[Bug 1711134] Re: Sync cifs-utils 2:6.7-1 (main) from Debian unstable (main)

ChristianEhrhardt 1711134 at bugs.launchpad.net
Wed Aug 16 15:37:53 UTC 2017 

This bug was fixed in the package cifs-utils - 2:6.7-1

---------------
cifs-utils (2:6.7-1) unstable; urgency=medium

  * New upstream release
   - a6662ed: cifs.upcall: switch group IDs when handling an upcall
   - 109c189: cifs.upcall: drop capabilities early in program
   - ed97e4e: cifs.upcall: allow scraping of KRB5CCNAME out of initiating
     task's /proc/<pid>/environ file (Closes: #854607)
   - ec387af4: cifs.upcall: trim even more capabilities
   - 2dcecd2: cifs.upcall: unset $KRB5CCNAME when creating new credcache from
     keytab
   - 9eaa21e: cifs.upcall: don't do env scraping when uid is 0
   - 69949ba: cifs.upcall: use a MEMORY: ccache when instantiating from a keytab
   - and more commits...

 -- Mathieu Parent <sathieu at debian.org>  Wed, 08 Mar 2017 22:21:54 +0100

** Changed in: cifs-utils (Ubuntu)
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to cifs-utils in Ubuntu.
https://bugs.launchpad.net/bugs/1711134

Title:
  Sync cifs-utils 2:6.7-1 (main) from Debian unstable (main)

Status in cifs-utils package in Ubuntu:
  Fix Released

Bug description:
  Please sync cifs-utils 2:6.7-1 (main) from Debian unstable (main)

  Explanation of the Ubuntu delta and why it can be dropped:
    * Merge from Debian unstable (LP: #1660372).  Remaining changes:
      - debian/patches/stat_systemd-ask-password.patch: also check for
        /bin/systemd-ask-password before trying to use systemd's tools.

  TL;DR the patch in our delta is to prevent a harmless error message from
  popen() leaking through to the console in the case systemd-ask-password binary
  does not exist in /bin, in which case the code falls back to using getpass():

  ubuntu at 61-b1:~$ mount /ds216/downloads
  sh: 1: systemd-ask-password: not found
  Password for andreas@//ds216.lowtech/downloads: <type pass>
  ubuntu at 61-b1:~$

  It just doesn't seem worth carrying a delta for that. It's best to file
  an upstream bug to have it properly fixed, which I did:

  https://bugzilla.samba.org/show_bug.cgi?id=12971


  Longer story:

  When that patch was added by Ubuntu, the upstream code was like this:
  """
      is_systemd_running = (lstat("/sys/fs/cgroup", &a) == 0)
          && (lstat("/sys/fs/cgroup/systemd", &b) == 0)
          && (a.st_dev != b.st_dev);

      if (is_systemd_running) {
  (...)
          if (asprintf(&cmd, "/bin/systemd-ask-password \"%s\"", prompt) >= 0) {
              ask_pass_fp = popen (cmd, "re");
              free (cmd);
          }
  """

  If popen() can't find the binary, the code falls back to getpass(), but popen
  prints an "ugly" error message before:

  ubuntu at 61-b1:~$ mount /ds216/downloads
  sh: 1: systemd-ask-password: not found
  Password for andreas@//ds216.lowtech/downloads: <--- no "***" echoed: getpass() was used
  ubuntu at 61-b1:~$

  The ubuntu patch had the effect of not even trying to popen the missing binary,
  thus avoiding the error message.

  Upstream later changed the code slightly (see bug
  https://bugzilla.samba.org/show_bug.cgi?id=10054):
  """
      is_systemd_running = (lstat("/sys/fs/cgroup", &a) == 0)
          && (lstat("/sys/fs/cgroup/systemd", &b) == 0)
          && (a.st_dev != b.st_dev);
  (...)
          if (asprintf(&cmd, "systemd-ask-password \"%s\"", prompt) >= 0) {
              ask_pass_fp = popen (cmd, "re");
              free (cmd);
          }
  """

  That now searches for systemd-ask-password in $PATH. If it's not found, then
  the error message is still printed, and getpass() is again used as a fallback.

  The Ubuntu patch is still useful, but not complete now: it should search for
  the binary in $PATH to match what popen does.

  Perhaps the easiest solution is to just hide the popen error, since
  it's handled anyway?

  - if (asprintf(&cmd, "systemd-ask-password \"%s\"", prompt) >= 0) {
  + if (asprintf(&cmd, "systemd-ask-password \"%s\" 2>/dev/null", prompt) >= 0) {

  I filed an upstream bug with that suggestion:
  https://bugzilla.samba.org/show_bug.cgi?id=12971

  
  Changelog entries since current artful version 2:6.6-5ubuntu1:

  cifs-utils (2:6.7-1) unstable; urgency=medium

    * New upstream release
     - a6662ed: cifs.upcall: switch group IDs when handling an upcall
     - 109c189: cifs.upcall: drop capabilities early in program
     - ed97e4e: cifs.upcall: allow scraping of KRB5CCNAME out of initiating
       task's /proc/<pid>/environ file (Closes: #854607)
     - ec387af4: cifs.upcall: trim even more capabilities
     - 2dcecd2: cifs.upcall: unset $KRB5CCNAME when creating new credcache from
       keytab
     - 9eaa21e: cifs.upcall: don't do env scraping when uid is 0
     - 69949ba: cifs.upcall: use a MEMORY: ccache when instantiating from a keytab
     - and more commits...

   -- Mathieu Parent <sathieu at debian.org>  Wed, 08 Mar 2017 22:21:54
  +0100

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cifs-utils/+bug/1711134/+subscriptions

More information about the foundations-bugs mailing list