diff --git a/0001-cifs.upcall-fix-regression-in-kerberos-mount.patch b/0001-cifs.upcall-fix-regression-in-kerberos-mount.patch deleted file mode 100644 index f20f688..0000000 --- a/0001-cifs.upcall-fix-regression-in-kerberos-mount.patch +++ /dev/null @@ -1,493 +0,0 @@ -From 4ca235223d948fe4f3392da28b1471bce36e88d4 Mon Sep 17 00:00:00 2001 -From: Aurelien Aptel -Date: Wed, 21 Apr 2021 16:22:15 +0200 -Subject: [PATCH v4] cifs.upcall: fix regression in kerberos mount - -The fix for CVE-2021-20208 in commit e461afd ("cifs.upcall: try to use -container ipc/uts/net/pid/mnt/user namespaces") introduced a -regression for kerberos mounts when cifs-utils is built with -libcap-ng. It makes mount fail with ENOKEY "Required key not -available". - -Current state: - -mount.cifs - '---> mount() ---> kernel - negprot, session setup (need security blob for krb) - request_key("cifs.spnego", payload="pid=%d;username=...") - upcall - /sbin/request-key <--------------' - reads /etc/request-keys.conf - dispatch cifs.spnego request - calls /usr/sbin/cifs.upcall - - drop privileges (capabilities) - - fetch keyid - - parse payload - - switch to mount.cifs namespaces - - call krb5_xxx() funcs - - generate security blob - - set key value to security blob - '-----------------------------------> kernel - put blob in session setup packet - continue auth - open tcon - get share root - setup superblock -mount.cifs mount() returns <-----------' - -By the time cifs.upcall tries to switch to namespaces, enough -capabilities have dropped in trim_capabilities() that it makes setns() -fail with EPERM. - -setns() requires CAP_SYS_ADMIN. - -With libcap trim_capabilities() is a no-op. - -This fix: - -- moves the namespace switch earlier so that operations like - setgroups(), setgid(), scanning of pid environment, ... happens in the - contained namespaces. -- moves trim_capabilities() after the namespace switch -- moves the string processing to decode the key request payload in a - child process with minimum capabilities. the decoded data is shared - with the parent process via shared memory obtained with mmap(). - -Fixes: e461afd ("cifs.upcall: try to use container ipc/uts/net/pid/mnt/user namespaces") -Signed-off-by: Aurelien Aptel ---- - cifs.upcall.c | 214 ++++++++++++++++++++++++++++++++------------------ - 1 file changed, 139 insertions(+), 75 deletions(-) - -diff --git a/cifs.upcall.c b/cifs.upcall.c -index e413934..ad04301 100644 ---- a/cifs.upcall.c -+++ b/cifs.upcall.c -@@ -52,6 +52,9 @@ - #include - #include - #include -+#include -+#include -+#include - - #include "data_blob.h" - #include "spnego.h" -@@ -787,6 +790,25 @@ handle_krb5_mech(const char *oid, const char *host, DATA_BLOB * secblob, - return retval; - } - -+ -+ -+struct decoded_args { -+ int ver; -+ char hostname[NI_MAXHOST + 1]; -+ char ip[NI_MAXHOST + 1]; -+ -+/* Max user name length. */ -+#define MAX_USERNAME_SIZE 256 -+ char username[MAX_USERNAME_SIZE + 1]; -+ -+ uid_t uid; -+ uid_t creduid; -+ pid_t pid; -+ sectype_t sec; -+ -+/* -+ * Flags to keep track of what was provided -+ */ - #define DKD_HAVE_HOSTNAME 0x1 - #define DKD_HAVE_VERSION 0x2 - #define DKD_HAVE_SEC 0x4 -@@ -796,23 +818,13 @@ handle_krb5_mech(const char *oid, const char *host, DATA_BLOB * secblob, - #define DKD_HAVE_CREDUID 