[arch-commits] Commit in cifs-utils/trunk (2 files)

Tobias Powalowski via arch-commits Thu, 17 Dec 2020 01:37:58 -0800

    Date: Thursday, December 17, 2020 @ 09:37:48
  Author: tpowa
Revision: 404431


upgpkg: cifs-utils 6.11-3: fix #68666

Added:
  
cifs-utils/trunk/cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1_part-2.patch
Modified:
  cifs-utils/trunk/PKGBUILD

------------------------------------------------------------------+
 PKGBUILD                                                         |   11 +
 cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1_part-2.patch |   58 
++++++++++
 2 files changed, 65 insertions(+), 4 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD    2020-12-17 09:19:52 UTC (rev 404430)
+++ PKGBUILD    2020-12-17 09:37:48 UTC (rev 404431)
@@ -1,7 +1,7 @@
 # Maintainer: Tobias Powalowski <[email protected]>
 pkgname=cifs-utils
 pkgver=6.11
-pkgrel=2
+pkgrel=3
 pkgdesc="CIFS filesystem user-space tools"
 arch=(x86_64)
 url="https://wiki.samba.org/index.php/LinuxCIFS_utils";
@@ -9,18 +9,21 @@
 depends=('libcap-ng' 'keyutils' 'krb5' 'talloc' 'libwbclient' 'pam')
 makedepends=('python-docutils')
 
source=("https://download.samba.org/pub/linux-cifs/$pkgname/$pkgname-$pkgver.tar.bz2"{,.asc}
-       "cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1.patch")
+       "cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1.patch"
+        "cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1_part-2.patch")
 
 validpgpkeys=('C699981A31F338706C817650DF5BA9D30642D5A0') #cifs-utils 
Distribution Verification Key <[email protected]>
 sha256sums=('b859239a3f204f8220d3e54ed43bf8109e1ef202042dd87ba87492f8878728d9'
             'SKIP'
-            '0edcd01eb3e721a5726cc00160667dc2f7c935883bad71711288488081f81e5b')
+            '0edcd01eb3e721a5726cc00160667dc2f7c935883bad71711288488081f81e5b'
+            'acdf75f2d3895d60414f19b2401f3349af23252717bf669529848f9d35d70604')
 
 prepare() {
   # Fix install to honor DESTDIR
   sed -e 's|\$(man8dir)|$(DESTDIR)$(man8dir)|g' -e 's|cd \$(ROOTSBINDIR)|cd 
$(DESTDIR)$(ROOTSBINDIR)|g' -i $pkgname-$pkgver/Makefile.am
   cd "$srcdir/$pkgname-$pkgver"
-  patch -Np1 -i 
$srcdir/cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1.patch
+  patch -Np1 -i 
"$srcdir/cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1.patch"
+  patch -Np1 -i 
"$srcdir/cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1_part-2.patch"
 }
 
 build() {

Added: cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1_part-2.patch
===================================================================
--- cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1_part-2.patch            
                (rev 0)
+++ cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1_part-2.patch    
2020-12-17 09:37:48 UTC (rev 404431)
@@ -0,0 +1,58 @@
+From 0fddcee4b1b9c9f16b3cfe1b2daec87d2b8b19dd Mon Sep 17 00:00:00 2001
+From: Alexander Koch <[email protected]>
+Date: Wed, 16 Dec 2020 18:02:31 +0100
+Subject: [PATCH] cifs.upcall: drop bounding capabilities only if CAP_SETPCAP
+ is given
+
+Make drop_call_capabilities() in cifs.upcall update the bounding capabilities
+only if CAP_SETCAP is present.
+
+This is an addendum to the patch recently provided in [1]. Without this
+additional change, cifs.upcall can still fail while trying to mount a CIFS
+network share with krb5:
+
+  kernel: CIFS: Attempting to mount //server.domain.lan/myshare
+  cifs.upcall[39484]: key description: 
cifs.spnego;0;0;39010000;ver=0x2;host=server.domain.lan>
+  cifs.upcall[39484]: ver=2
+  cifs.upcall[39484]: host=server.domain.lan
+  cifs.upcall[39484]: ip=172.22.3.14
+  cifs.upcall[39484]: sec=1
+  cifs.upcall[39484]: uid=1000
+  cifs.upcall[39484]: creduid=1000
+  cifs.upcall[39484]: user=username
+  cifs.upcall[39484]: pid=39481
+  cifs.upcall[39484]: get_cachename_from_process_env: 
pathname=/proc/39481/environ
+  cifs.upcall[39484]: get_cachename_from_process_env: cachename = 
FILE:/tmp/.krb5cc_1000
+  cifs.upcall[39484]: drop_all_capabilities: Unable to apply capability set: 
Success
+  cifs.upcall[39484]: Exit status 1
+
+[1] https://marc.info/?l=linux-cifs&m=160595758021261
+
+Signed-off-by: Alexander Koch <[email protected]>
+Signed-off-by: Jonas Witschel <[email protected]>
+---
+ cifs.upcall.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/cifs.upcall.c b/cifs.upcall.c
+index 1559434..b62ab50 100644
+--- a/cifs.upcall.c
++++ b/cifs.upcall.c
+@@ -115,8 +115,13 @@ trim_capabilities(bool need_environ)
+ static int
+ drop_all_capabilities(void)
+ {
++      capng_select_t set = CAPNG_SELECT_CAPS;
++
+       capng_clear(CAPNG_SELECT_BOTH);
+-      if (capng_apply(CAPNG_SELECT_BOTH)) {
++      if (capng_have_capability(CAPNG_EFFECTIVE, CAP_SETPCAP)) {
++              set = CAPNG_SELECT_BOTH;
++      }
++      if (capng_apply(set)) {
+               syslog(LOG_ERR, "%s: Unable to apply capability set: %m\n", 
__func__);
+               return 1;
+       }
+-- 
+2.29.2
+

[arch-commits] Commit in cifs-utils/trunk (2 files)

Reply via email to