Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package cifs-utils for openSUSE:Factory
checked in at 2021-05-18 18:26:45
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/cifs-utils (Old)
and /work/SRC/openSUSE:Factory/.cifs-utils.new.2988 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cifs-utils"
Tue May 18 18:26:45 2021 rev:68 rq:893218 version:6.13
Changes:
--------
--- /work/SRC/openSUSE:Factory/cifs-utils/cifs-utils.changes 2021-04-27
21:34:24.619958916 +0200
+++ /work/SRC/openSUSE:Factory/.cifs-utils.new.2988/cifs-utils.changes
2021-05-18 18:27:03.618801735 +0200
@@ -1,0 +2,12 @@
+Fri May 14 11:13:47 UTC 2021 - Ferdinand Thiessen <r...@fthiessen.de>
+
+- Update to cifs-utils 6.13
+ * Fixes CVE-2021-20208, cifs.upcall kerberos auth leak in container
+ * remove cifs-utils-6.12.tar.bz2
+ * remove cifs-utils-6.12.tar.bz2.asc
+ * add cifs-utils-6.13.tar.bz2
+ * add cifs-utils-6.13.tar.bz2.asc
+- Drop upstream fixed patches:
+ * 0001-cifs.upcall-try-to-use-container-ipc-uts-net-pid-mnt.patch
+
+-------------------------------------------------------------------
Old:
----
0001-cifs.upcall-try-to-use-container-ipc-uts-net-pid-mnt.patch
cifs-utils-6.12.tar.bz2
cifs-utils-6.12.tar.bz2.asc
New:
----
cifs-utils-6.13.tar.bz2
cifs-utils-6.13.tar.bz2.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ cifs-utils.spec ++++++
--- /var/tmp/diff_new_pack.n1lFqg/_old 2021-05-18 18:27:04.038799914 +0200
+++ /var/tmp/diff_new_pack.n1lFqg/_new 2021-05-18 18:27:04.038799914 +0200
@@ -21,7 +21,7 @@
%endif
Name: cifs-utils
-Version: 6.12
+Version: 6.13
Release: 0
Summary: Utilities for doing and managing mounts of the Linux CIFS
filesystem
License: GPL-3.0-or-later
@@ -37,8 +37,7 @@
Source1: cifs.init
Patch1: fix-sbin-install-error.patch
-Patch2: 0001-cifs.upcall-try-to-use-container-ipc-uts-net-pid-mnt.patch
-Patch3: 0001-cifs.upcall-fix-regression-in-kerberos-mount.patch
+Patch2: 0001-cifs.upcall-fix-regression-in-kerberos-mount.patch
# Both SSSD and cifs-utils provide an idmap plugin for cifs.ko
# /etc/cifs-utils/idmap-plugin should be a symlink to one of the 2 idmap
plugins
@@ -136,7 +135,6 @@
%patch1 -p1
%patch2 -p1
-%patch3 -p1
%build
export CFLAGS="%{optflags} -D_GNU_SOURCE -fpie"
++++++ cifs-utils-6.12.tar.bz2 -> cifs-utils-6.13.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cifs-utils-6.12/autom4te.cache/output.0
new/cifs-utils-6.13/autom4te.cache/output.0
--- old/cifs-utils-6.12/autom4te.cache/output.0 2020-12-31 19:48:31.000000000
+0100
+++ new/cifs-utils-6.13/autom4te.cache/output.0 2021-04-13 01:59:30.000000000
+0200
@@ -1,6 +1,6 @@
@%:@! /bin/sh
@%:@ Guess values for system-dependent variables and create Makefiles.
-@%:@ Generated by GNU Autoconf 2.69 for cifs-utils 6.12.
+@%:@ Generated by GNU Autoconf 2.69 for cifs-utils 6.13.
@%:@
@%:@ Report bugs to <linux-c...@vger.kernel.org>.
@%:@
@@ -580,8 +580,8 @@
# Identity of this package.
PACKAGE_NAME='cifs-utils'
PACKAGE_TARNAME='cifs-utils'
-PACKAGE_VERSION='6.12'
-PACKAGE_STRING='cifs-utils 6.12'
+PACKAGE_VERSION='6.13'
+PACKAGE_STRING='cifs-utils 6.13'
PACKAGE_BUGREPORT='linux-c...@vger.kernel.org'
PACKAGE_URL='https://wiki.samba.org/index.php/LinuxCIFS_utils'
@@ -1338,7 +1338,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures cifs-utils 6.12 to adapt to many kinds of systems.
