diff --git a/0001-cifs.upcall-fix-UAF-in-get_cachename_from_process_en.patch b/0001-cifs.upcall-fix-UAF-in-get_cachename_from_process_en.patch deleted file mode 100644 index 51b2291333047cb828a47e3ad1355107e33b16fd..0000000000000000000000000000000000000000 --- a/0001-cifs.upcall-fix-UAF-in-get_cachename_from_process_en.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 73146385da0945c78af0fbdc08d2bf260db709d5 Mon Sep 17 00:00:00 2001 -From: Paulo Alcantara -Date: Fri, 8 Mar 2024 12:06:15 -0300 -Subject: [PATCH] cifs.upcall: fix UAF in get_cachename_from_process_env() - -Whether lseek(2) fails or @bufsize * 2 > ENV_BUF_MAX, then @buf would -end up being freed twice. For instance: - - cifs-utils-7.0/cifs.upcall.c:501: freed_arg: "free" frees "buf". - cifs-utils-7.0/cifs.upcall.c:524: double_free: Calling "free" frees - pointer "buf" which has already been freed. - 522| } - 523| out_close: - 524|-> free(buf); - 525| close(fd); - 526| return cachename; - -Fix this by setting @buf to NULL after freeing it to prevent UAF. - -Fixes: ed97e4ecab4e ("cifs.upcall: allow scraping of KRB5CCNAME out of initiating task's /proc//environ file") -Signed-off-by: Paulo Alcantara (Red Hat) ---- - cifs.upcall.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/cifs.upcall.c b/cifs.upcall.c -index 52c0328..ff6f2bd 100644 ---- a/cifs.upcall.c -+++ b/cifs.upcall.c -@@ -498,10 +498,11 @@ retry: - /* We read to the end of the buffer. Double and try again */ - syslog(LOG_DEBUG, "%s: read to end of buffer (%zu bytes)\n", - __func__, bufsize); -- free(buf); -- bufsize *= 2; - if (lseek(fd, 0, SEEK_SET) < 0) - goto out_close; -+ free(buf); -+ buf = NULL; -+ bufsize *= 2; - goto retry; - } - --- -2.34.1 - diff --git a/0002-cifs-utils-Make-automake-treat-sbin-as-exec-not-data.patch b/0002-cifs-utils-Make-automake-treat-sbin-as-exec-not-data.patch deleted file mode 100644 index 916881c8d19bf4633e40df77609f40a537a7a5f8..0000000000000000000000000000000000000000 --- a/0002-cifs-utils-Make-automake-treat-sbin-as-exec-not-data.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 25d6552c7d8b9fe2ca9dbf85c74c9330e4dd7770 Mon Sep 17 00:00:00 2001 -From: Daniel Parks -Date: Fri, 3 Jun 2022 15:34:59 -0500 -Subject: [PATCH] cifs-utils: Make automake treat /sbin as exec, not data - -Otherwise, $(DESTDIR)/sbin doesn't get created until install-data on a --j1 build and install-exec-hook can fail because it might not exist. - -Steps to reproduce this bug: -$ autoreconf -i -$ ./configure -$ mkdir image -$ make DESTDIR=image install -j1 - -Signed-off-by: Daniel Parks ---- - Makefile.am | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/Makefile.am b/Makefile.am -index a15392d..1a22266 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -1,8 +1,8 @@ - AM_CFLAGS = -Wall -Wextra -D_FORTIFY_SOURCE=2 $(PIE_CFLAGS) $(RELRO_CFLAGS) - ACLOCAL_AMFLAGS = -I aclocal - --root_sbindir = $(ROOTSBINDIR) --root_sbin_PROGRAMS = mount.cifs -+root_exec_sbindir = $(ROOTSBINDIR) -+root_exec_sbin_PROGRAMS = mount.cifs - mount_cifs_SOURCES = mount.cifs.c mtab.c resolve_host.c util.c - mount_cifs_LDADD = $(LIBCAP) $(CAPNG_LDADD) $(RT_LDADD) - include_HEADERS = cifsidmap.h --- -2.43.0 - diff --git a/cifs-utils-7.0.tar.bz2 b/cifs-utils-7.0.tar.bz2 deleted file mode 100644 index 63e1a0df33d1b3d3d41199ba72103afca2ba0e9e..0000000000000000000000000000000000000000 Binary files a/cifs-utils-7.0.tar.bz2 and /dev/null differ diff --git a/cifs-utils-7.4.tar.bz2 b/cifs-utils-7.4.tar.bz2 new file mode 100644 index 0000000000000000000000000000000000000000..e719715575d1c9a6abe08a253b9a9dab912d090b Binary files /dev/null and b/cifs-utils-7.4.tar.bz2 differ diff --git a/cifs-utils.spec b/cifs-utils.spec index 037138cf1047c62cdd78296181386df5c926fb50..cda4af821901312fa796cf29220888b5341bd102 100644 --- a/cifs-utils.spec +++ b/cifs-utils.spec @@ -1,9 +1,9 @@ Name: cifs-utils -Version: 7.0 -Release: 3 +Version: 7.4 +Release: 1 Summary: Utilities for doing and managing mounts of the Linux CIFS filesystem -License: GPLv3+ -URL: http://linux-cifs.samba.org/cifs-utils/ +License: GPL-3.0-or-later +URL: https://linux-cifs.samba.org/cifs-utils/ Source0: https://download.samba.org/pub/linux-cifs/cifs-utils/%{name}-%{version}.tar.bz2 BuildRequires: python3-docutils libcap-ng-devel libtalloc-devel krb5-devel keyutils-libs-devel autoconf @@ -12,9 +12,6 @@ Provides: pam_cifscreds Obsoletes: pam_cifscreds Requires: keyutils -Patch0: 0001-cifs.upcall-fix-UAF-in-get_cachename_from_process_en.patch -Patch1: 0002-cifs-utils-Make-automake-treat-sbin-as-exec-not-data.patch - %description The in-kernel CIFS filesystem is generally the preferred method for mounting SMB/CIFS shares on Linux. @@ -33,23 +30,17 @@ The SMB/CIFS protocol is a standard file sharing protocol widely deployed on Microsoft Windows machines. This package contains the header file necessary for building ID mapping plugins for cifs-utils. -%package help -Summary: Including man files for cifs-utils -Requires: man - -%description help -This contains man files for the using of cifs-utils. +%package_help %prep %autosetup -n %{name}-%{version} -p1 %build autoreconf -vif -%configure --prefix=/usr --with-pamdir=%{_libdir}/security ROOTSBINDIR=%{_sbindir} -make %{?_smp_mflags} +%configure --prefix=%{_prefix} --with-pamdir=%{_libdir}/security ROOTSBINDIR=%{_sbindir} +%make_build %install -rm -rf %{buildroot} %make_install mkdir -p %{buildroot}%{_sysconfdir}/%{name} ln -s %{_libdir}/%{name}/idmapwb.so %{buildroot}%{_sysconfdir}/%{name}/idmap-plugin @@ -58,8 +49,6 @@ install -m 644 contrib/request-key.d/cifs.idmap.conf %{buildroot}%{_sysconfdir}/ install -m 644 contrib/request-key.d/cifs.spnego.conf %{buildroot}%{_sysconfdir}/request-key.d %files -%defattr(-,root,root,-) -%doc %{_bindir}/* %{_sbindir}/* %dir %{_libdir}/%{name} @@ -78,6 +67,9 @@ install -m 644 contrib/request-key.d/cifs.spnego.conf %{buildroot}%{_sysconfdir} %{_mandir}/man8/* %changelog +* Sat Jun 14 2025 Funda Wang - 7.4-1 +- update to 7.4 + * Fri Jun 21 2024 liuh - 7.0-3 - sync patch from community diff --git a/cifs-utils.yaml b/cifs-utils.yaml index 16ea682340aad6b61375c55bb2487e38f245b861..3511e6442cd7489d0534f9ce4cd3374afab967a1 100644 --- a/cifs-utils.yaml +++ b/cifs-utils.yaml @@ -1,4 +1,4 @@ version_control: git src_repo: git://git.samba.org/cifs-utils.git tag_prefix: cifs-utils- -seperator: "." +separator: "."