1 |
commit: 1ad1ab37dc2746bb2a0dd1e46ed1f9132879d93e |
2 |
Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> |
3 |
AuthorDate: Mon Sep 28 07:26:03 2020 +0000 |
4 |
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> |
5 |
CommitDate: Mon Sep 28 07:26:03 2020 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1ad1ab37 |
7 |
|
8 |
net-fs/cifs-utils: Security cleanup |
9 |
|
10 |
Bug: https://bugs.gentoo.org/743211 |
11 |
Package-Manager: Portage-3.0.8, Repoman-3.0.1 |
12 |
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org> |
13 |
|
14 |
net-fs/cifs-utils/Manifest | 2 - |
15 |
net-fs/cifs-utils/cifs-utils-6.10-r1.ebuild | 124 ---------------------------- |
16 |
net-fs/cifs-utils/cifs-utils-6.9-r1.ebuild | 119 -------------------------- |
17 |
3 files changed, 245 deletions(-) |
18 |
|
19 |
diff --git a/net-fs/cifs-utils/Manifest b/net-fs/cifs-utils/Manifest |
20 |
index 91cd6be06ba..90318ccb282 100644 |
21 |
--- a/net-fs/cifs-utils/Manifest |
22 |
+++ b/net-fs/cifs-utils/Manifest |
23 |
@@ -1,3 +1 @@ |
24 |
-DIST cifs-utils-6.10.tar.bz2 364221 BLAKE2B 45b692fb85217a25b7042fbe7e40cc8c4fe0d6cc9c905acde2c6fc9c3048343064e376f47128bcacba88f745452148040ad3f5e8ca15e297531f0dc868e1b75b SHA512 e19ca69b7948f01c1fd6a4ed069e00511588b903a5b8b0dc35ac1e00743170b9ca180b747c47d56cfacf273b296da21df60e1957404f26ebf2ba80bfa7e275cc |
25 |
DIST cifs-utils-6.11.tar.bz2 408903 BLAKE2B 5ee7cd87b54a266750bf938396ee90b3f20c2a3446aca295ccb58cb667fbfb68be9aa0e2bbc20aa5e18ffd7f1fcd5fbb0aef3bc25fd13bb96abc5a57a0b45b4b SHA512 064c0ac75572fb44908390508462e4fdfe0686751149fd8b656a209dd961a5a24a7d9774c38c0e72fa5f9875b43aea7bf2de038c4e4a63a11664e71d9003100e |
26 |
-DIST cifs-utils-6.9.tar.bz2 400430 BLAKE2B fc8cc55fae54d84fc1f1d4a14a9d666d87a3da78d1502f0d72ac9cb44ff1424ca2c5b15b0be510579d4c9f5181980627efedd00e0e5cfb1b3e47188ba307ad28 SHA512 b92e4e39eeed1032bb175659296cde034703fb3ca63aae00419d46a33dadf821fedaf03734128112c164c84bcbb48d92d03cdc275c4a7cba26f984aeca40a40a |
27 |
|
28 |
diff --git a/net-fs/cifs-utils/cifs-utils-6.10-r1.ebuild b/net-fs/cifs-utils/cifs-utils-6.10-r1.ebuild |
29 |
deleted file mode 100644 |
30 |
index d9225eafc90..00000000000 |
31 |
--- a/net-fs/cifs-utils/cifs-utils-6.10-r1.ebuild |
32 |
+++ /dev/null |
33 |
@@ -1,124 +0,0 @@ |
34 |
-# Copyright 1999-2020 Gentoo Authors |
35 |
-# Distributed under the terms of the GNU General Public License v2 |
36 |
- |
37 |
-EAPI=7 |
38 |
- |
39 |
-inherit autotools bash-completion-r1 linux-info multilib pam |
40 |
- |
41 |
-DESCRIPTION="Tools for Managing Linux CIFS Client Filesystems" |
42 |
-HOMEPAGE="https://wiki.samba.org/index.php/LinuxCIFS_utils" |
43 |
-SRC_URI="https://ftp.samba.org/pub/linux-cifs/${PN}/${P}.tar.bz2" |