+\`configure' configures cifs-utils 6.13 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1409,7 +1409,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of cifs-utils 6.12:";;
+ short | recursive ) echo "Configuration of cifs-utils 6.13:";;
esac
cat <<\_ACEOF
@@ -1537,7 +1537,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-cifs-utils configure 6.12
+cifs-utils configure 6.13
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2006,7 +2006,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by cifs-utils $as_me 6.12, which was
+It was created by cifs-utils $as_me 6.13, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -2876,7 +2876,7 @@
# Define the identity of the package.
PACKAGE='cifs-utils'
- VERSION='6.12'
+ VERSION='6.13'
cat >>confdefs.h <<_ACEOF
@@ -6837,7 +6837,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by cifs-utils $as_me 6.12, which was
+This file was extended by cifs-utils $as_me 6.13, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -6904,7 +6904,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //;
s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-cifs-utils config.status 6.12
+cifs-utils config.status 6.13
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cifs-utils-6.12/autom4te.cache/output.1
new/cifs-utils-6.13/autom4te.cache/output.1
--- old/cifs-utils-6.12/autom4te.cache/output.1 2020-12-31 19:48:33.000000000
+0100
+++ new/cifs-utils-6.13/autom4te.cache/output.1 2021-04-13 01:59:33.000000000
+0200
@@ -1,6 +1,6 @@
@%:@! /bin/sh
@%:@ Guess values for system-dependent variables and create Makefiles.
-@%:@ Generated by GNU Autoconf 2.69 for cifs-utils 6.12.
+@%:@ Generated by GNU Autoconf 2.69 for cifs-utils 6.13.
@%:@
@%:@ Report bugs to <linux-c...@vger.kernel.org>.
@%:@
@@ -580,8 +580,8 @@
# Identity of this package.
PACKAGE_NAME='cifs-utils'
PACKAGE_TARNAME='cifs-utils'
-PACKAGE_VERSION='6.12'
-PACKAGE_STRING='cifs-utils 6.12'
+PACKAGE_VERSION='6.13'
+PACKAGE_STRING='cifs-utils 6.13'
PACKAGE_BUGREPORT='linux-c...@vger.kernel.org'
PACKAGE_URL='https://wiki.samba.org/index.php/LinuxCIFS_utils'
@@ -1338,7 +1338,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures cifs-utils 6.12 to adapt to many kinds of systems.
+\`configure' configures cifs-utils 6.13 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1409,7 +1409,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of cifs-utils 6.12:";;
+ short | recursive ) echo "Configuration of cifs-utils 6.13:";;
esac
cat <<\_ACEOF
@@ -1537,7 +1537,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-cifs-utils configure 6.12
+cifs-utils configure 6.13
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2006,7 +2006,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by cifs-utils $as_me 6.12, which was
+It was created by cifs-utils $as_me 6.13, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -2876,7 +2876,7 @@
