Dropping setuid flag, bug 385315

Package-Manager: portage-2.1.10.11/cvs/Linux i686
author: Victor Ostorga <vostorga@gentoo.org> 2011-10-04 16:07:57 +0000
committer: Victor Ostorga <vostorga@gentoo.org> 2011-10-04 16:07:57 +0000
commit: cdd69377bd15bd29607589ca2d35a7b61208e51a (patch)
tree: 177538f84997bc50e34889f3932be9d71b599711 /net-fs/cifs-utils
parent: Take maintainership over app-i18n/enca, bump revision, fix bug 377543 (diff)
download: historical-cdd69377bd15bd29607589ca2d35a7b61208e51a.tar.gz
historical-cdd69377bd15bd29607589ca2d35a7b61208e51a.tar.bz2
historical-cdd69377bd15bd29607589ca2d35a7b61208e51a.zip
4 files changed, 15 insertions, 19 deletions
diff --git a/net-fs/cifs-utils/ChangeLog b/net-fs/cifs-utils/ChangeLog
index 46d55ce38479..5f1d06dc2a8a 100644
--- a/net-fs/cifs-utils/ChangeLog
+++ b/net-fs/cifs-utils/ChangeLog
@@ -1,6 +1,9 @@
 # ChangeLog for net-fs/cifs-utils
 # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-fs/cifs-utils/ChangeLog,v 1.16 2011/10/03 15:02:17 vostorga Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-fs/cifs-utils/ChangeLog,v 1.17 2011/10/04 16:07:57 vostorga Exp $
+
+  04 Oct 2011; Víctor Ostorga <vostorga@gentoo.org> cifs-utils-5.1.ebuild:
+  Dropping setuid flag, CVE-2011-3585  bug 385315
 
   03 Oct 2011; Víctor Ostorga <vostorga@gentoo.org> -cifs-utils-5.0.ebuild:
   Cleaning up vulnerable versions, CVE-2011-2724, bug 382263
diff --git a/net-fs/cifs-utils/Manifest b/net-fs/cifs-utils/Manifest
index 6b505ebfd3b1..7ee46eb3f62d 100644
--- a/net-fs/cifs-utils/Manifest
+++ b/net-fs/cifs-utils/Manifest
@@ -2,13 +2,13 @@
 Hash: SHA1
 
 DIST cifs-utils-5.1.tar.bz2 366162 RMD160 3ca51ff3d61513a849e5713b1e10e225bea1b2a1 SHA1 f1c66f148a73e6c9e765fc1df13bd927f8dde5fe SHA256 67f8f9bfad7dc952bd4aa9b1c125d186e437d1e1e75c14992a1f6b7f142e7d3a
-EBUILD cifs-utils-5.1.ebuild 2330 RMD160 72ccab340c04a4dcf9cb1aa8b414607ce47e92ca SHA1 b70c90ca7df1b647c85772c7585a2f6bb47f5d07 SHA256 8ec838f81463be8d26a47993e1abb0b7f34a2d104d74bbaf7bd3358f06d5cd85
-MISC ChangeLog 2689 RMD160 ff8e48e9a0efc04bbc29438fbbc31dfbe42799f2 SHA1 3988b48f876c65c8d624ea9c4b232d5f39cd2a22 SHA256 d2ad84f8e15968f762cedfc05af5736c6f43139605abfc491324c2fa8e0147c7
-MISC metadata.xml 980 RMD160 b628cc657f81e3acfacd0bc05621b85fb6558ac0 SHA1 a5108db6eb2997a730fbeca1955c2e1c53c10ac8 SHA256 b2a38280bf5d6d96943c7365ab23eab83ca508db2c0d80eca949780efd221390
+EBUILD cifs-utils-5.1.ebuild 2200 RMD160 709b45ea1c7a1909a7940eeef2e52a5ede6a5287 SHA1 bb1de166f1655438bed73577dda6743e599a7a90 SHA256 5806ee1251f40b38e5d3c61f3e4defaa517b524cec01d98362b022c346d2665c
+MISC ChangeLog 2816 RMD160 c9fd9bf84a3f27c9ca0c3592d1c634b64b248460 SHA1 7d4e3c32a6280eae3ffda398db0ee61ffad871e1 SHA256 bc5d745a951bbc631d01c702a7e8cdd227dc9108587263875b9ebf82dbf87bbb
+MISC metadata.xml 918 RMD160 861365abb0b5753f8338843672c0677137ce30f7 SHA1 6de300978e721280dcb67e7e7c55681c3b44625c SHA256 8fe5c71fc397f06fa69022fe53352645a4e2c5743a290991eff6a08b70f83eb9
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.17 (GNU/Linux)
 
