From aa17a42524f5b3a67e8565b9b333ff9206f0b625 Mon Sep 17 00:00:00 2001
From: Lars Wendler <polynomial-c@gentoo.org>
Date: Sat, 11 Jun 2016 14:14:51 +0200
Subject: net-fs/cifs-utils: Security cleanup (bug 552634).

Package-Manager: portage-2.2.28
Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
---
 net-fs/cifs-utils/Manifest                         |   1 -
 net-fs/cifs-utils/cifs-utils-6.1-r1.ebuild         | 110 ---------------------
 .../files/cifs-utils-6.1-hardcoded-path.patch      |  44 ---------
 3 files changed, 155 deletions(-)
 delete mode 100644 net-fs/cifs-utils/cifs-utils-6.1-r1.ebuild
 delete mode 100644 net-fs/cifs-utils/files/cifs-utils-6.1-hardcoded-path.patch

(limited to 'net-fs/cifs-utils')

diff --git a/net-fs/cifs-utils/Manifest b/net-fs/cifs-utils/Manifest
index 9777594a25e3..cc08b24700fc 100644
--- a/net-fs/cifs-utils/Manifest
+++ b/net-fs/cifs-utils/Manifest
@@ -1,3 +1,2 @@
-DIST cifs-utils-6.1.tar.bz2 390958 SHA256 381f1e9caccdafdcdb0efa32a4cceb77c1a96b0b58702394e4b86dac4825f3b5 SHA512 6427b74edbf56b865dee38a610c74ac5483cdc13096082cfc1e9d225a048c9b5ee0c7afb30e625a615a0e8e9f3767e33765220e27148e2c2a29d12d4129b01fd WHIRLPOOL a800a02a0729996035a331b460cb28ae5463ddecaf205d88173dc08efd7a2bee577995ebba97b36977858c8435ac3b7ec9c7ce5d193f8b30d0602f9546fed5b1
 DIST cifs-utils-6.4.tar.bz2 392809 SHA256 38fc63926af435dae4ebcf4406275580a692d9fb9ee3e32170317cf2ba68e6e3 SHA512 05860ceed1e83b4f4da689d2fc1c1b48fddc0ca53ba52fc6cf26a277d6a884f5780060725c5df1401a665ac35ec5a170262ee62f61095e4a8d76348888182614 WHIRLPOOL 335262eb329860318750fcd081dc2c082f36c75a32e5e596a45b51e73b08be7ee66133c2e4e2bc3089631d3909018abd9c2f36f79d82cd9ea7f6fe2530900f72
 DIST cifs-utils-6.5.tar.bz2 402158 SHA256 e2776578b8267c6dc0862897f5e10f87f10f8337fca9ca6a9118f5eb30cf49f7 SHA512 c5eea97d2be455ad676a3ff693641512d5c1d81d75eb1d7d08e4274b6844a1353b6791aa3ced4d8d656ed4a09b3c17ae80f289a90a3d429a8a94210e15f3e90e WHIRLPOOL 880b3c5762e791317140213fea008759b9d2599ddefb08319877ba6a5ced517fd6e0246050975ad01b74110b20f2233bb6cb505ecf3b2e05dca014ae378eaba5
diff --git a/net-fs/cifs-utils/cifs-utils-6.1-r1.ebuild b/net-fs/cifs-utils/cifs-utils-6.1-r1.ebuild
deleted file mode 100644
index c51ede49d294..000000000000
--- a/net-fs/cifs-utils/cifs-utils-6.1-r1.ebuild
+++ /dev/null
@@ -1,110 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-
-inherit eutils linux-info multilib
-
-DESCRIPTION="Tools for Managing Linux CIFS Client Filesystems"
-HOMEPAGE="http://wiki.samba.org/index.php/LinuxCIFS_utils"
-SRC_URI="ftp://ftp.samba.org/pub/linux-cifs/${PN}/${P}.tar.bz2"
-
-LICENSE="GPL-3"
-SLOT="0"
-KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64 s390 sh sparc x86 ~arm-linux ~x86-linux"
-IUSE="+acl +ads +caps +caps-ng creds"
-
-DEPEND="!net-fs/mount-cifs
-	!<net-fs/samba-3.6_rc1
-	ads? (
-		sys-apps/keyutils
-		sys-libs/talloc
-		virtual/krb5
-	)
-	caps? ( !caps-ng? ( sys-libs/libcap ) )
-	caps? ( caps-ng? ( sys-libs/libcap-ng ) )
-	creds? ( sys-apps/keyutils )"
-PDEPEND="${DEPEND}
-	acl? ( || (
-		=net-fs/samba-3.6*[winbind]
-		>=net-fs/samba-4.0.0_alpha1
-	) )
-"
-
-REQUIRED_USE="acl? ( ads )"
-
-DOCS="doc/linux-cifs-client-guide.odt"
-
-pkg_setup() {
-	linux-info_pkg_setup
-
-	if ! linux_config_exists || ! linux_chkconfig_present CIFS; then
-		ewarn "You must enable CIFS support in your kernel config, "
-		ewarn "to be able to mount samba shares. You can find it at"
-		ewarn
-		ewarn "  File systems"
-		ewarn "	Network File Systems"
-		ewarn "			CIFS support"
-		ewarn
-		ewarn "and recompile your kernel ..."
-	fi
-}
-
-src_prepare() {
