mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-15 17:06:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

net-fs/cifs-utils: update to 6.13-r1

Browse Source 
Update net-fs/cifs-utils to 6.13-r1, mainly to address CVE-2021-20208.
This commit is contained in:
Dongsu Park 2022-02-15 16:14:16 +01:00
parent 6d88b5ecf7
commit a0a787f0ba
9 changed files with 56 additions and 419 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
sdk_container/src/third_party/portage-stable/net-fs/cifs-utils/Manifest vendored
View File

@ -1,4 +1,2 @@
DIST cifs-utils-6.4.tar.bz2 392809 BLAKE2B 90d59cbc49e6d3cf427a43fd9deedc8ea8150e6c8a3ed93ff815445897e4a524785dd342e0547a651bd67de4495e09c6384d6b36c3ed01f9d532c6d533c9efd1 SHA512 05860ceed1e83b4f4da689d2fc1c1b48fddc0ca53ba52fc6cf26a277d6a884f5780060725c5df1401a665ac35ec5a170262ee62f61095e4a8d76348888182614
DIST cifs-utils-6.7.tar.bz2 363647 BLAKE2B 692c4b7de92c2cc5cb88591fb5b5b01ca7d925b105d10f7149e350d1b1661bb6447e71e0ca86095a9e294637d80126e54295413a685786b62c8e70cf26f893d0 SHA512 ee050a0eb4a72fbc8d773e86fbe6839ea2bf11cda5ebd071c8ead66e31b46d50ea4e1d1b26478373be53227cd60b32a90b65b5cb989b5a8237cddfc65bad8e5e
DIST cifs-utils-6.8.tar.bz2 384426 BLAKE2B 002518f44489aefc94c47a23438b176a4056ff4d995b3ed9f25a6c6c8d4c8d7437a3158d5c592d16cb6bfcd289b937d6ac1ef0573c346993d576a88aa1fcb118 SHA512 54a094f78c9e07acc997adfe0c8d4c2fb8e15c18adcc1805450e2180f8539aaec8619e781e985b289e097932637e2de3e6815e32f59ec2fc06cfc3762b832e13
DIST cifs-utils-6.11.tar.bz2 408903 BLAKE2B 5ee7cd87b54a266750bf938396ee90b3f20c2a3446aca295ccb58cb667fbfb68be9aa0e2bbc20aa5e18ffd7f1fcd5fbb0aef3bc25fd13bb96abc5a57a0b45b4b SHA512 064c0ac75572fb44908390508462e4fdfe0686751149fd8b656a209dd961a5a24a7d9774c38c0e72fa5f9875b43aea7bf2de038c4e4a63a11664e71d9003100e
DIST cifs-utils-6.13-kerberos_mount_regression_fix.patch.xz 4336 BLAKE2B de268f815ee4fbb750bf8b7d7110a69a808682c239a7c9196468ecc4d55a26eed3b63f8d8539569e16131060f57de389ef92e1063283eb2f41e65be00ed21bb1 SHA512 13d1fb8ff7c31100bfa481e647e9d3b90d61633173b3a71683246d7bb4b68c7e147d21697a17b7ad60e1ac8da2d48d6f4b51762370536a32d14da6c9a6db7e5e
DIST cifs-utils-6.13.tar.bz2 414584 BLAKE2B 5133ea39fc65acaf2a9791f8ac97dee681dd12f509e0abd095542ce663e7c62002b033dcf35f0a8eec214cb9940597fb568fd50d4cfe5271ca4e433afbe1a7bc SHA512 1337ac4b69f0c3e8d0241eb608207ba81dfa35f84c661649d25da78637882c4d73467b0f632be0bd120362e0b786e40eb340bffcf21c8a09629c441100fd10de

27
sdk_container/src/third_party/portage-stable/net-fs/cifs-utils/cifs-utils-6.11.ebuild → sdk_container/src/third_party/portage-stable/net-fs/cifs-utils/cifs-utils-6.13-r1.ebuild vendored
View File