# Define the identity of the package.
PACKAGE='cifs-utils'
- VERSION='6.12'
+ VERSION='6.13'
cat >>confdefs.h <<_ACEOF
@@ -6837,7 +6837,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by cifs-utils $as_me 6.12, which was
+This file was extended by cifs-utils $as_me 6.13, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -6904,7 +6904,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //;
s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-cifs-utils config.status 6.12
+cifs-utils config.status 6.13
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cifs-utils-6.12/autom4te.cache/requests
new/cifs-utils-6.13/autom4te.cache/requests
--- old/cifs-utils-6.12/autom4te.cache/requests 2020-12-31 19:48:33.000000000
+0100
+++ new/cifs-utils-6.13/autom4te.cache/requests 2021-04-13 01:59:33.000000000
+0200
@@ -37,58 +37,58 @@
'configure.ac'
],
{
- '_AM_PROG_TAR' => 1,
- 'AM_SET_LEADING_DOT' => 1,
- 'PKG_CHECK_EXISTS' => 1,
- '_AM_AUTOCONF_VERSION' => 1,
- 'AC_CONFIG_MACRO_DIR_TRACE' => 1,
+ 'AC_LIBCAP' => 1,
'_PKG_SHORT_ERRORS_SUPPORTED' => 1,
+ 'm4_include' => 1,
+ '_AM_CONFIG_MACRO_DIRS' => 1,
+ '_AM_DEPENDENCIES' => 1,
+ 'AC_TEST_WBCHL' => 1,
+ 'AM_SANITY_CHECK' => 1,
+ 'AM_MISSING_HAS_RUN' => 1,
+ 'AM_SET_CURRENT_AUTOMAKE_VERSION' => 1,
+ 'AM_RUN_LOG' => 1,
+ 'PKG_CHECK_MODULES_STATIC' => 1,
+ 'AM_SILENT_RULES' => 1,
+ 'AC_CONFIG_MACRO_DIR' => 1,
+ 'AM_MISSING_PROG' => 1,
+ 'm4_pattern_allow' => 1,
'AM_SET_DEPDIR' => 1,
- 'PKG_INSTALLDIR' => 1,
'_AM_SET_OPTIONS' => 1,
- 'AU_DEFUN' => 1,
- '_AM_IF_OPTION' => 1,
'AM_INIT_AUTOMAKE' => 1,
- 'AM_PROG_CC_C_O' => 1,
+ 'AM_PROG_INSTALL_SH' => 1,
+ 'AM_AUTOMAKE_VERSION' => 1,
+ 'AM_SUBST_NOTMAKE' => 1,
+ 'AU_DEFUN' => 1,
'PKG_NOARCH_INSTALLDIR' => 1,
- 'PKG_CHECK_VAR' => 1,
'm4_pattern_forbid' => 1,
- 'AM_PROG_INSTALL_STRIP' => 1,
+ 'AM_MAKE_INCLUDE' => 1,
+ '_AC_AM_CONFIG_HEADER_HOOK' => 1,
+ '_m4_warn' => 1,
+ 'AM_DEP_TRACK' => 1,
+ 'PKG_INSTALLDIR' => 1,
+ 'AM_PROG_CC_C_O' => 1,
'AC_DEFUN' => 1,
+ 'include' => 1,
+ '_AM_SUBST_NOTMAKE' => 1,
+ '_AM_AUTOCONF_VERSION' => 1,
+ 'AM_PROG_INSTALL_STRIP' => 1,
+ '_AM_PROG_TAR' => 1,
+ '_AM_SET_OPTION' => 1,
'PKG_PROG_PKG_CONFIG' => 1,
- 'AM_MISSING_PROG' => 1,
- 'PKG_CHECK_MODULES_STATIC' => 1,
- 'AC_CONFIG_MACRO_DIR' => 1,
+ 'PKG_CHECK_VAR' => 1,
'_AM_PROG_CC_C_O' => 1,
- 'AM_MISSING_HAS_RUN' => 1,
- '_AM_OUTPUT_DEPENDENCY_COMMANDS' => 1,
- '_AM_SET_OPTION' => 1,
'AC_TEST_WBC_IDMAP_BOTH' => 1,
- 'AC_TEST_WBCHL' => 1,
- 'AM_PROG_INSTALL_SH' => 1,
- '_AC_AM_CONFIG_HEADER_HOOK' => 1,
- 'AM_SUBST_NOTMAKE' => 1,
- 'AM_SILENT_RULES' => 1,
- 'AM_SET_CURRENT_AUTOMAKE_VERSION' => 1,
'PKG_CHECK_MODULES' => 1,
- 'm4_include' => 1,
- '_AM_SUBST_NOTMAKE' => 1,
- '_m4_warn' => 1,
- 'AM_CONDITIONAL' => 1,
- 'm4_pattern_allow' => 1,
- 'AM_MAKE_INCLUDE' => 1,
- 'include' => 1,
- '_AM_CONFIG_MACRO_DIRS' => 1,
