summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--network/smb4k/find_mount_umount.patch366
-rw-r--r--network/smb4k/smb4k.SlackBuild5
-rw-r--r--network/smb4k/smb4k.info6
3 files changed, 373 insertions, 4 deletions
diff --git a/network/smb4k/find_mount_umount.patch b/network/smb4k/find_mount_umount.patch
new file mode 100644
index 0000000000..35151180d7
--- /dev/null
+++ b/network/smb4k/find_mount_umount.patch
@@ -0,0 +1,366 @@
+From 71554140bdaede27b95dbe4c9b5a028a83c83cce Mon Sep 17 00:00:00 2001
+From: Alexander Reinholdt <alexander.reinholdt@kdemail.net>
+Date: Wed, 10 May 2017 10:23:34 +0200
+Subject: Find the mount/umount commands in the helper
+
+Instead of trusting what we get passed in
+CVE-2017-8849
+---
+ core/smb4kglobal.cpp | 65 +++++++++++++++++++++++++++++++++++-
+ core/smb4kglobal.h | 16 ++++++++-
+ core/smb4kmounter_p.cpp | 78 ++++----------------------------------------
+ helpers/CMakeLists.txt | 6 +++-
+ helpers/smb4kmounthelper.cpp | 51 +++++++++++++++++++++++++++--
+ 5 files changed, 139 insertions(+), 77 deletions(-)
+
+diff --git a/core/smb4kglobal.cpp b/core/smb4kglobal.cpp
+index 172016f..818a78a 100644
+--- a/core/smb4kglobal.cpp
++++ b/core/smb4kglobal.cpp
+@@ -2,7 +2,7 @@
+ smb4kglobal - This is the global namespace for Smb4K.
+ -------------------
+ begin : Sa Apr 2 2005
+- copyright : (C) 2005-2014 by Alexander Reinholdt
++ copyright : (C) 2005-2017 by Alexander Reinholdt
+ email : alexander.reinholdt@kdemail.net
+ ***************************************************************************/
+
+@@ -851,3 +851,66 @@ QStringList Smb4KGlobal::whitelistedMountArguments()
+ #endif
+
+
++const QString Smb4KGlobal::findMountExecutable()
++{
++ QString mount;
++ QStringList paths;
++ paths << "/bin";
++ paths << "/sbin";
++ paths << "/usr/bin";
++ paths << "/usr/sbin";
++ paths << "/usr/local/bin";
++ paths << "/usr/local/sbin";
++
++ for (int i = 0; i < paths.size(); ++i)
++ {
++#if defined(Q_OS_LINUX)
++ mount = KGlobal::dirs()->findExe("mount.cifs", paths.at(i));
++#elif defined(Q_OS_FREEBSD) || defined(Q_OS_NETBSD)
++ mount = KGlobal::dirs()->findExe("mount_smbfs", paths.at(i));
++#endif
++
++ if (!mount.isEmpty())
++ {
++ break;
++ }
++ else
++ {
++ continue;
++ }
++ }
++
++ return mount;
++}
++
++
++const QString Smb4KGlobal::findUmountExecutable()
++{
++ // Find the umount program.
++ QString umount;
++ QStringList paths;
++ paths << "/bin";
++ paths << "/sbin";
++ paths << "/usr/bin";
++ paths << "/usr/sbin";
++ paths << "/usr/local/bin";
++ paths << "/usr/local/sbin";
++
++ for ( int i = 0; i < paths.size(); ++i )
++ {
++ umount = KGlobal::dirs()->findExe("umount", paths.at(i));
++
++ if (!umount.isEmpty())
++ {
++ break;
++ }
++ else
++ {
++ continue;
++ }
++ }
++
++ return umount;
++}
++
++
+diff --git a/core/smb4kglobal.h b/core/smb4kglobal.h
+index db1805b..0ef377d 100644
+--- a/core/smb4kglobal.h
++++ b/core/smb4kglobal.h
+@@ -2,7 +2,7 @@
+ smb4kglobal - This is the global namespace for Smb4K.
+ -------------------
+ begin : Sa Apr 2 2005
+- copyright : (C) 2005-2014 by Alexander Reinholdt
++ copyright : (C) 2005-2017 by Alexander Reinholdt
+ email : alexander.reinholdt@kdemail.net
+ ***************************************************************************/
+
+@@ -455,6 +455,20 @@ namespace Smb4KGlobal
+ */
+ KDE_EXPORT QStringList whitelistedMountArguments();
+ #endif
++
++ /**
++ * Find the mount executable on the system.
++ *
++ * @returns the path of the mount executable.
++ */
++ KDE_EXPORT const QString findMountExecutable();
++
++ /**
++ * Find the umount executable on the system.
++ *
++ * @returns the path of the umount executable.