@ -1,18 +1,22 @@
# Copyright 1999-2020 Gentoo Authors
# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
inherit autotools bash-completion-r1 linux-info multilib pam
PYTHON_COMPAT=( python3_{8..10} )
inherit autotools bash-completion-r1 linux-info multilib pam python-single-r1
DESCRIPTION="Tools for Managing Linux CIFS Client Filesystems"
HOMEPAGE="https://wiki.samba.org/index.php/LinuxCIFS_utils"
SRC_URI="https://ftp.samba.org/pub/linux-cifs/${PN}/${P}.tar.bz2"
SRC_URI+=" https://dev.gentoo.org/~polynomial-c/${P}-kerberos_mount_regression_fix.patch.xz"
LICENSE="GPL-3"
SLOT="0"
KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~mips ppc ppc64 ~s390 sparc x86 ~x86-linux"
IUSE="+acl +ads +caps creds pam systemd"
KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x86-linux"
IUSE="+acl +ads +caps creds pam +python systemd"
RDEPEND="
!net-fs/mount-cifs
@ -23,6 +27,7 @@ RDEPEND="
)
caps? ( sys-libs/libcap-ng )
pam? ( sys-libs/pam )
python? ( ${PYTHON_DEPS} )
"
DEPEND="${RDEPEND}"
BDEPEND="dev-python/docutils"
@ -30,11 +35,17 @@ PDEPEND="
acl? ( >=net-fs/samba-4.0.0_alpha1 )
"
REQUIRED_USE="acl? ( ads )"
REQUIRED_USE="
acl? ( ads )
python? ( ${PYTHON_REQUIRED_USE} )
"
DOCS="doc/linux-cifs-client-guide.odt"
PATCHES=( "${FILESDIR}/${PN}-6.10-ln_in_destdir.patch" )
PATCHES=(
"${FILESDIR}/${PN}-6.12-ln_in_destdir.patch" #766594
"${WORKDIR}/${P}-kerberos_mount_regression_fix.patch" #809023
)
pkg_setup() {
linux-info_pkg_setup
@ -49,6 +60,8 @@ pkg_setup() {
ewarn
ewarn "and recompile your kernel ..."
fi
python-single-r1_pkg_setup
}
src_prepare() {
@ -72,6 +85,7 @@ src_configure() {
$(use_enable creds cifscreds)
$(use_enable pam)
$(use_with pam pamdir $(getpam_mod_dir))
$(use_enable python pythontools)
# mount.cifs can get passwords from systemd
$(use_enable systemd)
)
@ -103,6 +117,7 @@ src_install() {
fi
dobashcomp bash-completion/smbinfo
python_fix_shebang "${ED}"
}
pkg_postinst() {

106
sdk_container/src/third_party/portage-stable/net-fs/cifs-utils/cifs-utils-6.4.ebuild vendored
View File

