From 80c65e7eb4610b27259abda72eefdd7f16059c91 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy@redhat.com>
Date: Sat, 30 Apr 2022 20:43:32 +0300
Subject: [PATCH] cifs-utils 6.15

Fixes: rhbz#2080525

- CVE-2022-27239: mount.cifs: fix length check for ip option parsing
- CVE-2022-29869: mount.cifs: fix verbose messages on option parsing

Description

CVE-2022-27239:

In cifs-utils through 6.14, a stack-based buffer overflow when parsing
the mount.cifs ip= command-line argument could lead to local attackers
gaining root privileges.

CVE-2022-29869:

cifs-utils through 6.14, with verbose logging, can cause an
information leak when a file contains = (equal sign) characters but is
not a valid credentials file.

Both issues were originally reported and fixed by Jeffrey Bencteux.

Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
---
 .gitignore      | 1 +
 cifs-utils.spec | 9 ++++++++-
 sources         | 2 +-
 3 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/.gitignore b/.gitignore
index 834871d..7e5fcad 100644
--- a/.gitignore
+++ b/.gitignore
@@ -27,3 +27,4 @@ cifs-utils-4.6.tar.bz2
 /cifs-utils-6.11.tar.bz2
 /cifs-utils-6.13.tar.bz2
 /cifs-utils-6.14.tar.bz2
+/cifs-utils-6.15.tar.bz2
diff --git a/cifs-utils.spec b/cifs-utils.spec
index e7315dc..c12e1d9 100644
--- a/cifs-utils.spec
+++ b/cifs-utils.spec
@@ -2,7 +2,7 @@
 %define pre_release %nil
 
 Name:            cifs-utils
-Version:         6.14
+Version:         6.15
 Release:         1%{pre_release}%{?dist}
 Summary:         Utilities for mounting and managing CIFS mounts
 
@@ -124,6 +124,13 @@ about CIFS mount.
 %{_mandir}/man1/smbinfo.*
 
 %changelog
+* Sat Apr 30 2022 Alexander Bokovoy <abokovoy@redhat.com> - 6.15-1
+- Upstream release 6.15
+- CVE-2022-27239: mount.cifs: fix length check for ip option parsing
+- CVE-2022-29869: mount.cifs: fix verbose messages on option parsing
+- Fixes: rhbz#2080525
+
+
 * Wed Feb 02 2022 Alexander Bokovoy <abokovoy@redhat.com> - 6.14-1
 - Upstream release 6.14
 
diff --git a/sources b/sources
index 6327b3d..030227f 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (cifs-utils-6.14.tar.bz2) = dd875e110988f84ac766900426e1a75c043607de1f24b87e95cd942f2f58561e1133d16466f02863643c8395fc0160df4050636d1ce0db005f2e52a592c7f0ab
+SHA512 (cifs-utils-6.15.tar.bz2) = eedb8066563db584595a8ba7cb7a603e6b763ac2c1261430d605c327fcc5a831acd48b58ea55dd243af778dfdc827ab8c6daf4015764ff550dcffc2182773510