Fix CVE-2021-20208: A flaw was found in cifs-utils in versions before
6.13. A user when mounting a krb5 CIFS file system from within a
container can use Kerberos credentials of the host. The highest threat
from this vulnerability is to data confidentiality and integrity.
https://lists.samba.org/archive/samba-technical/2021-April/136467.html
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix CVE-2020-14342: It was found that cifs-utils' mount.cifs was
invoking a shell when requesting the Samba password, which could be used
to inject arbitrary commands. An attacker able to invoke mount.cifs with
special permission, such as via sudo rules, could use this flaw to
escalate their privileges.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
In the version bump to 6.10 the following changes were:
* Fix hash file to two spaces format
* Add patch to respect DESTDIR and optionally install man pages for
mount.smb3 by utilizing CONFIG_MAN.
* Pass -std=gnu11 to fix compile issues found with the sourcery-arm
toolchain with C99 style code errors in smbinfo.c and defintion of
'struct sa' uisng gnu11 for C11 GNU extensions.
Signed-off-by: Ryan Barnett <ryanbarnett3@gmail.com>
CC: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
>From https://wiki.samba.org/index.php/LinuxCIFS_utils:
- April 5, 2019: Release 6.9
- smbinfo utility is added to query various kinds of information
from the server (objectId, snapshots, different FileInfo* classes
and other metadata)
- server IP change is supported by expiring DNS key resolver entries
- get/setcifsacl tools are improved to handle unexpected behavior
- share snapshot are allowed to be specified by a GMT token or SMB
100-nanoseconds time
- various new mount option are documented: bsize, handletimeout,
handlecache, rdma, max_credits and others
- https://lists.samba.org/archive/samba-technical/2019-April/133233.html
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Enable autoreconf because of missing install-sh.
Add upstream patch fixing build breakage with libtalloc is missing.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