@ -1,106 +0,0 @@
# Copyright 1999-2017 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
EAPI=5
inherit eutils linux-info multilib
DESCRIPTION="Tools for Managing Linux CIFS Client Filesystems"
HOMEPAGE="https://wiki.samba.org/index.php/LinuxCIFS_utils"
SRC_URI="https://www.samba.org/ftp/pub/linux-cifs/${PN}/${P}.tar.bz2"
LICENSE="GPL-3"
SLOT="0"
KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~arm-linux ~x86-linux"
IUSE="+acl +ads +caps +caps-ng creds"
DEPEND="!net-fs/mount-cifs
!<net-fs/samba-3.6_rc1
ads? (
sys-apps/keyutils
sys-libs/talloc
virtual/krb5
)
caps? ( !caps-ng? ( sys-libs/libcap ) )
caps? ( caps-ng? ( sys-libs/libcap-ng ) )
creds? ( sys-apps/keyutils )"
PDEPEND="${DEPEND}
acl? ( || (
=net-fs/samba-3.6*[winbind]
>=net-fs/samba-4.0.0_alpha1
) )
"
REQUIRED_USE="acl? ( ads )"
DOCS="doc/linux-cifs-client-guide.odt"
pkg_setup() {
linux-info_pkg_setup
if ! linux_config_exists || ! linux_chkconfig_present CIFS; then
ewarn "You must enable CIFS support in your kernel config, "
ewarn "to be able to mount samba shares. You can find it at"
ewarn
ewarn " File systems"
ewarn " Network File Systems"
ewarn " CIFS support"
ewarn
ewarn "and recompile your kernel ..."
fi
}
src_configure() {
ROOTSBINDIR="${EPREFIX}"/sbin \
econf \
$(use_enable acl cifsacl cifsidmap) \
$(use_enable ads cifsupcall) \
$(use caps && use_with !caps-ng libcap || echo --without-libcap) \
$(use caps && use_with caps-ng libcap-ng || echo --without-libcap-ng) \
$(use_enable creds cifscreds)
}
src_install() {
default
# remove empty directories
find "${ED}" -type d -print0 | xargs --null rmdir \
--ignore-fail-on-non-empty &>/dev/null
if use acl ; then
dodir /etc/cifs-utils
dosym /usr/$(get_libdir)/cifs-utils/idmapwb.so \
/etc/cifs-utils/idmap-plugin
dodir /etc/request-key.d
echo 'create cifs.idmap * * /usr/sbin/cifs.idmap %k' \
> "${ED}/etc/request-key.d/cifs.idmap.conf"
fi
if use ads ; then
dodir /etc/request-key.d
echo 'create dns_resolver * * /usr/sbin/cifs.upcall %k' \
> "${ED}/etc/request-key.d/cifs.upcall.conf"
echo 'create cifs.spnego * * /usr/sbin/cifs.upcall %k' \
> "${ED}/etc/request-key.d/cifs.spnego.conf"
fi
}
pkg_postinst() {
# Inform about set-user-ID bit of mount.cifs
ewarn "setuid use flag was dropped due to multiple security implications"
ewarn "such as CVE-2009-2948, CVE-2011-3585 and CVE-2012-1586"
ewarn "You are free to set setuid flags by yourself"
# Inform about upcall usage
if use acl ; then
einfo "The cifs.idmap utility has been enabled by creating the"
einfo "configuration file /etc/request-key.d/cifs.idmap.conf"
einfo "This enables you to get and set CIFS acls."
fi
if use ads ; then
einfo "The cifs.upcall utility has been enabled by creating the"
einfo "configuration file /etc/request-key.d/cifs.upcall.conf"
einfo "This enables you to mount DFS shares."
fi
}

123
sdk_container/src/third_party/portage-stable/net-fs/cifs-utils/cifs-utils-6.7.ebuild vendored
View File

