X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:reply-to:date:from:to:subject:message-id :mime-version:content-type; q=dns; s=default; b=ONoKSyyAtihYCsZB +sHR8OrQ48VIrj/myfD4x5Gh/uQVklf3tQ4yRDXJsnGDr4/Swmq7mhYoDDysNaBB SvN0We3PSQ1RMcdO3bQ+MvGF1JG/3rIYR3yyaIdg0FLf24BNjvOlMuJLcSGl+H3M M9ITsujbZJHYiCY5COI7S0zQnJE= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:reply-to:date:from:to:subject:message-id :mime-version:content-type; s=default; bh=tujTiRZJRjJWECgVyL1OLT sCgGg=; b=C5LbjEQWMWk4/8ZAcbZWwV2e04EyevnviEajb9zAtgI2hrR6GfAosu rECMHg68tW0lC+0o7qPPPuchBcPbpT8M4/sjrHVdU4H68utUefYX8eemh2z2xKJC s/Q3yigdzpznGLSmrVfh9p8MCyKA4fKcOK9twH6OCdE5HYuXyFAMk= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-HELO: localhost.localdomain Reply-To: cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-4.1 required=5.0 tests=AWL,BAYES_40,KAM_ASCII_DIVIDERS,KAM_LAZY_DOMAIN_SECURITY autolearn=no version=3.3.2 Date: Fri, 27 Nov 2015 16:08:27 +0100 From: Corinna Vinschen To: cygwin AT cygwin DOT com Subject: [ANNOUNCEMENT] TEST RELEASE: Cygwin 2.4.0-0.5 Message-Id: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline User-Agent: Mutt/1.5.23 (2014-03-12) Hi Cygwin friends and users, I released a new TEST version of Cygwin, 2.4.0-0.5. There are three bugfixes compared to 2.4.0-0.4: - Fix handling of relative paths in native symlinks if the target is in a drive's root dir or one level below. Addresses: https://cygwin.com/ml/cygwin/2015-11/msg00277.html - Fix a SEGV when calling `kill -l 0'. Addresses: https://cygwin.com/ml/cygwin/2015-11/msg00430.html - Fix a race condition in signal handling. Addresses: https://cygwin.com/ml/cygwin/2015-11/msg00387.html ====================================================================== If this code is acceptable, I will create an official 2.4.0 release in a week. ====================================================================== This is the "new POSIX ACL handling reloaded" release. In local testing I successfully integrated AuthZ into the current Cygwin code to generate more correct user permissions by being able to generate effective permissions for arbitrary users. This success convinced me that it might be possible to pick up the POSIX permission rewrite originally targeted for the 2.0.0 release and try to update it using AuthZ and generally revamp it to reflect effective permissions better. My local testing looks good, but this is a major change, so this code really needs a lot more testing in various scenarios. Especially some Windows ACLs created in corporate environments are often a hard nut to crack, and the example from https://cygwin.com/ml/cygwin/2015-04/msg00513.html which was the ultimate downfall of the original implementation is the stuff which needs some good testing. There's, as usual, a downside: AuthZ leans a bit to the slow side. Cygwin caches information already gathered once on a per-process basis, but in locally crafted worst case scenarios (`ls' on lots of file owned by lots of different users and groups) the slowdown may be up to 25%. But that's really just a worst case, in the usual scenarios the slowdown should be mostly unnoticable. To alleviate the problem, the AuthZ code is fortunately only called for non-Cygwin ACLs and Cygwin ACLs created before this release. Within a pure Cygwin environment (e.g., some build directory only used with Cygwin tools) AuthZ should be practically unused. Apart from the aforementioned code changes to "just do it right", there are two additional changes I implemented for this new POSIX ACL revamp release: - I reverted the questionable change I added to 2.0.0-0.7 in terms of chmod group permission handling. The original description of this change was: If you have a non-trivial ACL with secondary accounts and thus a mask value, chmod is supposed to change only the mask, not the permissions of the primary group. However, if the primary group has few permissions to begin with, the result is really surprising. ls -l would, e.g., show read/write perms for the group, but the group might still have only read perms. Personally I find this chmod behaviour really, really bad, so I took the liberty to change it in a way which gives a much less surprising result: If you call chmod on a non-trivial ACL, the group permissions will be used for the primary group and the mask. - setfacl(1) now accepts the combination of the -b and -k options, just as on Linux. As for the description what this implementation strives for, please see http://linux.die.net/man/5/acl ============================================================================ What's new: ----------- - New, unified implementation of POSIX permission and ACL handling. The new ACLs now store the POSIX ACL MASK/CLASS_OBJ permission mask, and they allow to inherit the S_ISGID bit. ACL inheritance now really works as desired, in a limited, but theoretically equivalent fashion even for non-Cygwin processes. To accommodate Windows default ACLs, the new code ignores SYSTEM and Administrators group permissions when computing the MASK/CLASS_OBJ permission mask on old ACLs, and it doesn't deny access to SYSTEM and Administrators group based on the value of MASK/CLASS_OBJ when creating the new ACLs. The new code now handles the S_ISGID bit on directories as on Linux: Setting S_ISGID on a directory causes new files and subdirs created within to inherit its group, rather than the primary group of the user who created the file. This only works for files and directories created by Cygwin processes. - New API: rpmatch. What changed: ------------- - setfacl(1) now allows to use the -b and -k option combined to allow reducing an ACL to only reflect standard POSIX permissions. - Fix (numeric and monetary) decimal point and thousands separator in fa_IR and ps_AF locales to be aligned with Linux. Bug Fixes --------- - Replaced old, buggy strtold implementation with well-tested gdtoa version from David M. Gay. Addresses: https://cygwin.com/ml/cygwin/2015-11/msg00205.html ============================================================================ Have fun, Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple