &gid); +- if (rc) { +- syslog(LOG_ERR, "get_uidgid (NS): %s", strerror(errno)); +- rc = 1; +- goto out; +- } +- + rc = setgid(gid); + if (rc) { + syslog(LOG_ERR, "setgid: %s", strerror(errno)); +-- +2.55.0 + diff --git a/SOURCES/docs-Enable-debug-logs.patch b/SOURCES/docs-Enable-debug-logs.patch deleted file mode 100644 index 08c829b..0000000 --- a/SOURCES/docs-Enable-debug-logs.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 224512b9e62c886fd8d9802bc50a7702c4fe4517 Mon Sep 17 00:00:00 2001 -From: Pierguido Lambri -Date: Fri, 30 Jan 2026 14:11:27 +0000 -Subject: [PATCH 2/3] docs: Enable debug logs - -Documented a new option '-d' to enable debug logs. -By default only error logs are enabled, with this new option -debug logs can be enabled when needed. - -Signed-off-by: Pierguido Lambri -Reviewed-by: Paulo Alcantara (Red Hat) ---- - cifs.upcall.rst.in | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/cifs.upcall.rst.in b/cifs.upcall.rst.in -index 09d0503591d6..895efc53ef50 100644 ---- a/cifs.upcall.rst.in -+++ b/cifs.upcall.rst.in -@@ -11,7 +11,7 @@ Userspace upcall helper for Common Internet File System (CIFS) - SYNOPSIS - ******** - -- cifs.upcall [--trust-dns|-t] [--version|-v] [--legacy-uid|-l] -+ cifs.upcall [--trust-dns|-t] [--version|-v] [--legacy-uid|-l] [--debug|-d] - [--krb5conf=/path/to/krb5.conf|-k /path/to/krb5.conf] - [--keytab=/path/to/keytab|-K /path/to/keytab] [--expire|-e nsecs] {keyid} - -@@ -38,6 +38,9 @@ OPTIONS - -c - This option is deprecated and is currently ignored. - -+--debug|-d -+ Enable debug logs. By default no debug messages are logged, only errors. -+ - --no-env-probe|-E - Normally, ``cifs.upcall`` will probe the environment variable space of - the process that initiated the upcall in order to fetch the value of --- -2.52.0 - diff --git a/SPECS/cifs-utils.spec b/SPECS/cifs-utils.spec index 40546f2..e95c9df 100644 --- a/SPECS/cifs-utils.spec +++ b/SPECS/cifs-utils.spec @@ -1,8 +1,8 @@ ## START: Set by rpmautospec -## (rpmautospec version 0.6.5) +## (rpmautospec version 0.8.4) ## RPMAUTOSPEC: autorelease, autochangelog %define autorelease(e:s:pb:n) %{?-p:0.}%{lua: - release_number = 1; + release_number = 2; base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}")); print(release_number + base_release_number - 1); }%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}} @@ -14,7 +14,7 @@ %global bash_completion_dir %(pkg-config --variable=completionsdir bash-completion || echo /etc/bash_completion.d) Name: cifs-utils -Version: 7.5 +Version: 7.6 Release: %autorelease Summary: Utilities for mounting and managing CIFS mounts @@ -34,9 +34,8 @@ Recommends: %{name}-info%{?_isa} = %{version}-%{release} Source0: https://download.samba.org/pub/linux-cifs/cifs-utils/%{name}-%{version}.tar.bz2 -Patch0: cifs.upcall-add-option-to-enable-debug-logs.patch -Patch1: docs-Enable-debug-logs.patch -Patch2: cifs.upcall-Adjust-log-level.patch +Patch0: cifs.upcall-fix-compiler-warning-with-Wvla.patch +Patch1: cifs.upcall-fix-regression-with-krb5-creduid.patch %description The SMB/CIFS protocol is a standard file sharing protocol widely deployed @@ -144,11 +143,18 @@ about CIFS mount. %changelog ## START: Generated by rpmautospec -* Wed Feb 04 2026 Paulo Alcantara - 7.5-1 -- resolves: RHEL-146305 - Enable debug logs in cifs.upcall +* Tue Jul 07 2026 Paulo Alcantara - 7.6-2 +- resolves: RHEL-192982 - fix krb5 mount regression + +* Wed Jun 24 2026 Paulo Alcantara - 7.6-1 +- Update to version 7.6 +- resolves: RHEL-185761 - CVE-2026-12505 cifs-utils: LPE via cifs.spnego + +* Tue Feb 03 2026 Paulo Alcantara - 7.5-1 +- resolves: RHEL-127499 - Enable debug logs in cifs.upcall * Wed Nov 26 2025 Paulo Alcantara - 7.4-1 -- resolves: RHEL-131406 - fix regression with cifscreds(1) +- resolves: RHEL-110765 - fix regression with cifscreds(1) * Fri Mar 07 2025 Paulo Alcantara - 7.2-1 - resolves: RHEL-82680 - Update to version 7.2