@ -1,123 +0,0 @@
# Copyright 1999-2018 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
EAPI=6
inherit autotools eutils linux-info multilib pam
DESCRIPTION="Tools for Managing Linux CIFS Client Filesystems"
HOMEPAGE="https://wiki.samba.org/index.php/LinuxCIFS_utils"
SRC_URI="https://ftp.samba.org/pub/linux-cifs/${PN}/${P}.tar.bz2"
LICENSE="GPL-3"
SLOT="0"
KEYWORDS="alpha amd64 arm ~arm64 ~hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~arm-linux ~x86-linux"
IUSE="+acl +ads +caps +caps-ng creds pam"
RDEPEND="
!net-fs/mount-cifs
!<net-fs/samba-3.6_rc1
sys-apps/keyutils
ads? (
sys-libs/talloc
virtual/krb5
)
caps? ( !caps-ng? ( sys-libs/libcap ) )
caps? ( caps-ng? ( sys-libs/libcap-ng ) )
pam? ( virtual/pam )
"
DEPEND="${RDEPEND}"
PDEPEND="
acl? ( >=net-fs/samba-4.0.0_alpha1 )
"
REQUIRED_USE="acl? ( ads )"
DOCS="doc/linux-cifs-client-guide.odt"
PATCHES=(
"${FILESDIR}/${P}-talloc.patch"
)
pkg_setup() {
linux-info_pkg_setup
if ! linux_config_exists || ! linux_chkconfig_present CIFS; then
ewarn "You must enable CIFS support in your kernel config, "
ewarn "to be able to mount samba shares. You can find it at"
ewarn
ewarn " File systems"
ewarn " Network File Systems"
ewarn " CIFS support"
ewarn
ewarn "and recompile your kernel ..."
fi
}
src_prepare() {
default
if has_version app-crypt/heimdal ; then
# https://bugs.gentoo.org/612584
eapply "${FILESDIR}/${PN}-6.7-heimdal.patch"
fi
eautoreconf
}
src_configure() {
ROOTSBINDIR="${EPREFIX}"/sbin \
econf \
$(use_enable acl cifsacl cifsidmap) \
$(use_enable ads cifsupcall) \
$(use caps && use_with !caps-ng libcap || echo --without-libcap) \
$(use caps && use_with caps-ng libcap-ng || echo --without-libcap-ng) \
$(use_enable creds cifscreds) \
$(use_enable pam) \
$(use_with pam pamdir $(getpam_mod_dir))
}
src_install() {
default
# remove empty directories
find "${ED}" -type d -print0 | xargs --null rmdir \
--ignore-fail-on-non-empty &>/dev/null
if use acl ; then
dodir /etc/cifs-utils
dosym /usr/$(get_libdir)/cifs-utils/idmapwb.so \
/etc/cifs-utils/idmap-plugin
dodir /etc/request-key.d
echo 'create cifs.idmap * * /usr/sbin/cifs.idmap %k' \
> "${ED}/etc/request-key.d/cifs.idmap.conf"
fi
if use ads ; then
dodir /etc/request-key.d
echo 'create dns_resolver * * /usr/sbin/cifs.upcall %k' \
> "${ED}/etc/request-key.d/cifs.upcall.conf"
echo 'create cifs.spnego * * /usr/sbin/cifs.upcall %k' \
> "${ED}/etc/request-key.d/cifs.spnego.conf"
fi
}
pkg_postinst() {
# Inform about set-user-ID bit of mount.cifs
ewarn "setuid use flag was dropped due to multiple security implications"
ewarn "such as CVE-2009-2948, CVE-2011-3585 and CVE-2012-1586"
ewarn "You are free to set setuid flags by yourself"
# Inform about upcall usage
if use acl ; then
einfo "The cifs.idmap utility has been enabled by creating the"
einfo "configuration file /etc/request-key.d/cifs.idmap.conf"
einfo "This enables you to get and set CIFS acls."
fi
if use ads ; then
einfo "The cifs.upcall utility has been enabled by creating the"
einfo "configuration file /etc/request-key.d/cifs.upcall.conf"
einfo "This enables you to mount DFS shares."
fi
}

121
sdk_container/src/third_party/portage-stable/net-fs/cifs-utils/cifs-utils-6.8.ebuild vendored
View File

