[arch-commits] Commit in cifs-utils/repos (3 files)

Tobias Powalowski tpowa at archlinux.org
Wed Dec 9 09:33:39 UTC 2020 

    Date: Wednesday, December 9, 2020 @ 09:33:39
  Author: tpowa
Revision: 403183

archrelease: copy trunk to testing-x86_64

Added:
  cifs-utils/repos/testing-x86_64/
  cifs-utils/repos/testing-x86_64/PKGBUILD
    (from rev 403182, cifs-utils/trunk/PKGBUILD)
  cifs-utils/repos/testing-x86_64/cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1.patch
    (from rev 403182, cifs-utils/trunk/cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1.patch)

-----------------------------------------------------------+
 PKGBUILD                                                  |   46 +++++
 cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1.patch |  101 ++++++++++++
 2 files changed, 147 insertions(+)

Copied: cifs-utils/repos/testing-x86_64/PKGBUILD (from rev 403182, cifs-utils/trunk/PKGBUILD)
===================================================================
--- testing-x86_64/PKGBUILD	                        (rev 0)
+++ testing-x86_64/PKGBUILD	2020-12-09 09:33:39 UTC (rev 403183)
@@ -0,0 +1,46 @@
+# Maintainer: Tobias Powalowski <tpowa at archlinux.org>
+pkgname=cifs-utils
+pkgver=6.11
+pkgrel=2
+pkgdesc="CIFS filesystem user-space tools"
+arch=(x86_64)
+url="https://wiki.samba.org/index.php/LinuxCIFS_utils"
+license=('GPL')
+depends=('libcap-ng' 'keyutils' 'krb5' 'talloc' 'libwbclient' 'pam')
+makedepends=('python-docutils')
+source=("https://download.samba.org/pub/linux-cifs/$pkgname/$pkgname-$pkgver.tar.bz2"{,.asc}
+	"cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1.patch")
+
+validpgpkeys=('C699981A31F338706C817650DF5BA9D30642D5A0') #cifs-utils Distribution Verification Key <cifs-utils at samba.org>
+sha256sums=('b859239a3f204f8220d3e54ed43bf8109e1ef202042dd87ba87492f8878728d9'
+            'SKIP'
+            '0edcd01eb3e721a5726cc00160667dc2f7c935883bad71711288488081f81e5b')
+
+prepare() {
+  # Fix install to honor DESTDIR
+  sed -e 's|\$(man8dir)|$(DESTDIR)$(man8dir)|g' -e 's|cd \$(ROOTSBINDIR)|cd $(DESTDIR)$(ROOTSBINDIR)|g' -i $pkgname-$pkgver/Makefile.am
+  cd "$srcdir/$pkgname-$pkgver"
+  patch -Np1 -i $srcdir/cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1.patch
+}
+
+build() {
+  cd "$srcdir/$pkgname-$pkgver"
+  # systemd support is broken in mount.cifs
+  # https://bugs.archlinux.org/task/30958
+  autoreconf -i
+  ./configure --prefix=/usr --sbindir=/usr/bin --disable-systemd
+  make
+}
+
+package() {
+  cd "$srcdir/$pkgname-$pkgver"
+  make DESTDIR="$pkgdir" ROOTSBINDIR=/usr/bin install
+  mkdir -p "$pkgdir"/etc/request-key.d
+  install -m 644 contrib/request-key.d/cifs.idmap.conf "$pkgdir"/etc/request-key.d
+  install -m 644 contrib/request-key.d/cifs.spnego.conf "$pkgdir"/etc/request-key.d
+  # set mount.cifs uid, to enable none root mounting form fstab
+  chmod +s "$pkgdir"/usr/bin/mount.cifs
+  # fix idmap-plugin #42052
+  mkdir -p "$pkgdir"/etc/cifs-utils
+  ln -s /usr/lib/cifs-utils/idmapwb.so "${pkgdir}"/etc/cifs-utils/idmap-plugin
+}