0x40 - #define DKD_HAVE_USERNAME 0x80 - #define DKD_MUSTHAVE_SET (DKD_HAVE_HOSTNAME|DKD_HAVE_VERSION|DKD_HAVE_SEC) -- --struct decoded_args { -- int ver; -- char *hostname; -- char *ip; -- char *username; -- uid_t uid; -- uid_t creduid; -- pid_t pid; -- sectype_t sec; -+ int have; - }; - - static unsigned int --decode_key_description(const char *desc, struct decoded_args *arg) -+__decode_key_description(const char *desc, struct decoded_args *arg) - { -- int len; -- int retval = 0; -+ size_t len; - char *pos; - const char *tkn = desc; - -@@ -826,13 +838,13 @@ decode_key_description(const char *desc, struct decoded_args *arg) - len = pos - tkn; - - len -= 5; -- free(arg->hostname); -- arg->hostname = strndup(tkn + 5, len); -- if (arg->hostname == NULL) { -- syslog(LOG_ERR, "Unable to allocate memory"); -+ if (len > sizeof(arg->hostname)-1) { -+ syslog(LOG_ERR, "host= value too long for buffer"); - return 1; - } -- retval |= DKD_HAVE_HOSTNAME; -+ memset(arg->hostname, 0, sizeof(arg->hostname)); -+ strncpy(arg->hostname, tkn + 5, len); -+ arg->have |= DKD_HAVE_HOSTNAME; - syslog(LOG_DEBUG, "host=%s", arg->hostname); - } else if (!strncmp(tkn, "ip4=", 4) || !strncmp(tkn, "ip6=", 4)) { - if (pos == NULL) -@@ -841,13 +853,13 @@ decode_key_description(const char *desc, struct decoded_args *arg) - len = pos - tkn; - - len -= 4; -- free(arg->ip); -- arg->ip = strndup(tkn + 4, len); -- if (arg->ip == NULL) { -- syslog(LOG_ERR, "Unable to allocate memory"); -+ if (len > sizeof(arg->ip)-1) { -+ syslog(LOG_ERR, "ip[46]= value too long for buffer"); - return 1; - } -- retval |= DKD_HAVE_IP; -+ memset(arg->ip, 0, sizeof(arg->ip)); -+ strncpy(arg->ip, tkn + 4, len); -+ arg->have |= DKD_HAVE_IP; - syslog(LOG_DEBUG, "ip=%s", arg->ip); - } else if (strncmp(tkn, "user=", 5) == 0) { - if (pos == NULL) -@@ -856,13 +868,13 @@ decode_key_description(const char *desc, struct decoded_args *arg) - len = pos - tkn; - - len -= 5; -- free(arg->username); -- arg->username = strndup(tkn + 5, len); -- if (arg->username == NULL) { -- syslog(LOG_ERR, "Unable to allocate memory"); -+ if (len > sizeof(arg->username)-1) { -+ syslog(LOG_ERR, "user= value too long for buffer"); - return 1; - } -- retval |= DKD_HAVE_USERNAME; -+ memset(arg->username, 0, sizeof(arg->username)); -+ strncpy(arg->username, tkn + 5, len); -+ arg->have |= DKD_HAVE_USERNAME; - syslog(LOG_DEBUG, "user=%s", arg->username); - } else if (strncmp(tkn, "pid=", 4) == 0) { - errno = 0; -@@ -873,13 +885,13 @@ decode_key_description(const char *desc, struct decoded_args *arg) - return 1; - } - syslog(LOG_DEBUG, "pid=%u", arg->pid); -- retval |= DKD_HAVE_PID; -+ arg->have |= DKD_HAVE_PID; - } else if (strncmp(tkn, "sec=", 4) == 0) { - if (strncmp(tkn + 4, "krb5", 4) == 0) { -- retval |= DKD_HAVE_SEC; -+ arg->have |= DKD_HAVE_SEC; - arg->sec = KRB5; - } else if (strncmp(tkn + 4, "mskrb5", 6) == 0) { -- retval |= DKD_HAVE_SEC; -+ arg->have |= DKD_HAVE_SEC; - arg->sec = MS_KRB5; - } - syslog(LOG_DEBUG, "sec=%d", arg->sec); -@@ -891,7 +903,7 @@ decode_key_description(const char *desc, struct decoded_args *arg) - strerror(errno)); - return 1; - } -- retval |= DKD_HAVE_UID; -+ arg->have |= DKD_HAVE_UID; - syslog(LOG_DEBUG, "uid=%u", arg->uid); - } else if (strncmp(tkn, "creduid=", 8) == 0) { - errno = 