++ */
++ KDE_EXPORT const QString findUmountExecutable();
+ };
+
+ #endif
+diff --git a/core/smb4kmounter_p.cpp b/core/smb4kmounter_p.cpp
+index 63a87ed..342052a 100644
+--- a/core/smb4kmounter_p.cpp
++++ b/core/smb4kmounter_p.cpp
+@@ -207,30 +207,7 @@ bool Smb4KMountJob::createMountAction(Smb4KShare *share, Action *action)
+ //
+ bool Smb4KMountJob::fillArgs(Smb4KShare *share, QMap<QString, QVariant>& map)
+ {
+- // Find the mount program.
+- QString mount;
+- QStringList paths;
+- paths << "/bin";
+- paths << "/sbin";
+- paths << "/usr/bin";
+- paths << "/usr/sbin";
+- paths << "/usr/local/bin";
+- paths << "/usr/local/sbin";
+-
+- for (int i = 0; i < paths.size(); ++i)
+- {
+- mount = KGlobal::dirs()->findExe("mount.cifs", paths.at(i));
+-
+- if (!mount.isEmpty())
+- {
+- map.insert("mh_command", mount);
+- break;
+- }
+- else
+- {
+- continue;
+- }
+- }
++ const QString mount = findMountExecutable();
+
+ if (mount.isEmpty())
+ {
+@@ -242,6 +219,8 @@ bool Smb4KMountJob::fillArgs(Smb4KShare *share, QMap<QString, QVariant>& map)
+ // Do nothing
+ }
+
++ map.insert("mh_command", mount);
++
+ // Mount arguments.
+ QMap<QString, QString> global_options = globalSambaOptions();
+ Smb4KCustomOptions *options = Smb4KCustomOptionsManager::self()->findOptions(share);
+@@ -729,30 +708,7 @@ bool Smb4KMountJob::fillArgs(Smb4KShare *share, QMap<QString, QVariant>& map)
+ //
+ bool Smb4KMountJob::fillArgs(Smb4KShare *share, QMap<QString, QVariant>& map)
+ {
+- // Find the mount program.
+- QString mount;
+- QStringList paths;
+- paths << "/bin";
+- paths << "/sbin";
+- paths << "/usr/bin";
+- paths << "/usr/sbin";
+- paths << "/usr/local/bin";
+- paths << "/usr/local/sbin";
+-
+- for (int i = 0; i < paths.size(); ++i)
+- {
+- mount = KGlobal::dirs()->findExe("mount_smbfs", paths.at(i));
+-
+- if (!mount.isEmpty())
+- {
+- map.insert("mh_command", mount);
+- break;
+- }
+- else
+- {
+- continue;
+- }
+- }
++ const QString mount = findMountExecutable();
+
+ if (mount.isEmpty())
+ {
+@@ -764,6 +720,8 @@ bool Smb4KMountJob::fillArgs(Smb4KShare *share, QMap<QString, QVariant>& map)
+ // Do nothing
+ }
+
++ map.insert("mh_command", mount);
++
+ // Mount arguments.
+ QMap<QString, QString> global_options = globalSambaOptions();
+ Smb4KCustomOptions *options = Smb4KCustomOptionsManager::self()->findOptions(share);
+@@ -1253,29 +1211,7 @@ bool Smb4KUnmountJob::createUnmountAction(Smb4KShare *share, Action *action)
+ // Do nothing
+ }
+
+- // Find the umount program.
+- QString umount;
+- QStringList paths;
+- paths << "/bin";
+- paths << "/sbin";
+- paths << "/usr/bin";
+- paths << "/usr/sbin";
+- paths << "/usr/local/bin";
+- paths << "/usr/local/sbin";
+-
+- for ( int i = 0; i < paths.size(); ++i )
+- {
+- umount = KGlobal::dirs()->findExe("umount", paths.at(i));
+-
+- if (!umount.isEmpty())
+- {
+- break;
+- }
+- else
+- {
+- continue;
+- }
+- }
++ const QString umount = findUmountExecutable();
+
+ if (umount.isEmpty() && !m_silent)
+ {
+diff --git a/helpers/CMakeLists.txt b/helpers/CMakeLists.txt
+index e9e670b..cd4228d 100644
+--- a/helpers/CMakeLists.txt
++++ b/helpers/CMakeLists.txt
+@@ -1,7 +1,11 @@
++include_directories(
++ ${CMAKE_SOURCE_DIR}/core
++ ${CMAKE_BINARY_DIR}/core )
++
+ set( smb4kmounthelper_SRCS smb4kmounthelper.cpp )
+
+ kde4_add_executable( mounthelper ${smb4kmounthelper_SRCS} )
+-target_link_libraries( mounthelper ${KDE4_KDECORE_LIBS} ${KDE4_KIO_LIBS} )
++target_link_libraries( mounthelper smb4kcore ${KDE4_KDECORE_LIBS} ${KDE4_KIO_LIBS} )
+ install( TARGETS mounthelper DESTINATION ${LIBEXEC_INSTALL_DIR} )
+
+ kde4_install_auth_helper_files( mounthelper net.sourceforge.smb4k.mounthelper root )
+diff --git a/helpers/smb4kmounthelper.cpp b/helpers/smb4kmounthelper.cpp
+index a2f2fed..7959020 100644
+--- a/helpers/smb4kmounthelper.cpp
++++ b/helpers/smb4kmounthelper.cpp
+@@ -29,6 +29,7 @@
+
+ // application specific includes
+ #include "smb4kmounthelper.h"
++#include "core/smb4kglobal.h"
+
+ // Qt includes
+ #include <QProcessEnvironment>
+@@ -43,12 +44,35 @@
+ #include <kmountpoint.h>
+ #include <kurl.h>
+
++using namespace Smb4KGlobal;
++
+ KDE4_AUTH_HELPER_MAIN( "net.sourceforge.smb4k.mounthelper", Smb4KMountHelper )
+
+
+ ActionReply Smb4KMountHelper::mount(const QVariantMap &args)
+ {
+ ActionReply reply;
++
++ //
++ // Get the mount executable
++ //
++ const QString mount = findMountExecutable();
++
++ //
++ // Check the executable
++ //
++ if (mount != args["mh_command"].toString())
++ {
++ // Something weird is going on, bail out.
