Update to version 7.6

- resolves: RHEL-185764 - CVE-2026-12505 cifs-utils: LPE via cifs.spnego

Signed-off-by: Paulo Alcantara <paalcant@redhat.com>
This commit is contained in:
Paulo Alcantara 2026-06-23 13:45:39 -03:00
parent 30dc12252b
commit 48fe8aae6f
7 changed files with 50 additions and 155 deletions

1
.gitignore vendored
View File

@ -31,3 +31,4 @@ cifs-utils-4.6.tar.bz2
/cifs-utils-7.2.tar.bz2
/cifs-utils-7.4.tar.bz2
/cifs-utils-7.5.tar.bz2
/cifs-utils-7.6.tar.bz2

View File

@ -4,7 +4,7 @@
%global bash_completion_dir %(pkg-config --variable=completionsdir bash-completion || echo /etc/bash_completion.d)
Name: cifs-utils
Version: 7.5
Version: 7.6
Release: %autorelease
Summary: Utilities for mounting and managing CIFS mounts
@ -22,9 +22,7 @@ Requires(preun): /usr/sbin/alternatives
Source0: https://download.samba.org/pub/linux-cifs/cifs-utils/%{name}-%{version}.tar.bz2
Patch0: cifs.upcall-add-option-to-enable-debug-logs.patch
Patch1: docs-Enable-debug-logs.patch
Patch2: cifs.upcall-Adjust-log-level.patch
Patch0: cifs.upcall-fix-compiler-warning-with-Wvla.patch
%description
The SMB/CIFS protocol is a standard file sharing protocol widely deployed

View File

@ -1,41 +0,0 @@
From 927123ede36fab4a68aea6f6a3495ad909430ed1 Mon Sep 17 00:00:00 2001
From: Pierguido Lambri <plambri@redhat.com>
Date: Fri, 30 Jan 2026 14:11:28 +0000
Subject: [PATCH 3/3] cifs.upcall: Adjust log level
Because now only error message are logged, let's switch some messages
from DEBUG to ERROR level.
This will help see when an error occurred with cifs.upcall and
eventually turn on the debug mode.
Signed-off-by: Pierguido Lambri <plambri@redhat.com>
Reviewed-by: Paulo Alcantara (Red Hat) <pc@manguebit.org>
---
cifs.upcall.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/cifs.upcall.c b/cifs.upcall.c
index b57a48c743e4..9d0eecf3aa11 100644
--- a/cifs.upcall.c
+++ b/cifs.upcall.c
@@ -1618,7 +1618,7 @@ int main(const int argc, char *const argv[])
__func__);
} else {
if (!get_tgt_time(ccache)) {
- syslog(LOG_DEBUG, "%s: valid TGT is not present in credential cache",
+ syslog(LOG_ERR, "%s: valid TGT is not present in credential cache",
__func__);
krb5_cc_close(context, ccache);
ccache = NULL;
@@ -1721,7 +1721,7 @@ retry_new_hostname:
}
if (rc) {
- syslog(LOG_DEBUG, "Unable to obtain service ticket");
+ syslog(LOG_ERR, "Unable to obtain service ticket");
goto out;
}
--
2.52.0

View File

@ -1,68 +0,0 @@
From 3047b9ccefdcf6327bf060ebf0d40864c5b1a11e Mon Sep 17 00:00:00 2001
From: Pierguido Lambri <plambri@redhat.com>
Date: Fri, 30 Jan 2026 14:11:26 +0000
Subject: [PATCH 1/3] cifs.upcall: add option to enable debug logs
cifs.upcall uses two levels of logs, DEBUG and ERR.
However, when using systemd, these logs will always be recorded.
When the system does a lot of upcalls, the journal could be filled
with debug logs, which may not be useful at that time.
Added then a new option '-d' to enable debug logs only when needed.
This will set a logmask up to LOG_DEBUG instead of the default
of LOG_ERR, thus reducing the amount of logs when no debug is needed.
Signed-off-by: Pierguido Lambri <plambri@redhat.com>
Reviewed-by: Paulo Alcantara (Red Hat) <pc@manguebit.org>
---
cifs.upcall.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/cifs.upcall.c b/cifs.upcall.c
index 69e27a34f637..b57a48c743e4 100644
--- a/cifs.upcall.c
+++ b/cifs.upcall.c
@@ -1356,10 +1356,11 @@ lowercase_string(char *c)
static void usage(void)
{
- fprintf(stderr, "Usage: %s [ -K /path/to/keytab] [-k /path/to/krb5.conf] [-E] [-t] [-v] [-l] [-e nsecs] key_serial\n", prog);
+ fprintf(stderr, "Usage: %s [ -K /path/to/keytab] [-k /path/to/krb5.conf] [-d] [-E] [-t] [-v] [-l] [-e nsecs] key_serial\n", prog);
}
static const struct option long_options[] = {
+ {"debug", 0, NULL, 'd'},
{"no-env-probe", 0, NULL, 'E'},
{"krb5conf", 1, NULL, 'k'},
{"legacy-uid", 0, NULL, 'l'},
@@ -1379,6 +1380,7 @@ int main(const int argc, char *const argv[])
size_t datalen;
long rc = 1;
int c;
+ int mask;
bool try_dns = false, legacy_uid = false , env_probe = true;
char *buf;
char hostbuf[NI_MAXHOST], *host;
@@ -1395,12 +1397,19 @@ int main(const int argc, char *const argv[])
hostbuf[0] = '\0';
openlog(prog, 0, LOG_DAEMON);
+ mask = LOG_UPTO(LOG_ERR);
+ setlogmask(mask);
- while ((c = getopt_long(argc, argv, "cEk:K:ltve:", long_options, NULL)) != -1) {
+ while ((c = getopt_long(argc, argv, "cdEk:K:ltve:", long_options, NULL)) != -1) {
switch (c) {
case 'c':
/* legacy option -- skip it */
break;
+ case 'd':
+ /* enable debug logs */
+ mask = LOG_UPTO(LOG_DEBUG);
+ setlogmask(mask);
+ break;
case 'E':
/* skip probing initiating process env */
env_probe = false;
--
2.52.0

