Date: Tuesday, January 13, 2015 @ 14:32:36 Author: tpowa Revision: 228960
upgpkg: cifs-utils 6.4-1 bump to latest version Modified: cifs-utils/trunk/PKGBUILD Deleted: cifs-utils/trunk/0003-cifskey-better-use-snprintf.patch cifs-utils/trunk/0004-cifscreds-better-error-handling-when-key_search-fail.patch cifs-utils/trunk/0005-cifscreds-better-error-handling-for-key_add.patch -----------------------------------------------------------------+ 0003-cifskey-better-use-snprintf.patch | 49 ---- 0004-cifscreds-better-error-handling-when-key_search-fail.patch | 85 -------- 0005-cifscreds-better-error-handling-for-key_add.patch | 102 ---------- PKGBUILD | 25 -- 4 files changed, 6 insertions(+), 255 deletions(-) Deleted: 0003-cifskey-better-use-snprintf.patch =================================================================== --- 0003-cifskey-better-use-snprintf.patch 2015-01-13 13:24:01 UTC (rev 228959) +++ 0003-cifskey-better-use-snprintf.patch 2015-01-13 13:32:36 UTC (rev 228960) @@ -1,49 +0,0 @@ -From 0c521d5060035da655107001374e08873ac5dde8 Mon Sep 17 00:00:00 2001 -From: Sebastian Krahmer <[email protected]> -Date: Mon, 14 Apr 2014 11:39:41 +0200 -Subject: [PATCH] cifskey: better use snprintf() - -Prefer snprintf() over sprintf() in cifskey.c -Projects that fork the code (pam_cifscreds) can't rely on -the max-size parameters. - -[jlayton: removed unneeded initialization of "len" in key_add] - -Signed-off-by: Sebastian Krahmer <[email protected]> ---- - cifskey.c | 10 +++++++--- - 1 file changed, 7 insertions(+), 3 deletions(-) - -diff --git a/cifskey.c b/cifskey.c -index 7716c42..e89cacf 100644 ---- a/cifskey.c -+++ b/cifskey.c -@@ -29,7 +29,8 @@ key_search(const char *addr, char keytype) - { - char desc[INET6_ADDRSTRLEN + sizeof(KEY_PREFIX) + 4]; - -- sprintf(desc, "%s:%c:%s", KEY_PREFIX, keytype, addr); -+ if (snprintf(desc, sizeof(desc), "%s:%c:%s", KEY_PREFIX, keytype, addr) >= (int)sizeof(desc)) -+ return -1; - - return keyctl_search(DEST_KEYRING, CIFS_KEY_TYPE, desc, 0); - } -@@ -43,10 +44,13 @@ key_add(const char *addr, const char *user, const char *pass, char keytype) - char val[MOUNT_PASSWD_SIZE + MAX_USERNAME_SIZE + 2]; - - /* set key description */ -- sprintf(desc, "%s:%c:%s", KEY_PREFIX, keytype, addr); -+ if (snprintf(desc, sizeof(desc), "%s:%c:%s", KEY_PREFIX, keytype, addr) >= (int)sizeof(desc)) -+ return -1; - - /* set payload contents */ -- len = sprintf(val, "%s:%s", user, pass); -+ len = snprintf(val, sizeof(val), "%s:%s", user, pass); -+ if (len >= (int)sizeof(val)) -+ return -1; - - return add_key(CIFS_KEY_TYPE, desc, val, len + 1, DEST_KEYRING); - } --- -1.8.4.2 - Deleted: 0004-cifscreds-better-error-handling-when-key_search-fail.patch =================================================================== --- 0004-cifscreds-better-error-handling-when-key_search-fail.patch 2015-01-13 13:24:01 UTC (rev 228959) +++ 0004-cifscreds-better-error-handling-when-key_search-fail.patch 2015-01-13 13:32:36 UTC (rev 228960) @@ -1,85 +0,0 @@ -From 3da4c43b575498be86c87a2ac3f3142e3cab1c59 Mon Sep 17 00:00:00 2001 -From: Jeff Layton <[email protected]> -Date: Sun, 20 Apr 2014 20:41:05 -0400 -Subject: [PATCH] cifscreds: better error handling when key_search fails - -If we ended up getting a bogus string that would have overflowed, then -make key_search set errno to EINVAL before returning. The callers can -then test to see if the returned error is what was expected or something -else and handle it appropriately. - -Cc: Sebastian Krahmer <[email protected]> -Signed-off-by: Jeff Layton <[email protected]> ---- - cifscreds.c | 9 +++++++++ - cifskey.c | 5 ++++- - pam_cifscreds.c | 9 +++++++++ - 3 files changed, 22 insertions(+), 1 deletion(-) - -diff --git a/cifscreds.c b/cifscreds.c -index fa05dc8..64d55b0 100644 ---- a/cifscreds.c -+++ b/cifscreds.c -@@ -188,6 +188,15 @@ static int cifscreds_add(struct cmdarg *arg) - return EXIT_FAILURE; - } - -+ switch(errno) { -+ case ENOKEY: -+ /* success */ -+ break; -+ default: -+ printf("Key search failed: %s\n", strerror(errno)); -+ return EXIT_FAILURE; -+ } -+ - currentaddress = nextaddress; - if (currentaddress) { - *(currentaddress - 1) = ','; -diff --git a/cifskey.c b/cifskey.c -index e89cacf..4f01ed0 100644 ---- a/cifskey.c -+++ b/cifskey.c -@@ -20,6 +20,7 @@ - #include <sys/types.h> - #include <keyutils.h> - #include <stdio.h> -+#include <errno.h> - #include "cifskey.h" - #include "resolve_host.h" - -@@ -29,8 +30,10 @@ key_search(const char *addr, char keytype) - { - char desc[INET6_ADDRSTRLEN + sizeof(KEY_PREFIX) + 4]; - -- if (snprintf(desc, sizeof(desc), "%s:%c:%s", KEY_PREFIX, keytype, addr) >= (int)sizeof(desc)) -+ if (snprintf(desc, sizeof(desc), "%s:%c:%s", KEY_PREFIX, keytype, addr) >= (int)sizeof(desc)) { -+ errno = EINVAL; - return -1; -+ } - - return keyctl_search(DEST_KEYRING, CIFS_KEY_TYPE, desc, 0); - } -diff --git a/pam_cifscreds.c b/pam_cifscreds.c -index e0d8a55..fb23117 100644 ---- a/pam_cifscreds.c -+++ b/pam_cifscreds.c -@@ -206,6 +206,15 @@ static int cifscreds_pam_add(pam_handle_t *ph, const char *user, const char *pas - return PAM_SERVICE_ERR; - } - -+ switch(errno) { -+ case ENOKEY: -+ break; -+ default: -+ pam_syslog(ph, LOG_ERR, "Unable to search keyring for %s (%s)", -+ currentaddress, strerror(errno)); -+ return PAM_SERVICE_ERR; -+ } -+ - currentaddress = nextaddress; - if (currentaddress) { - *(currentaddress - 1) = ','; --- -1.8.4.2 - Deleted: 0005-cifscreds-better-error-handling-for-key_add.patch =================================================================== --- 0005-cifscreds-better-error-handling-for-key_add.patch 2015-01-13 13:24:01 UTC (rev 228959) +++ 0005-cifscreds-better-error-handling-for-key_add.patch 2015-01-13 13:32:36 UTC (rev 228960) @@ -1,102 +0,0 @@ -From 382ec63757c1d8d4d399d17ccc927c4897d4cfc9 Mon Sep 17 00:00:00 2001 -From: Jeff Layton <[email protected]> -Date: Sun, 20 Apr 2014 20:41:05 -0400 -Subject: [PATCH] cifscreds: better error handling for key_add - -If the string buffers would have been overrun, set errno to EINVAL -before returning. Then, have the callers report the errors to -stderr or syslog as appropriate. - -Cc: Sebastian Krahmer <[email protected]> -Signed-off-by: Jeff Layton <[email protected]> ---- - cifscreds.c | 6 +++--- - cifskey.c | 8 ++++++-- - pam_cifscreds.c | 9 +++++---- - 3 files changed, 14 insertions(+), 9 deletions(-) - -diff --git a/cifscreds.c b/cifscreds.c -index 64d55b0..5d84c3c 100644 ---- a/cifscreds.c -+++ b/cifscreds.c -@@ -220,8 +220,8 @@ static int cifscreds_add(struct cmdarg *arg) - while (currentaddress) { - key_serial_t key = key_add(currentaddress, arg->user, pass, arg->keytype); - if (key <= 0) { -- fprintf(stderr, "error: Add credential key for %s\n", -- currentaddress); -+ fprintf(stderr, "error: Add credential key for %s: %s\n", -+ currentaddress, strerror(errno)); - } else { - if (keyctl(KEYCTL_SETPERM, key, CIFS_KEY_PERMS) < 0) { - fprintf(stderr, "error: Setting permissons " -@@ -422,7 +422,7 @@ static int cifscreds_update(struct cmdarg *arg) - key_serial_t key = key_add(addrs[id], arg->user, pass, arg->keytype); - if (key <= 0) - fprintf(stderr, "error: Update credential key " -- "for %s\n", addrs[id]); -+ "for %s: %s\n", addrs[id], strerror(errno)); - } - - return EXIT_SUCCESS; -diff --git a/cifskey.c b/cifskey.c -index 4f01ed0..919540f 100644 ---- a/cifskey.c -+++ b/cifskey.c -@@ -47,13 +47,17 @@ key_add(const char *addr, const char *user, const char *pass, char keytype) - char val[MOUNT_PASSWD_SIZE + MAX_USERNAME_SIZE + 2]; - - /* set key description */ -- if (snprintf(desc, sizeof(desc), "%s:%c:%s", KEY_PREFIX, keytype, addr) >= (int)sizeof(desc)) -+ if (snprintf(desc, sizeof(desc), "%s:%c:%s", KEY_PREFIX, keytype, addr) >= (int)sizeof(desc)) { -+ errno = EINVAL; - return -1; -+ } - - /* set payload contents */ - len = snprintf(val, sizeof(val), "%s:%s", user, pass); -- if (len >= (int)sizeof(val)) -+ if (len >= (int)sizeof(val)) { -+ errno = EINVAL; - return -1; -+ } - - return add_key(CIFS_KEY_TYPE, desc, val, len + 1, DEST_KEYRING); - } -diff --git a/pam_cifscreds.c b/pam_cifscreds.c -index fb23117..5d99c2d 100644 ---- a/pam_cifscreds.c -+++ b/pam_cifscreds.c -@@ -208,6 +208,7 @@ static int cifscreds_pam_add(pam_handle_t *ph, const char *user, const char *pas - - switch(errno) { - case ENOKEY: -+ /* success */ - break; - default: - pam_syslog(ph, LOG_ERR, "Unable to search keyring for %s (%s)", -@@ -233,8 +234,8 @@ static int cifscreds_pam_add(pam_handle_t *ph, const char *user, const char *pas - while (currentaddress) { - key_serial_t key = key_add(currentaddress, user, password, keytype); - if (key <= 0) { -- pam_syslog(ph, LOG_ERR, "error: Add credential key for %s", -- currentaddress); -+ pam_syslog(ph, LOG_ERR, "error: Add credential key for %s: %s", -+ currentaddress, strerror(errno)); - } else { - if ((args & ARG_DEBUG) == ARG_DEBUG) { - pam_syslog(ph, LOG_DEBUG, "credential key for \\\\%s\\%s added", -@@ -336,8 +337,8 @@ static int cifscreds_pam_update(pam_handle_t *ph, const char *user, const char * - for (id = 0; id < count; id++) { - key_serial_t key = key_add(currentaddress, user, password, keytype); - if (key <= 0) { -- pam_syslog(ph, LOG_ERR, "error: Update credential key for %s", -- currentaddress); -+ pam_syslog(ph, LOG_ERR, "error: Update credential key for %s: %s", -+ currentaddress, strerror(errno)); - } - } - --- -1.8.4.2 - Modified: PKGBUILD =================================================================== --- PKGBUILD 2015-01-13 13:24:01 UTC (rev 228959) +++ PKGBUILD 2015-01-13 13:32:36 UTC (rev 228960) @@ -1,27 +1,16 @@ # $Id$ # Maintainer: Tobias Powalowski <[email protected]> pkgname=cifs-utils -pkgver=6.3 -pkgrel=2 +pkgver=6.4 +pkgrel=1 pkgdesc="CIFS filesystem user-space tools" arch=(i686 x86_64) url="http://wiki.samba.org/index.php/LinuxCIFS_utils"; license=('GPL') depends=('libcap-ng' 'keyutils' 'krb5' 'talloc' 'libwbclient' 'pam') -source=(ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/$pkgname-$pkgver.tar.bz2 - '0003-cifskey-better-use-snprintf.patch' - '0004-cifscreds-better-error-handling-when-key_search-fail.patch' - '0005-cifscreds-better-error-handling-for-key_add.patch') +source=("ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/$pkgname-$pkgver.tar.bz2"{,.asc}) +validpgpkeys=('98EDEB95638461E78CE83B795AFDBFB270F3B981') #cifs-utils Distribution Verification Key <[email protected]> -prepare() { - cd "$srcdir/$pkgname-$pkgver" - # add fedora patches - # 40789 CVE-2014-2830 - patch -Np1 -i "$srcdir/0003-cifskey-better-use-snprintf.patch" - patch -Np1 -i "$srcdir/0004-cifscreds-better-error-handling-when-key_search-fail.patch" - patch -Np1 -i "$srcdir/0005-cifscreds-better-error-handling-for-key_add.patch" -} - build() { cd "$srcdir/$pkgname-$pkgver" # systemd support is broken in mount.cifs @@ -39,7 +28,5 @@ # set mount.cifs uid, to enable none root mounting form fstab chmod +s $pkgdir/usr/bin/mount.cifs } -md5sums=('93697dbc043cb4d5c66e15e281f872e5' - 'cc13c6d1b734a446d0f4384e0ce32748' - '350491f336dc931f9b192228909e5924' - 'ac2b3367363fbc79f8f7fdfcae008a8c') +md5sums=('b7d75b67fd3987952896d27256c7293d' + 'SKIP')