0; -@@ -901,7 +913,7 @@ decode_key_description(const char *desc, struct decoded_args *arg) - strerror(errno)); - return 1; - } -- retval |= DKD_HAVE_CREDUID; -+ arg->have |= DKD_HAVE_CREDUID; - syslog(LOG_DEBUG, "creduid=%u", arg->creduid); - } else if (strncmp(tkn, "ver=", 4) == 0) { /* if version */ - errno = 0; -@@ -911,14 +923,56 @@ decode_key_description(const char *desc, struct decoded_args *arg) - strerror(errno)); - return 1; - } -- retval |= DKD_HAVE_VERSION; -+ arg->have |= DKD_HAVE_VERSION; - syslog(LOG_DEBUG, "ver=%d", arg->ver); - } - if (pos == NULL) - break; - tkn = pos + 1; - } while (tkn); -- return retval; -+ return 0; -+} -+ -+static unsigned int -+decode_key_description(const char *desc, struct decoded_args **arg) -+{ -+ pid_t pid; -+ pid_t rc; -+ int status; -+ -+ /* -+ * Do all the decoding/string processing in a child process -+ * with low privileges. -+ */ -+ -+ *arg = mmap(NULL, sizeof(struct decoded_args), PROT_READ | PROT_WRITE, -+ MAP_ANONYMOUS | MAP_SHARED, -1, 0); -+ if (*arg == MAP_FAILED) { -+ syslog(LOG_ERR, "%s: mmap failed: %s", __func__, strerror(errno)); -+ return -1; -+ } -+ -+ pid = fork(); -+ if (pid < 0) { -+ syslog(LOG_ERR, "%s: fork failed: %s", __func__, strerror(errno)); -+ munmap(*arg, sizeof(struct decoded_args)); -+ *arg = NULL; -+ return -1; -+ } -+ if (pid == 0) { -+ /* do the parsing in child */ -+ drop_all_capabilities(); -+ exit(__decode_key_description(desc, *arg)); -+ } -+ -+ rc = waitpid(pid, &status, 0); -+ if (rc < 0 || !WIFEXITED(status) || WEXITSTATUS(status) != 0) { -+ munmap(*arg, sizeof(struct decoded_args)); -+ *arg = NULL; -+ return 1; -+ } -+ -+ return 0; - } - - static int setup_key(const key_serial_t key, const void *data, size_t datalen) -@@ -1098,7 +1152,7 @@ int main(const int argc, char *const argv[]) - bool try_dns = false, legacy_uid = false , env_probe = true; - char *buf; - char hostbuf[NI_MAXHOST], *host; -- struct decoded_args arg; -+ struct decoded_args *arg = NULL; - const char *oid; - uid_t uid; - char *keytab_name = NULL; -@@ -1109,7 +1163,6 @@ int main(const int argc, char *const argv[]) - const char *key_descr = NULL; - - hostbuf[0] = '\0'; -- memset(&arg, 0, sizeof(arg)); - - openlog(prog, 0, LOG_DAEMON); - -@@ -1150,9 +1203,6 @@ int main(const int argc, char *const argv[]) - } - } - -- if (trim_capabilities(env_probe)) -- goto out; -- - /* is there a key? */ - if (argc <= optind) { - usage(); -@@ -1178,6 +1228,10 @@ int main(const int argc, char *const argv[]) - - syslog(LOG_DEBUG, "key description: %s", buf); - -+ /* -+ * If we are requested a simple DNS query, do it and exit -+ */ -+ - if (strncmp(buf, "cifs.resolver", sizeof("cifs.resolver") - 1) == 0) - key_descr = ".cifs.resolver"; - else if (strncmp(buf, "dns_resolver", sizeof("dns_resolver") - 1) == 0) -@@ -1187,33 +1241,42 @@ int main(const int argc, char *const argv[]) - goto out; - } - -- have = decode_key_description(buf, &arg); -+ /* -+ * Otherwise, it's a spnego key request -+ */ -+ -+ rc = decode_key_description(buf, &arg); - free(buf); -- if ((have & DKD_MUSTHAVE_SET) != DKD_MUSTHAVE_SET) { -+ if (rc) { -+ syslog(LOG_ERR, "failed to decode key description"); -+ goto out; -+ } -+ -+ if ((arg->have & DKD_MUSTHAVE_SET) != DKD_MUSTHAVE_SET) { - syslog(LOG_ERR, "unable to get