- 'AC_DEFUN_ONCE' => 1,
- '_AM_DEPENDENCIES' => 1,
- 'AM_DEP_TRACK' => 1,
- 'AM_RUN_LOG' => 1,
'AM_AUX_DIR_EXPAND' => 1,
- '_AM_MANGLE_OPTION' => 1,
- 'AC_LIBCAP' => 1,
- 'AM_SANITY_CHECK' => 1,
+ 'AC_DEFUN_ONCE' => 1,
+ 'AM_CONDITIONAL' => 1,
'AM_OUTPUT_DEPENDENCY_COMMANDS' => 1,
- 'AM_AUTOMAKE_VERSION' => 1
+ '_AM_MANGLE_OPTION' => 1,
+ 'AM_SET_LEADING_DOT' => 1,
+ 'PKG_CHECK_EXISTS' => 1,
+ 'AC_CONFIG_MACRO_DIR_TRACE' => 1,
+ '_AM_OUTPUT_DEPENDENCY_COMMANDS' => 1,
+ '_AM_IF_OPTION' => 1
}
], 'Autom4te::Request' ),
bless( [
@@ -103,66 +103,66 @@
'configure.ac'
],
{
- 'm4_include' => 1,
- '_AM_SUBST_NOTMAKE' => 1,
- 'AM_EXTRA_RECURSIVE_TARGETS' => 1,
- 'AM_PROG_FC_C_O' => 1,
- 'sinclude' => 1,
- 'AC_FC_PP_DEFINE' => 1,
+ 'AM_PROG_CXX_C_O' => 1,
'AM_CONDITIONAL' => 1,
- 'm4_pattern_allow' => 1,
- 'AC_INIT' => 1,
- '_m4_warn' => 1,
- 'AC_FC_PP_SRCEXT' => 1,
- 'AC_CONFIG_FILES' => 1,
- '_LT_AC_TAGCONFIG' => 1,
- 'AC_CONFIG_LIBOBJ_DIR' => 1,
+ 'AC_FC_SRCEXT' => 1,
+ 'AC_CANONICAL_SYSTEM' => 1,
+ 'AC_PROG_LIBTOOL' => 1,
+ 'LT_CONFIG_LTDL_DIR' => 1,
+ 'AC_LIBSOURCE' => 1,
'AM_PROG_MKDIR_P' => 1,
+ 'AM_PROG_F77_C_O' => 1,
+ 'LT_SUPPORTED_TAG' => 1,
'm4_sinclude' => 1,
- 'AM_SILENT_RULES' => 1,
- 'AM_PROG_AR' => 1,
+ 'AC_CANONICAL_TARGET' => 1,
+ 'AM_PROG_MOC' => 1,
+ '_AM_COND_ENDIF' => 1,
'AC_CANONICAL_BUILD' => 1,
- 'AC_REQUIRE_AUX_FILE' => 1,
- 'AM_MAINTAINER_MODE' => 1,
+ '_m4_warn' => 1,
+ 'AC_DEFINE_TRACE_LITERAL' => 1,
+ 'AM_PROG_AR' => 1,
+ 'AC_INIT' => 1,
'AC_SUBST' => 1,
- 'AM_PATH_GUILE' => 1,
- 'AM_PROG_F77_C_O' => 1,
- 'AM_GNU_GETTEXT_INTL_SUBDIR' => 1,
- 'AM_AUTOMAKE_VERSION' => 1,
- 'AM_PROG_CXX_C_O' => 1,
+ 'AM_MAINTAINER_MODE' => 1,
+ 'AC_CONFIG_SUBDIRS' => 1,
+ 'm4_pattern_forbid' => 1,
+ '_AM_SUBST_NOTMAKE' => 1,
+ 'include' => 1,
+ 'AM_PROG_CC_C_O' => 1,
+ 'AC_FC_PP_SRCEXT' => 1,
'AM_MAKEFILE_INCLUDE' => 1,
- 'AC_LIBSOURCE' => 1,
- 'AM_POT_TOOLS' => 1,
- 'AC_DEFINE_TRACE_LITERAL' => 1,
- 'AC_SUBST_TRACE' => 1,
'AC_CONFIG_AUX_DIR' => 1,
- 'LT_CONFIG_LTDL_DIR' => 1,
- 'include' => 1,
- 'AM_ENABLE_MULTILIB' => 1,
- 'LT_SUPPORTED_TAG' => 1,
- 'AH_OUTPUT' => 1,
- 'AC_FC_FREEFORM' => 1,
- '_AM_COND_ENDIF' => 1,
- '_AM_MAKEFILE_INCLUDE' => 1,
- 'AC_CANONICAL_TARGET' => 1,
+ 'm4_pattern_allow' => 1,
+ 'AM_PROG_FC_C_O' => 1,
+ 'AM_AUTOMAKE_VERSION' => 1,
+ 'AC_CANONICAL_HOST' => 1,
+ 'AC_REQUIRE_AUX_FILE' => 1,
+ 'AM_INIT_AUTOMAKE' => 1,
+ 'AM_PATH_GUILE' => 1,
'AC_CONFIG_LINKS' => 1,
+ 'AC_FC_FREEFORM' => 1,
+ 'AC_CONFIG_LIBOBJ_DIR' => 1,
+ 'AC_CONFIG_HEADERS' => 1,
'AM_GNU_GETTEXT' => 1,
- 'AC_CONFIG_SUBDIRS' => 1,
- '_AM_COND_IF' => 1,
- 'AM_PROG_LIBTOOL' => 1,
- 'AM_XGETTEXT_OPTION' => 1,
- 'AM_PROG_MOC' => 1,
- 'AC_CANONICAL_SYSTEM' => 1,
'AM_NLS' => 1,
+ 'sinclude' => 1,
'_AM_COND_ELSE' => 1,
- 'AC_PROG_LIBTOOL' => 1,
- 'AC_CANONICAL_HOST' => 1,
+ 'AC_SUBST_TRACE' => 1,
+ 'AM_SILENT_RULES' => 1,
+ 'AM_PROG_LIBTOOL' => 1,
+ 'AM_POT_TOOLS' => 1,
+ 'AM_XGETTEXT_OPTION' => 1,
+ '_AM_MAKEFILE_INCLUDE' => 1,
+ 'AH_OUTPUT' => 1,
+ 'AM_ENABLE_MULTILIB' => 1,
+ 'AM_GNU_GETTEXT_INTL_SUBDIR' => 1,
+ 'm4_include' => 1,
+ 'AC_CONFIG_FILES' => 1,
+ 'AM_EXTRA_RECURSIVE_TARGETS' => 1,
'LT_INIT' => 1,
- 'm4_pattern_forbid' => 1,
- 'AC_CONFIG_HEADERS' => 1,
- 'AC_FC_SRCEXT' => 1,
- 'AM_PROG_CC_C_O' => 1,
- 'AM_INIT_AUTOMAKE' => 1
+ 'AC_FC_PP_DEFINE' => 1,
+ '_AM_COND_IF' => 1,
+ '_LT_AC_TAGCONFIG' => 1
}
], 'Autom4te::Request' )
);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cifs-utils-6.12/autom4te.cache/traces.1
new/cifs-utils-6.13/autom4te.cache/traces.1
--- old/cifs-utils-6.12/autom4te.cache/traces.1 2020-12-31 19:48:33.000000000
+0100
+++ new/cifs-utils-6.13/autom4te.cache/traces.1 2021-04-13 01:59:33.000000000
+0200
@@ -1,6 +1,6 @@
m4trace:aclocal.m4:1429: -1- m4_include([aclocal/idmap.m4])
m4trace:aclocal.m4:1430: -1- m4_include([aclocal/libcap.m4])
-m4trace:configure.ac:4: -1- AC_INIT([cifs-utils], [6.12],
[linux-c...@vger.kernel.org], [cifs-utils],
[https://wiki.samba.org/index.php/LinuxCIFS_utils])
+m4trace:configure.ac:4: -1- AC_INIT([cifs-utils], [6.13],
[linux-c...@vger.kernel.org], [cifs-utils],
[https://wiki.samba.org/index.php/LinuxCIFS_utils])
m4trace:configure.ac:4: -1- m4_pattern_forbid([^_?A[CHUM]_])
m4trace:configure.ac:4: -1- m4_pattern_forbid([_AC_])
m4trace:configure.ac:4: -1- m4_pattern_forbid([^LIBOBJS$], [do not use LIBOBJS
directly, use AC_LIBOBJ (see section `AC_LIBOBJ vs LIBOBJS'])
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cifs-utils-6.12/cifs.upcall.c
new/cifs-utils-6.13/cifs.upcall.c
--- old/cifs-utils-6.12/cifs.upcall.c 2020-12-31 19:26:10.000000000 +0100
+++ new/cifs-utils-6.13/cifs.upcall.c 2021-04-13 01:34:48.000000000 +0200
@@ -51,6 +51,7 @@
#include <grp.h>
#include <stdbool.h>
#include <errno.h>
+#include <sched.h>
#include "data_blob.h"
#include "spnego.h"
@@ -240,6 +241,164 @@
return credtime;
}
+static struct namespace_file {
+ int nstype;
+ const char *name;
+ int fd;
+} namespace_files[] = {
+
+#ifdef CLONE_NEWCGROUP
+ { CLONE_NEWCGROUP, "cgroup", -1 },
+#endif
+
+#ifdef CLONE_NEWIPC
+ { CLONE_NEWIPC, "ipc", -1 },
+#endif
+
+#ifdef CLONE_NEWUTS
+ { CLONE_NEWUTS, "uts", -1 },
+#endif
+
+#ifdef CLONE_NEWNET
+ { CLONE_NEWNET, "net", -1 },
+#endif
+
+#ifdef CLONE_NEWPID
+ { CLONE_NEWPID, "pid", -1 },
+#endif
+
+#ifdef CLONE_NEWTIME
+ { CLONE_NEWTIME, "time", -1 },
+#endif
+
+#ifdef CLONE_NEWNS
+ { CLONE_NEWNS, "mnt", -1 },
+#endif
+
+#ifdef CLONE_NEWUSER
+ { CLONE_NEWUSER, "user", -1 },
+#endif
+};
+
+#define NS_PATH_FMT "/proc/%d/ns/%s"
+#define NS_PATH_MAXLEN (6 + 10 + 4 + 6 + 1)
+
+/**
+ * in_same_user_ns - return true if two processes are in the same user
+ * namespace.
