From f2200178ed205690792e5b9742adc471d6f0dcb6 Mon Sep 17 00:00:00 2001 From: Gyorgy Sarvari Date: Thu, 25 Dec 2025 20:21:50 +0100 Subject: [PATCH] cifs-utils: upgrade 7.0 -> 7.4 Contains fix for CVE-2025-2312 The recipe installs two scripts in bindir - this is nothing new. But the shebang has changed from "/usr/bin/env python3" to "/usr/bin/python3" - these were always python scripts, but they weren't recognized as such during the QA checks, and python wasn't installed as a runtime dependency. Now QA check is complaining about missing python in RDEPENDS. To avoid mandatory python installation, package the scripts separately in cifs-utils-scripts package. Shortlog: cifs-utils: bump version to 7.4 mount.cifs: retry mount on -EINPROGRESS cifs.upcall: correctly treat UPTARGET_UNSPECIFIED as UPTARGET_APP cifscreds: use for basename getcifsacl, setcifsacl: use for basename cifs.upcall: fix memory leaks in check_service_ticket_exits() cifs-utils: bump version to 7.3 Fix regression in mount.cifs with guest mount option resolve_host.c: Initialize site_name cldap_ping: Fix socket fd leak cifs-utils: bump version to 7.2 getcifsacl: fix return code check for getting full ACL cifs-utils: add documentation for upcall_target cifs-utils: avoid using mktemp when updating mtab cldap_ping.c: add missing include configure.ac: libtalloc is now mandatory cifscreds: allow user to set the key's timeout cifscreds: use continue instead of break when matching commands Do not pass passwords with sec=none and sec=krb5 docs: add esize description docs: add max_cached_dirs description docs: update actimeo description Fix compiler warnings in mount.cifs CIFS.upcall to accomodate new namespace mount opt cifs-utils: Skip TGT check if valid service ticket is already available use enums to check password or password2 in set_password, get_password_from_file and minor documentation additions cifs-utils: support and document password2 mount option smbinfo: add bash completion support for filestreaminfo, keys, gettconinfo cifs-utils: bump version to 7.1 cifs: update documentation for sloppy mount option docs: add closetimeo description docs: add compress description checkopts: update it to work with latest kernel version cifs-utils: add documentation for multichannel and max_channels cifs-utils: smbinfo: add gettconinfo command Implement CLDAP Ping to find the closest site mount.cifs.rst: update section about xattr/acl support mount.cifs.rst: add missing reference for sssd getcifsacl, setcifsacl: add missing include for le32toh getcifsacl, setcifsacl: add missing include for XATTR_SIZE_MAX cifs-utils: Make automake treat /sbin as exec, not data pam_cifscreds: fix warning on NULL arg passed to %s in pam_syslog() cifs.upcall: fix UAF in get_cachename_from_process_env() cifs-utils: add documentation for acregmax and acdirmax setcifsacl: Fix uninitialized value. Use explicit "#!/usr/bin/python3" Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --- .../cifs/{cifs-utils_7.0.bb => cifs-utils_7.4.bb} | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) rename meta-networking/recipes-support/cifs/{cifs-utils_7.0.bb => cifs-utils_7.4.bb} (84%) diff --git a/meta-networking/recipes-support/cifs/cifs-utils_7.0.bb b/meta-networking/recipes-support/cifs/cifs-utils_7.4.bb similarity index 84% rename from meta-networking/recipes-support/cifs/cifs-utils_7.0.bb rename to meta-networking/recipes-support/cifs/cifs-utils_7.4.bb index e2918503be..9c7b9e3246 100644 --- a/meta-networking/recipes-support/cifs/cifs-utils_7.0.bb +++ b/meta-networking/recipes-support/cifs/cifs-utils_7.4.bb @@ -4,8 +4,8 @@ SECTION = "otherosfs" LICENSE = "GPL-3.0-only & LGPL-3.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" -SRCREV = "316522036133d44ed02cd39ed2748e2b59c85b30" -SRC_URI = "git://git.samba.org/cifs-utils.git;branch=master" +SRCREV = "edac7178bec9520fb57d14946e67f5dd33b82d43" +SRC_URI = "git://git.samba.org/cifs-utils.git;branch=master;tag=${BP}" DEPENDS += "libtalloc" @@ -38,6 +38,11 @@ do_install:append() { fi } +PACKAGE_BEFORE_PN = "${PN}-scripts" FILES:${PN} += "${base_libdir}/security" FILES:${PN}-dbg += "${base_libdir}/security/.debug" +# these scripts are python, package them separately so python +# won't be mandatory dependency +FILES:${PN}-scripts = "${bindir}/smb2-quota ${bindir}/smbinfo" +RDEPENDS:${PN}-scripts += "python3-core" RRECOMMENDS:${PN} = "kernel-module-cifs"