necessary params from key " - "description (0x%x)", have); - rc = 1; - goto out; - } - -- if (arg.ver > CIFS_SPNEGO_UPCALL_VERSION) { -+ if (arg->ver > CIFS_SPNEGO_UPCALL_VERSION) { - syslog(LOG_ERR, "incompatible kernel upcall version: 0x%x", -- arg.ver); -+ arg->ver); - rc = 1; - goto out; - } - -- if (strlen(arg.hostname) >= NI_MAXHOST) { -+ if (strlen(arg->hostname) >= NI_MAXHOST) { - syslog(LOG_ERR, "hostname provided by kernel is too long"); - rc = 1; - goto out; - - } - -- if (!legacy_uid && (have & DKD_HAVE_CREDUID)) -- uid = arg.creduid; -- else if (have & DKD_HAVE_UID) -- uid = arg.uid; -+ if (!legacy_uid && (arg->have & DKD_HAVE_CREDUID)) -+ uid = arg->creduid; -+ else if (arg->have & DKD_HAVE_UID) -+ uid = arg->uid; - else { - /* no uid= or creduid= parm -- something is wrong */ - syslog(LOG_ERR, "No uid= or creduid= parm specified"); -@@ -1221,6 +1284,21 @@ int main(const int argc, char *const argv[]) - goto out; - } - -+ /* -+ * Change to the process's namespace. This means that things will work -+ * acceptably in containers, because we'll be looking at the correct -+ * filesystem and have the correct network configuration. -+ */ -+ rc = switch_to_process_ns(arg->pid); -+ if (rc == -1) { -+ syslog(LOG_ERR, "unable to switch to process namespace: %s", strerror(errno)); -+ rc = 1; -+ goto out; -+ } -+ -+ if (trim_capabilities(env_probe)) -+ goto out; -+ - /* - * The kernel doesn't pass down the gid, so we resort here to scraping - * one out of the passwd nss db. Note that this might not reflect the -@@ -1266,20 +1344,7 @@ int main(const int argc, char *const argv[]) - * look at the environ file. - */ - env_cachename = -- get_cachename_from_process_env(env_probe ? arg.pid : 0); -- -- /* -- * Change to the process's namespace. This means that things will work -- * acceptably in containers, because we'll be looking at the correct -- * filesystem and have the correct network configuration. -- */ -- rc = switch_to_process_ns(arg.pid); -- if (rc == -1) { -- syslog(LOG_ERR, "unable to switch to process namespace: %s", -- strerror(errno)); -- rc = 1; -- goto out; -- } -+ get_cachename_from_process_env(env_probe ? arg->pid : 0); - - rc = setuid(uid); - if (rc == -1) { -@@ -1301,18 +1366,18 @@ int main(const int argc, char *const argv[]) - - ccache = get_existing_cc(env_cachename); - /* Couldn't find credcache? Try to use keytab */ -- if (ccache == NULL && arg.username != NULL) -- ccache = init_cc_from_keytab(keytab_name, arg.username); -+ if (ccache == NULL && arg->username[0] != '\0') -+ ccache = init_cc_from_keytab(keytab_name, arg->username); - - if (ccache == NULL) { - rc = 1; - goto out; - } - -- host = arg.hostname; -+ host = arg->hostname; - - // do mech specific authorization -- switch (arg.sec) { -+ switch (arg->sec) { - case MS_KRB5: - case KRB5: - /* -@@ -1328,7 +1393,7 @@ int main(const int argc, char *const argv[]) - * TRY only: - * cifs/bar.example.com@REALM - */ -- if (arg.sec == MS_KRB5) -+ if (arg->sec == MS_KRB5) - oid = OID_KERBEROS5_OLD; - else - oid = OID_KERBEROS5; -@@ -1385,10 +1450,10 @@ retry_new_hostname: - break; - } - -- if (!try_dns || !(have & DKD_HAVE_IP)) -+ if (!try_dns || !