-	# Do not rely on hardcoded path to systemd-ask-password, bug #478538
-	epatch "${FILESDIR}/${P}-hardcoded-path.patch"
-}
-
-src_configure() {
-	ROOTSBINDIR="${EPREFIX}"/sbin \
-	econf \
-		$(use_enable acl cifsacl cifsidmap) \
-		$(use_enable ads cifsupcall) \
-		$(use caps && use_with !caps-ng libcap || echo --without-libcap) \
-		$(use caps && use_with caps-ng libcap-ng || echo --without-libcap-ng) \
-		$(use_enable creds cifscreds)
-}
-
-src_install() {
-	default
-
-	# remove empty directories
-	find "${ED}" -type d -print0 | xargs --null rmdir \
-		--ignore-fail-on-non-empty &>/dev/null
-
-	if use acl ; then
-		dodir /etc/cifs-utils
-		dosym /usr/$(get_libdir)/cifs-utils/idmapwb.so \
-			/etc/cifs-utils/idmap-plugin
-		dodir /etc/request-key.d
-		echo 'create cifs.idmap * * /usr/sbin/cifs.idmap %k' \
-			> "${ED}/etc/request-key.d/cifs.idmap.conf"
-	fi
-
-	if use ads ; then
-		dodir /etc/request-key.d
-		echo 'create dns_resolver * * /usr/sbin/cifs.upcall %k' \
-			> "${ED}/etc/request-key.d/cifs.upcall.conf"
-	fi
-}
-
-pkg_postinst() {
-	# Inform about set-user-ID bit of mount.cifs
-	ewarn "setuid use flag was dropped due to multiple security implications"
-	ewarn "such as CVE-2009-2948, CVE-2011-3585 and CVE-2012-1586"
-	ewarn "You are free to set setuid flags by yourself"
-
-	# Inform about upcall usage
-	if use acl ; then
-		einfo "The cifs.idmap utility has been enabled by creating the"
-		einfo "configuration file /etc/request-key.d/cifs.idmap.conf"
-		einfo "This enables you to get and set CIFS acls."
-	fi
-
-	if use ads ; then
-		einfo "The cifs.upcall utility has been enabled by creating the"
-		einfo "configuration file /etc/request-key.d/cifs.upcall.conf"
-		einfo "This enables you to mount DFS shares."
-	fi
-}
diff --git a/net-fs/cifs-utils/files/cifs-utils-6.1-hardcoded-path.patch b/net-fs/cifs-utils/files/cifs-utils-6.1-hardcoded-path.patch
deleted file mode 100644
index 2c2067fa1f92..000000000000
--- a/net-fs/cifs-utils/files/cifs-utils-6.1-hardcoded-path.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 4e315f6a02a4edb259b33bcf0665eba259fee2f2 Mon Sep 17 00:00:00 2001
-From: =?utf8?q?Micha=C5=82=20G=C3=B3rny?= <mgorny@gentoo.org>
-Date: Tue, 30 Jul 2013 10:00:26 +0200
-Subject: [PATCH] Do not rely on hardcoded path to systemd-ask-password.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=utf8
-Content-Transfer-Encoding: 8bit
-
-Relying on hardcoded /bin/systemd-ask-password path breaks systemd that
-install systemd-ask-password in /usr/bin. Since both paths are supposed
-to be in ${PATH} and popen() passes the command to shell, just pass
-'systemd-ask-password' and let the shell find it.
-
-Fixes: https://bugzilla.samba.org/show_bug.cgi?id=10054
-Signed-off-by: Michał Górny <mgorny@gentoo.org>
----
- mount.cifs.c |    4 ++--
- 1 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/mount.cifs.c b/mount.cifs.c
-index e76beee..7206dcb 100644
---- a/mount.cifs.c
-+++ b/mount.cifs.c
-@@ -1626,7 +1626,7 @@ drop_child_privs(void)
- }
- 
- /*
-- * If systemd is running and /bin/systemd-ask-password --
-+ * If systemd is running and systemd-ask-password --
-  * is available, then use that else fallback on getpass(..)
-  *
-  * Returns: @input or NULL on error
-@@ -1649,7 +1649,7 @@ get_password(const char *prompt, char *input, int capacity)
- 		FILE *ask_pass_fp = NULL;
- 
- 		cmd = ret = NULL;
--		if (asprintf(&cmd, "/bin/systemd-ask-password \"%s\"", prompt) >= 0) {
-+		if (asprintf(&cmd, "systemd-ask-password \"%s\"", prompt) >= 0) {
- 			ask_pass_fp = popen (cmd, "re");
- 			free (cmd);
- 		}
--- 
-1.7.0.4
-
-- 
cgit v1.2.3-18-g5258