++ reply.setErrorCode(ActionReply::HelperError);
++ reply.setErrorDescription(i18n("Wrong executable passed. Bailing out."));
++ return reply;
++ }
++ else
++ {
++ // Do nothing
++ }
++
+ // The mountpoint is a unique and can be used to
+ // find the share.
+ reply.addData("mh_mountpoint", args["mh_mountpoint"]);
+@@ -75,12 +99,12 @@ ActionReply Smb4KMountHelper::mount(const QVariantMap &args)
+ // Set the mount command here.
+ QStringList command;
+ #if defined(Q_OS_LINUX)
+- command << args["mh_command"].toString();
++ command << mount;
+ command << args["mh_unc"].toString();
+ command << args["mh_mountpoint"].toString();
+ command << args["mh_options"].toStringList();
+ #elif defined(Q_OS_FREEBSD) || defined(Q_OS_NETBSD)
+- command << args["mh_command"].toString();
++ command << mount;
+ command << args["mh_options"].toStringList();
+ command << args["mh_unc"].toString();
+ command << args["mh_mountpoint"].toString();
+@@ -161,6 +185,27 @@ ActionReply Smb4KMountHelper::mount(const QVariantMap &args)
+ ActionReply Smb4KMountHelper::unmount(const QVariantMap &args)
+ {
+ ActionReply reply;
++
++ //
++ // Get the umount executable
++ //
++ const QString umount = findUmountExecutable();
++
++ //
++ // Check the executable
++ //
++ if (umount != args["mh_command"].toString())
++ {
++ // Something weird is going on, bail out.
++ reply.setErrorCode(ActionReply::HelperError);
++ reply.setErrorDescription(i18n("Wrong executable passed. Bailing out."));
++ return reply;
++ }
++ else
++ {
++ // Do nothing
++ }
++
+ // The mountpoint is a unique and can be used to
+ // find the share.
+ reply.addData("mh_mountpoint", args["mh_mountpoint"]);
+@@ -208,7 +253,7 @@ ActionReply Smb4KMountHelper::unmount(const QVariantMap &args)
+
+ // Set the umount command here.
+ QStringList command;
+- command << args["mh_command"].toString();
++ command << umount;
+ command << args["mh_options"].toStringList();
+ command << args["mh_mountpoint"].toString();
+
+--
+cgit v0.11.2
+
diff --git a/network/smb4k/smb4k.SlackBuild b/network/smb4k/smb4k.SlackBuild
index c5ead96bf9..03be76ba73 100644
--- a/network/smb4k/smb4k.SlackBuild
+++ b/network/smb4k/smb4k.SlackBuild
@@ -24,7 +24,7 @@
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
PRGNAM=smb4k
-VERSION=${VERSION:-1.2.1}
+VERSION=${VERSION:-1.2.3}
BUILD=${BUILD:-1}
TAG=${TAG:-_SBo}
@@ -70,6 +70,9 @@ find -L . \
\( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
-exec chmod 644 {} \;
+# Fix for CVE-2017-8849
+patch -p1 < $CWD/find_mount_umount.patch
+
mkdir build
cd build
cmake \
diff --git a/network/smb4k/smb4k.info b/network/smb4k/smb4k.info
index 08cb66ce0f..4b77a2b7e8 100644
--- a/network/smb4k/smb4k.info
+++ b/network/smb4k/smb4k.info
@@ -1,8 +1,8 @@
PRGNAM="smb4k"
-VERSION="1.2.1"
+VERSION="1.2.3"
HOMEPAGE="http://smb4k.sourceforge.net/"
-DOWNLOAD="http://downloads.sourceforge.net/smb4k/smb4k-1.2.1.tar.xz"
-MD5SUM="19043c4c13a7e552e6d30f26dc750089"
+DOWNLOAD="http://downloads.sourceforge.net/smb4k/smb4k-1.2.3.tar.xz"
+MD5SUM="1f4723a7891e41a5d86397765c6863d4"
DOWNLOAD_x86_64=""
MD5SUM_x86_64=""
REQUIRES=""