commit: aa17a42524f5b3a67e8565b9b333ff9206f0b625 Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> AuthorDate: Sat Jun 11 12:14:51 2016 +0000 Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> CommitDate: Sat Jun 11 12:15:06 2016 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=aa17a425
net-fs/cifs-utils: Security cleanup (bug 552634). Package-Manager: portage-2.2.28 Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org> net-fs/cifs-utils/Manifest | 1 - net-fs/cifs-utils/cifs-utils-6.1-r1.ebuild | 110 --------------------- .../files/cifs-utils-6.1-hardcoded-path.patch | 44 --------- 3 files changed, 155 deletions(-) diff --git a/net-fs/cifs-utils/Manifest b/net-fs/cifs-utils/Manifest index 9777594..cc08b24 100644 --- a/net-fs/cifs-utils/Manifest +++ b/net-fs/cifs-utils/Manifest @@ -1,3 +1,2 @@ -DIST cifs-utils-6.1.tar.bz2 390958 SHA256 381f1e9caccdafdcdb0efa32a4cceb77c1a96b0b58702394e4b86dac4825f3b5 SHA512 6427b74edbf56b865dee38a610c74ac5483cdc13096082cfc1e9d225a048c9b5ee0c7afb30e625a615a0e8e9f3767e33765220e27148e2c2a29d12d4129b01fd WHIRLPOOL a800a02a0729996035a331b460cb28ae5463ddecaf205d88173dc08efd7a2bee577995ebba97b36977858c8435ac3b7ec9c7ce5d193f8b30d0602f9546fed5b1 DIST cifs-utils-6.4.tar.bz2 392809 SHA256 38fc63926af435dae4ebcf4406275580a692d9fb9ee3e32170317cf2ba68e6e3 SHA512 05860ceed1e83b4f4da689d2fc1c1b48fddc0ca53ba52fc6cf26a277d6a884f5780060725c5df1401a665ac35ec5a170262ee62f61095e4a8d76348888182614 WHIRLPOOL 335262eb329860318750fcd081dc2c082f36c75a32e5e596a45b51e73b08be7ee66133c2e4e2bc3089631d3909018abd9c2f36f79d82cd9ea7f6fe2530900f72 DIST cifs-utils-6.5.tar.bz2 402158 SHA256 e2776578b8267c6dc0862897f5e10f87f10f8337fca9ca6a9118f5eb30cf49f7 SHA512 c5eea97d2be455ad676a3ff693641512d5c1d81d75eb1d7d08e4274b6844a1353b6791aa3ced4d8d656ed4a09b3c17ae80f289a90a3d429a8a94210e15f3e90e WHIRLPOOL 880b3c5762e791317140213fea008759b9d2599ddefb08319877ba6a5ced517fd6e0246050975ad01b74110b20f2233bb6cb505ecf3b2e05dca014ae378eaba5 diff --git a/net-fs/cifs-utils/cifs-utils-6.1-r1.ebuild b/net-fs/cifs-utils/cifs-utils-6.1-r1.ebuild deleted file mode 100644 index c51ede4..0000000 --- a/net-fs/cifs-utils/cifs-utils-6.1-r1.ebuild +++ /dev/null @@ -1,110 +0,0 @@ -# Copyright 1999-2015 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -EAPI=5 - -inherit eutils linux-info multilib - -DESCRIPTION="Tools for Managing Linux CIFS Client Filesystems" -HOMEPAGE="http://wiki.samba.org/index.php/LinuxCIFS_utils"; -SRC_URI="ftp://ftp.samba.org/pub/linux-cifs/${PN}/${P}.tar.bz2"; - -LICENSE="GPL-3" -SLOT="0" -KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64 s390 sh sparc x86 ~arm-linux ~x86-linux" -IUSE="+acl +ads +caps +caps-ng creds" - -DEPEND="!net-fs/mount-cifs - !<net-fs/samba-3.6_rc1 - ads? ( - sys-apps/keyutils - sys-libs/talloc - virtual/krb5 - ) - caps? ( !caps-ng? ( sys-libs/libcap ) ) - caps? ( caps-ng? ( sys-libs/libcap-ng ) ) - creds? ( sys-apps/keyutils )" -PDEPEND="${DEPEND} - acl? ( || ( - =net-fs/samba-3.6*[winbind] - >=net-fs/samba-4.0.0_alpha1 - ) ) -" - -REQUIRED_USE="acl? ( ads )" - -DOCS="doc/linux-cifs-client-guide.odt" - -pkg_setup() { - linux-info_pkg_setup - - if ! linux_config_exists || ! linux_chkconfig_present CIFS; then - ewarn "You must enable CIFS support in your kernel config, " - ewarn "to be able to mount samba shares. You can find it at" - ewarn - ewarn " File systems" - ewarn " Network File Systems" - ewarn " CIFS support" - ewarn - ewarn "and recompile your kernel ..." - fi -} - -src_prepare() { - # Do not rely on hardcoded