[arch-commits] Commit in cifs-utils/trunk (2 files)

Tobias Powalowski tpowa at archlinux.org
Thu Dec 17 09:37:49 UTC 2020


    Date: Thursday, December 17, 2020 @ 09:37:48
  Author: tpowa
Revision: 404431

upgpkg: cifs-utils 6.11-3: fix #68666

Added:
  cifs-utils/trunk/cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1_part-2.patch
Modified:
  cifs-utils/trunk/PKGBUILD

------------------------------------------------------------------+
 PKGBUILD                                                         |   11 +
 cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1_part-2.patch |   58 ++++++++++
 2 files changed, 65 insertions(+), 4 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2020-12-17 09:19:52 UTC (rev 404430)
+++ PKGBUILD	2020-12-17 09:37:48 UTC (rev 404431)
@@ -1,7 +1,7 @@
 # Maintainer: Tobias Powalowski <tpowa at archlinux.org>
 pkgname=cifs-utils
 pkgver=6.11
-pkgrel=2
+pkgrel=3
 pkgdesc="CIFS filesystem user-space tools"
 arch=(x86_64)
 url="https://wiki.samba.org/index.php/LinuxCIFS_utils"
@@ -9,18 +9,21 @@
 depends=('libcap-ng' 'keyutils' 'krb5' 'talloc' 'libwbclient' 'pam')
 makedepends=('python-docutils')
 source=("https://download.samba.org/pub/linux-cifs/$pkgname/$pkgname-$pkgver.tar.bz2"{,.asc}
-	"cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1.patch")
+	"cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1.patch"
+        "cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1_part-2.patch")
 
 validpgpkeys=('C699981A31F338706C817650DF5BA9D30642D5A0') #cifs-utils Distribution Verification Key <cifs-utils at samba.org>
 sha256sums=('b859239a3f204f8220d3e54ed43bf8109e1ef202042dd87ba87492f8878728d9'
             'SKIP'
-            '0edcd01eb3e721a5726cc00160667dc2f7c935883bad71711288488081f81e5b')
+            '0edcd01eb3e721a5726cc00160667dc2f7c935883bad71711288488081f81e5b'
+            'acdf75f2d3895d60414f19b2401f3349af23252717bf669529848f9d35d70604')
 
 prepare() {
   # Fix install to honor DESTDIR
   sed -e 's|\$(man8dir)|$(DESTDIR)$(man8dir)|g' -e 's|cd \$(ROOTSBINDIR)|cd $(DESTDIR)$(ROOTSBINDIR)|g' -i $pkgname-$pkgver/Makefile.am
   cd "$srcdir/$pkgname-$pkgver"
-  patch -Np1 -i $srcdir/cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1.patch
+  patch -Np1 -i "$srcdir/cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1.patch"
+  patch -Np1 -i "$srcdir/cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1_part-2.patch"
 }
 
 build() {

Added: cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1_part-2.patch
===================================================================
--- cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1_part-2.patch	                        (rev 0)
+++ cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1_part-2.patch	2020-12-17 09:37:48 UTC (rev 404431)
@@ -0,0 +1,58 @@
+From 0fddcee4b1b9c9f16b3cfe1b2daec87d2b8b19dd Mon Sep 17 00:00:00 2001
+From: Alexander Koch <mail at alexanderkoch.net>
+Date: Wed, 16 Dec 2020 18:02:31 +0100
+Subject: [PATCH] cifs.upcall: drop bounding capabilities only if CAP_SETPCAP
+ is given
+
+Make drop_call_capabilities() in cifs.upcall update the bounding capabilities
+only if CAP_SETCAP is present.
+
+This is an addendum to the patch recently provided in [1]. Without this
+additional change, cifs.upcall can still fail while trying to mount a CIFS
+network share with krb5:
+
+  kernel: CIFS: Attempting to mount //server.domain.lan/myshare
+  cifs.upcall[39484]: key description: cifs.spnego;0;0;39010000;ver=0x2;host=server.domain.lan>
+  cifs.upcall[39484]: ver=2
+  cifs.upcall[39484]: host=server.domain.lan
+  cifs.upcall[39484]: ip=172.22.3.14
+  cifs.upcall[39484]: sec=1
+  cifs.upcall[39484]: uid=1000
+  cifs.upcall[39484]: creduid=1000
+  cifs.upcall[39484]: user=username
+  cifs.upcall[39484]: pid=39481
+  cifs.upcall[39484]: get_cachename_from_process_env: pathname=/proc/39481/environ
+  cifs.upcall[39484]: get_cachename_from_process_env: cachename = FILE:/tmp/.krb5cc_1000
+  cifs.upcall[39484]: drop_all_capabilities: Unable to apply capability set: Success
+  cifs.upcall[39484]: Exit status 1
+
+[1] https://marc.info/?l=linux-cifs&m=160595758021261
+
+Signed-off-by: Alexander Koch <mail at alexanderkoch.net>
+Signed-off-by: Jonas Witschel <diabonas at archlinux.org>
+---
+ cifs.upcall.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/cifs.upcall.c b/cifs.upcall.c
+index 1559434..b62ab50 100644
+--- a/cifs.upcall.c
++++ b/cifs.upcall.c
+@@ -115,8 +115,13 @@ trim_capabilities(bool need_environ)
+ static int
+ drop_all_capabilities(void)
+ {
++	capng_select_t set = CAPNG_SELECT_CAPS;
++
+ 	capng_clear(CAPNG_SELECT_BOTH);
+-	if (capng_apply(CAPNG_SELECT_BOTH)) {
++	if (capng_have_capability(CAPNG_EFFECTIVE, CAP_SETPCAP)) {
++		set = CAPNG_SELECT_BOTH;
++	}
++	if (capng_apply(set)) {
+ 		syslog(LOG_ERR, "%s: Unable to apply capability set: %m\n", __func__);
+ 		return 1;
+ 	}
+-- 
+2.29.2
+



More information about the arch-commits mailing list