-iEYEARECAAYFAk6JzoAACgkQKQaZ7OJe4zbTvwCghZUk3UtJVgxae5K0fKf4hmVd
-Jj0AnR5mD6S1M4N+EAb9ukHjJ22ysLRL
-=yk9O
+iEYEARECAAYFAk6LL2QACgkQKQaZ7OJe4zZbEgCfXBXQgvX7qKds4dqfJziN7K1f
+7HIAn3XKNpwiQdUibskTyHYoDnjfkLVO
+=ck/Z
 -----END PGP SIGNATURE-----
diff --git a/net-fs/cifs-utils/cifs-utils-5.1.ebuild b/net-fs/cifs-utils/cifs-utils-5.1.ebuild
index cc4283abcb10..0bfc2c05b922 100644
--- a/net-fs/cifs-utils/cifs-utils-5.1.ebuild
+++ b/net-fs/cifs-utils/cifs-utils-5.1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2011 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-fs/cifs-utils/cifs-utils-5.1.ebuild,v 1.1 2011/09/26 17:32:43 vostorga Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-fs/cifs-utils/cifs-utils-5.1.ebuild,v 1.2 2011/10/04 16:07:57 vostorga Exp $
 
 EAPI=4
 
@@ -13,7 +13,7 @@ SRC_URI="ftp://ftp.samba.org/pub/linux-cifs/${PN}/${P}.tar.bz2"
 LICENSE="GPL-3"
 SLOT="0"
 KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
-IUSE="ads +caps caps-ng creds setuid upcall"
+IUSE="ads +caps caps-ng creds upcall"
 
 DEPEND="!net-fs/mount-cifs
 	!<net-fs/samba-3.6_rc1
@@ -51,20 +51,14 @@ src_configure() {
 
 src_install() {
 	emake install DESTDIR="${D}" || die "emake install failed"
-	# Set set-user-ID bit of mount.cifs
-	if use setuid ; then
-		chmod u+s "${D}"/sbin/mount.cifs
-	fi
 	dodoc doc/linux-cifs-client-guide.odt
 }
 
 pkg_postinst() {
 	# Inform about set-user-ID bit of mount.cifs
-	if use setuid ; then
-		ewarn "Setting SETUID bit for mount.cifs."
-		ewarn "However, there may be severe security implications. Also see:"
-		ewarn "http://samba.org/samba/security/CVE-2009-2948.html"
-	fi
+	ewarn "setuid use flag was dropped due to multiple security implications"
+	ewarn "such as CVE-2009-2948 and CVE-2011-3585."
+	ewarn "You are free to set setuid flags by yourself"
 
 	# Inform about upcall usage
 	if use ads ; then
diff --git a/net-fs/cifs-utils/metadata.xml b/net-fs/cifs-utils/metadata.xml
index 5b4290260c48..28e792f3ce63 100644
--- a/net-fs/cifs-utils/metadata.xml
+++ b/net-fs/cifs-utils/metadata.xml
@@ -12,7 +12,6 @@
 		<flag name="caps">libcap support</flag>
 		<flag name="caps-ng">libcap-ng support</flag>
 		<flag name="creds">cifs credentials support</flag>
-		<flag name="setuid">Seting SETUID bit for mount.cifs</flag>
 		<flag name="upcall">Create cifs.idmap binary; idmap support</flag>
 	</use>
 </pkgmetadata>
author	Victor Ostorga <vostorga@gentoo.org>	2011-10-04 16:07:57 +0000
committer	Victor Ostorga <vostorga@gentoo.org>	2011-10-04 16:07:57 +0000
commit	cdd69377bd15bd29607589ca2d35a7b61208e51a (patch)
tree	177538f84997bc50e34889f3932be9d71b599711 /net-fs/cifs-utils
parent	Take maintainership over app-i18n/enca, bump revision, fix bug 377543 (diff)
download	historical-cdd69377bd15bd29607589ca2d35a7b61208e51a.tar.gz historical-cdd69377bd15bd29607589ca2d35a7b61208e51a.tar.bz2 historical-cdd69377bd15bd29607589ca2d35a7b61208e51a.zip