[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#862660: marked as done (unblock: smb4k/1.2.1-2)

Your message dated Tue, 16 May 2017 16:44:34 +0000
with message-id <E1dAfaM-0003m8-6K@respighi.debian.org>
and subject line unblock smb4k
has caused the Debian Bug report #862660,
regarding unblock: smb4k/1.2.1-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
862660: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862660
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Dear release team,

I've just uploaded smb4k in order to fix CVE-2017-8849 (#862505). It has 
already built in all the release architectures, you find the corresponding 
debdiff attached to this report.

Happy hacking,

Please unblock package smb4k

unblock smb4k/1.2.1-2

[1]: https://security-tracker.debian.org/tracker/CVE-2017-8849

-- System Information:
Debian Release: 9.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'testing'), (500, 'stable'), (50, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armhf

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

diff -Nru smb4k-1.2.1/debian/changelog smb4k-1.2.1/debian/changelog
--- smb4k-1.2.1/debian/changelog	2016-03-25 16:26:46.000000000 +0100
+++ smb4k-1.2.1/debian/changelog	2017-05-15 12:18:34.000000000 +0200
@@ -1,3 +1,11 @@
+smb4k (1.2.1-2) unstable; urgency=medium
+
+  * Team upload.
+  * Cherry pick "Find the mount/umount commands in the helper"
+    This fixes CVE-2017-8849 (Closes: 862505)
+
+ -- Maximiliano Curia <maxy@debian.org>  Mon, 15 May 2017 12:18:34 +0200
+
 smb4k (1.2.1-1) unstable; urgency=medium
 
