CVE2020-14342 cifs-utils: shell command injection in mount.cifs

- update to v6.11
 - fix spec file incompatibilities
 - include smb2-quota and mount.smb3
 - update Python to Python 3

Resolves: rhbz#1876400

.gitignore

@@ -24,3 +24,4 @@ cifs-utils-4.6.tar.bz2
 /cifs-utils-6.7.tar.bz2
 /cifs-utils-6.8.tar.bz2
 /cifs-utils-6.9.tar.bz2
+/cifs-utils-6.11.tar.bz2

cifs-utils-destdir.patch

@@ -0,0 +1,19 @@
+diff -up cifs-utils-6.11/Makefile.am.orig cifs-utils-6.11/Makefile.am
+--- cifs-utils-6.11/Makefile.am.orig	2020-11-02 10:12:50.076702518 +0200
++++ cifs-utils-6.11/Makefile.am	2020-11-02 10:13:41.966420633 +0200
+@@ -119,11 +119,11 @@ endif
+ SUBDIRS = contrib
+ 
+ install-exec-hook:
+-	(cd $(ROOTSBINDIR) && ln -sf mount.cifs mount.smb3)
++	(cd $(DESTDIR)$(ROOTSBINDIR) && ln -sf mount.cifs mount.smb3)
+ 
+ install-data-hook:
+-	(cd $(man8dir) && ln -sf mount.cifs.8 mount.smb3.8)
++	(cd $(DESTDIR)$(man8dir) && ln -sf mount.cifs.8 mount.smb3.8)
+ 
+ uninstall-hook:
+-	(cd $(ROOTSBINDIR) && rm -f $(ROOTSBINDIR)/mount.smb3)
+-	(cd $(man8dir) && rm -f $(man8dir)/mount.smb3.8)
++	(cd $(DESTDIR)$(ROOTSBINDIR) && rm -f $(DESTDIR)$(ROOTSBINDIR)/mount.smb3)
++	(cd $(DESTDIR)$(man8dir) && rm -f $(DESTDIR)$(man8dir)/mount.smb3.8)

cifs-utils.spec

@@ -2,8 +2,8 @@
 %define pre_release %nil
 
 Name:            cifs-utils
-Version:         6.9
-Release:         4%{pre_release}%{?dist}
+Version:         6.11
+Release:         1%{pre_release}%{?dist}
 Summary:         Utilities for mounting and managing CIFS mounts
 
 License:         GPLv3
@@ -18,6 +18,7 @@ Requires(post):  /usr/sbin/alternatives
 Requires(preun): /usr/sbin/alternatives
 
 Source0:         https://download.samba.org/pub/linux-cifs/cifs-utils/%{name}-%{version}.tar.bz2
+Patch0:          cifs-utils-destdir.patch
 
 %description
 The SMB/CIFS protocol is a standard file sharing protocol widely deployed
@@ -50,9 +51,10 @@ provide these credentials to the kernel automatically at login.
 
 %prep
 %setup -q -n %{name}-%{version}%{pre_release}
-
+%patch0 -p1
 
 %build
+fgrep -r -l '/usr/bin/env python' | xargs -n1 sed -i 's@/usr/bin/env python.*@%python3@g'
 autoreconf -i
 %configure --prefix=/usr ROOTSBINDIR=%{_sbindir}
 make %{?_smp_mflags}
@@ -71,19 +73,23 @@ install -m 644 contrib/request-key.d/cifs.spnego.conf %{buildroot}%{_sysconfdir}
 %{_bindir}/setcifsacl
 %{_bindir}/cifscreds
 %{_bindir}/smbinfo
+%{_bindir}/smb2-quota
 %{_sbindir}/mount.cifs
+%{_sbindir}/mount.smb3
 %{_sbindir}/cifs.upcall
 %{_sbindir}/cifs.idmap
 %dir %{_libdir}/%{name}
 %{_libdir}/%{name}/idmapwb.so
-%{_mandir}/man1/getcifsacl.1.gz
-%{_mandir}/man1/setcifsacl.1.gz
-%{_mandir}/man1/cifscreds.1.gz
-%{_mandir}/man1/smbinfo.1.gz
-%{_mandir}/man8/cifs.upcall.8.gz
-%{_mandir}/man8/cifs.idmap.8.gz
-%{_mandir}/man8/mount.cifs.8.gz
-%{_mandir}/man8/idmapwb.8.gz
+%{_mandir}/man1/getcifsacl.*
+%{_mandir}/man1/setcifsacl.*
+%{_mandir}/man1/cifscreds.*
+%{_mandir}/man1/smbinfo.*
+%{_mandir}/man1/smb2-quota.*
+%{_mandir}/man8/cifs.upcall.*
+%{_mandir}/man8/cifs.idmap.*
+%{_mandir}/man8/mount.cifs.*
+%{_mandir}/man8/mount.smb3.*
+%{_mandir}/man8/idmapwb.*
 %dir %{_sysconfdir}/cifs-utils
 %ghost %{_sysconfdir}/cifs-utils/idmap-plugin
 %config(noreplace) %{_sysconfdir}/request-key.d/cifs.idmap.conf
@@ -105,6 +111,10 @@ fi
 %{_mandir}/man8/pam_cifscreds.8.gz
 
 %changelog
+* Mon Nov 02 2020 Alexander Bokovoy <abokovoy@redhat.com> - 6.11-1
+- Update to v6.11 release
+- Resolves: rhbz#1876400 - CVE-2020-14342 - cifs-utils: shell command injection
+
 * Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 6.9-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 

sources

@@ -1 +1 @@
-SHA512 (cifs-utils-6.9.tar.bz2) = b92e4e39eeed1032bb175659296cde034703fb3ca63aae00419d46a33dadf821fedaf03734128112c164c84bcbb48d92d03cdc275c4a7cba26f984aeca40a40a
+SHA512 (cifs-utils-6.11.tar.bz2) = 064c0ac75572fb44908390508462e4fdfe0686751149fd8b656a209dd961a5a24a7d9774c38c0e72fa5f9875b43aea7bf2de038c4e4a63a11664e71d9003100e