Recent Commits to s3fs-fuse:master (9)

  • 13/04/2026 8:27

    Remove call to strcpy (#2844)

    gaul
    Remove call to strcpy (#2844)

This is safe but the memcpy approach is more efficient.  Also enable the
clang-tidy check.  Suggested by Claude.
  • 13/04/2026 8:26

    Use more secure std::random_device instead of rand (#2843)

    gaul
    Use more secure std::random_device instead of rand (#2843)

Suggested by Claude.
  • 13/04/2026 8:24

    Fix TOCTOU in mkdirp (#2842)

    gaul
    Fix TOCTOU in mkdirp (#2842)

It is safer to create the directory and let it fail with EEXIST than to
check then create.  Suggested by Claude.
  • 13/04/2026 8:18

    Assign correct SSL bundle on FreeBSD (#2841)

    gaul
    Assign correct SSL bundle on FreeBSD (#2841)

This has always been broken, at least since
5db550a29864248048c1ebd28e5d61f384024cfb.  Suggested by Claude.
  • 13/04/2026 8:17

    Set cache permissions to 700 (#2840)

    gaul
    Set cache permissions to 700 (#2840)

Claude flagged this world-writable directory.
  • 13/04/2026 8:03

    Upgrade to S3Proxy 3.1.0 (#2838)

    gaul
    Upgrade to S3Proxy 3.1.0 (#2838)

Also set Content-Type for s3_cp test helper curl's --data-binary
defaults Content-Type to application/x-www-form-urlencoded, which
causes Jetty 12 to drain the request body as form parameters before
S3Proxy 3.1.0 can hash it for x-amz-content-sha256 verification,
failing the check with 400 XAmzContentSHA256Mismatch. Send
application/octet-stream instead.  Release notes:

https://github.com/gaul/s3proxy/releases/tag/s3proxy-3.1.0
  • 11/04/2026 12:19

    Upgrade to S3Proxy 3.0.0 (#2837)

    gaul
    Upgrade to S3Proxy 3.0.0 (#2837)

Release notes:

https://github.com/gaul/s3proxy/releases/tag/s3proxy-3.0.0
  • 10/04/2026 2:05

    Revert #2783 to call PreventStatCacheExpire again

    ggtakec
    Revert #2783 to call PreventStatCacheExpire again
  • 10/04/2026 2:05

    Temporarily bypass a test fails to delete directories in macOS

    ggtakec
    Temporarily bypass a test fails to delete directories in macOS
  • 07/04/2026 2:50

    Bypass test_symlink on macOS

    ggtakec
    Bypass test_symlink on macOS
  • 06/04/2026 6:59

    Upgrade CI to Fedora 44 (#2831)

    gaul
    Upgrade CI to Fedora 44 (#2831)

Explicitly set -header-filter= to avoid system header warnings and
match behavior of earlier clang versions.
  • 06/04/2026 6:55

    Upgrade CI to Ubuntu 26.04 (#2830)

    gaul
    Upgrade CI to Ubuntu 26.04 (#2830)

Revert 25.10 workarounds now that rust-coreutils has upgraded.
  • 06/04/2026 6:54

    Simplify Darwin MIME file check to compile-time (#2829)

    gaul
    Simplify Darwin MIME file check to compile-time (#2829)

Remove now-unused compare_sysname function.
  • 01/04/2026 11:22

    Modernize OpenSSL digest and HMAC error handling (#2804)

    CarstenGrohmann
    Modernize OpenSSL digest and HMAC error handling (#2804)

* Remove support for OpenSSL < 1.1.1

OpenSSL 1.1.0+ manages threading internally and no longer requires
application-level locking callbacks. The init/cleanup functions
(ERR_load_crypto_strings, EVP_cleanup, etc.) are no-ops since 1.1.0.

- configure.ac: raise libcrypto minimum to 1.1.1, add
  compile-time version check using OPENSSL_VERSION_NUMBER,
  use DEPS_CFLAGS so non-default installations are
  detected correctly
- openssl_auth.cpp: remove ~90 lines of dead crypto
  mutex infrastructure and obsolete init/cleanup calls
- COMPILATION.md: document new minimum version

* Use shared EVP digest helper for md5 and sha256

Extract common EVP digest logic from s3fs_md5() and
s3fs_sha256() into s3fs_digest(). This replaces the
deprecated EVP_MD_CTX_create/destroy with RAII-managed
EVP_MD_CTX_new/free and adds error checking with OpenSSL
error strings for every EVP call.

The two s3fs_md5() variants (OpenSSL 1.1 and 3.0) were
identical and are now unified into a single implementation.

* Add shared EVP helper for file descriptor digests

Introduce s3fs_digest_fd(), analogous to s3fs_digest(),
to compute a message digest over a file descriptor using
RAII-managed EVP_MD_CTX with error checking and OpenSSL
error strings. Replace s3fs_sha256_fd() with a one-liner
wrapper, removing deprecated EVP_MD_CTX_create/destroy
and unchecked return values.

* Replace s3fs_md5_fd() with s3fs_digest_fd() wrapper

Both s3fs_md5_fd() variants (OpenSSL 3.0 and 1.1) are
replaced by a one-liner delegating to s3fs_digest_fd().
This removes the USE_OPENSSL_30 ifdef, the deprecated
MD5_Init/Update/Final calls, and the openssl/md5.h include.

* Remove USE_OPENSSL_30 build flag

The openssl_auth.cpp digest functions no longer have
separate code paths for OpenSSL 3.0 vs 1.1, making the
USE_OPENSSL_30 compile-time flag unused. Remove the
version detection in configure.ac, the AM_CONDITIONAL,
and the -D flag in Makefile.am.

* Add error handling to HMAC call

HMAC() returns nullptr on failure, but the return value
was not checked. Add the missing check with an OpenSSL
error message. Also add a debug message for null parameter
validation and simplify the duplicated HMAC() call by
selecting the algorithm upfront.
← March 2026

Log in