   * Team upload.
diff -Nru smb4k-1.2.1/debian/patches/Find-the-mount-umount-commands-in-the-helper.patch smb4k-1.2.1/debian/patches/Find-the-mount-umount-commands-in-the-helper.patch
--- smb4k-1.2.1/debian/patches/Find-the-mount-umount-commands-in-the-helper.patch	1970-01-01 01:00:00.000000000 +0100
+++ smb4k-1.2.1/debian/patches/Find-the-mount-umount-commands-in-the-helper.patch	2017-05-15 12:18:34.000000000 +0200
@@ -0,0 +1,362 @@
+From: Alexander Reinholdt <alexander.reinholdt@kdemail.net>
+Date: Wed, 10 May 2017 10:23:34 +0200
+Subject: Find the mount/umount commands in the helper
+
+Instead of trusting what we get passed in
+CVE-2017-8849
+---
+ core/smb4kglobal.cpp         | 65 +++++++++++++++++++++++++++++++++++-
+ core/smb4kglobal.h           | 16 ++++++++-
+ core/smb4kmounter_p.cpp      | 78 ++++----------------------------------------
+ helpers/CMakeLists.txt       |  6 +++-
+ helpers/smb4kmounthelper.cpp | 51 +++++++++++++++++++++++++++--
+ 5 files changed, 139 insertions(+), 77 deletions(-)
+
+diff --git a/core/smb4kglobal.cpp b/core/smb4kglobal.cpp
+index 172016f..818a78a 100644
+--- a/core/smb4kglobal.cpp
++++ b/core/smb4kglobal.cpp
+@@ -2,7 +2,7 @@
+     smb4kglobal  -  This is the global namespace for Smb4K.
+                              -------------------
+     begin                : Sa Apr 2 2005
+-    copyright            : (C) 2005-2014 by Alexander Reinholdt
++    copyright            : (C) 2005-2017 by Alexander Reinholdt
+     email                : alexander.reinholdt@kdemail.net
+  ***************************************************************************/
+ 
+@@ -851,3 +851,66 @@ QStringList Smb4KGlobal::whitelistedMountArguments()
+ #endif
+ 
+ 
++const QString Smb4KGlobal::findMountExecutable()
++{
++  QString mount;
++  QStringList paths;
++  paths << "/bin";
++  paths << "/sbin";
++  paths << "/usr/bin";
++  paths << "/usr/sbin";
++  paths << "/usr/local/bin";
++  paths << "/usr/local/sbin";
++
++  for (int i = 0; i < paths.size(); ++i)
++  {
++#if defined(Q_OS_LINUX)
++    mount = KGlobal::dirs()->findExe("mount.cifs", paths.at(i));
++#elif defined(Q_OS_FREEBSD) || defined(Q_OS_NETBSD)
++    mount = KGlobal::dirs()->findExe("mount_smbfs", paths.at(i));
++#endif
++
++    if (!mount.isEmpty())
++    {
++      break;
++    }
++    else
++    {
++      continue;
++    }
++  }
++  
++  return mount;
++}
++
++
++const QString Smb4KGlobal::findUmountExecutable()
++{
++  // Find the umount program.
++  QString umount;
++  QStringList paths;
++  paths << "/bin";
++  paths << "/sbin";
++  paths << "/usr/bin";
++  paths << "/usr/sbin";
++  paths << "/usr/local/bin";
++  paths << "/usr/local/sbin";
++
++  for ( int i = 0; i < paths.size(); ++i )
++  {
++    umount = KGlobal::dirs()->findExe("umount", paths.at(i));
++
++    if (!umount.isEmpty())
++    {
++      break;
++    }
++    else
++    {
++      continue;
++    }
++  }
++  
++  return umount;
++}
++
++
+diff --git a/core/smb4kglobal.h b/core/smb4kglobal.h
+index db1805b..0ef377d 100644
+--- a/core/smb4kglobal.h
++++ b/core/smb4kglobal.h
+@@ -2,7 +2,7 @@
+     smb4kglobal  -  This is the global namespace for Smb4K.
+                              -------------------
+     begin                : Sa Apr 2 2005
+-    copyright            : (C) 2005-2014 by Alexander Reinholdt
++    copyright            : (C) 2005-2017 by Alexander Reinholdt
+     email                : alexander.reinholdt@kdemail.net
+  ***************************************************************************/
+ 
+@@ -455,6 +455,20 @@ namespace Smb4KGlobal
+    */
+   KDE_EXPORT QStringList whitelistedMountArguments();
+ #endif
++  
++  /**
++   * Find the mount executable on the system.
++   * 
++   * @returns the path of the mount executable.
++   */
++  KDE_EXPORT const QString findMountExecutable();
++  
++  /**
++   * Find the umount executable on the system.
++   * 
++   * @returns the path of the umount executable.
++   */
++  KDE_EXPORT const QString findUmountExecutable();
+ };
+ 
+ #endif
+diff --git a/core/smb4kmounter_p.cpp b/core/smb4kmounter_p.cpp
+index 63a87ed..342052a 100644
+--- a/core/smb4kmounter_p.cpp
++++ b/core/smb4kmounter_p.cpp
+@@ -207,30 +207,7 @@ bool Smb4KMountJob::createMountAction(Smb4KShare *share, Action *action)
+ //
+ bool Smb4KMountJob::fillArgs(Smb4KShare *share, QMap<QString, QVariant>& map)
+ {
+-  // Find the mount program.
+-  QString mount;
+-  QStringList paths;
+-  paths << "/bin";
+-  paths << "/sbin";
+-  paths << "/usr/bin";
+-  paths << "/usr/sbin";
+-  paths << "/usr/local/bin";
+-  paths << "/usr/local/sbin";
+-
+-  for (int i = 0; i < paths.size(); ++i)
+-  {
+-    mount = KGlobal::dirs()->findExe("mount.cifs", paths.at(i));
+-
+-    if (!mount.isEmpty())
+-    {
+-      map.insert("mh_command", mount);
+-      break;
+-    }
+-    else
+-    {
+-      continue;
+-    }
+-  }
++  const QString mount = findMountExecutable();
+ 
+   if (mount.isEmpty())
+   {
+@@ -242,6 +219,8 @@ bool Smb4KMountJob::fillArgs(Smb4KShare *share, QMap<QString, QVariant>& map)
+     // Do nothing
+   }
+   
++  map.insert("mh_command", mount);
++  
+   // Mount arguments.
+   QMap<QString, QString> global_options = globalSambaOptions();
+   Smb4KCustomOptions *options  = Smb4KCustomOptionsManager::self()->findOptions(share);
+@@ -729,30 +708,7 @@ bool Smb4KMountJob::fillArgs(Smb4KShare *share, QMap<QString, QVariant>& map)
+ //
+ bool Smb4KMountJob::fillArgs(Smb4KShare *share, QMap<QString, QVariant>& map)
+ {
+-  // Find the mount program.
+-  QString mount;
+-  QStringList paths;
+-  paths << "/bin";
+-  paths << "/sbin";
+-  paths << "/usr/bin";
+-  paths << "/usr/sbin";
+-  paths << "/usr/local/bin";
+-  paths << "/usr/local/sbin";
+-
+-  for (int i = 0; i < paths.size(); ++i)
+-  {
+-    mount = KGlobal::dirs()->findExe("mount_smbfs", paths.at(i));
+-
+-    if (!mount.isEmpty())
+-    {
+-      map.insert("mh_command", mount);
+-      break;
+-    }
+-    else
+-    {
+-      continue;
+-    }
+-  }
++  const QString mount = findMountExecutable();
+ 
+   if (mount.isEmpty())
+   {
+@@ -764,6 +720,8 @@ bool Smb4KMountJob::fillArgs(Smb4KShare *share, QMap<QString, QVariant>& map)
+     // Do nothing
+   }
+   
++  map.insert("mh_command", mount);
++  
+   // Mount arguments.
+   QMap<QString, QString> global_options = globalSambaOptions();
+   Smb4KCustomOptions *options  = Smb4KCustomOptionsManager::self()->findOptions(share);
+@@ -1253,29 +1211,7 @@ bool Smb4KUnmountJob::createUnmountAction(Smb4KShare *share, Action *action)
+     // Do nothing
+   }
+   
+-  // Find the umount program.
+-  QString umount;
+-  QStringList paths;
+-  paths << "/bin";
+-  paths << "/sbin";
+-  paths << "/usr/bin";
+-  paths << "/usr/sbin";
+-  paths << "/usr/local/bin";
+-  paths << "/usr/local/sbin";
+-
+-  for ( int i = 0; i < paths.size(); ++i )
+-  {
+-    umount = KGlobal::dirs()->findExe("umount", paths.at(i));
+-
+-    if (!umount.isEmpty())
+-    {
+-      break;
+-    }
+-    else
+-    {
+-      continue;
+-    }
+-  }
++  const QString umount = findUmountExecutable();
+ 
+   if (umount.isEmpty() && !m_silent)
+   {
+diff --git a/helpers/CMakeLists.txt b/helpers/CMakeLists.txt
+index e9e670b..cd4228d 100644
+--- a/helpers/CMakeLists.txt
++++ b/helpers/CMakeLists.txt
+@@ -1,7 +1,11 @@
++include_directories(
++  ${CMAKE_SOURCE_DIR}/core
++  ${CMAKE_BINARY_DIR}/core )
++
+ set( smb4kmounthelper_SRCS smb4kmounthelper.cpp )
+ 