Copied: cifs-utils/repos/testing-x86_64/cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1.patch (from rev 403182, cifs-utils/trunk/cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1.patch)
===================================================================
--- testing-x86_64/cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1.patch	                        (rev 0)
+++ testing-x86_64/cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1.patch	2020-12-09 09:33:39 UTC (rev 403183)
@@ -0,0 +1,101 @@
+From f4e7c84467152624a288351321c8664dbf3364af Mon Sep 17 00:00:00 2001
+From: Jonas Witschel <diabonas at archlinux.org>
+Date: Sat, 21 Nov 2020 11:41:26 +0100
+Subject: [PATCH 1/2] mount.cifs: update the cap bounding set only when
+ CAP_SETPCAP is given
+
+libcap-ng 0.8.1 tightened the error checking on capng_apply, returning an error
+of -4 when trying to update the capability bounding set without having the
+CAP_SETPCAP capability to be able to do so. Previous versions of libcap-ng
+silently skipped updating the bounding set and only updated the normal
+CAPNG_SELECT_CAPS capabilities instead.
+
+Check beforehand whether we have CAP_SETPCAP, in which case we can use
+CAPNG_SELECT_BOTH to update both the normal capabilities and the bounding set.
+Otherwise, we can at least update the normal capabilities, but refrain from
+trying to update the bounding set to avoid getting an error.
+
+Signed-off-by: Jonas Witschel <diabonas at archlinux.org>
+---
+ mount.cifs.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/mount.cifs.c b/mount.cifs.c
+index 4feb397..88b8b69 100644
+--- a/mount.cifs.c
++++ b/mount.cifs.c
+@@ -338,6 +338,8 @@ static int set_password(struct parsed_mount_info *parsed_info, const char *src)
+ static int
+ drop_capabilities(int parent)
+ {
++	capng_select_t set = CAPNG_SELECT_CAPS;
++
+ 	capng_setpid(getpid());
+ 	capng_clear(CAPNG_SELECT_BOTH);
+ 	if (parent) {
+@@ -355,7 +357,10 @@ drop_capabilities(int parent)
+ 			return EX_SYSERR;
+ 		}
+ 	}
+-	if (capng_apply(CAPNG_SELECT_BOTH)) {
++	if (capng_have_capability(CAPNG_EFFECTIVE, CAP_SETPCAP)) {
++		set = CAPNG_SELECT_BOTH;
++	}
++	if (capng_apply(set)) {
+ 		fprintf(stderr, "Unable to apply new capability set.\n");
+ 		return EX_SYSERR;
+ 	}
+-- 
+2.29.2
+
+
+From 64dfbafe7a0639a96d67f0b840b6e6498e1f68a9 Mon Sep 17 00:00:00 2001
+From: Jonas Witschel <diabonas at archlinux.org>
+Date: Sat, 21 Nov 2020 11:48:33 +0100
+Subject: [PATCH 2/2] cifs.upall: update the cap bounding set only when
+ CAP_SETPCAP is given
+
+libcap-ng 0.8.1 tightened the error checking on capng_apply, returning an error
+of -4 when trying to update the capability bounding set without having the
+CAP_SETPCAP capability to be able to do so. Previous versions of libcap-ng
+silently skipped updating the bounding set and only updated the normal
+CAPNG_SELECT_CAPS capabilities instead.
+
+Check beforehand whether we have CAP_SETPCAP, in which case we can use
+CAPNG_SELECT_BOTH to update both the normal capabilities and the bounding set.
+Otherwise, we can at least update the normal capabilities, but refrain from
+trying to update the bounding set to avoid getting an error.
+
+Signed-off-by: Jonas Witschel <diabonas at archlinux.org>
+---
+ cifs.upcall.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/cifs.upcall.c b/cifs.upcall.c
+index 1559434..af1a0b0 100644
+--- a/cifs.upcall.c
++++ b/cifs.upcall.c
+@@ -88,6 +88,8 @@ typedef enum _sectype {
+ static int
+ trim_capabilities(bool need_environ)
+ {
++	capng_select_t set = CAPNG_SELECT_CAPS;
++
+ 	capng_clear(CAPNG_SELECT_BOTH);
+ 
+ 	/* SETUID and SETGID to change uid, gid, and grouplist */
+@@ -105,7 +107,10 @@ trim_capabilities(bool need_environ)
+ 		return 1;
+ 	}
+ 
+-	if (capng_apply(CAPNG_SELECT_BOTH)) {
++	if (capng_have_capability(CAPNG_EFFECTIVE, CAP_SETPCAP)) {
++		set = CAPNG_SELECT_BOTH;
++	}
++	if (capng_apply(set)) {
+ 		syslog(LOG_ERR, "%s: Unable to apply capability set: %m\n", __func__);
+ 		return 1;
+ 	}
+-- 
+2.29.2
+

More information about the arch-commits mailing list