44 |
- |
45 |
-LICENSE="GPL-3" |
46 |
-SLOT="0" |
47 |
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~x86-linux" |
48 |
-IUSE="+acl +ads +caps creds pam" |
49 |
- |
50 |
-RDEPEND=" |
51 |
- !net-fs/mount-cifs |
52 |
- !<net-fs/samba-3.6_rc1 |
53 |
- sys-apps/keyutils:= |
54 |
- ads? ( |
55 |
- sys-libs/talloc |
56 |
- virtual/krb5 |
57 |
- ) |
58 |
- caps? ( sys-libs/libcap-ng ) |
59 |
- pam? ( sys-libs/pam ) |
60 |
-" |
61 |
-DEPEND="${RDEPEND}" |
62 |
-BDEPEND="dev-python/docutils" |
63 |
-PDEPEND=" |
64 |
- acl? ( >=net-fs/samba-4.0.0_alpha1 ) |
65 |
-" |
66 |
- |
67 |
-REQUIRED_USE="acl? ( ads )" |
68 |
- |
69 |
-DOCS="doc/linux-cifs-client-guide.odt" |
70 |
- |
71 |
-PATCHES=( "${FILESDIR}/${PN}-6.10-ln_in_destdir.patch" ) |
72 |
- |
73 |
-pkg_setup() { |
74 |
- linux-info_pkg_setup |
75 |
- |
76 |
- if ! linux_config_exists || ! linux_chkconfig_present CIFS; then |
77 |
- ewarn "You must enable CIFS support in your kernel config, " |
78 |
- ewarn "to be able to mount samba shares. You can find it at" |
79 |
- ewarn |
80 |
- ewarn " File systems" |
81 |
- ewarn " Network File Systems" |
82 |
- ewarn " CIFS support" |
83 |
- ewarn |
84 |
- ewarn "and recompile your kernel ..." |
85 |
- fi |
86 |
-} |
87 |
- |
88 |
-src_prepare() { |
89 |
- default |
90 |
- |
91 |
- if has_version app-crypt/heimdal ; then |
92 |
- # https://bugs.gentoo.org/612584 |
93 |
- eapply "${FILESDIR}/${PN}-6.7-heimdal.patch" |
94 |
- fi |
95 |
- |
96 |
- eautoreconf |
97 |
-} |
98 |
- |
99 |
-src_configure() { |
100 |
- local myeconfargs=( |
101 |
- --enable-smbinfo |
102 |
- $(use_enable acl cifsacl cifsidmap) |
103 |
- $(use_enable ads cifsupcall) |
104 |
- $(use_with caps libcap) |
105 |
- $(use_enable creds cifscreds) |
106 |
- $(use_enable pam) |
107 |
- $(use_with pam pamdir $(getpam_mod_dir)) |
108 |
- ) |
109 |
- ROOTSBINDIR="${EPREFIX}"/sbin \ |
110 |
- econf "${myeconfargs[@]}" |
111 |
-} |
112 |
- |
113 |
-src_install() { |
114 |
- default |
115 |
- |
116 |
- # remove empty directories |
117 |
- find "${ED}" -type d -empty -delete || die |
118 |
- |
119 |
- if use acl ; then |
120 |
- dodir /etc/cifs-utils |
121 |
- dosym ../../usr/$(get_libdir)/cifs-utils/idmapwb.so \ |
122 |
- /etc/cifs-utils/idmap-plugin |
123 |
- dodir /etc/request-key.d |
124 |
- echo 'create cifs.idmap * * /usr/sbin/cifs.idmap %k' \ |
125 |
- > "${ED}/etc/request-key.d/cifs.idmap.conf" |
126 |
- fi |
127 |
- |
128 |
- if use ads ; then |
129 |
- dodir /etc/request-key.d |
130 |
- echo 'create dns_resolver * * /usr/sbin/cifs.upcall %k' \ |
131 |
- > "${ED}/etc/request-key.d/cifs.upcall.conf" |
132 |
- echo 'create cifs.spnego * * /usr/sbin/cifs.upcall %k' \ |