+ * @pid_a: the pid of the first process
+ * @pid_b: the pid of the second process
+ *
+ * Works by comparing the inode numbers for /proc/<pid>/user.
+ */
+static int
+in_same_user_ns(pid_t pid_a, pid_t pid_b)
+{
+ char path[NS_PATH_MAXLEN];
+ ino_t a_ino, b_ino;
+ struct stat st;
+
+ snprintf(path, sizeof(path), NS_PATH_FMT, pid_a, "user");
+ if (stat(path, &st) != 0)
+ return 0;
+ a_ino = st.st_ino;
+
+ snprintf(path, sizeof(path), NS_PATH_FMT, pid_b, "user");
+ if (stat(path, &st) != 0)
+ return 0;
+ b_ino = st.st_ino;
+
+ return a_ino == b_ino;
+}
+
+/**
+ * switch_to_process_ns - change the namespace to the one for the specified
+ * process.
+ * @pid: initiating pid value from the upcall string
+ *
+ * Uses setns() to switch process namespace.
+ * This ensures that we have the same access and configuration as the
+ * process that triggered the lookup.
+ */
+static int
+switch_to_process_ns(pid_t pid)
+{
+ int count = sizeof(namespace_files) / sizeof(struct namespace_file);
+ int n, err = 0;
+ int rc = 0;
+
+ /* First, open all the namespace fds. We do this first because
+ the namespace changes might prohibit us from opening them. */
+ for (n = 0; n < count; ++n) {
+ char nspath[NS_PATH_MAXLEN];
+ int ret, fd;
+
+#ifdef CLONE_NEWUSER
+ if (namespace_files[n].nstype == CLONE_NEWUSER
+ && in_same_user_ns(getpid(), pid)) {
+ /* Switching to the same user namespace is forbidden,
+ because switching to a user namespace grants all
+ capabilities in that namespace regardless of uid. */
+ namespace_files[n].fd = -1;
+ continue;
+ }
+#endif
+
+ ret = snprintf(nspath, NS_PATH_MAXLEN, NS_PATH_FMT,
+ pid, namespace_files[n].name);
+ if (ret >= NS_PATH_MAXLEN) {
+ syslog(LOG_DEBUG, "%s: unterminated path!\n", __func__);
+ err = ENAMETOOLONG;
+ rc = -1;
+ goto out;
+ }
+
+ fd = open(nspath, O_RDONLY);
+ if (fd < 0 && errno != ENOENT) {
+ /*
+ * don't stop on non-existing ns
+ * but stop for other errors
+ */
+ err = errno;
+ rc = -1;
+ goto out;
+ }
+
+ namespace_files[n].fd = fd;
+ }
+
+ /* Next, call setns for each of them */
+ for (n = 0; n < count; ++n) {
+ /* skip non-existing ns */
+ if (namespace_files[n].fd < 0)
+ continue;
+
+ rc = setns(namespace_files[n].fd, namespace_files[n].nstype);
+
+ if (rc < 0) {
+ syslog(LOG_DEBUG, "%s: setns() failed for %s\n",
+ __func__, namespace_files[n].name);
+ err = errno;
+ goto out;
+ }
+ }
+
+out:
+ /* Finally, close all the fds */
+ for (n = 0; n < count; ++n) {
+ if (namespace_files[n].fd != -1) {
+ close(namespace_files[n].fd);
+ namespace_files[n].fd = -1;
+ }
+ }
+
+ if (rc != 0) {
+ errno = err;
+ }
+
+ return rc;
+}
+
#define ENV_PATH_FMT "/proc/%d/environ"
#define ENV_PATH_MAXLEN (6 + 10 + 8 + 1)
@@ -1109,6 +1268,19 @@
env_cachename =
get_cachename_from_process_env(env_probe ? arg.pid : 0);
+ /*
+ * Change to the process's namespace. This means that things will work
+ * acceptably in containers, because we'll be looking at the correct
+ * filesystem and have the correct network configuration.
