Bug 5714

After some troubles due to 5.4 now enabling -Werror, but not cleaning up all warnings with all warning compiler options (by disabling -Werror), 5.4 is now in svn for cauldron.

Starting on the update for Mageia 1.

Status: NEW => ASSIGNED

Just in case you didn't see, tmb submitted the build for Cauldron but it failed:
http://pkgsubmit.mageia.org/uploads/failure/cauldron/core/release/20120502164847.tmb.valstar.14153/log/cifs-utils-5.4-1.mga2/build.0.20120502164847.log

The BuildRequires for the library it fails to find are already there, so this is a strange error.  Maybe it's not looking in the right path for the library?

It builds like this on Mageia 1 x86_64 (with lib64wbclient-devel-3.6.5-1.mga1, since I tested the samba 3.6.5 build on this machine as well).

I will try and get a cauldron VM up (or an existing one updated) today.

Mandriva has issued advisories for samba and cifs-utils for this today:
http://www.mandriva.com/en/support/security/advisories/?dis=2010.1&name=MDVSA-2012:070
http://www.mandriva.com/en/support/security/advisories/?dis=2010.1&name=MDVSA-2012:069

OK, I fixed the build problem in Cauldron (thanks to mdv).

Since mdv issued an update for samba as well, we might as well patch that in Mageia 1.

cifs-utils-4.8.1-1.3.mga1 is available in core/updates_testing for Mageia 1, fixing this issue:


[bgmilne@tiger cifs-utils]$ rpm -q cifs-utils
cifs-utils-4.8.1-1.2.mga1
[bgmilne@tiger cifs-utils]$ mount.cifs //localhost/bgmilne /root/drakx
This program is not installed setuid root -  "user" CIFS mounts not supported.
[bgmilne@tiger cifs-utils]$ mount.cifs //localhost/bgmilne /root/doesnotexist
This program is not installed setuid root -  "user" CIFS mounts not supported.
[bgmilne@tiger cifs-utils]$ su -
root's password: 
[root@tiger ~]# chmod u+s /sbin/mount.cifs
[root@tiger ~]# logout
[bgmilne@tiger cifs-utils]$ mount.cifs //localhost/bgmilne /root/drakx
mount.cifs: permission denied: no match for /root/drakx found in /etc/fstab
[bgmilne@tiger cifs-utils]$ mount.cifs //localhost/bgmilne /root/doesnotexist
Couldn't chdir to /root/doesnotexist: No such file or directory


[bgmilne@tiger cifs-utils]$ urpmi cifs-utils-4.8.1-1.3.mga1
Running urpmi in restricted mode...



installing cifs-utils-4.8.1-1.3.mga1.x86_64.rpm from //home/bgmilne/rpm/Mageia/RPMS.mga1/x86_64
Preparing...                     ##################################################
      1/1: cifs-utils            ##################################################
[bgmilne@tiger cifs-utils]$ mount.cifs //localhost/bgmilne /root/drakx
This program is not installed setuid root -  "user" CIFS mounts not supported.
[bgmilne@tiger cifs-utils]$ mount.cifs //localhost/bgmilne /root/doesnotexist
This program is not installed setuid root -  "user" CIFS mounts not supported.
[bgmilne@tiger cifs-utils]$ su -
root's password:
[root@tiger ~]# chmod u+s /sbin/mount.cifs
[root@tiger ~]# logout


[bgmilne@tiger cifs-utils]$ mount.cifs //localhost/bgmilne /root/drakx
Couldn't chdir to /root/drakx: Permission denied
[bgmilne@tiger cifs-utils]$ mount.cifs //localhost/bgmilne /root/doesnotexist
Couldn't chdir to /root/doesnotexist: Permission denied


Remember to:
# chmod u-s /sbin/mount.cifs

Patched samba package uploaded.  See Comment 6 for details on cifs-utils.

Advisory:
========================

Updated cifs-utils and samba packages fix security vulnerability:

A file existence dislosure flaw was found in the way mount.cifs tool
of the Samba SMB/CIFS tools suite performed mount of a Linux CIFS
(Common Internet File System) filesystem. A local user, able to
mount a remote CIFS share / target to a local directory could use
this flaw to confirm (non) existence of a file system object (file,
directory or process descriptor) via error messages generated during
the mount.cifs tool run (CVE-2012-1586).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1586
https://bugzilla.samba.org/show_bug.cgi?id=8821
http://www.mandriva.com/en/support/security/advisories/?dis=2010.1&name=MDVSA-2012:069
http://www.mandriva.com/en/support/security/advisories/?dis=2010.1&name=MDVSA-2012:070
========================

Updated packages in core/updates_testing:
========================
cifs-utils-4.8.1-1.3.mga1
samba-server-3.5.8-1.4.mga1
samba-client-3.5.8-1.4.mga1
samba-common-3.5.8-1.4.mga1
samba-doc-3.5.8-1.4.mga1
samba-swat-3.5.8-1.4.mga1
samba-winbind-3.5.8-1.4.mga1
nss_wins-3.5.8-1.4.mga1
libsmbclient0-3.5.8-1.4.mga1
libsmbclient0-devel-3.5.8-1.4.mga1
libsmbclient0-static-devel-3.5.8-1.4.mga1
libnetapi0-3.5.8-1.4.mga1
libnetapi-devel-3.5.8-1.4.mga1
libsmbsharemodes0-3.5.8-1.4.mga1
libsmbsharemodes-devel-3.5.8-1.4.mga1
libwbclient0-3.5.8-1.4.mga1
libwbclient-devel-3.5.8-1.4.mga1
mount-cifs-3.5.8-1.4.mga1
samba-domainjoin-gui-3.5.8-1.4.mga1

from SRPMS:
cifs-utils-4.8.1-1.3.mga1.src.rpm
samba-3.5.8-1.4.mga1.src.rpm

Assignee: bugsquad => qa-bugs

Thanks Buchan for the procedure.

Confirmed the problem and fix mga1 32

Hardware: i586 => All
Whiteboard: (none) => mga1-32-OK

Confirmed the problem and fix mga1 64

Validating

Please see comment 7 for advisory and srpm

Could sysadmin please push from core/updates_testing to core/updates

Thanks!

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs
Whiteboard: mga1-32-OK => mga1-32-OK mga1-64-OK

Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0162

Status: ASSIGNED => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED