You have been subscribed to a public bug by Andreas Hasenack (ahasenack):
Please sync cifs-utils 2:6.7-1 (main) from Debian unstable (main)
Explanation of the Ubuntu delta and why it can be dropped:
* Merge from Debian unstable (LP: #1660372). Remaining changes:
- debian/patches/stat_systemd-ask-password.patch: also check for
/bin/systemd-ask-password before trying to use systemd's tools.
TL;DR the patch in our delta is to prevent a harmless error message from
popen() leaking through to the console in the case systemd-ask-password binary
does not exist in /bin, in which case the code falls back to using getpass():
ubuntu at 61-b1:~$ mount /ds216/downloads
sh: 1: systemd-ask-password: not found
Password for andreas@//ds216.lowtech/downloads: <type pass>
ubuntu at 61-b1:~$
It just doesn't seem worth carrying a delta for that. It's best to file
an upstream bug to have it properly fixed, which I did:
https://bugzilla.samba.org/show_bug.cgi?id=12971
Longer story:
When that patch was added by Ubuntu, the upstream code was like this:
"""
is_systemd_running = (lstat("/sys/fs/cgroup", &a) == 0)
&& (lstat("/sys/fs/cgroup/systemd", &b) == 0)
&& (a.st_dev != b.st_dev);
if (is_systemd_running) {
(...)
if (asprintf(&cmd, "/bin/systemd-ask-password \"%s\"", prompt) >= 0) {
ask_pass_fp = popen (cmd, "re");
free (cmd);
}
"""
If popen() can't find the binary, the code falls back to getpass(), but popen
prints an "ugly" error message before:
ubuntu at 61-b1:~$ mount /ds216/downloads
sh: 1: systemd-ask-password: not found
Password for andreas@//ds216.lowtech/downloads: <--- no "***" echoed: getpass() was used
ubuntu at 61-b1:~$
The ubuntu patch had the effect of not even trying to popen the missing binary,
thus avoiding the error message.
Upstream later changed the code slightly (see bug
https://bugzilla.samba.org/show_bug.cgi?id=10054):
"""
is_systemd_running = (lstat("/sys/fs/cgroup", &a) == 0)
&& (lstat("/sys/fs/cgroup/systemd", &b) == 0)
&& (a.st_dev != b.st_dev);
(...)
if (asprintf(&cmd, "systemd-ask-password \"%s\"", prompt) >= 0) {
ask_pass_fp = popen (cmd, "re");
free (cmd);
}
"""
That now searches for systemd-ask-password in $PATH. If it's not found, then
the error message is still printed, and getpass() is again used as a fallback.
The Ubuntu patch is still useful, but not complete now: it should search for
the binary in $PATH to match what popen does.
Perhaps the easiest solution is to just hide the popen error, since it's
handled anyway?
- if (asprintf(&cmd, "systemd-ask-password \"%s\"", prompt) >= 0) {
+ if (asprintf(&cmd, "systemd-ask-password \"%s\" 2>/dev/null", prompt) >= 0) {
I filed an upstream bug with that suggestion:
https://bugzilla.samba.org/show_bug.cgi?id=12971
Changelog entries since current artful version 2:6.6-5ubuntu1:
cifs-utils (2:6.7-1) unstable; urgency=medium
* New upstream release
- a6662ed: cifs.upcall: switch group IDs when handling an upcall
- 109c189: cifs.upcall: drop capabilities early in program
- ed97e4e: cifs.upcall: allow scraping of KRB5CCNAME out of initiating
task's /proc/<pid>/environ file (Closes: #854607)
- ec387af4: cifs.upcall: trim even more capabilities
- 2dcecd2: cifs.upcall: unset $KRB5CCNAME when creating new credcache from
keytab
- 9eaa21e: cifs.upcall: don't do env scraping when uid is 0
- 69949ba: cifs.upcall: use a MEMORY: ccache when instantiating from a keytab
- and more commits...
-- Mathieu Parent <sathieu at debian.org> Wed, 08 Mar 2017 22:21:54 +0100
** Affects: cifs-utils (Ubuntu)
Importance: Wishlist
Status: New
--
Sync cifs-utils 2:6.7-1 (main) from Debian unstable (main)
https://bugs.launchpad.net/bugs/1711134
You received this bug notification because you are a member of Ubuntu Sponsors Team, which is subscribed to the bug report.