133 |
- > "${ED}/etc/request-key.d/cifs.spnego.conf" |
134 |
- fi |
135 |
- |
136 |
- dobashcomp bash-completion/smbinfo |
137 |
-} |
138 |
- |
139 |
-pkg_postinst() { |
140 |
- # Inform about set-user-ID bit of mount.cifs |
141 |
- ewarn "setuid use flag was dropped due to multiple security implications" |
142 |
- ewarn "such as CVE-2009-2948, CVE-2011-3585 and CVE-2012-1586" |
143 |
- ewarn "You are free to set setuid flags by yourself" |
144 |
- |
145 |
- # Inform about upcall usage |
146 |
- if use acl ; then |
147 |
- einfo "The cifs.idmap utility has been enabled by creating the" |
148 |
- einfo "configuration file /etc/request-key.d/cifs.idmap.conf" |
149 |
- einfo "This enables you to get and set CIFS acls." |
150 |
- fi |
151 |
- |
152 |
- if use ads ; then |
153 |
- einfo "The cifs.upcall utility has been enabled by creating the" |
154 |
- einfo "configuration file /etc/request-key.d/cifs.upcall.conf" |
155 |
- einfo "This enables you to mount DFS shares." |
156 |
- fi |
157 |
-} |
158 |
|
159 |
diff --git a/net-fs/cifs-utils/cifs-utils-6.9-r1.ebuild b/net-fs/cifs-utils/cifs-utils-6.9-r1.ebuild |
160 |
deleted file mode 100644 |
161 |
index 121a2f96109..00000000000 |
162 |
--- a/net-fs/cifs-utils/cifs-utils-6.9-r1.ebuild |
163 |
+++ /dev/null |
164 |
@@ -1,119 +0,0 @@ |
165 |
-# Copyright 1999-2020 Gentoo Authors |
166 |
-# Distributed under the terms of the GNU General Public License v2 |
167 |
- |
168 |
-EAPI=7 |
169 |
- |
170 |
-inherit autotools linux-info multilib pam |
171 |
- |
172 |
-DESCRIPTION="Tools for Managing Linux CIFS Client Filesystems" |
173 |
-HOMEPAGE="https://wiki.samba.org/index.php/LinuxCIFS_utils" |
174 |
-SRC_URI="https://ftp.samba.org/pub/linux-cifs/${PN}/${P}.tar.bz2" |
175 |
- |
176 |
-LICENSE="GPL-3" |
177 |
-SLOT="0" |
178 |
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~mips ppc ppc64 ~s390 sparc x86 ~x86-linux" |
179 |
-IUSE="+acl +ads +caps creds pam" |
180 |
- |
181 |
-RDEPEND=" |
182 |
- !net-fs/mount-cifs |
183 |
- !<net-fs/samba-3.6_rc1 |
184 |
- sys-apps/keyutils:= |
185 |
- ads? ( |
186 |
- sys-libs/talloc |
187 |
- virtual/krb5 |
188 |
- ) |
189 |
- caps? ( sys-libs/libcap-ng ) |
190 |
- pam? ( sys-libs/pam ) |
191 |
-" |
192 |
-DEPEND="${RDEPEND}" |
193 |
-PDEPEND=" |
194 |
- acl? ( >=net-fs/samba-4.0.0_alpha1 ) |
195 |
-" |
196 |
- |
197 |
-REQUIRED_USE="acl? ( ads )" |
198 |
- |
199 |
-DOCS="doc/linux-cifs-client-guide.odt" |
200 |
- |
201 |
-pkg_setup() { |
202 |
- linux-info_pkg_setup |
203 |
- |
204 |
- if ! linux_config_exists || ! linux_chkconfig_present CIFS; then |
205 |
- ewarn "You must enable CIFS support in your kernel config, " |
206 |
