[arch-commits] Commit in cifs-utils/trunk (2 files)
Tobias Powalowski
tpowa at archlinux.org
Thu Dec 17 09:37:49 UTC 2020
Date: Thursday, December 17, 2020 @ 09:37:48
Author: tpowa
Revision: 404431
upgpkg: cifs-utils 6.11-3: fix #68666
Added:
cifs-utils/trunk/cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1_part-2.patch
Modified:
cifs-utils/trunk/PKGBUILD
------------------------------------------------------------------+
PKGBUILD | 11 +
cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1_part-2.patch | 58 ++++++++++
2 files changed, 65 insertions(+), 4 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2020-12-17 09:19:52 UTC (rev 404430)
+++ PKGBUILD 2020-12-17 09:37:48 UTC (rev 404431)
@@ -1,7 +1,7 @@
# Maintainer: Tobias Powalowski <tpowa at archlinux.org>
pkgname=cifs-utils
pkgver=6.11
-pkgrel=2
+pkgrel=3
pkgdesc="CIFS filesystem user-space tools"
arch=(x86_64)
url="https://wiki.samba.org/index.php/LinuxCIFS_utils"
@@ -9,18 +9,21 @@
depends=('libcap-ng' 'keyutils' 'krb5' 'talloc' 'libwbclient' 'pam')
makedepends=('python-docutils')
source=("https://download.samba.org/pub/linux-cifs/$pkgname/$pkgname-$pkgver.tar.bz2"{,.asc}
- "cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1.patch")
+ "cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1.patch"
+ "cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1_part-2.patch")
validpgpkeys=('C699981A31F338706C817650DF5BA9D30642D5A0') #cifs-utils Distribution Verification Key <cifs-utils at samba.org>
sha256sums=('b859239a3f204f8220d3e54ed43bf8109e1ef202042dd87ba87492f8878728d9'
'SKIP'
- '0edcd01eb3e721a5726cc00160667dc2f7c935883bad71711288488081f81e5b')
+ '0edcd01eb3e721a5726cc00160667dc2f7c935883bad71711288488081f81e5b'
+ 'acdf75f2d3895d60414f19b2401f3349af23252717bf669529848f9d35d70604')
prepare() {
# Fix install to honor DESTDIR
sed -e 's|\$(man8dir)|$(DESTDIR)$(man8dir)|g' -e 's|cd \$(ROOTSBINDIR)|cd $(DESTDIR)$(ROOTSBINDIR)|g' -i $pkgname-$pkgver/Makefile.am
cd "$srcdir/$pkgname-$pkgver"
- patch -Np1 -i $srcdir/cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1.patch
+ patch -Np1 -i "$srcdir/cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1.patch"
+ patch -Np1 -i "$srcdir/cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1_part-2.patch"
}
build() {
Added: cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1_part-2.patch
===================================================================
--- cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1_part-2.patch (rev 0)
+++ cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1_part-2.patch 2020-12-17 09:37:48 UTC (rev 404431)
@@ -0,0 +1,58 @@
+From 0fddcee4b1b9c9f16b3cfe1b2daec87d2b8b19dd Mon Sep 17 00:00:00 2001
+From: Alexander Koch <mail at alexanderkoch.net>
+Date: Wed, 16 Dec 2020 18:02:31 +0100
+Subject: [PATCH] cifs.upcall: drop bounding capabilities only if CAP_SETPCAP
+ is given
+
+Make drop_call_capabilities() in cifs.upcall update the bounding capabilities
+only if CAP_SETCAP is present.
+
+This is an addendum to the patch recently provided in [1]. Without this
+additional change, cifs.upcall can still fail while trying to mount a CIFS
+network share with krb5:
+
+ kernel: CIFS: Attempting to mount //server.domain.lan/myshare
+ cifs.upcall[39484]: key description: cifs.spnego;0;0;39010000;ver=0x2;host=server.domain.lan>
+ cifs.upcall[39484]: ver=2
+ cifs.upcall[39484]: host=server.domain.lan
+ cifs.upcall[39484]: ip=172.22.3.14
+ cifs.upcall[39484]: sec=1
+ cifs.upcall[39484]: uid=1000
+ cifs.upcall[39484]: creduid=1000
+ cifs.upcall[39484]: user=username
+ cifs.upcall[39484]: pid=39481
+ cifs.upcall[39484]: get_cachename_from_process_env: pathname=/proc/39481/environ
+ cifs.upcall[39484]: get_cachename_from_process_env: cachename = FILE:/tmp/.krb5cc_1000
+ cifs.upcall[39484]: drop_all_capabilities: Unable to apply capability set: Success
+ cifs.upcall[39484]: Exit status 1
+
+[1] https://marc.info/?l=linux-cifs&m=160595758021261
+
+Signed-off-by: Alexander Koch <mail at alexanderkoch.net>
+Signed-off-by: Jonas Witschel <diabonas at archlinux.org>
+---
+ cifs.upcall.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/cifs.upcall.c b/cifs.upcall.c
+index 1559434..b62ab50 100644
+--- a/cifs.upcall.c
++++ b/cifs.upcall.c
+@@ -115,8 +115,13 @@ trim_capabilities(bool need_environ)
+ static int
+ drop_all_capabilities(void)
+ {
++ capng_select_t set = CAPNG_SELECT_CAPS;
++
+ capng_clear(CAPNG_SELECT_BOTH);
+- if (capng_apply(CAPNG_SELECT_BOTH)) {
++ if (capng_have_capability(CAPNG_EFFECTIVE, CAP_SETPCAP)) {
++ set = CAPNG_SELECT_BOTH;
++ }
++ if (capng_apply(set)) {
+ syslog(LOG_ERR, "%s: Unable to apply capability set: %m\n", __func__);
+ return 1;
+ }
+--
+2.29.2
+
More information about the arch-commits
mailing list