(arg->have & DKD_HAVE_IP)) - break; - -- rc = ip_to_fqdn(arg.ip, hostbuf, sizeof(hostbuf)); -+ rc = ip_to_fqdn(arg->ip, hostbuf, sizeof(hostbuf)); - if (rc) - break; - -@@ -1396,7 +1461,7 @@ retry_new_hostname: - host = hostbuf; - goto retry_new_hostname; - default: -- syslog(LOG_ERR, "sectype: %d is not implemented", arg.sec); -+ syslog(LOG_ERR, "sectype: %d is not implemented", arg->sec); - rc = 1; - break; - } -@@ -1414,7 +1479,7 @@ retry_new_hostname: - rc = 1; - goto out; - } -- keydata->version = arg.ver; -+ keydata->version = arg->ver; - keydata->flags = 0; - keydata->sesskey_len = sess_key.length; - keydata->secblob_len = secblob.length; -@@ -1440,11 +1505,10 @@ out: - krb5_cc_close(context, ccache); - if (context) - krb5_free_context(context); -- free(arg.hostname); -- free(arg.ip); -- free(arg.username); - free(keydata); - free(env_cachename); -+ if (arg) -+ munmap(arg, sizeof(*arg)); - syslog(LOG_DEBUG, "Exit status %ld", rc); - return rc; - } --- -2.30.0 - diff --git a/cifs-utils-6.13.tar.bz2 b/cifs-utils-6.13.tar.bz2 deleted file mode 100644 index ea6b1ad..0000000 --- a/cifs-utils-6.13.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:43d8786c8613caccfa84913081c1d62bc2409575854cf895b05b48af0863d056 -size 414584 diff --git a/cifs-utils-6.13.tar.bz2.asc b/cifs-utils-6.13.tar.bz2.asc deleted file mode 100644 index c35ac4b..0000000 --- a/cifs-utils-6.13.tar.bz2.asc +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v2 - -iQIcBAABCAAGBQJgdN7mAAoJEN9bqdMGQtWgGscP/3Cw/twYIV+O6jjdio/Xpqgq -P3hcWeZWaT0WqspG47mFmlfb3Iy99EeqC5ZkhKOobHkMW1V02I86GpfcTqUezghk -ZzEI/QSbjco1235HWUNcXzvH7O3tzKP5dvts2TVsE7/HBICgOetVEDDdZc5LEtrS -EqkpOOtTS6VIFaX8iWNzq6wBWcUfnwwvS9NS1653KZs5LzqIq/Svvk9n7D1sqU1E -406s5Kk79knnEUp0X8Yd9uY9UAupeJffF788MEdDDRKI1IlmBVsjmq1hv7R27jXH -ojZQRfkyBgOGGAJysrlxNigC4bcQD4RI/tglAOf4a+nami/Lj/1M0mUJ6m67ggPR -aJq/HpQiqHrk1ukkDj7vnV5zEiD4hn8tqlgJGOB3wbjQxNHb40OM2kVc5uC3TnzJ -hMR5JISO1dTDL3hX8rcq6Bj35RLUKDX1H5/t/ug9+Ux1zqq17CkXezzoyEcqVBj4 -ygJuyuiNZdvewIH5TXYocP3jxAo4LNGFOiJboxu298hA5o4MX8YeCmAiDwkGDTvg -UwfXOe6XkU07F+RIXQ5BibkwNn29hHRXwt6TKBo6RJ90Fi9SU9arPTQN1c+veDWh -WGJqbKKariCO4Sl9dIQ/hjnxcBDnC+gPiONFNT/0YEEcWUFPVSFQ2O3BtB4Vt+bt -YmOPUy27OTAIMtaJvhR7 -=dxGs ------END PGP SIGNATURE----- diff --git a/cifs-utils-6.14.tar.bz2 b/cifs-utils-6.14.tar.bz2 new file mode 100644 index 0000000..4f371c7 --- /dev/null +++ b/cifs-utils-6.14.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:6609e8074b5421295ff012a31f02ccd9a058415c619c81362ebb788dbf0756b8 +size 416593 diff --git a/cifs-utils-6.14.tar.bz2.asc b/cifs-utils-6.14.tar.bz2.asc new file mode 100644 index 0000000..9785f9b --- /dev/null +++ b/cifs-utils-6.14.tar.bz2.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2 + +iQIcBAABCAAGBQJhTRMsAAoJEN9bqdMGQtWgK6sP/0uimVcnqGm4O8uzzJfHtpUA +aQSeaVlDIM4boR+LcNCkKqdbLkgxxM/4Wd3J/Utc0jieriggWPxpduVi8ACsY4I3 +9CpxrscOMUOaFe7Zf30ePDaAXDYBcTUMtamM7zE5R7qtpdgC7dnnmhxhL9hq4Kry +YeM4bJW4Fq0uTkAa980WD7HTML5o7/WS29ZtmsRiYEiIVRdBTrpPr/4/gPXtv8HD +kCdlExz6mAYKmifLm9QSqtdaV9rS+8WEQJwf72mTT4L400Eb81FnMhslhNjXDU3Q +aHC+guz1WCXv/HuIATf6lH/EWcfK0mE2ygYi2TaLcazooiUg7U07uLlbwnqmsrWR +e3MVFv3fD1ZRE/Td6Xos6+QPgMJ0VCXxyq2GYHnQ7lQJXqWUuhBHpbP78r8/j1c7 +URiWDh0LoAPbY3Rge6wh5INk3L3XJGFLPDx6O6HEg/rCUo8xKduE/pFv6Fnrv2G+ +/LQjd15C+Fx6OnAUklvTKj2va4phe+pM2opKMn2aQ9IJJWA29LFcCzTx9jQiHGA0 +BkvOn6jQVelscqyLoZFgbaophjW0xoZ143tz4Xx1mUhpyKEdZpfIRzmw9IoSHhIp +UfdIswcOYWK5SEjT6pRpG7rI23bZxrxLnx1pxsaeeELOQDinjskZnxGEYisxsRCr +LRG9Cv0qbq8VPwbKxACT +=ukcP +-----END PGP SIGNATURE----- diff --git a/cifs-utils.changes b/cifs-utils.changes index 04af84b..9d06319 100644 --- a/cifs-utils.changes +++ b/cifs-utils.changes @@ -1,3 +1,25 @@ +------------------------------------------------------------------- +Mon Jan 17 09:22:17 UTC 2022 - Enzo Matsumiya + +- Update cifs-utils.spec: + * Remove unused + !BuildIgnore: samba-client + BuildRequires: libwbclient-devel + +------------------------------------------------------------------- +Mon Jan 17 06:22:41 UTC 2022 - Enzo Matsumiya + +- Update to cifs-utils 6.14 + * smbinfo is enhanced with capability to display alternate data streams + * setcifsacl is improved to optionally reorder ACEs in preferred order + * cifs.upcall regression in kerberos mount is fixed + * remove cifs-utils-6.13.tar.bz2 + * remove cifs-utils-6.13.tar.bz2.asc + * add cifs-utils-6.14.tar.bz2 + * add cifs-utils-6.14.tar.bz2.asc +- Drop upstream fixed patches: + * 0001-cifs.upcall-fix-regression-in-kerberos-mount.patch + ------------------------------------------------------------------- Fri May 14 11:13:47 UTC 2021 - Ferdinand Thiessen diff --git a/cifs-utils.spec b/cifs-utils.spec index 22ff9da..e15f0e6 100644 --- a/cifs-utils.spec +++ b/cifs-utils.spec @@ -1,7 +1,7 @@ # # spec file for package cifs-utils # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -21,7 +21,7 @@ %endif Name: cifs-utils -Version: 6.13 +Version: 6.14 Release: 0 Summary: Utilities for doing and managing mounts of the Linux CIFS filesystem License: GPL-3.0-or-later @@ -37,7 +37,6 @@ Source100: README.cifstab.migration Source1: cifs.init Patch1: fix-sbin-install-error.patch -Patch2: 0001-cifs.upcall-fix-regression-in-kerberos-mount.patch # Both SSSD and cifs-utils provide an idmap plugin for cifs.ko # /etc/cifs-utils/idmap-plugin should be a symlink to one of the 2 idmap plugins @@ -49,7 +48,7 @@ Patch2: 0001-cifs.upcall-fix-regression-in-kerberos-mount.patch %define cifs_idmap_priority 20 BuildRequires: update-alternatives Requires(post): update-alternatives -Requires(preun): update-alternatives +Requires(preun):update-alternatives # cifs-utils 6.8 switched to python for man page generation # we need to require either py2 or py3 package @@ -83,14 +82,13 @@ BuildRequires: libcap-ng-devel %else BuildRequires: libcap-devel %endif -#!BuildIgnore: samba-client BuildRequires: libtalloc-devel %if 0%{?suse_version} > 1110 BuildRequires: fdupes %endif -BuildRequires: libwbclient-devel BuildRequires: pam-devel BuildRequires: pkg-config +BuildRequires: pkgconfig(wbclient) Requires: keyutils %if ! %{defined _rundir} %define _rundir %{_localstatedir}/run @@ -134,7 +132,6 @@ for i in $pyscripts; do done %patch1 -p1 -%patch2 -p1 %build export CFLAGS="%{optflags} -D_GNU_SOURCE -fpie" diff --git a/fix-sbin-install-error.patch b/fix-sbin-install-error.patch index 9cdf414..eb7042d 100644 --- a/fix-sbin-install-error.patch +++ b/fix-sbin-install-error.patch @@ -1,7 +1,5 @@ -Index: cifs-utils-6.12/Makefile.am -=================================================================== ---- cifs-utils-6.12.orig/Makefile.am -+++ cifs-utils-6.12/Makefile.am +--- a/Makefile.am ++++ b/Makefile.am @@ -118,7 +118,7 @@ endif SUBDIRS = contrib