+ */
+ rc = switch_to_process_ns(arg.pid);
+ if (rc == -1) {
+ syslog(LOG_ERR, "unable to switch to process namespace: %s",
+ strerror(errno));
+ rc = 1;
+ goto out;
+ }
+
rc = setuid(uid);
if (rc == -1) {
syslog(LOG_ERR, "setuid: %s", strerror(errno));
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cifs-utils-6.12/configure
new/cifs-utils-6.13/configure
--- old/cifs-utils-6.12/configure 2020-12-31 19:48:32.000000000 +0100
+++ new/cifs-utils-6.13/configure 2021-04-13 01:59:31.000000000 +0200
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for cifs-utils 6.12.
+# Generated by GNU Autoconf 2.69 for cifs-utils 6.13.
#
# Report bugs to <linux-c...@vger.kernel.org>.
#
@@ -580,8 +580,8 @@
# Identity of this package.
PACKAGE_NAME='cifs-utils'
PACKAGE_TARNAME='cifs-utils'
-PACKAGE_VERSION='6.12'
-PACKAGE_STRING='cifs-utils 6.12'
+PACKAGE_VERSION='6.13'
+PACKAGE_STRING='cifs-utils 6.13'
PACKAGE_BUGREPORT='linux-c...@vger.kernel.org'
PACKAGE_URL='https://wiki.samba.org/index.php/LinuxCIFS_utils'
@@ -1338,7 +1338,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures cifs-utils 6.12 to adapt to many kinds of systems.
+\`configure' configures cifs-utils 6.13 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1409,7 +1409,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of cifs-utils 6.12:";;
+ short | recursive ) echo "Configuration of cifs-utils 6.13:";;
esac
cat <<\_ACEOF
@@ -1537,7 +1537,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-cifs-utils configure 6.12
+cifs-utils configure 6.13
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2006,7 +2006,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by cifs-utils $as_me 6.12, which was
+It was created by cifs-utils $as_me 6.13, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -2876,7 +2876,7 @@
# Define the identity of the package.
PACKAGE='cifs-utils'
- VERSION='6.12'
+ VERSION='6.13'
cat >>confdefs.h <<_ACEOF
@@ -6837,7 +6837,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by cifs-utils $as_me 6.12, which was
+This file was extended by cifs-utils $as_me 6.13, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -6904,7 +6904,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //;
s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-cifs-utils config.status 6.12
+cifs-utils config.status 6.13
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cifs-utils-6.12/configure.ac
new/cifs-utils-6.13/configure.ac
--- old/cifs-utils-6.12/configure.ac 2020-12-31 19:26:10.000000000 +0100
+++ new/cifs-utils-6.13/configure.ac 2021-04-13 01:34:48.000000000 +0200
@@ -1,7 +1,7 @@
# -*- Autoconf -*-
# Process this file with autoconf to produce a configure script.
-AC_INIT([cifs-utils],[6.12],[linux-c...@vger.kernel.org],[cifs-utils],[https://wiki.samba.org/index.php/LinuxCIFS_utils])
+AC_INIT([cifs-utils],[6.13],[linux-c...@vger.kernel.org],[cifs-utils],[https://wiki.samba.org/index.php/LinuxCIFS_utils])
AC_CONFIG_SRCDIR([data_blob.h])
AC_CONFIG_HEADERS([config.h])
AC_CONFIG_FILES([Makefile contrib/Makefile contrib/request-key.d/Makefile])
