- Update to cifs-utils 5.4.

+ the "rootsbindir" can now be specified at configure time + mount.cifs now supports the -s option by passing "sloppy" to the kernel in the options string + cifs.upcall now properly respects the domain_realm section in krb5.conf + unprivileged users can no longer mount onto dirs into which they can't chdir (fixes CVE-2012-1586) OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/cifs-utils?expand=0&rev=47
2012-04-19 13:49:28 +00:00 · 2012-04-19 13:49:28 +00:00 · 022564b90a
commit 022564b90a
parent 4150dbfbcc
5 changed files with 88 additions and 4 deletions
--- a/8c6268cbbd4202631e5c4b30297adc0088a1d568.diff
+++ b/8c6268cbbd4202631e5c4b30297adc0088a1d568.diff
@ -0,0 +1,70 @@
+commit 8c6268cbbd4202631e5c4b30297adc0088a1d568
+Author: Jeff Layton <jlayton@samba.org>
+Date:   Thu Apr 19 07:29:46 2012 -0400
+
+    mount.cifs: fix up some -D_FORTIFY_SOURCE=2 warnings
+    
+    ...and add -D_FORTIFY_SOURCE=2 to the default $CFLAGS.
+    
+    Acked-by: Acked-by: Suresh Jayaraman <sjayaraman@suse.com>
+    Signed-off-by: Jeff Layton <jlayton@samba.org>
+
+diff --git a/Makefile.am b/Makefile.am
+index d95142a..05729ca 100644
+--- a/Makefile.am
+++ b/Makefile.am
+@@ -1,4 +1,4 @@
+-AM_CFLAGS = -Wall -Wextra -Werror
+AM_CFLAGS = -Wall -Wextra -Werror -D_FORTIFY_SOURCE=2
+ ACLOCAL_AMFLAGS = -I aclocal
+ 
+ root_sbindir = $(ROOTSBINDIR)
+diff --git a/mount.cifs.c b/mount.cifs.c
+index f0b073e..2c481d8 100644
+--- a/mount.cifs.c
+++ b/mount.cifs.c
+@@ -927,11 +927,11 @@ parse_options(const char *data, struct parsed_mount_info *parsed_info)
+ 					return EX_USAGE;
+ 				}
+ 			} else {
+-				/* domain/username%password */
+-				const int max = MAX_DOMAIN_SIZE +
+-						MAX_USERNAME_SIZE +
+-						MOUNT_PASSWD_SIZE + 2;
+-				if (strnlen(value, max + 1) >= max + 1) {
+				/* domain/username%password  + NULL term. */
+				const size_t max = MAX_DOMAIN_SIZE +
+						   MAX_USERNAME_SIZE +
+						   MOUNT_PASSWD_SIZE + 2 + 1;
+				if (strnlen(value, max) >= max) {
+ 					fprintf(stderr, "username too long\n");
+ 					return EX_USAGE;
+ 				}
+@@ -1603,8 +1603,10 @@ add_mtab(char *devname, char *mountpoint, unsigned long flags, const char *fstyp
+ 	mountent.mnt_passno = 0;
+ 	rc = addmntent(pmntfile, &mountent);
+ 	if (rc) {
+		int ignore __attribute__((unused));
+
+ 		fprintf(stderr, "unable to add mount entry to mtab\n");
+-		ftruncate(fd, statbuf.st_size);
+		ignore = ftruncate(fd, statbuf.st_size);
+ 		rc = EX_FILEIO;
+ 	}
+ 	tmprc = my_endmntent(pmntfile, statbuf.st_size);
+diff --git a/mtab.c b/mtab.c
+index de545b7..3d42ac0 100644
+--- a/mtab.c
+++ b/mtab.c
+@@ -271,8 +271,10 @@ my_endmntent(FILE *stream, off_t size)
+ 
+ 	/* truncate file back to "size" -- best effort here */
+ 	if (rc) {
+		int ignore __attribute__((unused));
+
+ 		rc = errno;
+-		ftruncate(fd, size);
+		ignore = ftruncate(fd, size);
+ 	}
+ 
+ 	endmntent(stream);
--- a/cifs-utils-5.3.tar.bz2
+++ b/cifs-utils-5.3.tar.bz2
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:68e969c4107a872e2848992732dc11eafc7bdf084bec894c0ba677572de49b32
-size 374762
--- a/cifs-utils-5.4.tar.bz2
+++ b/cifs-utils-5.4.tar.bz2
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f6c267e4cfb111ab47a6e85a802373475edaab31d76eab4e7927ea6fe82e7f7b
+size 381416
--- a/cifs-utils.changes
+++ b/cifs-utils.changes
@ -1,3 +1,14 @@
+-------------------------------------------------------------------
+Thu Apr 19 10:30:44 UTC 2012 - lmuelle@suse.com
+
+- Update to cifs-utils 5.4.
+  + the "rootsbindir" can now be specified at configure time
+  + mount.cifs now supports the -s option by passing "sloppy" to the
+    kernel in the options string
+  + cifs.upcall now properly respects the domain_realm section in krb5.conf
+  + unprivileged users can no longer mount onto dirs into which they
+    can't chdir (fixes CVE-2012-1586)
+
 -------------------------------------------------------------------
 Mon Feb  6 09:17:17 UTC 2012 - dlovasko@suse.com

--- a/cifs-utils.spec
+++ b/cifs-utils.spec
@ -15,8 +15,9 @@
 # Please submit bugfixes or comments via http://bugs.opensuse.org/
 #

+
 Name:           cifs-utils
-Version:        5.3
+Version:        5.4
 Release:        0
 Summary:        Utilities for doing and managing mounts of the Linux CIFS filesyste
 License:        GPL-3.0+
@ -26,6 +27,7 @@ Source:         %{name}-%{version}.tar.bz2
 Source1:        cifs.init
 Source2:        mkinitrd_scripts_boot-cifs.sh
 Source3:        mkinitrd_scripts_setup-cifs.sh
+Patch:          8c6268cbbd4202631e5c4b30297adc0088a1d568.diff
 %if 0%{?suse_version}
 PreReq:         insserv %{?fillup_prereq} mkinitrd
 %else
@ -69,6 +71,7 @@ the Linux CIFS filesystem.

 %prep
 %setup -q
+%patch -p1

 %build
 autoreconf --force --install