summaryrefslogtreecommitdiff
path: root/net-fs
diff options
context:
space:
mode:
authorLars Wendler <polynomial-c@gentoo.org>2016-06-11 14:14:51 +0200
committerLars Wendler <polynomial-c@gentoo.org>2016-06-11 14:15:06 +0200
commitaa17a42524f5b3a67e8565b9b333ff9206f0b625 (patch)
treea5cf1036f86b8d74c9ed7797953cca3d72e2f19e /net-fs
parentmedia-sound/banshee: amd64 stable, bug 584468 (diff)
downloadgentoo-aa17a42524f5b3a67e8565b9b333ff9206f0b625.tar.gz
gentoo-aa17a42524f5b3a67e8565b9b333ff9206f0b625.tar.bz2
gentoo-aa17a42524f5b3a67e8565b9b333ff9206f0b625.zip
net-fs/cifs-utils: Security cleanup (bug 552634).
Package-Manager: portage-2.2.28 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
Diffstat (limited to 'net-fs')
-rw-r--r--net-fs/cifs-utils/Manifest1
-rw-r--r--net-fs/cifs-utils/cifs-utils-6.1-r1.ebuild110
-rw-r--r--net-fs/cifs-utils/files/cifs-utils-6.1-hardcoded-path.patch44
3 files changed, 0 insertions, 155 deletions
diff --git a/net-fs/cifs-utils/Manifest b/net-fs/cifs-utils/Manifest
index 9777594a25e3..cc08b24700fc 100644
--- a/net-fs/cifs-utils/Manifest
+++ b/net-fs/cifs-utils/Manifest
@@ -1,3 +1,2 @@
-DIST cifs-utils-6.1.tar.bz2 390958 SHA256 381f1e9caccdafdcdb0efa32a4cceb77c1a96b0b58702394e4b86dac4825f3b5 SHA512 6427b74edbf56b865dee38a610c74ac5483cdc13096082cfc1e9d225a048c9b5ee0c7afb30e625a615a0e8e9f3767e33765220e27148e2c2a29d12d4129b01fd WHIRLPOOL a800a02a0729996035a331b460cb28ae5463ddecaf205d88173dc08efd7a2bee577995ebba97b36977858c8435ac3b7ec9c7ce5d193f8b30d0602f9546fed5b1
DIST cifs-utils-6.4.tar.bz2 392809 SHA256 38fc63926af435dae4ebcf4406275580a692d9fb9ee3e32170317cf2ba68e6e3 SHA512 05860ceed1e83b4f4da689d2fc1c1b48fddc0ca53ba52fc6cf26a277d6a884f5780060725c5df1401a665ac35ec5a170262ee62f61095e4a8d76348888182614 WHIRLPOOL 335262eb329860318750fcd081dc2c082f36c75a32e5e596a45b51e73b08be7ee66133c2e4e2bc3089631d3909018abd9c2f36f79d82cd9ea7f6fe2530900f72
DIST cifs-utils-6.5.tar.bz2 402158 SHA256 e2776578b8267c6dc0862897f5e10f87f10f8337fca9ca6a9118f5eb30cf49f7 SHA512 c5eea97d2be455ad676a3ff693641512d5c1d81d75eb1d7d08e4274b6844a1353b6791aa3ced4d8d656ed4a09b3c17ae80f289a90a3d429a8a94210e15f3e90e WHIRLPOOL 880b3c5762e791317140213fea008759b9d2599ddefb08319877ba6a5ced517fd6e0246050975ad01b74110b20f2233bb6cb505ecf3b2e05dca014ae378eaba5
diff --git a/net-fs/cifs-utils/cifs-utils-6.1-r1.ebuild b/net-fs/cifs-utils/cifs-utils-6.1-r1.ebuild
deleted file mode 100644
index c51ede49d294..000000000000
--- a/net-fs/cifs-utils/cifs-utils-6.1-r1.ebuild
+++ /dev/null
@@ -1,110 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-
-inherit eutils linux-info multilib
-
-DESCRIPTION="Tools for Managing Linux CIFS Client Filesystems"
-HOMEPAGE="http://wiki.samba.org/index.php/LinuxCIFS_utils"
-SRC_URI="ftp://ftp.samba.org/pub/linux-cifs/${PN}/${P}.tar.bz2"
-
-LICENSE="GPL-3"
-SLOT="0"
-KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64 s390 sh sparc x86 ~arm-linux ~x86-linux"
-IUSE="+acl +ads +caps +caps-ng creds"
-
-DEPEND="!net-fs/mount-cifs
- !<net-fs/samba-3.6_rc1
- ads? (
- sys-apps/keyutils
- sys-libs/talloc
- virtual/krb5
- )
- caps? ( !caps-ng? ( sys-libs/libcap ) )
- caps? ( caps-ng? ( sys-libs/libcap-ng ) )
- creds? ( sys-apps/keyutils )"
-PDEPEND="${DEPEND}
- acl? ( || (
- =net-fs/samba-3.6*[winbind]
- >=net-fs/samba-4.0.0_alpha1
- ) )
-"
-
-REQUIRED_USE="acl? ( ads )"
-
-DOCS="doc/linux-cifs-client-guide.odt"
-
-pkg_setup() {
- linux-info_pkg_setup
-
- if ! linux_config_exists || ! linux_chkconfig_present CIFS; then
- ewarn "You must enable CIFS support in your kernel config, "
- ewarn "to be able to mount samba shares. You can find it at"
- ewarn
- ewarn " File systems"
- ewarn " Network File Systems"
- ewarn " CIFS support"
- ewarn
- ewarn "and recompile your kernel ..."