@ -1,121 +0,0 @@
# Copyright 1999-2018 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
EAPI=6
inherit autotools eutils linux-info multilib pam
DESCRIPTION="Tools for Managing Linux CIFS Client Filesystems"
HOMEPAGE="https://wiki.samba.org/index.php/LinuxCIFS_utils"
SRC_URI="https://ftp.samba.org/pub/linux-cifs/${PN}/${P}.tar.bz2"
LICENSE="GPL-3"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~arm-linux ~x86-linux"
IUSE="+acl +ads +caps +caps-ng creds pam"
RDEPEND="
!net-fs/mount-cifs
!<net-fs/samba-3.6_rc1
sys-apps/keyutils
ads? (
sys-libs/talloc
virtual/krb5
)
caps? ( !caps-ng? ( sys-libs/libcap ) )
caps? ( caps-ng? ( sys-libs/libcap-ng ) )
pam? ( virtual/pam )
"
DEPEND="${RDEPEND}"
PDEPEND="
acl? ( >=net-fs/samba-4.0.0_alpha1 )
"
REQUIRED_USE="acl? ( ads )"
DOCS="doc/linux-cifs-client-guide.odt"
pkg_setup() {
linux-info_pkg_setup
if ! linux_config_exists || ! linux_chkconfig_present CIFS; then
ewarn "You must enable CIFS support in your kernel config, "
ewarn "to be able to mount samba shares. You can find it at"
ewarn
ewarn " File systems"
ewarn " Network File Systems"
ewarn " CIFS support"
ewarn
ewarn "and recompile your kernel ..."
fi
}
src_prepare() {
default
if has_version app-crypt/heimdal ; then
# https://bugs.gentoo.org/612584
eapply "${FILESDIR}/${PN}-6.7-heimdal.patch"
fi
eautoreconf
}
src_configure() {
local myeconfargs=(
$(use_enable acl cifsacl cifsidmap)
$(use_enable ads cifsupcall)
$(use caps && use_with !caps-ng libcap || echo --without-libcap)
$(use caps && use_with caps-ng libcap-ng || echo --without-libcap-ng)
$(use_enable creds cifscreds)
$(use_enable pam)
$(use_with pam pamdir $(getpam_mod_dir))
)
ROOTSBINDIR="${EPREFIX}"/sbin \
econf "${myeconfargs[@]}"
}
src_install() {
default
# remove empty directories
find "${ED}" -type d -print0 | xargs --null rmdir \
--ignore-fail-on-non-empty &>/dev/null
if use acl ; then
dodir /etc/cifs-utils
dosym /usr/$(get_libdir)/cifs-utils/idmapwb.so \
/etc/cifs-utils/idmap-plugin
dodir /etc/request-key.d
echo 'create cifs.idmap * * /usr/sbin/cifs.idmap %k' \
> "${ED}/etc/request-key.d/cifs.idmap.conf"
fi
if use ads ; then
dodir /etc/request-key.d
echo 'create dns_resolver * * /usr/sbin/cifs.upcall %k' \
> "${ED}/etc/request-key.d/cifs.upcall.conf"
echo 'create cifs.spnego * * /usr/sbin/cifs.upcall %k' \
> "${ED}/etc/request-key.d/cifs.spnego.conf"
fi
}
pkg_postinst() {
# Inform about set-user-ID bit of mount.cifs
ewarn "setuid use flag was dropped due to multiple security implications"
ewarn "such as CVE-2009-2948, CVE-2011-3585 and CVE-2012-1586"
ewarn "You are free to set setuid flags by yourself"
# Inform about upcall usage
if use acl ; then
einfo "The cifs.idmap utility has been enabled by creating the"
einfo "configuration file /etc/request-key.d/cifs.idmap.conf"
einfo "This enables you to get and set CIFS acls."
fi
if use ads ; then
einfo "The cifs.upcall utility has been enabled by creating the"
einfo "configuration file /etc/request-key.d/cifs.upcall.conf"
einfo "This enables you to mount DFS shares."
fi
}

26
sdk_container/src/third_party/portage-stable/net-fs/cifs-utils/files/cifs-utils-6.10-ln_in_destdir.patch vendored
View File

@ -1,26 +0,0 @@
Fix sandbox violation caused by calling ln in /sbin instead of $(DESTDIR)/sbin
Also fixed an inverted race condition when installing with MAKEOPTS="-j1"
jer found this:
install-root_sbinPROGRAMS is called from install-data-am but
install-exec-hook is called from install-exec-am
So moving the failing ln call into install-data-hook for now...
--- cifs-utils-6.10/Makefile.am
+++ cifs-utils-6.10/Makefile.am
@@ -118,11 +118,9 @@
SUBDIRS = contrib
-install-exec-hook:
- (cd $(ROOTSBINDIR) && ln -sf mount.cifs mount.smb3)
-
install-data-hook:
- (cd $(man8dir) && ln -sf mount.cifs.8 mount.smb3.8)
+ (cd $(DESTDIR)$(ROOTSBINDIR) && ln -sf mount.cifs mount.smb3)
+ (cd $(DESTDIR)$(man8dir) && ln -sf mount.cifs.8 mount.smb3.8)
uninstall-hook:
(cd $(ROOTSBINDIR) && rm -f $(ROOTSBINDIR)/mount.smb3)