View File

@ -0,0 +1,46 @@
From d2f39a20d68aa55023b63e575f06941721e644c6 Mon Sep 17 00:00:00 2001
From: Paulo Alcantara <pc@manguebit.org>
Date: Tue, 23 Jun 2026 15:06:20 -0300
Subject: [PATCH] cifs.upcall: fix compiler warning with -Wvla
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The length value for @path array in get_uidgid() needs to be evaluated
at compile time, so replace strlen() with sizeof() when defining
PROC_PID_PATH_MAXLEN and then fix the following warning:
cifs.upcall.c: In function get_uidgid:
cifs.upcall.c:1400:9: warning: ISO C90 forbids array path whose size
cannot be evaluated [-Wvla]
1400 | char path[PROC_PID_PATH_MAXLEN] = {}, buf[256];
| ^~~~
Fixes: 972c5b5ff95e ("cifs.upcall: remove getpwuid() dependency")
Signed-off-by: Paulo Alcantara (Red Hat) <pc@manguebit.org>
Reviewed-by: David Howells <dhowells@redhat.com>
Cc: Enzo Matsumiya <ematsumiya@suse.de>
Cc: linux-cifs@vger.kernel.org
Signed-off-by: Steve French <stfrench@microsoft.com>
---
cifs.upcall.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/cifs.upcall.c b/cifs.upcall.c
index 01690dfcade1..11dbc6186a74 100644
--- a/cifs.upcall.c
+++ b/cifs.upcall.c
@@ -1375,8 +1375,8 @@ static int ip_to_fqdn(const char *addrstr, char *host, size_t hostlen)
return 0;
}
-/* cover worst case/impossible scenarios, + 1 for NUL */
-#define PROC_PID_PATH_MAXLEN ((int)strlen("/proc/2147483647/status") + 1)
+/* cover worst case/impossible scenarios */
+#define PROC_PID_PATH_MAXLEN ((int)sizeof("/proc/2147483647/status"))
/* max valid UID/GID is (UINT_MAX - 1) */
#define INVALID_UIDGID UINT_MAX
--
2.54.0

View File

@ -1,41 +0,0 @@
From 224512b9e62c886fd8d9802bc50a7702c4fe4517 Mon Sep 17 00:00:00 2001
From: Pierguido Lambri <plambri@redhat.com>
Date: Fri, 30 Jan 2026 14:11:27 +0000
Subject: [PATCH 2/3] docs: Enable debug logs
Documented a new option '-d' to enable debug logs.
By default only error logs are enabled, with this new option
debug logs can be enabled when needed.
Signed-off-by: Pierguido Lambri <plambri@redhat.com>
Reviewed-by: Paulo Alcantara (Red Hat) <pc@manguebit.org>
---
cifs.upcall.rst.in | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/cifs.upcall.rst.in b/cifs.upcall.rst.in
index 09d0503591d6..895efc53ef50 100644
--- a/cifs.upcall.rst.in
+++ b/cifs.upcall.rst.in
@@ -11,7 +11,7 @@ Userspace upcall helper for Common Internet File System (CIFS)
SYNOPSIS
********
- cifs.upcall [--trust-dns|-t] [--version|-v] [--legacy-uid|-l]
+ cifs.upcall [--trust-dns|-t] [--version|-v] [--legacy-uid|-l] [--debug|-d]
[--krb5conf=/path/to/krb5.conf|-k /path/to/krb5.conf]
[--keytab=/path/to/keytab|-K /path/to/keytab] [--expire|-e nsecs] {keyid}
@@ -38,6 +38,9 @@ OPTIONS
-c
This option is deprecated and is currently ignored.
+--debug|-d
+ Enable debug logs. By default no debug messages are logged, only errors.
+
--no-env-probe|-E
Normally, ``cifs.upcall`` will probe the environment variable space of
the process that initiated the upcall in order to fetch the value of
--
2.52.0

View File

@ -1 +1 @@
SHA512 (cifs-utils-7.5.tar.bz2) = d44b26ca3224160bcb4fc712eb6c6d09fcfee196197d46481e95333494eaae1a4851712fba9b922c203e3cd301c481b433ff49ec396428c12ff7db3c628ce9e9
SHA512 (cifs-utils-7.6.tar.bz2) = 000bca9eb0242c8c04dc1110244ad26cd39f11541cc038e36a1b36c2e683fde19d61a59234e0e592bf8d83ebebafb4d46a7e6978c745bba5e3e155e05908dcbc