- Update from version 6.14 to 7.0
- Update of rootfile not required
- Changelog
7.0
3165220 cifs-utils: bump version to 7.0
7b91873 cifs-utils: don't return uninitialized value in cifs_gss_get_req
d9f5447 cifs-utils: make GSSAPI usage compatible with Heimdal
5e5aa50 cifs-utils: work around missing krb5_free_string in Heimdal
dc60353 fix warnings for -Waddress-of-packed-member
c4c94ad setcifsacl: fix memory allocation for struct cifs_ace
4ad2c50 setcifsacl: fix comparison of actions reported by covscan
9b074db cifs.upcall: remove unused variable and fix syslog message
2981686 cifs.upcall: Switch to RFC principal type naming
8a288d6 man-pages: Update cifs.upcall to mention GSS_USE_PROXY
aeee690 cifs.upcall: fix compiler warning
e2430c0 cifs.upcall: add gssproxy support
6.15
- CVE-2022-27239: mount.cifs: fix length check for ip option parsing
In cifs-utils through 6.14, a stack-based buffer overflow when parsing
the mount.cifs ip= command-line argument could lead to local attackers
gaining root privileges.
- CVE-2022-29869: mount.cifs: fix verbose messages on option parsing
cifs-utils through 6.14, with verbose logging, can cause an
information leak when a file contains = (equal sign) characters but is
not a valid credentials file.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from 6.13 to 6.14
- Update of rootfile not required
- Changelog
September, 2021: Release 6.14
cifs-utils: bump version to 6.14
setcifsacl: fix formatting
smbinfo: add support for new key dump ioctl
mount.cifs: fix crash when mount point does not exist
cifs.upcall: fix regression in kerberos mount
smbinfo: Add command for displaying alternate data streams
Reorder ACEs in preferred order during setcifsacl
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Historically, the MD5 checksums in our LFS files serve as a protection
against broken downloads, or accidentally corrupted source files.
While the sources are nowadays downloaded via HTTPS, it make sense to
beef up integrity protection for them, since transparently intercepting
TLS is believed to be feasible for more powerful actors, and the state
of the public PKI ecosystem is clearly not helping.
Therefore, this patch switches from MD5 to BLAKE2, updating all LFS
files as well as make.sh to deal with this checksum algorithm. BLAKE2 is
notably faster (and more secure) than SHA2, so the performance penalty
introduced by this patch is negligible, if noticeable at all.
In preparation of this patch, the toolchain files currently used have
been supplied with BLAKE2 checksums as well on
https://source.ipfire.org/.
Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremeripfire.org>
Bumping across one of our scripts with very long trailing whitespaces, I
thought it might be a good idea to clean these up. Doing so, some
missing or inconsistent licence headers were fixed.
There is no need in shipping all these files en bloc, as their
functionality won't change.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
* Add a Summary and Services field to all pak lfs files
* Replace occurances of INSTALL_INITSCRIPT with new INSTALL_INITSCRIPTS
macro in all pak lfs files.
Signed-off-by: Robin Roevens <robin.roevens@disroot.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 6.12 to 6.13
- Update of rootfile not needed
- Changelog
This is a security release to address the following bug:
CVE-2021-20208 cifs.upcall kerberos auth leak in container
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Not sure why this has ever been there. This simply makes it
nicer to read and edit because we can have line-breaks now.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Most of these files still used old dates and/or domain names for contact
mail addresses. This is now replaced by an up-to-date copyright line.
Just some housekeeping... :-)
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