path to systemd-ask-password, bug #478538 - epatch "${FILESDIR}/${P}-hardcoded-path.patch" -} - -src_configure() { - ROOTSBINDIR="${EPREFIX}"/sbin \ - econf \ - $(use_enable acl cifsacl cifsidmap) \ - $(use_enable ads cifsupcall) \ - $(use caps && use_with !caps-ng libcap || echo --without-libcap) \ - $(use caps && use_with caps-ng libcap-ng || echo --without-libcap-ng) \ - $(use_enable creds cifscreds) -} - -src_install() { - default - - # remove empty directories - find "${ED}" -type d -print0 | xargs --null rmdir \ - --ignore-fail-on-non-empty &>/dev/null - - if use acl ; then - dodir /etc/cifs-utils - dosym /usr/$(get_libdir)/cifs-utils/idmapwb.so \ - /etc/cifs-utils/idmap-plugin - dodir /etc/request-key.d - echo 'create cifs.idmap * * /usr/sbin/cifs.idmap %k' \ - > "${ED}/etc/request-key.d/cifs.idmap.conf" - fi - - if use ads ; then - dodir /etc/request-key.d - echo 'create dns_resolver * * /usr/sbin/cifs.upcall %k' \ - > "${ED}/etc/request-key.d/cifs.upcall.conf" - fi -} - -pkg_postinst() { - # Inform about set-user-ID bit of mount.cifs - ewarn "setuid use flag was dropped due to multiple security implications" - ewarn "such as CVE-2009-2948, CVE-2011-3585 and CVE-2012-1586" - ewarn "You are free to set setuid flags by yourself" - - # Inform about upcall usage - if use acl ; then - einfo "The cifs.idmap utility has been enabled by creating the" - einfo "configuration file /etc/request-key.d/cifs.idmap.conf" - einfo "This enables you to get and set CIFS acls." - fi - - if use ads ; then - einfo "The cifs.upcall utility has been enabled by creating the" - einfo "configuration file /etc/request-key.d/cifs.upcall.conf" - einfo "This enables you to mount DFS shares." - fi -} diff --git a/net-fs/cifs-utils/files/cifs-utils-6.1-hardcoded-path.patch b/net-fs/cifs-utils/files/cifs-utils-6.1-hardcoded-path.patch deleted file mode 100644 index 2c2067f..0000000 --- a/net-fs/cifs-utils/files/cifs-utils-6.1-hardcoded-path.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 4e315f6a02a4edb259b33bcf0665eba259fee2f2 Mon Sep 17 00:00:00 2001 -From: =?utf8?q?Micha=C5=82=20G=C3=B3rny?= <mgo...@gentoo.org> -Date: Tue, 30 Jul 2013 10:00:26 +0200 -Subject: [PATCH] Do not rely on hardcoded path to systemd-ask-password. -MIME-Version: 1.0 -Content-Type: text/plain; charset=utf8 -Content-Transfer-Encoding: 8bit - -Relying on hardcoded /bin/systemd-ask-password path breaks systemd that -install systemd-ask-password in /usr/bin. Since both paths are supposed -to be in ${PATH} and popen() passes the command to shell, just pass -'systemd-ask-password' and let the shell find it. - -Fixes: https://bugzilla.samba.org/show_bug.cgi?id=10054 -Signed-off-by: Michał Górny <mgo...@gentoo.org> ---- - mount.cifs.c | 4 ++-- - 1 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/mount.cifs.c b/mount.cifs.c -index e76beee..7206dcb 100644 ---- a/mount.cifs.c -+++ b/mount.cifs.c -@@ -1626,7 +1626,7 @@ drop_child_privs(void) - } - - /* -- * If systemd is running and /bin/systemd-ask-password -- -+ * If systemd is running and systemd-ask-password -- - * is available, then use that else fallback on getpass(..) - * - * Returns: @input or NULL on error -@@ -1649,7 +1649,7 @@ get_password(const char *prompt, char *input, int capacity) - FILE *ask_pass_fp = NULL; - - cmd = ret = NULL; -- if (asprintf(&cmd, "/bin/systemd-ask-password \"%s\"", prompt) >= 0) { -+ if (asprintf(&cmd, "systemd-ask-password \"%s\"", prompt) >= 0) { - ask_pass_fp = popen (cmd, "re"); - free (cmd); - } --- -1.7.0.4 -