- ewarn "to be able to mount samba shares. You can find it at" |
207 |
- ewarn |
208 |
- ewarn " File systems" |
209 |
- ewarn " Network File Systems" |
210 |
- ewarn " CIFS support" |
211 |
- ewarn |
212 |
- ewarn "and recompile your kernel ..." |
213 |
- fi |
214 |
-} |
215 |
- |
216 |
-src_prepare() { |
217 |
- default |
218 |
- |
219 |
- if has_version app-crypt/heimdal ; then |
220 |
- # https://bugs.gentoo.org/612584 |
221 |
- eapply "${FILESDIR}/${PN}-6.7-heimdal.patch" |
222 |
- fi |
223 |
- |
224 |
- eautoreconf |
225 |
-} |
226 |
- |
227 |
-src_configure() { |
228 |
- local myeconfargs=( |
229 |
- --enable-smbinfo |
230 |
- $(use_enable acl cifsacl cifsidmap) |
231 |
- $(use_enable ads cifsupcall) |
232 |
- $(use_with caps libcap) |
233 |
- $(use_enable creds cifscreds) |
234 |
- $(use_enable pam) |
235 |
- $(use_with pam pamdir $(getpam_mod_dir)) |
236 |
- ) |
237 |
- ROOTSBINDIR="${EPREFIX}"/sbin \ |
238 |
- econf "${myeconfargs[@]}" |
239 |
-} |
240 |
- |
241 |
-src_install() { |
242 |
- default |
243 |
- |
244 |
- # remove empty directories |
245 |
- find "${ED}" -type d -empty -delete || die |
246 |
- |
247 |
- if use acl ; then |
248 |
- dodir /etc/cifs-utils |
249 |
- dosym ../../usr/$(get_libdir)/cifs-utils/idmapwb.so \ |
250 |
- /etc/cifs-utils/idmap-plugin |
251 |
- dodir /etc/request-key.d |
252 |
- echo 'create cifs.idmap * * /usr/sbin/cifs.idmap %k' \ |
253 |
- > "${ED}/etc/request-key.d/cifs.idmap.conf" |
254 |
- fi |
255 |
- |
256 |
- if use ads ; then |
257 |
- dodir /etc/request-key.d |
258 |
- echo 'create dns_resolver * * /usr/sbin/cifs.upcall %k' \ |
259 |
- > "${ED}/etc/request-key.d/cifs.upcall.conf" |
260 |
- echo 'create cifs.spnego * * /usr/sbin/cifs.upcall %k' \ |
261 |
- > "${ED}/etc/request-key.d/cifs.spnego.conf" |
262 |
- fi |
263 |
-} |
264 |
- |
265 |
-pkg_postinst() { |
266 |
- # Inform about set-user-ID bit of mount.cifs |
267 |
- ewarn "setuid use flag was dropped due to multiple security implications" |
268 |
- ewarn "such as CVE-2009-2948, CVE-2011-3585 and CVE-2012-1586" |
269 |
- ewarn "You are free to set setuid flags by yourself" |
270 |
- |
271 |
- # Inform about upcall usage |
272 |
- if use acl ; then |
273 |
- einfo "The cifs.idmap utility has been enabled by creating the" |
274 |
- einfo "configuration file /etc/request-key.d/cifs.idmap.conf" |
275 |
- einfo "This enables you to get and set CIFS acls." |
276 |
- fi |
277 |
- |
278 |
- if use ads ; then |
279 |
- einfo "The cifs.upcall utility has been enabled by creating the" |
280 |
- einfo "configuration file /etc/request-key.d/cifs.upcall.conf" |
281 |
- einfo "This enables you to mount DFS shares." |
282 |
- fi |
283 |
-} |