22
sdk_container/src/third_party/portage-stable/net-fs/cifs-utils/files/cifs-utils-6.12-ln_in_destdir.patch vendored Normal file
View File

@ -0,0 +1,22 @@
Fixed an inverted race condition when installing with MAKEOPTS="-j1"
jer found this:
install-root_sbinPROGRAMS is called from install-data-am but
install-exec-hook is called from install-exec-am
So moving the failing ln call into install-data-hook for now...
--- cifs-utils-6.12/Makefile.am
+++ cifs-utils-6.12/Makefile.am
@@ -117,10 +117,8 @@
SUBDIRS = contrib
-install-exec-hook: install-sbinPROGRAMS
+install-data-hook: install-sbinPROGRAMS
(cd $(DESTDIR)$(ROOTSBINDIR) && ln -sf mount.cifs mount.smb3)
-
-install-data-hook:
if CONFIG_MAN
( cd $(DESTDIR)$(man8dir) && ln -sf mount.cifs.8 mount.smb3.8)
endif

29
sdk_container/src/third_party/portage-stable/net-fs/cifs-utils/files/cifs-utils-6.7-talloc.patch vendored
View File

@ -1,29 +0,0 @@
https://bugs.gentoo.org/show_bug.cgi?id=612018
From: Thomas Witt <pyromaniac@exherbo.org>
Date: Wed, 15 Mar 2017 20:20:44 +0000 (+0000)
Subject: mount.cifs: Remove data_blob.h include
X-Git-Url: https://git.samba.org/?p=cifs-utils.git;a=commitdiff_plain;h=272d523a57a4e8791d625a479128613be5e401f5
mount.cifs: Remove data_blob.h include
data_blob.h includes talloc.h from libtalloc, but that is only marked as
a dependency for cifs.upcall. No symbols from that header are used by
cifs.mount, so remove it to avoid the libtalloc dependency
Signed-off-by: Thomas Witt <pyromaniac@exherbo.org>
---
diff --git a/mount.cifs.c b/mount.cifs.c
index 13b71ef..2612feb 100644
--- a/mount.cifs.c
+++ b/mount.cifs.c
@@ -61,7 +61,6 @@
#include "mount.h"
#include "util.h"
#include "resolve_host.h"
-#include "data_blob.h"
#ifndef MS_MOVE
#define MS_MOVE 8192

15
sdk_container/src/third_party/portage-stable/net-fs/cifs-utils/metadata.xml vendored
View File

@ -1,15 +1,22 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="project">
<email>samba@gentoo.org</email>
<name>Samba Team</name>
</maintainer>
<longdescription>The in-kernel CIFS filesystem relies on a set of user-space tools. That package of tools is called cifs-utils. Although not really part of Samba proper, these tools were originally part of the Samba package. For several reasons, shipping these tools as part of Samba was problematic and it was deemed better to split them off into their own package</longdescription>
<longdescription>
The in-kernel CIFS filesystem relies on a set of user-space
tools. That package of tools is called cifs-utils. Although not
really part of Samba proper, these tools were originally part of
the Samba package. For several reasons, shipping these tools as
part of Samba was problematic and it was deemed better to split
them off into their own package
</longdescription>
<use>
<flag name="ads">Enable Active Directory support and create cifs.idmap binary - idmap support</flag>
<flag name="caps">libcap support</flag>
<flag name="caps-ng">libcap-ng support</flag>
<flag name="caps">Enable <pkg>sys-libs/libcap-ng</pkg> support</flag>
<flag name="creds">cifs credentials support</flag>
<flag name="python">Enable support for python and install python tools</flag>
</use>
</pkgmetadata>