- fi
-}
-
-src_prepare() {
- # Do not rely on hardcoded path to systemd-ask-password, bug #478538
- epatch "${FILESDIR}/${P}-hardcoded-path.patch"
-}
-
-src_configure() {
- ROOTSBINDIR="${EPREFIX}"/sbin \
- econf \
- $(use_enable acl cifsacl cifsidmap) \
- $(use_enable ads cifsupcall) \
- $(use caps && use_with !caps-ng libcap || echo --without-libcap) \
- $(use caps && use_with caps-ng libcap-ng || echo --without-libcap-ng) \
- $(use_enable creds cifscreds)
-}
-
-src_install() {
- default
-
- # remove empty directories
- find "${ED}" -type d -print0 | xargs --null rmdir \
- --ignore-fail-on-non-empty &>/dev/null
-
- if use acl ; then
- dodir /etc/cifs-utils
- dosym /usr/$(get_libdir)/cifs-utils/idmapwb.so \
- /etc/cifs-utils/idmap-plugin
- dodir /etc/request-key.d
- echo 'create cifs.idmap * * /usr/sbin/cifs.idmap %k' \
- > "${ED}/etc/request-key.d/cifs.idmap.conf"
- fi
-
- if use ads ; then
- dodir /etc/request-key.d
- echo 'create dns_resolver * * /usr/sbin/cifs.upcall %k' \
- > "${ED}/etc/request-key.d/cifs.upcall.conf"
- fi
-}
-
-pkg_postinst() {
- # Inform about set-user-ID bit of mount.cifs
- ewarn "setuid use flag was dropped due to multiple security implications"
- ewarn "such as CVE-2009-2948, CVE-2011-3585 and CVE-2012-1586"
- ewarn "You are free to set setuid flags by yourself"
-
- # Inform about upcall usage
- if use acl ; then
- einfo "The cifs.idmap utility has been enabled by creating the"
- einfo "configuration file /etc/request-key.d/cifs.idmap.conf"
- einfo "This enables you to get and set CIFS acls."
- fi
-
- if use ads ; then
- einfo "The cifs.upcall utility has been enabled by creating the"
- einfo "configuration file /etc/request-key.d/cifs.upcall.conf"
- einfo "This enables you to mount DFS shares."
- fi
-}
diff --git a/net-fs/cifs-utils/files/cifs-utils-6.1-hardcoded-path.patch b/net-fs/cifs-utils/files/cifs-utils-6.1-hardcoded-path.patch
deleted file mode 100644
index 2c2067fa1f92..000000000000
--- a/net-fs/cifs-utils/files/cifs-utils-6.1-hardcoded-path.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 4e315f6a02a4edb259b33bcf0665eba259fee2f2 Mon Sep 17 00:00:00 2001
-From: =?utf8?q?Micha=C5=82=20G=C3=B3rny?= <mgorny@gentoo.org>
-Date: Tue, 30 Jul 2013 10:00:26 +0200
-Subject: [PATCH] Do not rely on hardcoded path to systemd-ask-password.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=utf8
-Content-Transfer-Encoding: 8bit
-
-Relying on hardcoded /bin/systemd-ask-password path breaks systemd that
-install systemd-ask-password in /usr/bin. Since both paths are supposed
-to be in ${PATH} and popen() passes the command to shell, just pass
-'systemd-ask-password' and let the shell find it.
-
-Fixes: https://bugzilla.samba.org/show_bug.cgi?id=10054
-Signed-off-by: Michał Górny <mgorny@gentoo.org>
----
- mount.cifs.c | 4 ++--
- 1 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/mount.cifs.c b/mount.cifs.c
-index e76beee..7206dcb 100644
---- a/mount.cifs.c
-+++ b/mount.cifs.c
-@@ -1626,7 +1626,7 @@ drop_child_privs(void)
- }
-
- /*
-- * If systemd is running and /bin/systemd-ask-password --
-+ * If systemd is running and systemd-ask-password --
- * is available, then use that else fallback on getpass(..)
- *
- * Returns: @input or NULL on error
-@@ -1649,7 +1649,7 @@ get_password(const char *prompt, char *input, int capacity)
- FILE *ask_pass_fp = NULL;
-
- cmd = ret = NULL;
-- if (asprintf(&cmd, "/bin/systemd-ask-password \"%s\"", prompt) >= 0) {
-+ if (asprintf(&cmd, "systemd-ask-password \"%s\"", prompt) >= 0) {
- ask_pass_fp = popen (cmd, "re");
- free (cmd);
- }
---
-1.7.0.4
-