+ kde4_add_executable( mounthelper ${smb4kmounthelper_SRCS} )
+-target_link_libraries( mounthelper ${KDE4_KDECORE_LIBS} ${KDE4_KIO_LIBS} )
++target_link_libraries( mounthelper smb4kcore ${KDE4_KDECORE_LIBS} ${KDE4_KIO_LIBS} )
+ install( TARGETS mounthelper DESTINATION ${LIBEXEC_INSTALL_DIR} )
+ 
+ kde4_install_auth_helper_files( mounthelper net.sourceforge.smb4k.mounthelper root )
+diff --git a/helpers/smb4kmounthelper.cpp b/helpers/smb4kmounthelper.cpp
+index a2f2fed..7959020 100644
+--- a/helpers/smb4kmounthelper.cpp
++++ b/helpers/smb4kmounthelper.cpp
+@@ -29,6 +29,7 @@
+ 
+ // application specific includes
+ #include "smb4kmounthelper.h"
++#include "core/smb4kglobal.h"
+ 
+ // Qt includes
+ #include <QProcessEnvironment>
+@@ -43,12 +44,35 @@
+ #include <kmountpoint.h>
+ #include <kurl.h>
+ 
++using namespace Smb4KGlobal;
++
+ KDE4_AUTH_HELPER_MAIN( "net.sourceforge.smb4k.mounthelper", Smb4KMountHelper )
+ 
+ 
+ ActionReply Smb4KMountHelper::mount(const QVariantMap &args)
+ {
+   ActionReply reply;
++  
++  //
++  // Get the mount executable
++  //
++  const QString mount = findMountExecutable();
++  
++  //
++  // Check the executable
++  //
++  if (mount != args["mh_command"].toString())
++  {
++    // Something weird is going on, bail out.
++    reply.setErrorCode(ActionReply::HelperError);
++    reply.setErrorDescription(i18n("Wrong executable passed. Bailing out."));
++    return reply;
++  }
++  else
++  {
++    // Do nothing
++  }
++  
+   // The mountpoint is a unique and can be used to
+   // find the share.
+   reply.addData("mh_mountpoint", args["mh_mountpoint"]);
+@@ -75,12 +99,12 @@ ActionReply Smb4KMountHelper::mount(const QVariantMap &args)
+   // Set the mount command here.
+   QStringList command;
+ #if defined(Q_OS_LINUX)
+-  command << args["mh_command"].toString();
++  command << mount;
+   command << args["mh_unc"].toString();
+   command << args["mh_mountpoint"].toString();
+   command << args["mh_options"].toStringList();
+ #elif defined(Q_OS_FREEBSD) || defined(Q_OS_NETBSD)
+-  command << args["mh_command"].toString();
++  command << mount;
+   command << args["mh_options"].toStringList();
+   command << args["mh_unc"].toString();
+   command << args["mh_mountpoint"].toString();
+@@ -161,6 +185,27 @@ ActionReply Smb4KMountHelper::mount(const QVariantMap &args)
+ ActionReply Smb4KMountHelper::unmount(const QVariantMap &args)
+ {
+   ActionReply reply;
++  
++  //
++  // Get the umount executable
++  //
++  const QString umount = findUmountExecutable();
++  
++  //
++  // Check the executable
++  //
++  if (umount != args["mh_command"].toString())
++  {
++    // Something weird is going on, bail out.
++    reply.setErrorCode(ActionReply::HelperError);
++    reply.setErrorDescription(i18n("Wrong executable passed. Bailing out."));
++    return reply;
++  }
++  else
++  {
++    // Do nothing
++  }
++  
+   // The mountpoint is a unique and can be used to
+   // find the share.
+   reply.addData("mh_mountpoint", args["mh_mountpoint"]);
+@@ -208,7 +253,7 @@ ActionReply Smb4KMountHelper::unmount(const QVariantMap &args)
+   
+   // Set the umount command here.
+   QStringList command;
+-  command << args["mh_command"].toString();
++  command << umount;
+   command << args["mh_options"].toStringList();
+   command << args["mh_mountpoint"].toString();
+ 
diff -Nru smb4k-1.2.1/debian/patches/series smb4k-1.2.1/debian/patches/series
--- smb4k-1.2.1/debian/patches/series	1970-01-01 01:00:00.000000000 +0100
+++ smb4k-1.2.1/debian/patches/series	2017-05-15 12:18:34.000000000 +0200
@@ -0,0 +1 @@
+Find-the-mount-umount-commands-in-the-helper.patch

--- End Message ---
--- Begin Message --- 
Unblocked smb4k.

--- End Message ---
Reply to: