commit: dbbd3596f3205ce9571560177de6286f714d055f Author: Felix Janda <felix.janda <AT> posteo <DOT> de> AuthorDate: Sat Jul 19 19:45:32 2014 +0000 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> CommitDate: Sun Jul 20 22:15:31 2014 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=dbbd3596
net-fs/cifs-utils: Missing #include <paths.h> --- net-fs/cifs-utils/cifs-utils-6.1-r99.ebuild | 111 +++++++++++++++++++++ .../files/cifs-utils-6.1-hardcoded-path.patch | 44 ++++++++ .../cifs-utils/files/cifs-utils-6.1-paths.h.patch | 10 ++ net-fs/cifs-utils/metadata.xml | 16 +++ 4 files changed, 181 insertions(+) diff --git a/net-fs/cifs-utils/cifs-utils-6.1-r99.ebuild b/net-fs/cifs-utils/cifs-utils-6.1-r99.ebuild new file mode 100644 index 0000000..243c88e --- /dev/null +++ b/net-fs/cifs-utils/cifs-utils-6.1-r99.ebuild @@ -0,0 +1,111 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-fs/cifs-utils/cifs-utils-6.1-r1.ebuild,v 1.13 2014/06/22 21:28:55 klausman Exp $ + +EAPI=5 + +inherit eutils linux-info multilib + +DESCRIPTION="Tools for Managing Linux CIFS Client Filesystems" +HOMEPAGE="http://wiki.samba.org/index.php/LinuxCIFS_utils"; +SRC_URI="ftp://ftp.samba.org/pub/linux-cifs/${PN}/${P}.tar.bz2"; + +LICENSE="GPL-3" +SLOT="0" +KEYWORDS="amd64 arm ~mips x86" +IUSE="+acl +ads +caps +caps-ng creds" + +DEPEND="!net-fs/mount-cifs + !<net-fs/samba-3.6_rc1 + ads? ( + sys-apps/keyutils + sys-libs/talloc + virtual/krb5 + ) + caps? ( !caps-ng? ( sys-libs/libcap ) ) + caps? ( caps-ng? ( sys-libs/libcap-ng ) ) + creds? ( sys-apps/keyutils )" +PDEPEND="${DEPEND} + acl? ( || ( + =net-fs/samba-3.6*[winbind] + >=net-fs/samba-4.0.0_alpha1 + ) ) +" + +REQUIRED_USE="acl? ( ads )" + +DOCS="doc/linux-cifs-client-guide.odt" + +pkg_setup() { + linux-info_pkg_setup + + if ! linux_config_exists || ! linux_chkconfig_present CIFS; then + ewarn "You must enable CIFS support in your kernel config, " + ewarn "to be able to mount samba shares. You can find it at" + ewarn + ewarn " File systems" + ewarn " Network File Systems" + ewarn " CIFS support" + ewarn + ewarn "and recompile your kernel ..." + fi +} + +src_prepare() { + # Do not rely on hardcoded path to systemd-ask-password, bug #478538 + epatch "${FILESDIR}/${P}-hardcoded-path.patch" + epatch "${FILESDIR}/${P}-paths.h.patch" #for musl +} + +src_configure() { + ROOTSBINDIR="${EPREFIX}"/sbin \ + econf \ + $(use_enable acl cifsacl cifsidmap) \ + $(use_enable ads cifsupcall) \ + $(use caps && use_with !caps-ng libcap || echo --without-libcap) \ + $(use caps && use_with caps-ng libcap-ng || echo --without-libcap-ng) \ + $(use_enable creds cifscreds) +} + +src_install() { + default + + # remove empty directories + find "${ED}" -type d -print0 | xargs --null rmdir \ + --ignore-fail-on-non-empty &>/dev/null + + if use acl ; then + dodir /etc/cifs-utils + dosym /usr/$(get_libdir)/cifs-utils/idmapwb.so \ + /etc/cifs-utils/idmap-plugin + dodir /etc/request-key.d + echo 'create cifs.idmap * * /usr/sbin/cifs.idmap %k' \ + > "${ED}/etc/request-key.d/cifs.idmap.conf" + fi + + if use ads ; then + dodir /etc/request-key.d + echo 'create dns_resolver * * /usr/sbin/cifs.upcall %k' \ + > "${ED}/etc/request-key.d/cifs.upcall.conf" + fi +} + +pkg_postinst() { + # Inform about set-user-ID bit of mount.cifs + ewarn "setuid use flag was dropped due to multiple security implications" + ewarn "such as CVE-2009-2948, CVE-2011-3585 and CVE-2012-1586" + ewarn "You are free to set setuid flags by yourself" + + # Inform about upcall usage + if use acl ; then + einfo "The cifs.idmap utility has been enabled by creating the" + einfo "configuration file /etc/request-key.d/cifs.idmap.conf" + einfo "This enables you to get and set CIFS acls." + fi + + if use ads ; then + einfo "The cifs.upcall utility has been enabled by creating the" + einfo "configuration file /etc/request-key.d/cifs.upcall.conf" + einfo "This enables you to mount DFS shares." + fi +} diff --git a/net-fs/cifs-utils/files/cifs-utils-6.1-hardcoded-path.patch b/net-fs/cifs-utils/files/cifs-utils-6.1-hardcoded-path.patch new file mode 100644 index 0000000..c2e2ea2 --- /dev/null +++ b/net-fs/cifs-utils/files/cifs-utils-6.1-hardcoded-path.patch @@ -0,0 +1,44 @@ +From 4e315f6a02a4edb259b33bcf0665eba259fee2f2 Mon Sep 17 00:00:00 2001 +From: =?utf8?q?Micha=C5=82=20G=C3=B3rny?= <[email protected]> +Date: Tue, 30 Jul 2013 10:00:26 +0200 +Subject: [PATCH] Do not rely on hardcoded path to systemd-ask-password. +MIME-Version: 1.0 +Content-Type: text/plain; charset=utf8 +Content-Transfer-Encoding: 8bit + +Relying on hardcoded /bin/systemd-ask-password path breaks systemd that +install systemd-ask-password in /usr/bin. Since both paths are supposed +to be in ${PATH} and popen() passes the command to shell, just pass +'systemd-ask-password' and let the shell find it. + +Fixes: https://bugzilla.samba.org/show_bug.cgi?id=10054 +Signed-off-by: MichaŠGórny <[email protected]> +--- + mount.cifs.c | 4 ++-- + 1 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/mount.cifs.c b/mount.cifs.c +index e76beee..7206dcb 100644 +--- a/mount.cifs.c ++++ b/mount.cifs.c +@@ -1626,7 +1626,7 @@ drop_child_privs(void) + } + + /* +- * If systemd is running and /bin/systemd-ask-password -- ++ * If systemd is running and systemd-ask-password -- + * is available, then use that else fallback on getpass(..) + * + * Returns: @input or NULL on error +@@ -1649,7 +1649,7 @@ get_password(const char *prompt, char *input, int capacity) + FILE *ask_pass_fp = NULL; + + cmd = ret = NULL; +- if (asprintf(&cmd, "/bin/systemd-ask-password \"%s\"", prompt) >= 0) { ++ if (asprintf(&cmd, "systemd-ask-password \"%s\"", prompt) >= 0) { + ask_pass_fp = popen (cmd, "re"); + free (cmd); + } +-- +1.7.0.4 + diff --git a/net-fs/cifs-utils/files/cifs-utils-6.1-paths.h.patch b/net-fs/cifs-utils/files/cifs-utils-6.1-paths.h.patch new file mode 100644 index 0000000..5e2434d --- /dev/null +++ b/net-fs/cifs-utils/files/cifs-utils-6.1-paths.h.patch @@ -0,0 +1,10 @@ +--- a/cifs-utils-6.1/mtab.c ++++ b/cifs-utils-6.1/mtab.c +@@ -38,6 +38,7 @@ + #include <mntent.h> + #include <stdlib.h> + #include <signal.h> ++#include <paths.h> + #include "mount.h" + #include "config.h" + diff --git a/net-fs/cifs-utils/metadata.xml b/net-fs/cifs-utils/metadata.xml new file mode 100644 index 0000000..a31a339 --- /dev/null +++ b/net-fs/cifs-utils/metadata.xml @@ -0,0 +1,16 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd";> +<pkgmetadata> + <herd>samba</herd> + <maintainer> + <email>[email protected]</email> + <name>Samba Team</name> + </maintainer> + <longdescription>The in-kernel CIFS filesystem relies on a set of user-space tools. That package of tools is called cifs-utils. Although not really part of Samba proper, these tools were originally part of the Samba package. For several reasons, shipping these tools as part of Samba was problematic and it was deemed better to split them off into their own package</longdescription> + <use> + <flag name="ads">Enable Active Directory support and create cifs.idmap binary - idmap support</flag> + <flag name="caps">libcap support</flag> + <flag name="caps-ng">libcap-ng support</flag> + <flag name="creds">cifs credentials support</flag> + </use> +</pkgmetadata>
