Recent Commits to s3fs-fuse:master (1)

Make some functions const and constexpr (#2823)

Suggested by Claude.

Enable bugprone-implicit-widening-of-multiplication-result (#2815)

Add tests for xattr functions (#2812)

Also move code to string_util to allow testing.  References #2810.

Avoid negative size_t arithmetic (#2814)

Raise minimum libxml2 version from 2.6 to 2.9

libxml2 2.9.0 (Sep 2012) disabled loading of external
parsed entities by default, which prevents XXE attacks
when parsing S3 API responses with options=0.

All CI targets already ship libxml2 >= 2.9.7

Harden XML parser against XXE attacks

Set XML_PARSE_NO_XXE or XML_PARSE_NONET on all
xmlReadMemory() calls to block external entity loading.
S3 responses never use DTDs.

fix build on FreeBSD

fix xattr pair parse error
When using macos timemachine by passing "user.DosStream.com.apple.lastuseddate#PS:$DATA":"AA=="

Update s3fs.cpp

Add security warnings for disabled SSL verification

Users disabling SSL certificate or hostname verification via
no_check_certificate or ssl_verify_hostname=0 were not adequately
warned about the security implications.

This helps prevent accidental deployment of insecure configurations
to production environments.

Fix ssl_verify_hostname documentation to match code

The documentation incorrectly stated default="2" for ssl_verify_hostname,
but the code defaults to 1 and only accepts values 0 or 1.

Abort requests when SSE headers cannot be set (#2806)

AddSseRequestHead() returned true even when the SSE-C key
lookup failed, and all eight callers logged a warning but
continued without encryption. If something goes wrong with
SSE setup, data would be sent unencrypted.

In practice the error path is unreachable today because
startup validation in FinalCheckSse() prevents s3fs from
running with SSE-C and an empty key list. But the code
should not rely on that -- if AddSseRequestHead fails, the
request must not proceed.

Return false from AddSseRequestHead on SSE-C key failure
and abort with -EIO at all call sites, consistent with how
PreHeadRequest already handles this case.

Use string literals more consistently (#2803)

This gives the std::string constructor access to the length and helps static
analysis.

Changed string::assign to explicitly specify last argument

Improved message output when check bucket error occurs

Add macOS compilation instructions (#2800)

Changed to not call PreventStatCacheExpire

Updated comments in FdManager::CleanupCacheDir

Mask sensitive authentication information to log

Add error logging to scope_guard cleanup functions

The scope_guard lambdas for close() and closedir() now check the
return value and log an error with errno if the call fails. The
error messages include the file or directory path to aid debugging.

urlencode prefix when checkbucket

Use scope_guard for directory handles to prevent leaks (#2790)

Fix memory leaks in multipart upload error paths

Delete thargs when ThreadPoolMan::Instruct() or AwaitInstruct() fails.
The thread parameter struct was allocated with new but never freed
when the thread pool rejected the work item, causing a memory leak
on each failed multipart upload part request.

Fix file descriptor leaks in error paths (#2788)

Changed to urandom instead of potentially conflicting RANDOM environment variable

All stat command calls in tests changed to use the STAT_BIN definition

Ignore pjdfstest in cppcheck (#2780)

Address cppcheck 2.19 warnings (#2781)

Improved about receiving a fatal error response from service check

Improve error-handling of OpenSSL 3.x functions (#2777)

References #2776.

Fixed a bug in SSE-C md5 calculation using GnuTLS

Update ChangeLog and configure.ac for 1.97

Fixes #2772.

Simplify brew upgrade and install (#2771)

Remove macOS GNU sed (#2770)

This was only used for the --unbuffered flag.

Upgrade CI to Alpine 3.23 (#2769)

Micro-optimize copies, compares, and logging (#2768)

Logging should eagerly evaluate the log level to avoid unnecessary
calls to parameters like calls to STR_OBJTYPE.  These contributed to
slow Valgrind test run-times.

Use more efficient line-buffered awk (#2766)

sed --unbuffered reads character-by-character.  This saves 3 seconds
of CPU time per test flag.

Simplify shellcheck target (#2767)

Do not honor -o nonempty when compiled with FUSE 3 (#2765)

Fixes #2760.

Update compilation instructions for FUSE 3 (#2758)

Update ChangeLog and configure.ac for 1.96

Fixes #2756.

Use JDK 25 on Ubuntu 25.10 (#2757)

Simplify comparisons via CaseInsensitiveStringView

Require FUSE 3 on Linux (#1867)

* Require FUSE 3 on Linux

This increases the maximum write size from 128 KB to 1 MB and supports
some interesting FUSE_READDIR_PLUS flags.  Remove stale
FUSE_CAP_BIG_WRITES and flag_utime_omit_ok options.  Fixes #1159.

* Conditionally support FUSE 2 on macOS

Simplify STR_OBJTYPE (#2755)

Remove unused headers (#2753)

Also bump static-checks to Fedora 43 to get
misc-include-cleaner.MissingIncludes configuration.

Upgrade to S3Proxy 2.9.0 (#2752)

Release notes:

https://github.com/gaul/s3proxy/releases/tag/s3proxy-2.8.0
https://github.com/gaul/s3proxy/releases/tag/s3proxy-2.9.0

Improved stat cache to include ListBucket results

Temporary test error workaround in Ubuntu 25.10

Change CI test macos from macos-13 to macos-14

Temporary handling of atime/ctime in test for Ubuntu25.10

Add missing parallelism to memory tests (#2744)

Upgrade CI to Fedora 43 (#2743)

Fix typos (#2742)

Add missing diffutils for openSUSE Leap CI, as 16.0 misses cmp otherwise

Add openSUSE Leap 16.0 to the CI

Added a flag to prevent stats cache expiration checks

Improved handling of XML parser errors

Fixed to not call xmlReadMemory if data length is 0